./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3400117956 <...> Warning: Permanently added '10.128.1.161' (ED25519) to the list of known hosts. execve("./syz-executor3400117956", ["./syz-executor3400117956"], 0x7fff3f683540 /* 10 vars */) = 0 brk(NULL) = 0x555555980000 brk(0x555555980d40) = 0x555555980d40 arch_prctl(ARCH_SET_FS, 0x5555559803c0) = 0 set_tid_address(0x555555980690) = 5024 set_robust_list(0x5555559806a0, 24) = 0 rseq(0x555555980ce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3400117956", 4096) = 28 getrandom("\xef\xad\xe5\x7d\xd1\xf5\x69\x70", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555555980d40 brk(0x5555559a1d40) = 0x5555559a1d40 brk(0x5555559a2000) = 0x5555559a2000 mprotect(0x7f417714e000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5025 attached , child_tidptr=0x555555980690) = 5025 [pid 5024] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5025] set_robust_list(0x5555559806a0, 24./strace-static-x86_64: Process 5026 attached [pid 5024] <... clone resumed>, child_tidptr=0x555555980690) = 5026 [pid 5026] set_robust_list(0x5555559806a0, 24 [pid 5025] <... set_robust_list resumed>) = 0 [pid 5026] <... set_robust_list resumed>) = 0 [pid 5024] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5026] mkdir("./syzkaller.ZbZat9", 0700 [pid 5025] mkdir("./syzkaller.exFjw8", 0700 [pid 5024] <... clone resumed>, child_tidptr=0x555555980690) = 5027 [pid 5024] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5026] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 5028 attached [pid 5024] <... clone resumed>, child_tidptr=0x555555980690) = 5028 [pid 5028] set_robust_list(0x5555559806a0, 24 [pid 5024] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5028] <... set_robust_list resumed>) = 0 [pid 5025] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 5027 attached [pid 5028] mkdir("./syzkaller.nlMCun", 0700 [pid 5027] set_robust_list(0x5555559806a0, 24 [pid 5026] chmod("./syzkaller.ZbZat9", 0777 [pid 5025] chmod("./syzkaller.exFjw8", 0777./strace-static-x86_64: Process 5029 attached [pid 5027] <... set_robust_list resumed>) = 0 [pid 5024] <... clone resumed>, child_tidptr=0x555555980690) = 5029 [pid 5029] set_robust_list(0x5555559806a0, 24 [pid 5024] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5029] <... set_robust_list resumed>) = 0 [pid 5027] mkdir("./syzkaller.zyQqTG", 0700 [pid 5026] <... chmod resumed>) = 0 [pid 5025] <... chmod resumed>) = 0 ./strace-static-x86_64: Process 5030 attached [pid 5029] mkdir("./syzkaller.hL7thE", 0700 [pid 5027] <... mkdir resumed>) = 0 [pid 5030] set_robust_list(0x5555559806a0, 24 [pid 5025] chdir("./syzkaller.exFjw8" [pid 5026] chdir("./syzkaller.ZbZat9" [pid 5028] <... mkdir resumed>) = 0 [pid 5026] <... chdir resumed>) = 0 [pid 5028] chmod("./syzkaller.nlMCun", 0777 [pid 5030] <... set_robust_list resumed>) = 0 [pid 5025] <... chdir resumed>) = 0 [pid 5024] <... clone resumed>, child_tidptr=0x555555980690) = 5030 [pid 5030] getrandom( [pid 5029] <... mkdir resumed>) = 0 [pid 5026] mkdir("./0", 0777 [pid 5025] mkdir("./0", 0777 [pid 5029] chmod("./syzkaller.hL7thE", 0777 [pid 5028] <... chmod resumed>) = 0 [pid 5029] <... chmod resumed>) = 0 [pid 5029] chdir("./syzkaller.hL7thE") = 0 [pid 5029] mkdir("./0", 0777 [pid 5025] <... mkdir resumed>) = 0 [pid 5028] chdir("./syzkaller.nlMCun" [pid 5027] chmod("./syzkaller.zyQqTG", 0777 [pid 5030] <... getrandom resumed>"\x54\xe2\xb9\x11\x6f\x13\x97\x8a", 8, GRND_NONBLOCK) = 8 [pid 5026] <... mkdir resumed>) = 0 [pid 5028] <... chdir resumed>) = 0 [pid 5029] <... mkdir resumed>) = 0 [pid 5029] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5027] <... chmod resumed>) = 0 [pid 5030] mkdir("./syzkaller.WK76R7", 0700 [pid 5029] <... openat resumed>) = 3 [pid 5028] mkdir("./0", 0777 [pid 5029] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5029] close(3 [pid 5028] <... mkdir resumed>) = 0 [pid 5030] <... mkdir resumed>) = 0 [pid 5029] <... close resumed>) = 0 [pid 5028] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5027] chdir("./syzkaller.zyQqTG" [pid 5026] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5025] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5027] <... chdir resumed>) = 0 [pid 5026] <... openat resumed>) = 3 [pid 5025] <... openat resumed>) = 3 [pid 5029] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5028] <... openat resumed>) = 3 [pid 5027] mkdir("./0", 0777 [pid 5026] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 5031 attached [pid 5027] <... mkdir resumed>) = 0 [pid 5026] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5025] ioctl(3, LOOP_CLR_FD [pid 5031] set_robust_list(0x5555559806a0, 24 [pid 5030] chmod("./syzkaller.WK76R7", 0777 [pid 5028] ioctl(3, LOOP_CLR_FD [pid 5031] <... set_robust_list resumed>) = 0 [pid 5031] chdir("./0" [pid 5030] <... chmod resumed>) = 0 [pid 5028] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5025] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5031] <... chdir resumed>) = 0 [pid 5031] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5030] chdir("./syzkaller.WK76R7" [pid 5028] close(3 [pid 5026] close(3 [pid 5025] close(3 [pid 5031] <... prctl resumed>) = 0 [pid 5030] <... chdir resumed>) = 0 [pid 5026] <... close resumed>) = 0 [pid 5031] setpgid(0, 0 [pid 5030] mkdir("./0", 0777 [pid 5028] <... close resumed>) = 0 [pid 5026] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5025] <... close resumed>) = 0 [pid 5031] <... setpgid resumed>) = 0 [pid 5030] <... mkdir resumed>) = 0 [pid 5029] <... clone resumed>, child_tidptr=0x555555980690) = 5031 [pid 5028] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5027] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5025] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5032 attached [pid 5031] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 5033 attached [pid 5032] set_robust_list(0x5555559806a0, 24 [pid 5031] <... openat resumed>) = 3 [pid 5027] <... openat resumed>) = 3 [pid 5032] <... set_robust_list resumed>) = 0 [pid 5031] write(3, "1000", 4 [pid 5033] set_robust_list(0x5555559806a0, 24) = 0 [pid 5032] chdir("./0" [pid 5031] <... write resumed>) = 4 [pid 5027] ioctl(3, LOOP_CLR_FD [pid 5026] <... clone resumed>, child_tidptr=0x555555980690) = 5032 [pid 5033] chdir("./0" [pid 5032] <... chdir resumed>) = 0 [pid 5031] close(3 [pid 5030] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5033] <... chdir resumed>) = 0 [pid 5032] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5031] <... close resumed>) = 0 [pid 5030] <... openat resumed>) = 3 [pid 5027] <... ioctl resumed>) = -1 ENXIO (No such device or address) ./strace-static-x86_64: Process 5034 attached [pid 5031] symlink("/dev/binderfs", "./binderfs" [pid 5028] <... clone resumed>, child_tidptr=0x555555980690) = 5033 [pid 5027] close(3 [pid 5025] <... clone resumed>, child_tidptr=0x555555980690) = 5034 [pid 5034] set_robust_list(0x5555559806a0, 24 [pid 5030] ioctl(3, LOOP_CLR_FD [pid 5027] <... close resumed>) = 0 [pid 5033] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5031] <... symlink resumed>) = 0 [pid 5030] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5030] close(3 [pid 5027] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5030] <... close resumed>) = 0 [pid 5030] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5036 attached [pid 5036] set_robust_list(0x5555559806a0, 24) = 0 [pid 5036] chdir("./0" [pid 5027] <... clone resumed>, child_tidptr=0x555555980690) = 5036 [pid 5036] <... chdir resumed>) = 0 [pid 5036] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5034] <... set_robust_list resumed>) = 0 [pid 5033] <... prctl resumed>) = 0 [pid 5032] <... prctl resumed>) = 0 [pid 5031] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5037 attached [pid 5036] <... prctl resumed>) = 0 [pid 5031] <... futex resumed>) = 0 [pid 5030] <... clone resumed>, child_tidptr=0x555555980690) = 5037 [pid 5033] setpgid(0, 0 [pid 5032] setpgid(0, 0 [pid 5031] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, [pid 5037] set_robust_list(0x5555559806a0, 24 [pid 5032] <... setpgid resumed>) = 0 [pid 5036] setpgid(0, 0) = 0 [pid 5032] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5031] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5037] <... set_robust_list resumed>) = 0 [pid 5036] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5034] chdir("./0" [pid 5033] <... setpgid resumed>) = 0 [pid 5031] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5037] chdir("./0" [pid 5032] <... openat resumed>) = 3 [pid 5031] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5037] <... chdir resumed>) = 0 [pid 5036] <... openat resumed>) = 3 [pid 5034] <... chdir resumed>) = 0 [pid 5033] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5032] write(3, "1000", 4 [pid 5031] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5037] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5036] write(3, "1000", 4 [pid 5034] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5032] <... write resumed>) = 4 [pid 5031] <... mmap resumed>) = 0x7f4177064000 [pid 5037] <... prctl resumed>) = 0 [pid 5036] <... write resumed>) = 4 [pid 5037] setpgid(0, 0 [pid 5036] close(3 [pid 5033] <... openat resumed>) = 3 [pid 5032] close(3 [pid 5034] <... prctl resumed>) = 0 [pid 5031] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE [pid 5037] <... setpgid resumed>) = 0 [pid 5036] <... close resumed>) = 0 [pid 5034] setpgid(0, 0 [pid 5032] <... close resumed>) = 0 [pid 5031] <... mprotect resumed>) = 0 [pid 5036] symlink("/dev/binderfs", "./binderfs" [pid 5032] symlink("/dev/binderfs", "./binderfs" [pid 5031] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5037] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5036] <... symlink resumed>) = 0 [pid 5034] <... setpgid resumed>) = 0 [pid 5031] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5032] <... symlink resumed>) = 0 [pid 5031] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0} [pid 5034] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 5038 attached [pid 5038] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053 [pid 5034] <... openat resumed>) = 3 [pid 5031] <... clone3 resumed> => {parent_tid=[5038]}, 88) = 5038 [pid 5038] <... rseq resumed>) = 0 [pid 5037] <... openat resumed>) = 3 [pid 5036] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5034] write(3, "1000", 4 [pid 5031] rt_sigprocmask(SIG_SETMASK, [], [pid 5038] set_robust_list(0x7f41770849a0, 24 [pid 5037] write(3, "1000", 4 [pid 5036] <... futex resumed>) = 0 [pid 5034] <... write resumed>) = 4 [pid 5031] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5038] <... set_robust_list resumed>) = 0 [pid 5037] <... write resumed>) = 4 [pid 5036] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, [pid 5034] close(3 [pid 5033] write(3, "1000", 4 [pid 5032] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5031] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5038] rt_sigprocmask(SIG_SETMASK, [], [pid 5037] close(3 [pid 5036] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5034] <... close resumed>) = 0 [pid 5033] <... write resumed>) = 4 [pid 5032] <... futex resumed>) = 0 [pid 5031] <... futex resumed>) = 0 [pid 5038] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5037] <... close resumed>) = 0 [pid 5036] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5032] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, [pid 5031] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5038] memfd_create("syzkaller", 0 [pid 5037] symlink("/dev/binderfs", "./binderfs" [pid 5036] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5034] symlink("/dev/binderfs", "./binderfs" [pid 5033] close(3 [pid 5032] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5037] <... symlink resumed>) = 0 [pid 5036] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4177064000 [pid 5034] <... symlink resumed>) = 0 [pid 5033] <... close resumed>) = 0 [pid 5032] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5037] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5032] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5037] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, [pid 5032] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5033] symlink("/dev/binderfs", "./binderfs" [pid 5032] <... mmap resumed>) = 0x7f4177064000 [pid 5036] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE [pid 5037] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5036] <... mprotect resumed>) = 0 [pid 5033] <... symlink resumed>) = 0 [pid 5032] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE [pid 5037] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5036] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5032] <... mprotect resumed>) = 0 [pid 5032] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5037] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5034] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5033] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5032] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5037] <... mmap resumed>) = 0x7f4177064000 [pid 5034] <... futex resumed>) = 0 [pid 5033] <... futex resumed>) = 0 [pid 5032] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0} [pid 5037] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE [pid 5033] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, ./strace-static-x86_64: Process 5039 attached [pid 5037] <... mprotect resumed>) = 0 [pid 5036] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5033] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5032] <... clone3 resumed> => {parent_tid=[5039]}, 88) = 5039 [pid 5036] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0} [pid 5039] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053 [pid 5037] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5034] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, [pid 5033] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5032] rt_sigprocmask(SIG_SETMASK, [], [pid 5039] <... rseq resumed>) = 0 [pid 5037] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5034] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5033] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5032] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5039] set_robust_list(0x7f41770849a0, 24 [pid 5037] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0} [pid 5034] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5033] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5032] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5040 attached [pid 5039] <... set_robust_list resumed>) = 0 [pid 5036] <... clone3 resumed> => {parent_tid=[5040]}, 88) = 5040 [pid 5034] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5033] <... mmap resumed>) = 0x7f4177064000 [pid 5032] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5041 attached [pid 5040] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053 [pid 5039] rt_sigprocmask(SIG_SETMASK, [], [pid 5037] <... clone3 resumed> => {parent_tid=[5041]}, 88) = 5041 [pid 5036] rt_sigprocmask(SIG_SETMASK, [], [pid 5034] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5033] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE [pid 5032] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5041] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053 [pid 5040] <... rseq resumed>) = 0 [pid 5039] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5038] <... memfd_create resumed>) = 3 [pid 5037] rt_sigprocmask(SIG_SETMASK, [], [pid 5036] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5034] <... mmap resumed>) = 0x7f4177064000 [pid 5033] <... mprotect resumed>) = 0 [pid 5041] <... rseq resumed>) = 0 [pid 5040] set_robust_list(0x7f41770849a0, 24 [pid 5039] memfd_create("syzkaller", 0 [pid 5038] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5037] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5036] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5034] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE [pid 5033] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5041] set_robust_list(0x7f41770849a0, 24 [pid 5040] <... set_robust_list resumed>) = 0 [pid 5039] <... memfd_create resumed>) = 3 [pid 5038] <... mmap resumed>) = 0x7f416ec64000 [pid 5037] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5036] <... futex resumed>) = 0 [pid 5034] <... mprotect resumed>) = 0 [pid 5033] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5041] <... set_robust_list resumed>) = 0 [pid 5040] rt_sigprocmask(SIG_SETMASK, [], [pid 5039] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5037] <... futex resumed>) = 0 [pid 5036] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5033] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0} [pid 5034] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5040] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5039] <... mmap resumed>) = 0x7f416ec64000 [pid 5037] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5041] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 5042 attached [pid 5041] memfd_create("syzkaller", 0 [pid 5040] memfd_create("syzkaller", 0 [pid 5041] <... memfd_create resumed>) = 3 [pid 5041] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f416ec64000 [pid 5034] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5042] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053 [pid 5040] <... memfd_create resumed>) = 3 [pid 5042] <... rseq resumed>) = 0 [pid 5034] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0} [pid 5033] <... clone3 resumed> => {parent_tid=[5042]}, 88) = 5042 [pid 5042] set_robust_list(0x7f41770849a0, 24 [pid 5040] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5042] <... set_robust_list resumed>) = 0 [pid 5040] <... mmap resumed>) = 0x7f416ec64000 [pid 5033] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5043 attached syzkaller login: [ 60.205829][ T5038] syz-executor340[5038]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [pid 5043] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053) = 0 [pid 5042] rt_sigprocmask(SIG_SETMASK, [], [pid 5034] <... clone3 resumed> => {parent_tid=[5043]}, 88) = 5043 [pid 5033] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5042] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5034] rt_sigprocmask(SIG_SETMASK, [], [pid 5033] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5034] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5043] set_robust_list(0x7f41770849a0, 24 [pid 5042] memfd_create("syzkaller", 0 [pid 5034] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5033] <... futex resumed>) = 0 [pid 5034] <... futex resumed>) = 0 [pid 5043] <... set_robust_list resumed>) = 0 [pid 5034] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5033] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5043] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5043] memfd_create("syzkaller", 0) = 3 [pid 5043] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f416ec64000 [pid 5042] <... memfd_create resumed>) = 3 [pid 5042] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f416ec64000 [pid 5040] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5039] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5041] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5038] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5043] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5042] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5041] <... write resumed>) = 16777216 [pid 5041] munmap(0x7f416ec64000, 138412032) = 0 [pid 5041] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 5041] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5041] close(3) = 0 [pid 5041] mkdir("./bus", 0777) = 0 [ 60.974163][ T5041] loop5: detected capacity change from 0 to 32768 [ 61.038542][ T5041] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop5 scanned by syz-executor340 (5041) [pid 5041] mount("/dev/loop5", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5038] <... write resumed>) = 16777216 [ 61.118070][ T5041] BTRFS info (device loop5): using crc32c (crc32c-intel) checksum algorithm [pid 5038] munmap(0x7f416ec64000, 138412032) = 0 [pid 5038] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5039] <... write resumed>) = 16777216 [pid 5038] <... openat resumed>) = 4 [ 61.162115][ T5041] BTRFS info (device loop5): doing ref verification [ 61.168916][ T5041] BTRFS warning (device loop5): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 5038] ioctl(4, LOOP_SET_FD, 3 [pid 5040] <... write resumed>) = 16777216 [pid 5039] munmap(0x7f416ec64000, 138412032 [pid 5038] <... ioctl resumed>) = 0 [pid 5038] close(3 [pid 5040] munmap(0x7f416ec64000, 138412032 [pid 5038] <... close resumed>) = 0 [pid 5038] mkdir("./bus", 0777 [pid 5040] <... munmap resumed>) = 0 [pid 5039] <... munmap resumed>) = 0 [pid 5038] <... mkdir resumed>) = 0 [pid 5038] mount("/dev/loop4", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5040] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 61.222178][ T5041] BTRFS info (device loop5): force zlib compression, level 3 [ 61.230140][ T5041] BTRFS info (device loop5): allowing degraded mounts [ 61.237752][ T5038] loop4: detected capacity change from 0 to 32768 [ 61.261201][ T5041] BTRFS info (device loop5): using free space tree [pid 5040] ioctl(4, LOOP_SET_FD, 3 [pid 5042] <... write resumed>) = 16777216 [pid 5039] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5038] <... mount resumed>) = -1 EEXIST (File exists) [pid 5042] munmap(0x7f416ec64000, 138412032 [pid 5039] <... openat resumed>) = 4 [pid 5039] ioctl(4, LOOP_SET_FD, 3 [pid 5038] ioctl(4, LOOP_CLR_FD [pid 5042] <... munmap resumed>) = 0 [pid 5042] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5042] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5040] <... ioctl resumed>) = 0 [pid 5039] <... ioctl resumed>) = 0 [pid 5043] <... write resumed>) = 16777216 [pid 5042] close(3 [pid 5039] close(3 [pid 5043] munmap(0x7f416ec64000, 138412032 [pid 5042] <... close resumed>) = 0 [pid 5040] close(3 [pid 5039] <... close resumed>) = 0 [pid 5042] mkdir("./bus", 0777 [pid 5040] <... close resumed>) = 0 [pid 5039] mkdir("./bus", 0777 [pid 5042] <... mkdir resumed>) = 0 [pid 5040] mkdir("./bus", 0777 [pid 5039] <... mkdir resumed>) = 0 [pid 5042] mount("/dev/loop3", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5040] <... mkdir resumed>) = 0 [ 61.270484][ T5038] BTRFS warning: duplicate device /dev/loop4 devid 1 generation 8 scanned by syz-executor340 (5038) [ 61.273595][ T5040] loop2: detected capacity change from 0 to 32768 [ 61.296790][ T5039] loop1: detected capacity change from 0 to 32768 [ 61.305156][ T5042] loop3: detected capacity change from 0 to 32768 [pid 5039] mount("/dev/loop1", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5040] mount("/dev/loop2", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5042] <... mount resumed>) = -1 EEXIST (File exists) [ 61.328284][ T5042] BTRFS warning: duplicate device /dev/loop3 devid 1 generation 8 scanned by syz-executor340 (5042) [ 61.348520][ T5040] BTRFS warning: duplicate device /dev/loop2 devid 1 generation 8 scanned by syz-executor340 (5040) [pid 5042] ioctl(4, LOOP_CLR_FD [pid 5043] <... munmap resumed>) = 0 [pid 5040] <... mount resumed>) = -1 EEXIST (File exists) [ 61.384296][ T5039] BTRFS warning: duplicate device /dev/loop1 devid 1 generation 8 scanned by syz-executor340 (5039) [pid 5040] ioctl(4, LOOP_CLR_FD [pid 5043] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5043] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5039] <... mount resumed>) = -1 EEXIST (File exists) [pid 5043] close(3 [pid 5039] ioctl(4, LOOP_CLR_FD [pid 5043] <... close resumed>) = 0 [pid 5043] mkdir("./bus", 0777) = 0 [pid 5043] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5038] <... ioctl resumed>) = 0 [ 61.426480][ T5043] loop0: detected capacity change from 0 to 32768 [pid 5038] close(4) = 0 [pid 5038] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5031] <... futex resumed>) = 0 [pid 5038] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5031] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5038] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5031] <... futex resumed>) = 0 [pid 5038] open("./file0", O_RDONLY [pid 5031] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5038] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 5038] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5031] <... futex resumed>) = 0 [pid 5038] ioctl(-1, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5031] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5038] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5031] <... futex resumed>) = 0 [pid 5038] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5031] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5038] <... futex resumed>) = 0 [pid 5031] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5038] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5031] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5038] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5031] <... futex resumed>) = 0 [pid 5038] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5031] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5038] <... openat resumed>) = 3 [pid 5038] write(3, "15", 2 [pid 5043] <... mount resumed>) = -1 EEXIST (File exists) [pid 5038] <... write resumed>) = 2 [pid 5043] ioctl(4, LOOP_CLR_FD [pid 5038] creat("./bus", 000) = -1 EISDIR (Is a directory) [pid 5038] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5031] <... futex resumed>) = 0 [ 61.488176][ T5043] BTRFS warning: duplicate device /dev/loop0 devid 1 generation 8 scanned by syz-executor340 (5043) [ 61.510066][ T5041] BTRFS info (device loop5): auto enabling async discard [pid 5038] mkdir(".", 0777 [pid 5031] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5038] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5031] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5038] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5041] <... mount resumed>) = 0 [pid 5041] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [ 61.572659][ T5038] FAULT_INJECTION: forcing a failure. [ 61.572659][ T5038] name failslab, interval 1, probability 0, space 0, times 1 [ 61.602215][ T5038] CPU: 1 PID: 5038 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 61.612851][ T5038] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 61.623191][ T5038] Call Trace: [ 61.626468][ T5038] [ 61.629569][ T5038] dump_stack_lvl+0x1e7/0x2d0 [ 61.634271][ T5038] ? nf_tcp_handle_invalid+0x650/0x650 [ 61.639724][ T5038] ? panic+0x770/0x770 [ 61.643801][ T5038] should_fail_ex+0x3aa/0x4e0 [ 61.648658][ T5038] should_failslab+0x9/0x20 [ 61.653176][ T5038] slab_pre_alloc_hook+0x59/0x310 [ 61.658249][ T5038] ? tomoyo_encode+0x26f/0x530 [ 61.663028][ T5038] __kmem_cache_alloc_node+0x4b/0x270 [ 61.668412][ T5038] ? arch_stack_walk+0x162/0x1a0 [ 61.673355][ T5038] ? tomoyo_encode+0x26f/0x530 [ 61.678334][ T5038] __kmalloc+0xa8/0x230 [ 61.682528][ T5038] tomoyo_encode+0x26f/0x530 [ 61.687256][ T5038] tomoyo_mount_permission+0x356/0xb80 [ 61.692855][ T5038] ? __stack_depot_save+0x20/0x650 [ 61.697969][ T5038] ? tomoyo_mount_permission+0x295/0xb80 [ 61.703691][ T5038] ? tomoyo_get_name+0x510/0x510 [ 61.708717][ T5038] security_sb_mount+0x8c/0xc0 [ 61.713518][ T5038] path_mount+0xb9/0xfa0 [ 61.717855][ T5038] ? kmem_cache_free+0x292/0x500 [ 61.722815][ T5038] ? user_path_at_empty+0x4c/0x60 [ 61.727959][ T5038] __se_sys_mount+0x2d9/0x3c0 [ 61.732759][ T5038] ? __x64_sys_mount+0xc0/0xc0 [ 61.737665][ T5038] ? syscall_enter_from_user_mode+0x32/0x230 [ 61.743674][ T5038] ? __x64_sys_mount+0x20/0xc0 [ 61.748482][ T5038] do_syscall_64+0x41/0xc0 [ 61.753011][ T5038] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 61.759134][ T5038] RIP: 0033:0x7f41770c949a [ 61.763757][ T5038] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 61.783478][ T5038] RSP: 002b:00007f4177084028 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 61.791919][ T5038] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f41770c949a [ 61.799997][ T5038] RDX: 0000000020000180 RSI: 0000000020000100 RDI: 0000000000000000 [ 61.808327][ T5038] RBP: 0000000020000180 R08: 00007f41770840c0 R09: 0000000000000000 [pid 5041] chdir("./bus") = 0 [pid 5041] ioctl(4, LOOP_CLR_FD) = 0 [pid 5041] close(4) = 0 [pid 5041] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5041] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5042] <... ioctl resumed>) = 0 [pid 5042] close(4 [pid 5037] <... futex resumed>) = 0 [pid 5042] <... close resumed>) = 0 [pid 5037] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5041] <... futex resumed>) = 0 [pid 5037] <... futex resumed>) = 1 [pid 5042] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [ 61.816444][ T5038] R10: 0000000001a404bc R11: 0000000000000286 R12: 0000000000000000 [ 61.824510][ T5038] R13: 0000000020000100 R14: 0000000000000000 R15: 00007f41770840c0 [ 61.833983][ T5038] [pid 5041] open("./file0", O_RDONLY [pid 5042] <... futex resumed>) = 1 [pid 5041] <... open resumed>) = 4 [pid 5037] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5033] <... futex resumed>) = 0 [pid 5041] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5041] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5042] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5037] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5033] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5042] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5037] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5033] <... futex resumed>) = 0 [pid 5042] open("./file0", O_RDONLY [pid 5041] <... futex resumed>) = 0 [pid 5037] <... futex resumed>) = 1 [pid 5033] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5041] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5042] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 5037] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5042] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5038] <... mount resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 5033] <... futex resumed>) = 0 [pid 5038] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5033] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5042] ioctl(-1, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5038] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5033] <... futex resumed>) = 0 [pid 5031] <... futex resumed>) = 0 [pid 5042] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5033] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5031] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5042] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5033] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5031] <... futex resumed>) = 1 [pid 5042] <... futex resumed>) = 0 [pid 5033] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5031] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5042] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5033] <... futex resumed>) = 0 [pid 5042] <... openat resumed>) = 3 [pid 5038] <... futex resumed>) = 0 [pid 5033] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5038] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0) = -1 EBADF (Bad file descriptor) [pid 5042] write(3, "15", 2 [pid 5038] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5042] <... write resumed>) = 2 [pid 5038] <... futex resumed>) = 1 [pid 5031] <... futex resumed>) = 0 [pid 5042] creat("./bus", 000 [pid 5038] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5031] exit_group(0 [pid 5042] <... creat resumed>) = -1 EISDIR (Is a directory) [pid 5038] <... futex resumed>) = ? [pid 5031] <... exit_group resumed>) = ? [pid 5042] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5038] +++ exited with 0 +++ [pid 5042] <... futex resumed>) = 1 [pid 5033] <... futex resumed>) = 0 [pid 5031] +++ exited with 0 +++ [pid 5042] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5033] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5029] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5031, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=41 /* 0.41 s */} --- [pid 5042] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5033] <... futex resumed>) = 0 [pid 5029] restart_syscall(<... resuming interrupted clone ...> [pid 5033] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5029] <... restart_syscall resumed>) = 0 [pid 5042] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 5042] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5029] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5029] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5029] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5029] getdents64(3, 0x555555981730 /* 4 entries */, 32768) = 104 [pid 5029] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5029] newfstatat(AT_FDCWD, "./0/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5029] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5029] openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5037] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5029] newfstatat(4, "", [pid 5037] futex(0x7f41771546dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5037] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5029] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5037] <... mmap resumed>) = 0x7f4177043000 [pid 5029] getdents64(4, [pid 5037] mprotect(0x7f4177044000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5037] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5037] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177063990, parent_tid=0x7f4177063990, exit_signal=0, stack=0x7f4177043000, stack_size=0x20300, tls=0x7f41770636c0} [pid 5029] <... getdents64 resumed>0x555555989770 /* 2 entries */, 32768) = 48 ./strace-static-x86_64: Process 5062 attached [pid 5062] rseq(0x7f4177063fe0, 0x20, 0, 0x53053053 [pid 5037] <... clone3 resumed> => {parent_tid=[5062]}, 88) = 5062 [pid 5062] <... rseq resumed>) = 0 [pid 5037] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5062] set_robust_list(0x7f41770639a0, 24) = 0 [pid 5037] futex(0x7f41771546d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5029] getdents64(4, [pid 5062] rt_sigprocmask(SIG_SETMASK, [], [pid 5037] <... futex resumed>) = 0 [pid 5029] <... getdents64 resumed>0x555555989770 /* 0 entries */, 32768) = 0 [pid 5062] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5037] futex(0x7f41771546dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5029] close(4 [pid 5062] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5029] <... close resumed>) = 0 [pid 5062] <... openat resumed>) = 5 [pid 5029] rmdir("./0/bus") = 0 [pid 5029] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5029] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5029] unlink("./0/binderfs" [pid 5062] write(5, "15", 2 [pid 5029] <... unlink resumed>) = 0 [pid 5029] getdents64(3, 0x555555981730 /* 0 entries */, 32768) = 0 [pid 5029] close(3) = 0 [ 61.946077][ T5042] FAULT_INJECTION: forcing a failure. [ 61.946077][ T5042] name failslab, interval 1, probability 0, space 0, times 0 [ 62.011772][ T5042] CPU: 1 PID: 5042 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 62.022424][ T5042] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 62.034088][ T5042] Call Trace: [ 62.037392][ T5042] [ 62.040463][ T5042] dump_stack_lvl+0x1e7/0x2d0 [ 62.045452][ T5042] ? nf_tcp_handle_invalid+0x650/0x650 [ 62.051266][ T5042] ? panic+0x770/0x770 [ 62.055641][ T5042] ? __might_sleep+0xc0/0xc0 [ 62.060313][ T5042] should_fail_ex+0x3aa/0x4e0 [ 62.065344][ T5042] should_failslab+0x9/0x20 [ 62.069970][ T5042] slab_pre_alloc_hook+0x59/0x310 [ 62.075295][ T5042] ? __might_sleep+0xc0/0xc0 [ 62.080112][ T5042] kmem_cache_alloc+0x52/0x300 [ 62.085346][ T5042] ? getname_flags+0xbc/0x4f0 [ 62.090151][ T5042] getname_flags+0xbc/0x4f0 [ 62.094786][ T5042] user_path_at_empty+0x2c/0x60 [ 62.095301][ T1264] BTRFS info (device loop5): qgroup scan completed (inconsistency flag cleared) [ 62.101300][ T5042] __se_sys_mount+0x29a/0x3c0 [ 62.115181][ T5042] ? __x64_sys_mount+0xc0/0xc0 [ 62.119978][ T5042] ? syscall_enter_from_user_mode+0x32/0x230 [ 62.125995][ T5042] ? __x64_sys_mount+0x20/0xc0 [ 62.131068][ T5042] do_syscall_64+0x41/0xc0 [ 62.135535][ T5042] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 62.141816][ T5042] RIP: 0033:0x7f41770c949a [ 62.146499][ T5042] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 62.166316][ T5042] RSP: 002b:00007f4177084028 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 62.174957][ T5042] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f41770c949a [ 62.183170][ T5042] RDX: 0000000020000180 RSI: 0000000020000100 RDI: 0000000000000000 [ 62.191168][ T5042] RBP: 0000000020000180 R08: 00007f41770840c0 R09: 0000000000000000 [ 62.199338][ T5042] R10: 0000000001a404bc R11: 0000000000000286 R12: 0000000000000000 [pid 5029] rmdir("./0" [pid 5062] <... write resumed>) = 2 [pid 5041] <... ioctl resumed>) = 0 [pid 5041] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5041] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5029] <... rmdir resumed>) = 0 [pid 5029] mkdir("./1", 0777) = 0 [pid 5029] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5029] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5029] close(3) = 0 [pid 5029] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5063 attached [pid 5063] set_robust_list(0x5555559806a0, 24 [pid 5029] <... clone resumed>, child_tidptr=0x555555980690) = 5063 [pid 5063] <... set_robust_list resumed>) = 0 [pid 5063] chdir("./1") = 0 [pid 5063] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5063] setpgid(0, 0) = 0 [pid 5063] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5063] write(3, "1000", 4) = 4 [pid 5063] close(3) = 0 [pid 5063] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5063] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5063] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, NULL, 8) = 0 [pid 5063] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5039] <... ioctl resumed>) = 0 [pid 5063] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5063] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4177064000 [pid 5039] close(4) = 0 [pid 5039] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5039] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5063] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5063] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5063] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0} => {parent_tid=[5064]}, 88) = 5064 [pid 5063] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5063] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5063] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5064 attached [pid 5064] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053) = 0 [pid 5064] set_robust_list(0x7f41770849a0, 24) = 0 [pid 5064] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5064] memfd_create("syzkaller", 0) = 3 [pid 5064] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f416ec64000 [pid 5062] creat("./bus", 000 [pid 5032] <... futex resumed>) = 0 [pid 5032] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5039] <... futex resumed>) = 0 [pid 5032] <... futex resumed>) = 1 [pid 5039] open("./file0", O_RDONLY [pid 5032] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5039] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 5039] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5032] <... futex resumed>) = 0 [pid 5039] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5032] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5039] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5037] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5032] <... futex resumed>) = 0 [pid 5039] ioctl(-1, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5037] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5032] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5041] <... futex resumed>) = 0 [pid 5039] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5037] <... futex resumed>) = 1 [pid 5041] mkdir(".", 0777 [pid 5039] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5037] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5041] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5039] <... futex resumed>) = 1 [pid 5032] <... futex resumed>) = 0 [pid 5041] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5040] <... ioctl resumed>) = 0 [ 62.207509][ T5042] R13: 0000000020000100 R14: 0000000000000000 R15: 00007f41770840c0 [ 62.215615][ T5042] [ 62.254887][ T5062] FAULT_INJECTION: forcing a failure. [ 62.254887][ T5062] name failslab, interval 1, probability 0, space 0, times 0 [ 62.282053][ T5062] CPU: 1 PID: 5062 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 62.292888][ T5062] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 62.296074][ T5039] FAULT_INJECTION: forcing a failure. [ 62.296074][ T5039] name failslab, interval 1, probability 0, space 0, times 0 [ 62.303473][ T5062] Call Trace: [ 62.303504][ T5062] [ 62.303519][ T5062] dump_stack_lvl+0x1e7/0x2d0 [ 62.327664][ T5062] ? nf_tcp_handle_invalid+0x650/0x650 [ 62.333155][ T5062] ? panic+0x770/0x770 [ 62.337257][ T5062] ? __might_sleep+0xc0/0xc0 [ 62.341983][ T5062] should_fail_ex+0x3aa/0x4e0 [ 62.346682][ T5062] should_failslab+0x9/0x20 [ 62.351190][ T5062] slab_pre_alloc_hook+0x59/0x310 [ 62.356236][ T5062] kmem_cache_alloc+0x52/0x300 [ 62.361032][ T5062] ? alloc_extent_state+0x25/0x2e0 [ 62.366348][ T5062] alloc_extent_state+0x25/0x2e0 [ 62.371300][ T5062] __set_extent_bit+0x1c8/0x1b00 [ 62.376322][ T5062] ? __down_write_common+0x161/0x200 [ 62.381623][ T5062] ? PageUptodate+0xd7/0x290 [ 62.386299][ T5062] ? __write_extent_buffer+0x20f/0x410 [ 62.391803][ T5062] ? __asan_memcpy+0x40/0x70 [ 62.396586][ T5062] set_extent_bit+0x3b/0x50 [ 62.401099][ T5062] btrfs_alloc_tree_block+0xaf5/0x1800 [ 62.406578][ T5062] ? alloc_reserved_file_extent+0x5e0/0x5e0 [ 62.412508][ T5062] ? read_extent_buffer+0x11f/0x2a0 [ 62.417708][ T5062] ? __asan_memcpy+0x40/0x70 [ 62.422448][ T5062] __btrfs_cow_block+0x465/0x1a90 [ 62.427744][ T5062] ? btrfs_cow_block+0xa10/0xa10 [ 62.432711][ T5062] ? btrfs_qgroup_add_swapped_blocks+0x750/0x7f0 [ 62.439138][ T5062] ? rcu_is_watching+0x15/0xb0 [ 62.443918][ T5062] btrfs_cow_block+0x35e/0xa10 [ 62.448693][ T5062] btrfs_search_slot+0xbf9/0x2f80 [ 62.453741][ T5062] ? release_firmware_map_entry+0x190/0x190 [ 62.459861][ T5062] ? btrfs_find_item+0x5c0/0x5c0 [ 62.464980][ T5062] ? preempt_schedule_common+0x83/0xc0 [ 62.470457][ T5062] ? preempt_schedule+0xdd/0xf0 [ 62.475332][ T5062] ? schedule_preempt_disabled+0x20/0x20 [ 62.480992][ T5062] ? do_raw_spin_lock+0x14d/0x3a0 [ 62.486332][ T5062] btrfs_insert_empty_items+0x9c/0x180 [ 62.492496][ T5062] btrfs_create_new_inode+0x10b3/0x2710 [ 62.498060][ T5062] ? btrfs_new_inode_args_destroy+0x160/0x160 [ 62.504241][ T5062] btrfs_create_common+0x1f9/0x300 [ 62.509464][ T5062] ? btrfs_tmpfile+0x4e0/0x4e0 [ 62.514569][ T5062] ? do_raw_spin_unlock+0x13b/0x8b0 [ 62.520047][ T5062] ? btrfs_create+0x75/0x140 [ 62.524811][ T5062] ? btrfs_lookup+0x40/0x40 [ 62.529493][ T5062] path_openat+0x13e7/0x3180 [ 62.534658][ T5062] ? do_filp_open+0x490/0x490 [ 62.539817][ T5062] do_filp_open+0x234/0x490 [ 62.544821][ T5062] ? vfs_tmpfile+0x4b0/0x4b0 [ 62.549568][ T5062] ? _raw_spin_unlock+0x28/0x40 [ 62.554519][ T5062] ? alloc_fd+0x59c/0x640 [ 62.558958][ T5062] do_sys_openat2+0x13e/0x1d0 [ 62.563817][ T5062] ? do_sys_open+0x230/0x230 [ 62.568584][ T5062] ? _raw_spin_unlock_irq+0x2e/0x50 [ 62.574156][ T5062] ? ptrace_notify+0x278/0x380 [ 62.578961][ T5062] __x64_sys_creat+0x123/0x160 [ 62.583748][ T5062] ? __x64_compat_sys_openat+0x290/0x290 [ 62.589391][ T5062] ? syscall_enter_from_user_mode+0x32/0x230 [ 62.595379][ T5062] ? syscall_enter_from_user_mode+0x8c/0x230 [ 62.601370][ T5062] do_syscall_64+0x41/0xc0 [ 62.605890][ T5062] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 62.611777][ T5062] RIP: 0033:0x7f41770c8049 [ 62.616186][ T5062] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 62.636321][ T5062] RSP: 002b:00007f4177063208 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 62.645037][ T5062] RAX: ffffffffffffffda RBX: 00007f41771546d8 RCX: 00007f41770c8049 [pid 5032] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5032] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5039] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3 [pid 5039] write(3, "15", 2) = 2 [pid 5039] creat("./bus", 000) = -1 EISDIR (Is a directory) [pid 5039] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5032] <... futex resumed>) = 0 [pid 5039] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5032] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5032] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5039] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5039] mkdir(".", 0777) = -1 EEXIST (File exists) [ 62.653457][ T5062] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000040 [ 62.662210][ T5062] RBP: 00007f41771546d0 R08: 00007f4177062fa6 R09: 0000000000003531 [ 62.670268][ T5062] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f41771211d0 [ 62.678237][ T5062] R13: 00007f4177063210 R14: 0000000000000002 R15: 00007f417711c070 [ 62.686482][ T5062] [ 62.749706][ T5039] CPU: 1 PID: 5039 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 62.760263][ T5039] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 62.770366][ T5039] Call Trace: [ 62.773670][ T5039] [ 62.776627][ T5039] dump_stack_lvl+0x1e7/0x2d0 [ 62.781339][ T5039] ? nf_tcp_handle_invalid+0x650/0x650 [ 62.786930][ T5039] ? panic+0x770/0x770 [ 62.791032][ T5039] ? __might_sleep+0xc0/0xc0 [ 62.795660][ T5039] should_fail_ex+0x3aa/0x4e0 [ 62.800462][ T5039] should_failslab+0x9/0x20 [ 62.805090][ T5039] slab_pre_alloc_hook+0x59/0x310 [ 62.810498][ T5039] ? __might_sleep+0xc0/0xc0 [ 62.815303][ T5039] kmem_cache_alloc+0x52/0x300 [ 62.820215][ T5039] ? getname_flags+0xbc/0x4f0 [ 62.825104][ T5039] getname_flags+0xbc/0x4f0 [ 62.829728][ T5039] user_path_at_empty+0x2c/0x60 [ 62.834766][ T5039] __se_sys_mount+0x29a/0x3c0 [ 62.839569][ T5039] ? __x64_sys_mount+0xc0/0xc0 [ 62.844365][ T5039] ? syscall_enter_from_user_mode+0x32/0x230 [ 62.850488][ T5039] ? __x64_sys_mount+0x20/0xc0 [ 62.855317][ T5039] do_syscall_64+0x41/0xc0 [ 62.859794][ T5039] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 62.865818][ T5039] RIP: 0033:0x7f41770c949a [ 62.870271][ T5039] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 62.890255][ T5039] RSP: 002b:00007f4177084028 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [pid 5039] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5064] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5043] <... ioctl resumed>) = 0 [pid 5040] close(4 [pid 5043] close(4) = 0 [pid 5043] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5043] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5062] <... creat resumed>) = 6 [pid 5062] futex(0x7f41771546dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5062] futex(0x7f41771546d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5042] <... mount resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 5042] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5042] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5034] <... futex resumed>) = 0 [pid 5033] <... futex resumed>) = 0 [pid 5034] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5033] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5043] <... futex resumed>) = 0 [pid 5034] <... futex resumed>) = 1 [pid 5033] <... futex resumed>) = 1 [pid 5043] open("./file0", O_RDONLY [pid 5034] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5033] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5043] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 5043] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5034] <... futex resumed>) = 0 [pid 5043] ioctl(-1, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5034] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5043] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5034] <... futex resumed>) = 0 [pid 5043] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5034] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5043] <... futex resumed>) = 0 [pid 5034] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5043] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5034] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5043] <... openat resumed>) = 3 [pid 5042] <... futex resumed>) = 0 [pid 5034] <... futex resumed>) = 0 [pid 5043] write(3, "15", 2 [pid 5042] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5034] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5043] <... write resumed>) = 2 [pid 5042] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5043] creat("./bus", 000 [pid 5042] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5043] <... creat resumed>) = -1 EISDIR (Is a directory) [pid 5042] <... futex resumed>) = 1 [pid 5033] <... futex resumed>) = 0 [pid 5043] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5042] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5033] exit_group(0 [pid 5043] <... futex resumed>) = 1 [pid 5034] <... futex resumed>) = 0 [pid 5043] mkdir(".", 0777 [pid 5042] <... futex resumed>) = ? [pid 5034] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5033] <... exit_group resumed>) = ? [pid 5043] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5042] +++ exited with 0 +++ [pid 5034] <... futex resumed>) = 0 [pid 5033] +++ exited with 0 +++ [ 62.898983][ T5039] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f41770c949a [ 62.907284][ T5039] RDX: 0000000020000180 RSI: 0000000020000100 RDI: 0000000000000000 [ 62.915554][ T5039] RBP: 0000000020000180 R08: 00007f41770840c0 R09: 0000000000000000 [ 62.918020][ T5043] FAULT_INJECTION: forcing a failure. [ 62.918020][ T5043] name failslab, interval 1, probability 0, space 0, times 0 [ 62.923631][ T5039] R10: 0000000001a404bc R11: 0000000000000286 R12: 0000000000000000 [pid 5043] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5034] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5040] <... close resumed>) = 0 [pid 5028] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5033, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=41 /* 0.41 s */} --- [pid 5028] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5028] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5028] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5028] getdents64(3, 0x555555981730 /* 4 entries */, 32768) = 104 [pid 5028] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5028] newfstatat(AT_FDCWD, "./0/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5028] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5028] openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5028] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5028] getdents64(4, 0x555555989770 /* 2 entries */, 32768) = 48 [pid 5028] getdents64(4, 0x555555989770 /* 0 entries */, 32768) = 0 [pid 5028] close(4) = 0 [pid 5028] rmdir("./0/bus") = 0 [pid 5028] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5028] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5028] unlink("./0/binderfs") = 0 [pid 5028] getdents64(3, 0x555555981730 /* 0 entries */, 32768) = 0 [pid 5028] close(3) = 0 [ 62.923651][ T5039] R13: 0000000020000100 R14: 0000000000000000 R15: 00007f41770840c0 [ 62.923676][ T5039] [pid 5028] rmdir("./0") = 0 [pid 5028] mkdir("./1", 0777) = 0 [pid 5028] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5028] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5028] close(3 [pid 5040] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5028] <... close resumed>) = 0 [pid 5028] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5066 attached [pid 5066] set_robust_list(0x5555559806a0, 24 [pid 5028] <... clone resumed>, child_tidptr=0x555555980690) = 5066 [pid 5066] <... set_robust_list resumed>) = 0 [pid 5066] chdir("./1") = 0 [pid 5066] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5066] setpgid(0, 0) = 0 [pid 5066] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5066] write(3, "1000", 4 [pid 5040] <... futex resumed>) = 1 [pid 5036] <... futex resumed>) = 0 [pid 5066] <... write resumed>) = 4 [pid 5066] close(3) = 0 [pid 5066] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5040] open("./file0", O_RDONLY [pid 5036] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5040] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 5036] <... futex resumed>) = 0 [pid 5066] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5066] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, NULL, 8) = 0 [pid 5066] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5066] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4177064000 [pid 5066] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5066] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5066] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0} => {parent_tid=[5067]}, 88) = 5067 [pid 5066] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5066] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5066] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5067 attached [pid 5067] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053) = 0 [pid 5067] set_robust_list(0x7f41770849a0, 24) = 0 [pid 5067] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5067] memfd_create("syzkaller", 0) = 3 [ 63.046219][ T5041] BTRFS error (device loop5: state M): unrecognized mount option '18446744073709551615017777777777777777777770177777777777777777777718446744073709551615lbZ~Ƣ8žH~אa*Oѓ< 5^Sus%e [ 63.046219][ T5041] /ĖEaofmߚtҮ~г#a C$n-SGWmxeGy|sL=~ä_;N' [ 63.084364][ T5043] CPU: 1 PID: 5043 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [pid 5067] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f416ec64000 [pid 5041] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5041] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5037] <... futex resumed>) = 0 [pid 5037] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5037] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5041] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0) = -1 EBADF (Bad file descriptor) [pid 5041] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5037] <... futex resumed>) = 0 [pid 5041] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5037] exit_group(0 [pid 5062] <... futex resumed>) = ? [pid 5041] <... futex resumed>) = ? [pid 5037] <... exit_group resumed>) = ? [pid 5062] +++ exited with 0 +++ [pid 5041] +++ exited with 0 +++ [pid 5037] +++ exited with 0 +++ [pid 5039] <... mount resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 5039] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5032] <... futex resumed>) = 0 [ 63.095028][ T5043] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 63.105211][ T5043] Call Trace: [ 63.108614][ T5043] [ 63.111561][ T5043] dump_stack_lvl+0x1e7/0x2d0 [ 63.116283][ T5043] ? nf_tcp_handle_invalid+0x650/0x650 [ 63.122087][ T5043] ? panic+0x770/0x770 [ 63.126200][ T5043] should_fail_ex+0x3aa/0x4e0 [ 63.131001][ T5043] should_failslab+0x9/0x20 [ 63.135543][ T5043] slab_pre_alloc_hook+0x59/0x310 [ 63.140950][ T5043] ? tomoyo_encode+0x26f/0x530 [pid 5032] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5032] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5039] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0) = -1 EBADF (Bad file descriptor) [pid 5039] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5032] <... futex resumed>) = 0 [ 63.146191][ T5043] __kmem_cache_alloc_node+0x4b/0x270 [ 63.151794][ T5043] ? arch_stack_walk+0x162/0x1a0 [ 63.156774][ T5043] ? tomoyo_encode+0x26f/0x530 [ 63.161673][ T5043] __kmalloc+0xa8/0x230 [ 63.165866][ T5043] tomoyo_encode+0x26f/0x530 [ 63.170592][ T5043] tomoyo_mount_permission+0x356/0xb80 [ 63.176110][ T5043] ? __stack_depot_save+0x20/0x650 [ 63.181252][ T5043] ? tomoyo_mount_permission+0x295/0xb80 [ 63.186933][ T5043] ? tomoyo_get_name+0x510/0x510 [ 63.191968][ T5043] security_sb_mount+0x8c/0xc0 [ 63.196758][ T5043] path_mount+0xb9/0xfa0 [ 63.201003][ T5043] ? kmem_cache_free+0x292/0x500 [ 63.206022][ T5043] ? user_path_at_empty+0x4c/0x60 [ 63.211052][ T5043] __se_sys_mount+0x2d9/0x3c0 [ 63.215727][ T5043] ? __x64_sys_mount+0xc0/0xc0 [ 63.220490][ T5043] ? syscall_enter_from_user_mode+0x32/0x230 [ 63.226532][ T5043] ? __x64_sys_mount+0x20/0xc0 [ 63.231326][ T5043] do_syscall_64+0x41/0xc0 [ 63.235761][ T5043] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 63.241919][ T5043] RIP: 0033:0x7f41770c949a [ 63.246338][ T5043] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 63.266397][ T5043] RSP: 002b:00007f4177084028 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 63.274813][ T5043] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f41770c949a [ 63.282863][ T5043] RDX: 0000000020000180 RSI: 0000000020000100 RDI: 0000000000000000 [pid 5039] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5032] exit_group(0 [pid 5039] <... futex resumed>) = ? [pid 5032] <... exit_group resumed>) = ? [pid 5039] +++ exited with 0 +++ [pid 5032] +++ exited with 0 +++ [pid 5026] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5032, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=43 /* 0.43 s */} --- [pid 5026] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5026] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5026] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5026] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5026] getdents64(3, 0x555555981730 /* 4 entries */, 32768) = 104 [pid 5026] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5026] newfstatat(AT_FDCWD, "./0/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5026] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5026] openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5026] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5026] getdents64(4, 0x555555989770 /* 2 entries */, 32768) = 48 [pid 5026] getdents64(4, 0x555555989770 /* 0 entries */, 32768) = 0 [pid 5026] close(4) = 0 [pid 5026] rmdir("./0/bus") = 0 [pid 5026] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5026] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5026] unlink("./0/binderfs") = 0 [pid 5026] getdents64(3, 0x555555981730 /* 0 entries */, 32768) = 0 [pid 5026] close(3) = 0 [pid 5026] rmdir("./0") = 0 [pid 5026] mkdir("./1", 0777) = 0 [pid 5026] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5026] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5026] close(3) = 0 [pid 5026] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5068 attached [pid 5068] set_robust_list(0x5555559806a0, 24) = 0 [pid 5040] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5036] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5030] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5037, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=41 /* 0.41 s */} --- [pid 5026] <... clone resumed>, child_tidptr=0x555555980690) = 5068 [pid 5040] <... futex resumed>) = 0 [pid 5036] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5064] <... write resumed>) = 16777216 [pid 5064] munmap(0x7f416ec64000, 138412032 [pid 5036] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5040] ioctl(-1, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5036] <... futex resumed>) = 0 [pid 5036] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5064] <... munmap resumed>) = 0 [pid 5043] <... mount resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 5040] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5030] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [ 63.290826][ T5043] RBP: 0000000020000180 R08: 00007f41770840c0 R09: 0000000000000000 [ 63.298962][ T5043] R10: 0000000001a404bc R11: 0000000000000286 R12: 0000000000000000 [ 63.307288][ T5043] R13: 0000000020000100 R14: 0000000000000000 R15: 00007f41770840c0 [ 63.315394][ T5043] [pid 5064] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5043] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5030] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] chdir("./1" [pid 5064] <... openat resumed>) = 4 [pid 5040] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5030] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5068] <... chdir resumed>) = 0 [pid 5064] ioctl(4, LOOP_SET_FD, 3 [pid 5043] <... futex resumed>) = 1 [pid 5040] <... futex resumed>) = 1 [pid 5036] <... futex resumed>) = 0 [pid 5034] <... futex resumed>) = 0 [pid 5030] <... openat resumed>) = 3 [pid 5040] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5036] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5034] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5040] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5036] <... futex resumed>) = 0 [pid 5034] <... futex resumed>) = 0 [pid 5040] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5036] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5034] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5040] <... openat resumed>) = 3 [pid 5040] write(3, "15", 2) = 2 [pid 5040] creat("./bus", 000) = -1 EISDIR (Is a directory) [pid 5040] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5036] <... futex resumed>) = 0 [pid 5040] <... futex resumed>) = 1 [pid 5036] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5040] mkdir(".", 0777 [pid 5036] <... futex resumed>) = 0 [pid 5040] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5036] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5064] <... ioctl resumed>) = 0 [pid 5043] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5040] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5030] newfstatat(3, "", [pid 5068] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5064] close(3 [pid 5043] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5030] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5030] getdents64(3, [pid 5064] <... close resumed>) = 0 [pid 5043] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] mkdir("./bus", 0777 [pid 5043] <... futex resumed>) = 1 [pid 5034] <... futex resumed>) = 0 [pid 5043] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5030] <... getdents64 resumed>0x555555981730 /* 4 entries */, 32768) = 104 [pid 5034] exit_group(0) = ? [pid 5064] <... mkdir resumed>) = 0 [pid 5043] <... futex resumed>) = ? [ 63.360798][ T5064] loop4: detected capacity change from 0 to 32768 [ 63.368033][ T5040] FAULT_INJECTION: forcing a failure. [ 63.368033][ T5040] name failslab, interval 1, probability 0, space 0, times 0 [ 63.385783][ T5040] CPU: 0 PID: 5040 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 63.396611][ T5040] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 63.407067][ T5040] Call Trace: [pid 5030] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... prctl resumed>) = 0 [pid 5067] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5064] mount("/dev/loop4", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5043] +++ exited with 0 +++ [pid 5034] +++ exited with 0 +++ [pid 5068] setpgid(0, 0) = 0 [pid 5068] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5068] write(3, "1000", 4) = 4 [pid 5068] close(3) = 0 [pid 5068] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5068] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5068] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, NULL, 8) = 0 [pid 5068] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5068] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4177064000 [pid 5068] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5068] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5068] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0} => {parent_tid=[5069]}, 88) = 5069 [pid 5068] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5068] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 63.410535][ T5040] [ 63.413474][ T5040] dump_stack_lvl+0x1e7/0x2d0 [ 63.418275][ T5040] ? nf_tcp_handle_invalid+0x650/0x650 [ 63.424649][ T5040] ? panic+0x770/0x770 [ 63.428779][ T5040] should_fail_ex+0x3aa/0x4e0 [ 63.433884][ T5040] should_failslab+0x9/0x20 [ 63.438691][ T5040] slab_pre_alloc_hook+0x59/0x310 [ 63.444474][ T5040] ? tomoyo_encode+0x26f/0x530 [ 63.449443][ T5040] __kmem_cache_alloc_node+0x4b/0x270 [ 63.454929][ T5040] ? arch_stack_walk+0x162/0x1a0 [ 63.460065][ T5040] ? tomoyo_encode+0x26f/0x530 [ 63.465390][ T5040] __kmalloc+0xa8/0x230 [ 63.469601][ T5040] tomoyo_encode+0x26f/0x530 [ 63.474593][ T5040] tomoyo_mount_permission+0x356/0xb80 [ 63.480384][ T5040] ? __stack_depot_save+0x20/0x650 [ 63.485609][ T5040] ? tomoyo_mount_permission+0x295/0xb80 [ 63.491474][ T5040] ? tomoyo_get_name+0x510/0x510 [ 63.496598][ T5040] security_sb_mount+0x8c/0xc0 [ 63.501491][ T5040] path_mount+0xb9/0xfa0 [ 63.505852][ T5040] ? kmem_cache_free+0x292/0x500 [ 63.511437][ T5040] ? user_path_at_empty+0x4c/0x60 [ 63.516577][ T5040] __se_sys_mount+0x2d9/0x3c0 [ 63.521287][ T5040] ? __x64_sys_mount+0xc0/0xc0 [ 63.526234][ T5040] ? syscall_enter_from_user_mode+0x32/0x230 [ 63.532480][ T5040] ? __x64_sys_mount+0x20/0xc0 [ 63.537627][ T5040] do_syscall_64+0x41/0xc0 [ 63.542064][ T5040] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 63.548237][ T5040] RIP: 0033:0x7f41770c949a [ 63.552743][ T5040] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 63.573074][ T5040] RSP: 002b:00007f4177084028 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 63.581672][ T5040] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f41770c949a [ 63.589730][ T5040] RDX: 0000000020000180 RSI: 0000000020000100 RDI: 0000000000000000 [ 63.597789][ T5040] RBP: 0000000020000180 R08: 00007f41770840c0 R09: 0000000000000000 [pid 5068] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5069 attached [pid 5069] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053 [pid 5025] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5034, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=68 /* 0.68 s */} --- [pid 5069] <... rseq resumed>) = 0 [pid 5064] <... mount resumed>) = -1 EEXIST (File exists) [pid 5040] <... mount resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 5025] restart_syscall(<... resuming interrupted clone ...> [pid 5069] set_robust_list(0x7f41770849a0, 24 [pid 5064] ioctl(4, LOOP_CLR_FD [pid 5040] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5025] <... restart_syscall resumed>) = 0 [pid 5069] <... set_robust_list resumed>) = 0 [pid 5040] <... futex resumed>) = 1 [pid 5069] rt_sigprocmask(SIG_SETMASK, [], [pid 5040] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5069] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5025] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] memfd_create("syzkaller", 0 [pid 5025] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5025] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5069] <... memfd_create resumed>) = 3 [pid 5025] <... openat resumed>) = 3 [pid 5069] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5036] <... futex resumed>) = 0 [pid 5025] newfstatat(3, "", [pid 5069] <... mmap resumed>) = 0x7f416ec64000 [pid 5036] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5025] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5040] <... futex resumed>) = 0 [ 63.605754][ T5040] R10: 0000000001a404bc R11: 0000000000000286 R12: 0000000000000000 [ 63.613752][ T5040] R13: 0000000020000100 R14: 0000000000000000 R15: 00007f41770840c0 [ 63.621992][ T5040] [ 63.625334][ T5064] BTRFS warning: duplicate device /dev/loop4 devid 1 generation 8 scanned by syz-executor340 (5064) [pid 5036] <... futex resumed>) = 1 [pid 5025] getdents64(3, [pid 5036] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5025] <... getdents64 resumed>0x555555981730 /* 4 entries */, 32768) = 104 [pid 5025] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5025] newfstatat(AT_FDCWD, "./0/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5025] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5025] openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5025] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5025] getdents64(4, 0x555555989770 /* 2 entries */, 32768) = 48 [pid 5025] getdents64(4, 0x555555989770 /* 0 entries */, 32768) = 0 [pid 5025] close(4) = 0 [pid 5025] rmdir("./0/bus") = 0 [pid 5040] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5025] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5025] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5025] unlink("./0/binderfs") = 0 [pid 5040] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5025] getdents64(3, [pid 5040] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5025] <... getdents64 resumed>0x555555981730 /* 0 entries */, 32768) = 0 [pid 5040] <... futex resumed>) = 1 [pid 5036] <... futex resumed>) = 0 [pid 5025] close(3 [pid 5040] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5036] exit_group(0 [pid 5025] <... close resumed>) = 0 [pid 5040] <... futex resumed>) = ? [pid 5036] <... exit_group resumed>) = ? [pid 5025] rmdir("./0" [pid 5040] +++ exited with 0 +++ [pid 5025] <... rmdir resumed>) = 0 [pid 5036] +++ exited with 0 +++ [pid 5027] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5036, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=43 /* 0.43 s */} --- [pid 5025] mkdir("./1", 0777 [pid 5027] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5027] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5027] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5027] getdents64(3, 0x555555981730 /* 4 entries */, 32768) = 104 [pid 5027] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5027] newfstatat(AT_FDCWD, "./0/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5027] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5027] openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5027] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5027] getdents64(4, 0x555555989770 /* 2 entries */, 32768) = 48 [pid 5027] getdents64(4, 0x555555989770 /* 0 entries */, 32768) = 0 [pid 5027] close(4) = 0 [pid 5027] rmdir("./0/bus") = 0 [pid 5027] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5027] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5027] unlink("./0/binderfs") = 0 [pid 5027] getdents64(3, 0x555555981730 /* 0 entries */, 32768) = 0 [pid 5027] close(3 [pid 5025] <... mkdir resumed>) = 0 [pid 5027] <... close resumed>) = 0 [pid 5027] rmdir("./0") = 0 [pid 5027] mkdir("./1", 0777) = 0 [pid 5025] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5025] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5025] close(3 [pid 5027] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5025] <... close resumed>) = 0 [pid 5025] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5027] <... openat resumed>) = 3 [pid 5027] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5027] close(3./strace-static-x86_64: Process 5070 attached ) = 0 [pid 5070] set_robust_list(0x5555559806a0, 24 [pid 5027] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5025] <... clone resumed>, child_tidptr=0x555555980690) = 5070 ./strace-static-x86_64: Process 5071 attached [pid 5070] <... set_robust_list resumed>) = 0 [pid 5027] <... clone resumed>, child_tidptr=0x555555980690) = 5071 [pid 5070] chdir("./1") = 0 [pid 5071] set_robust_list(0x5555559806a0, 24 [pid 5070] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5071] <... set_robust_list resumed>) = 0 [pid 5070] <... prctl resumed>) = 0 [pid 5071] chdir("./1" [pid 5070] setpgid(0, 0 [pid 5071] <... chdir resumed>) = 0 [pid 5070] <... setpgid resumed>) = 0 [pid 5071] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5070] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5071] <... prctl resumed>) = 0 [pid 5070] write(3, "1000", 4) = 4 [pid 5070] close(3 [pid 5071] setpgid(0, 0 [pid 5070] <... close resumed>) = 0 [pid 5071] <... setpgid resumed>) = 0 [pid 5070] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5071] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5070] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5070] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, [pid 5071] write(3, "1000", 4) = 4 [pid 5071] close(3) = 0 [pid 5071] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5071] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5070] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5071] <... futex resumed>) = 0 [pid 5070] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5070] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5071] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, [pid 5070] <... mmap resumed>) = 0x7f4177064000 [pid 5071] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5070] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE [pid 5071] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5071] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5070] <... mprotect resumed>) = 0 [pid 5071] <... mmap resumed>) = 0x7f4177064000 [pid 5070] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5070] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0} => {parent_tid=[5072]}, 88) = 5072 [pid 5070] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5070] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5070] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5072 attached [pid 5071] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE [pid 5072] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053 [pid 5071] <... mprotect resumed>) = 0 [pid 5072] <... rseq resumed>) = 0 [pid 5071] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5072] set_robust_list(0x7f41770849a0, 24) = 0 [pid 5072] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5071] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5072] memfd_create("syzkaller", 0 [pid 5071] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0}./strace-static-x86_64: Process 5073 attached [pid 5072] <... memfd_create resumed>) = 3 [pid 5073] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053 [pid 5072] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5071] <... clone3 resumed> => {parent_tid=[5073]}, 88) = 5073 [pid 5073] <... rseq resumed>) = 0 [pid 5072] <... mmap resumed>) = 0x7f416ec64000 [pid 5071] rt_sigprocmask(SIG_SETMASK, [], [pid 5073] set_robust_list(0x7f41770849a0, 24 [pid 5071] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5073] <... set_robust_list resumed>) = 0 [pid 5071] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5073] rt_sigprocmask(SIG_SETMASK, [], [pid 5071] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5073] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5073] memfd_create("syzkaller", 0) = 3 [pid 5073] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f416ec64000 [pid 5067] <... write resumed>) = 16777216 [pid 5067] munmap(0x7f416ec64000, 138412032) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5067] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5067] close(3) = 0 [ 63.983963][ T5067] loop3: detected capacity change from 0 to 32768 [pid 5067] mkdir("./bus", 0777) = 0 [ 64.024252][ T5067] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop3 scanned by syz-executor340 (5067) [pid 5067] mount("/dev/loop3", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5069] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5064] <... ioctl resumed>) = 0 [pid 5064] close(4) = 0 [pid 5064] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5064] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5063] <... futex resumed>) = 0 [pid 5063] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... futex resumed>) = 0 [pid 5063] <... futex resumed>) = 1 [pid 5064] open("./file0", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5063] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5064] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5064] <... futex resumed>) = 0 [pid 5063] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] ioctl(-1, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5063] <... futex resumed>) = 0 [pid 5064] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5064] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5064] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5063] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [ 64.074279][ T5067] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 64.112808][ T5067] BTRFS info (device loop3): doing ref verification [pid 5063] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... futex resumed>) = 0 [pid 5063] <... futex resumed>) = 1 [pid 5064] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5063] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5064] <... openat resumed>) = 3 [pid 5064] write(3, "15", 2) = 2 [pid 5064] creat("./bus", 000) = -1 EISDIR (Is a directory) [pid 5064] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5064] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5063] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5063] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5064] <... futex resumed>) = 0 [pid 5064] mkdir(".", 0777) = -1 EEXIST (File exists) [ 64.153214][ T5067] BTRFS warning (device loop3): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 64.184880][ T5064] FAULT_INJECTION: forcing a failure. [ 64.184880][ T5064] name fail_usercopy, interval 1, probability 0, space 0, times 1 [pid 5063] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5064] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [ 64.192095][ T5067] BTRFS info (device loop3): force zlib compression, level 3 [ 64.225375][ T5064] CPU: 1 PID: 5064 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 64.236219][ T5064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 64.236434][ T5067] BTRFS info (device loop3): allowing degraded mounts [ 64.246274][ T5064] Call Trace: [ 64.246291][ T5064] [ 64.246298][ T5064] dump_stack_lvl+0x1e7/0x2d0 [ 64.246327][ T5064] ? nf_tcp_handle_invalid+0x650/0x650 [ 64.269816][ T5064] ? panic+0x770/0x770 [ 64.272082][ T5067] BTRFS info (device loop3): using free space tree [ 64.273990][ T5064] should_fail_ex+0x3aa/0x4e0 [ 64.285218][ T5064] strncpy_from_user+0x36/0x2e0 [ 64.290192][ T5064] getname_flags+0xf9/0x4f0 [ 64.294736][ T5064] user_path_at_empty+0x2c/0x60 [ 64.299620][ T5064] __se_sys_mount+0x29a/0x3c0 [ 64.304331][ T5064] ? __x64_sys_mount+0xc0/0xc0 [ 64.309301][ T5064] ? syscall_enter_from_user_mode+0x32/0x230 [ 64.315310][ T5064] ? __x64_sys_mount+0x20/0xc0 [ 64.320187][ T5064] do_syscall_64+0x41/0xc0 [ 64.324889][ T5064] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 64.330802][ T5064] RIP: 0033:0x7f41770c949a [ 64.335413][ T5064] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 64.356337][ T5064] RSP: 002b:00007f4177084028 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 64.364935][ T5064] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f41770c949a [pid 5072] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5030] <... umount2 resumed>) = 0 [pid 5073] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5069] <... write resumed>) = 16777216 [pid 5064] <... mount resumed>) = -1 EFAULT (Bad address) [ 64.373641][ T5064] RDX: 0000000020000180 RSI: 0000000020000100 RDI: 0000000000000000 [ 64.381708][ T5064] RBP: 0000000020000180 R08: 00007f41770840c0 R09: 0000000000000000 [ 64.389811][ T5064] R10: 0000000001a404bc R11: 0000000000000286 R12: 0000000000000000 [ 64.397977][ T5064] R13: 0000000020000100 R14: 0000000000000000 R15: 00007f41770840c0 [ 64.406046][ T5064] [pid 5030] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] munmap(0x7f416ec64000, 138412032 [pid 5064] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5030] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5063] <... futex resumed>) = 0 [pid 5063] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... futex resumed>) = 1 [pid 5063] <... futex resumed>) = 0 [pid 5030] newfstatat(AT_FDCWD, "./0/bus", [pid 5064] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5063] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5030] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5030] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5064] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5030] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5030] openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5030] newfstatat(4, "", [pid 5064] <... futex resumed>) = 1 [pid 5063] <... futex resumed>) = 0 [pid 5030] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] exit_group(0) = ? [pid 5030] getdents64(4, 0x555555989770 /* 2 entries */, 32768) = 48 [pid 5030] getdents64(4, 0x555555989770 /* 0 entries */, 32768) = 0 [pid 5030] close(4) = 0 [pid 5030] rmdir("./0/bus") = 0 [pid 5030] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5030] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5030] unlink("./0/binderfs") = 0 [pid 5030] getdents64(3, 0x555555981730 /* 0 entries */, 32768) = 0 [pid 5030] close(3) = 0 [pid 5030] rmdir("./0") = 0 [pid 5030] mkdir("./1", 0777 [pid 5064] +++ exited with 0 +++ [pid 5063] +++ exited with 0 +++ [pid 5029] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5063, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=35 /* 0.35 s */} --- [pid 5030] <... mkdir resumed>) = 0 [pid 5029] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5029] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5029] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5029] newfstatat(3, "", [pid 5030] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5029] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5069] <... munmap resumed>) = 0 [pid 5030] ioctl(3, LOOP_CLR_FD [pid 5029] getdents64(3, [pid 5030] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5030] close(3) = 0 [pid 5030] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5086 attached [pid 5069] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5029] <... getdents64 resumed>0x555555981730 /* 4 entries */, 32768) = 104 [pid 5086] set_robust_list(0x5555559806a0, 24 [pid 5030] <... clone resumed>, child_tidptr=0x555555980690) = 5086 [pid 5086] <... set_robust_list resumed>) = 0 [pid 5086] chdir("./1") = 0 [pid 5086] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5086] setpgid(0, 0) = 0 [pid 5086] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5086] write(3, "1000", 4) = 4 [pid 5086] close(3) = 0 [pid 5086] symlink("/dev/binderfs", "./binderfs" [pid 5029] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] <... symlink resumed>) = 0 [pid 5069] <... openat resumed>) = 4 [pid 5029] newfstatat(AT_FDCWD, "./1/bus", [pid 5086] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5029] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5029] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] ioctl(4, LOOP_SET_FD, 3 [pid 5086] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, NULL, 8) = 0 [pid 5086] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5086] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4177064000 [pid 5086] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5086] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5086] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0} [pid 5029] openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5029] newfstatat(4, "", ./strace-static-x86_64: Process 5088 attached [pid 5086] <... clone3 resumed> => {parent_tid=[5088]}, 88) = 5088 [pid 5088] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053) = 0 [pid 5086] rt_sigprocmask(SIG_SETMASK, [], [pid 5088] set_robust_list(0x7f41770849a0, 24 [pid 5086] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5088] <... set_robust_list resumed>) = 0 [pid 5086] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5088] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5086] <... futex resumed>) = 0 [pid 5086] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5088] memfd_create("syzkaller", 0 [pid 5029] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5029] getdents64(4, [pid 5088] <... memfd_create resumed>) = 3 [pid 5029] <... getdents64 resumed>0x555555989770 /* 2 entries */, 32768) = 48 [pid 5029] getdents64(4, 0x555555989770 /* 0 entries */, 32768) = 0 [pid 5088] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5029] close(4 [pid 5088] <... mmap resumed>) = 0x7f416ec64000 [pid 5029] <... close resumed>) = 0 [pid 5029] rmdir("./1/bus") = 0 [pid 5029] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5029] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5029] unlink("./1/binderfs" [pid 5069] <... ioctl resumed>) = 0 [pid 5029] <... unlink resumed>) = 0 [pid 5069] close(3 [pid 5029] getdents64(3, 0x555555981730 /* 0 entries */, 32768) = 0 [pid 5029] close(3) = 0 [pid 5069] <... close resumed>) = 0 [pid 5029] rmdir("./1" [ 64.535998][ T5069] loop1: detected capacity change from 0 to 32768 [pid 5069] mkdir("./bus", 0777 [pid 5029] <... rmdir resumed>) = 0 [pid 5069] <... mkdir resumed>) = 0 [pid 5029] mkdir("./2", 0777 [pid 5069] mount("/dev/loop1", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5029] <... mkdir resumed>) = 0 [pid 5029] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5029] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5029] close(3) = 0 [pid 5029] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5091 attached , child_tidptr=0x555555980690) = 5091 [pid 5091] set_robust_list(0x5555559806a0, 24) = 0 [pid 5091] chdir("./2") = 0 [pid 5091] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5091] setpgid(0, 0) = 0 [ 64.598534][ T5067] BTRFS info (device loop3): auto enabling async discard [ 64.611257][ T5069] BTRFS warning: duplicate device /dev/loop1 devid 1 generation 8 scanned by syz-executor340 (5069) [pid 5091] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5091] write(3, "1000", 4) = 4 [pid 5069] <... mount resumed>) = -1 EEXIST (File exists) [pid 5091] close(3) = 0 [pid 5091] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5091] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5091] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, [pid 5069] ioctl(4, LOOP_CLR_FD [pid 5091] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5091] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5091] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5073] <... write resumed>) = 16777216 [pid 5091] <... mmap resumed>) = 0x7f4177064000 [pid 5073] munmap(0x7f416ec64000, 138412032 [pid 5067] <... mount resumed>) = 0 [pid 5091] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE [pid 5067] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5091] <... mprotect resumed>) = 0 [pid 5067] <... openat resumed>) = 3 [pid 5091] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5067] chdir("./bus") = 0 [pid 5091] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5067] ioctl(4, LOOP_CLR_FD [pid 5091] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0} [pid 5067] <... ioctl resumed>) = 0 [pid 5067] close(4./strace-static-x86_64: Process 5092 attached [pid 5073] <... munmap resumed>) = 0 [pid 5067] <... close resumed>) = 0 [pid 5092] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053 [pid 5091] <... clone3 resumed> => {parent_tid=[5092]}, 88) = 5092 [pid 5067] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5092] <... rseq resumed>) = 0 [pid 5091] rt_sigprocmask(SIG_SETMASK, [], [pid 5067] <... futex resumed>) = 1 [pid 5066] <... futex resumed>) = 0 [pid 5092] set_robust_list(0x7f41770849a0, 24 [pid 5091] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5067] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5066] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5092] <... set_robust_list resumed>) = 0 [pid 5091] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] <... openat resumed>) = 4 [pid 5067] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5066] <... futex resumed>) = 0 [pid 5092] rt_sigprocmask(SIG_SETMASK, [], [pid 5091] <... futex resumed>) = 0 [pid 5067] open("./file0", O_RDONLY [pid 5066] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5067] <... open resumed>) = 4 [pid 5067] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5067] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5092] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5091] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5092] memfd_create("syzkaller", 0 [pid 5073] ioctl(4, LOOP_SET_FD, 3 [pid 5066] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5092] <... memfd_create resumed>) = 3 [pid 5092] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5066] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5067] <... futex resumed>) = 0 [pid 5066] <... futex resumed>) = 1 [pid 5092] <... mmap resumed>) = 0x7f416ec64000 [pid 5073] <... ioctl resumed>) = 0 [pid 5067] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5066] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] close(3) = 0 [pid 5073] mkdir("./bus", 0777) = 0 [ 64.731684][ T5073] loop2: detected capacity change from 0 to 32768 [pid 5073] mount("/dev/loop2", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5066] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5066] futex(0x7f41771546dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5066] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4177043000 [pid 5067] <... ioctl resumed>) = 0 [pid 5066] mprotect(0x7f4177044000, 131072, PROT_READ|PROT_WRITE [pid 5067] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5066] <... mprotect resumed>) = 0 [ 64.780561][ T5073] BTRFS warning: duplicate device /dev/loop2 devid 1 generation 8 scanned by syz-executor340 (5073) [pid 5067] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5066] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5066] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177063990, parent_tid=0x7f4177063990, exit_signal=0, stack=0x7f4177043000, stack_size=0x20300, tls=0x7f41770636c0} [pid 5073] <... mount resumed>) = -1 EEXIST (File exists) [pid 5073] ioctl(4, LOOP_CLR_FD [pid 5066] <... clone3 resumed> => {parent_tid=[5093]}, 88) = 5093 [pid 5066] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 5093 attached [pid 5066] futex(0x7f41771546d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] <... write resumed>) = 16777216 [pid 5066] <... futex resumed>) = 0 [pid 5093] rseq(0x7f4177063fe0, 0x20, 0, 0x53053053 [pid 5066] futex(0x7f41771546dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5093] <... rseq resumed>) = 0 [pid 5093] set_robust_list(0x7f41770639a0, 24 [pid 5072] munmap(0x7f416ec64000, 138412032 [pid 5093] <... set_robust_list resumed>) = 0 [pid 5093] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5093] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 5093] write(5, "15", 2) = 2 [pid 5093] creat("./bus", 000 [pid 5072] <... munmap resumed>) = 0 [pid 5072] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5066] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5066] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5067] <... futex resumed>) = 0 [pid 5066] <... futex resumed>) = 1 [ 64.886788][ T2430] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [ 64.905173][ T5093] FAULT_INJECTION: forcing a failure. [ 64.905173][ T5093] name failslab, interval 1, probability 0, space 0, times 0 [pid 5072] <... openat resumed>) = 4 [pid 5067] mkdir(".", 0777 [pid 5066] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5072] ioctl(4, LOOP_SET_FD, 3 [pid 5067] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5067] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5088] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5072] <... ioctl resumed>) = 0 [pid 5072] close(3) = 0 [ 64.934422][ T5072] loop0: detected capacity change from 0 to 32768 [ 64.972053][ T5093] CPU: 0 PID: 5093 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 64.983049][ T5093] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 64.993833][ T5093] Call Trace: [ 64.997663][ T5093] [ 65.001003][ T5093] dump_stack_lvl+0x1e7/0x2d0 [ 65.005726][ T5093] ? nf_tcp_handle_invalid+0x650/0x650 [ 65.011334][ T5093] ? panic+0x770/0x770 [ 65.018767][ T5093] should_fail_ex+0x3aa/0x4e0 [ 65.024103][ T5093] should_failslab+0x9/0x20 [ 65.028717][ T5093] slab_pre_alloc_hook+0x59/0x310 [ 65.034192][ T5093] ? btrfs_record_root_in_trans+0x16e/0x180 [ 65.040280][ T5093] kmem_cache_alloc+0x52/0x300 [ 65.045067][ T5093] ? btrfs_create_new_inode+0x251/0x2710 [ 65.050909][ T5093] btrfs_create_new_inode+0x251/0x2710 [ 65.056586][ T5093] ? __mutex_unlock_slowpath+0x21c/0x750 [ 65.062541][ T5093] ? btrfs_new_inode_args_destroy+0x160/0x160 [pid 5072] mkdir("./bus", 0777 [ 65.068949][ T5093] btrfs_create_common+0x1f9/0x300 [ 65.074201][ T5093] ? btrfs_tmpfile+0x4e0/0x4e0 [ 65.079013][ T5093] ? do_raw_spin_unlock+0x13b/0x8b0 [ 65.084459][ T5093] ? btrfs_create+0x75/0x140 [ 65.089161][ T5093] ? btrfs_lookup+0x40/0x40 [ 65.094237][ T5093] path_openat+0x13e7/0x3180 [ 65.098903][ T5093] ? do_filp_open+0x490/0x490 [ 65.103817][ T5093] do_filp_open+0x234/0x490 [ 65.108468][ T5093] ? vfs_tmpfile+0x4b0/0x4b0 [ 65.113116][ T5093] ? _raw_spin_unlock+0x28/0x40 [ 65.118174][ T5093] ? alloc_fd+0x59c/0x640 [pid 5092] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5069] <... ioctl resumed>) = 0 [ 65.122550][ T5093] do_sys_openat2+0x13e/0x1d0 [ 65.127291][ T5093] ? do_sys_open+0x230/0x230 [ 65.131927][ T5093] ? _raw_spin_unlock_irq+0x2e/0x50 [ 65.137267][ T5093] ? ptrace_notify+0x278/0x380 [ 65.142431][ T5093] __x64_sys_creat+0x123/0x160 [ 65.147270][ T5093] ? __x64_compat_sys_openat+0x290/0x290 [ 65.152956][ T5093] ? syscall_enter_from_user_mode+0x32/0x230 [ 65.159052][ T5093] ? syscall_enter_from_user_mode+0x8c/0x230 [ 65.165097][ T5093] do_syscall_64+0x41/0xc0 [pid 5069] close(4) = 0 [pid 5069] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5069] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5068] <... futex resumed>) = 0 [pid 5068] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] <... futex resumed>) = 0 [pid 5068] <... futex resumed>) = 1 [pid 5069] open("./file0", O_RDONLY [pid 5068] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5069] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 5069] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5068] <... futex resumed>) = 0 [pid 5069] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5068] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5068] <... futex resumed>) = 0 [pid 5069] ioctl(-1, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = -1 EBADF (Bad file descriptor) [pid 5069] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 65.169723][ T5093] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 65.175645][ T5093] RIP: 0033:0x7f41770c8049 [ 65.180182][ T5093] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 65.200261][ T5093] RSP: 002b:00007f4177063208 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 65.208725][ T5093] RAX: ffffffffffffffda RBX: 00007f41771546d8 RCX: 00007f41770c8049 [pid 5069] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5068] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5068] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] <... futex resumed>) = 0 [pid 5068] <... futex resumed>) = 1 [pid 5069] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5068] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5069] <... openat resumed>) = 3 [pid 5069] write(3, "15", 2) = 2 [pid 5069] creat("./bus", 000) = -1 EISDIR (Is a directory) [pid 5069] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5068] <... futex resumed>) = 0 [pid 5069] mkdir(".", 0777 [pid 5068] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5068] <... futex resumed>) = 0 [pid 5069] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5068] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5072] <... mkdir resumed>) = 0 [ 65.216753][ T5093] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000040 [ 65.224849][ T5093] RBP: 00007f41771546d0 R08: 00007f4177062fa6 R09: 0000000000003531 [ 65.232859][ T5093] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f41771211d0 [ 65.240892][ T5093] R13: 00007f4177063210 R14: 0000000000000002 R15: 00007f417711c070 [ 65.249094][ T5093] [ 65.255273][ T5069] FAULT_INJECTION: forcing a failure. [ 65.255273][ T5069] name failslab, interval 1, probability 0, space 0, times 0 [pid 5072] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5093] <... creat resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 5093] futex(0x7f41771546dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 65.352095][ T5069] CPU: 0 PID: 5069 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 65.362708][ T5069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 65.372888][ T5069] Call Trace: [ 65.376273][ T5069] [ 65.379292][ T5069] dump_stack_lvl+0x1e7/0x2d0 [ 65.384101][ T5069] ? nf_tcp_handle_invalid+0x650/0x650 [ 65.389785][ T5069] ? panic+0x770/0x770 [ 65.393892][ T5069] should_fail_ex+0x3aa/0x4e0 [ 65.398507][ T5067] BTRFS error (device loop3: state M): unrecognized mount option '18446744073709551615017777777777777777777770177777777777777777777718446744073709551615lbZ~Ƣ8žH~אa*Oѓ< 5^Sus%e [ 65.398507][ T5067] /ĖEaofmߚtҮ~г#a C$n-SGWmxeGy|sL=~ä_;N' [ 65.398600][ T5069] should_failslab+0x9/0x20 [ 65.433677][ T5069] slab_pre_alloc_hook+0x59/0x310 [ 65.438950][ T5069] ? tomoyo_encode+0x26f/0x530 [ 65.443818][ T5069] __kmem_cache_alloc_node+0x4b/0x270 [pid 5093] futex(0x7f41771546d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5072] <... mount resumed>) = -1 EEXIST (File exists) [ 65.449325][ T5069] ? arch_stack_walk+0x162/0x1a0 [ 65.452197][ T5072] BTRFS warning: duplicate device /dev/loop0 devid 1 generation 8 scanned by syz-executor340 (5072) [ 65.454446][ T5069] ? tomoyo_encode+0x26f/0x530 [ 65.470159][ T5069] __kmalloc+0xa8/0x230 [ 65.474353][ T5069] tomoyo_encode+0x26f/0x530 [ 65.479337][ T5069] tomoyo_mount_permission+0x356/0xb80 [ 65.484929][ T5069] ? __stack_depot_save+0x20/0x650 [ 65.490669][ T5069] ? tomoyo_mount_permission+0x295/0xb80 [ 65.496441][ T5069] ? tomoyo_get_name+0x510/0x510 [pid 5072] ioctl(4, LOOP_CLR_FD [pid 5067] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5067] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5066] <... futex resumed>) = 0 [pid 5067] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5066] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5067] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5066] <... futex resumed>) = 0 [pid 5067] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5067] <... futex resumed>) = 0 [pid 5066] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5067] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5066] exit_group(0 [pid 5093] <... futex resumed>) = ? [pid 5067] <... futex resumed>) = ? [pid 5066] <... exit_group resumed>) = ? [pid 5093] +++ exited with 0 +++ [pid 5067] +++ exited with 0 +++ [pid 5066] +++ exited with 0 +++ [pid 5028] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5066, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=35 /* 0.35 s */} --- [pid 5028] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5028] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5028] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5028] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5028] getdents64(3, 0x555555981730 /* 4 entries */, 32768) = 104 [ 65.501555][ T5069] security_sb_mount+0x8c/0xc0 [ 65.506447][ T5069] path_mount+0xb9/0xfa0 [ 65.510814][ T5069] ? kmem_cache_free+0x292/0x500 [ 65.515898][ T5069] ? user_path_at_empty+0x4c/0x60 [ 65.521128][ T5069] __se_sys_mount+0x2d9/0x3c0 [ 65.525836][ T5069] ? __x64_sys_mount+0xc0/0xc0 [ 65.530818][ T5069] ? syscall_enter_from_user_mode+0x32/0x230 [ 65.536834][ T5069] ? __x64_sys_mount+0x20/0xc0 [ 65.541728][ T5069] do_syscall_64+0x41/0xc0 [ 65.546490][ T5069] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 65.552425][ T5069] RIP: 0033:0x7f41770c949a [ 65.557009][ T5069] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 65.576930][ T5069] RSP: 002b:00007f4177084028 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 65.585408][ T5069] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f41770c949a [ 65.593844][ T5069] RDX: 0000000020000180 RSI: 0000000020000100 RDI: 0000000000000000 [pid 5028] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5073] <... ioctl resumed>) = 0 [pid 5069] <... mount resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 5073] close(4 [pid 5069] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] <... close resumed>) = 0 [pid 5069] <... futex resumed>) = 1 [pid 5068] <... futex resumed>) = 0 [pid 5073] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5068] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] <... futex resumed>) = 1 [pid 5071] <... futex resumed>) = 0 [pid 5069] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5068] <... futex resumed>) = 0 [ 65.602212][ T5069] RBP: 0000000020000180 R08: 00007f41770840c0 R09: 0000000000000000 [ 65.610485][ T5069] R10: 0000000001a404bc R11: 0000000000000286 R12: 0000000000000000 [ 65.618573][ T5069] R13: 0000000020000100 R14: 0000000000000000 R15: 00007f41770840c0 [ 65.627028][ T5069] [pid 5073] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5071] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5068] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5071] <... futex resumed>) = 0 [pid 5069] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5073] open("./file0", O_RDONLY [pid 5071] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5069] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 5069] <... futex resumed>) = 1 [pid 5068] <... futex resumed>) = 0 [pid 5092] <... write resumed>) = 16777216 [pid 5073] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5068] exit_group(0 [pid 5092] munmap(0x7f416ec64000, 138412032 [pid 5073] <... futex resumed>) = 1 [pid 5071] <... futex resumed>) = 0 [pid 5069] <... futex resumed>) = ? [pid 5068] <... exit_group resumed>) = ? [pid 5069] +++ exited with 0 +++ [pid 5068] +++ exited with 0 +++ [pid 5073] ioctl(-1, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5071] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5071] <... futex resumed>) = 0 [pid 5026] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5068, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=37 /* 0.37 s */} --- [pid 5073] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5071] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] <... futex resumed>) = 0 [pid 5071] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5026] restart_syscall(<... resuming interrupted clone ...> [pid 5073] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5071] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5026] <... restart_syscall resumed>) = 0 [pid 5092] <... munmap resumed>) = 0 [pid 5073] <... openat resumed>) = 3 [pid 5071] <... futex resumed>) = 0 [pid 5092] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5073] write(3, "15", 2 [pid 5071] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5026] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] <... write resumed>) = 2 [pid 5026] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5092] <... openat resumed>) = 4 [pid 5026] <... openat resumed>) = 3 [pid 5026] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5026] getdents64(3, 0x555555981730 /* 4 entries */, 32768) = 104 [pid 5026] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5092] ioctl(4, LOOP_SET_FD, 3 [pid 5073] creat("./bus", 000 [pid 5026] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5073] <... creat resumed>) = -1 EISDIR (Is a directory) [pid 5073] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5026] newfstatat(AT_FDCWD, "./1/bus", [pid 5073] <... futex resumed>) = 1 [pid 5071] <... futex resumed>) = 0 [pid 5026] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5073] mkdir(".", 0777 [pid 5071] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5026] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5088] <... write resumed>) = 16777216 [pid 5073] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5071] <... futex resumed>) = 0 [pid 5026] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5073] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5071] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5026] openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5026] newfstatat(4, "", [pid 5088] munmap(0x7f416ec64000, 138412032 [pid 5026] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5026] getdents64(4, 0x555555989770 /* 2 entries */, 32768) = 48 [pid 5026] getdents64(4, 0x555555989770 /* 0 entries */, 32768) = 0 [pid 5026] close(4) = 0 [pid 5026] rmdir("./1/bus") = 0 [pid 5092] <... ioctl resumed>) = 0 [pid 5026] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5092] close(3) = 0 [pid 5092] mkdir("./bus", 0777 [pid 5026] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5026] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5092] <... mkdir resumed>) = 0 [pid 5026] unlink("./1/binderfs" [pid 5092] mount("/dev/loop4", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5088] <... munmap resumed>) = 0 [pid 5026] <... unlink resumed>) = 0 [pid 5026] getdents64(3, 0x555555981730 /* 0 entries */, 32768) = 0 [pid 5026] close(3) = 0 [pid 5026] rmdir("./1") = 0 [ 65.737836][ T5092] loop4: detected capacity change from 0 to 32768 [ 65.755696][ T5073] FAULT_INJECTION: forcing a failure. [ 65.755696][ T5073] name failslab, interval 1, probability 0, space 0, times 0 [pid 5026] mkdir("./2", 0777) = 0 [pid 5026] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5026] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5026] close(3) = 0 [pid 5088] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5026] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5088] <... openat resumed>) = 4 ./strace-static-x86_64: Process 5095 attached [pid 5088] ioctl(4, LOOP_SET_FD, 3 [pid 5095] set_robust_list(0x5555559806a0, 24 [pid 5026] <... clone resumed>, child_tidptr=0x555555980690) = 5095 [pid 5095] <... set_robust_list resumed>) = 0 [pid 5095] chdir("./2") = 0 [pid 5095] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5095] setpgid(0, 0) = 0 [pid 5095] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5095] write(3, "1000", 4) = 4 [pid 5095] close(3) = 0 [pid 5095] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5095] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5088] <... ioctl resumed>) = 0 [ 65.785223][ T5092] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop4 scanned by syz-executor340 (5092) [ 65.805452][ T5088] loop5: detected capacity change from 0 to 32768 [ 65.822122][ T5073] CPU: 0 PID: 5073 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [pid 5095] <... futex resumed>) = 0 [pid 5088] close(3 [pid 5095] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, NULL, 8) = 0 [pid 5095] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5088] <... close resumed>) = 0 [pid 5095] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5088] mkdir("./bus", 0777 [pid 5095] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5088] <... mkdir resumed>) = 0 [pid 5095] <... mmap resumed>) = 0x7f4177064000 [pid 5095] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5095] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5088] mount("/dev/loop5", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5095] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0} => {parent_tid=[5096]}, 88) = 5096 [pid 5095] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 5096 attached [pid 5095] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053 [pid 5095] <... futex resumed>) = 0 [pid 5096] <... rseq resumed>) = 0 [pid 5095] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5096] set_robust_list(0x7f41770849a0, 24) = 0 [pid 5096] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5096] memfd_create("syzkaller", 0) = 3 [pid 5096] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f416ec64000 [ 65.832884][ T5073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 65.843922][ T5073] Call Trace: [ 65.847449][ T5073] [ 65.850410][ T5073] dump_stack_lvl+0x1e7/0x2d0 [ 65.855174][ T5073] ? nf_tcp_handle_invalid+0x650/0x650 [ 65.860773][ T5073] ? panic+0x770/0x770 [ 65.865000][ T5073] should_fail_ex+0x3aa/0x4e0 [ 65.869905][ T5073] should_failslab+0x9/0x20 [ 65.874542][ T5073] slab_pre_alloc_hook+0x59/0x310 [ 65.879590][ T5073] ? tomoyo_encode+0x26f/0x530 [ 65.884376][ T5073] __kmem_cache_alloc_node+0x4b/0x270 [ 65.889928][ T5073] ? arch_stack_walk+0x162/0x1a0 [ 65.894889][ T5073] ? tomoyo_encode+0x26f/0x530 [ 65.899817][ T5073] __kmalloc+0xa8/0x230 [ 65.904260][ T5073] tomoyo_encode+0x26f/0x530 [ 65.909222][ T5073] tomoyo_mount_permission+0x356/0xb80 [ 65.914711][ T5073] ? __stack_depot_save+0x20/0x650 [ 65.919974][ T5073] ? tomoyo_mount_permission+0x295/0xb80 [ 65.925641][ T5073] ? tomoyo_get_name+0x510/0x510 [ 65.930701][ T5073] security_sb_mount+0x8c/0xc0 [ 65.935561][ T5073] path_mount+0xb9/0xfa0 [ 65.939883][ T5073] ? kmem_cache_free+0x292/0x500 [ 65.944812][ T5073] ? user_path_at_empty+0x4c/0x60 [ 65.949925][ T5073] __se_sys_mount+0x2d9/0x3c0 [ 65.954794][ T5073] ? __x64_sys_mount+0xc0/0xc0 [ 65.959715][ T5073] ? syscall_enter_from_user_mode+0x32/0x230 [ 65.965710][ T5073] ? __x64_sys_mount+0x20/0xc0 [ 65.970562][ T5073] do_syscall_64+0x41/0xc0 [ 65.974979][ T5073] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 65.980974][ T5073] RIP: 0033:0x7f41770c949a [ 65.985397][ T5073] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 66.005115][ T5073] RSP: 002b:00007f4177084028 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 66.013718][ T5073] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f41770c949a [ 66.021955][ T5073] RDX: 0000000020000180 RSI: 0000000020000100 RDI: 0000000000000000 [ 66.030110][ T5073] RBP: 0000000020000180 R08: 00007f41770840c0 R09: 0000000000000000 [ 66.038890][ T5073] R10: 0000000001a404bc R11: 0000000000000286 R12: 0000000000000000 [ 66.047000][ T5073] R13: 0000000020000100 R14: 0000000000000000 R15: 00007f41770840c0 [ 66.055339][ T5073] [pid 5073] <... mount resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 5073] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5071] <... futex resumed>) = 0 [pid 5073] <... futex resumed>) = 1 [pid 5071] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5071] <... futex resumed>) = 0 [pid 5071] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5073] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5088] <... mount resumed>) = -1 EEXIST (File exists) [pid 5073] <... futex resumed>) = 1 [pid 5072] <... ioctl resumed>) = 0 [pid 5071] <... futex resumed>) = 0 [pid 5088] ioctl(4, LOOP_CLR_FD [ 66.111329][ T5088] BTRFS warning: duplicate device /dev/loop5 devid 1 generation 8 scanned by syz-executor340 (5088) [ 66.132132][ T5092] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 66.140889][ T5092] BTRFS info (device loop4): doing ref verification [pid 5071] exit_group(0) = ? [pid 5073] +++ exited with 0 +++ [pid 5072] close(4) = 0 [pid 5072] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5070] <... futex resumed>) = 0 [pid 5072] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5070] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5070] <... futex resumed>) = 0 [pid 5072] open("./file0", O_RDONLY [pid 5070] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5072] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 5072] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5070] <... futex resumed>) = 0 [pid 5070] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] ioctl(-1, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5070] <... futex resumed>) = 0 [pid 5072] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5070] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5072] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5070] <... futex resumed>) = 0 [pid 5070] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5070] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5072] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3 [pid 5071] +++ exited with 0 +++ [pid 5027] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5071, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=38 /* 0.38 s */} --- [pid 5027] restart_syscall(<... resuming interrupted clone ...> [pid 5072] write(3, "15", 2 [pid 5027] <... restart_syscall resumed>) = 0 [pid 5072] <... write resumed>) = 2 [pid 5072] creat("./bus", 000) = -1 EISDIR (Is a directory) [pid 5027] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5072] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5027] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5027] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5072] <... futex resumed>) = 1 [ 66.173873][ T5092] BTRFS warning (device loop4): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 66.201983][ T5092] BTRFS info (device loop4): force zlib compression, level 3 [pid 5070] <... futex resumed>) = 0 [pid 5027] <... openat resumed>) = 3 [pid 5072] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5028] <... umount2 resumed>) = 0 [pid 5070] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5028] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5027] newfstatat(3, "", [pid 5072] <... futex resumed>) = 0 [pid 5070] <... futex resumed>) = 1 [pid 5028] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5027] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5072] mkdir(".", 0777 [pid 5070] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5028] newfstatat(AT_FDCWD, "./1/bus", [pid 5027] getdents64(3, [pid 5072] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5028] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5027] <... getdents64 resumed>0x555555981730 /* 4 entries */, 32768) = 104 [pid 5072] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5028] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5027] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5096] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5028] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5028] openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5027] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5027] newfstatat(AT_FDCWD, "./1/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5027] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5027] openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5028] newfstatat(4, "", [pid 5027] <... openat resumed>) = 4 [pid 5028] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5027] newfstatat(4, "", [pid 5028] getdents64(4, [pid 5027] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5027] getdents64(4, [pid 5028] <... getdents64 resumed>0x555555989770 /* 2 entries */, 32768) = 48 [pid 5027] <... getdents64 resumed>0x555555989770 /* 2 entries */, 32768) = 48 [pid 5027] getdents64(4, 0x555555989770 /* 0 entries */, 32768) = 0 [pid 5027] close(4 [pid 5028] getdents64(4, [pid 5027] <... close resumed>) = 0 [pid 5027] rmdir("./1/bus" [pid 5028] <... getdents64 resumed>0x555555989770 /* 0 entries */, 32768) = 0 [pid 5027] <... rmdir resumed>) = 0 [pid 5027] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5027] newfstatat(AT_FDCWD, "./1/binderfs", [pid 5028] close(4) = 0 [pid 5027] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5028] rmdir("./1/bus") = 0 [pid 5027] unlink("./1/binderfs" [pid 5028] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5027] <... unlink resumed>) = 0 [pid 5027] getdents64(3, 0x555555981730 /* 0 entries */, 32768) = 0 [pid 5027] close(3) = 0 [pid 5027] rmdir("./1" [pid 5028] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5027] <... rmdir resumed>) = 0 [pid 5028] newfstatat(AT_FDCWD, "./1/binderfs", [pid 5027] mkdir("./2", 0777 [pid 5028] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5027] <... mkdir resumed>) = 0 [pid 5027] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5028] unlink("./1/binderfs" [pid 5027] <... openat resumed>) = 3 [ 66.232161][ T5092] BTRFS info (device loop4): allowing degraded mounts [ 66.247003][ T5072] FAULT_INJECTION: forcing a failure. [ 66.247003][ T5072] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 66.263825][ T5092] BTRFS info (device loop4): using free space tree [ 66.299937][ T5072] CPU: 1 PID: 5072 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 66.310676][ T5072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 66.320834][ T5072] Call Trace: [ 66.324256][ T5072] [ 66.327205][ T5072] dump_stack_lvl+0x1e7/0x2d0 [ 66.331997][ T5072] ? nf_tcp_handle_invalid+0x650/0x650 [ 66.337573][ T5072] ? panic+0x770/0x770 [ 66.341658][ T5072] ? __lock_acquire+0x7f70/0x7f70 [pid 5028] <... unlink resumed>) = 0 [pid 5027] ioctl(3, LOOP_CLR_FD [pid 5028] getdents64(3, 0x555555981730 /* 0 entries */, 32768) = 0 [pid 5028] close(3) = 0 [pid 5028] rmdir("./1") = 0 [pid 5028] mkdir("./2", 0777) = 0 [pid 5028] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5028] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5028] close(3) = 0 [pid 5028] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555980690) = 5101 [ 66.346903][ T5072] should_fail_ex+0x3aa/0x4e0 [ 66.351888][ T5072] _copy_from_user+0x2f/0xe0 [ 66.356517][ T5072] __se_sys_mount+0x17d/0x3c0 [ 66.361232][ T5072] ? __x64_sys_mount+0xc0/0xc0 [ 66.366039][ T5072] ? syscall_enter_from_user_mode+0x32/0x230 [ 66.372157][ T5072] ? __x64_sys_mount+0x20/0xc0 [ 66.377130][ T5072] do_syscall_64+0x41/0xc0 [ 66.381558][ T5072] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 66.387822][ T5072] RIP: 0033:0x7f41770c949a [ 66.392245][ T5072] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 66.411947][ T5072] RSP: 002b:00007f4177084028 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 66.420666][ T5072] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f41770c949a [ 66.428943][ T5072] RDX: 0000000020000180 RSI: 0000000020000100 RDI: 0000000000000000 [ 66.436938][ T5072] RBP: 0000000020000180 R08: 00007f41770840c0 R09: 0000000000000000 ./strace-static-x86_64: Process 5101 attached [pid 5027] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5101] set_robust_list(0x5555559806a0, 24 [pid 5072] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5027] close(3 [pid 5101] <... set_robust_list resumed>) = 0 [pid 5027] <... close resumed>) = 0 [pid 5101] chdir("./2" [pid 5072] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5027] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5101] <... chdir resumed>) = 0 [pid 5101] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5027] <... clone resumed>, child_tidptr=0x555555980690) = 5105 [pid 5101] <... prctl resumed>) = 0 [pid 5072] <... futex resumed>) = 1 [pid 5070] <... futex resumed>) = 0 [pid 5072] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5101] setpgid(0, 0) = 0 [pid 5070] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5072] <... futex resumed>) = 0 [pid 5072] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0) = -1 EBADF (Bad file descriptor) [pid 5072] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5070] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5070] exit_group(0 [pid 5072] <... futex resumed>) = ? [pid 5070] <... exit_group resumed>) = ? [pid 5072] +++ exited with 0 +++ [pid 5101] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5070] +++ exited with 0 +++ [pid 5101] write(3, "1000", 4 [pid 5025] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5070, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=41 /* 0.41 s */} --- [pid 5101] <... write resumed>) = 4 [pid 5101] close(3) = 0 [pid 5025] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5101] symlink("/dev/binderfs", "./binderfs" [pid 5025] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5101] <... symlink resumed>) = 0 [pid 5025] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5025] newfstatat(3, "", [pid 5101] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5025] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 ./strace-static-x86_64: Process 5105 attached [pid 5101] <... futex resumed>) = 0 [pid 5101] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, [ 66.445184][ T5072] R10: 0000000001a404bc R11: 0000000000000286 R12: 0000000000000000 [ 66.453323][ T5072] R13: 0000000020000100 R14: 0000000000000000 R15: 00007f41770840c0 [ 66.462644][ T5072] [pid 5025] getdents64(3, [pid 5105] set_robust_list(0x5555559806a0, 24 [pid 5101] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5025] <... getdents64 resumed>0x555555981730 /* 4 entries */, 32768) = 104 [pid 5101] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5025] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5105] <... set_robust_list resumed>) = 0 [pid 5101] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5025] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5105] chdir("./2" [pid 5025] newfstatat(AT_FDCWD, "./1/bus", [pid 5105] <... chdir resumed>) = 0 [pid 5101] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5025] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5105] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5101] <... mmap resumed>) = 0x7f4177064000 [pid 5025] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5105] <... prctl resumed>) = 0 [pid 5101] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE [pid 5025] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5105] setpgid(0, 0 [pid 5101] <... mprotect resumed>) = 0 [pid 5025] openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5101] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5025] <... openat resumed>) = 4 [pid 5105] <... setpgid resumed>) = 0 [pid 5101] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5025] newfstatat(4, "", [pid 5105] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5101] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0} [pid 5025] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5105] <... openat resumed>) = 3 [pid 5025] getdents64(4, [pid 5105] write(3, "1000", 4 [pid 5101] <... clone3 resumed> => {parent_tid=[5114]}, 88) = 5114 [pid 5025] <... getdents64 resumed>0x555555989770 /* 2 entries */, 32768) = 48 [pid 5105] <... write resumed>) = 4 [pid 5101] rt_sigprocmask(SIG_SETMASK, [], [pid 5105] close(3 [pid 5101] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5025] getdents64(4, [pid 5105] <... close resumed>) = 0 [pid 5101] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5105] symlink("/dev/binderfs", "./binderfs" [pid 5101] <... futex resumed>) = 0 [pid 5025] <... getdents64 resumed>0x555555989770 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 5114 attached [pid 5105] <... symlink resumed>) = 0 [pid 5101] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5025] close(4 [pid 5114] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053 [pid 5105] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5025] <... close resumed>) = 0 [pid 5114] <... rseq resumed>) = 0 [pid 5105] <... futex resumed>) = 0 [pid 5114] set_robust_list(0x7f41770849a0, 24 [pid 5105] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, [pid 5025] rmdir("./1/bus" [pid 5114] <... set_robust_list resumed>) = 0 [pid 5105] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5025] <... rmdir resumed>) = 0 [pid 5114] rt_sigprocmask(SIG_SETMASK, [], [pid 5105] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5025] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5114] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5105] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5025] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5114] memfd_create("syzkaller", 0 [pid 5105] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5025] newfstatat(AT_FDCWD, "./1/binderfs", [pid 5105] <... mmap resumed>) = 0x7f4177064000 [pid 5092] <... mount resumed>) = 0 [pid 5025] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5114] <... memfd_create resumed>) = 3 [pid 5105] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE [pid 5025] unlink("./1/binderfs" [pid 5105] <... mprotect resumed>) = 0 [pid 5025] <... unlink resumed>) = 0 [pid 5105] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5025] getdents64(3, [pid 5105] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5025] <... getdents64 resumed>0x555555981730 /* 0 entries */, 32768) = 0 [pid 5114] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5105] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0} [pid 5025] close(3 [pid 5092] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5025] <... close resumed>) = 0 ./strace-static-x86_64: Process 5115 attached [pid 5105] <... clone3 resumed> => {parent_tid=[5115]}, 88) = 5115 [pid 5025] rmdir("./1" [pid 5115] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053 [pid 5105] rt_sigprocmask(SIG_SETMASK, [], [pid 5092] <... openat resumed>) = 3 [pid 5025] <... rmdir resumed>) = 0 [pid 5115] <... rseq resumed>) = 0 [pid 5114] <... mmap resumed>) = 0x7f416ec64000 [pid 5105] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5025] mkdir("./2", 0777 [pid 5115] set_robust_list(0x7f41770849a0, 24 [pid 5092] chdir("./bus" [pid 5105] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5115] <... set_robust_list resumed>) = 0 [pid 5105] <... futex resumed>) = 0 [pid 5092] <... chdir resumed>) = 0 [pid 5025] <... mkdir resumed>) = 0 [pid 5115] rt_sigprocmask(SIG_SETMASK, [], [pid 5105] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5092] ioctl(4, LOOP_CLR_FD [pid 5088] <... ioctl resumed>) = 0 [pid 5025] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5092] <... ioctl resumed>) = 0 [pid 5115] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5092] close(4 [pid 5088] close(4 [pid 5025] <... openat resumed>) = 3 [pid 5025] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5025] close(3) = 0 [pid 5025] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5088] <... close resumed>) = 0 [pid 5092] <... close resumed>) = 0 [pid 5088] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5025] <... clone resumed>, child_tidptr=0x555555980690) = 5116 [pid 5115] memfd_create("syzkaller", 0./strace-static-x86_64: Process 5116 attached ) = 3 [pid 5092] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5088] <... futex resumed>) = 1 [pid 5086] <... futex resumed>) = 0 [pid 5115] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f416ec64000 [pid 5092] <... futex resumed>) = 1 [pid 5091] <... futex resumed>) = 0 [ 66.540637][ T5092] BTRFS info (device loop4): auto enabling async discard [pid 5086] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] set_robust_list(0x5555559806a0, 24 [pid 5092] open("./file0", O_RDONLY [pid 5091] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5088] open("./file0", O_RDONLY [pid 5086] <... futex resumed>) = 0 [pid 5088] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 5088] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5088] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5091] <... futex resumed>) = 0 [pid 5086] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5086] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] <... set_robust_list resumed>) = 0 [pid 5088] <... futex resumed>) = 0 [pid 5086] <... futex resumed>) = 1 [pid 5116] chdir("./2" [pid 5092] <... open resumed>) = 4 [pid 5088] ioctl(-1, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5086] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5088] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5116] <... chdir resumed>) = 0 [pid 5088] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5092] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5088] <... futex resumed>) = 1 [pid 5086] <... futex resumed>) = 0 [pid 5116] <... prctl resumed>) = 0 [pid 5092] <... futex resumed>) = 1 [pid 5091] <... futex resumed>) = 0 [pid 5088] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5086] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] setpgid(0, 0 [pid 5092] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5091] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5088] <... openat resumed>) = 3 [pid 5086] <... futex resumed>) = 0 [pid 5116] <... setpgid resumed>) = 0 [pid 5091] <... futex resumed>) = 0 [pid 5088] write(3, "15", 2 [pid 5116] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5091] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5088] <... write resumed>) = 2 [pid 5086] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5116] <... openat resumed>) = 3 [pid 5088] creat("./bus", 000) = -1 EISDIR (Is a directory) [pid 5088] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5086] <... futex resumed>) = 0 [pid 5086] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] write(3, "1000", 4 [pid 5086] <... futex resumed>) = 0 [pid 5116] <... write resumed>) = 4 [pid 5086] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5116] close(3 [pid 5088] mkdir(".", 0777 [pid 5116] <... close resumed>) = 0 [pid 5088] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5116] symlink("/dev/binderfs", "./binderfs" [pid 5088] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5116] <... symlink resumed>) = 0 [pid 5116] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5092] <... ioctl resumed>) = 0 [pid 5116] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, NULL, 8) = 0 [pid 5092] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5092] <... futex resumed>) = 1 [pid 5091] <... futex resumed>) = 0 [pid 5116] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5092] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5091] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5092] <... openat resumed>) = 5 [pid 5091] <... futex resumed>) = 0 [pid 5116] <... mmap resumed>) = 0x7f4177064000 [pid 5092] write(5, "15", 2 [pid 5091] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5092] <... write resumed>) = 2 [ 66.676552][ T5088] FAULT_INJECTION: forcing a failure. [ 66.676552][ T5088] name fail_usercopy, interval 1, probability 0, space 0, times 0 [pid 5092] creat("./bus", 000 [pid 5116] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5116] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5116] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0} => {parent_tid=[5118]}, 88) = 5118 [pid 5116] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5116] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5116] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5118 attached [pid 5118] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053) = 0 [ 66.720119][ T5092] FAULT_INJECTION: forcing a failure. [ 66.720119][ T5092] name failslab, interval 1, probability 0, space 0, times 0 [ 66.738499][ T995] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared) [ 66.761049][ T5088] CPU: 0 PID: 5088 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 66.771688][ T5088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 66.781936][ T5088] Call Trace: [ 66.785233][ T5088] [ 66.788255][ T5088] dump_stack_lvl+0x1e7/0x2d0 [ 66.793122][ T5088] ? nf_tcp_handle_invalid+0x650/0x650 [ 66.798696][ T5088] ? panic+0x770/0x770 [ 66.802799][ T5088] should_fail_ex+0x3aa/0x4e0 [ 66.807513][ T5088] strncpy_from_user+0x36/0x2e0 [ 66.812471][ T5088] getname_flags+0xf9/0x4f0 [pid 5118] set_robust_list(0x7f41770849a0, 24 [pid 5091] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5118] <... set_robust_list resumed>) = 0 [pid 5091] futex(0x7f41771546dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5118] rt_sigprocmask(SIG_SETMASK, [], [pid 5091] <... futex resumed>) = 0 [pid 5118] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5091] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5118] memfd_create("syzkaller", 0 [pid 5091] <... mmap resumed>) = 0x7f4177043000 [pid 5118] <... memfd_create resumed>) = 3 [pid 5091] mprotect(0x7f4177044000, 131072, PROT_READ|PROT_WRITE [pid 5118] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5091] <... mprotect resumed>) = 0 [pid 5118] <... mmap resumed>) = 0x7f416ec64000 [pid 5091] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5091] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177063990, parent_tid=0x7f4177063990, exit_signal=0, stack=0x7f4177043000, stack_size=0x20300, tls=0x7f41770636c0} => {parent_tid=[5119]}, 88) = 5119 [pid 5091] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 5119 attached [pid 5091] futex(0x7f41771546d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5119] rseq(0x7f4177063fe0, 0x20, 0, 0x53053053 [pid 5091] <... futex resumed>) = 0 [pid 5119] <... rseq resumed>) = 0 [pid 5091] futex(0x7f41771546dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5119] set_robust_list(0x7f41770639a0, 24) = 0 [pid 5119] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5119] mkdir(".", 0777) = -1 EEXIST (File exists) [ 66.817012][ T5088] user_path_at_empty+0x2c/0x60 [ 66.821878][ T5088] __se_sys_mount+0x29a/0x3c0 [ 66.826588][ T5088] ? __x64_sys_mount+0xc0/0xc0 [ 66.831386][ T5088] ? syscall_enter_from_user_mode+0x32/0x230 [ 66.837502][ T5088] ? __x64_sys_mount+0x20/0xc0 [ 66.842564][ T5088] do_syscall_64+0x41/0xc0 [ 66.847075][ T5088] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 66.852995][ T5088] RIP: 0033:0x7f41770c949a [ 66.857447][ T5088] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 66.877088][ T5088] RSP: 002b:00007f4177084028 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 66.885539][ T5088] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f41770c949a [ 66.893536][ T5088] RDX: 0000000020000180 RSI: 0000000020000100 RDI: 0000000000000000 [ 66.901536][ T5088] RBP: 0000000020000180 R08: 00007f41770840c0 R09: 0000000000000000 [ 66.909805][ T5088] R10: 0000000001a404bc R11: 0000000000000286 R12: 0000000000000000 [pid 5119] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5115] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5088] <... mount resumed>) = -1 EFAULT (Bad address) [ 66.918036][ T5088] R13: 0000000020000100 R14: 0000000000000000 R15: 00007f41770840c0 [ 66.926051][ T5088] [ 66.959419][ T5092] CPU: 0 PID: 5092 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 66.970419][ T5092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 66.980506][ T5092] Call Trace: [ 66.984096][ T5092] [ 66.987061][ T5092] dump_stack_lvl+0x1e7/0x2d0 [ 66.991811][ T5092] ? nf_tcp_handle_invalid+0x650/0x650 [ 66.997392][ T5092] ? panic+0x770/0x770 [ 67.001690][ T5092] should_fail_ex+0x3aa/0x4e0 [ 67.006412][ T5092] should_failslab+0x9/0x20 [ 67.010950][ T5092] slab_pre_alloc_hook+0x59/0x310 [ 67.016239][ T5092] ? btrfs_record_root_in_trans+0x16e/0x180 [ 67.022525][ T5092] kmem_cache_alloc+0x52/0x300 [ 67.027313][ T5092] ? btrfs_create_new_inode+0x251/0x2710 [ 67.033582][ T5092] btrfs_create_new_inode+0x251/0x2710 [ 67.039145][ T5092] ? __mutex_unlock_slowpath+0x21c/0x750 [ 67.044879][ T5092] ? btrfs_new_inode_args_destroy+0x160/0x160 [ 67.051053][ T5092] btrfs_create_common+0x1f9/0x300 [ 67.056173][ T5092] ? btrfs_tmpfile+0x4e0/0x4e0 [ 67.061645][ T5092] ? do_raw_spin_unlock+0x13b/0x8b0 [ 67.067487][ T5092] ? btrfs_create+0x75/0x140 [ 67.072720][ T5092] ? btrfs_lookup+0x40/0x40 [ 67.077482][ T5092] path_openat+0x13e7/0x3180 [ 67.082729][ T5092] ? do_filp_open+0x490/0x490 [ 67.087539][ T5092] do_filp_open+0x234/0x490 [ 67.092185][ T5092] ? vfs_tmpfile+0x4b0/0x4b0 [ 67.096980][ T5092] ? _raw_spin_unlock+0x28/0x40 [ 67.101836][ T5092] ? alloc_fd+0x59c/0x640 [ 67.106543][ T5092] do_sys_openat2+0x13e/0x1d0 [ 67.111332][ T5092] ? do_sys_open+0x230/0x230 [ 67.116035][ T5092] ? _raw_spin_unlock_irq+0x2e/0x50 [ 67.121332][ T5092] ? ptrace_notify+0x278/0x380 [ 67.126141][ T5092] __x64_sys_creat+0x123/0x160 [ 67.131089][ T5092] ? __x64_compat_sys_openat+0x290/0x290 [ 67.137205][ T5092] ? syscall_enter_from_user_mode+0x32/0x230 [ 67.143296][ T5092] ? syscall_enter_from_user_mode+0x8c/0x230 [ 67.149427][ T5092] do_syscall_64+0x41/0xc0 [ 67.153841][ T5092] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 67.159730][ T5092] RIP: 0033:0x7f41770c8049 [ 67.164613][ T5092] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 67.184558][ T5092] RSP: 002b:00007f4177084208 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 67.193244][ T5092] RAX: ffffffffffffffda RBX: 00007f41771546c8 RCX: 00007f41770c8049 [ 67.201489][ T5092] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000040 [ 67.209461][ T5092] RBP: 00007f41771546c0 R08: 00007f4177083fa6 R09: 0000000000003531 [ 67.217453][ T5092] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f41771211d0 [ 67.226024][ T5092] R13: 00007f4177084210 R14: 0000000000000002 R15: 00007f417711c070 [ 67.234265][ T5092] [pid 5118] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5114] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5096] <... write resumed>) = 16777216 [pid 5092] <... creat resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 5088] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5092] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5088] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5092] <... futex resumed>) = 0 [pid 5096] munmap(0x7f416ec64000, 138412032 [pid 5092] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5086] <... futex resumed>) = 0 [pid 5096] <... munmap resumed>) = 0 [pid 5096] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5086] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] <... openat resumed>) = 4 [pid 5086] <... futex resumed>) = 1 [pid 5096] ioctl(4, LOOP_SET_FD, 3 [pid 5086] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5096] <... ioctl resumed>) = 0 [pid 5088] <... futex resumed>) = 0 [pid 5096] close(3 [pid 5088] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0) = -1 EBADF (Bad file descriptor) [pid 5088] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5096] <... close resumed>) = 0 [pid 5088] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5086] <... futex resumed>) = 0 [pid 5096] mkdir("./bus", 0777 [pid 5086] exit_group(0 [pid 5096] <... mkdir resumed>) = 0 [pid 5088] <... futex resumed>) = ? [pid 5086] <... exit_group resumed>) = ? [pid 5096] mount("/dev/loop1", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5088] +++ exited with 0 +++ [pid 5086] +++ exited with 0 +++ [pid 5030] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5086, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=38 /* 0.38 s */} --- [ 67.364012][ T5096] loop1: detected capacity change from 0 to 32768 [pid 5030] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5030] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5030] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5030] getdents64(3, 0x555555981730 /* 4 entries */, 32768) = 104 [pid 5030] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5030] newfstatat(AT_FDCWD, "./1/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5030] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5030] openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5030] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5030] getdents64(4, 0x555555989770 /* 2 entries */, 32768) = 48 [pid 5030] getdents64(4, 0x555555989770 /* 0 entries */, 32768) = 0 [pid 5030] close(4) = 0 [pid 5030] rmdir("./1/bus") = 0 [pid 5030] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5030] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5030] unlink("./1/binderfs") = 0 [pid 5030] getdents64(3, 0x555555981730 /* 0 entries */, 32768) = 0 [pid 5030] close(3) = 0 [pid 5030] rmdir("./1") = 0 [pid 5030] mkdir("./2", 0777) = 0 [pid 5030] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5030] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5030] close(3) = 0 [pid 5030] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5096] <... mount resumed>) = -1 EEXIST (File exists) [pid 5096] ioctl(4, LOOP_CLR_FD./strace-static-x86_64: Process 5120 attached [pid 5120] set_robust_list(0x5555559806a0, 24) = 0 [pid 5120] chdir("./2" [pid 5030] <... clone resumed>, child_tidptr=0x555555980690) = 5120 [pid 5120] <... chdir resumed>) = 0 [ 67.416041][ T5096] BTRFS warning: duplicate device /dev/loop1 devid 1 generation 8 scanned by syz-executor340 (5096) [ 67.428479][ T5119] BTRFS error (device loop4: state M): unrecognized mount option '18446744073709551615017777777777777777777770177777777777777777777718446744073709551615lbZ~Ƣ8žH~אa*Oѓ< 5^Sus%e [ 67.428479][ T5119] /ĖEaofmߚtҮ~г#a C$n-SGWmxeGy|sL=~ä_;N' [pid 5120] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5119] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5119] futex(0x7f41771546dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5091] <... futex resumed>) = 0 [pid 5119] <... futex resumed>) = 1 [pid 5091] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5119] futex(0x7f41771546d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5092] <... futex resumed>) = 0 [pid 5092] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5091] <... futex resumed>) = 1 [pid 5092] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5091] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5092] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5091] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5092] <... futex resumed>) = 0 [pid 5092] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5091] exit_group(0 [pid 5120] setpgid(0, 0 [pid 5091] <... exit_group resumed>) = ? [pid 5119] <... futex resumed>) = ? [pid 5092] <... futex resumed>) = ? [pid 5120] <... setpgid resumed>) = 0 [pid 5120] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5119] +++ exited with 0 +++ [pid 5092] +++ exited with 0 +++ [pid 5120] <... openat resumed>) = 3 [pid 5120] write(3, "1000", 4 [pid 5091] +++ exited with 0 +++ [pid 5120] <... write resumed>) = 4 [pid 5029] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5091, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=54 /* 0.54 s */} --- [pid 5120] close(3) = 0 [pid 5120] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5120] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5120] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, NULL, 8) = 0 [pid 5120] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5120] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4177064000 [pid 5120] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5120] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5120] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0}./strace-static-x86_64: Process 5121 attached => {parent_tid=[5121]}, 88) = 5121 [pid 5029] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5121] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053 [pid 5120] rt_sigprocmask(SIG_SETMASK, [], [pid 5121] <... rseq resumed>) = 0 [pid 5120] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5121] set_robust_list(0x7f41770849a0, 24 [pid 5120] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5121] <... set_robust_list resumed>) = 0 [pid 5120] <... futex resumed>) = 0 [pid 5121] rt_sigprocmask(SIG_SETMASK, [], [pid 5120] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5121] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5121] memfd_create("syzkaller", 0) = 3 [pid 5121] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f416ec64000 [pid 5118] <... write resumed>) = 16777216 [pid 5029] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5029] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5029] newfstatat(3, "", [pid 5118] munmap(0x7f416ec64000, 138412032 [pid 5029] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5118] <... munmap resumed>) = 0 [pid 5029] getdents64(3, 0x555555981730 /* 4 entries */, 32768) = 104 [pid 5118] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5029] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5118] <... openat resumed>) = 4 [pid 5118] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5118] close(3) = 0 [pid 5118] mkdir("./bus", 0777) = 0 [ 67.618126][ T5118] loop0: detected capacity change from 0 to 32768 [ 67.694461][ T5118] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor340 (5118) [pid 5118] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5115] <... write resumed>) = 16777216 [ 67.746502][ T5118] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 67.771759][ T5118] BTRFS info (device loop0): doing ref verification [pid 5115] munmap(0x7f416ec64000, 138412032) = 0 [pid 5115] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5115] ioctl(4, LOOP_SET_FD, 3) = 0 [ 67.802072][ T5118] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 67.824745][ T5115] loop2: detected capacity change from 0 to 32768 [ 67.842545][ T5118] BTRFS info (device loop0): force zlib compression, level 3 [pid 5115] close(3) = 0 [pid 5115] mkdir("./bus", 0777) = 0 [pid 5115] mount("/dev/loop2", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5096] <... ioctl resumed>) = 0 [pid 5096] close(4) = 0 [pid 5096] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5095] <... futex resumed>) = 0 [pid 5095] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5095] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5096] open("./file0", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5096] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5095] <... futex resumed>) = 0 [pid 5095] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5095] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5096] ioctl(-1, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5115] <... mount resumed>) = -1 EEXIST (File exists) [pid 5096] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5121] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5115] ioctl(4, LOOP_CLR_FD [pid 5096] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5095] <... futex resumed>) = 0 [pid 5096] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5095] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5095] <... futex resumed>) = 0 [pid 5096] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [ 67.850606][ T5118] BTRFS info (device loop0): allowing degraded mounts [ 67.859204][ T5115] BTRFS warning: duplicate device /dev/loop2 devid 1 generation 8 scanned by syz-executor340 (5115) [ 67.877745][ T5118] BTRFS info (device loop0): using free space tree [pid 5095] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5096] <... openat resumed>) = 3 [pid 5096] write(3, "15", 2) = 2 [pid 5096] creat("./bus", 000 [pid 5114] <... write resumed>) = 16777216 [pid 5114] munmap(0x7f416ec64000, 138412032 [pid 5096] <... creat resumed>) = -1 EISDIR (Is a directory) [pid 5029] <... umount2 resumed>) = 0 [pid 5096] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5095] <... futex resumed>) = 0 [pid 5096] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5095] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5029] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5114] <... munmap resumed>) = 0 [pid 5096] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5095] <... futex resumed>) = 0 [pid 5029] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5095] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5029] newfstatat(AT_FDCWD, "./2/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5029] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5029] openat(AT_FDCWD, "./2/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5096] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 5096] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5114] openat(AT_FDCWD, "/dev/loop3", O_RDWR [ 67.964502][ T5096] FAULT_INJECTION: forcing a failure. [ 67.964502][ T5096] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 67.980227][ T5096] CPU: 1 PID: 5096 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 67.990696][ T5096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 68.000885][ T5096] Call Trace: [ 68.004467][ T5096] [ 68.007423][ T5096] dump_stack_lvl+0x1e7/0x2d0 [pid 5029] newfstatat(4, "", [pid 5114] <... openat resumed>) = 4 [pid 5029] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5114] ioctl(4, LOOP_SET_FD, 3 [pid 5029] getdents64(4, 0x555555989770 /* 2 entries */, 32768) = 48 [pid 5029] getdents64(4, 0x555555989770 /* 0 entries */, 32768) = 0 [pid 5029] close(4) = 0 [pid 5029] rmdir("./2/bus") = 0 [pid 5029] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5029] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5029] unlink("./2/binderfs") = 0 [pid 5029] getdents64(3, 0x555555981730 /* 0 entries */, 32768) = 0 [pid 5029] close(3) = 0 [pid 5029] rmdir("./2") = 0 [pid 5029] mkdir("./3", 0777) = 0 [ 68.012486][ T5096] ? nf_tcp_handle_invalid+0x650/0x650 [ 68.018062][ T5096] ? panic+0x770/0x770 [ 68.022521][ T5096] should_fail_ex+0x3aa/0x4e0 [ 68.027324][ T5096] strncpy_from_user+0x36/0x2e0 [ 68.032204][ T5096] getname_flags+0xf9/0x4f0 [ 68.033619][ T5114] loop3: detected capacity change from 0 to 32768 [ 68.036718][ T5096] user_path_at_empty+0x2c/0x60 [ 68.048191][ T5096] __se_sys_mount+0x29a/0x3c0 [ 68.053005][ T5096] ? __x64_sys_mount+0xc0/0xc0 [ 68.057802][ T5096] ? syscall_enter_from_user_mode+0x32/0x230 [pid 5029] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5029] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5029] close(3 [pid 5114] <... ioctl resumed>) = 0 [pid 5029] <... close resumed>) = 0 [pid 5114] close(3 [pid 5029] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5114] <... close resumed>) = 0 [pid 5114] mkdir("./bus", 0777 [pid 5029] <... clone resumed>, child_tidptr=0x555555980690) = 5133 [pid 5114] <... mkdir resumed>) = 0 [ 68.063827][ T5096] ? __x64_sys_mount+0x20/0xc0 [ 68.068630][ T5096] do_syscall_64+0x41/0xc0 [ 68.073081][ T5096] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 68.079269][ T5096] RIP: 0033:0x7f41770c949a [ 68.083713][ T5096] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 68.103604][ T5096] RSP: 002b:00007f4177084028 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [pid 5114] mount("/dev/loop3", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5096] <... mount resumed>) = -1 EFAULT (Bad address) [ 68.112112][ T5096] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f41770c949a [ 68.120100][ T5096] RDX: 0000000020000180 RSI: 0000000020000100 RDI: 0000000000000000 [ 68.128079][ T5096] RBP: 0000000020000180 R08: 00007f41770840c0 R09: 0000000000000000 [ 68.136089][ T5096] R10: 0000000001a404bc R11: 0000000000000286 R12: 0000000000000000 [ 68.144080][ T5096] R13: 0000000020000100 R14: 0000000000000000 R15: 00007f41770840c0 [ 68.152171][ T5096] ./strace-static-x86_64: Process 5133 attached [pid 5096] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5133] set_robust_list(0x5555559806a0, 24) = 0 [pid 5133] chdir("./3" [pid 5114] <... mount resumed>) = -1 EEXIST (File exists) [pid 5096] <... futex resumed>) = 1 [pid 5095] <... futex resumed>) = 0 [pid 5096] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5095] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5133] <... chdir resumed>) = 0 [pid 5095] <... futex resumed>) = 0 [pid 5133] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5096] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5095] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5096] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5096] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5133] <... prctl resumed>) = 0 [pid 5096] <... futex resumed>) = 0 [pid 5095] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5133] setpgid(0, 0 [pid 5096] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5095] exit_group(0 [pid 5133] <... setpgid resumed>) = 0 [pid 5114] ioctl(4, LOOP_CLR_FD [pid 5095] <... exit_group resumed>) = ? [pid 5133] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5096] <... futex resumed>) = ? [pid 5133] <... openat resumed>) = 3 [pid 5133] write(3, "1000", 4 [pid 5096] +++ exited with 0 +++ [pid 5095] +++ exited with 0 +++ [pid 5133] <... write resumed>) = 4 [pid 5133] close(3) = 0 [pid 5133] symlink("/dev/binderfs", "./binderfs" [pid 5026] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5095, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=40 /* 0.40 s */} --- [pid 5026] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5026] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5133] <... symlink resumed>) = 0 [pid 5026] <... openat resumed>) = 3 [pid 5026] newfstatat(3, "", [pid 5133] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5133] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, [pid 5026] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5026] getdents64(3, [pid 5133] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5133] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5026] <... getdents64 resumed>0x555555981730 /* 4 entries */, 32768) = 104 [pid 5133] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5133] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4177064000 [pid 5026] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5133] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5133] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5026] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5133] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5026] newfstatat(AT_FDCWD, "./2/bus", [pid 5133] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0}./strace-static-x86_64: Process 5136 attached [pid 5026] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5136] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053 [pid 5133] <... clone3 resumed> => {parent_tid=[5136]}, 88) = 5136 [pid 5026] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5136] <... rseq resumed>) = 0 [ 68.159706][ T5114] BTRFS warning: duplicate device /dev/loop3 devid 1 generation 8 scanned by syz-executor340 (5114) [pid 5133] rt_sigprocmask(SIG_SETMASK, [], [pid 5136] set_robust_list(0x7f41770849a0, 24 [pid 5133] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5026] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5136] <... set_robust_list resumed>) = 0 [pid 5133] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5136] rt_sigprocmask(SIG_SETMASK, [], [pid 5133] <... futex resumed>) = 0 [pid 5026] openat(AT_FDCWD, "./2/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5136] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5133] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5026] <... openat resumed>) = 4 [pid 5136] memfd_create("syzkaller", 0) = 3 [pid 5136] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f416ec64000 [pid 5026] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5026] getdents64(4, 0x555555989770 /* 2 entries */, 32768) = 48 [pid 5026] getdents64(4, 0x555555989770 /* 0 entries */, 32768) = 0 [pid 5026] close(4) = 0 [pid 5026] rmdir("./2/bus") = 0 [pid 5026] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 68.211156][ T5118] BTRFS info (device loop0): auto enabling async discard [pid 5026] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5026] unlink("./2/binderfs") = 0 [pid 5026] getdents64(3, 0x555555981730 /* 0 entries */, 32768) = 0 [pid 5026] close(3) = 0 [pid 5118] <... mount resumed>) = 0 [pid 5118] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5026] rmdir("./2" [pid 5118] chdir("./bus" [pid 5026] <... rmdir resumed>) = 0 [pid 5118] <... chdir resumed>) = 0 [pid 5026] mkdir("./3", 0777) = 0 [pid 5026] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5026] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5026] close(3 [pid 5118] ioctl(4, LOOP_CLR_FD [pid 5026] <... close resumed>) = 0 [pid 5026] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555980690) = 5139 ./strace-static-x86_64: Process 5139 attached [pid 5139] set_robust_list(0x5555559806a0, 24) = 0 [pid 5139] chdir("./3") = 0 [pid 5139] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5139] setpgid(0, 0) = 0 [pid 5139] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5139] write(3, "1000", 4) = 4 [pid 5139] close(3) = 0 [pid 5118] <... ioctl resumed>) = 0 [pid 5139] symlink("/dev/binderfs", "./binderfs" [pid 5118] close(4 [pid 5139] <... symlink resumed>) = 0 [pid 5139] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5118] <... close resumed>) = 0 [pid 5139] <... futex resumed>) = 0 [pid 5139] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, [pid 5118] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5139] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5139] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5118] <... futex resumed>) = 1 [pid 5116] <... futex resumed>) = 0 [pid 5139] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5118] open("./file0", O_RDONLY [pid 5116] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5139] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5116] <... futex resumed>) = 0 [pid 5139] <... mmap resumed>) = 0x7f4177064000 [pid 5121] <... write resumed>) = 16777216 [pid 5118] <... open resumed>) = 4 [pid 5116] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5139] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE [pid 5121] munmap(0x7f416ec64000, 138412032 [pid 5139] <... mprotect resumed>) = 0 [pid 5139] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5139] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0}./strace-static-x86_64: Process 5140 attached [pid 5118] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5116] <... futex resumed>) = 0 [pid 5118] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5116] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5140] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053 [pid 5139] <... clone3 resumed> => {parent_tid=[5140]}, 88) = 5140 [pid 5121] <... munmap resumed>) = 0 [pid 5140] <... rseq resumed>) = 0 [pid 5139] rt_sigprocmask(SIG_SETMASK, [], [pid 5118] <... futex resumed>) = 0 [pid 5116] <... futex resumed>) = 1 [pid 5140] set_robust_list(0x7f41770849a0, 24 [pid 5139] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5118] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5116] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5140] <... set_robust_list resumed>) = 0 [pid 5139] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5121] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5140] rt_sigprocmask(SIG_SETMASK, [], [pid 5139] <... futex resumed>) = 0 [pid 5140] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5139] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5121] <... openat resumed>) = 4 [pid 5140] memfd_create("syzkaller", 0 [pid 5121] ioctl(4, LOOP_SET_FD, 3 [pid 5140] <... memfd_create resumed>) = 3 [pid 5121] <... ioctl resumed>) = 0 [pid 5118] <... ioctl resumed>) = 0 [pid 5118] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5116] <... futex resumed>) = 0 [pid 5118] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5116] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5140] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5118] <... futex resumed>) = 0 [pid 5116] <... futex resumed>) = 1 [pid 5140] <... mmap resumed>) = 0x7f416ec64000 [pid 5118] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5116] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5118] <... openat resumed>) = 5 [pid 5118] write(5, "15", 2) = 2 [pid 5118] creat("./bus", 000 [pid 5121] close(3) = 0 [pid 5121] mkdir("./bus", 0777) = 0 [ 68.422919][ T5121] loop5: detected capacity change from 0 to 32768 [pid 5121] mount("/dev/loop5", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5116] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5116] futex(0x7f41771546dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5121] <... mount resumed>) = -1 EEXIST (File exists) [pid 5115] <... ioctl resumed>) = 0 [pid 5116] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [ 68.466478][ T5121] BTRFS warning: duplicate device /dev/loop5 devid 1 generation 8 scanned by syz-executor340 (5121) [ 68.483789][ T5118] FAULT_INJECTION: forcing a failure. [ 68.483789][ T5118] name failslab, interval 1, probability 0, space 0, times 0 [ 68.505174][ T995] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 68.523654][ T5118] CPU: 0 PID: 5118 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 68.534123][ T5118] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 68.544204][ T5118] Call Trace: [ 68.547506][ T5118] [ 68.550454][ T5118] dump_stack_lvl+0x1e7/0x2d0 [ 68.555173][ T5118] ? nf_tcp_handle_invalid+0x650/0x650 [ 68.560677][ T5118] ? panic+0x770/0x770 [ 68.564800][ T5118] should_fail_ex+0x3aa/0x4e0 [ 68.569525][ T5118] should_failslab+0x9/0x20 [ 68.574206][ T5118] slab_pre_alloc_hook+0x59/0x310 [ 68.579256][ T5118] ? btrfs_record_root_in_trans+0x16e/0x180 [ 68.585273][ T5118] kmem_cache_alloc+0x52/0x300 [ 68.590054][ T5118] ? btrfs_create_new_inode+0x251/0x2710 [ 68.595804][ T5118] btrfs_create_new_inode+0x251/0x2710 [ 68.601283][ T5118] ? __mutex_unlock_slowpath+0x21c/0x750 [ 68.606941][ T5118] ? radix_tree_tag_set+0x19b/0x450 [ 68.612199][ T5118] ? btrfs_new_inode_args_destroy+0x160/0x160 [ 68.618416][ T5118] btrfs_create_common+0x1f9/0x300 [ 68.623813][ T5118] ? btrfs_tmpfile+0x4e0/0x4e0 [ 68.628597][ T5118] ? do_raw_spin_unlock+0x13b/0x8b0 [ 68.633949][ T5118] ? btrfs_create+0x75/0x140 [ 68.638634][ T5118] ? btrfs_lookup+0x40/0x40 [ 68.643141][ T5118] path_openat+0x13e7/0x3180 [ 68.647773][ T5118] ? do_filp_open+0x490/0x490 [ 68.652468][ T5118] do_filp_open+0x234/0x490 [ 68.656969][ T5118] ? vfs_tmpfile+0x4b0/0x4b0 [ 68.661745][ T5118] ? _raw_spin_unlock+0x28/0x40 [ 68.666589][ T5118] ? alloc_fd+0x59c/0x640 [ 68.670951][ T5118] do_sys_openat2+0x13e/0x1d0 [ 68.675747][ T5118] ? do_sys_open+0x230/0x230 [ 68.680377][ T5118] ? _raw_spin_unlock_irq+0x2e/0x50 [ 68.685668][ T5118] ? ptrace_notify+0x278/0x380 [ 68.690760][ T5118] __x64_sys_creat+0x123/0x160 [ 68.695614][ T5118] ? __x64_compat_sys_openat+0x290/0x290 [ 68.701258][ T5118] ? syscall_enter_from_user_mode+0x32/0x230 [ 68.707254][ T5118] ? syscall_enter_from_user_mode+0x8c/0x230 [ 68.713327][ T5118] do_syscall_64+0x41/0xc0 [ 68.718101][ T5118] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 68.724007][ T5118] RIP: 0033:0x7f41770c8049 [ 68.728425][ T5118] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 68.748111][ T5118] RSP: 002b:00007f4177084208 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 68.756629][ T5118] RAX: ffffffffffffffda RBX: 00007f41771546c8 RCX: 00007f41770c8049 [ 68.764771][ T5118] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000040 [pid 5121] ioctl(4, LOOP_CLR_FD [pid 5136] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5116] <... mmap resumed>) = 0x7f4177043000 [pid 5114] <... ioctl resumed>) = 0 [pid 5115] close(4 [pid 5116] mprotect(0x7f4177044000, 131072, PROT_READ|PROT_WRITE [pid 5114] close(4 [pid 5115] <... close resumed>) = 0 [pid 5115] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] <... mprotect resumed>) = 0 [pid 5115] <... futex resumed>) = 1 [pid 5114] <... close resumed>) = 0 [pid 5115] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5114] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5118] <... creat resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 5116] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5118] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5118] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5116] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177063990, parent_tid=0x7f4177063990, exit_signal=0, stack=0x7f4177043000, stack_size=0x20300, tls=0x7f41770636c0} [pid 5114] <... futex resumed>) = 1 [pid 5114] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5116] <... clone3 resumed> => {parent_tid=[5142]}, 88) = 5142 [pid 5105] <... futex resumed>) = 0 [pid 5101] <... futex resumed>) = 0 [pid 5116] rt_sigprocmask(SIG_SETMASK, [], [pid 5101] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [ 68.772734][ T5118] RBP: 00007f41771546c0 R08: 00007f4177083fa6 R09: 0000000000003531 [ 68.780695][ T5118] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f41771211d0 [ 68.789027][ T5118] R13: 00007f4177084210 R14: 0000000000000002 R15: 00007f417711c070 [ 68.797126][ T5118] [pid 5105] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5142 attached [pid 5115] <... futex resumed>) = 0 [pid 5114] <... futex resumed>) = 0 [pid 5105] <... futex resumed>) = 1 [pid 5116] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5101] <... futex resumed>) = 1 [pid 5115] open("./file0", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5115] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5115] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5142] rseq(0x7f4177063fe0, 0x20, 0, 0x53053053 [pid 5116] futex(0x7f41771546d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5101] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5114] open("./file0", O_RDONLY [pid 5142] <... rseq resumed>) = 0 [pid 5116] <... futex resumed>) = 0 [pid 5114] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 5105] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5142] set_robust_list(0x7f41770639a0, 24 [pid 5116] futex(0x7f41771546dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5114] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5105] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5142] <... set_robust_list resumed>) = 0 [pid 5114] <... futex resumed>) = 1 [pid 5105] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5101] <... futex resumed>) = 0 [pid 5142] rt_sigprocmask(SIG_SETMASK, [], [pid 5115] <... futex resumed>) = 0 [pid 5142] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5105] <... futex resumed>) = 1 [pid 5115] ioctl(-1, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5114] ioctl(-1, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5101] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5105] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5142] mkdir(".", 0777 [pid 5115] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5114] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5101] <... futex resumed>) = 0 [pid 5142] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5115] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5114] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5101] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5142] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5115] <... futex resumed>) = 1 [pid 5114] <... futex resumed>) = 0 [pid 5105] <... futex resumed>) = 0 [pid 5101] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5115] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5114] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5105] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5101] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5115] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5115] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3 [pid 5115] write(3, "15", 2) = 2 [pid 5115] creat("./bus", 000) = -1 EISDIR (Is a directory) [pid 5115] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5115] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL) = 0 [pid 5105] <... futex resumed>) = 1 [pid 5101] <... futex resumed>) = 0 [pid 5115] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5114] <... openat resumed>) = 3 [pid 5105] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5101] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5114] write(3, "15", 2 [pid 5105] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5114] <... write resumed>) = 2 [pid 5105] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5115] <... futex resumed>) = 0 [pid 5114] creat("./bus", 000 [pid 5105] <... futex resumed>) = 1 [pid 5115] mkdir(".", 0777 [pid 5114] <... creat resumed>) = -1 EISDIR (Is a directory) [pid 5105] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5115] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5115] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5114] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5101] <... futex resumed>) = 0 [pid 5101] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5114] mkdir(".", 0777 [pid 5101] <... futex resumed>) = 0 [pid 5114] <... mkdir resumed>) = -1 EEXIST (File exists) [ 68.875185][ T5115] FAULT_INJECTION: forcing a failure. [ 68.875185][ T5115] name failslab, interval 1, probability 0, space 0, times 0 [ 68.875273][ T5142] BTRFS error (device loop0: state M): unrecognized mount option '18446744073709551615017777777777777777777770177777777777777777777718446744073709551615lbZ~Ƣ8žH~אa*Oѓ< 5^Sus%e [ 68.875273][ T5142] /ĖEaofmߚtҮ~г#a C$n-SGWmxeGy|sL=~ä_;N' [ 68.952619][ T5115] CPU: 0 PID: 5115 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 68.963535][ T5115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 68.973706][ T5115] Call Trace: [ 68.976997][ T5115] [ 68.979937][ T5115] dump_stack_lvl+0x1e7/0x2d0 [ 68.984729][ T5115] ? nf_tcp_handle_invalid+0x650/0x650 [ 68.990213][ T5115] ? panic+0x770/0x770 [ 68.994502][ T5115] ? __might_sleep+0xc0/0xc0 [ 68.999125][ T5115] should_fail_ex+0x3aa/0x4e0 [ 69.003831][ T5115] should_failslab+0x9/0x20 [ 69.008441][ T5115] slab_pre_alloc_hook+0x59/0x310 [ 69.014008][ T5115] ? __might_sleep+0xc0/0xc0 [ 69.018894][ T5115] kmem_cache_alloc+0x52/0x300 [ 69.023779][ T5115] ? getname_flags+0xbc/0x4f0 [ 69.028934][ T5115] getname_flags+0xbc/0x4f0 [ 69.033504][ T5115] user_path_at_empty+0x2c/0x60 [ 69.039014][ T5115] __se_sys_mount+0x29a/0x3c0 [ 69.043734][ T5115] ? __x64_sys_mount+0xc0/0xc0 [ 69.048526][ T5115] ? syscall_enter_from_user_mode+0x32/0x230 [ 69.054651][ T5115] ? __x64_sys_mount+0x20/0xc0 [ 69.059433][ T5115] do_syscall_64+0x41/0xc0 [ 69.063964][ T5115] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 69.070046][ T5115] RIP: 0033:0x7f41770c949a [ 69.074474][ T5115] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 69.094538][ T5115] RSP: 002b:00007f4177084028 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [pid 5101] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5142] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5140] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5121] <... ioctl resumed>) = 0 [pid 5114] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [ 69.103237][ T5115] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f41770c949a [ 69.111320][ T5115] RDX: 0000000020000180 RSI: 0000000020000100 RDI: 0000000000000000 [ 69.119840][ T5115] RBP: 0000000020000180 R08: 00007f41770840c0 R09: 0000000000000000 [ 69.127843][ T5115] R10: 0000000001a404bc R11: 0000000000000286 R12: 0000000000000000 [ 69.135899][ T5115] R13: 0000000020000100 R14: 0000000000000000 R15: 00007f41770840c0 [ 69.144005][ T5115] [pid 5142] futex(0x7f41771546dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5115] <... mount resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 5115] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5115] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5142] <... futex resumed>) = 1 [pid 5116] <... futex resumed>) = 0 [pid 5105] <... futex resumed>) = 0 [pid 5116] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5105] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5116] <... futex resumed>) = 1 [pid 5105] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5142] futex(0x7f41771546d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5116] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5115] <... futex resumed>) = 0 [pid 5115] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0) = -1 EBADF (Bad file descriptor) [pid 5115] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5118] <... futex resumed>) = 0 [pid 5118] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5115] <... futex resumed>) = 1 [pid 5105] <... futex resumed>) = 0 [pid 5118] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5115] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5105] exit_group(0 [ 69.162096][ T5114] FAULT_INJECTION: forcing a failure. [ 69.162096][ T5114] name failslab, interval 1, probability 0, space 0, times 0 [ 69.184518][ T5114] CPU: 1 PID: 5114 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 69.195000][ T5114] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 69.205192][ T5114] Call Trace: [ 69.208502][ T5114] [pid 5118] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5121] close(4 [pid 5118] <... futex resumed>) = 1 [pid 5115] <... futex resumed>) = ? [pid 5105] <... exit_group resumed>) = ? [pid 5121] <... close resumed>) = 0 [pid 5118] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5115] +++ exited with 0 +++ [pid 5105] +++ exited with 0 +++ [pid 5121] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5027] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5105, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=38 /* 0.38 s */} --- [pid 5121] <... futex resumed>) = 1 [pid 5121] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5027] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5027] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 69.211469][ T5114] dump_stack_lvl+0x1e7/0x2d0 [ 69.216172][ T5114] ? nf_tcp_handle_invalid+0x650/0x650 [ 69.221654][ T5114] ? panic+0x770/0x770 [ 69.225759][ T5114] should_fail_ex+0x3aa/0x4e0 [ 69.230554][ T5114] should_failslab+0x9/0x20 [ 69.235083][ T5114] slab_pre_alloc_hook+0x59/0x310 [ 69.240137][ T5114] ? tomoyo_encode+0x26f/0x530 [ 69.244927][ T5114] __kmem_cache_alloc_node+0x4b/0x270 [ 69.250413][ T5114] ? arch_stack_walk+0x162/0x1a0 [ 69.255381][ T5114] ? tomoyo_encode+0x26f/0x530 [ 69.260264][ T5114] __kmalloc+0xa8/0x230 [ 69.264463][ T5114] tomoyo_encode+0x26f/0x530 [ 69.269094][ T5114] tomoyo_mount_permission+0x356/0xb80 [ 69.274600][ T5114] ? __stack_depot_save+0x20/0x650 [ 69.279735][ T5114] ? tomoyo_mount_permission+0x295/0xb80 [ 69.285402][ T5114] ? tomoyo_get_name+0x510/0x510 [ 69.290438][ T5114] security_sb_mount+0x8c/0xc0 [ 69.295243][ T5114] path_mount+0xb9/0xfa0 [ 69.299517][ T5114] ? kmem_cache_free+0x292/0x500 [ 69.304486][ T5114] ? user_path_at_empty+0x4c/0x60 [ 69.309628][ T5114] __se_sys_mount+0x2d9/0x3c0 [ 69.314348][ T5114] ? __x64_sys_mount+0xc0/0xc0 [ 69.319147][ T5114] ? syscall_enter_from_user_mode+0x32/0x230 [ 69.325252][ T5114] ? __x64_sys_mount+0x20/0xc0 [ 69.330138][ T5114] do_syscall_64+0x41/0xc0 [ 69.334593][ T5114] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 69.340526][ T5114] RIP: 0033:0x7f41770c949a [ 69.342556][ T5121] FAULT_INJECTION: forcing a failure. [ 69.342556][ T5121] name failslab, interval 1, probability 0, space 0, times 0 [ 69.345221][ T5114] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 69.345238][ T5114] RSP: 002b:00007f4177084028 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 69.345260][ T5114] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f41770c949a [ 69.345273][ T5114] RDX: 0000000020000180 RSI: 0000000020000100 RDI: 0000000000000000 [ 69.402564][ T5114] RBP: 0000000020000180 R08: 00007f41770840c0 R09: 0000000000000000 [pid 5027] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5027] getdents64(3, 0x555555981730 /* 4 entries */, 32768) = 104 [pid 5027] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5027] newfstatat(AT_FDCWD, "./2/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5027] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5027] openat(AT_FDCWD, "./2/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5027] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5027] getdents64(4, 0x555555989770 /* 2 entries */, 32768) = 48 [pid 5027] getdents64(4, 0x555555989770 /* 0 entries */, 32768) = 0 [pid 5027] close(4) = 0 [pid 5027] rmdir("./2/bus") = 0 [pid 5027] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5027] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5027] unlink("./2/binderfs") = 0 [pid 5027] getdents64(3, 0x555555981730 /* 0 entries */, 32768) = 0 [pid 5027] close(3) = 0 [pid 5027] rmdir("./2") = 0 [pid 5027] mkdir("./3", 0777 [pid 5120] <... futex resumed>) = 0 [pid 5116] <... futex resumed>) = 0 [pid 5027] <... mkdir resumed>) = 0 [pid 5120] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] exit_group(0 [pid 5027] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5121] <... futex resumed>) = 0 [pid 5120] <... futex resumed>) = 1 [pid 5121] open("./file0", O_RDONLY [pid 5118] <... futex resumed>) = ? [pid 5116] <... exit_group resumed>) = ? [pid 5027] <... openat resumed>) = 3 [pid 5121] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 5120] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5118] +++ exited with 0 +++ [pid 5121] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5027] ioctl(3, LOOP_CLR_FD [pid 5121] <... futex resumed>) = 0 [pid 5120] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5027] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5121] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5120] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5027] close(3 [pid 5121] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5120] <... futex resumed>) = 0 [pid 5027] <... close resumed>) = 0 [pid 5121] ioctl(-1, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5120] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5121] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5027] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5121] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) ./strace-static-x86_64: Process 5144 attached [pid 5121] <... futex resumed>) = 0 [pid 5120] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5144] set_robust_list(0x5555559806a0, 24 [pid 5121] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5120] <... futex resumed>) = 0 [pid 5144] <... set_robust_list resumed>) = 0 [pid 5121] <... openat resumed>) = 3 [pid 5120] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5144] chdir("./3" [pid 5121] write(3, "15", 2 [pid 5144] <... chdir resumed>) = 0 [pid 5121] <... write resumed>) = 2 [pid 5144] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5121] creat("./bus", 000 [pid 5144] <... prctl resumed>) = 0 [pid 5121] <... creat resumed>) = -1 EISDIR (Is a directory) [pid 5144] setpgid(0, 0 [pid 5121] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5144] <... setpgid resumed>) = 0 [pid 5144] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5121] <... futex resumed>) = 1 [pid 5120] <... futex resumed>) = 0 [pid 5144] <... openat resumed>) = 3 [pid 5121] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5120] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5144] write(3, "1000", 4 [pid 5121] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5120] <... futex resumed>) = 0 [pid 5027] <... clone resumed>, child_tidptr=0x555555980690) = 5144 [pid 5144] <... write resumed>) = 4 [pid 5121] mkdir(".", 0777 [pid 5120] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5144] close(3 [pid 5121] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5144] <... close resumed>) = 0 [pid 5121] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5144] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5144] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, NULL, 8) = 0 [pid 5144] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5144] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4177064000 [pid 5144] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5144] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5144] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0} => {parent_tid=[5145]}, 88) = 5145 [pid 5144] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5144] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 69.410649][ T5114] R10: 0000000001a404bc R11: 0000000000000286 R12: 0000000000000000 [ 69.418730][ T5114] R13: 0000000020000100 R14: 0000000000000000 R15: 00007f41770840c0 [ 69.426755][ T5114] [ 69.430900][ T5121] CPU: 0 PID: 5121 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 69.441382][ T5121] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 69.451561][ T5121] Call Trace: [ 69.454908][ T5121] [ 69.457973][ T5121] dump_stack_lvl+0x1e7/0x2d0 [ 69.462789][ T5121] ? nf_tcp_handle_invalid+0x650/0x650 [ 69.468386][ T5121] ? panic+0x770/0x770 [ 69.472838][ T5121] ? __might_sleep+0xc0/0xc0 [ 69.477474][ T5121] should_fail_ex+0x3aa/0x4e0 [ 69.482215][ T5121] should_failslab+0x9/0x20 [ 69.486749][ T5121] slab_pre_alloc_hook+0x59/0x310 [ 69.491793][ T5121] ? __might_sleep+0xc0/0xc0 [ 69.496514][ T5121] kmem_cache_alloc+0x52/0x300 [ 69.501298][ T5121] ? getname_flags+0xbc/0x4f0 [ 69.506019][ T5121] getname_flags+0xbc/0x4f0 [ 69.511291][ T5121] user_path_at_empty+0x2c/0x60 [ 69.516427][ T5121] __se_sys_mount+0x29a/0x3c0 [ 69.521230][ T5121] ? __x64_sys_mount+0xc0/0xc0 [ 69.526205][ T5121] ? syscall_enter_from_user_mode+0x32/0x230 [ 69.532392][ T5121] ? __x64_sys_mount+0x20/0xc0 [ 69.537297][ T5121] do_syscall_64+0x41/0xc0 [ 69.541766][ T5121] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 69.547731][ T5121] RIP: 0033:0x7f41770c949a [pid 5144] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5145 attached [pid 5142] <... futex resumed>) = ? [pid 5140] <... write resumed>) = 16777216 [pid 5136] <... write resumed>) = 16777216 [pid 5114] <... mount resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 5145] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053 [pid 5142] +++ exited with 0 +++ [pid 5140] munmap(0x7f416ec64000, 138412032 [pid 5136] munmap(0x7f416ec64000, 138412032 [pid 5116] +++ exited with 0 +++ [pid 5114] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5145] <... rseq resumed>) = 0 [pid 5140] <... munmap resumed>) = 0 [pid 5145] set_robust_list(0x7f41770849a0, 24 [pid 5140] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5136] <... munmap resumed>) = 0 [pid 5114] <... futex resumed>) = 1 [pid 5101] <... futex resumed>) = 0 [pid 5145] <... set_robust_list resumed>) = 0 [ 69.552180][ T5121] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 69.572426][ T5121] RSP: 002b:00007f4177084028 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 69.580873][ T5121] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f41770c949a [ 69.588958][ T5121] RDX: 0000000020000180 RSI: 0000000020000100 RDI: 0000000000000000 [ 69.597040][ T5121] RBP: 0000000020000180 R08: 00007f41770840c0 R09: 0000000000000000 [ 69.602695][ T5140] loop1: detected capacity change from 0 to 32768 [pid 5140] <... openat resumed>) = 4 [pid 5101] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5145] rt_sigprocmask(SIG_SETMASK, [], [pid 5140] ioctl(4, LOOP_SET_FD, 3 [pid 5101] <... futex resumed>) = 0 [pid 5145] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5140] <... ioctl resumed>) = 0 [pid 5101] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] memfd_create("syzkaller", 0) = 3 [pid 5145] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f416ec64000 [pid 5114] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0) = -1 EBADF (Bad file descriptor) [pid 5114] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5101] <... futex resumed>) = 0 [pid 5101] exit_group(0) = ? [pid 5140] close(3 [pid 5114] +++ exited with 0 +++ [pid 5101] +++ exited with 0 +++ [pid 5140] <... close resumed>) = 0 [pid 5140] mkdir("./bus", 0777) = 0 [pid 5136] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5121] <... mount resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 5136] <... openat resumed>) = 4 [pid 5121] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5028] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5101, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=37 /* 0.37 s */} --- [pid 5025] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5116, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=42 /* 0.42 s */} --- [pid 5136] ioctl(4, LOOP_SET_FD, 3 [pid 5120] <... futex resumed>) = 0 [pid 5121] <... futex resumed>) = 1 [pid 5140] mount("/dev/loop1", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5136] <... ioctl resumed>) = 0 [pid 5121] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5120] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5136] close(3 [pid 5121] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5120] <... futex resumed>) = 0 [pid 5028] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5025] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5136] <... close resumed>) = 0 [pid 5121] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5120] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5136] mkdir("./bus", 0777 [pid 5121] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5025] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5136] <... mkdir resumed>) = 0 [pid 5025] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5136] mount("/dev/loop4", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5025] <... openat resumed>) = 3 [pid 5121] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5025] newfstatat(3, "", [pid 5121] <... futex resumed>) = 1 [pid 5120] <... futex resumed>) = 0 [pid 5025] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5120] exit_group(0) = ? [pid 5025] getdents64(3, 0x555555981730 /* 4 entries */, 32768) = 104 [pid 5140] <... mount resumed>) = -1 EEXIST (File exists) [pid 5140] ioctl(4, LOOP_CLR_FD [pid 5121] +++ exited with 0 +++ [pid 5120] +++ exited with 0 +++ [pid 5025] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5030] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5120, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=30 /* 0.30 s */} --- [ 69.605095][ T5121] R10: 0000000001a404bc R11: 0000000000000286 R12: 0000000000000000 [ 69.620126][ T5121] R13: 0000000020000100 R14: 0000000000000000 R15: 00007f41770840c0 [ 69.628142][ T5121] [ 69.639946][ T5136] loop4: detected capacity change from 0 to 32768 [ 69.641880][ T5140] BTRFS warning: duplicate device /dev/loop1 devid 1 generation 8 scanned by syz-executor340 (5140) [pid 5030] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5030] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5030] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5030] getdents64(3, 0x555555981730 /* 4 entries */, 32768) = 104 [pid 5030] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5030] newfstatat(AT_FDCWD, "./2/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5030] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5030] openat(AT_FDCWD, "./2/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5030] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5030] getdents64(4, 0x555555989770 /* 2 entries */, 32768) = 48 [pid 5030] getdents64(4, 0x555555989770 /* 0 entries */, 32768) = 0 [pid 5030] close(4) = 0 [pid 5030] rmdir("./2/bus") = 0 [pid 5030] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5030] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5028] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5030] unlink("./2/binderfs") = 0 [pid 5028] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5030] getdents64(3, 0x555555981730 /* 0 entries */, 32768) = 0 [pid 5028] <... openat resumed>) = 3 [pid 5030] close(3) = 0 [pid 5028] newfstatat(3, "", [pid 5030] rmdir("./2") = 0 [pid 5028] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5030] mkdir("./3", 0777) = 0 [pid 5028] getdents64(3, [pid 5030] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5028] <... getdents64 resumed>0x555555981730 /* 4 entries */, 32768) = 104 [pid 5030] ioctl(3, LOOP_CLR_FD [pid 5028] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5030] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5030] close(3 [pid 5028] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5030] <... close resumed>) = 0 [pid 5030] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5028] newfstatat(AT_FDCWD, "./2/bus", ./strace-static-x86_64: Process 5146 attached [pid 5030] <... clone resumed>, child_tidptr=0x555555980690) = 5146 [pid 5146] set_robust_list(0x5555559806a0, 24 [pid 5028] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5028] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5146] <... set_robust_list resumed>) = 0 [pid 5028] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5146] chdir("./3" [pid 5028] openat(AT_FDCWD, "./2/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5146] <... chdir resumed>) = 0 [pid 5028] <... openat resumed>) = 4 [pid 5146] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5028] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5028] getdents64(4, 0x555555989770 /* 2 entries */, 32768) = 48 [pid 5028] getdents64(4, [pid 5146] <... prctl resumed>) = 0 [pid 5146] setpgid(0, 0 [pid 5028] <... getdents64 resumed>0x555555989770 /* 0 entries */, 32768) = 0 [pid 5028] close(4) = 0 [pid 5146] <... setpgid resumed>) = 0 [pid 5028] rmdir("./2/bus") = 0 [pid 5146] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5028] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5028] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 69.669994][ T5136] BTRFS warning: duplicate device /dev/loop4 devid 1 generation 8 scanned by syz-executor340 (5136) [pid 5146] <... openat resumed>) = 3 [pid 5028] unlink("./2/binderfs" [pid 5146] write(3, "1000", 4 [pid 5136] <... mount resumed>) = -1 EEXIST (File exists) [pid 5146] <... write resumed>) = 4 [pid 5136] ioctl(4, LOOP_CLR_FD [pid 5146] close(3 [pid 5028] <... unlink resumed>) = 0 [pid 5146] <... close resumed>) = 0 [pid 5146] symlink("/dev/binderfs", "./binderfs" [pid 5028] getdents64(3, 0x555555981730 /* 0 entries */, 32768) = 0 [pid 5028] close(3) = 0 [pid 5028] rmdir("./2") = 0 [pid 5028] mkdir("./3", 0777) = 0 [pid 5028] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5028] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5146] <... symlink resumed>) = 0 [pid 5028] close(3) = 0 [pid 5028] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5146] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5146] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, NULL, 8) = 0 [pid 5028] <... clone resumed>, child_tidptr=0x555555980690) = 5147 [pid 5146] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], ./strace-static-x86_64: Process 5147 attached NULL, 8) = 0 [pid 5147] set_robust_list(0x5555559806a0, 24 [pid 5146] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4177064000 [pid 5146] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5146] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5146] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0}./strace-static-x86_64: Process 5148 attached => {parent_tid=[5148]}, 88) = 5148 [pid 5148] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053 [pid 5147] <... set_robust_list resumed>) = 0 [pid 5146] rt_sigprocmask(SIG_SETMASK, [], [pid 5148] <... rseq resumed>) = 0 [pid 5147] chdir("./3" [pid 5146] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5146] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5148] set_robust_list(0x7f41770849a0, 24 [pid 5147] <... chdir resumed>) = 0 [pid 5146] <... futex resumed>) = 0 [pid 5148] <... set_robust_list resumed>) = 0 [pid 5147] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5146] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5148] rt_sigprocmask(SIG_SETMASK, [], [pid 5147] <... prctl resumed>) = 0 [pid 5148] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5147] setpgid(0, 0 [pid 5148] memfd_create("syzkaller", 0 [pid 5147] <... setpgid resumed>) = 0 [pid 5148] <... memfd_create resumed>) = 3 [pid 5148] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f416ec64000 [pid 5147] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5147] write(3, "1000", 4) = 4 [pid 5147] close(3) = 0 [pid 5147] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5147] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5147] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, NULL, 8) = 0 [pid 5147] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5147] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4177064000 [pid 5147] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5147] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5147] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0}./strace-static-x86_64: Process 5149 attached [pid 5149] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053 [pid 5147] <... clone3 resumed> => {parent_tid=[5149]}, 88) = 5149 [pid 5145] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5149] <... rseq resumed>) = 0 [pid 5147] rt_sigprocmask(SIG_SETMASK, [], [pid 5149] set_robust_list(0x7f41770849a0, 24 [pid 5147] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5149] <... set_robust_list resumed>) = 0 [pid 5147] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5149] rt_sigprocmask(SIG_SETMASK, [], [pid 5147] <... futex resumed>) = 0 [pid 5149] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5147] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5149] memfd_create("syzkaller", 0) = 3 [pid 5149] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f416ec64000 [pid 5140] <... ioctl resumed>) = 0 [pid 5140] close(4) = 0 [pid 5140] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5139] <... futex resumed>) = 0 [pid 5140] open("./file0", O_RDONLY [pid 5139] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5140] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 5139] <... futex resumed>) = 0 [pid 5140] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5139] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5140] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5139] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5140] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5139] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5140] ioctl(-1, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5139] <... futex resumed>) = 0 [pid 5140] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5139] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5140] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5139] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5139] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5140] <... futex resumed>) = 0 [pid 5139] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5140] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3 [pid 5140] write(3, "15", 2) = 2 [pid 5140] creat("./bus", 000) = -1 EISDIR (Is a directory) [pid 5140] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5139] <... futex resumed>) = 0 [pid 5140] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5139] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5140] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5139] <... futex resumed>) = 0 [pid 5140] mkdir(".", 0777 [pid 5139] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5140] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5140] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5136] <... ioctl resumed>) = 0 [ 70.081841][ T5140] FAULT_INJECTION: forcing a failure. [ 70.081841][ T5140] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 70.123347][ T5140] CPU: 1 PID: 5140 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 70.133807][ T5140] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 70.143971][ T5140] Call Trace: [ 70.147264][ T5140] [ 70.150216][ T5140] dump_stack_lvl+0x1e7/0x2d0 [ 70.155007][ T5140] ? nf_tcp_handle_invalid+0x650/0x650 [ 70.160742][ T5140] ? panic+0x770/0x770 [ 70.165006][ T5140] should_fail_ex+0x3aa/0x4e0 [ 70.169720][ T5140] strncpy_from_user+0x36/0x2e0 [ 70.174688][ T5140] getname_flags+0xf9/0x4f0 [ 70.179291][ T5140] user_path_at_empty+0x2c/0x60 [ 70.184216][ T5140] __se_sys_mount+0x29a/0x3c0 [ 70.188918][ T5140] ? __x64_sys_mount+0xc0/0xc0 [ 70.193713][ T5140] ? syscall_enter_from_user_mode+0x32/0x230 [ 70.199713][ T5140] ? __x64_sys_mount+0x20/0xc0 [ 70.204495][ T5140] do_syscall_64+0x41/0xc0 [ 70.208929][ T5140] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 70.214839][ T5140] RIP: 0033:0x7f41770c949a [ 70.219288][ T5140] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 70.239866][ T5140] RSP: 002b:00007f4177084028 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 70.248298][ T5140] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f41770c949a [ 70.256910][ T5140] RDX: 0000000020000180 RSI: 0000000020000100 RDI: 0000000000000000 [ 70.265426][ T5140] RBP: 0000000020000180 R08: 00007f41770840c0 R09: 0000000000000000 [pid 5149] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5148] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5145] <... write resumed>) = 16777216 [pid 5136] close(4 [pid 5025] <... umount2 resumed>) = 0 [pid 5025] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5145] munmap(0x7f416ec64000, 138412032 [pid 5136] <... close resumed>) = 0 [pid 5025] newfstatat(AT_FDCWD, "./2/bus", [pid 5145] <... munmap resumed>) = 0 [pid 5136] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5025] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5025] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5136] <... futex resumed>) = 1 [pid 5025] openat(AT_FDCWD, "./2/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5136] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5025] <... openat resumed>) = 4 [pid 5025] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5025] getdents64(4, 0x555555989770 /* 2 entries */, 32768) = 48 [pid 5025] getdents64(4, 0x555555989770 /* 0 entries */, 32768) = 0 [pid 5025] close(4) = 0 [pid 5025] rmdir("./2/bus" [pid 5133] <... futex resumed>) = 0 [pid 5025] <... rmdir resumed>) = 0 [ 70.274124][ T5140] R10: 0000000001a404bc R11: 0000000000000286 R12: 0000000000000000 [ 70.282116][ T5140] R13: 0000000020000100 R14: 0000000000000000 R15: 00007f41770840c0 [ 70.290129][ T5140] [pid 5133] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5136] <... futex resumed>) = 0 [pid 5136] open("./file0", O_RDONLY [pid 5133] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5136] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 5145] ioctl(4, LOOP_SET_FD, 3 [pid 5025] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5136] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5025] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5136] <... futex resumed>) = 1 [pid 5025] newfstatat(AT_FDCWD, "./2/binderfs", [pid 5136] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5025] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5025] unlink("./2/binderfs") = 0 [pid 5025] getdents64(3, 0x555555981730 /* 0 entries */, 32768) = 0 [pid 5025] close(3) = 0 [pid 5025] rmdir("./2") = 0 [pid 5025] mkdir("./3", 0777) = 0 [pid 5133] <... futex resumed>) = 0 [pid 5025] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5133] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5136] <... futex resumed>) = 0 [pid 5133] <... futex resumed>) = 1 [pid 5025] <... openat resumed>) = 3 [pid 5136] ioctl(-1, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5133] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5025] ioctl(3, LOOP_CLR_FD [pid 5136] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5025] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5145] <... ioctl resumed>) = 0 [pid 5136] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5025] close(3 [pid 5145] close(3 [pid 5136] <... futex resumed>) = 1 [pid 5133] <... futex resumed>) = 0 [pid 5136] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5133] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5136] <... openat resumed>) = 3 [pid 5133] <... futex resumed>) = 0 [pid 5133] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5136] write(3, "15", 2 [pid 5025] <... close resumed>) = 0 [pid 5136] <... write resumed>) = 2 [pid 5136] creat("./bus", 000 [pid 5025] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5136] <... creat resumed>) = -1 EISDIR (Is a directory) [ 70.315029][ T5145] loop2: detected capacity change from 0 to 32768 [pid 5136] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5133] <... futex resumed>) = 0 [pid 5145] <... close resumed>) = 0 [pid 5136] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5133] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5145] mkdir("./bus", 0777 [pid 5136] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5133] <... futex resumed>) = 0 [pid 5145] <... mkdir resumed>) = 0 [pid 5136] mkdir(".", 0777 [pid 5133] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5150 attached [pid 5145] mount("/dev/loop2", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5136] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5136] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5025] <... clone resumed>, child_tidptr=0x555555980690) = 5150 [pid 5140] <... mount resumed>) = -1 EFAULT (Bad address) [pid 5150] set_robust_list(0x5555559806a0, 24) = 0 [pid 5150] chdir("./3" [pid 5140] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5139] <... futex resumed>) = 0 [pid 5140] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5139] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5140] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5139] <... futex resumed>) = 0 [pid 5140] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5139] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5140] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5150] <... chdir resumed>) = 0 [pid 5140] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5139] <... futex resumed>) = 0 [pid 5140] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5139] exit_group(0 [pid 5140] <... futex resumed>) = ? [pid 5139] <... exit_group resumed>) = ? [pid 5140] +++ exited with 0 +++ [pid 5150] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5150] setpgid(0, 0 [pid 5139] +++ exited with 0 +++ [pid 5150] <... setpgid resumed>) = 0 [pid 5026] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5139, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=37 /* 0.37 s */} --- [pid 5150] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 70.357877][ T5136] FAULT_INJECTION: forcing a failure. [ 70.357877][ T5136] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 70.382225][ T5145] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop2 scanned by syz-executor340 (5145) [ 70.412317][ T5136] CPU: 1 PID: 5136 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 70.422804][ T5136] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 70.432942][ T5136] Call Trace: [ 70.436216][ T5136] [ 70.439138][ T5136] dump_stack_lvl+0x1e7/0x2d0 [ 70.443999][ T5136] ? nf_tcp_handle_invalid+0x650/0x650 [ 70.449731][ T5136] ? panic+0x770/0x770 [ 70.453946][ T5136] should_fail_ex+0x3aa/0x4e0 [ 70.458752][ T5136] strncpy_from_user+0x36/0x2e0 [ 70.465466][ T5136] getname_flags+0xf9/0x4f0 [ 70.470185][ T5136] user_path_at_empty+0x2c/0x60 [ 70.475146][ T5136] __se_sys_mount+0x29a/0x3c0 [ 70.480276][ T5136] ? __x64_sys_mount+0xc0/0xc0 [ 70.485583][ T5136] ? syscall_enter_from_user_mode+0x32/0x230 [ 70.491660][ T5136] ? __x64_sys_mount+0x20/0xc0 [ 70.496522][ T5136] do_syscall_64+0x41/0xc0 [ 70.500947][ T5136] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 70.507792][ T5136] RIP: 0033:0x7f41770c949a [ 70.512471][ T5136] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 70.532764][ T5136] RSP: 002b:00007f4177084028 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 70.541984][ T5136] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f41770c949a [ 70.550323][ T5136] RDX: 0000000020000180 RSI: 0000000020000100 RDI: 0000000000000000 [pid 5150] write(3, "1000", 4) = 4 [pid 5026] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5150] close(3) = 0 [pid 5150] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5150] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5150] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, NULL, 8) = 0 [pid 5150] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5150] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4177064000 [pid 5150] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5150] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5150] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0}./strace-static-x86_64: Process 5151 attached [pid 5151] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053 [pid 5150] <... clone3 resumed> => {parent_tid=[5151]}, 88) = 5151 [pid 5151] <... rseq resumed>) = 0 [pid 5150] rt_sigprocmask(SIG_SETMASK, [], [pid 5026] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5026] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5026] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5026] getdents64(3, [pid 5150] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5150] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5150] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5151] set_robust_list(0x7f41770849a0, 24) = 0 [pid 5151] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 70.558559][ T5136] RBP: 0000000020000180 R08: 00007f41770840c0 R09: 0000000000000000 [ 70.566876][ T5136] R10: 0000000001a404bc R11: 0000000000000286 R12: 0000000000000000 [ 70.574926][ T5136] R13: 0000000020000100 R14: 0000000000000000 R15: 00007f41770840c0 [ 70.582911][ T5136] [pid 5151] memfd_create("syzkaller", 0) = 3 [pid 5151] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f416ec64000 [pid 5026] <... getdents64 resumed>0x555555981730 /* 4 entries */, 32768) = 104 [pid 5026] umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5026] newfstatat(AT_FDCWD, "./3/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5026] umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5026] openat(AT_FDCWD, "./3/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5026] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5026] getdents64(4, 0x555555989770 /* 2 entries */, 32768) = 48 [pid 5026] getdents64(4, 0x555555989770 /* 0 entries */, 32768) = 0 [pid 5026] close(4) = 0 [pid 5026] rmdir("./3/bus") = 0 [pid 5026] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5026] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5026] unlink("./3/binderfs") = 0 [pid 5026] getdents64(3, 0x555555981730 /* 0 entries */, 32768) = 0 [pid 5026] close(3) = 0 [pid 5026] rmdir("./3") = 0 [pid 5026] mkdir("./4", 0777) = 0 [pid 5026] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5026] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5026] close(3) = 0 [pid 5026] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555980690) = 5152 ./strace-static-x86_64: Process 5152 attached [ 70.682154][ T5145] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 70.691005][ T5145] BTRFS info (device loop2): doing ref verification [ 70.709236][ T5145] BTRFS warning (device loop2): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 5152] set_robust_list(0x5555559806a0, 24 [pid 5149] <... write resumed>) = 16777216 [pid 5152] <... set_robust_list resumed>) = 0 [pid 5152] chdir("./4") = 0 [pid 5152] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5152] setpgid(0, 0) = 0 [pid 5149] munmap(0x7f416ec64000, 138412032 [pid 5152] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5152] write(3, "1000", 4) = 4 [ 70.729383][ T5145] BTRFS info (device loop2): force zlib compression, level 3 [pid 5152] close(3 [pid 5149] <... munmap resumed>) = 0 [pid 5152] <... close resumed>) = 0 [pid 5152] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5152] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5152] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, NULL, 8) = 0 [pid 5149] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5152] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5149] <... openat resumed>) = 4 [pid 5152] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5149] ioctl(4, LOOP_SET_FD, 3 [pid 5152] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4177064000 [pid 5152] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5136] <... mount resumed>) = -1 EFAULT (Bad address) [pid 5152] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5136] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5152] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5136] <... futex resumed>) = 1 [pid 5152] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0} [pid 5136] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5152] <... clone3 resumed> => {parent_tid=[5153]}, 88) = 5153 ./strace-static-x86_64: Process 5153 attached [pid 5152] rt_sigprocmask(SIG_SETMASK, [], [pid 5133] <... futex resumed>) = 0 [pid 5153] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053 [pid 5152] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5133] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5153] <... rseq resumed>) = 0 [pid 5152] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5136] <... futex resumed>) = 0 [pid 5133] <... futex resumed>) = 1 [pid 5153] set_robust_list(0x7f41770849a0, 24 [pid 5152] <... futex resumed>) = 0 [pid 5136] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5133] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5152] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5149] <... ioctl resumed>) = 0 [pid 5136] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5149] close(3 [pid 5136] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5149] <... close resumed>) = 0 [pid 5153] <... set_robust_list resumed>) = 0 [pid 5149] mkdir("./bus", 0777 [pid 5136] <... futex resumed>) = 1 [pid 5133] <... futex resumed>) = 0 [pid 5153] rt_sigprocmask(SIG_SETMASK, [], [pid 5136] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5133] exit_group(0 [pid 5153] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5133] <... exit_group resumed>) = ? [pid 5153] memfd_create("syzkaller", 0 [pid 5149] <... mkdir resumed>) = 0 [pid 5136] <... futex resumed>) = ? [pid 5153] <... memfd_create resumed>) = 3 [pid 5149] mount("/dev/loop3", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5136] +++ exited with 0 +++ [pid 5133] +++ exited with 0 +++ [pid 5153] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5029] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5133, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=34 /* 0.34 s */} --- [pid 5153] <... mmap resumed>) = 0x7f416ec64000 [pid 5029] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5029] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5029] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5029] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5029] getdents64(3, 0x555555981730 /* 4 entries */, 32768) = 104 [ 70.755720][ T5145] BTRFS info (device loop2): allowing degraded mounts [ 70.765769][ T5149] loop3: detected capacity change from 0 to 32768 [ 70.789211][ T5145] BTRFS info (device loop2): using free space tree [pid 5029] umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5029] newfstatat(AT_FDCWD, "./3/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5029] umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5148] <... write resumed>) = 16777216 [pid 5029] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5149] <... mount resumed>) = -1 EEXIST (File exists) [pid 5148] munmap(0x7f416ec64000, 138412032 [pid 5029] openat(AT_FDCWD, "./3/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5029] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5149] ioctl(4, LOOP_CLR_FD [pid 5029] getdents64(4, 0x555555989770 /* 2 entries */, 32768) = 48 [pid 5029] getdents64(4, 0x555555989770 /* 0 entries */, 32768) = 0 [pid 5029] close(4) = 0 [pid 5029] rmdir("./3/bus") = 0 [pid 5029] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5148] <... munmap resumed>) = 0 [pid 5029] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5029] unlink("./3/binderfs" [pid 5148] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [ 70.797847][ T5149] BTRFS warning: duplicate device /dev/loop3 devid 1 generation 8 scanned by syz-executor340 (5149) [pid 5148] ioctl(4, LOOP_SET_FD, 3 [pid 5029] <... unlink resumed>) = 0 [pid 5029] getdents64(3, 0x555555981730 /* 0 entries */, 32768) = 0 [pid 5029] close(3) = 0 [pid 5029] rmdir("./3") = 0 [pid 5029] mkdir("./4", 0777) = 0 [pid 5148] <... ioctl resumed>) = 0 [pid 5029] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5148] close(3) = 0 [pid 5029] <... openat resumed>) = 3 [pid 5029] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5029] close(3 [pid 5148] mkdir("./bus", 0777 [pid 5029] <... close resumed>) = 0 [pid 5029] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5148] <... mkdir resumed>) = 0 [pid 5148] mount("/dev/loop5", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5029] <... clone resumed>, child_tidptr=0x555555980690) = 5161 ./strace-static-x86_64: Process 5161 attached [pid 5161] set_robust_list(0x5555559806a0, 24) = 0 [pid 5161] chdir("./4") = 0 [pid 5161] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 70.844723][ T5148] loop5: detected capacity change from 0 to 32768 [ 70.878483][ T5148] BTRFS warning: duplicate device /dev/loop5 devid 1 generation 8 scanned by syz-executor340 (5148) [pid 5161] setpgid(0, 0) = 0 [pid 5161] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5148] <... mount resumed>) = -1 EEXIST (File exists) [pid 5148] ioctl(4, LOOP_CLR_FD [pid 5161] <... openat resumed>) = 3 [pid 5161] write(3, "1000", 4) = 4 [pid 5161] close(3) = 0 [pid 5161] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5161] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5161] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, NULL, 8) = 0 [pid 5161] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5161] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4177064000 [pid 5161] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5151] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5161] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5161] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0} => {parent_tid=[5168]}, 88) = 5168 [pid 5161] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5161] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5161] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5168 attached [pid 5168] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053) = 0 [pid 5168] set_robust_list(0x7f41770849a0, 24) = 0 [pid 5168] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5168] memfd_create("syzkaller", 0) = 3 [pid 5168] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f416ec64000 [pid 5145] <... mount resumed>) = 0 [pid 5145] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [ 70.982242][ T5145] BTRFS info (device loop2): auto enabling async discard [pid 5145] chdir("./bus") = 0 [pid 5145] ioctl(4, LOOP_CLR_FD) = 0 [pid 5145] close(4) = 0 [pid 5145] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5145] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5144] <... futex resumed>) = 0 [pid 5144] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5145] <... futex resumed>) = 0 [pid 5144] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] open("./file0", O_RDONLY) = 4 [pid 5145] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5144] <... futex resumed>) = 0 [pid 5144] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5145] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5144] <... futex resumed>) = 0 [pid 5144] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 5145] write(5, "15", 2) = 2 [pid 5145] creat("./bus", 000 [pid 5144] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5144] futex(0x7f41771546dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4177043000 [pid 5144] mprotect(0x7f4177044000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5144] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5144] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177063990, parent_tid=0x7f4177063990, exit_signal=0, stack=0x7f4177043000, stack_size=0x20300, tls=0x7f41770636c0} => {parent_tid=[5172]}, 88) = 5172 [pid 5144] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5144] futex(0x7f41771546d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 71.152263][ T5145] FAULT_INJECTION: forcing a failure. [ 71.152263][ T5145] name failslab, interval 1, probability 0, space 0, times 0 [ 71.201364][ T995] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared) [ 71.210265][ T5145] CPU: 1 PID: 5145 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 71.220958][ T5145] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 71.231739][ T5145] Call Trace: [ 71.235045][ T5145] [ 71.238017][ T5145] dump_stack_lvl+0x1e7/0x2d0 [ 71.242932][ T5145] ? nf_tcp_handle_invalid+0x650/0x650 [ 71.248437][ T5145] ? panic+0x770/0x770 [ 71.252633][ T5145] should_fail_ex+0x3aa/0x4e0 [ 71.257791][ T5145] should_failslab+0x9/0x20 [ 71.262316][ T5145] slab_pre_alloc_hook+0x59/0x310 [ 71.267372][ T5145] ? btrfs_record_root_in_trans+0x16e/0x180 [ 71.273321][ T5145] kmem_cache_alloc+0x52/0x300 [ 71.278117][ T5145] ? btrfs_create_new_inode+0x251/0x2710 [ 71.283790][ T5145] btrfs_create_new_inode+0x251/0x2710 [ 71.289294][ T5145] ? __mutex_unlock_slowpath+0x21c/0x750 [ 71.294993][ T5145] ? btrfs_new_inode_args_destroy+0x160/0x160 [ 71.301158][ T5145] btrfs_create_common+0x1f9/0x300 [ 71.306322][ T5145] ? btrfs_tmpfile+0x4e0/0x4e0 [ 71.311117][ T5145] ? do_raw_spin_unlock+0x13b/0x8b0 [ 71.316460][ T5145] ? btrfs_create+0x75/0x140 [ 71.321094][ T5145] ? btrfs_lookup+0x40/0x40 [ 71.325720][ T5145] path_openat+0x13e7/0x3180 [ 71.330528][ T5145] ? do_filp_open+0x490/0x490 [ 71.335227][ T5145] do_filp_open+0x234/0x490 [ 71.339796][ T5145] ? vfs_tmpfile+0x4b0/0x4b0 [ 71.344420][ T5145] ? _raw_spin_unlock+0x28/0x40 [ 71.349275][ T5145] ? alloc_fd+0x59c/0x640 [ 71.353610][ T5145] do_sys_openat2+0x13e/0x1d0 [ 71.358424][ T5145] ? do_sys_open+0x230/0x230 [ 71.363062][ T5145] ? _raw_spin_unlock_irq+0x2e/0x50 [ 71.368287][ T5145] ? ptrace_notify+0x278/0x380 [ 71.373086][ T5145] __x64_sys_creat+0x123/0x160 [ 71.377975][ T5145] ? __x64_compat_sys_openat+0x290/0x290 [ 71.383658][ T5145] ? syscall_enter_from_user_mode+0x32/0x230 [ 71.389684][ T5145] ? syscall_enter_from_user_mode+0x8c/0x230 [ 71.395770][ T5145] do_syscall_64+0x41/0xc0 [ 71.400236][ T5145] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 71.406341][ T5145] RIP: 0033:0x7f41770c8049 [ 71.417737][ T5145] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 71.437626][ T5145] RSP: 002b:00007f4177084208 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [pid 5144] futex(0x7f41771546dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5172 attached [pid 5149] <... ioctl resumed>) = 0 [pid 5172] rseq(0x7f4177063fe0, 0x20, 0, 0x53053053) = 0 [pid 5172] set_robust_list(0x7f41770639a0, 24) = 0 [pid 5172] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5172] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 5172] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5153] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5149] close(4) = 0 [pid 5149] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 71.446143][ T5145] RAX: ffffffffffffffda RBX: 00007f41771546c8 RCX: 00007f41770c8049 [ 71.454150][ T5145] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000040 [ 71.462153][ T5145] RBP: 00007f41771546c0 R08: 00007f4177083fa6 R09: 0000000000003531 [ 71.470138][ T5145] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f41771211d0 [ 71.478365][ T5145] R13: 00007f4177084210 R14: 0000000000000002 R15: 00007f417711c070 [ 71.486439][ T5145] [pid 5149] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5147] <... futex resumed>) = 0 [pid 5147] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5149] <... futex resumed>) = 0 [pid 5147] <... futex resumed>) = 1 [pid 5149] open("./file0", O_RDONLY [pid 5147] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5149] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 5149] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5147] <... futex resumed>) = 0 [pid 5149] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5147] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5149] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5147] <... futex resumed>) = 0 [pid 5149] ioctl(-1, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5147] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5149] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5149] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5147] <... futex resumed>) = 0 [pid 5149] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5147] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5149] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5147] <... futex resumed>) = 0 [pid 5168] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5149] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5147] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5149] <... openat resumed>) = 3 [pid 5149] write(3, "15", 2) = 2 [pid 5149] creat("./bus", 000) = -1 EISDIR (Is a directory) [pid 5149] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5147] <... futex resumed>) = 0 [pid 5147] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5147] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5149] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 5149] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5145] <... creat resumed>) = -1 ENOMEM (Cannot allocate memory) [ 71.581400][ T5149] FAULT_INJECTION: forcing a failure. [ 71.581400][ T5149] name failslab, interval 1, probability 0, space 0, times 0 [pid 5145] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5148] <... ioctl resumed>) = 0 [pid 5148] close(4) = 0 [pid 5145] <... futex resumed>) = 0 [pid 5145] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5148] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5148] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5151] <... write resumed>) = 16777216 [pid 5146] <... futex resumed>) = 0 [pid 5146] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5148] <... futex resumed>) = 0 [pid 5146] <... futex resumed>) = 1 [pid 5148] open("./file0", O_RDONLY [pid 5151] munmap(0x7f416ec64000, 138412032 [pid 5148] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 5148] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5151] <... munmap resumed>) = 0 [pid 5148] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5146] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5151] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5146] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5151] <... openat resumed>) = 4 [pid 5146] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5151] ioctl(4, LOOP_SET_FD, 3 [pid 5148] <... futex resumed>) = 0 [pid 5146] <... futex resumed>) = 1 [pid 5148] ioctl(-1, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [ 71.667103][ T5172] BTRFS error (device loop2: state M): unrecognized mount option '18446744073709551615017777777777777777777770177777777777777777777718446744073709551615lbZ~Ƣ8žH~אa*Oѓ< 5^Sus%e [ 71.667103][ T5172] /ĖEaofmߚtҮ~г#a C$n-SGWmxeGy|sL=~ä_;N' [ 71.744490][ T5151] loop0: detected capacity change from 0 to 32768 [ 71.745242][ T5149] CPU: 1 PID: 5149 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 71.761900][ T5149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 71.772672][ T5149] Call Trace: [ 71.775975][ T5149] [ 71.779183][ T5149] dump_stack_lvl+0x1e7/0x2d0 [ 71.783893][ T5149] ? nf_tcp_handle_invalid+0x650/0x650 [ 71.789568][ T5149] ? panic+0x770/0x770 [ 71.793856][ T5149] should_fail_ex+0x3aa/0x4e0 [ 71.798664][ T5149] should_failslab+0x9/0x20 [ 71.803197][ T5149] slab_pre_alloc_hook+0x59/0x310 [ 71.808612][ T5149] ? tomoyo_encode+0x26f/0x530 [ 71.813626][ T5149] __kmem_cache_alloc_node+0x4b/0x270 [ 71.819106][ T5149] ? arch_stack_walk+0x162/0x1a0 [ 71.824135][ T5149] ? tomoyo_encode+0x26f/0x530 [ 71.829161][ T5149] __kmalloc+0xa8/0x230 [ 71.833367][ T5149] tomoyo_encode+0x26f/0x530 [ 71.837980][ T5149] tomoyo_mount_permission+0x356/0xb80 [ 71.843628][ T5149] ? __stack_depot_save+0x20/0x650 [ 71.848765][ T5149] ? tomoyo_mount_permission+0x295/0xb80 [ 71.854660][ T5149] ? tomoyo_get_name+0x510/0x510 [ 71.859742][ T5149] security_sb_mount+0x8c/0xc0 [ 71.864526][ T5149] path_mount+0xb9/0xfa0 [ 71.868853][ T5149] ? kmem_cache_free+0x292/0x500 [ 71.873872][ T5149] ? user_path_at_empty+0x4c/0x60 [ 71.879242][ T5149] __se_sys_mount+0x2d9/0x3c0 [ 71.884013][ T5149] ? __x64_sys_mount+0xc0/0xc0 [ 71.888824][ T5149] ? syscall_enter_from_user_mode+0x32/0x230 [ 71.894818][ T5149] ? __x64_sys_mount+0x20/0xc0 [ 71.899583][ T5149] do_syscall_64+0x41/0xc0 [ 71.904371][ T5149] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 71.910285][ T5149] RIP: 0033:0x7f41770c949a [ 71.914793][ T5149] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 71.934756][ T5149] RSP: 002b:00007f4177084028 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 71.943456][ T5149] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f41770c949a [ 71.951473][ T5149] RDX: 0000000020000180 RSI: 0000000020000100 RDI: 0000000000000000 [ 71.959536][ T5149] RBP: 0000000020000180 R08: 00007f41770840c0 R09: 0000000000000000 [ 71.967740][ T5149] R10: 0000000001a404bc R11: 0000000000000286 R12: 0000000000000000 [ 71.976237][ T5149] R13: 0000000020000100 R14: 0000000000000000 R15: 00007f41770840c0 [ 71.984314][ T5149] [pid 5146] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5172] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5151] <... ioctl resumed>) = 0 [pid 5148] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5172] futex(0x7f41771546dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5148] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5172] futex(0x7f41771546d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5151] close(3 [pid 5148] <... futex resumed>) = 1 [pid 5146] <... futex resumed>) = 0 [pid 5144] <... futex resumed>) = 0 [pid 5144] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5149] <... mount resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 5146] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5144] <... futex resumed>) = 1 [pid 5144] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5146] <... futex resumed>) = 0 [pid 5146] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5148] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3 [pid 5148] write(3, "15", 2) = 2 [pid 5148] creat("./bus", 000) = -1 EISDIR (Is a directory) [pid 5148] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5146] <... futex resumed>) = 0 [pid 5146] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5148] mkdir(".", 0777 [pid 5146] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5148] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5148] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5153] <... write resumed>) = 16777216 [pid 5151] <... close resumed>) = 0 [pid 5149] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5145] <... futex resumed>) = 0 [pid 5145] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5147] <... futex resumed>) = 0 [pid 5147] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5147] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5149] <... futex resumed>) = 1 [pid 5153] munmap(0x7f416ec64000, 138412032 [pid 5151] mkdir("./bus", 0777 [pid 5145] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5149] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5153] <... munmap resumed>) = 0 [pid 5145] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5149] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5145] <... futex resumed>) = 1 [pid 5149] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5145] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5147] <... futex resumed>) = 0 [pid 5147] exit_group(0) = ? [pid 5149] <... futex resumed>) = ? [pid 5151] <... mkdir resumed>) = 0 [pid 5168] <... write resumed>) = 16777216 [pid 5149] +++ exited with 0 +++ [pid 5147] +++ exited with 0 +++ [pid 5151] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5168] munmap(0x7f416ec64000, 138412032) = 0 [pid 5153] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5153] ioctl(4, LOOP_SET_FD, 3 [pid 5168] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [ 72.086696][ T5148] FAULT_INJECTION: forcing a failure. [ 72.086696][ T5148] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 72.104537][ T5148] CPU: 0 PID: 5148 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 72.115013][ T5148] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 72.125352][ T5148] Call Trace: [ 72.126398][ T5153] loop1: detected capacity change from 0 to 32768 [pid 5168] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5168] close(3) = 0 [pid 5168] mkdir("./bus", 0777) = 0 [pid 5168] mount("/dev/loop4", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5153] <... ioctl resumed>) = 0 [pid 5153] close(3) = 0 [pid 5153] mkdir("./bus", 0777) = 0 [pid 5151] <... mount resumed>) = -1 EEXIST (File exists) [pid 5151] ioctl(4, LOOP_CLR_FD [pid 5168] <... mount resumed>) = -1 EEXIST (File exists) [ 72.128645][ T5148] [ 72.128655][ T5148] dump_stack_lvl+0x1e7/0x2d0 [ 72.138119][ T5168] loop4: detected capacity change from 0 to 32768 [ 72.142738][ T5148] ? nf_tcp_handle_invalid+0x650/0x650 [ 72.142767][ T5148] ? panic+0x770/0x770 [ 72.142791][ T5148] should_fail_ex+0x3aa/0x4e0 [ 72.142824][ T5148] strncpy_from_user+0x36/0x2e0 [ 72.142844][ T5148] getname_flags+0xf9/0x4f0 [ 72.142868][ T5148] user_path_at_empty+0x2c/0x60 [pid 5153] mount("/dev/loop1", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5168] ioctl(4, LOOP_CLR_FD [pid 5148] <... mount resumed>) = -1 EFAULT (Bad address) [pid 5144] <... futex resumed>) = 0 [pid 5148] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5144] exit_group(0 [pid 5028] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5147, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=36 /* 0.36 s */} --- [pid 5172] <... futex resumed>) = ? [pid 5148] <... futex resumed>) = 1 [pid 5146] <... futex resumed>) = 0 [pid 5144] <... exit_group resumed>) = ? [pid 5172] +++ exited with 0 +++ [pid 5148] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5146] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5148] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5146] <... futex resumed>) = 0 [pid 5028] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5148] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5146] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5028] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5148] <... futex resumed>) = 0 [pid 5146] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5028] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5148] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5146] exit_group(0 [pid 5028] <... openat resumed>) = 3 [pid 5148] <... futex resumed>) = ? [pid 5146] <... exit_group resumed>) = ? [pid 5028] newfstatat(3, "", [pid 5148] +++ exited with 0 +++ [pid 5146] +++ exited with 0 +++ [pid 5028] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5028] getdents64(3, [pid 5030] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5146, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=40 /* 0.40 s */} --- [pid 5028] <... getdents64 resumed>0x555555981730 /* 4 entries */, 32768) = 104 [pid 5030] restart_syscall(<... resuming interrupted clone ...> [pid 5028] umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5030] <... restart_syscall resumed>) = 0 [pid 5028] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5028] newfstatat(AT_FDCWD, "./3/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5028] umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5028] openat(AT_FDCWD, "./3/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5030] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5028] <... openat resumed>) = 4 [pid 5030] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5028] newfstatat(4, "", [pid 5030] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5028] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5030] <... openat resumed>) = 3 [ 72.160695][ T5151] BTRFS warning: duplicate device /dev/loop0 devid 1 generation 8 scanned by syz-executor340 (5151) [ 72.163611][ T5148] __se_sys_mount+0x29a/0x3c0 [ 72.163641][ T5148] ? __x64_sys_mount+0xc0/0xc0 [ 72.163661][ T5148] ? syscall_enter_from_user_mode+0x32/0x230 [ 72.163688][ T5148] ? __x64_sys_mount+0x20/0xc0 [ 72.163708][ T5148] do_syscall_64+0x41/0xc0 [ 72.163728][ T5148] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 72.170434][ T5168] BTRFS warning: duplicate device /dev/loop4 devid 1 generation 8 scanned by syz-executor340 (5168) [ 72.173044][ T5148] RIP: 0033:0x7f41770c949a [ 72.173065][ T5148] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 72.173077][ T5148] RSP: 002b:00007f4177084028 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 72.173097][ T5148] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f41770c949a [ 72.173109][ T5148] RDX: 0000000020000180 RSI: 0000000020000100 RDI: 0000000000000000 [pid 5028] getdents64(4, [pid 5030] newfstatat(3, "", [pid 5028] <... getdents64 resumed>0x555555989770 /* 2 entries */, 32768) = 48 [pid 5028] getdents64(4, 0x555555989770 /* 0 entries */, 32768) = 0 [pid 5028] close(4) = 0 [pid 5028] rmdir("./3/bus") = 0 [pid 5028] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5028] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5028] unlink("./3/binderfs") = 0 [pid 5028] getdents64(3, 0x555555981730 /* 0 entries */, 32768) = 0 [pid 5030] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5028] close(3 [pid 5030] getdents64(3, [pid 5028] <... close resumed>) = 0 [pid 5030] <... getdents64 resumed>0x555555981730 /* 4 entries */, 32768) = 104 [pid 5028] rmdir("./3" [pid 5030] umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5028] <... rmdir resumed>) = 0 [pid 5030] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5028] mkdir("./4", 0777 [pid 5030] newfstatat(AT_FDCWD, "./3/bus", [pid 5028] <... mkdir resumed>) = 0 [pid 5030] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5028] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5030] umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5028] <... openat resumed>) = 3 [pid 5030] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5030] openat(AT_FDCWD, "./3/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5030] newfstatat(4, "", [pid 5028] ioctl(3, LOOP_CLR_FD [pid 5030] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5028] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5030] getdents64(4, [pid 5028] close(3 [pid 5030] <... getdents64 resumed>0x555555989770 /* 2 entries */, 32768) = 48 [pid 5028] <... close resumed>) = 0 [pid 5030] getdents64(4, [pid 5028] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5030] <... getdents64 resumed>0x555555989770 /* 0 entries */, 32768) = 0 [pid 5030] close(4) = 0 [pid 5030] rmdir("./3/bus" [pid 5028] <... clone resumed>, child_tidptr=0x555555980690) = 5173 ./strace-static-x86_64: Process 5173 attached [pid 5030] <... rmdir resumed>) = 0 [pid 5173] set_robust_list(0x5555559806a0, 24 [pid 5030] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5173] <... set_robust_list resumed>) = 0 [pid 5173] chdir("./4") = 0 [pid 5173] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5173] setpgid(0, 0) = 0 [pid 5173] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5173] write(3, "1000", 4) = 4 [pid 5173] close(3) = 0 [pid 5173] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5173] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5173] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, NULL, 8) = 0 [pid 5173] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5173] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4177064000 [pid 5173] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5173] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5030] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5173] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5030] newfstatat(AT_FDCWD, "./3/binderfs", [pid 5173] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0} [pid 5030] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5173] <... clone3 resumed> => {parent_tid=[5174]}, 88) = 5174 [pid 5030] unlink("./3/binderfs" [pid 5173] rt_sigprocmask(SIG_SETMASK, [], [pid 5030] <... unlink resumed>) = 0 [pid 5173] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5030] getdents64(3, ./strace-static-x86_64: Process 5174 attached [pid 5173] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5030] <... getdents64 resumed>0x555555981730 /* 0 entries */, 32768) = 0 [pid 5174] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053 [pid 5173] <... futex resumed>) = 0 [pid 5030] close(3 [pid 5174] <... rseq resumed>) = 0 [pid 5173] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5030] <... close resumed>) = 0 [pid 5174] set_robust_list(0x7f41770849a0, 24 [pid 5030] rmdir("./3") = 0 [pid 5030] mkdir("./4", 0777) = 0 [pid 5030] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5030] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5030] close(3) = 0 [pid 5030] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5175 attached [pid 5175] set_robust_list(0x5555559806a0, 24 [pid 5174] <... set_robust_list resumed>) = 0 [pid 5030] <... clone resumed>, child_tidptr=0x555555980690) = 5175 [pid 5175] <... set_robust_list resumed>) = 0 [pid 5174] rt_sigprocmask(SIG_SETMASK, [], [pid 5175] chdir("./4" [pid 5174] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5174] memfd_create("syzkaller", 0 [pid 5175] <... chdir resumed>) = 0 [pid 5175] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5174] <... memfd_create resumed>) = 3 [pid 5175] setpgid(0, 0) = 0 [pid 5174] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5175] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5174] <... mmap resumed>) = 0x7f416ec64000 [pid 5175] <... openat resumed>) = 3 [pid 5175] write(3, "1000", 4) = 4 [pid 5175] close(3) = 0 [pid 5175] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5175] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5175] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, NULL, 8) = 0 [pid 5175] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5175] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4177064000 [pid 5175] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5175] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5175] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0}./strace-static-x86_64: Process 5176 attached => {parent_tid=[5176]}, 88) = 5176 [pid 5176] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053 [pid 5175] rt_sigprocmask(SIG_SETMASK, [], [pid 5176] <... rseq resumed>) = 0 [pid 5175] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5176] set_robust_list(0x7f41770849a0, 24 [pid 5175] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5176] <... set_robust_list resumed>) = 0 [pid 5175] <... futex resumed>) = 0 [pid 5176] rt_sigprocmask(SIG_SETMASK, [], [pid 5175] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5176] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5145] <... futex resumed>) = ? [pid 5176] memfd_create("syzkaller", 0 [pid 5145] +++ exited with 0 +++ [pid 5144] +++ exited with 0 +++ [pid 5027] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5144, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=32 /* 0.32 s */} --- [pid 5027] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5027] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5027] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5027] getdents64(3, 0x555555981730 /* 4 entries */, 32768) = 104 [pid 5027] umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5153] <... mount resumed>) = -1 EEXIST (File exists) [pid 5176] <... memfd_create resumed>) = 3 [ 72.181306][ T5153] BTRFS warning: duplicate device /dev/loop1 devid 1 generation 8 scanned by syz-executor340 (5153) [ 72.188953][ T5148] RBP: 0000000020000180 R08: 00007f41770840c0 R09: 0000000000000000 [ 72.188972][ T5148] R10: 0000000001a404bc R11: 0000000000000286 R12: 0000000000000000 [ 72.188981][ T5148] R13: 0000000020000100 R14: 0000000000000000 R15: 00007f41770840c0 [ 72.189006][ T5148] [pid 5176] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f416ec64000 [pid 5153] ioctl(4, LOOP_CLR_FD [pid 5174] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5153] <... ioctl resumed>) = 0 [pid 5153] close(4) = 0 [pid 5151] <... ioctl resumed>) = 0 [pid 5153] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5152] <... futex resumed>) = 0 [pid 5152] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5153] open("./file0", O_RDONLY [pid 5152] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5153] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 5153] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5152] <... futex resumed>) = 0 [pid 5153] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5152] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5153] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5152] <... futex resumed>) = 0 [pid 5151] close(4 [pid 5152] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5153] ioctl(-1, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5151] <... close resumed>) = 0 [pid 5153] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5153] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5151] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5153] <... futex resumed>) = 1 [pid 5152] <... futex resumed>) = 0 [pid 5151] <... futex resumed>) = 1 [pid 5150] <... futex resumed>) = 0 [pid 5153] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5152] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5151] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5150] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5153] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5152] <... futex resumed>) = 0 [pid 5150] <... futex resumed>) = 0 [pid 5153] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5151] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5150] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5152] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5153] <... openat resumed>) = 3 [pid 5151] open("./file0", O_RDONLY [pid 5153] write(3, "15", 2 [pid 5151] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 5153] <... write resumed>) = 2 [pid 5151] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5153] creat("./bus", 000 [pid 5151] <... futex resumed>) = 1 [pid 5150] <... futex resumed>) = 0 [pid 5153] <... creat resumed>) = -1 EISDIR (Is a directory) [pid 5151] ioctl(-1, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5150] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5153] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5151] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5150] <... futex resumed>) = 0 [pid 5153] <... futex resumed>) = 1 [pid 5152] <... futex resumed>) = 0 [pid 5151] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5150] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5152] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5151] <... futex resumed>) = 0 [pid 5150] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5152] <... futex resumed>) = 0 [pid 5151] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5150] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5152] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5150] <... futex resumed>) = 0 [pid 5151] <... openat resumed>) = 3 [pid 5150] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5151] write(3, "15", 2 [pid 5153] mkdir(".", 0777 [pid 5151] <... write resumed>) = 2 [pid 5153] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5151] creat("./bus", 000 [pid 5153] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5151] <... creat resumed>) = -1 EISDIR (Is a directory) [pid 5151] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5176] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5168] <... ioctl resumed>) = 0 [pid 5168] close(4) = 0 [pid 5168] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5161] <... futex resumed>) = 0 [pid 5161] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5168] open("./file0", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5168] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5151] <... futex resumed>) = 1 [pid 5150] <... futex resumed>) = 0 [ 72.850025][ T5153] FAULT_INJECTION: forcing a failure. [ 72.850025][ T5153] name failslab, interval 1, probability 0, space 0, times 0 [ 72.883922][ T5151] FAULT_INJECTION: forcing a failure. [ 72.883922][ T5151] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 72.899198][ T5153] CPU: 1 PID: 5153 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 72.909985][ T5153] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 72.920066][ T5153] Call Trace: [ 72.923538][ T5153] [ 72.926488][ T5153] dump_stack_lvl+0x1e7/0x2d0 [ 72.929956][ T5168] FAULT_INJECTION: forcing a failure. [ 72.929956][ T5168] name failslab, interval 1, probability 0, space 0, times 0 [ 72.931266][ T5153] ? nf_tcp_handle_invalid+0x650/0x650 [ 72.949388][ T5153] ? panic+0x770/0x770 [ 72.953731][ T5153] should_fail_ex+0x3aa/0x4e0 [ 72.958586][ T5153] should_failslab+0x9/0x20 [ 72.963088][ T5153] slab_pre_alloc_hook+0x59/0x310 [ 72.968136][ T5153] ? tomoyo_encode+0x26f/0x530 [ 72.973015][ T5153] __kmem_cache_alloc_node+0x4b/0x270 [ 72.978533][ T5153] ? arch_stack_walk+0x162/0x1a0 [ 72.983474][ T5153] ? tomoyo_encode+0x26f/0x530 [ 72.988633][ T5153] __kmalloc+0xa8/0x230 [ 72.992810][ T5153] tomoyo_encode+0x26f/0x530 [ 72.997502][ T5153] tomoyo_mount_permission+0x356/0xb80 [ 73.003063][ T5153] ? __stack_depot_save+0x20/0x650 [ 73.008436][ T5153] ? tomoyo_mount_permission+0x295/0xb80 [ 73.014077][ T5153] ? tomoyo_get_name+0x510/0x510 [ 73.019076][ T5153] security_sb_mount+0x8c/0xc0 [ 73.023841][ T5153] path_mount+0xb9/0xfa0 [ 73.028178][ T5153] ? kmem_cache_free+0x292/0x500 [ 73.033222][ T5153] ? user_path_at_empty+0x4c/0x60 [ 73.038332][ T5153] __se_sys_mount+0x2d9/0x3c0 [ 73.043112][ T5153] ? __x64_sys_mount+0xc0/0xc0 [ 73.047875][ T5153] ? syscall_enter_from_user_mode+0x32/0x230 [ 73.053859][ T5153] ? __x64_sys_mount+0x20/0xc0 [ 73.058631][ T5153] do_syscall_64+0x41/0xc0 [ 73.063228][ T5153] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 73.069488][ T5153] RIP: 0033:0x7f41770c949a [ 73.073925][ T5153] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [pid 5151] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5168] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5161] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5151] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5150] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5151] mkdir(".", 0777 [pid 5161] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5151] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5150] <... futex resumed>) = 0 [pid 5151] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5161] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5150] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5161] <... futex resumed>) = 1 [pid 5161] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5168] <... futex resumed>) = 0 [pid 5168] ioctl(-1, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = -1 EBADF (Bad file descriptor) [pid 5168] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5161] <... futex resumed>) = 0 [pid 5161] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5161] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5168] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3 [pid 5168] write(3, "15", 2) = 2 [pid 5168] creat("./bus", 000) = -1 EISDIR (Is a directory) [pid 5168] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5161] <... futex resumed>) = 0 [pid 5168] mkdir(".", 0777 [pid 5161] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5168] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5161] <... futex resumed>) = 0 [pid 5168] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [ 73.093731][ T5153] RSP: 002b:00007f4177084028 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 73.102280][ T5153] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f41770c949a [ 73.110273][ T5153] RDX: 0000000020000180 RSI: 0000000020000100 RDI: 0000000000000000 [ 73.118263][ T5153] RBP: 0000000020000180 R08: 00007f41770840c0 R09: 0000000000000000 [ 73.126326][ T5153] R10: 0000000001a404bc R11: 0000000000000286 R12: 0000000000000000 [ 73.134385][ T5153] R13: 0000000020000100 R14: 0000000000000000 R15: 00007f41770840c0 [ 73.142473][ T5153] [ 73.192076][ T5168] CPU: 1 PID: 5168 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 73.202647][ T5168] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 73.212813][ T5168] Call Trace: [ 73.216106][ T5168] [ 73.219050][ T5168] dump_stack_lvl+0x1e7/0x2d0 [ 73.223845][ T5168] ? nf_tcp_handle_invalid+0x650/0x650 [ 73.229419][ T5168] ? panic+0x770/0x770 [ 73.233517][ T5168] should_fail_ex+0x3aa/0x4e0 [ 73.238207][ T5168] should_failslab+0x9/0x20 [ 73.242725][ T5168] slab_pre_alloc_hook+0x59/0x310 [ 73.247943][ T5168] ? tomoyo_encode+0x26f/0x530 [ 73.252997][ T5168] __kmem_cache_alloc_node+0x4b/0x270 [ 73.258415][ T5168] ? arch_stack_walk+0x162/0x1a0 [ 73.263404][ T5168] ? tomoyo_encode+0x26f/0x530 [ 73.268227][ T5168] __kmalloc+0xa8/0x230 [ 73.272422][ T5168] tomoyo_encode+0x26f/0x530 [ 73.277040][ T5168] tomoyo_mount_permission+0x356/0xb80 [ 73.282788][ T5168] ? __stack_depot_save+0x20/0x650 [ 73.287991][ T5168] ? tomoyo_mount_permission+0x295/0xb80 [ 73.293636][ T5168] ? tomoyo_get_name+0x510/0x510 [ 73.298728][ T5168] security_sb_mount+0x8c/0xc0 [ 73.303519][ T5168] path_mount+0xb9/0xfa0 [ 73.307931][ T5168] ? kmem_cache_free+0x292/0x500 [ 73.312917][ T5168] ? user_path_at_empty+0x4c/0x60 [ 73.317975][ T5168] __se_sys_mount+0x2d9/0x3c0 [ 73.322849][ T5168] ? __x64_sys_mount+0xc0/0xc0 [ 73.327620][ T5168] ? syscall_enter_from_user_mode+0x32/0x230 [ 73.333715][ T5168] ? __x64_sys_mount+0x20/0xc0 [ 73.338601][ T5168] do_syscall_64+0x41/0xc0 [ 73.343034][ T5168] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 73.349023][ T5168] RIP: 0033:0x7f41770c949a [ 73.353762][ T5168] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 73.374022][ T5168] RSP: 002b:00007f4177084028 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 73.382469][ T5168] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f41770c949a [pid 5161] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5176] <... write resumed>) = 16777216 [pid 5153] <... mount resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 5027] <... umount2 resumed>) = 0 [pid 5153] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5153] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5176] munmap(0x7f416ec64000, 138412032) = 0 [pid 5176] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 5176] ioctl(4, LOOP_SET_FD, 3 [pid 5152] <... futex resumed>) = 0 [pid 5027] umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5152] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5027] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5152] <... futex resumed>) = 1 [pid 5027] newfstatat(AT_FDCWD, "./3/bus", [pid 5152] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5027] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5027] umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5027] openat(AT_FDCWD, "./3/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5153] <... futex resumed>) = 0 [pid 5027] newfstatat(4, "", [pid 5153] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5027] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5027] getdents64(4, 0x555555989770 /* 2 entries */, 32768) = 48 [pid 5027] getdents64(4, 0x555555989770 /* 0 entries */, 32768) = 0 [pid 5027] close(4) = 0 [pid 5027] rmdir("./3/bus") = 0 [pid 5027] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5027] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5027] unlink("./3/binderfs") = 0 [pid 5027] getdents64(3, 0x555555981730 /* 0 entries */, 32768) = 0 [pid 5027] close(3) = 0 [pid 5027] rmdir("./3") = 0 [pid 5027] mkdir("./4", 0777 [pid 5174] <... write resumed>) = 16777216 [ 73.388379][ T5176] loop5: detected capacity change from 0 to 32768 [ 73.390530][ T5168] RDX: 0000000020000180 RSI: 0000000020000100 RDI: 0000000000000000 [ 73.390546][ T5168] RBP: 0000000020000180 R08: 00007f41770840c0 R09: 0000000000000000 [ 73.390558][ T5168] R10: 0000000001a404bc R11: 0000000000000286 R12: 0000000000000000 [ 73.390570][ T5168] R13: 0000000020000100 R14: 0000000000000000 R15: 00007f41770840c0 [ 73.390598][ T5168] [pid 5153] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5027] <... mkdir resumed>) = 0 [pid 5027] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5027] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5027] close(3 [pid 5152] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5027] <... close resumed>) = 0 [pid 5027] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5177 attached , child_tidptr=0x555555980690) = 5177 [pid 5177] set_robust_list(0x5555559806a0, 24) = 0 [ 73.469107][ T5151] CPU: 1 PID: 5151 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 73.480025][ T5151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 73.490728][ T5151] Call Trace: [ 73.495602][ T5151] [ 73.498826][ T5151] dump_stack_lvl+0x1e7/0x2d0 [ 73.503610][ T5151] ? nf_tcp_handle_invalid+0x650/0x650 [ 73.509128][ T5151] ? panic+0x770/0x770 [ 73.513325][ T5151] should_fail_ex+0x3aa/0x4e0 [pid 5177] chdir("./4") = 0 [pid 5177] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5177] setpgid(0, 0) = 0 [pid 5177] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5177] write(3, "1000", 4) = 4 [ 73.518214][ T5151] strncpy_from_user+0x36/0x2e0 [ 73.523101][ T5151] getname_flags+0xf9/0x4f0 [ 73.527723][ T5151] user_path_at_empty+0x2c/0x60 [ 73.532607][ T5151] __se_sys_mount+0x29a/0x3c0 [ 73.537430][ T5151] ? __x64_sys_mount+0xc0/0xc0 [ 73.542454][ T5151] ? syscall_enter_from_user_mode+0x32/0x230 [ 73.548472][ T5151] ? __x64_sys_mount+0x20/0xc0 [ 73.553486][ T5151] do_syscall_64+0x41/0xc0 [ 73.557945][ T5151] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 73.564325][ T5151] RIP: 0033:0x7f41770c949a [ 73.568776][ T5151] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 73.588680][ T5151] RSP: 002b:00007f4177084028 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 73.597132][ T5151] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f41770c949a [ 73.605131][ T5151] RDX: 0000000020000180 RSI: 0000000020000100 RDI: 0000000000000000 [pid 5177] close(3 [pid 5153] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5153] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5152] exit_group(0 [pid 5153] <... futex resumed>) = ? [pid 5152] <... exit_group resumed>) = ? [pid 5177] <... close resumed>) = 0 [pid 5153] +++ exited with 0 +++ [pid 5152] +++ exited with 0 +++ [pid 5177] symlink("/dev/binderfs", "./binderfs" [pid 5026] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5152, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=46 /* 0.46 s */} --- [pid 5177] <... symlink resumed>) = 0 [pid 5026] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5026] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5026] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5177] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5026] getdents64(3, [pid 5177] <... futex resumed>) = 0 [pid 5026] <... getdents64 resumed>0x555555981730 /* 4 entries */, 32768) = 104 [pid 5026] umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5026] newfstatat(AT_FDCWD, "./4/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5026] umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5026] openat(AT_FDCWD, "./4/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5026] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5026] getdents64(4, 0x555555989770 /* 2 entries */, 32768) = 48 [pid 5026] getdents64(4, 0x555555989770 /* 0 entries */, 32768) = 0 [pid 5026] close(4) = 0 [pid 5026] rmdir("./4/bus") = 0 [pid 5026] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5026] newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5026] unlink("./4/binderfs") = 0 [pid 5026] getdents64(3, 0x555555981730 /* 0 entries */, 32768) = 0 [pid 5026] close(3 [pid 5177] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, [pid 5026] <... close resumed>) = 0 [pid 5177] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5026] rmdir("./4" [pid 5177] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5026] <... rmdir resumed>) = 0 [pid 5177] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5026] mkdir("./5", 0777 [pid 5177] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5026] <... mkdir resumed>) = 0 [pid 5177] <... mmap resumed>) = 0x7f4177064000 [pid 5177] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE [pid 5026] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5177] <... mprotect resumed>) = 0 [pid 5177] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5026] <... openat resumed>) = 3 [pid 5177] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5026] ioctl(3, LOOP_CLR_FD [pid 5177] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0} [pid 5026] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5026] close(3) = 0 [pid 5026] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5177] <... clone3 resumed> => {parent_tid=[5178]}, 88) = 5178 [pid 5177] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5178 attached NULL, 8) = 0 [pid 5178] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053) = 0 [pid 5026] <... clone resumed>, child_tidptr=0x555555980690) = 5179 ./strace-static-x86_64: Process 5179 attached [pid 5178] set_robust_list(0x7f41770849a0, 24 [pid 5177] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5179] set_robust_list(0x5555559806a0, 24 [pid 5178] <... set_robust_list resumed>) = 0 [pid 5177] <... futex resumed>) = 0 [pid 5179] <... set_robust_list resumed>) = 0 [pid 5178] rt_sigprocmask(SIG_SETMASK, [], [pid 5177] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5179] chdir("./5" [pid 5178] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5179] <... chdir resumed>) = 0 [pid 5178] memfd_create("syzkaller", 0 [pid 5179] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5178] <... memfd_create resumed>) = 3 [pid 5179] <... prctl resumed>) = 0 [pid 5178] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5179] setpgid(0, 0 [pid 5178] <... mmap resumed>) = 0x7f416ec64000 [pid 5179] <... setpgid resumed>) = 0 [pid 5179] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5179] write(3, "1000", 4) = 4 [pid 5179] close(3) = 0 [pid 5179] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5179] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5179] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, NULL, 8) = 0 [pid 5179] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5179] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4177064000 [pid 5179] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5179] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5179] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0}./strace-static-x86_64: Process 5180 attached [pid 5180] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053) = 0 [pid 5180] set_robust_list(0x7f41770849a0, 24) = 0 [pid 5179] <... clone3 resumed> => {parent_tid=[5180]}, 88) = 5180 [pid 5180] rt_sigprocmask(SIG_SETMASK, [], [pid 5179] rt_sigprocmask(SIG_SETMASK, [], [pid 5180] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5179] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5180] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5179] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5180] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5179] <... futex resumed>) = 0 [pid 5180] memfd_create("syzkaller", 0 [pid 5179] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5180] <... memfd_create resumed>) = 3 [pid 5180] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f416ec64000 [pid 5176] <... ioctl resumed>) = 0 [pid 5174] munmap(0x7f416ec64000, 138412032 [pid 5168] <... mount resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 5151] <... mount resumed>) = -1 EFAULT (Bad address) [pid 5168] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5161] <... futex resumed>) = 0 [pid 5161] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5161] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5174] <... munmap resumed>) = 0 [pid 5176] close(3 [pid 5168] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5151] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5176] <... close resumed>) = 0 [pid 5174] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5168] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5151] <... futex resumed>) = 1 [pid 5150] <... futex resumed>) = 0 [pid 5176] mkdir("./bus", 0777 [pid 5174] <... openat resumed>) = 4 [pid 5168] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5151] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5150] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5150] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5176] <... mkdir resumed>) = 0 [pid 5174] ioctl(4, LOOP_SET_FD, 3 [pid 5168] <... futex resumed>) = 1 [pid 5161] <... futex resumed>) = 0 [pid 5151] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5161] exit_group(0) = ? [pid 5151] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5174] <... ioctl resumed>) = 0 [pid 5168] +++ exited with 0 +++ [pid 5176] mount("/dev/loop5", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5174] close(3 [pid 5161] +++ exited with 0 +++ [pid 5151] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5174] <... close resumed>) = 0 [pid 5174] mkdir("./bus", 0777 [pid 5151] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5174] <... mkdir resumed>) = 0 [pid 5151] <... futex resumed>) = 1 [pid 5150] <... futex resumed>) = 0 [pid 5174] mount("/dev/loop3", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5151] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [ 73.613236][ T5151] RBP: 0000000020000180 R08: 00007f41770840c0 R09: 0000000000000000 [ 73.621236][ T5151] R10: 0000000001a404bc R11: 0000000000000286 R12: 0000000000000000 [ 73.629231][ T5151] R13: 0000000020000100 R14: 0000000000000000 R15: 00007f41770840c0 [ 73.637335][ T5151] [ 73.659208][ T5174] loop3: detected capacity change from 0 to 32768 [pid 5150] exit_group(0 [pid 5029] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5161, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=36 /* 0.36 s */} --- [pid 5150] <... exit_group resumed>) = ? [pid 5029] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5029] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5029] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5029] getdents64(3, 0x555555981730 /* 4 entries */, 32768) = 104 [pid 5029] umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5029] newfstatat(AT_FDCWD, "./4/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5029] umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5029] openat(AT_FDCWD, "./4/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5029] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5029] getdents64(4, 0x555555989770 /* 2 entries */, 32768) = 48 [pid 5151] <... futex resumed>) = ? [pid 5029] getdents64(4, 0x555555989770 /* 0 entries */, 32768) = 0 [pid 5029] close(4) = 0 [pid 5151] +++ exited with 0 +++ [pid 5150] +++ exited with 0 +++ [pid 5029] rmdir("./4/bus" [pid 5025] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5150, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=43 /* 0.43 s */} --- [pid 5025] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5025] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5025] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5025] getdents64(3, 0x555555981730 /* 4 entries */, 32768) = 104 [pid 5025] umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5025] newfstatat(AT_FDCWD, "./3/bus", [pid 5029] <... rmdir resumed>) = 0 [pid 5025] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5025] umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5025] openat(AT_FDCWD, "./3/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5025] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5025] getdents64(4, 0x555555989770 /* 2 entries */, 32768) = 48 [ 73.675278][ T5176] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop5 scanned by syz-executor340 (5176) [pid 5025] getdents64(4, [pid 5029] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5025] <... getdents64 resumed>0x555555989770 /* 0 entries */, 32768) = 0 [pid 5029] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5025] close(4 [pid 5029] newfstatat(AT_FDCWD, "./4/binderfs", [pid 5025] <... close resumed>) = 0 [pid 5029] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5025] rmdir("./3/bus" [pid 5029] unlink("./4/binderfs" [pid 5025] <... rmdir resumed>) = 0 [pid 5029] <... unlink resumed>) = 0 [pid 5029] getdents64(3, [pid 5025] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5174] <... mount resumed>) = -1 EEXIST (File exists) [pid 5029] <... getdents64 resumed>0x555555981730 /* 0 entries */, 32768) = 0 [pid 5025] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5029] close(3 [pid 5025] newfstatat(AT_FDCWD, "./3/binderfs", [pid 5029] <... close resumed>) = 0 [pid 5025] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5029] rmdir("./4" [pid 5025] unlink("./3/binderfs" [pid 5029] <... rmdir resumed>) = 0 [pid 5025] <... unlink resumed>) = 0 [pid 5029] mkdir("./5", 0777 [pid 5025] getdents64(3, 0x555555981730 /* 0 entries */, 32768) = 0 [pid 5029] <... mkdir resumed>) = 0 [pid 5025] close(3 [pid 5174] ioctl(4, LOOP_CLR_FD [pid 5025] <... close resumed>) = 0 [pid 5029] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5025] rmdir("./3" [pid 5029] <... openat resumed>) = 3 [pid 5025] <... rmdir resumed>) = 0 [pid 5029] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5029] close(3 [pid 5025] mkdir("./4", 0777 [pid 5029] <... close resumed>) = 0 [pid 5029] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5025] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 5181 attached [pid 5181] set_robust_list(0x5555559806a0, 24 [pid 5025] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5181] <... set_robust_list resumed>) = 0 [pid 5181] chdir("./5") = 0 [pid 5029] <... clone resumed>, child_tidptr=0x555555980690) = 5181 [pid 5181] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5181] setpgid(0, 0) = 0 [pid 5025] <... openat resumed>) = 3 [ 73.716813][ T5174] BTRFS warning: duplicate device /dev/loop3 devid 1 generation 8 scanned by syz-executor340 (5174) [ 73.729267][ T5176] BTRFS info (device loop5): using crc32c (crc32c-intel) checksum algorithm [ 73.739613][ T5176] BTRFS info (device loop5): doing ref verification [pid 5181] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5025] ioctl(3, LOOP_CLR_FD [pid 5181] <... openat resumed>) = 3 [pid 5181] write(3, "1000", 4) = 4 [pid 5181] close(3) = 0 [pid 5181] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5181] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5181] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, NULL, 8) = 0 [pid 5025] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5181] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5181] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4177064000 [pid 5181] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5181] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5181] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0} [pid 5025] close(3) = 0 [pid 5181] <... clone3 resumed> => {parent_tid=[5182]}, 88) = 5182 [pid 5181] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5181] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5181] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5182 attached [pid 5182] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053) = 0 [pid 5182] set_robust_list(0x7f41770849a0, 24) = 0 [pid 5182] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5182] memfd_create("syzkaller", 0) = 3 [pid 5025] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5182] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f416ec64000 ./strace-static-x86_64: Process 5183 attached [ 73.766950][ T5176] BTRFS warning (device loop5): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 5183] set_robust_list(0x5555559806a0, 24) = 0 [pid 5025] <... clone resumed>, child_tidptr=0x555555980690) = 5183 [pid 5183] chdir("./4") = 0 [pid 5183] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5183] setpgid(0, 0) = 0 [pid 5183] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5183] write(3, "1000", 4) = 4 [pid 5183] close(3) = 0 [pid 5183] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5183] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5183] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, NULL, 8) = 0 [pid 5183] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5183] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4177064000 [pid 5183] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5183] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 73.821483][ T5176] BTRFS info (device loop5): force zlib compression, level 3 [ 73.846901][ T5176] BTRFS info (device loop5): allowing degraded mounts [pid 5183] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0} => {parent_tid=[5184]}, 88) = 5184 [pid 5183] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5183] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5183] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5184 attached [pid 5184] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053) = 0 [pid 5184] set_robust_list(0x7f41770849a0, 24) = 0 [pid 5184] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5184] memfd_create("syzkaller", 0) = 3 [pid 5184] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f416ec64000 [ 73.875517][ T5176] BTRFS info (device loop5): using free space tree [pid 5178] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5180] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5182] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5176] <... mount resumed>) = 0 [pid 5176] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5176] chdir("./bus") = 0 [ 74.036903][ T5176] BTRFS info (device loop5): auto enabling async discard [pid 5176] ioctl(4, LOOP_CLR_FD) = 0 [pid 5176] close(4) = 0 [pid 5176] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5176] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5175] <... futex resumed>) = 0 [pid 5175] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5176] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5175] <... futex resumed>) = 0 [pid 5175] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5176] open("./file0", O_RDONLY [pid 5174] <... ioctl resumed>) = 0 [pid 5176] <... open resumed>) = 4 [pid 5176] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5176] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5175] <... futex resumed>) = 0 [pid 5176] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5175] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5176] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5175] <... futex resumed>) = 0 [pid 5175] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5174] close(4) = 0 [pid 5174] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5173] <... futex resumed>) = 0 [pid 5173] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5174] open("./file0", O_RDONLY [pid 5173] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5174] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 5174] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5175] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5174] <... futex resumed>) = 1 [pid 5174] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5175] futex(0x7f41771546dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5173] <... futex resumed>) = 0 [pid 5176] <... ioctl resumed>) = 0 [pid 5175] <... futex resumed>) = 0 [pid 5173] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5175] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5174] <... futex resumed>) = 0 [pid 5173] <... futex resumed>) = 1 [pid 5176] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5175] <... mmap resumed>) = 0x7f4177043000 [pid 5174] ioctl(-1, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5173] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5176] <... futex resumed>) = 0 [pid 5175] mprotect(0x7f4177044000, 131072, PROT_READ|PROT_WRITE [pid 5174] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5176] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5175] <... mprotect resumed>) = 0 [pid 5174] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5173] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5174] <... futex resumed>) = 0 [pid 5173] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5175] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5174] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3 [pid 5174] write(3, "15", 2) = 2 [pid 5174] creat("./bus", 000) = -1 EISDIR (Is a directory) [pid 5174] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5175] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5184] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5174] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5173] <... futex resumed>) = 0 [pid 5175] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177063990, parent_tid=0x7f4177063990, exit_signal=0, stack=0x7f4177043000, stack_size=0x20300, tls=0x7f41770636c0} [pid 5173] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5173] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5174] <... futex resumed>) = 0 [pid 5173] <... futex resumed>) = 1 [pid 5174] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 5174] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"..../strace-static-x86_64: Process 5201 attached [pid 5175] <... clone3 resumed> => {parent_tid=[5201]}, 88) = 5201 [pid 5173] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5201] rseq(0x7f4177063fe0, 0x20, 0, 0x53053053 [pid 5175] rt_sigprocmask(SIG_SETMASK, [], [pid 5201] <... rseq resumed>) = 0 [pid 5175] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5201] set_robust_list(0x7f41770639a0, 24 [pid 5175] futex(0x7f41771546d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5201] <... set_robust_list resumed>) = 0 [ 74.254935][ T5174] FAULT_INJECTION: forcing a failure. [ 74.254935][ T5174] name failslab, interval 1, probability 0, space 0, times 0 [ 74.274872][ T2430] BTRFS info (device loop5): qgroup scan completed (inconsistency flag cleared) [ 74.302129][ T5174] CPU: 1 PID: 5174 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 74.312687][ T5174] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 74.324066][ T5174] Call Trace: [ 74.327451][ T5174] [ 74.330473][ T5174] dump_stack_lvl+0x1e7/0x2d0 [ 74.335173][ T5174] ? nf_tcp_handle_invalid+0x650/0x650 [ 74.340987][ T5174] ? panic+0x770/0x770 [ 74.345135][ T5174] ? __might_sleep+0xc0/0xc0 [ 74.350853][ T5174] should_fail_ex+0x3aa/0x4e0 [ 74.355529][ T5174] should_failslab+0x9/0x20 [ 74.360088][ T5174] slab_pre_alloc_hook+0x59/0x310 [ 74.365318][ T5174] ? __might_sleep+0xc0/0xc0 [ 74.370551][ T5174] kmem_cache_alloc+0x52/0x300 [ 74.375329][ T5174] ? getname_flags+0xbc/0x4f0 [ 74.380286][ T5174] getname_flags+0xbc/0x4f0 [ 74.384912][ T5174] user_path_at_empty+0x2c/0x60 [ 74.389805][ T5174] __se_sys_mount+0x29a/0x3c0 [ 74.394509][ T5174] ? __x64_sys_mount+0xc0/0xc0 [ 74.399276][ T5174] ? syscall_enter_from_user_mode+0x32/0x230 [ 74.405288][ T5174] ? __x64_sys_mount+0x20/0xc0 [ 74.410083][ T5174] do_syscall_64+0x41/0xc0 [ 74.414693][ T5174] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 74.420687][ T5174] RIP: 0033:0x7f41770c949a [ 74.425120][ T5174] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 74.445004][ T5174] RSP: 002b:00007f4177084028 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [pid 5201] rt_sigprocmask(SIG_SETMASK, [], [ 74.453436][ T5174] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f41770c949a [ 74.461691][ T5174] RDX: 0000000020000180 RSI: 0000000020000100 RDI: 0000000000000000 [ 74.469756][ T5174] RBP: 0000000020000180 R08: 00007f41770840c0 R09: 0000000000000000 [ 74.477720][ T5174] R10: 0000000001a404bc R11: 0000000000000286 R12: 0000000000000000 [ 74.485773][ T5174] R13: 0000000020000100 R14: 0000000000000000 R15: 00007f41770840c0 [ 74.493750][ T5174] [pid 5175] futex(0x7f41771546dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5201] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5182] <... write resumed>) = 16777216 [pid 5175] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5174] <... mount resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 5201] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5182] munmap(0x7f416ec64000, 138412032 [pid 5175] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5174] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5173] <... futex resumed>) = 0 [pid 5201] <... openat resumed>) = 5 [pid 5173] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5173] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5201] write(5, "15", 2 [pid 5175] <... futex resumed>) = 1 [pid 5174] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5175] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5174] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5174] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5176] <... futex resumed>) = 0 [pid 5174] <... futex resumed>) = 1 [pid 5173] <... futex resumed>) = 0 [pid 5174] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5176] mkdir(".", 0777 [pid 5173] exit_group(0 [pid 5176] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5174] <... futex resumed>) = ? [pid 5173] <... exit_group resumed>) = ? [pid 5201] <... write resumed>) = 2 [pid 5176] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5201] creat("./bus", 000 [pid 5174] +++ exited with 0 +++ [pid 5182] <... munmap resumed>) = 0 [pid 5182] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5173] +++ exited with 0 +++ [pid 5028] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5173, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=46 /* 0.46 s */} --- [pid 5182] <... openat resumed>) = 4 [pid 5028] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5028] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5182] ioctl(4, LOOP_SET_FD, 3 [pid 5028] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5028] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5028] getdents64(3, [pid 5178] <... write resumed>) = 16777216 [pid 5028] <... getdents64 resumed>0x555555981730 /* 4 entries */, 32768) = 104 [pid 5178] munmap(0x7f416ec64000, 138412032 [ 74.626509][ T5201] FAULT_INJECTION: forcing a failure. [ 74.626509][ T5201] name failslab, interval 1, probability 0, space 0, times 0 [ 74.650360][ T5182] loop4: detected capacity change from 0 to 32768 [ 74.680255][ T5201] CPU: 1 PID: 5201 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 74.690833][ T5201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 74.701293][ T5201] Call Trace: [ 74.704771][ T5201] [ 74.707896][ T5201] dump_stack_lvl+0x1e7/0x2d0 [ 74.712699][ T5201] ? nf_tcp_handle_invalid+0x650/0x650 [ 74.718205][ T5201] ? panic+0x770/0x770 [ 74.722305][ T5201] ? __might_sleep+0xc0/0xc0 [ 74.727016][ T5201] should_fail_ex+0x3aa/0x4e0 [ 74.731728][ T5201] should_failslab+0x9/0x20 [ 74.736260][ T5201] slab_pre_alloc_hook+0x59/0x310 [ 74.741438][ T5201] kmem_cache_alloc+0x52/0x300 [ 74.746242][ T5201] ? alloc_extent_state+0x25/0x2e0 [ 74.751400][ T5201] alloc_extent_state+0x25/0x2e0 [ 74.756380][ T5201] __set_extent_bit+0x1c8/0x1b00 [ 74.761545][ T5201] ? __down_write_common+0x161/0x200 [ 74.766888][ T5201] ? PageUptodate+0xd7/0x290 [ 74.771510][ T5201] ? __write_extent_buffer+0x20f/0x410 [pid 5028] umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5184] <... write resumed>) = 16777216 [pid 5182] <... ioctl resumed>) = 0 [pid 5180] <... write resumed>) = 16777216 [pid 5178] <... munmap resumed>) = 0 [pid 5028] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5184] munmap(0x7f416ec64000, 138412032 [pid 5182] close(3) = 0 [pid 5182] mkdir("./bus", 0777) = 0 [pid 5182] mount("/dev/loop4", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [ 74.777096][ T5201] ? __asan_memcpy+0x40/0x70 [ 74.781819][ T5201] set_extent_bit+0x3b/0x50 [ 74.786632][ T5201] btrfs_alloc_tree_block+0xaf5/0x1800 [ 74.792150][ T5201] ? alloc_reserved_file_extent+0x5e0/0x5e0 [ 74.798206][ T5201] ? mark_lock+0x9a/0x340 [ 74.803091][ T5201] ? read_extent_buffer+0x11f/0x2a0 [ 74.808316][ T5201] ? __asan_memcpy+0x40/0x70 [ 74.813024][ T5201] __btrfs_cow_block+0x465/0x1a90 [ 74.818244][ T5201] ? btrfs_cow_block+0xa10/0xa10 [ 74.823284][ T5201] ? btrfs_qgroup_add_swapped_blocks+0x750/0x7f0 [pid 5180] munmap(0x7f416ec64000, 138412032 [pid 5184] <... munmap resumed>) = 0 [pid 5184] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5180] <... munmap resumed>) = 0 [pid 5184] <... openat resumed>) = 4 [pid 5184] ioctl(4, LOOP_SET_FD, 3 [pid 5180] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5180] ioctl(4, LOOP_SET_FD, 3 [pid 5184] <... ioctl resumed>) = 0 [pid 5184] close(3 [pid 5180] <... ioctl resumed>) = 0 [pid 5180] close(3) = 0 [pid 5180] mkdir("./bus", 0777) = 0 [ 74.829825][ T5201] ? rcu_is_watching+0x15/0xb0 [ 74.834832][ T5201] btrfs_cow_block+0x35e/0xa10 [ 74.839826][ T5201] btrfs_search_slot+0xbf9/0x2f80 [ 74.845111][ T5201] ? btrfs_find_item+0x5c0/0x5c0 [ 74.850091][ T5201] ? btrfs_create_new_inode+0xd73/0x2710 [ 74.855611][ T5184] loop0: detected capacity change from 0 to 32768 [ 74.856387][ T5201] ? __lock_acquire+0x7f70/0x7f70 [ 74.864562][ T5180] loop1: detected capacity change from 0 to 32768 [ 74.867889][ T5201] ? do_raw_spin_lock+0x14d/0x3a0 [pid 5180] mount("/dev/loop1", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5184] <... close resumed>) = 0 [ 74.867930][ T5201] ? do_raw_spin_unlock+0x13b/0x8b0 [ 74.867955][ T5201] btrfs_insert_empty_items+0x9c/0x180 [ 74.890330][ T5201] btrfs_create_new_inode+0x10b3/0x2710 [ 74.895943][ T5201] ? btrfs_new_inode_args_destroy+0x160/0x160 [ 74.902087][ T5201] btrfs_create_common+0x1f9/0x300 [ 74.907237][ T5201] ? btrfs_tmpfile+0x4e0/0x4e0 [ 74.912209][ T5201] ? do_raw_spin_unlock+0x13b/0x8b0 [ 74.914738][ T5178] loop2: detected capacity change from 0 to 32768 [ 74.917621][ T5201] ? btrfs_create+0x75/0x140 [ 74.917651][ T5201] ? btrfs_lookup+0x40/0x40 [ 74.933324][ T5201] path_openat+0x13e7/0x3180 [ 74.937980][ T5201] ? do_filp_open+0x490/0x490 [ 74.942801][ T5201] do_filp_open+0x234/0x490 [ 74.947339][ T5201] ? vfs_tmpfile+0x4b0/0x4b0 [ 74.952100][ T5201] ? _raw_spin_unlock+0x28/0x40 [ 74.957096][ T5201] ? alloc_fd+0x59c/0x640 [ 74.958843][ T5182] BTRFS warning: duplicate device /dev/loop4 devid 1 generation 8 scanned by syz-executor340 (5182) [ 74.961443][ T5201] do_sys_openat2+0x13e/0x1d0 [ 74.977175][ T5201] ? do_sys_open+0x230/0x230 [ 74.981810][ T5201] ? _raw_spin_unlock_irq+0x2e/0x50 [ 74.986498][ T5180] BTRFS warning: duplicate device /dev/loop1 devid 1 generation 8 scanned by syz-executor340 (5180) [ 74.987013][ T5201] ? ptrace_notify+0x278/0x380 [ 74.987052][ T5201] __x64_sys_creat+0x123/0x160 [ 74.987078][ T5201] ? __x64_compat_sys_openat+0x290/0x290 [ 75.013491][ T5201] ? syscall_enter_from_user_mode+0x32/0x230 [ 75.019649][ T5201] ? syscall_enter_from_user_mode+0x8c/0x230 [ 75.025850][ T5201] do_syscall_64+0x41/0xc0 [pid 5184] mkdir("./bus", 0777) = 0 [pid 5184] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5178] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5178] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5178] close(3) = 0 [pid 5178] mkdir("./bus", 0777) = 0 [pid 5178] mount("/dev/loop2", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5028] newfstatat(AT_FDCWD, "./4/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5028] umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5028] openat(AT_FDCWD, "./4/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5028] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5028] getdents64(4, 0x555555989770 /* 2 entries */, 32768) = 48 [pid 5028] getdents64(4, 0x555555989770 /* 0 entries */, 32768) = 0 [pid 5028] close(4) = 0 [pid 5028] rmdir("./4/bus") = 0 [pid 5028] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5028] newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5028] unlink("./4/binderfs") = 0 [pid 5028] getdents64(3, 0x555555981730 /* 0 entries */, 32768) = 0 [pid 5028] close(3) = 0 [pid 5028] rmdir("./4") = 0 [pid 5028] mkdir("./5", 0777) = 0 [pid 5028] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5028] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5028] close(3) = 0 [pid 5028] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555980690) = 5202 [pid 5182] <... mount resumed>) = -1 EEXIST (File exists) [pid 5182] ioctl(4, LOOP_CLR_FD [pid 5180] <... mount resumed>) = -1 EEXIST (File exists) [ 75.030324][ T5201] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 75.033321][ T5184] BTRFS warning: duplicate device /dev/loop0 devid 1 generation 8 scanned by syz-executor340 (5184) [ 75.036673][ T5201] RIP: 0033:0x7f41770c8049 [ 75.052404][ T5201] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [pid 5180] ioctl(4, LOOP_CLR_FD [pid 5184] <... mount resumed>) = -1 EEXIST (File exists) ./strace-static-x86_64: Process 5202 attached [pid 5202] set_robust_list(0x5555559806a0, 24) = 0 [pid 5202] chdir("./5") = 0 [pid 5202] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5202] setpgid(0, 0) = 0 [pid 5202] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5202] write(3, "1000", 4) = 4 [pid 5202] close(3) = 0 [pid 5202] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5202] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5202] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, NULL, 8) = 0 [pid 5202] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5202] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4177064000 [pid 5202] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5202] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5202] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0} => {parent_tid=[5203]}, 88) = 5203 [pid 5202] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5202] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5202] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5201] <... creat resumed>) = 6 [pid 5201] futex(0x7f41771546dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 75.066353][ T5178] BTRFS warning: duplicate device /dev/loop2 devid 1 generation 8 scanned by syz-executor340 (5178) [ 75.072030][ T5201] RSP: 002b:00007f4177063208 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 75.072057][ T5201] RAX: ffffffffffffffda RBX: 00007f41771546d8 RCX: 00007f41770c8049 [ 75.072070][ T5201] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000040 [ 75.072082][ T5201] RBP: 00007f41771546d0 R08: 00007f4177062fa6 R09: 0000000000003531 [ 75.072095][ T5201] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f41771211d0 [pid 5201] futex(0x7f41771546d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5203 attached [pid 5184] ioctl(4, LOOP_CLR_FD [pid 5203] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053) = 0 [pid 5203] set_robust_list(0x7f41770849a0, 24 [pid 5178] <... mount resumed>) = -1 EEXIST (File exists) [pid 5178] ioctl(4, LOOP_CLR_FD [pid 5203] <... set_robust_list resumed>) = 0 [pid 5203] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5203] memfd_create("syzkaller", 0) = 3 [pid 5203] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f416ec64000 [pid 5176] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5176] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5175] <... futex resumed>) = 0 [pid 5176] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5175] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5176] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5175] <... futex resumed>) = 0 [pid 5176] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5175] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5176] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5176] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5175] <... futex resumed>) = 0 [pid 5176] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5175] exit_group(0 [pid 5176] <... futex resumed>) = ? [pid 5175] <... exit_group resumed>) = ? [pid 5176] +++ exited with 0 +++ [pid 5201] <... futex resumed>) = ? [pid 5201] +++ exited with 0 +++ [pid 5175] +++ exited with 0 +++ [pid 5030] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5175, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=39 /* 0.39 s */} --- [pid 5030] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5030] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5030] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5030] getdents64(3, 0x555555981730 /* 4 entries */, 32768) = 104 [ 75.072107][ T5201] R13: 00007f4177063210 R14: 0000000000000002 R15: 00007f417711c070 [ 75.072136][ T5201] [ 75.137428][ T5176] BTRFS error (device loop5: state M): unrecognized mount option '18446744073709551615017777777777777777777770177777777777777777777718446744073709551615lbZ~Ƣ8žH~אa*Oѓ< 5^Sus%e [ 75.137428][ T5176] /ĖEaofmߚtҮ~г#a C$n-SGWmxeGy|sL=~ä_;N' [pid 5030] umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5203] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5178] <... ioctl resumed>) = 0 [pid 5178] close(4) = 0 [pid 5184] <... ioctl resumed>) = 0 [pid 5178] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5177] <... futex resumed>) = 0 [pid 5177] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5184] close(4 [pid 5178] open("./file0", O_RDONLY [pid 5177] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5184] <... close resumed>) = 0 [pid 5184] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5178] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 5184] <... futex resumed>) = 1 [pid 5183] <... futex resumed>) = 0 [pid 5178] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5177] <... futex resumed>) = 0 [pid 5177] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5183] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5177] <... futex resumed>) = 0 [pid 5178] ioctl(-1, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5184] open("./file0", O_RDONLY [pid 5177] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5184] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 5183] <... futex resumed>) = 0 [pid 5178] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5178] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5177] <... futex resumed>) = 0 [pid 5184] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5178] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5177] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5178] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5183] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5178] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5177] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5183] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5183] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5183] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5184] <... futex resumed>) = 1 [pid 5183] <... futex resumed>) = 0 [pid 5178] <... openat resumed>) = 3 [pid 5184] ioctl(-1, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5178] write(3, "15", 2) = 2 [pid 5184] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5178] creat("./bus", 000 [pid 5184] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5183] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=48000000} [pid 5180] <... ioctl resumed>) = 0 [pid 5178] <... creat resumed>) = -1 EISDIR (Is a directory) [pid 5184] <... futex resumed>) = 0 [pid 5183] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5184] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5178] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5177] <... futex resumed>) = 0 [pid 5183] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5178] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5177] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5183] <... futex resumed>) = 1 [pid 5183] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5180] close(4) = 0 [pid 5180] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5179] <... futex resumed>) = 0 [pid 5179] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5179] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5180] open("./file0", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5180] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5179] <... futex resumed>) = 0 [pid 5179] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5179] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5180] ioctl(-1, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = -1 EBADF (Bad file descriptor) [pid 5180] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5179] <... futex resumed>) = 0 [pid 5184] <... futex resumed>) = 0 [pid 5178] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5184] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5179] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5179] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5180] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5184] <... openat resumed>) = 3 [pid 5178] mkdir(".", 0777 [pid 5184] write(3, "15", 2) = 2 [pid 5184] creat("./bus", 000) = -1 EISDIR (Is a directory) [pid 5180] <... openat resumed>) = 3 [pid 5180] write(3, "15", 2 [pid 5184] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5183] <... futex resumed>) = 0 [pid 5183] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5184] mkdir(".", 0777 [pid 5183] <... futex resumed>) = 0 [pid 5183] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5184] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5184] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5180] <... write resumed>) = 2 [pid 5178] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5177] <... futex resumed>) = 0 [pid 5030] <... umount2 resumed>) = 0 [pid 5177] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5180] creat("./bus", 000) = -1 EISDIR (Is a directory) [pid 5180] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5179] <... futex resumed>) = 0 [pid 5179] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5179] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5180] <... futex resumed>) = 1 [pid 5178] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5180] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 5180] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5182] <... ioctl resumed>) = 0 [pid 5182] close(4) = 0 [pid 5182] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5182] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5030] umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5181] <... futex resumed>) = 0 [pid 5181] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5181] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5182] <... futex resumed>) = 0 [pid 5182] open("./file0", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5182] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5181] <... futex resumed>) = 0 [pid 5181] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5181] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5182] ioctl(-1, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = -1 EBADF (Bad file descriptor) [pid 5182] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5181] <... futex resumed>) = 0 [pid 5181] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5181] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5182] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3 [pid 5182] write(3, "15", 2) = 2 [pid 5182] creat("./bus", 000) = -1 EISDIR (Is a directory) [pid 5182] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5181] <... futex resumed>) = 0 [pid 5181] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 75.644818][ T5184] FAULT_INJECTION: forcing a failure. [ 75.644818][ T5184] name failslab, interval 1, probability 0, space 0, times 0 [ 75.652969][ T5180] FAULT_INJECTION: forcing a failure. [ 75.652969][ T5180] name failslab, interval 1, probability 0, space 0, times 0 [ 75.659634][ T5178] FAULT_INJECTION: forcing a failure. [ 75.659634][ T5178] name fail_usercopy, interval 1, probability 0, space 0, times 0 [pid 5181] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5030] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5030] newfstatat(AT_FDCWD, "./4/bus", [pid 5182] mkdir(".", 0777) = -1 EEXIST (File exists) [ 75.698725][ T5182] FAULT_INJECTION: forcing a failure. [ 75.698725][ T5182] name failslab, interval 1, probability 0, space 0, times 0 [ 75.707904][ T5184] CPU: 1 PID: 5184 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 75.721951][ T5184] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 75.732100][ T5184] Call Trace: [ 75.735395][ T5184] [ 75.738428][ T5184] dump_stack_lvl+0x1e7/0x2d0 [ 75.743286][ T5184] ? nf_tcp_handle_invalid+0x650/0x650 [ 75.748766][ T5184] ? panic+0x770/0x770 [ 75.752944][ T5184] should_fail_ex+0x3aa/0x4e0 [ 75.757682][ T5184] should_failslab+0x9/0x20 [ 75.762451][ T5184] slab_pre_alloc_hook+0x59/0x310 [ 75.767501][ T5184] ? tomoyo_encode+0x26f/0x530 [ 75.772273][ T5184] __kmem_cache_alloc_node+0x4b/0x270 [ 75.777642][ T5184] ? arch_stack_walk+0x162/0x1a0 [ 75.782584][ T5184] ? tomoyo_encode+0x26f/0x530 [ 75.787563][ T5184] __kmalloc+0xa8/0x230 [ 75.791747][ T5184] tomoyo_encode+0x26f/0x530 [ 75.796392][ T5184] tomoyo_mount_permission+0x356/0xb80 [ 75.801917][ T5184] ? __stack_depot_save+0x20/0x650 [ 75.807658][ T5184] ? tomoyo_mount_permission+0x295/0xb80 [ 75.813403][ T5184] ? tomoyo_get_name+0x510/0x510 [ 75.818634][ T5184] security_sb_mount+0x8c/0xc0 [ 75.823591][ T5184] path_mount+0xb9/0xfa0 [ 75.827930][ T5184] ? kmem_cache_free+0x292/0x500 [ 75.832953][ T5184] ? user_path_at_empty+0x4c/0x60 [ 75.838243][ T5184] __se_sys_mount+0x2d9/0x3c0 [ 75.843555][ T5184] ? __x64_sys_mount+0xc0/0xc0 [ 75.848970][ T5184] ? syscall_enter_from_user_mode+0x32/0x230 [ 75.855080][ T5184] ? __x64_sys_mount+0x20/0xc0 [ 75.859971][ T5184] do_syscall_64+0x41/0xc0 [ 75.864555][ T5184] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 75.870549][ T5184] RIP: 0033:0x7f41770c949a [ 75.875044][ T5184] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [pid 5182] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5030] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 75.894926][ T5184] RSP: 002b:00007f4177084028 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 75.903437][ T5184] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f41770c949a [ 75.911405][ T5184] RDX: 0000000020000180 RSI: 0000000020000100 RDI: 0000000000000000 [ 75.919369][ T5184] RBP: 0000000020000180 R08: 00007f41770840c0 R09: 0000000000000000 [ 75.927592][ T5184] R10: 0000000001a404bc R11: 0000000000000286 R12: 0000000000000000 [ 75.935735][ T5184] R13: 0000000020000100 R14: 0000000000000000 R15: 00007f41770840c0 [ 75.944025][ T5184] [pid 5030] umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5030] openat(AT_FDCWD, "./4/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5030] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5030] getdents64(4, 0x555555989770 /* 2 entries */, 32768) = 48 [pid 5030] getdents64(4, 0x555555989770 /* 0 entries */, 32768) = 0 [pid 5030] close(4) = 0 [pid 5030] rmdir("./4/bus") = 0 [pid 5030] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5030] newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5030] unlink("./4/binderfs") = 0 [pid 5030] getdents64(3, 0x555555981730 /* 0 entries */, 32768) = 0 [pid 5030] close(3) = 0 [pid 5030] rmdir("./4") = 0 [pid 5030] mkdir("./5", 0777) = 0 [pid 5030] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5030] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5030] close(3) = 0 [pid 5030] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555980690) = 5204 [pid 5184] <... mount resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 5184] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 75.948031][ T5180] CPU: 0 PID: 5180 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 75.958659][ T5180] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 75.968750][ T5180] Call Trace: [ 75.972096][ T5180] [ 75.975058][ T5180] dump_stack_lvl+0x1e7/0x2d0 [ 75.979769][ T5180] ? nf_tcp_handle_invalid+0x650/0x650 [ 75.985449][ T5180] ? panic+0x770/0x770 [ 75.989653][ T5180] should_fail_ex+0x3aa/0x4e0 [ 75.994375][ T5180] should_failslab+0x9/0x20 [ 75.998897][ T5180] slab_pre_alloc_hook+0x59/0x310 [ 76.004134][ T5180] ? tomoyo_encode+0x26f/0x530 [ 76.009355][ T5180] __kmem_cache_alloc_node+0x4b/0x270 [ 76.015108][ T5180] ? arch_stack_walk+0x162/0x1a0 [ 76.020335][ T5180] ? tomoyo_encode+0x26f/0x530 [ 76.025128][ T5180] __kmalloc+0xa8/0x230 [ 76.029319][ T5180] tomoyo_encode+0x26f/0x530 [ 76.034033][ T5180] tomoyo_mount_permission+0x356/0xb80 [ 76.039520][ T5180] ? __stack_depot_save+0x20/0x650 [ 76.044740][ T5180] ? tomoyo_mount_permission+0x295/0xb80 [pid 5184] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5183] <... futex resumed>) = 0 [pid 5183] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5183] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5184] <... futex resumed>) = 0 [pid 5184] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0) = -1 EBADF (Bad file descriptor) [pid 5184] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5183] <... futex resumed>) = 0 [pid 5183] exit_group(0) = ? [pid 5184] +++ exited with 0 +++ [pid 5183] +++ exited with 0 +++ [pid 5025] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5183, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=32 /* 0.32 s */} --- [pid 5025] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5025] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5025] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5025] getdents64(3, 0x555555981730 /* 4 entries */, 32768) = 104 [pid 5025] umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5025] newfstatat(AT_FDCWD, "./4/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5025] umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5025] openat(AT_FDCWD, "./4/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 76.050487][ T5180] ? tomoyo_get_name+0x510/0x510 [ 76.055506][ T5180] security_sb_mount+0x8c/0xc0 [ 76.060472][ T5180] path_mount+0xb9/0xfa0 [ 76.064738][ T5180] ? kmem_cache_free+0x292/0x500 [ 76.069782][ T5180] ? user_path_at_empty+0x4c/0x60 [ 76.074836][ T5180] __se_sys_mount+0x2d9/0x3c0 [ 76.079544][ T5180] ? __x64_sys_mount+0xc0/0xc0 [ 76.084514][ T5180] ? syscall_enter_from_user_mode+0x32/0x230 [ 76.090550][ T5180] ? __x64_sys_mount+0x20/0xc0 [ 76.095353][ T5180] do_syscall_64+0x41/0xc0 [pid 5025] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5025] getdents64(4, 0x555555989770 /* 2 entries */, 32768) = 48 [pid 5025] getdents64(4, 0x555555989770 /* 0 entries */, 32768) = 0 [pid 5025] close(4) = 0 [pid 5025] rmdir("./4/bus") = 0 [pid 5025] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5025] newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5025] unlink("./4/binderfs") = 0 [ 76.099816][ T5180] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 76.105886][ T5180] RIP: 0033:0x7f41770c949a [ 76.110323][ T5180] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 76.130036][ T5180] RSP: 002b:00007f4177084028 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 76.138566][ T5180] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f41770c949a [pid 5025] getdents64(3, 0x555555981730 /* 0 entries */, 32768) = 0 [pid 5025] close(3) = 0 [pid 5025] rmdir("./4") = 0 [pid 5025] mkdir("./5", 0777) = 0 [pid 5025] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5025] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5025] close(3) = 0 [pid 5025] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555980690) = 5205 [ 76.146562][ T5180] RDX: 0000000020000180 RSI: 0000000020000100 RDI: 0000000000000000 [ 76.154561][ T5180] RBP: 0000000020000180 R08: 00007f41770840c0 R09: 0000000000000000 [ 76.162652][ T5180] R10: 0000000001a404bc R11: 0000000000000286 R12: 0000000000000000 [ 76.170758][ T5180] R13: 0000000020000100 R14: 0000000000000000 R15: 00007f41770840c0 [ 76.178772][ T5180] [ 76.185609][ T5182] CPU: 1 PID: 5182 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 76.196066][ T5182] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 76.206277][ T5182] Call Trace: [ 76.209572][ T5182] [ 76.212509][ T5182] dump_stack_lvl+0x1e7/0x2d0 [ 76.217223][ T5182] ? nf_tcp_handle_invalid+0x650/0x650 [ 76.222708][ T5182] ? panic+0x770/0x770 [ 76.226963][ T5182] should_fail_ex+0x3aa/0x4e0 [ 76.231649][ T5182] should_failslab+0x9/0x20 [ 76.236250][ T5182] slab_pre_alloc_hook+0x59/0x310 [ 76.241284][ T5182] ? tomoyo_encode+0x26f/0x530 [ 76.246239][ T5182] __kmem_cache_alloc_node+0x4b/0x270 [ 76.251718][ T5182] ? arch_stack_walk+0x162/0x1a0 [ 76.256668][ T5182] ? tomoyo_encode+0x26f/0x530 [ 76.261528][ T5182] __kmalloc+0xa8/0x230 [ 76.265708][ T5182] tomoyo_encode+0x26f/0x530 [ 76.270311][ T5182] tomoyo_mount_permission+0x356/0xb80 [ 76.275790][ T5182] ? __stack_depot_save+0x20/0x650 [ 76.281006][ T5182] ? tomoyo_mount_permission+0x295/0xb80 [ 76.286660][ T5182] ? tomoyo_get_name+0x510/0x510 [ 76.291659][ T5182] security_sb_mount+0x8c/0xc0 [ 76.296443][ T5182] path_mount+0xb9/0xfa0 [ 76.300688][ T5182] ? kmem_cache_free+0x292/0x500 [ 76.305620][ T5182] ? user_path_at_empty+0x4c/0x60 [ 76.310651][ T5182] __se_sys_mount+0x2d9/0x3c0 [ 76.315415][ T5182] ? __x64_sys_mount+0xc0/0xc0 [ 76.320520][ T5182] ? syscall_enter_from_user_mode+0x32/0x230 [ 76.326588][ T5182] ? __x64_sys_mount+0x20/0xc0 [ 76.331384][ T5182] do_syscall_64+0x41/0xc0 [ 76.335818][ T5182] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 76.341720][ T5182] RIP: 0033:0x7f41770c949a [ 76.346155][ T5182] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 76.365981][ T5182] RSP: 002b:00007f4177084028 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 76.374682][ T5182] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f41770c949a [ 76.382745][ T5182] RDX: 0000000020000180 RSI: 0000000020000100 RDI: 0000000000000000 [ 76.390713][ T5182] RBP: 0000000020000180 R08: 00007f41770840c0 R09: 0000000000000000 ./strace-static-x86_64: Process 5205 attached ./strace-static-x86_64: Process 5204 attached [pid 5205] set_robust_list(0x5555559806a0, 24 [pid 5204] set_robust_list(0x5555559806a0, 24 [pid 5205] <... set_robust_list resumed>) = 0 [pid 5204] <... set_robust_list resumed>) = 0 [ 76.398763][ T5182] R10: 0000000001a404bc R11: 0000000000000286 R12: 0000000000000000 [ 76.406732][ T5182] R13: 0000000020000100 R14: 0000000000000000 R15: 00007f41770840c0 [ 76.414708][ T5182] [ 76.417845][ T5178] CPU: 0 PID: 5178 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 76.428383][ T5178] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 76.438475][ T5178] Call Trace: [ 76.441784][ T5178] [ 76.444742][ T5178] dump_stack_lvl+0x1e7/0x2d0 [ 76.449463][ T5178] ? nf_tcp_handle_invalid+0x650/0x650 [ 76.454999][ T5178] ? panic+0x770/0x770 [ 76.459096][ T5178] should_fail_ex+0x3aa/0x4e0 [ 76.463805][ T5178] strncpy_from_user+0x36/0x2e0 [ 76.468962][ T5178] getname_flags+0xf9/0x4f0 [ 76.473594][ T5178] user_path_at_empty+0x2c/0x60 [ 76.478540][ T5178] __se_sys_mount+0x29a/0x3c0 [ 76.483568][ T5178] ? __x64_sys_mount+0xc0/0xc0 [ 76.488367][ T5178] ? syscall_enter_from_user_mode+0x32/0x230 [ 76.494784][ T5178] ? __x64_sys_mount+0x20/0xc0 [ 76.499654][ T5178] do_syscall_64+0x41/0xc0 [ 76.504089][ T5178] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 76.509993][ T5178] RIP: 0033:0x7f41770c949a [ 76.514424][ T5178] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 76.535335][ T5178] RSP: 002b:00007f4177084028 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 76.543744][ T5178] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f41770c949a [pid 5205] chdir("./5" [pid 5204] chdir("./5" [pid 5203] <... write resumed>) = 16777216 [pid 5182] <... mount resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 5180] <... mount resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 5178] <... mount resumed>) = -1 EFAULT (Bad address) [pid 5203] munmap(0x7f416ec64000, 138412032 [pid 5178] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5177] <... futex resumed>) = 0 [pid 5178] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5177] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5178] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5177] <... futex resumed>) = 0 [pid 5178] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5177] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5178] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5178] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5177] <... futex resumed>) = 0 [pid 5178] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5177] exit_group(0 [pid 5178] <... futex resumed>) = ? [pid 5177] <... exit_group resumed>) = ? [pid 5178] +++ exited with 0 +++ [pid 5177] +++ exited with 0 +++ [pid 5205] <... chdir resumed>) = 0 [pid 5205] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5027] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5177, si_uid=0, si_status=0, si_utime=0, si_stime=57 /* 0.57 s */} --- [pid 5205] <... prctl resumed>) = 0 [pid 5205] setpgid(0, 0) = 0 [pid 5205] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5027] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5205] <... openat resumed>) = 3 [pid 5205] write(3, "1000", 4) = 4 [pid 5203] <... munmap resumed>) = 0 [pid 5205] close(3 [pid 5027] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5205] <... close resumed>) = 0 [pid 5205] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5205] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5027] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5203] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5205] <... futex resumed>) = 0 [pid 5205] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, [pid 5027] <... openat resumed>) = 3 [pid 5205] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5203] <... openat resumed>) = 4 [pid 5027] newfstatat(3, "", [pid 5205] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5205] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4177064000 [pid 5205] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5027] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5205] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5205] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0}./strace-static-x86_64: Process 5206 attached [pid 5206] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053 [pid 5205] <... clone3 resumed> => {parent_tid=[5206]}, 88) = 5206 [ 76.551966][ T5178] RDX: 0000000020000180 RSI: 0000000020000100 RDI: 0000000000000000 [ 76.560015][ T5178] RBP: 0000000020000180 R08: 00007f41770840c0 R09: 0000000000000000 [ 76.568266][ T5178] R10: 0000000001a404bc R11: 0000000000000286 R12: 0000000000000000 [ 76.576252][ T5178] R13: 0000000020000100 R14: 0000000000000000 R15: 00007f41770840c0 [ 76.584345][ T5178] [pid 5206] <... rseq resumed>) = 0 [pid 5205] rt_sigprocmask(SIG_SETMASK, [], [pid 5206] set_robust_list(0x7f41770849a0, 24 [pid 5205] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5206] <... set_robust_list resumed>) = 0 [pid 5205] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5203] ioctl(4, LOOP_SET_FD, 3 [pid 5027] getdents64(3, [pid 5182] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5180] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5206] rt_sigprocmask(SIG_SETMASK, [], [pid 5205] <... futex resumed>) = 0 [pid 5206] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5205] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5206] memfd_create("syzkaller", 0) = 3 [pid 5206] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f416ec64000 [pid 5180] <... futex resumed>) = 1 [pid 5182] <... futex resumed>) = 1 [pid 5181] <... futex resumed>) = 0 [pid 5179] <... futex resumed>) = 0 [pid 5204] <... chdir resumed>) = 0 [pid 5203] <... ioctl resumed>) = 0 [pid 5182] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5181] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5180] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5179] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5027] <... getdents64 resumed>0x555555981730 /* 4 entries */, 32768) = 104 [pid 5204] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5203] close(3 [pid 5182] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5181] <... futex resumed>) = 0 [pid 5180] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5179] <... futex resumed>) = 0 [pid 5027] umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5204] <... prctl resumed>) = 0 [pid 5203] <... close resumed>) = 0 [pid 5182] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5181] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5180] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5179] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5027] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5204] setpgid(0, 0 [pid 5203] mkdir("./bus", 0777 [pid 5182] <... futex resumed>) = 0 [pid 5181] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5180] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5027] newfstatat(AT_FDCWD, "./4/bus", [pid 5204] <... setpgid resumed>) = 0 [pid 5203] <... mkdir resumed>) = 0 [pid 5182] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5181] exit_group(0 [pid 5180] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5027] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5203] mount("/dev/loop3", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5182] <... futex resumed>) = ? [pid 5181] <... exit_group resumed>) = ? [pid 5180] <... futex resumed>) = 1 [pid 5179] <... futex resumed>) = 0 [pid 5027] umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5204] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5182] +++ exited with 0 +++ [pid 5181] +++ exited with 0 +++ [pid 5180] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5179] exit_group(0 [pid 5180] <... futex resumed>) = ? [pid 5179] <... exit_group resumed>) = ? [pid 5029] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5181, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=41 /* 0.41 s */} --- [pid 5180] +++ exited with 0 +++ [pid 5179] +++ exited with 0 +++ [pid 5026] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5179, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=37 /* 0.37 s */} --- [pid 5029] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5027] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5029] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5027] openat(AT_FDCWD, "./4/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5029] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5027] <... openat resumed>) = 4 [pid 5029] <... openat resumed>) = 3 [pid 5027] newfstatat(4, "", [pid 5029] newfstatat(3, "", [pid 5027] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5026] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5029] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5027] getdents64(4, [pid 5026] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5204] <... openat resumed>) = 3 [pid 5029] getdents64(3, [pid 5027] <... getdents64 resumed>0x555555989770 /* 2 entries */, 32768) = 48 [pid 5026] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5204] write(3, "1000", 4 [pid 5029] <... getdents64 resumed>0x555555981730 /* 4 entries */, 32768) = 104 [pid 5027] getdents64(4, [pid 5026] <... openat resumed>) = 3 [pid 5204] <... write resumed>) = 4 [pid 5029] umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5027] <... getdents64 resumed>0x555555989770 /* 0 entries */, 32768) = 0 [pid 5026] newfstatat(3, "", [pid 5204] close(3 [pid 5029] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5027] close(4 [pid 5026] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5204] <... close resumed>) = 0 [pid 5029] newfstatat(AT_FDCWD, "./5/bus", [pid 5027] <... close resumed>) = 0 [pid 5026] getdents64(3, [pid 5204] symlink("/dev/binderfs", "./binderfs" [pid 5029] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5027] rmdir("./4/bus" [pid 5026] <... getdents64 resumed>0x555555981730 /* 4 entries */, 32768) = 104 [pid 5204] <... symlink resumed>) = 0 [pid 5029] umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5027] <... rmdir resumed>) = 0 [pid 5026] umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5204] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5029] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5027] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5026] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5204] <... futex resumed>) = 0 [pid 5029] openat(AT_FDCWD, "./5/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5027] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5026] newfstatat(AT_FDCWD, "./5/bus", [pid 5204] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, [pid 5029] <... openat resumed>) = 4 [pid 5027] newfstatat(AT_FDCWD, "./4/binderfs", [pid 5026] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5204] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5029] newfstatat(4, "", [pid 5027] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5026] umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5204] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5029] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 76.606345][ T5203] loop3: detected capacity change from 0 to 32768 [ 76.629906][ T5203] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop3 scanned by syz-executor340 (5203) [pid 5027] unlink("./4/binderfs" [pid 5026] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5204] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5029] getdents64(4, [pid 5027] <... unlink resumed>) = 0 [pid 5026] openat(AT_FDCWD, "./5/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5204] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5029] <... getdents64 resumed>0x555555989770 /* 2 entries */, 32768) = 48 [pid 5027] getdents64(3, [pid 5026] <... openat resumed>) = 4 [pid 5204] <... mmap resumed>) = 0x7f4177064000 [pid 5029] getdents64(4, [pid 5027] <... getdents64 resumed>0x555555981730 /* 0 entries */, 32768) = 0 [pid 5026] newfstatat(4, "", [pid 5204] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE [pid 5029] <... getdents64 resumed>0x555555989770 /* 0 entries */, 32768) = 0 [pid 5027] close(3 [pid 5026] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5204] <... mprotect resumed>) = 0 [pid 5029] close(4 [pid 5027] <... close resumed>) = 0 [pid 5026] getdents64(4, [pid 5204] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5029] <... close resumed>) = 0 [pid 5027] rmdir("./4" [pid 5026] <... getdents64 resumed>0x555555989770 /* 2 entries */, 32768) = 48 [pid 5204] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5029] rmdir("./5/bus" [pid 5027] <... rmdir resumed>) = 0 [pid 5026] getdents64(4, [pid 5204] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0} [pid 5029] <... rmdir resumed>) = 0 [pid 5026] <... getdents64 resumed>0x555555989770 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 5207 attached [pid 5029] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5026] close(4 [pid 5204] <... clone3 resumed> => {parent_tid=[5207]}, 88) = 5207 [pid 5029] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5027] mkdir("./5", 0777 [pid 5026] <... close resumed>) = 0 [pid 5204] rt_sigprocmask(SIG_SETMASK, [], [pid 5029] newfstatat(AT_FDCWD, "./5/binderfs", [pid 5026] rmdir("./5/bus" [pid 5204] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5029] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5027] <... mkdir resumed>) = 0 [pid 5026] <... rmdir resumed>) = 0 [pid 5204] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5029] unlink("./5/binderfs" [pid 5026] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5029] <... unlink resumed>) = 0 [pid 5026] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5204] <... futex resumed>) = 0 [pid 5026] newfstatat(AT_FDCWD, "./5/binderfs", [pid 5204] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5029] getdents64(3, [pid 5027] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5026] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5029] <... getdents64 resumed>0x555555981730 /* 0 entries */, 32768) = 0 [pid 5026] unlink("./5/binderfs" [pid 5207] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053 [pid 5027] <... openat resumed>) = 3 [pid 5026] <... unlink resumed>) = 0 [pid 5027] ioctl(3, LOOP_CLR_FD [pid 5026] getdents64(3, [pid 5027] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5026] <... getdents64 resumed>0x555555981730 /* 0 entries */, 32768) = 0 [pid 5027] close(3 [pid 5026] close(3 [pid 5207] <... rseq resumed>) = 0 [pid 5206] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5029] close(3 [pid 5027] <... close resumed>) = 0 [pid 5026] <... close resumed>) = 0 [pid 5026] rmdir("./5" [pid 5027] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5026] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 5208 attached [pid 5208] set_robust_list(0x5555559806a0, 24) = 0 [pid 5026] mkdir("./6", 0777 [pid 5208] chdir("./5") = 0 [pid 5027] <... clone resumed>, child_tidptr=0x555555980690) = 5208 [pid 5026] <... mkdir resumed>) = 0 [pid 5208] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5208] setpgid(0, 0) = 0 [pid 5208] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5026] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5026] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5026] close(3 [pid 5208] <... openat resumed>) = 3 [pid 5207] set_robust_list(0x7f41770849a0, 24 [pid 5029] <... close resumed>) = 0 [pid 5026] <... close resumed>) = 0 [pid 5026] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5208] write(3, "1000", 4) = 4 [pid 5208] close(3) = 0 [pid 5208] symlink("/dev/binderfs", "./binderfs" [pid 5026] <... clone resumed>, child_tidptr=0x555555980690) = 5209 [pid 5208] <... symlink resumed>) = 0 [pid 5208] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5208] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, NULL, 8) = 0 [pid 5208] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5208] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4177064000 [pid 5208] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5208] rt_sigprocmask(SIG_BLOCK, ~[], ./strace-static-x86_64: Process 5209 attached [pid 5207] <... set_robust_list resumed>) = 0 [pid 5029] rmdir("./5" [pid 5207] rt_sigprocmask(SIG_SETMASK, [], [pid 5209] set_robust_list(0x5555559806a0, 24 [pid 5029] <... rmdir resumed>) = 0 [pid 5207] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5209] <... set_robust_list resumed>) = 0 [pid 5209] chdir("./6" [pid 5208] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5207] memfd_create("syzkaller", 0 [pid 5209] <... chdir resumed>) = 0 [pid 5207] <... memfd_create resumed>) = 3 [pid 5208] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0} => {parent_tid=[5210]}, 88) = 5210 [pid 5208] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 76.700004][ T5203] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 76.716405][ T5203] BTRFS info (device loop3): doing ref verification ./strace-static-x86_64: Process 5210 attached [pid 5208] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5210] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053 [pid 5209] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5208] <... futex resumed>) = 0 [pid 5207] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5210] <... rseq resumed>) = 0 [pid 5209] <... prctl resumed>) = 0 [pid 5208] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5210] set_robust_list(0x7f41770849a0, 24 [pid 5209] setpgid(0, 0 [pid 5207] <... mmap resumed>) = 0x7f416ec64000 [pid 5210] <... set_robust_list resumed>) = 0 [pid 5209] <... setpgid resumed>) = 0 [pid 5210] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5210] memfd_create("syzkaller", 0) = 3 [pid 5209] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5210] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f416ec64000 [pid 5209] <... openat resumed>) = 3 [pid 5029] mkdir("./6", 0777 [pid 5209] write(3, "1000", 4) = 4 [pid 5029] <... mkdir resumed>) = 0 [pid 5209] close(3 [pid 5029] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5209] <... close resumed>) = 0 [pid 5209] symlink("/dev/binderfs", "./binderfs" [pid 5029] <... openat resumed>) = 3 [pid 5209] <... symlink resumed>) = 0 [pid 5029] ioctl(3, LOOP_CLR_FD [pid 5209] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5029] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5209] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, [pid 5029] close(3 [pid 5209] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5029] <... close resumed>) = 0 [pid 5209] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5029] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5209] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 76.792065][ T5203] BTRFS warning (device loop3): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 76.832145][ T5203] BTRFS info (device loop3): force zlib compression, level 3 [pid 5209] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5029] <... clone resumed>, child_tidptr=0x555555980690) = 5211 ./strace-static-x86_64: Process 5211 attached [pid 5209] <... mmap resumed>) = 0x7f4177064000 [pid 5211] set_robust_list(0x5555559806a0, 24 [pid 5209] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE [pid 5211] <... set_robust_list resumed>) = 0 [pid 5209] <... mprotect resumed>) = 0 [pid 5211] chdir("./6" [pid 5209] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5211] <... chdir resumed>) = 0 [pid 5209] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5211] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5209] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0}./strace-static-x86_64: Process 5212 attached [pid 5211] <... prctl resumed>) = 0 [pid 5212] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053 [pid 5211] setpgid(0, 0 [pid 5209] <... clone3 resumed> => {parent_tid=[5212]}, 88) = 5212 [pid 5212] <... rseq resumed>) = 0 [pid 5211] <... setpgid resumed>) = 0 [pid 5209] rt_sigprocmask(SIG_SETMASK, [], [pid 5212] set_robust_list(0x7f41770849a0, 24 [pid 5209] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5212] <... set_robust_list resumed>) = 0 [pid 5211] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5209] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5212] rt_sigprocmask(SIG_SETMASK, [], [pid 5211] <... openat resumed>) = 3 [pid 5209] <... futex resumed>) = 0 [pid 5212] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5211] write(3, "1000", 4 [pid 5209] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5212] memfd_create("syzkaller", 0) = 3 [pid 5212] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5211] <... write resumed>) = 4 [pid 5212] <... mmap resumed>) = 0x7f416ec64000 [pid 5211] close(3) = 0 [pid 5211] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5211] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5211] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, NULL, 8) = 0 [pid 5211] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5211] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4177064000 [pid 5211] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5211] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 76.841229][ T5203] BTRFS info (device loop3): allowing degraded mounts [ 76.862443][ T5203] BTRFS info (device loop3): using free space tree [pid 5211] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0}./strace-static-x86_64: Process 5218 attached => {parent_tid=[5218]}, 88) = 5218 [pid 5218] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053 [pid 5211] rt_sigprocmask(SIG_SETMASK, [], [pid 5218] <... rseq resumed>) = 0 [pid 5211] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5218] set_robust_list(0x7f41770849a0, 24 [pid 5211] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5218] <... set_robust_list resumed>) = 0 [pid 5211] <... futex resumed>) = 0 [pid 5218] rt_sigprocmask(SIG_SETMASK, [], [pid 5211] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5218] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5218] memfd_create("syzkaller", 0) = 3 [pid 5218] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f416ec64000 [pid 5218] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 77.061078][ T5203] BTRFS info (device loop3): auto enabling async discard [pid 5207] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5203] <... mount resumed>) = 0 [pid 5203] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5203] chdir("./bus") = 0 [pid 5203] ioctl(4, LOOP_CLR_FD) = 0 [pid 5203] close(4) = 0 [pid 5203] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5202] <... futex resumed>) = 0 [pid 5203] open("./file0", O_RDONLY [pid 5202] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5203] <... open resumed>) = 4 [pid 5202] <... futex resumed>) = 0 [pid 5203] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5202] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5203] <... futex resumed>) = 0 [pid 5202] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5203] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5202] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5202] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5203] <... ioctl resumed>) = 0 [pid 5203] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5202] <... futex resumed>) = 0 [pid 5203] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5202] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5203] <... openat resumed>) = 5 [pid 5202] <... futex resumed>) = 0 [pid 5203] write(5, "15", 2 [pid 5202] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5203] <... write resumed>) = 2 [pid 5203] creat("./bus", 000 [pid 5202] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5202] futex(0x7f41771546dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5202] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4177043000 [pid 5202] mprotect(0x7f4177044000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5202] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5202] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177063990, parent_tid=0x7f4177063990, exit_signal=0, stack=0x7f4177043000, stack_size=0x20300, tls=0x7f41770636c0}./strace-static-x86_64: Process 5229 attached [pid 5229] rseq(0x7f4177063fe0, 0x20, 0, 0x53053053 [pid 5202] <... clone3 resumed> => {parent_tid=[5229]}, 88) = 5229 [pid 5229] <... rseq resumed>) = 0 [pid 5202] rt_sigprocmask(SIG_SETMASK, [], [pid 5229] set_robust_list(0x7f41770639a0, 24 [pid 5202] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5229] <... set_robust_list resumed>) = 0 [pid 5202] futex(0x7f41771546d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5229] rt_sigprocmask(SIG_SETMASK, [], [pid 5210] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5202] <... futex resumed>) = 0 [pid 5229] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5202] futex(0x7f41771546dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5229] mkdir(".", 0777) = -1 EEXIST (File exists) [ 77.298792][ T5203] FAULT_INJECTION: forcing a failure. [ 77.298792][ T5203] name failslab, interval 1, probability 0, space 0, times 0 [ 77.326939][ T1264] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [ 77.363426][ T5203] CPU: 1 PID: 5203 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 77.373997][ T5203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 77.384080][ T5203] Call Trace: [ 77.387406][ T5203] [ 77.390374][ T5203] dump_stack_lvl+0x1e7/0x2d0 [ 77.395094][ T5203] ? nf_tcp_handle_invalid+0x650/0x650 [ 77.400604][ T5203] ? panic+0x770/0x770 [ 77.404794][ T5203] should_fail_ex+0x3aa/0x4e0 [ 77.409499][ T5203] should_failslab+0x9/0x20 [ 77.414019][ T5203] slab_pre_alloc_hook+0x59/0x310 [ 77.419067][ T5203] ? btrfs_record_root_in_trans+0x16e/0x180 [ 77.425955][ T5203] kmem_cache_alloc+0x52/0x300 [ 77.431026][ T5203] ? btrfs_create_new_inode+0x251/0x2710 [ 77.436787][ T5203] btrfs_create_new_inode+0x251/0x2710 [ 77.442605][ T5203] ? __mutex_unlock_slowpath+0x21c/0x750 [ 77.448512][ T5203] ? btrfs_new_inode_args_destroy+0x160/0x160 [ 77.454674][ T5203] btrfs_create_common+0x1f9/0x300 [ 77.459928][ T5203] ? btrfs_tmpfile+0x4e0/0x4e0 [ 77.464898][ T5203] ? do_raw_spin_unlock+0x13b/0x8b0 [ 77.470163][ T5203] ? btrfs_create+0x75/0x140 [ 77.477480][ T5203] ? btrfs_lookup+0x40/0x40 [ 77.483210][ T5203] path_openat+0x13e7/0x3180 [ 77.488038][ T5203] ? do_filp_open+0x490/0x490 [ 77.492828][ T5203] do_filp_open+0x234/0x490 [ 77.497882][ T5203] ? vfs_tmpfile+0x4b0/0x4b0 [ 77.502675][ T5203] ? _raw_spin_unlock+0x28/0x40 [ 77.507884][ T5203] ? alloc_fd+0x59c/0x640 [ 77.512407][ T5203] do_sys_openat2+0x13e/0x1d0 [ 77.517106][ T5203] ? do_sys_open+0x230/0x230 [ 77.521812][ T5203] ? _raw_spin_unlock_irq+0x2e/0x50 [ 77.527238][ T5203] ? ptrace_notify+0x278/0x380 [ 77.532364][ T5203] __x64_sys_creat+0x123/0x160 [ 77.537223][ T5203] ? __x64_compat_sys_openat+0x290/0x290 [ 77.543032][ T5203] ? syscall_enter_from_user_mode+0x32/0x230 [ 77.549102][ T5203] ? syscall_enter_from_user_mode+0x8c/0x230 [ 77.555107][ T5203] do_syscall_64+0x41/0xc0 [ 77.559542][ T5203] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 77.565466][ T5203] RIP: 0033:0x7f41770c8049 [ 77.570081][ T5203] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 77.591445][ T5203] RSP: 002b:00007f4177084208 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 77.599870][ T5203] RAX: ffffffffffffffda RBX: 00007f41771546c8 RCX: 00007f41770c8049 [ 77.608010][ T5203] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000040 [ 77.615994][ T5203] RBP: 00007f41771546c0 R08: 00007f4177083fa6 R09: 0000000000003531 [ 77.623961][ T5203] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f41771211d0 [ 77.631927][ T5203] R13: 00007f4177084210 R14: 0000000000000002 R15: 00007f417711c070 [ 77.640013][ T5203] [pid 5229] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5206] <... write resumed>) = 16777216 [pid 5218] <... write resumed>) = 16777216 [pid 5212] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5206] munmap(0x7f416ec64000, 138412032 [pid 5203] <... creat resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 5218] munmap(0x7f416ec64000, 138412032) = 0 [ 77.717779][ T5229] BTRFS error (device loop3: state M): unrecognized mount option '18446744073709551615017777777777777777777770177777777777777777777718446744073709551615lbZ~Ƣ8žH~אa*Oѓ< 5^Sus%e [ 77.717779][ T5229] /ĖEaofmߚtҮ~г#a C$n-SGWmxeGy|sL=~ä_;N' [pid 5218] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5206] <... munmap resumed>) = 0 [pid 5203] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5203] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5218] <... openat resumed>) = 4 [pid 5218] ioctl(4, LOOP_SET_FD, 3 [pid 5206] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5206] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5218] <... ioctl resumed>) = 0 [pid 5218] close(3) = 0 [pid 5206] close(3) = 0 [pid 5206] mkdir("./bus", 0777) = 0 [pid 5206] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5218] mkdir("./bus", 0777 [pid 5229] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5218] <... mkdir resumed>) = 0 [pid 5229] futex(0x7f41771546dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5202] <... futex resumed>) = 0 [pid 5229] futex(0x7f41771546d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5202] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5203] <... futex resumed>) = 0 [pid 5202] <... futex resumed>) = 1 [pid 5203] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5202] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5203] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5203] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5202] <... futex resumed>) = 0 [pid 5203] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5202] exit_group(0 [pid 5229] <... futex resumed>) = ? [pid 5203] <... futex resumed>) = ? [pid 5202] <... exit_group resumed>) = ? [pid 5229] +++ exited with 0 +++ [pid 5203] +++ exited with 0 +++ [pid 5202] +++ exited with 0 +++ [pid 5028] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5202, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=34 /* 0.34 s */} --- [pid 5028] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5028] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5028] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5028] getdents64(3, 0x555555981730 /* 4 entries */, 32768) = 104 [pid 5028] umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW [ 77.804587][ T5218] loop4: detected capacity change from 0 to 32768 [ 77.815061][ T5206] loop0: detected capacity change from 0 to 32768 [ 77.839079][ T5206] BTRFS warning: duplicate device /dev/loop0 devid 1 generation 8 scanned by syz-executor340 (5206) [pid 5218] mount("/dev/loop4", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5206] <... mount resumed>) = -1 EEXIST (File exists) [pid 5206] ioctl(4, LOOP_CLR_FD [pid 5207] <... write resumed>) = 16777216 [pid 5218] <... mount resumed>) = -1 EEXIST (File exists) [pid 5207] munmap(0x7f416ec64000, 138412032 [ 77.893654][ T5218] BTRFS warning: duplicate device /dev/loop4 devid 1 generation 8 scanned by syz-executor340 (5218) [pid 5218] ioctl(4, LOOP_CLR_FD [pid 5207] <... munmap resumed>) = 0 [pid 5207] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 5207] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5207] close(3) = 0 [pid 5207] mkdir("./bus", 0777) = 0 [ 78.014116][ T5207] loop5: detected capacity change from 0 to 32768 [ 78.059924][ T5207] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop5 scanned by syz-executor340 (5207) [ 78.138349][ T5207] BTRFS info (device loop5): using crc32c (crc32c-intel) checksum algorithm [ 78.173373][ T5207] BTRFS info (device loop5): doing ref verification [pid 5207] mount("/dev/loop5", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5210] <... write resumed>) = 16777216 [ 78.181541][ T5207] BTRFS warning (device loop5): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 5210] munmap(0x7f416ec64000, 138412032) = 0 [pid 5210] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 78.252729][ T5207] BTRFS info (device loop5): force zlib compression, level 3 [ 78.259675][ T5210] loop2: detected capacity change from 0 to 32768 [ 78.292125][ T5207] BTRFS info (device loop5): allowing degraded mounts [pid 5210] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5210] close(3) = 0 [pid 5210] mkdir("./bus", 0777) = 0 [pid 5210] mount("/dev/loop2", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5206] <... ioctl resumed>) = 0 [pid 5206] close(4) = 0 [pid 5206] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 78.298955][ T5207] BTRFS info (device loop5): using free space tree [ 78.316780][ T5210] BTRFS warning: duplicate device /dev/loop2 devid 1 generation 8 scanned by syz-executor340 (5210) [pid 5206] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5212] <... write resumed>) = 16777216 [pid 5205] <... futex resumed>) = 0 [pid 5205] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5206] <... futex resumed>) = 0 [pid 5205] <... futex resumed>) = 1 [pid 5206] open("./file0", O_RDONLY [pid 5205] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5210] <... mount resumed>) = -1 EEXIST (File exists) [pid 5206] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 5210] ioctl(4, LOOP_CLR_FD [pid 5206] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5205] <... futex resumed>) = 0 [pid 5206] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5205] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5206] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5205] <... futex resumed>) = 0 [pid 5206] ioctl(-1, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = -1 EBADF (Bad file descriptor) [pid 5205] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5206] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5205] <... futex resumed>) = 0 [pid 5205] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5206] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5205] <... futex resumed>) = 0 [pid 5212] munmap(0x7f416ec64000, 138412032) = 0 [pid 5206] <... openat resumed>) = 3 [pid 5205] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5212] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5212] ioctl(4, LOOP_SET_FD, 3 [pid 5206] write(3, "15", 2) = 2 [pid 5206] creat("./bus", 000) = -1 EISDIR (Is a directory) [pid 5206] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5212] <... ioctl resumed>) = 0 [pid 5206] <... futex resumed>) = 1 [pid 5205] <... futex resumed>) = 0 [pid 5212] close(3 [pid 5205] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5218] <... ioctl resumed>) = 0 [pid 5212] <... close resumed>) = 0 [pid 5206] mkdir(".", 0777 [pid 5205] <... futex resumed>) = 0 [pid 5218] close(4 [pid 5212] mkdir("./bus", 0777) = 0 [pid 5218] <... close resumed>) = 0 [pid 5206] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5205] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5218] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5206] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5218] <... futex resumed>) = 1 [pid 5211] <... futex resumed>) = 0 [ 78.405804][ T5212] loop1: detected capacity change from 0 to 32768 [ 78.437227][ T5206] FAULT_INJECTION: forcing a failure. [ 78.437227][ T5206] name failslab, interval 1, probability 0, space 0, times 0 [pid 5212] mount("/dev/loop1", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5218] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5211] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5218] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5211] <... futex resumed>) = 0 [pid 5211] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5218] open("./file0", O_RDONLY [pid 5028] <... umount2 resumed>) = 0 [pid 5218] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 5218] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5218] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5211] <... futex resumed>) = 0 [pid 5218] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5211] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5218] ioctl(-1, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = -1 EBADF (Bad file descriptor) [pid 5218] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5211] <... futex resumed>) = 0 [pid 5218] <... futex resumed>) = 0 [pid 5211] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5218] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5211] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5218] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5211] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5218] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5211] <... futex resumed>) = 0 [pid 5211] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5218] <... openat resumed>) = 3 [pid 5218] write(3, "15", 2) = 2 [pid 5218] creat("./bus", 000) = -1 EISDIR (Is a directory) [pid 5218] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5211] <... futex resumed>) = 0 [pid 5218] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5211] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5218] mkdir(".", 0777 [pid 5211] <... futex resumed>) = 0 [pid 5028] umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5212] <... mount resumed>) = -1 EEXIST (File exists) [ 78.451152][ T5212] BTRFS warning: duplicate device /dev/loop1 devid 1 generation 8 scanned by syz-executor340 (5212) [ 78.492959][ T5206] CPU: 0 PID: 5206 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 78.503534][ T5206] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 78.513728][ T5206] Call Trace: [ 78.517242][ T5206] [ 78.520197][ T5206] dump_stack_lvl+0x1e7/0x2d0 [ 78.525019][ T5206] ? nf_tcp_handle_invalid+0x650/0x650 [ 78.530612][ T5206] ? panic+0x770/0x770 [ 78.534981][ T5206] should_fail_ex+0x3aa/0x4e0 [ 78.539704][ T5206] should_failslab+0x9/0x20 [ 78.544247][ T5206] slab_pre_alloc_hook+0x59/0x310 [ 78.549392][ T5206] ? tomoyo_encode+0x26f/0x530 [ 78.554531][ T5206] __kmem_cache_alloc_node+0x4b/0x270 [ 78.560213][ T5206] ? arch_stack_walk+0x162/0x1a0 [ 78.565293][ T5206] ? tomoyo_encode+0x26f/0x530 [ 78.570375][ T5206] __kmalloc+0xa8/0x230 [ 78.574731][ T5206] tomoyo_encode+0x26f/0x530 [ 78.579435][ T5206] tomoyo_mount_permission+0x356/0xb80 [ 78.584930][ T5206] ? __stack_depot_save+0x20/0x650 [ 78.590068][ T5206] ? tomoyo_mount_permission+0x295/0xb80 [ 78.590521][ T5218] FAULT_INJECTION: forcing a failure. [pid 5212] ioctl(4, LOOP_CLR_FD [pid 5218] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5211] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [ 78.590521][ T5218] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 78.595715][ T5206] ? tomoyo_get_name+0x510/0x510 [ 78.595787][ T5206] security_sb_mount+0x8c/0xc0 [ 78.595813][ T5206] path_mount+0xb9/0xfa0 [ 78.595832][ T5206] ? kmem_cache_free+0x292/0x500 [ 78.628288][ T5206] ? user_path_at_empty+0x4c/0x60 [ 78.633723][ T5206] __se_sys_mount+0x2d9/0x3c0 [ 78.638614][ T5206] ? __x64_sys_mount+0xc0/0xc0 [ 78.643503][ T5206] ? syscall_enter_from_user_mode+0x32/0x230 [ 78.649613][ T5206] ? __x64_sys_mount+0x20/0xc0 [ 78.654495][ T5206] do_syscall_64+0x41/0xc0 [ 78.658934][ T5206] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 78.664886][ T5206] RIP: 0033:0x7f41770c949a [ 78.669416][ T5206] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 78.689755][ T5206] RSP: 002b:00007f4177084028 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 78.698277][ T5206] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f41770c949a [pid 5218] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5028] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5028] newfstatat(AT_FDCWD, "./5/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5028] umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5028] openat(AT_FDCWD, "./5/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5028] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5028] getdents64(4, 0x555555989770 /* 2 entries */, 32768) = 48 [pid 5028] getdents64(4, 0x555555989770 /* 0 entries */, 32768) = 0 [ 78.706439][ T5206] RDX: 0000000020000180 RSI: 0000000020000100 RDI: 0000000000000000 [ 78.714516][ T5206] RBP: 0000000020000180 R08: 00007f41770840c0 R09: 0000000000000000 [ 78.722510][ T5206] R10: 0000000001a404bc R11: 0000000000000286 R12: 0000000000000000 [ 78.730588][ T5206] R13: 0000000020000100 R14: 0000000000000000 R15: 00007f41770840c0 [ 78.738606][ T5206] [ 78.743708][ T5218] CPU: 0 PID: 5218 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [pid 5028] close(4) = 0 [pid 5028] rmdir("./5/bus") = 0 [ 78.754356][ T5218] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 78.764527][ T5218] Call Trace: [ 78.767842][ T5218] [ 78.770783][ T5218] dump_stack_lvl+0x1e7/0x2d0 [ 78.775671][ T5218] ? nf_tcp_handle_invalid+0x650/0x650 [ 78.781173][ T5218] ? panic+0x770/0x770 [ 78.785247][ T5218] should_fail_ex+0x3aa/0x4e0 [ 78.790080][ T5218] strncpy_from_user+0x36/0x2e0 [ 78.795100][ T5218] getname_flags+0xf9/0x4f0 [ 78.799713][ T5218] user_path_at_empty+0x2c/0x60 [ 78.804671][ T5218] __se_sys_mount+0x29a/0x3c0 [ 78.809350][ T5218] ? __x64_sys_mount+0xc0/0xc0 [ 78.814109][ T5218] ? syscall_enter_from_user_mode+0x32/0x230 [ 78.820223][ T5218] ? __x64_sys_mount+0x20/0xc0 [ 78.825160][ T5218] do_syscall_64+0x41/0xc0 [ 78.829750][ T5218] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 78.835739][ T5218] RIP: 0033:0x7f41770c949a [ 78.840607][ T5218] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 78.860640][ T5218] RSP: 002b:00007f4177084028 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 78.869053][ T5218] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f41770c949a [ 78.877189][ T5218] RDX: 0000000020000180 RSI: 0000000020000100 RDI: 0000000000000000 [ 78.885326][ T5218] RBP: 0000000020000180 R08: 00007f41770840c0 R09: 0000000000000000 [ 78.893289][ T5218] R10: 0000000001a404bc R11: 0000000000000286 R12: 0000000000000000 [ 78.901338][ T5218] R13: 0000000020000100 R14: 0000000000000000 R15: 00007f41770840c0 [ 78.909513][ T5218] [pid 5028] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5210] <... ioctl resumed>) = 0 [pid 5210] close(4 [pid 5028] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5210] <... close resumed>) = 0 [pid 5210] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5028] newfstatat(AT_FDCWD, "./5/binderfs", [pid 5210] <... futex resumed>) = 1 [pid 5218] <... mount resumed>) = -1 EFAULT (Bad address) [pid 5210] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5028] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5206] <... mount resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 5218] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5028] unlink("./5/binderfs" [pid 5206] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5218] <... futex resumed>) = 1 [pid 5211] <... futex resumed>) = 0 [pid 5211] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5028] <... unlink resumed>) = 0 [pid 5218] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5206] <... futex resumed>) = 1 [pid 5218] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5206] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5205] <... futex resumed>) = 0 [pid 5028] getdents64(3, [pid 5218] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5206] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5205] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5218] <... futex resumed>) = 0 [pid 5206] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5205] <... futex resumed>) = 0 [pid 5028] <... getdents64 resumed>0x555555981730 /* 0 entries */, 32768) = 0 [pid 5218] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5206] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5205] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5028] close(3 [pid 5206] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5205] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5206] <... futex resumed>) = 0 [pid 5028] <... close resumed>) = 0 [pid 5206] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5205] exit_group(0 [pid 5028] rmdir("./5" [pid 5206] <... futex resumed>) = ? [pid 5205] <... exit_group resumed>) = ? [pid 5206] +++ exited with 0 +++ [pid 5211] <... futex resumed>) = 1 [pid 5218] <... futex resumed>) = 0 [pid 5211] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5218] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5211] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5211] exit_group(0 [pid 5028] <... rmdir resumed>) = 0 [pid 5218] <... futex resumed>) = ? [pid 5211] <... exit_group resumed>) = ? [pid 5218] +++ exited with 0 +++ [pid 5211] +++ exited with 0 +++ [pid 5029] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5211, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=41 /* 0.41 s */} --- [pid 5205] +++ exited with 0 +++ [pid 5028] mkdir("./6", 0777 [pid 5025] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5205, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=34 /* 0.34 s */} --- [pid 5208] <... futex resumed>) = 0 [pid 5029] umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5028] <... mkdir resumed>) = 0 [pid 5208] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5025] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5210] <... futex resumed>) = 0 [pid 5208] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5029] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5028] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5210] open("./file0", O_RDONLY [pid 5025] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5029] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5210] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 5025] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5210] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5029] <... openat resumed>) = 3 [pid 5028] <... openat resumed>) = 3 [pid 5025] <... openat resumed>) = 3 [pid 5210] <... futex resumed>) = 1 [pid 5029] newfstatat(3, "", [pid 5028] ioctl(3, LOOP_CLR_FD [pid 5025] newfstatat(3, "", [pid 5210] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5029] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5028] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5025] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5029] getdents64(3, [pid 5025] getdents64(3, [pid 5208] <... futex resumed>) = 0 [pid 5029] <... getdents64 resumed>0x555555981730 /* 4 entries */, 32768) = 104 [pid 5028] close(3 [pid 5025] <... getdents64 resumed>0x555555981730 /* 4 entries */, 32768) = 104 [pid 5208] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5029] umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5028] <... close resumed>) = 0 [pid 5025] umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5208] <... futex resumed>) = 1 [pid 5208] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5210] <... futex resumed>) = 0 [pid 5025] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5029] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5025] newfstatat(AT_FDCWD, "./5/bus", [pid 5210] ioctl(-1, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5029] newfstatat(AT_FDCWD, "./6/bus", [pid 5028] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5210] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5025] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5029] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 5246 attached [pid 5210] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5029] umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5025] umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5210] <... futex resumed>) = 1 [pid 5208] <... futex resumed>) = 0 [pid 5029] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5028] <... clone resumed>, child_tidptr=0x555555980690) = 5246 [pid 5025] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5246] set_robust_list(0x5555559806a0, 24 [pid 5210] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5208] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5029] openat(AT_FDCWD, "./6/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5025] openat(AT_FDCWD, "./5/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5246] <... set_robust_list resumed>) = 0 [pid 5210] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5208] <... futex resumed>) = 0 [pid 5029] <... openat resumed>) = 4 [pid 5246] chdir("./6" [pid 5210] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5208] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5029] newfstatat(4, "", [pid 5025] <... openat resumed>) = 4 [pid 5246] <... chdir resumed>) = 0 [pid 5210] <... openat resumed>) = 3 [pid 5029] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5246] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5210] write(3, "15", 2 [pid 5025] newfstatat(4, "", [pid 5246] <... prctl resumed>) = 0 [pid 5210] <... write resumed>) = 2 [pid 5246] setpgid(0, 0 [pid 5210] creat("./bus", 000 [pid 5025] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5210] <... creat resumed>) = -1 EISDIR (Is a directory) [pid 5210] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5025] getdents64(4, [pid 5246] <... setpgid resumed>) = 0 [pid 5210] <... futex resumed>) = 1 [pid 5208] <... futex resumed>) = 0 [pid 5029] getdents64(4, [pid 5025] <... getdents64 resumed>0x555555989770 /* 2 entries */, 32768) = 48 [pid 5246] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5210] mkdir(".", 0777 [pid 5208] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5029] <... getdents64 resumed>0x555555989770 /* 2 entries */, 32768) = 48 [pid 5025] getdents64(4, [pid 5246] <... openat resumed>) = 3 [pid 5210] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5208] <... futex resumed>) = 0 [pid 5029] getdents64(4, [pid 5025] <... getdents64 resumed>0x555555989770 /* 0 entries */, 32768) = 0 [pid 5246] write(3, "1000", 4 [pid 5210] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5208] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5025] close(4 [pid 5207] <... mount resumed>) = 0 [ 79.022712][ T5207] BTRFS info (device loop5): auto enabling async discard [pid 5207] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5207] chdir("./bus") = 0 [pid 5207] ioctl(4, LOOP_CLR_FD) = 0 [pid 5207] close(4) = 0 [pid 5207] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5207] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5204] <... futex resumed>) = 0 [pid 5204] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5207] <... futex resumed>) = 0 [pid 5204] <... futex resumed>) = 1 [pid 5207] open("./file0", O_RDONLY [pid 5204] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5207] <... open resumed>) = 4 [pid 5207] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5204] <... futex resumed>) = 0 [pid 5207] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5204] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5246] <... write resumed>) = 4 [pid 5207] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5204] <... futex resumed>) = 0 [pid 5029] <... getdents64 resumed>0x555555989770 /* 0 entries */, 32768) = 0 [pid 5025] <... close resumed>) = 0 [pid 5207] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5204] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5029] close(4 [pid 5246] close(3 [pid 5029] <... close resumed>) = 0 [pid 5025] rmdir("./5/bus" [pid 5029] rmdir("./6/bus" [pid 5246] <... close resumed>) = 0 [pid 5025] <... rmdir resumed>) = 0 [pid 5246] symlink("/dev/binderfs", "./binderfs" [pid 5029] <... rmdir resumed>) = 0 [pid 5029] umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5246] <... symlink resumed>) = 0 [pid 5029] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5029] newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 79.082150][ T5210] FAULT_INJECTION: forcing a failure. [ 79.082150][ T5210] name failslab, interval 1, probability 0, space 0, times 0 [ 79.115779][ T5210] CPU: 1 PID: 5210 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 79.126332][ T5210] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 79.136498][ T5210] Call Trace: [ 79.139951][ T5210] [ 79.143017][ T5210] dump_stack_lvl+0x1e7/0x2d0 [ 79.147805][ T5210] ? nf_tcp_handle_invalid+0x650/0x650 [ 79.153370][ T5210] ? panic+0x770/0x770 [ 79.157592][ T5210] should_fail_ex+0x3aa/0x4e0 [ 79.162379][ T5210] should_failslab+0x9/0x20 [ 79.166916][ T5210] slab_pre_alloc_hook+0x59/0x310 [ 79.171999][ T5210] ? tomoyo_encode+0x26f/0x530 [ 79.176792][ T5210] __kmem_cache_alloc_node+0x4b/0x270 [ 79.182285][ T5210] ? arch_stack_walk+0x162/0x1a0 [ 79.187341][ T5210] ? tomoyo_encode+0x26f/0x530 [ 79.192138][ T5210] __kmalloc+0xa8/0x230 [ 79.196420][ T5210] tomoyo_encode+0x26f/0x530 [ 79.201046][ T5210] tomoyo_mount_permission+0x356/0xb80 [ 79.206545][ T5210] ? __stack_depot_save+0x20/0x650 [ 79.211967][ T5210] ? tomoyo_mount_permission+0x295/0xb80 [ 79.217631][ T5210] ? tomoyo_get_name+0x510/0x510 [ 79.222640][ T5210] security_sb_mount+0x8c/0xc0 [ 79.227504][ T5210] path_mount+0xb9/0xfa0 [ 79.231743][ T5210] ? kmem_cache_free+0x292/0x500 [ 79.236672][ T5210] ? user_path_at_empty+0x4c/0x60 [ 79.241694][ T5210] __se_sys_mount+0x2d9/0x3c0 [ 79.246378][ T5210] ? __x64_sys_mount+0xc0/0xc0 [ 79.251138][ T5210] ? syscall_enter_from_user_mode+0x32/0x230 [ 79.257118][ T5210] ? __x64_sys_mount+0x20/0xc0 [ 79.262059][ T5210] do_syscall_64+0x41/0xc0 [ 79.266586][ T5210] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 79.272740][ T5210] RIP: 0033:0x7f41770c949a [ 79.277147][ T5210] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 79.297282][ T5210] RSP: 002b:00007f4177084028 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 79.305778][ T5210] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f41770c949a [ 79.313828][ T5210] RDX: 0000000020000180 RSI: 0000000020000100 RDI: 0000000000000000 [ 79.321978][ T5210] RBP: 0000000020000180 R08: 00007f41770840c0 R09: 0000000000000000 [pid 5246] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5029] unlink("./6/binderfs" [pid 5025] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5029] <... unlink resumed>) = 0 [pid 5029] getdents64(3, 0x555555981730 /* 0 entries */, 32768) = 0 [pid 5029] close(3) = 0 [pid 5029] rmdir("./6") = 0 [pid 5029] mkdir("./7", 0777) = 0 [pid 5029] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5025] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5029] <... openat resumed>) = 3 [pid 5025] newfstatat(AT_FDCWD, "./5/binderfs", [pid 5029] ioctl(3, LOOP_CLR_FD [pid 5025] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5029] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5025] unlink("./5/binderfs" [pid 5029] close(3 [pid 5025] <... unlink resumed>) = 0 [pid 5029] <... close resumed>) = 0 [pid 5025] getdents64(3, [pid 5029] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5025] <... getdents64 resumed>0x555555981730 /* 0 entries */, 32768) = 0 [pid 5025] close(3) = 0 [pid 5025] rmdir("./5") = 0 [pid 5025] mkdir("./6", 0777) = 0 [pid 5025] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5025] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5025] close(3) = 0 [pid 5025] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555980690) = 5248 [pid 5029] <... clone resumed>, child_tidptr=0x555555980690) = 5247 [pid 5246] <... futex resumed>) = 0 [pid 5246] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, NULL, 8) = 0 [pid 5246] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5246] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4177064000 [pid 5246] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 5248 attached ) = 0 [pid 5248] set_robust_list(0x5555559806a0, 24 [pid 5246] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5248] <... set_robust_list resumed>) = 0 [pid 5248] chdir("./6") = 0 [pid 5246] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5246] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0} [pid 5248] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5246] <... clone3 resumed> => {parent_tid=[5249]}, 88) = 5249 [pid 5246] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5246] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5246] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5248] setpgid(0, 0) = 0 [pid 5248] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5248] write(3, "1000", 4) = 4 [pid 5248] close(3) = 0 [pid 5248] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5248] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5248] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, NULL, 8) = 0 [pid 5248] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5248] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4177064000 [pid 5248] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5248] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5248] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0} => {parent_tid=[5250]}, 88) = 5250 [pid 5248] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5248] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5248] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5250 attached [pid 5250] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053) = 0 [pid 5250] set_robust_list(0x7f41770849a0, 24) = 0 [pid 5250] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5250] memfd_create("syzkaller", 0) = 3 [pid 5250] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f416ec64000 [pid 5212] <... ioctl resumed>) = 0 [ 79.330471][ T5210] R10: 0000000001a404bc R11: 0000000000000286 R12: 0000000000000000 [ 79.338521][ T5210] R13: 0000000020000100 R14: 0000000000000000 R15: 00007f41770840c0 [ 79.346513][ T5210] [pid 5212] close(4./strace-static-x86_64: Process 5249 attached ./strace-static-x86_64: Process 5247 attached ) = 0 [pid 5204] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5212] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5212] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5247] set_robust_list(0x5555559806a0, 24) = 0 [pid 5247] chdir("./7") = 0 [pid 5247] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5247] setpgid(0, 0) = 0 [pid 5247] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5247] write(3, "1000", 4) = 4 [pid 5249] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053 [pid 5247] close(3 [pid 5209] <... futex resumed>) = 0 [pid 5249] <... rseq resumed>) = 0 [pid 5247] <... close resumed>) = 0 [pid 5209] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5207] <... ioctl resumed>) = 0 [pid 5249] set_robust_list(0x7f41770849a0, 24 [pid 5247] symlink("/dev/binderfs", "./binderfs" [pid 5212] <... futex resumed>) = 0 [pid 5209] <... futex resumed>) = 1 [pid 5249] <... set_robust_list resumed>) = 0 [pid 5247] <... symlink resumed>) = 0 [pid 5212] open("./file0", O_RDONLY [pid 5249] rt_sigprocmask(SIG_SETMASK, [], [pid 5247] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5212] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 5209] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5249] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5247] <... futex resumed>) = 0 [pid 5207] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5249] memfd_create("syzkaller", 0 [pid 5247] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, [pid 5212] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5209] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5207] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5249] <... memfd_create resumed>) = 3 [pid 5247] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5212] <... futex resumed>) = 0 [pid 5209] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5249] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5247] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5212] ioctl(-1, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5209] <... futex resumed>) = 0 [pid 5249] <... mmap resumed>) = 0x7f416ec64000 [pid 5247] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5212] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5209] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5247] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5212] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5209] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5247] <... mmap resumed>) = 0x7f4177064000 [pid 5212] <... futex resumed>) = 0 [pid 5209] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5247] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE [pid 5212] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5209] <... futex resumed>) = 0 [pid 5247] <... mprotect resumed>) = 0 [pid 5212] <... openat resumed>) = 3 [pid 5209] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5247] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5212] write(3, "15", 2 [pid 5247] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5212] <... write resumed>) = 2 [pid 5204] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5247] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0} [pid 5212] creat("./bus", 000 [pid 5207] <... futex resumed>) = 0 [pid 5204] <... futex resumed>) = 1 ./strace-static-x86_64: Process 5252 attached [pid 5212] <... creat resumed>) = -1 EISDIR (Is a directory) [pid 5207] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5204] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5252] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053 [pid 5247] <... clone3 resumed> => {parent_tid=[5252]}, 88) = 5252 [pid 5212] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5207] <... openat resumed>) = 5 [pid 5252] <... rseq resumed>) = 0 [pid 5247] rt_sigprocmask(SIG_SETMASK, [], [pid 5212] <... futex resumed>) = 1 [pid 5209] <... futex resumed>) = 0 [pid 5207] write(5, "15", 2 [pid 5252] set_robust_list(0x7f41770849a0, 24 [pid 5247] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5212] mkdir(".", 0777 [pid 5209] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5207] <... write resumed>) = 2 [pid 5252] <... set_robust_list resumed>) = 0 [pid 5247] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5212] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5207] creat("./bus", 000 [pid 5252] rt_sigprocmask(SIG_SETMASK, [], [pid 5247] <... futex resumed>) = 0 [pid 5212] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5209] <... futex resumed>) = 0 [pid 5247] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [ 79.474528][ T5212] FAULT_INJECTION: forcing a failure. [ 79.474528][ T5212] name failslab, interval 1, probability 0, space 0, times 0 [ 79.474566][ T5207] FAULT_INJECTION: forcing a failure. [ 79.474566][ T5207] name failslab, interval 1, probability 0, space 0, times 0 [ 79.498386][ T2430] BTRFS info (device loop5): qgroup scan completed (inconsistency flag cleared) [ 79.503930][ T5207] CPU: 1 PID: 5207 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 79.503955][ T5207] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 79.503966][ T5207] Call Trace: [ 79.503974][ T5207] [ 79.503982][ T5207] dump_stack_lvl+0x1e7/0x2d0 [ 79.544908][ T5207] ? nf_tcp_handle_invalid+0x650/0x650 [ 79.550460][ T5207] ? panic+0x770/0x770 [ 79.554535][ T5207] ? mark_lock+0x9a/0x340 [ 79.558864][ T5207] should_fail_ex+0x3aa/0x4e0 [ 79.563552][ T5207] should_failslab+0x9/0x20 [ 79.568229][ T5207] slab_pre_alloc_hook+0x59/0x310 [ 79.573426][ T5207] ? ulist_add_merge+0x14c/0x480 [ 79.578452][ T5207] __kmem_cache_alloc_node+0x4b/0x270 [ 79.583963][ T5207] ? ulist_add_merge+0x14c/0x480 [ 79.588962][ T5207] kmalloc_trace+0x2a/0xe0 [ 79.593382][ T5207] ulist_add_merge+0x14c/0x480 [ 79.598234][ T5207] btrfs_qgroup_convert_reserved_meta+0x503/0x960 [ 79.604998][ T5207] ? __btrfs_qgroup_free_meta+0x380/0x380 [ 79.610741][ T5207] ? join_transaction+0xb08/0xce0 [ 79.615772][ T5207] ? rcu_is_watching+0x15/0xb0 [ 79.620534][ T5207] ? trace_btrfs_space_reservation+0x96/0x210 [ 79.626715][ T5207] start_transaction+0x1011/0x11a0 [ 79.631942][ T5207] btrfs_create_common+0x1d6/0x300 [ 79.637124][ T5207] ? btrfs_tmpfile+0x4e0/0x4e0 [ 79.641915][ T5207] ? do_raw_spin_unlock+0x13b/0x8b0 [ 79.647159][ T5207] ? btrfs_create+0x75/0x140 [ 79.651765][ T5207] ? btrfs_lookup+0x40/0x40 [ 79.656279][ T5207] path_openat+0x13e7/0x3180 [ 79.660902][ T5207] ? do_filp_open+0x490/0x490 [ 79.665603][ T5207] do_filp_open+0x234/0x490 [ 79.670106][ T5207] ? vfs_tmpfile+0x4b0/0x4b0 [ 79.674797][ T5207] ? _raw_spin_unlock+0x28/0x40 [ 79.679782][ T5207] ? alloc_fd+0x59c/0x640 [ 79.684308][ T5207] do_sys_openat2+0x13e/0x1d0 [ 79.689004][ T5207] ? do_sys_open+0x230/0x230 [ 79.693613][ T5207] ? _raw_spin_unlock_irq+0x2e/0x50 [ 79.698814][ T5207] ? ptrace_notify+0x278/0x380 [ 79.703616][ T5207] __x64_sys_creat+0x123/0x160 [ 79.708401][ T5207] ? __x64_compat_sys_openat+0x290/0x290 [ 79.714057][ T5207] ? syscall_enter_from_user_mode+0x32/0x230 [ 79.720045][ T5207] ? syscall_enter_from_user_mode+0x8c/0x230 [ 79.726029][ T5207] do_syscall_64+0x41/0xc0 [ 79.730528][ T5207] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 79.736420][ T5207] RIP: 0033:0x7f41770c8049 [ 79.740856][ T5207] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 79.760480][ T5207] RSP: 002b:00007f4177084208 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 79.768956][ T5207] RAX: ffffffffffffffda RBX: 00007f41771546c8 RCX: 00007f41770c8049 [ 79.777366][ T5207] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000040 [ 79.785336][ T5207] RBP: 00007f41771546c0 R08: 00007f4177083fa6 R09: 0000000000003531 [ 79.794350][ T5207] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f41771211d0 [ 79.802362][ T5207] R13: 00007f4177084210 R14: 0000000000000002 R15: 00007f417711c070 [ 79.810531][ T5207] [ 79.822131][ T5212] CPU: 0 PID: 5212 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 79.832826][ T5212] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 79.843267][ T5212] Call Trace: [ 79.846560][ T5212] [ 79.849602][ T5212] dump_stack_lvl+0x1e7/0x2d0 [ 79.854308][ T5212] ? nf_tcp_handle_invalid+0x650/0x650 [ 79.859796][ T5212] ? panic+0x770/0x770 [ 79.863983][ T5212] should_fail_ex+0x3aa/0x4e0 [ 79.868685][ T5212] should_failslab+0x9/0x20 [pid 5209] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5204] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5252] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 79.873301][ T5212] slab_pre_alloc_hook+0x59/0x310 [ 79.878345][ T5212] ? tomoyo_encode+0x26f/0x530 [ 79.883478][ T5212] __kmem_cache_alloc_node+0x4b/0x270 [ 79.888869][ T5212] ? arch_stack_walk+0x162/0x1a0 [ 79.893907][ T5212] ? tomoyo_encode+0x26f/0x530 [ 79.898694][ T5212] __kmalloc+0xa8/0x230 [ 79.902882][ T5212] tomoyo_encode+0x26f/0x530 [ 79.907584][ T5212] tomoyo_mount_permission+0x356/0xb80 [ 79.913131][ T5212] ? __stack_depot_save+0x20/0x650 [ 79.918260][ T5212] ? tomoyo_mount_permission+0x295/0xb80 [ 79.924185][ T5212] ? tomoyo_get_name+0x510/0x510 [ 79.929298][ T5212] security_sb_mount+0x8c/0xc0 [ 79.934201][ T5212] path_mount+0xb9/0xfa0 [ 79.938467][ T5212] ? kmem_cache_free+0x292/0x500 [ 79.943447][ T5212] ? user_path_at_empty+0x4c/0x60 [ 79.948604][ T5212] __se_sys_mount+0x2d9/0x3c0 [ 79.953324][ T5212] ? __x64_sys_mount+0xc0/0xc0 [ 79.958113][ T5212] ? syscall_enter_from_user_mode+0x32/0x230 [ 79.964391][ T5212] ? __x64_sys_mount+0x20/0xc0 [ 79.969378][ T5212] do_syscall_64+0x41/0xc0 [ 79.973858][ T5212] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 79.979788][ T5212] RIP: 0033:0x7f41770c949a [ 79.984316][ T5212] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 80.004402][ T5212] RSP: 002b:00007f4177084028 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 80.012836][ T5212] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f41770c949a [pid 5252] memfd_create("syzkaller", 0 [pid 5249] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5212] <... mount resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 5210] <... mount resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 5207] <... creat resumed>) = 6 [pid 5204] futex(0x7f41771546dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5252] <... memfd_create resumed>) = 3 [pid 5250] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5212] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5210] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5207] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5204] <... futex resumed>) = 0 [pid 5252] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5212] <... futex resumed>) = 1 [pid 5210] <... futex resumed>) = 1 [pid 5209] <... futex resumed>) = 0 [pid 5208] <... futex resumed>) = 0 [pid 5207] <... futex resumed>) = 0 [pid 5204] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5252] <... mmap resumed>) = 0x7f416ec64000 [pid 5212] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [ 80.020925][ T5212] RDX: 0000000020000180 RSI: 0000000020000100 RDI: 0000000000000000 [ 80.029022][ T5212] RBP: 0000000020000180 R08: 00007f41770840c0 R09: 0000000000000000 [ 80.037187][ T5212] R10: 0000000001a404bc R11: 0000000000000286 R12: 0000000000000000 [ 80.045339][ T5212] R13: 0000000020000100 R14: 0000000000000000 R15: 00007f41770840c0 [ 80.053404][ T5212] [pid 5210] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5209] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5208] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5207] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5204] <... mmap resumed>) = 0x7f4177043000 [pid 5212] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5210] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5209] <... futex resumed>) = 0 [pid 5208] <... futex resumed>) = 0 [pid 5204] mprotect(0x7f4177044000, 131072, PROT_READ|PROT_WRITE [pid 5210] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5209] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5208] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5204] <... mprotect resumed>) = 0 [pid 5210] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5204] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5210] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5204] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5210] <... futex resumed>) = 1 [pid 5208] <... futex resumed>) = 0 [pid 5204] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177063990, parent_tid=0x7f4177063990, exit_signal=0, stack=0x7f4177043000, stack_size=0x20300, tls=0x7f41770636c0}./strace-static-x86_64: Process 5253 attached [pid 5210] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5208] exit_group(0 [pid 5253] rseq(0x7f4177063fe0, 0x20, 0, 0x53053053 [pid 5212] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5210] <... futex resumed>) = ? [pid 5208] <... exit_group resumed>) = ? [pid 5204] <... clone3 resumed> => {parent_tid=[5253]}, 88) = 5253 [pid 5253] <... rseq resumed>) = 0 [pid 5212] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5210] +++ exited with 0 +++ [pid 5208] +++ exited with 0 +++ [pid 5204] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5027] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5208, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=31 /* 0.31 s */} --- [pid 5204] futex(0x7f41771546d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5204] futex(0x7f41771546dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5253] set_robust_list(0x7f41770639a0, 24 [pid 5212] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5253] <... set_robust_list resumed>) = 0 [pid 5253] rt_sigprocmask(SIG_SETMASK, [], [pid 5212] <... futex resumed>) = 1 [pid 5209] <... futex resumed>) = 0 [pid 5253] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5212] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5209] exit_group(0 [pid 5253] mkdir(".", 0777 [pid 5212] <... futex resumed>) = ? [pid 5209] <... exit_group resumed>) = ? [pid 5253] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5212] +++ exited with 0 +++ [pid 5209] +++ exited with 0 +++ [pid 5253] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5027] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5026] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5209, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=42 /* 0.42 s */} --- [pid 5027] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5026] restart_syscall(<... resuming interrupted clone ...> [pid 5027] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5026] <... restart_syscall resumed>) = 0 [pid 5027] <... openat resumed>) = 3 [pid 5027] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5026] umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5027] getdents64(3, [pid 5026] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5027] <... getdents64 resumed>0x555555981730 /* 4 entries */, 32768) = 104 [pid 5026] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5027] umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5026] <... openat resumed>) = 3 [pid 5027] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5026] newfstatat(3, "", [pid 5027] newfstatat(AT_FDCWD, "./5/bus", [pid 5026] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5027] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5026] getdents64(3, [pid 5027] umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5026] <... getdents64 resumed>0x555555981730 /* 4 entries */, 32768) = 104 [pid 5027] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5026] umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5027] openat(AT_FDCWD, "./5/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5026] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5027] <... openat resumed>) = 4 [pid 5026] newfstatat(AT_FDCWD, "./6/bus", [pid 5027] newfstatat(4, "", [pid 5026] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5027] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5026] umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5027] getdents64(4, [pid 5026] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5027] <... getdents64 resumed>0x555555989770 /* 2 entries */, 32768) = 48 [pid 5026] openat(AT_FDCWD, "./6/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5026] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5026] getdents64(4, 0x555555989770 /* 2 entries */, 32768) = 48 [pid 5027] getdents64(4, [pid 5026] getdents64(4, 0x555555989770 /* 0 entries */, 32768) = 0 [pid 5026] close(4) = 0 [pid 5026] rmdir("./6/bus") = 0 [pid 5026] umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5026] newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5026] unlink("./6/binderfs") = 0 [pid 5026] getdents64(3, 0x555555981730 /* 0 entries */, 32768) = 0 [pid 5026] close(3) = 0 [pid 5026] rmdir("./6") = 0 [pid 5026] mkdir("./7", 0777 [pid 5027] <... getdents64 resumed>0x555555989770 /* 0 entries */, 32768) = 0 [pid 5027] close(4 [pid 5026] <... mkdir resumed>) = 0 [pid 5027] <... close resumed>) = 0 [pid 5027] rmdir("./5/bus" [pid 5026] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5027] <... rmdir resumed>) = 0 [pid 5026] <... openat resumed>) = 3 [pid 5026] ioctl(3, LOOP_CLR_FD [pid 5027] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5026] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5027] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5026] close(3 [pid 5027] newfstatat(AT_FDCWD, "./5/binderfs", [pid 5026] <... close resumed>) = 0 [pid 5026] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5027] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5027] unlink("./5/binderfs"./strace-static-x86_64: Process 5254 attached ) = 0 [pid 5254] set_robust_list(0x5555559806a0, 24 [pid 5027] getdents64(3, [pid 5026] <... clone resumed>, child_tidptr=0x555555980690) = 5254 [pid 5027] <... getdents64 resumed>0x555555981730 /* 0 entries */, 32768) = 0 [pid 5254] <... set_robust_list resumed>) = 0 [pid 5254] chdir("./7" [pid 5027] close(3) = 0 [pid 5254] <... chdir resumed>) = 0 [pid 5027] rmdir("./5" [pid 5254] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5027] <... rmdir resumed>) = 0 [pid 5254] setpgid(0, 0 [pid 5027] mkdir("./6", 0777 [pid 5254] <... setpgid resumed>) = 0 [pid 5254] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5027] <... mkdir resumed>) = 0 [pid 5254] <... openat resumed>) = 3 [pid 5254] write(3, "1000", 4) = 4 [pid 5027] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5254] close(3) = 0 [pid 5254] symlink("/dev/binderfs", "./binderfs" [pid 5027] <... openat resumed>) = 3 [pid 5254] <... symlink resumed>) = 0 [pid 5027] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 80.213471][ T5253] BTRFS error (device loop5: state M): unrecognized mount option '18446744073709551615017777777777777777777770177777777777777777777718446744073709551615lbZ~Ƣ8žH~אa*Oѓ< 5^Sus%e [ 80.213471][ T5253] /ĖEaofmߚtҮ~г#a C$n-SGWmxeGy|sL=~ä_;N' [pid 5027] close(3 [pid 5254] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5027] <... close resumed>) = 0 [pid 5254] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, [pid 5027] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555980690) = 5255 [pid 5254] <... rt_sigaction resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 5255 attached [pid 5255] set_robust_list(0x5555559806a0, 24 [pid 5254] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5255] <... set_robust_list resumed>) = 0 [pid 5254] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4177064000 [pid 5255] chdir("./6" [pid 5254] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5255] <... chdir resumed>) = 0 [pid 5253] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5253] futex(0x7f41771546dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5255] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5255] setpgid(0, 0 [pid 5204] <... futex resumed>) = 0 [pid 5204] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5207] <... futex resumed>) = 0 [pid 5204] <... futex resumed>) = 1 [pid 5207] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5204] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5207] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5207] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5204] <... futex resumed>) = 0 [pid 5254] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5207] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5204] exit_group(0 [pid 5255] <... setpgid resumed>) = 0 [pid 5254] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5253] <... futex resumed>) = ? [pid 5207] <... futex resumed>) = ? [pid 5204] <... exit_group resumed>) = ? [pid 5255] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5254] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0} [pid 5253] +++ exited with 0 +++ [pid 5207] +++ exited with 0 +++ [pid 5204] +++ exited with 0 +++ [pid 5030] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5204, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=39 /* 0.39 s */} --- [pid 5255] <... openat resumed>) = 3 [pid 5030] restart_syscall(<... resuming interrupted clone ...>) = 0 ./strace-static-x86_64: Process 5256 attached [pid 5254] <... clone3 resumed> => {parent_tid=[5256]}, 88) = 5256 [pid 5255] write(3, "1000", 4) = 4 [pid 5254] rt_sigprocmask(SIG_SETMASK, [], [pid 5030] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5256] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053 [pid 5255] close(3 [pid 5254] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5030] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5256] <... rseq resumed>) = 0 [pid 5255] <... close resumed>) = 0 [pid 5254] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5030] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5255] symlink("/dev/binderfs", "./binderfs" [pid 5254] <... futex resumed>) = 0 [pid 5030] <... openat resumed>) = 3 [pid 5254] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5030] newfstatat(3, "", [pid 5256] set_robust_list(0x7f41770849a0, 24 [pid 5255] <... symlink resumed>) = 0 [pid 5030] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5256] <... set_robust_list resumed>) = 0 [pid 5255] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5030] getdents64(3, [pid 5256] rt_sigprocmask(SIG_SETMASK, [], [pid 5255] <... futex resumed>) = 0 [pid 5030] <... getdents64 resumed>0x555555981730 /* 4 entries */, 32768) = 104 [pid 5256] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5255] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, [pid 5030] umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5256] memfd_create("syzkaller", 0 [pid 5255] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5256] <... memfd_create resumed>) = 3 [pid 5256] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f416ec64000 [pid 5255] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5255] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4177064000 [pid 5255] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5255] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5255] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0}./strace-static-x86_64: Process 5257 attached [pid 5257] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053 [pid 5255] <... clone3 resumed> => {parent_tid=[5257]}, 88) = 5257 [pid 5257] <... rseq resumed>) = 0 [pid 5255] rt_sigprocmask(SIG_SETMASK, [], [pid 5257] set_robust_list(0x7f41770849a0, 24 [pid 5255] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5257] <... set_robust_list resumed>) = 0 [pid 5255] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5257] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5255] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5257] memfd_create("syzkaller", 0) = 3 [pid 5257] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f416ec64000 [ 80.364591][ T5030] BTRFS warning (device loop5): qgroup 0/5 has unreleased space, type 2 rsv 20480 [ 80.395623][ T5030] BTRFS error (device loop5): qgroup reserved space leaked [pid 5252] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5249] <... write resumed>) = 16777216 [pid 5249] munmap(0x7f416ec64000, 138412032) = 0 [pid 5249] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5249] ioctl(4, LOOP_SET_FD, 3 [pid 5250] <... write resumed>) = 16777216 [pid 5250] munmap(0x7f416ec64000, 138412032) = 0 [pid 5249] <... ioctl resumed>) = 0 [pid 5249] close(3) = 0 [pid 5249] mkdir("./bus", 0777) = 0 [pid 5249] mount("/dev/loop3", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [ 80.494244][ T5249] loop3: detected capacity change from 0 to 32768 [pid 5250] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5250] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5250] close(3) = 0 [pid 5250] mkdir("./bus", 0777) = 0 [ 80.556608][ T5249] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop3 scanned by syz-executor340 (5249) [ 80.575163][ T5250] loop0: detected capacity change from 0 to 32768 [pid 5250] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = -1 EEXIST (File exists) [pid 5250] ioctl(4, LOOP_CLR_FD [ 80.620008][ T5250] BTRFS warning: duplicate device /dev/loop0 devid 1 generation 8 scanned by syz-executor340 (5250) [ 80.652492][ T5249] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [pid 5257] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 80.673067][ T5249] BTRFS info (device loop3): doing ref verification [ 80.702768][ T5249] BTRFS warning (device loop3): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 80.732959][ T5249] BTRFS info (device loop3): force zlib compression, level 3 [ 80.770659][ T5249] BTRFS info (device loop3): allowing degraded mounts [pid 5256] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5030] <... umount2 resumed>) = 0 [pid 5030] umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5030] newfstatat(AT_FDCWD, "./5/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5030] umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5030] openat(AT_FDCWD, "./5/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5030] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5030] getdents64(4, 0x555555989770 /* 2 entries */, 32768) = 48 [pid 5030] getdents64(4, 0x555555989770 /* 0 entries */, 32768) = 0 [ 80.802889][ T5249] BTRFS info (device loop3): using free space tree [pid 5030] close(4) = 0 [pid 5030] rmdir("./5/bus") = 0 [pid 5030] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5030] newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5030] unlink("./5/binderfs") = 0 [pid 5030] getdents64(3, 0x555555981730 /* 0 entries */, 32768) = 0 [pid 5030] close(3) = 0 [pid 5030] rmdir("./5") = 0 [pid 5030] mkdir("./6", 0777) = 0 [pid 5030] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5030] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5252] <... write resumed>) = 16777216 [pid 5030] close(3) = 0 [pid 5252] munmap(0x7f416ec64000, 138412032) = 0 [pid 5030] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5249] <... mount resumed>) = 0 [pid 5030] <... clone resumed>, child_tidptr=0x555555980690) = 5273 [pid 5249] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY./strace-static-x86_64: Process 5273 attached ) = 3 [pid 5273] set_robust_list(0x5555559806a0, 24 [pid 5249] chdir("./bus" [pid 5273] <... set_robust_list resumed>) = 0 [pid 5249] <... chdir resumed>) = 0 [pid 5249] ioctl(4, LOOP_CLR_FD [pid 5273] chdir("./6" [pid 5252] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5273] <... chdir resumed>) = 0 [pid 5252] <... openat resumed>) = 4 [pid 5249] <... ioctl resumed>) = 0 [pid 5249] close(4 [pid 5273] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5252] ioctl(4, LOOP_SET_FD, 3 [pid 5249] <... close resumed>) = 0 [ 80.931708][ T5249] BTRFS info (device loop3): auto enabling async discard [pid 5273] <... prctl resumed>) = 0 [pid 5252] <... ioctl resumed>) = 0 [pid 5250] <... ioctl resumed>) = 0 [pid 5249] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5273] setpgid(0, 0 [pid 5250] close(4 [pid 5249] <... futex resumed>) = 1 [pid 5246] <... futex resumed>) = 0 [pid 5250] <... close resumed>) = 0 [pid 5249] open("./file0", O_RDONLY [pid 5246] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5273] <... setpgid resumed>) = 0 [pid 5273] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5246] <... futex resumed>) = 0 [pid 5273] <... openat resumed>) = 3 [pid 5250] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5249] <... open resumed>) = 4 [pid 5246] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5273] write(3, "1000", 4 [pid 5250] <... futex resumed>) = 1 [pid 5249] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5248] <... futex resumed>) = 0 [pid 5246] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5273] <... write resumed>) = 4 [pid 5250] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5249] <... futex resumed>) = 0 [pid 5248] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5246] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5250] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5249] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5248] <... futex resumed>) = 0 [pid 5246] <... futex resumed>) = 0 [pid 5250] open("./file0", O_RDONLY [pid 5273] close(3 [pid 5248] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5246] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5273] <... close resumed>) = 0 [pid 5250] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 5273] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5273] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5273] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, [pid 5252] close(3 [pid 5250] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5273] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5252] <... close resumed>) = 0 [pid 5273] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5252] mkdir("./bus", 0777 [pid 5250] <... futex resumed>) = 1 [pid 5248] <... futex resumed>) = 0 [pid 5273] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5252] <... mkdir resumed>) = 0 [pid 5273] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5252] mount("/dev/loop4", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5248] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5273] <... mmap resumed>) = 0x7f4177064000 [pid 5250] ioctl(-1, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5248] <... futex resumed>) = 0 [pid 5248] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5273] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE [pid 5250] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5249] <... ioctl resumed>) = 0 [pid 5249] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5250] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5249] <... futex resumed>) = 1 [pid 5248] <... futex resumed>) = 0 [pid 5246] <... futex resumed>) = 0 [pid 5250] <... futex resumed>) = 1 [pid 5249] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5246] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5273] <... mprotect resumed>) = 0 [pid 5249] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5246] <... futex resumed>) = 0 [pid 5246] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5273] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5250] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5273] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5273] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0} [pid 5249] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5273] <... clone3 resumed> => {parent_tid=[5274]}, 88) = 5274 [pid 5273] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5273] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5249] <... openat resumed>) = 5 [pid 5273] <... futex resumed>) = 0 [pid 5273] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5274 attached [pid 5274] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053) = 0 [pid 5274] set_robust_list(0x7f41770849a0, 24 [pid 5248] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5274] <... set_robust_list resumed>) = 0 [pid 5274] rt_sigprocmask(SIG_SETMASK, [], [pid 5249] write(5, "15", 2 [pid 5248] <... futex resumed>) = 1 [pid 5274] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5250] <... futex resumed>) = 0 [pid 5274] memfd_create("syzkaller", 0 [pid 5250] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5249] <... write resumed>) = 2 [ 80.974653][ T5252] loop4: detected capacity change from 0 to 32768 [ 80.999236][ T5252] BTRFS warning: duplicate device /dev/loop4 devid 1 generation 8 scanned by syz-executor340 (5252) [pid 5248] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5274] <... memfd_create resumed>) = 3 [pid 5252] <... mount resumed>) = -1 EEXIST (File exists) [pid 5250] <... openat resumed>) = 3 [pid 5249] creat("./bus", 000 [pid 5274] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f416ec64000 [pid 5252] ioctl(4, LOOP_CLR_FD [pid 5250] write(3, "15", 2) = 2 [pid 5250] creat("./bus", 000) = -1 EISDIR (Is a directory) [pid 5250] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5248] <... futex resumed>) = 0 [pid 5246] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5250] mkdir(".", 0777 [pid 5248] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5246] futex(0x7f41771546dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5250] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5250] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5246] <... futex resumed>) = 0 [pid 5246] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5248] <... futex resumed>) = 0 [pid 5250] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5250] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5248] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5246] <... mmap resumed>) = 0x7f4177043000 [pid 5250] <... futex resumed>) = 0 [pid 5250] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5248] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5246] mprotect(0x7f4177044000, 131072, PROT_READ|PROT_WRITE [pid 5248] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5246] <... mprotect resumed>) = 0 [pid 5250] <... futex resumed>) = 0 [pid 5248] <... futex resumed>) = 1 [pid 5246] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5250] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5246] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5250] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5246] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177063990, parent_tid=0x7f4177063990, exit_signal=0, stack=0x7f4177043000, stack_size=0x20300, tls=0x7f41770636c0} [pid 5250] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5250] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5248] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5275 attached [pid 5275] rseq(0x7f4177063fe0, 0x20, 0, 0x53053053 [pid 5248] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5275] <... rseq resumed>) = 0 [pid 5248] exit_group(0 [pid 5275] set_robust_list(0x7f41770639a0, 24 [pid 5250] <... futex resumed>) = ? [pid 5248] <... exit_group resumed>) = ? [pid 5275] <... set_robust_list resumed>) = 0 [pid 5250] +++ exited with 0 +++ [pid 5275] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5246] <... clone3 resumed> => {parent_tid=[5275]}, 88) = 5275 [ 81.056952][ T5249] FAULT_INJECTION: forcing a failure. [ 81.056952][ T5249] name failslab, interval 1, probability 0, space 0, times 0 [ 81.088008][ T4133] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [ 81.132310][ T5249] CPU: 1 PID: 5249 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 81.142867][ T5249] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 81.153385][ T5249] Call Trace: [ 81.156684][ T5249] [ 81.159712][ T5249] dump_stack_lvl+0x1e7/0x2d0 [ 81.164421][ T5249] ? nf_tcp_handle_invalid+0x650/0x650 [ 81.169904][ T5249] ? panic+0x770/0x770 [ 81.174092][ T5249] should_fail_ex+0x3aa/0x4e0 [ 81.178843][ T5249] should_failslab+0x9/0x20 [ 81.183555][ T5249] slab_pre_alloc_hook+0x59/0x310 [ 81.188599][ T5249] ? btrfs_record_root_in_trans+0x16e/0x180 [ 81.194942][ T5249] kmem_cache_alloc+0x52/0x300 [ 81.199704][ T5249] ? btrfs_create_new_inode+0x251/0x2710 [ 81.205426][ T5249] btrfs_create_new_inode+0x251/0x2710 [ 81.210888][ T5249] ? __mutex_unlock_slowpath+0x21c/0x750 [ 81.216537][ T5249] ? btrfs_new_inode_args_destroy+0x160/0x160 [ 81.222627][ T5249] btrfs_create_common+0x1f9/0x300 [ 81.227807][ T5249] ? btrfs_tmpfile+0x4e0/0x4e0 [ 81.232576][ T5249] ? do_raw_spin_unlock+0x13b/0x8b0 [ 81.237785][ T5249] ? btrfs_create+0x75/0x140 [ 81.242373][ T5249] ? btrfs_lookup+0x40/0x40 [ 81.246970][ T5249] path_openat+0x13e7/0x3180 [ 81.251590][ T5249] ? do_filp_open+0x490/0x490 [ 81.256342][ T5249] do_filp_open+0x234/0x490 [ 81.260847][ T5249] ? vfs_tmpfile+0x4b0/0x4b0 [ 81.265448][ T5249] ? _raw_spin_unlock+0x28/0x40 [ 81.270289][ T5249] ? alloc_fd+0x59c/0x640 [ 81.274639][ T5249] do_sys_openat2+0x13e/0x1d0 [ 81.279337][ T5249] ? do_sys_open+0x230/0x230 [ 81.284283][ T5249] ? _raw_spin_unlock_irq+0x2e/0x50 [ 81.289484][ T5249] ? ptrace_notify+0x278/0x380 [ 81.294256][ T5249] __x64_sys_creat+0x123/0x160 [ 81.299108][ T5249] ? __x64_compat_sys_openat+0x290/0x290 [ 81.304923][ T5249] ? syscall_enter_from_user_mode+0x32/0x230 [ 81.310903][ T5249] ? syscall_enter_from_user_mode+0x8c/0x230 [ 81.316918][ T5249] do_syscall_64+0x41/0xc0 [ 81.321452][ T5249] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 81.327465][ T5249] RIP: 0033:0x7f41770c8049 [ 81.331900][ T5249] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 81.351868][ T5249] RSP: 002b:00007f4177084208 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 81.360294][ T5249] RAX: ffffffffffffffda RBX: 00007f41771546c8 RCX: 00007f41770c8049 [ 81.371593][ T5249] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000040 [ 81.379653][ T5249] RBP: 00007f41771546c0 R08: 00007f4177083fa6 R09: 0000000000003531 [ 81.387620][ T5249] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f41771211d0 [ 81.395850][ T5249] R13: 00007f4177084210 R14: 0000000000000002 R15: 00007f417711c070 [ 81.403943][ T5249] [pid 5275] futex(0x7f41771546d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5256] <... write resumed>) = 16777216 [pid 5248] +++ exited with 0 +++ [pid 5246] rt_sigprocmask(SIG_SETMASK, [], [pid 5257] <... write resumed>) = 16777216 [pid 5257] munmap(0x7f416ec64000, 138412032) = 0 [pid 5257] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5257] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5257] close(3) = 0 [pid 5257] mkdir("./bus", 0777) = 0 [pid 5246] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5246] futex(0x7f41771546d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5275] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5257] mount("/dev/loop2", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5246] <... futex resumed>) = 0 [pid 5246] futex(0x7f41771546dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5275] mkdir(".", 0777 [pid 5256] munmap(0x7f416ec64000, 138412032) = 0 [pid 5275] <... mkdir resumed>) = -1 EEXIST (File exists) [ 81.436982][ T5257] loop2: detected capacity change from 0 to 32768 [pid 5275] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5256] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5249] <... creat resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 5249] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5025] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5248, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=29 /* 0.29 s */} --- [pid 5249] <... futex resumed>) = 0 [pid 5025] umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5249] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5025] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5025] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5025] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5025] getdents64(3, 0x555555981730 /* 4 entries */, 32768) = 104 [pid 5025] umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5256] <... openat resumed>) = 4 [ 81.478105][ T5257] BTRFS warning: duplicate device /dev/loop2 devid 1 generation 8 scanned by syz-executor340 (5257) [pid 5025] newfstatat(AT_FDCWD, "./6/bus", [pid 5256] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5252] <... ioctl resumed>) = 0 [pid 5025] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5025] umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5025] openat(AT_FDCWD, "./6/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5025] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5025] getdents64(4, [pid 5252] close(4 [pid 5025] <... getdents64 resumed>0x555555989770 /* 2 entries */, 32768) = 48 [pid 5256] close(3 [pid 5025] getdents64(4, [pid 5257] <... mount resumed>) = -1 EEXIST (File exists) [pid 5256] <... close resumed>) = 0 [pid 5257] ioctl(4, LOOP_CLR_FD [pid 5256] mkdir("./bus", 0777) = 0 [pid 5025] <... getdents64 resumed>0x555555989770 /* 0 entries */, 32768) = 0 [pid 5256] mount("/dev/loop1", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5025] close(4) = 0 [pid 5025] rmdir("./6/bus") = 0 [pid 5025] umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5025] newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5025] unlink("./6/binderfs") = 0 [pid 5025] getdents64(3, 0x555555981730 /* 0 entries */, 32768) = 0 [pid 5025] close(3) = 0 [pid 5025] rmdir("./6") = 0 [pid 5025] mkdir("./7", 0777) = 0 [ 81.523776][ T5256] loop1: detected capacity change from 0 to 32768 [pid 5025] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5025] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5025] close(3) = 0 [pid 5025] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5252] <... close resumed>) = 0 [pid 5025] <... clone resumed>, child_tidptr=0x555555980690) = 5276 [pid 5252] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5247] <... futex resumed>) = 0 [pid 5247] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5247] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5276 attached [pid 5252] open("./file0", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5252] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5276] set_robust_list(0x5555559806a0, 24 [pid 5252] <... futex resumed>) = 1 [pid 5247] <... futex resumed>) = 0 [pid 5276] <... set_robust_list resumed>) = 0 [pid 5247] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5247] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5276] chdir("./7" [pid 5252] ioctl(-1, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5276] <... chdir resumed>) = 0 [pid 5252] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5276] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5252] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5276] setpgid(0, 0 [pid 5252] <... futex resumed>) = 1 [pid 5247] <... futex resumed>) = 0 [pid 5276] <... setpgid resumed>) = 0 [pid 5247] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5276] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5247] <... futex resumed>) = 0 [pid 5247] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5276] <... openat resumed>) = 3 [pid 5252] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5276] write(3, "1000", 4 [pid 5252] <... openat resumed>) = 3 [pid 5276] <... write resumed>) = 4 [pid 5276] close(3) = 0 [pid 5276] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5276] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5276] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, NULL, 8) = 0 [pid 5276] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5276] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4177064000 [pid 5276] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5276] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5252] write(3, "15", 2) = 2 [pid 5252] creat("./bus", 000 [pid 5276] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5252] <... creat resumed>) = -1 EISDIR (Is a directory) [pid 5276] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0}./strace-static-x86_64: Process 5277 attached [pid 5252] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5277] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053 [pid 5252] <... futex resumed>) = 1 [pid 5247] <... futex resumed>) = 0 [pid 5277] <... rseq resumed>) = 0 [pid 5276] <... clone3 resumed> => {parent_tid=[5277]}, 88) = 5277 [pid 5252] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5247] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5277] set_robust_list(0x7f41770849a0, 24 [pid 5276] rt_sigprocmask(SIG_SETMASK, [], [pid 5252] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5247] <... futex resumed>) = 0 [pid 5277] <... set_robust_list resumed>) = 0 [pid 5276] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5252] mkdir(".", 0777 [pid 5247] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5277] rt_sigprocmask(SIG_SETMASK, [], [pid 5276] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5252] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5277] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5277] memfd_create("syzkaller", 0 [pid 5276] <... futex resumed>) = 0 [ 81.573010][ T5275] BTRFS error (device loop3: state M): unrecognized mount option '18446744073709551615017777777777777777777770177777777777777777777718446744073709551615lbZ~Ƣ8žH~אa*Oѓ< 5^Sus%e [ 81.573010][ T5275] /ĖEaofmߚtҮ~г#a C$n-SGWmxeGy|sL=~ä_;N' [ 81.603561][ T5252] FAULT_INJECTION: forcing a failure. [ 81.603561][ T5252] name failslab, interval 1, probability 0, space 0, times 0 [pid 5252] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5276] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5277] <... memfd_create resumed>) = 3 [pid 5277] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f416ec64000 [ 81.618010][ T5256] BTRFS warning: duplicate device /dev/loop1 devid 1 generation 8 scanned by syz-executor340 (5256) [ 81.638567][ T5252] CPU: 0 PID: 5252 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 81.649465][ T5252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 81.659627][ T5252] Call Trace: [ 81.662903][ T5252] [ 81.665827][ T5252] dump_stack_lvl+0x1e7/0x2d0 [ 81.670502][ T5252] ? nf_tcp_handle_invalid+0x650/0x650 [ 81.676250][ T5252] ? panic+0x770/0x770 [ 81.680315][ T5252] ? __might_sleep+0xc0/0xc0 [ 81.685105][ T5252] should_fail_ex+0x3aa/0x4e0 [ 81.689884][ T5252] should_failslab+0x9/0x20 [ 81.694472][ T5252] slab_pre_alloc_hook+0x59/0x310 [ 81.699523][ T5252] ? __might_sleep+0xc0/0xc0 [ 81.704110][ T5252] kmem_cache_alloc+0x52/0x300 [ 81.708903][ T5252] ? getname_flags+0xbc/0x4f0 [ 81.713586][ T5252] getname_flags+0xbc/0x4f0 [ 81.718430][ T5252] user_path_at_empty+0x2c/0x60 [ 81.723373][ T5252] __se_sys_mount+0x29a/0x3c0 [ 81.728049][ T5252] ? __x64_sys_mount+0xc0/0xc0 [ 81.732893][ T5252] ? syscall_enter_from_user_mode+0x32/0x230 [ 81.738872][ T5252] ? __x64_sys_mount+0x20/0xc0 [ 81.743631][ T5252] do_syscall_64+0x41/0xc0 [ 81.748064][ T5252] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 81.753985][ T5252] RIP: 0033:0x7f41770c949a [ 81.758403][ T5252] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 81.779500][ T5252] RSP: 002b:00007f4177084028 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 81.788017][ T5252] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f41770c949a [ 81.796176][ T5252] RDX: 0000000020000180 RSI: 0000000020000100 RDI: 0000000000000000 [ 81.804235][ T5252] RBP: 0000000020000180 R08: 00007f41770840c0 R09: 0000000000000000 [ 81.812289][ T5252] R10: 0000000001a404bc R11: 0000000000000286 R12: 0000000000000000 [pid 5275] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5274] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5256] <... mount resumed>) = -1 EEXIST (File exists) [pid 5275] futex(0x7f41771546dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5256] ioctl(4, LOOP_CLR_FD [pid 5275] <... futex resumed>) = 1 [pid 5252] <... mount resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 5246] <... futex resumed>) = 0 [pid 5275] futex(0x7f41771546d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5246] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5249] <... futex resumed>) = 0 [pid 5246] <... futex resumed>) = 1 [pid 5252] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5249] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5246] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5252] <... futex resumed>) = 1 [pid 5249] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5249] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5252] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5249] <... futex resumed>) = 1 [pid 5246] <... futex resumed>) = 0 [pid 5249] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5246] exit_group(0 [pid 5247] <... futex resumed>) = 0 [pid 5247] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 81.820515][ T5252] R13: 0000000020000100 R14: 0000000000000000 R15: 00007f41770840c0 [ 81.828581][ T5252] [pid 5247] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5252] <... futex resumed>) = 0 [pid 5252] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5275] <... futex resumed>) = ? [pid 5252] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5249] <... futex resumed>) = ? [pid 5246] <... exit_group resumed>) = ? [pid 5275] +++ exited with 0 +++ [pid 5249] +++ exited with 0 +++ [pid 5246] +++ exited with 0 +++ [pid 5028] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5246, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=31 /* 0.31 s */} --- [pid 5252] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5252] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5247] <... futex resumed>) = 0 [pid 5247] exit_group(0 [pid 5252] <... futex resumed>) = ? [pid 5247] <... exit_group resumed>) = ? [pid 5252] +++ exited with 0 +++ [pid 5247] +++ exited with 0 +++ [pid 5029] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5247, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=34 /* 0.34 s */} --- [pid 5028] umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5029] umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5028] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5029] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5028] <... openat resumed>) = 3 [pid 5029] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5028] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5028] getdents64(3, 0x555555981730 /* 4 entries */, 32768) = 104 [pid 5028] umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5029] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 81.925508][ T778] cfg80211: failed to load regulatory.db [pid 5029] getdents64(3, 0x555555981730 /* 4 entries */, 32768) = 104 [pid 5029] umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5029] newfstatat(AT_FDCWD, "./7/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5029] umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5029] openat(AT_FDCWD, "./7/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5277] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5029] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5029] getdents64(4, 0x555555989770 /* 2 entries */, 32768) = 48 [pid 5029] getdents64(4, 0x555555989770 /* 0 entries */, 32768) = 0 [pid 5029] close(4) = 0 [pid 5028] <... umount2 resumed>) = 0 [pid 5029] rmdir("./7/bus" [pid 5028] umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5028] newfstatat(AT_FDCWD, "./6/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5028] umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5029] <... rmdir resumed>) = 0 [pid 5029] umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5028] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5028] openat(AT_FDCWD, "./6/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5028] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5028] getdents64(4, 0x555555989770 /* 2 entries */, 32768) = 48 [pid 5028] getdents64(4, 0x555555989770 /* 0 entries */, 32768) = 0 [pid 5028] close(4) = 0 [pid 5028] rmdir("./6/bus") = 0 [pid 5029] newfstatat(AT_FDCWD, "./7/binderfs", [pid 5028] umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5029] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5029] unlink("./7/binderfs" [pid 5028] newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5029] <... unlink resumed>) = 0 [pid 5028] unlink("./6/binderfs") = 0 [pid 5029] getdents64(3, [pid 5028] getdents64(3, 0x555555981730 /* 0 entries */, 32768) = 0 [pid 5028] close(3) = 0 [pid 5028] rmdir("./6") = 0 [pid 5028] mkdir("./7", 0777) = 0 [pid 5028] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5028] ioctl(3, LOOP_CLR_FD) = 0 [pid 5028] close(3) = 0 [pid 5028] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5279 attached [pid 5029] <... getdents64 resumed>0x555555981730 /* 0 entries */, 32768) = 0 [pid 5279] set_robust_list(0x5555559806a0, 24 [pid 5029] close(3 [pid 5028] <... clone resumed>, child_tidptr=0x555555980690) = 5279 [pid 5029] <... close resumed>) = 0 [pid 5279] <... set_robust_list resumed>) = 0 [pid 5279] chdir("./7" [pid 5029] rmdir("./7") = 0 [pid 5279] <... chdir resumed>) = 0 [pid 5279] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5029] mkdir("./8", 0777 [pid 5279] setpgid(0, 0 [pid 5029] <... mkdir resumed>) = 0 [pid 5279] <... setpgid resumed>) = 0 [pid 5029] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5279] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5029] <... openat resumed>) = 3 [pid 5279] <... openat resumed>) = 3 [pid 5029] ioctl(3, LOOP_CLR_FD [pid 5279] write(3, "1000", 4 [pid 5029] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5029] close(3 [pid 5279] <... write resumed>) = 4 [pid 5279] close(3) = 0 [pid 5279] symlink("/dev/binderfs", "./binderfs" [pid 5029] <... close resumed>) = 0 [pid 5279] <... symlink resumed>) = 0 [pid 5279] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5257] <... ioctl resumed>) = 0 [pid 5029] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5280 attached [pid 5279] <... futex resumed>) = 0 [pid 5257] close(4 [pid 5029] <... clone resumed>, child_tidptr=0x555555980690) = 5280 [pid 5279] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, [pid 5257] <... close resumed>) = 0 [pid 5280] set_robust_list(0x5555559806a0, 24 [pid 5279] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5257] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5280] <... set_robust_list resumed>) = 0 [pid 5279] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5257] <... futex resumed>) = 1 [pid 5255] <... futex resumed>) = 0 [pid 5279] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5257] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5255] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5279] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5257] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5255] <... futex resumed>) = 0 [pid 5255] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5280] chdir("./8" [pid 5257] open("./file0", O_RDONLY [pid 5279] <... mmap resumed>) = 0x7f4177064000 [pid 5257] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 5280] <... chdir resumed>) = 0 [pid 5279] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE [pid 5257] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5280] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5257] <... futex resumed>) = 1 [pid 5279] <... mprotect resumed>) = 0 [pid 5255] <... futex resumed>) = 0 [pid 5255] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5280] <... prctl resumed>) = 0 [pid 5279] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5257] ioctl(-1, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5255] <... futex resumed>) = 0 [pid 5280] setpgid(0, 0 [pid 5257] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5255] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5279] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5279] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0} [pid 5257] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5255] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5281 attached [pid 5280] <... setpgid resumed>) = 0 [pid 5257] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5255] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5279] <... clone3 resumed> => {parent_tid=[5281]}, 88) = 5281 [pid 5257] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5255] <... futex resumed>) = 0 [pid 5257] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5255] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5257] <... openat resumed>) = 3 [pid 5279] rt_sigprocmask(SIG_SETMASK, [], [pid 5257] write(3, "15", 2) = 2 [pid 5279] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5281] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053 [pid 5280] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5279] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5257] creat("./bus", 000 [pid 5281] <... rseq resumed>) = 0 [pid 5279] <... futex resumed>) = 0 [pid 5257] <... creat resumed>) = -1 EISDIR (Is a directory) [pid 5281] set_robust_list(0x7f41770849a0, 24 [pid 5280] <... openat resumed>) = 3 [pid 5279] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5257] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5281] <... set_robust_list resumed>) = 0 [pid 5280] write(3, "1000", 4 [pid 5257] <... futex resumed>) = 1 [pid 5280] <... write resumed>) = 4 [pid 5257] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5281] rt_sigprocmask(SIG_SETMASK, [], [pid 5280] close(3 [pid 5255] <... futex resumed>) = 0 [pid 5281] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5280] <... close resumed>) = 0 [pid 5255] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5280] symlink("/dev/binderfs", "./binderfs" [pid 5255] <... futex resumed>) = 1 [pid 5281] memfd_create("syzkaller", 0 [pid 5255] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5280] <... symlink resumed>) = 0 [pid 5257] <... futex resumed>) = 0 [pid 5280] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5257] mkdir(".", 0777 [pid 5281] <... memfd_create resumed>) = 3 [pid 5257] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5257] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5281] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f416ec64000 [pid 5280] <... futex resumed>) = 0 [pid 5280] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, NULL, 8) = 0 [pid 5280] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5280] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4177064000 [ 82.262940][ T5257] FAULT_INJECTION: forcing a failure. [ 82.262940][ T5257] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 82.323855][ T5257] CPU: 1 PID: 5257 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 82.334330][ T5257] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 82.344867][ T5257] Call Trace: [ 82.348253][ T5257] [ 82.351197][ T5257] dump_stack_lvl+0x1e7/0x2d0 [ 82.356126][ T5257] ? nf_tcp_handle_invalid+0x650/0x650 [ 82.361640][ T5257] ? panic+0x770/0x770 [ 82.365750][ T5257] should_fail_ex+0x3aa/0x4e0 [ 82.370550][ T5257] strncpy_from_user+0x36/0x2e0 [ 82.375430][ T5257] getname_flags+0xf9/0x4f0 [ 82.379970][ T5257] user_path_at_empty+0x2c/0x60 [ 82.384847][ T5257] __se_sys_mount+0x29a/0x3c0 [ 82.389566][ T5257] ? __x64_sys_mount+0xc0/0xc0 [ 82.394356][ T5257] ? syscall_enter_from_user_mode+0x32/0x230 [ 82.400559][ T5257] ? __x64_sys_mount+0x20/0xc0 [ 82.405356][ T5257] do_syscall_64+0x41/0xc0 [ 82.409805][ T5257] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 82.413872][ T5256] FAULT_INJECTION: forcing a failure. [ 82.413872][ T5256] name failslab, interval 1, probability 0, space 0, times 0 [ 82.415896][ T5257] RIP: 0033:0x7f41770c949a [ 82.415918][ T5257] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 82.415931][ T5257] RSP: 002b:00007f4177084028 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 82.463827][ T5257] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f41770c949a [pid 5280] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5256] <... ioctl resumed>) = 0 [pid 5256] close(4) = 0 [pid 5256] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5254] <... futex resumed>) = 0 [pid 5254] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5254] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5256] open("./file0", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5256] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5254] <... futex resumed>) = 0 [pid 5254] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5254] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5256] ioctl(-1, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = -1 EBADF (Bad file descriptor) [pid 5256] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5254] <... futex resumed>) = 0 [pid 5254] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5254] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5256] <... futex resumed>) = 1 [pid 5256] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3 [pid 5256] write(3, "15", 2) = 2 [pid 5256] creat("./bus", 000) = -1 EISDIR (Is a directory) [pid 5256] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5254] <... futex resumed>) = 0 [pid 5274] <... write resumed>) = 16777216 [pid 5254] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5274] munmap(0x7f416ec64000, 138412032 [pid 5256] mkdir(".", 0777 [pid 5254] <... futex resumed>) = 0 [pid 5256] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5254] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [ 82.471824][ T5257] RDX: 0000000020000180 RSI: 0000000020000100 RDI: 0000000000000000 [ 82.479820][ T5257] RBP: 0000000020000180 R08: 00007f41770840c0 R09: 0000000000000000 [ 82.487977][ T5257] R10: 0000000001a404bc R11: 0000000000000286 R12: 0000000000000000 [ 82.495945][ T5257] R13: 0000000020000100 R14: 0000000000000000 R15: 00007f41770840c0 [ 82.503922][ T5257] [pid 5256] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5280] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5274] <... munmap resumed>) = 0 [pid 5280] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5280] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0} => {parent_tid=[5282]}, 88) = 5282 [pid 5280] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5280] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 82.532090][ T5256] CPU: 0 PID: 5256 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 82.542670][ T5256] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 82.553095][ T5256] Call Trace: [ 82.556388][ T5256] [ 82.559424][ T5256] dump_stack_lvl+0x1e7/0x2d0 [ 82.564163][ T5256] ? nf_tcp_handle_invalid+0x650/0x650 [ 82.569664][ T5256] ? panic+0x770/0x770 [ 82.573862][ T5256] should_fail_ex+0x3aa/0x4e0 [ 82.578656][ T5256] should_failslab+0x9/0x20 [ 82.583416][ T5256] slab_pre_alloc_hook+0x59/0x310 [ 82.588486][ T5256] ? tomoyo_encode+0x26f/0x530 [ 82.593285][ T5256] __kmem_cache_alloc_node+0x4b/0x270 [ 82.598679][ T5256] ? arch_stack_walk+0x162/0x1a0 [ 82.603732][ T5256] ? tomoyo_encode+0x26f/0x530 [ 82.608705][ T5256] __kmalloc+0xa8/0x230 [ 82.613435][ T5256] tomoyo_encode+0x26f/0x530 [ 82.618072][ T5256] tomoyo_mount_permission+0x356/0xb80 [ 82.623619][ T5256] ? __stack_depot_save+0x20/0x650 [pid 5280] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [ 82.628762][ T5256] ? tomoyo_mount_permission+0x295/0xb80 [ 82.634449][ T5256] ? tomoyo_get_name+0x510/0x510 [ 82.639486][ T5256] security_sb_mount+0x8c/0xc0 [ 82.644293][ T5256] path_mount+0xb9/0xfa0 [ 82.648562][ T5256] ? kmem_cache_free+0x292/0x500 [ 82.653536][ T5256] ? user_path_at_empty+0x4c/0x60 [ 82.658583][ T5256] __se_sys_mount+0x2d9/0x3c0 [ 82.663354][ T5256] ? __x64_sys_mount+0xc0/0xc0 [ 82.668169][ T5256] ? syscall_enter_from_user_mode+0x32/0x230 [ 82.674198][ T5256] ? __x64_sys_mount+0x20/0xc0 [ 82.679028][ T5256] do_syscall_64+0x41/0xc0 [ 82.683481][ T5256] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 82.689403][ T5256] RIP: 0033:0x7f41770c949a [ 82.693934][ T5256] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 82.713660][ T5256] RSP: 002b:00007f4177084028 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 82.722210][ T5256] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f41770c949a [pid 5281] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5257] <... mount resumed>) = -1 EFAULT (Bad address) [pid 5257] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5274] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5257] <... futex resumed>) = 1 ./strace-static-x86_64: Process 5282 attached [pid 5274] <... openat resumed>) = 4 [pid 5282] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053) = 0 [pid 5274] ioctl(4, LOOP_SET_FD, 3 [ 82.730225][ T5256] RDX: 0000000020000180 RSI: 0000000020000100 RDI: 0000000000000000 [ 82.738317][ T5256] RBP: 0000000020000180 R08: 00007f41770840c0 R09: 0000000000000000 [ 82.746320][ T5256] R10: 0000000001a404bc R11: 0000000000000286 R12: 0000000000000000 [ 82.754504][ T5256] R13: 0000000020000100 R14: 0000000000000000 R15: 00007f41770840c0 [ 82.762785][ T5256] [pid 5282] set_robust_list(0x7f41770849a0, 24) = 0 [pid 5274] <... ioctl resumed>) = 0 [pid 5282] rt_sigprocmask(SIG_SETMASK, [], [pid 5274] close(3 [pid 5282] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5274] <... close resumed>) = 0 [pid 5282] memfd_create("syzkaller", 0 [pid 5274] mkdir("./bus", 0777 [pid 5282] <... memfd_create resumed>) = 3 [pid 5274] <... mkdir resumed>) = 0 [pid 5257] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5282] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5274] mount("/dev/loop5", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5282] <... mmap resumed>) = 0x7f416ec64000 [pid 5255] <... futex resumed>) = 0 [pid 5255] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5257] <... futex resumed>) = 0 [pid 5255] <... futex resumed>) = 1 [pid 5257] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5256] <... mount resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 5255] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5257] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5256] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5257] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5256] <... futex resumed>) = 1 [pid 5254] <... futex resumed>) = 0 [pid 5257] <... futex resumed>) = 1 [pid 5256] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5255] <... futex resumed>) = 0 [pid 5254] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5257] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5256] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5255] exit_group(0 [pid 5257] <... futex resumed>) = ? [pid 5256] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5255] <... exit_group resumed>) = ? [pid 5257] +++ exited with 0 +++ [pid 5256] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5255] +++ exited with 0 +++ [pid 5254] <... futex resumed>) = 0 [pid 5256] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5254] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5256] <... futex resumed>) = 0 [pid 5254] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5027] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5255, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=57 /* 0.57 s */} --- [pid 5256] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5254] exit_group(0 [pid 5027] restart_syscall(<... resuming interrupted clone ...> [pid 5256] <... futex resumed>) = ? [pid 5254] <... exit_group resumed>) = ? [pid 5027] <... restart_syscall resumed>) = 0 [pid 5256] +++ exited with 0 +++ [pid 5027] umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5254] +++ exited with 0 +++ [pid 5027] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5027] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5026] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5254, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=40 /* 0.40 s */} --- [pid 5027] <... openat resumed>) = 3 [pid 5026] restart_syscall(<... resuming interrupted clone ...> [pid 5027] newfstatat(3, "", [pid 5026] <... restart_syscall resumed>) = 0 [pid 5027] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5027] getdents64(3, 0x555555981730 /* 4 entries */, 32768) = 104 [pid 5026] umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5027] umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5026] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5027] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 82.793597][ T5274] loop5: detected capacity change from 0 to 32768 [ 82.804657][ T5274] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop5 scanned by syz-executor340 (5274) [pid 5026] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5027] newfstatat(AT_FDCWD, "./6/bus", [pid 5026] <... openat resumed>) = 3 [pid 5027] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5026] newfstatat(3, "", [pid 5027] umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5026] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5027] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5026] getdents64(3, [pid 5027] openat(AT_FDCWD, "./6/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5026] <... getdents64 resumed>0x555555981730 /* 4 entries */, 32768) = 104 [pid 5027] <... openat resumed>) = 4 [pid 5026] umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5027] newfstatat(4, "", [pid 5026] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5027] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5026] newfstatat(AT_FDCWD, "./7/bus", [pid 5027] getdents64(4, [pid 5026] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5027] <... getdents64 resumed>0x555555989770 /* 2 entries */, 32768) = 48 [pid 5026] umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5027] getdents64(4, [pid 5026] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5027] <... getdents64 resumed>0x555555989770 /* 0 entries */, 32768) = 0 [pid 5026] openat(AT_FDCWD, "./7/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5027] close(4 [pid 5026] <... openat resumed>) = 4 [pid 5027] <... close resumed>) = 0 [pid 5026] newfstatat(4, "", [pid 5027] rmdir("./6/bus" [pid 5026] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5027] <... rmdir resumed>) = 0 [pid 5026] getdents64(4, [pid 5027] umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5026] <... getdents64 resumed>0x555555989770 /* 2 entries */, 32768) = 48 [pid 5027] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5026] getdents64(4, [pid 5027] newfstatat(AT_FDCWD, "./6/binderfs", [pid 5026] <... getdents64 resumed>0x555555989770 /* 0 entries */, 32768) = 0 [pid 5027] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5026] close(4 [pid 5027] unlink("./6/binderfs" [pid 5026] <... close resumed>) = 0 [pid 5027] <... unlink resumed>) = 0 [pid 5026] rmdir("./7/bus" [pid 5027] getdents64(3, [pid 5026] <... rmdir resumed>) = 0 [pid 5027] <... getdents64 resumed>0x555555981730 /* 0 entries */, 32768) = 0 [pid 5026] umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5027] close(3 [pid 5026] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5027] <... close resumed>) = 0 [pid 5026] newfstatat(AT_FDCWD, "./7/binderfs", [pid 5027] rmdir("./6" [pid 5026] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5027] <... rmdir resumed>) = 0 [pid 5026] unlink("./7/binderfs" [pid 5027] mkdir("./7", 0777 [pid 5026] <... unlink resumed>) = 0 [pid 5027] <... mkdir resumed>) = 0 [pid 5026] getdents64(3, 0x555555981730 /* 0 entries */, 32768) = 0 [pid 5026] close(3 [pid 5027] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5026] <... close resumed>) = 0 [pid 5026] rmdir("./7" [pid 5027] <... openat resumed>) = 3 [pid 5026] <... rmdir resumed>) = 0 [pid 5026] mkdir("./8", 0777 [pid 5027] ioctl(3, LOOP_CLR_FD [pid 5026] <... mkdir resumed>) = 0 [pid 5026] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5027] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5026] <... openat resumed>) = 3 [ 82.855681][ T5274] BTRFS info (device loop5): using crc32c (crc32c-intel) checksum algorithm [ 82.889609][ T5274] BTRFS info (device loop5): doing ref verification [pid 5027] close(3 [pid 5026] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5277] <... write resumed>) = 16777216 [pid 5026] close(3) = 0 [pid 5026] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5277] munmap(0x7f416ec64000, 138412032 [pid 5027] <... close resumed>) = 0 [pid 5026] <... clone resumed>, child_tidptr=0x555555980690) = 5283 ./strace-static-x86_64: Process 5283 attached [pid 5283] set_robust_list(0x5555559806a0, 24) = 0 [pid 5283] chdir("./8") = 0 [pid 5283] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5283] setpgid(0, 0) = 0 [pid 5277] <... munmap resumed>) = 0 [pid 5027] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555980690) = 5284 ./strace-static-x86_64: Process 5284 attached [pid 5284] set_robust_list(0x5555559806a0, 24) = 0 [pid 5284] chdir("./7") = 0 [pid 5284] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5283] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5283] write(3, "1000", 4) = 4 [pid 5283] close(3) = 0 [pid 5284] <... prctl resumed>) = 0 [pid 5284] setpgid(0, 0 [pid 5283] symlink("/dev/binderfs", "./binderfs" [pid 5284] <... setpgid resumed>) = 0 [pid 5283] <... symlink resumed>) = 0 [pid 5277] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5284] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5283] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5283] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, [pid 5284] <... openat resumed>) = 3 [pid 5283] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5284] write(3, "1000", 4 [pid 5283] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5277] <... openat resumed>) = 4 [pid 5284] <... write resumed>) = 4 [pid 5283] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5277] ioctl(4, LOOP_SET_FD, 3 [ 82.922114][ T5274] BTRFS warning (device loop5): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 82.956636][ T5274] BTRFS info (device loop5): force zlib compression, level 3 [pid 5283] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4177064000 [pid 5283] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5283] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5283] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0} [pid 5284] close(3./strace-static-x86_64: Process 5285 attached [pid 5283] <... clone3 resumed> => {parent_tid=[5285]}, 88) = 5285 [pid 5284] <... close resumed>) = 0 [pid 5284] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5285] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053 [pid 5283] rt_sigprocmask(SIG_SETMASK, [], [pid 5285] <... rseq resumed>) = 0 [pid 5285] set_robust_list(0x7f41770849a0, 24 [pid 5283] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5285] <... set_robust_list resumed>) = 0 [pid 5285] rt_sigprocmask(SIG_SETMASK, [], [pid 5283] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5285] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5285] memfd_create("syzkaller", 0 [pid 5284] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5283] <... futex resumed>) = 0 [pid 5283] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5285] <... memfd_create resumed>) = 3 [pid 5285] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f416ec64000 [pid 5284] <... futex resumed>) = 0 [pid 5284] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, NULL, 8) = 0 [pid 5277] <... ioctl resumed>) = 0 [pid 5284] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5277] close(3) = 0 [pid 5284] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5277] mkdir("./bus", 0777) = 0 [pid 5284] <... mmap resumed>) = 0x7f4177064000 [pid 5277] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [ 82.975523][ T5277] loop0: detected capacity change from 0 to 32768 [ 82.989867][ T5274] BTRFS info (device loop5): allowing degraded mounts [ 83.010988][ T5277] BTRFS warning: duplicate device /dev/loop0 devid 1 generation 8 scanned by syz-executor340 (5277) [pid 5284] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5284] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5284] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0}./strace-static-x86_64: Process 5287 attached [pid 5287] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053 [pid 5284] <... clone3 resumed> => {parent_tid=[5287]}, 88) = 5287 [pid 5287] <... rseq resumed>) = 0 [pid 5284] rt_sigprocmask(SIG_SETMASK, [], [pid 5287] set_robust_list(0x7f41770849a0, 24 [pid 5284] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5287] <... set_robust_list resumed>) = 0 [pid 5284] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5287] rt_sigprocmask(SIG_SETMASK, [], [pid 5284] <... futex resumed>) = 0 [pid 5287] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5284] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5277] <... mount resumed>) = -1 EEXIST (File exists) [pid 5287] memfd_create("syzkaller", 0) = 3 [pid 5277] ioctl(4, LOOP_CLR_FD [pid 5287] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f416ec64000 [pid 5281] <... write resumed>) = 16777216 [ 83.042339][ T5274] BTRFS info (device loop5): using free space tree [pid 5281] munmap(0x7f416ec64000, 138412032) = 0 [pid 5281] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5281] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5281] close(3) = 0 [pid 5281] mkdir("./bus", 0777 [pid 5282] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5281] <... mkdir resumed>) = 0 [ 83.137236][ T5281] loop3: detected capacity change from 0 to 32768 [ 83.165915][ T5274] BTRFS info (device loop5): auto enabling async discard [pid 5281] mount("/dev/loop3", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = -1 EEXIST (File exists) [ 83.183426][ T5281] BTRFS warning: duplicate device /dev/loop3 devid 1 generation 8 scanned by syz-executor340 (5281) [pid 5281] ioctl(4, LOOP_CLR_FD [pid 5274] <... mount resumed>) = 0 [pid 5274] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5274] chdir("./bus") = 0 [pid 5274] ioctl(4, LOOP_CLR_FD) = 0 [pid 5274] close(4) = 0 [pid 5274] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5285] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5274] <... futex resumed>) = 1 [pid 5273] <... futex resumed>) = 0 [pid 5273] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5273] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5274] open("./file0", O_RDONLY) = 4 [pid 5274] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5273] <... futex resumed>) = 0 [pid 5273] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5273] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5274] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5273] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5273] futex(0x7f41771546dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5273] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5274] <... ioctl resumed>) = 0 [pid 5273] <... mmap resumed>) = 0x7f4177043000 [pid 5273] mprotect(0x7f4177044000, 131072, PROT_READ|PROT_WRITE [pid 5274] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5273] <... mprotect resumed>) = 0 [pid 5274] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5273] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5273] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177063990, parent_tid=0x7f4177063990, exit_signal=0, stack=0x7f4177043000, stack_size=0x20300, tls=0x7f41770636c0}./strace-static-x86_64: Process 5303 attached [pid 5303] rseq(0x7f4177063fe0, 0x20, 0, 0x53053053) = 0 [pid 5303] set_robust_list(0x7f41770639a0, 24) = 0 [pid 5303] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5303] futex(0x7f41771546d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5273] <... clone3 resumed> => {parent_tid=[5303]}, 88) = 5303 [pid 5273] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5273] futex(0x7f41771546d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5303] <... futex resumed>) = 0 [pid 5273] <... futex resumed>) = 1 [pid 5273] futex(0x7f41771546dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5303] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5287] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5303] <... openat resumed>) = 5 [pid 5303] write(5, "15", 2) = 2 [pid 5303] creat("./bus", 000 [pid 5273] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5273] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5274] <... futex resumed>) = 0 [pid 5273] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5274] mkdir(".", 0777) = -1 EEXIST (File exists) [ 83.441532][ T2402] BTRFS info (device loop5): qgroup scan completed (inconsistency flag cleared) [ 83.454971][ T5303] FAULT_INJECTION: forcing a failure. [ 83.454971][ T5303] name failslab, interval 1, probability 0, space 0, times 0 [ 83.492545][ T5303] CPU: 0 PID: 5303 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 83.503034][ T5303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 83.513474][ T5303] Call Trace: [ 83.516809][ T5303] [ 83.519761][ T5303] dump_stack_lvl+0x1e7/0x2d0 [ 83.524480][ T5303] ? nf_tcp_handle_invalid+0x650/0x650 [ 83.529981][ T5303] ? panic+0x770/0x770 [ 83.534184][ T5303] ? __might_sleep+0xc0/0xc0 [pid 5274] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5277] <... ioctl resumed>) = 0 [pid 5277] close(4) = 0 [ 83.538824][ T5303] should_fail_ex+0x3aa/0x4e0 [ 83.543552][ T5303] should_failslab+0x9/0x20 [ 83.548093][ T5303] slab_pre_alloc_hook+0x59/0x310 [ 83.553330][ T5303] kmem_cache_alloc+0x52/0x300 [ 83.558210][ T5303] ? alloc_extent_state+0x25/0x2e0 [ 83.563358][ T5303] alloc_extent_state+0x25/0x2e0 [ 83.568351][ T5303] __set_extent_bit+0x1c8/0x1b00 [ 83.573327][ T5303] ? __down_write_common+0x161/0x200 [ 83.578738][ T5303] ? PageUptodate+0xd7/0x290 [ 83.583350][ T5303] ? __write_extent_buffer+0x20f/0x410 [pid 5277] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5277] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5276] <... futex resumed>) = 0 [pid 5276] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 83.588843][ T5303] ? __asan_memcpy+0x40/0x70 [ 83.593726][ T5303] set_extent_bit+0x3b/0x50 [ 83.598266][ T5303] btrfs_alloc_tree_block+0xaf5/0x1800 [ 83.603778][ T5303] ? alloc_reserved_file_extent+0x5e0/0x5e0 [ 83.609888][ T5303] ? mark_lock+0x9a/0x340 [ 83.614332][ T5303] ? read_extent_buffer+0x11f/0x2a0 [ 83.619646][ T5303] ? __asan_memcpy+0x40/0x70 [ 83.624272][ T5303] __btrfs_cow_block+0x465/0x1a90 [ 83.629363][ T5303] ? btrfs_cow_block+0xa10/0xa10 [ 83.634505][ T5303] ? btrfs_qgroup_add_swapped_blocks+0x750/0x7f0 [pid 5276] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5277] <... futex resumed>) = 0 [pid 5277] open("./file0", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5277] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5276] <... futex resumed>) = 0 [pid 5277] ioctl(-1, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5276] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5277] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5276] <... futex resumed>) = 0 [pid 5277] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5276] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5277] <... futex resumed>) = 0 [pid 5276] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5277] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5276] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5277] <... openat resumed>) = 3 [pid 5276] <... futex resumed>) = 0 [pid 5277] write(3, "15", 2 [pid 5276] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5277] <... write resumed>) = 2 [pid 5277] creat("./bus", 000) = -1 EISDIR (Is a directory) [pid 5281] <... ioctl resumed>) = 0 [pid 5277] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5276] <... futex resumed>) = 0 [pid 5277] mkdir(".", 0777 [pid 5276] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5277] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5276] <... futex resumed>) = 0 [ 83.640876][ T5303] ? rcu_is_watching+0x15/0xb0 [ 83.645793][ T5303] btrfs_cow_block+0x35e/0xa10 [ 83.650612][ T5303] btrfs_search_slot+0xbf9/0x2f80 [ 83.655725][ T5303] ? btrfs_find_item+0x5c0/0x5c0 [ 83.660824][ T5303] ? btrfs_create_new_inode+0xd73/0x2710 [ 83.666593][ T5303] ? __lock_acquire+0x7f70/0x7f70 [ 83.671667][ T5303] ? do_raw_spin_lock+0x14d/0x3a0 [ 83.676834][ T5303] ? do_raw_spin_unlock+0x13b/0x8b0 [ 83.682077][ T5303] btrfs_insert_empty_items+0x9c/0x180 [ 83.685731][ T5277] FAULT_INJECTION: forcing a failure. [pid 5277] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5276] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5281] close(4) = 0 [pid 5281] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5281] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5279] <... futex resumed>) = 0 [pid 5279] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5281] <... futex resumed>) = 0 [pid 5279] <... futex resumed>) = 1 [pid 5281] open("./file0", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5281] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5281] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [ 83.685731][ T5277] name failslab, interval 1, probability 0, space 0, times 0 [ 83.687551][ T5303] btrfs_create_new_inode+0x10b3/0x2710 [ 83.705718][ T5303] ? btrfs_new_inode_args_destroy+0x160/0x160 [ 83.711869][ T5303] btrfs_create_common+0x1f9/0x300 [ 83.717212][ T5303] ? btrfs_tmpfile+0x4e0/0x4e0 [ 83.722008][ T5303] ? do_raw_spin_unlock+0x13b/0x8b0 [ 83.727285][ T5303] ? btrfs_create+0x75/0x140 [ 83.731922][ T5303] ? btrfs_lookup+0x40/0x40 [ 83.736544][ T5303] path_openat+0x13e7/0x3180 [pid 5279] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [ 83.741196][ T5303] ? do_filp_open+0x490/0x490 [ 83.746031][ T5303] do_filp_open+0x234/0x490 [ 83.750571][ T5303] ? vfs_tmpfile+0x4b0/0x4b0 [ 83.755233][ T5303] ? _raw_spin_unlock+0x28/0x40 [ 83.760112][ T5303] ? alloc_fd+0x59c/0x640 [ 83.764544][ T5303] do_sys_openat2+0x13e/0x1d0 [ 83.769262][ T5303] ? do_sys_open+0x230/0x230 [ 83.773898][ T5303] ? _raw_spin_unlock_irq+0x2e/0x50 [ 83.779226][ T5303] ? ptrace_notify+0x278/0x380 [ 83.784023][ T5303] __x64_sys_creat+0x123/0x160 [pid 5279] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5281] <... futex resumed>) = 0 [pid 5279] <... futex resumed>) = 1 [pid 5281] ioctl(-1, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5279] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5281] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5281] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5279] <... futex resumed>) = 0 [pid 5281] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5279] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5281] <... openat resumed>) = 3 [pid 5279] <... futex resumed>) = 0 [pid 5281] write(3, "15", 2 [pid 5279] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5281] <... write resumed>) = 2 [pid 5281] creat("./bus", 000) = -1 EISDIR (Is a directory) [pid 5281] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5279] <... futex resumed>) = 0 [pid 5281] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5279] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5281] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5279] <... futex resumed>) = 0 [pid 5281] mkdir(".", 0777 [pid 5279] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5281] <... mkdir resumed>) = -1 EEXIST (File exists) [ 83.788856][ T5303] ? __x64_compat_sys_openat+0x290/0x290 [ 83.794603][ T5303] ? syscall_enter_from_user_mode+0x32/0x230 [ 83.799262][ T5281] FAULT_INJECTION: forcing a failure. [ 83.799262][ T5281] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 83.800780][ T5303] ? syscall_enter_from_user_mode+0x8c/0x230 [ 83.800822][ T5303] do_syscall_64+0x41/0xc0 [ 83.825602][ T5303] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 83.832011][ T5303] RIP: 0033:0x7f41770c8049 [ 83.836737][ T5303] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 83.856806][ T5303] RSP: 002b:00007f4177063208 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 83.865530][ T5303] RAX: ffffffffffffffda RBX: 00007f41771546d8 RCX: 00007f41770c8049 [ 83.873548][ T5303] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000040 [ 83.881722][ T5303] RBP: 00007f41771546d0 R08: 00007f4177062fa6 R09: 0000000000003531 [ 83.889717][ T5303] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f41771211d0 [ 83.897800][ T5303] R13: 00007f4177063210 R14: 0000000000000002 R15: 00007f417711c070 [ 83.905985][ T5303] [ 83.909009][ T5281] CPU: 1 PID: 5281 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 83.919473][ T5281] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 83.929548][ T5281] Call Trace: [ 83.932842][ T5281] [ 83.936229][ T5281] dump_stack_lvl+0x1e7/0x2d0 [ 83.941285][ T5281] ? nf_tcp_handle_invalid+0x650/0x650 [ 83.946764][ T5281] ? panic+0x770/0x770 [ 83.950944][ T5281] should_fail_ex+0x3aa/0x4e0 [ 83.955720][ T5281] strncpy_from_user+0x36/0x2e0 [ 83.961039][ T5281] getname_flags+0xf9/0x4f0 [ 83.965542][ T5281] user_path_at_empty+0x2c/0x60 [ 83.970659][ T5281] __se_sys_mount+0x29a/0x3c0 [ 83.975362][ T5281] ? __x64_sys_mount+0xc0/0xc0 [ 83.980499][ T5281] ? syscall_enter_from_user_mode+0x32/0x230 [ 83.986514][ T5281] ? __x64_sys_mount+0x20/0xc0 [ 83.991373][ T5281] do_syscall_64+0x41/0xc0 [ 83.995795][ T5281] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 84.001694][ T5281] RIP: 0033:0x7f41770c949a [ 84.006112][ T5281] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 84.026328][ T5281] RSP: 002b:00007f4177084028 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 84.034739][ T5281] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f41770c949a [ 84.042722][ T5281] RDX: 0000000020000180 RSI: 0000000020000100 RDI: 0000000000000000 [ 84.051451][ T5281] RBP: 0000000020000180 R08: 00007f41770840c0 R09: 0000000000000000 [ 84.059424][ T5281] R10: 0000000001a404bc R11: 0000000000000286 R12: 0000000000000000 [ 84.067616][ T5281] R13: 0000000020000100 R14: 0000000000000000 R15: 00007f41770840c0 [ 84.075676][ T5281] [ 84.092358][ T5277] CPU: 1 PID: 5277 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 84.102829][ T5277] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 84.113247][ T5277] Call Trace: [ 84.116534][ T5277] [ 84.119479][ T5277] dump_stack_lvl+0x1e7/0x2d0 [ 84.124303][ T5277] ? nf_tcp_handle_invalid+0x650/0x650 [ 84.129973][ T5277] ? panic+0x770/0x770 [ 84.134080][ T5277] should_fail_ex+0x3aa/0x4e0 [ 84.138958][ T5277] should_failslab+0x9/0x20 [ 84.143663][ T5277] slab_pre_alloc_hook+0x59/0x310 [ 84.149072][ T5277] ? tomoyo_encode+0x26f/0x530 [ 84.153920][ T5277] __kmem_cache_alloc_node+0x4b/0x270 [ 84.159315][ T5277] ? arch_stack_walk+0x162/0x1a0 [ 84.164280][ T5277] ? tomoyo_encode+0x26f/0x530 [ 84.169069][ T5277] __kmalloc+0xa8/0x230 [ 84.173351][ T5277] tomoyo_encode+0x26f/0x530 [ 84.177967][ T5277] tomoyo_mount_permission+0x356/0xb80 [ 84.183531][ T5277] ? __stack_depot_save+0x20/0x650 [ 84.188656][ T5277] ? tomoyo_mount_permission+0x295/0xb80 [ 84.194309][ T5277] ? tomoyo_get_name+0x510/0x510 [ 84.199318][ T5277] security_sb_mount+0x8c/0xc0 [ 84.204108][ T5277] path_mount+0xb9/0xfa0 [ 84.208365][ T5277] ? kmem_cache_free+0x292/0x500 [ 84.213314][ T5277] ? user_path_at_empty+0x4c/0x60 [ 84.218433][ T5277] __se_sys_mount+0x2d9/0x3c0 [ 84.223132][ T5277] ? __x64_sys_mount+0xc0/0xc0 [ 84.228000][ T5277] ? syscall_enter_from_user_mode+0x32/0x230 [ 84.234085][ T5277] ? __x64_sys_mount+0x20/0xc0 [ 84.238853][ T5277] do_syscall_64+0x41/0xc0 [ 84.243278][ T5277] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 84.249167][ T5277] RIP: 0033:0x7f41770c949a [ 84.253588][ T5277] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 84.273272][ T5277] RSP: 002b:00007f4177084028 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 84.281679][ T5277] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f41770c949a [ 84.289666][ T5277] RDX: 0000000020000180 RSI: 0000000020000100 RDI: 0000000000000000 [ 84.297650][ T5277] RBP: 0000000020000180 R08: 00007f41770840c0 R09: 0000000000000000 [ 84.305624][ T5277] R10: 0000000001a404bc R11: 0000000000000286 R12: 0000000000000000 [ 84.313677][ T5277] R13: 0000000020000100 R14: 0000000000000000 R15: 00007f41770840c0 [ 84.322001][ T5277] [pid 5281] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5285] <... write resumed>) = 16777216 [pid 5282] <... write resumed>) = 16777216 [pid 5285] munmap(0x7f416ec64000, 138412032 [pid 5282] munmap(0x7f416ec64000, 138412032) = 0 [pid 5285] <... munmap resumed>) = 0 [pid 5282] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5282] ioctl(4, LOOP_SET_FD, 3 [pid 5303] <... creat resumed>) = 6 [pid 5287] <... write resumed>) = 16777216 [pid 5285] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5303] futex(0x7f41771546dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5287] munmap(0x7f416ec64000, 138412032 [pid 5285] ioctl(4, LOOP_SET_FD, 3 [pid 5303] <... futex resumed>) = 0 [pid 5287] <... munmap resumed>) = 0 [pid 5303] futex(0x7f41771546d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5287] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5282] <... ioctl resumed>) = 0 [pid 5287] ioctl(4, LOOP_SET_FD, 3 [pid 5282] close(3) = 0 [pid 5282] mkdir("./bus", 0777 [pid 5285] <... ioctl resumed>) = 0 [pid 5282] <... mkdir resumed>) = 0 [pid 5285] close(3 [pid 5282] mount("/dev/loop4", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5285] <... close resumed>) = 0 [pid 5285] mkdir("./bus", 0777) = 0 [pid 5281] <... mount resumed>) = -1 EFAULT (Bad address) [pid 5285] mount("/dev/loop1", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5281] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5279] <... futex resumed>) = 0 [pid 5281] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5277] <... mount resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 5277] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5277] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5276] <... futex resumed>) = 0 [pid 5287] <... ioctl resumed>) = 0 [pid 5279] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5276] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5287] close(3 [pid 5279] <... futex resumed>) = 1 [pid 5276] <... futex resumed>) = 1 [pid 5287] <... close resumed>) = 0 [pid 5279] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5276] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5287] mkdir("./bus", 0777) = 0 [pid 5287] mount("/dev/loop2", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5277] <... futex resumed>) = 0 [ 84.390580][ T5282] loop4: detected capacity change from 0 to 32768 [ 84.403513][ T5285] loop1: detected capacity change from 0 to 32768 [ 84.430450][ T5287] loop2: detected capacity change from 0 to 32768 [pid 5277] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5281] <... futex resumed>) = 0 [pid 5277] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5277] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5277] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5276] <... futex resumed>) = 0 [pid 5276] exit_group(0 [pid 5281] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5276] <... exit_group resumed>) = ? [pid 5282] <... mount resumed>) = -1 EEXIST (File exists) [pid 5281] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5277] <... futex resumed>) = ? [ 84.447319][ T5274] BTRFS error (device loop5: state M): unrecognized mount option '18446744073709551615017777777777777777777770177777777777777777777718446744073709551615lbZ~Ƣ8žH~אa*Oѓ< 5^Sus%e [ 84.447319][ T5274] /ĖEaofmߚtҮ~г#a C$n-SGWmxeGy|sL=~ä_;N' [ 84.453894][ T5282] BTRFS warning: duplicate device /dev/loop4 devid 1 generation 8 scanned by syz-executor340 (5282) [pid 5281] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5277] +++ exited with 0 +++ [pid 5276] +++ exited with 0 +++ [pid 5025] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5276, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=42 /* 0.42 s */} --- [pid 5025] umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5025] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5025] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5025] getdents64(3, 0x555555981730 /* 4 entries */, 32768) = 104 [pid 5025] umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5025] newfstatat(AT_FDCWD, "./7/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5025] umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5025] openat(AT_FDCWD, "./7/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5025] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5281] <... futex resumed>) = 1 [pid 5025] getdents64(4, 0x555555989770 /* 2 entries */, 32768) = 48 [pid 5025] getdents64(4, [pid 5281] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5279] <... futex resumed>) = 0 [pid 5025] <... getdents64 resumed>0x555555989770 /* 0 entries */, 32768) = 0 [pid 5025] close(4 [pid 5274] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5279] exit_group(0 [pid 5274] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5273] <... futex resumed>) = 0 [pid 5279] <... exit_group resumed>) = ? [pid 5281] <... futex resumed>) = ? [pid 5273] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5281] +++ exited with 0 +++ [pid 5273] <... futex resumed>) = 0 [pid 5274] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5273] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5274] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5025] <... close resumed>) = 0 [pid 5274] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5025] rmdir("./7/bus" [pid 5279] +++ exited with 0 +++ [pid 5274] <... futex resumed>) = 1 [pid 5273] <... futex resumed>) = 0 [pid 5282] ioctl(4, LOOP_CLR_FD [pid 5274] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5273] exit_group(0 [pid 5028] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5279, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=35 /* 0.35 s */} --- [pid 5303] <... futex resumed>) = ? [pid 5274] <... futex resumed>) = ? [pid 5273] <... exit_group resumed>) = ? [pid 5025] <... rmdir resumed>) = 0 [pid 5303] +++ exited with 0 +++ [pid 5274] +++ exited with 0 +++ [pid 5273] +++ exited with 0 +++ [pid 5030] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5273, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=40 /* 0.40 s */} --- [pid 5028] umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5025] umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5028] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5025] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5028] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5025] newfstatat(AT_FDCWD, "./7/binderfs", [pid 5028] <... openat resumed>) = 3 [pid 5028] newfstatat(3, "", [pid 5025] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5028] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5028] getdents64(3, [pid 5025] unlink("./7/binderfs" [pid 5030] umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5028] <... getdents64 resumed>0x555555981730 /* 4 entries */, 32768) = 104 [pid 5030] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5028] umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5025] <... unlink resumed>) = 0 [pid 5030] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5028] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5030] <... openat resumed>) = 3 [pid 5028] newfstatat(AT_FDCWD, "./7/bus", [pid 5030] newfstatat(3, "", [pid 5028] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5025] getdents64(3, [pid 5030] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5028] umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5025] <... getdents64 resumed>0x555555981730 /* 0 entries */, 32768) = 0 [pid 5030] getdents64(3, [pid 5028] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5030] <... getdents64 resumed>0x555555981730 /* 4 entries */, 32768) = 104 [pid 5028] openat(AT_FDCWD, "./7/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5025] close(3 [pid 5030] umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5028] <... openat resumed>) = 4 [pid 5028] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5028] getdents64(4, 0x555555989770 /* 2 entries */, 32768) = 48 [pid 5028] getdents64(4, 0x555555989770 /* 0 entries */, 32768) = 0 [pid 5028] close(4) = 0 [pid 5028] rmdir("./7/bus") = 0 [pid 5028] umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5025] <... close resumed>) = 0 [pid 5028] newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5025] rmdir("./7" [pid 5287] <... mount resumed>) = -1 EEXIST (File exists) [pid 5285] <... mount resumed>) = -1 EEXIST (File exists) [pid 5028] unlink("./7/binderfs" [pid 5287] ioctl(4, LOOP_CLR_FD [pid 5285] ioctl(4, LOOP_CLR_FD [pid 5025] <... rmdir resumed>) = 0 [pid 5028] <... unlink resumed>) = 0 [pid 5025] mkdir("./8", 0777 [pid 5028] getdents64(3, 0x555555981730 /* 0 entries */, 32768) = 0 [pid 5028] close(3) = 0 [pid 5028] rmdir("./7") = 0 [pid 5028] mkdir("./8", 0777) = 0 [pid 5028] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5028] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5028] close(3 [pid 5025] <... mkdir resumed>) = 0 [pid 5028] <... close resumed>) = 0 [pid 5028] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555980690) = 5304 ./strace-static-x86_64: Process 5304 attached [pid 5025] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5304] set_robust_list(0x5555559806a0, 24 [pid 5025] ioctl(3, LOOP_CLR_FD [pid 5304] <... set_robust_list resumed>) = 0 [pid 5025] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5025] close(3) = 0 [pid 5304] chdir("./8") = 0 [pid 5304] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5304] setpgid(0, 0) = 0 [ 84.491443][ T5285] BTRFS warning: duplicate device /dev/loop1 devid 1 generation 8 scanned by syz-executor340 (5285) [ 84.515376][ T5287] BTRFS warning: duplicate device /dev/loop2 devid 1 generation 8 scanned by syz-executor340 (5287) [pid 5025] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5304] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5304] write(3, "1000", 4) = 4 [pid 5304] close(3) = 0 [pid 5304] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5304] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5304] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, NULL, 8) = 0 [pid 5304] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5304] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4177064000 [pid 5304] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5304] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5304] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0}./strace-static-x86_64: Process 5306 attached => {parent_tid=[5306]}, 88) = 5306 [pid 5306] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053 [pid 5304] rt_sigprocmask(SIG_SETMASK, [], [pid 5306] <... rseq resumed>) = 0 [pid 5304] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5025] <... clone resumed>, child_tidptr=0x555555980690) = 5305 [pid 5306] set_robust_list(0x7f41770849a0, 24./strace-static-x86_64: Process 5305 attached [pid 5304] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5306] <... set_robust_list resumed>) = 0 [pid 5304] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5306] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5306] memfd_create("syzkaller", 0 [pid 5305] set_robust_list(0x5555559806a0, 24 [pid 5306] <... memfd_create resumed>) = 3 [pid 5306] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f416ec64000 [pid 5305] <... set_robust_list resumed>) = 0 [pid 5305] chdir("./8") = 0 [pid 5305] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5305] setpgid(0, 0) = 0 [pid 5305] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5305] write(3, "1000", 4) = 4 [pid 5305] close(3) = 0 [pid 5305] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5305] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5305] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, NULL, 8) = 0 [pid 5305] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5305] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4177064000 [pid 5305] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5305] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5305] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0}./strace-static-x86_64: Process 5308 attached [pid 5308] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053 [pid 5305] <... clone3 resumed> => {parent_tid=[5308]}, 88) = 5308 [pid 5305] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5305] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5308] <... rseq resumed>) = 0 [pid 5308] set_robust_list(0x7f41770849a0, 24 [pid 5305] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5308] <... set_robust_list resumed>) = 0 [pid 5308] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5308] memfd_create("syzkaller", 0) = 3 [pid 5308] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f416ec64000 [pid 5282] <... ioctl resumed>) = 0 [pid 5282] close(4) = 0 [pid 5285] <... ioctl resumed>) = 0 [pid 5282] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5280] <... futex resumed>) = 0 [pid 5280] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5280] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5282] open("./file0", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5285] close(4 [pid 5282] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5285] <... close resumed>) = 0 [pid 5282] <... futex resumed>) = 1 [pid 5280] <... futex resumed>) = 0 [pid 5285] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5282] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5280] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5285] <... futex resumed>) = 1 [pid 5282] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5280] <... futex resumed>) = 0 [pid 5280] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5285] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5283] <... futex resumed>) = 0 [pid 5282] ioctl(-1, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5283] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5285] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5283] <... futex resumed>) = 0 [pid 5282] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5285] open("./file0", O_RDONLY [pid 5283] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5282] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5280] <... futex resumed>) = 0 [pid 5285] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 5282] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5280] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5282] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5280] <... futex resumed>) = 0 [pid 5282] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5280] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5285] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5282] <... openat resumed>) = 3 [pid 5306] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5285] <... futex resumed>) = 1 [pid 5283] <... futex resumed>) = 0 [pid 5282] write(3, "15", 2 [pid 5283] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5282] <... write resumed>) = 2 [pid 5283] <... futex resumed>) = 0 [pid 5282] creat("./bus", 000 [pid 5283] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5282] <... creat resumed>) = -1 EISDIR (Is a directory) [pid 5285] ioctl(-1, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5282] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5285] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5282] <... futex resumed>) = 1 [pid 5280] <... futex resumed>) = 0 [pid 5285] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5282] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5280] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5285] <... futex resumed>) = 1 [pid 5280] <... futex resumed>) = 0 [pid 5285] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5280] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5283] <... futex resumed>) = 0 [pid 5282] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5283] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5282] mkdir(".", 0777 [pid 5285] <... futex resumed>) = 0 [pid 5283] <... futex resumed>) = 1 [pid 5282] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5285] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5282] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5283] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5285] <... openat resumed>) = 3 [pid 5287] <... ioctl resumed>) = 0 [pid 5285] write(3, "15", 2) = 2 [pid 5285] creat("./bus", 000) = -1 EISDIR (Is a directory) [pid 5285] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5283] <... futex resumed>) = 0 [pid 5285] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5283] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5287] close(4 [pid 5285] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5283] <... futex resumed>) = 0 [pid 5285] mkdir(".", 0777 [pid 5283] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5285] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5285] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5287] <... close resumed>) = 0 [pid 5287] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5284] <... futex resumed>) = 0 [pid 5287] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5284] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5287] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5284] <... futex resumed>) = 0 [pid 5287] open("./file0", O_RDONLY [pid 5284] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5287] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 5287] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5284] <... futex resumed>) = 0 [pid 5287] ioctl(-1, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5284] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5287] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5284] <... futex resumed>) = 0 [pid 5287] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5284] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5287] <... futex resumed>) = 0 [pid 5284] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5287] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5284] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5287] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5284] <... futex resumed>) = 0 [pid 5287] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5284] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5308] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5287] <... openat resumed>) = 3 [pid 5287] write(3, "15", 2) = 2 [pid 5287] creat("./bus", 000) = -1 EISDIR (Is a directory) [pid 5287] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5284] <... futex resumed>) = 0 [pid 5287] mkdir(".", 0777 [pid 5284] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5287] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5284] <... futex resumed>) = 0 [pid 5287] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [ 85.034736][ T5282] FAULT_INJECTION: forcing a failure. [ 85.034736][ T5282] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 85.054943][ T5285] FAULT_INJECTION: forcing a failure. [ 85.054943][ T5285] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 85.075749][ T5287] FAULT_INJECTION: forcing a failure. [ 85.075749][ T5287] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 85.089541][ T5282] CPU: 1 PID: 5282 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 85.099986][ T5282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 85.110095][ T5282] Call Trace: [ 85.113388][ T5282] [ 85.116334][ T5282] dump_stack_lvl+0x1e7/0x2d0 [ 85.121038][ T5282] ? nf_tcp_handle_invalid+0x650/0x650 [ 85.126612][ T5282] ? panic+0x770/0x770 [ 85.130717][ T5282] should_fail_ex+0x3aa/0x4e0 [ 85.135426][ T5282] strncpy_from_user+0x36/0x2e0 [ 85.140306][ T5282] getname_flags+0xf9/0x4f0 [ 85.144835][ T5282] user_path_at_empty+0x2c/0x60 [ 85.149705][ T5282] __se_sys_mount+0x29a/0x3c0 [ 85.154510][ T5282] ? __x64_sys_mount+0xc0/0xc0 [ 85.159385][ T5282] ? syscall_enter_from_user_mode+0x32/0x230 [ 85.165484][ T5282] ? __x64_sys_mount+0x20/0xc0 [ 85.170276][ T5282] do_syscall_64+0x41/0xc0 [ 85.174750][ T5282] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 85.180752][ T5282] RIP: 0033:0x7f41770c949a [ 85.185276][ T5282] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 85.205172][ T5282] RSP: 002b:00007f4177084028 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 85.213664][ T5282] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f41770c949a [ 85.221830][ T5282] RDX: 0000000020000180 RSI: 0000000020000100 RDI: 0000000000000000 [pid 5284] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5030] <... umount2 resumed>) = 0 [pid 5030] umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5030] newfstatat(AT_FDCWD, "./6/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5030] umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5030] openat(AT_FDCWD, "./6/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5030] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5030] getdents64(4, 0x555555989770 /* 2 entries */, 32768) = 48 [pid 5030] getdents64(4, 0x555555989770 /* 0 entries */, 32768) = 0 [pid 5030] close(4) = 0 [pid 5030] rmdir("./6/bus") = 0 [pid 5030] umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5030] newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5030] unlink("./6/binderfs") = 0 [pid 5030] getdents64(3, 0x555555981730 /* 0 entries */, 32768) = 0 [pid 5030] close(3) = 0 [pid 5030] rmdir("./6") = 0 [pid 5030] mkdir("./7", 0777) = 0 [pid 5030] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5030] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5030] close(3) = 0 [pid 5030] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555980690) = 5309 ./strace-static-x86_64: Process 5309 attached [pid 5309] set_robust_list(0x5555559806a0, 24) = 0 [pid 5309] chdir("./7") = 0 [pid 5309] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5309] setpgid(0, 0) = 0 [pid 5309] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5309] write(3, "1000", 4) = 4 [pid 5309] close(3) = 0 [pid 5309] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5309] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5309] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, NULL, 8) = 0 [pid 5309] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5309] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4177064000 [pid 5309] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5309] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5309] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0} => {parent_tid=[5310]}, 88) = 5310 [pid 5309] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5309] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5309] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5310 attached [pid 5310] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053) = 0 [pid 5310] set_robust_list(0x7f41770849a0, 24) = 0 [pid 5310] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5310] memfd_create("syzkaller", 0) = 3 [pid 5310] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f416ec64000 [ 85.229816][ T5282] RBP: 0000000020000180 R08: 00007f41770840c0 R09: 0000000000000000 [ 85.237897][ T5282] R10: 0000000001a404bc R11: 0000000000000286 R12: 0000000000000000 [ 85.246327][ T5282] R13: 0000000020000100 R14: 0000000000000000 R15: 00007f41770840c0 [ 85.254360][ T5282] [ 85.257382][ T5287] CPU: 0 PID: 5287 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 85.267989][ T5287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 85.278314][ T5287] Call Trace: [ 85.281611][ T5287] [ 85.284548][ T5287] dump_stack_lvl+0x1e7/0x2d0 [ 85.289474][ T5287] ? nf_tcp_handle_invalid+0x650/0x650 [ 85.295204][ T5287] ? panic+0x770/0x770 [ 85.299272][ T5287] should_fail_ex+0x3aa/0x4e0 [ 85.304033][ T5287] strncpy_from_user+0x36/0x2e0 [ 85.308971][ T5287] getname_flags+0xf9/0x4f0 [ 85.313642][ T5287] user_path_at_empty+0x2c/0x60 [ 85.318484][ T5287] __se_sys_mount+0x29a/0x3c0 [ 85.323175][ T5287] ? __x64_sys_mount+0xc0/0xc0 [ 85.327931][ T5287] ? syscall_enter_from_user_mode+0x32/0x230 [ 85.333927][ T5287] ? __x64_sys_mount+0x20/0xc0 [ 85.338818][ T5287] do_syscall_64+0x41/0xc0 [ 85.343251][ T5287] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 85.349410][ T5287] RIP: 0033:0x7f41770c949a [ 85.353818][ T5287] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 85.375499][ T5287] RSP: 002b:00007f4177084028 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 85.383908][ T5287] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f41770c949a [ 85.391872][ T5287] RDX: 0000000020000180 RSI: 0000000020000100 RDI: 0000000000000000 [ 85.399949][ T5287] RBP: 0000000020000180 R08: 00007f41770840c0 R09: 0000000000000000 [ 85.408026][ T5287] R10: 0000000001a404bc R11: 0000000000000286 R12: 0000000000000000 [ 85.416017][ T5287] R13: 0000000020000100 R14: 0000000000000000 R15: 00007f41770840c0 [ 85.424265][ T5287] [ 85.432196][ T5285] CPU: 0 PID: 5285 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 85.443007][ T5285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 85.453156][ T5285] Call Trace: [ 85.456442][ T5285] [ 85.459480][ T5285] dump_stack_lvl+0x1e7/0x2d0 [ 85.464191][ T5285] ? nf_tcp_handle_invalid+0x650/0x650 [ 85.470096][ T5285] ? panic+0x770/0x770 [ 85.474716][ T5285] should_fail_ex+0x3aa/0x4e0 [ 85.479600][ T5285] strncpy_from_user+0x36/0x2e0 [ 85.484648][ T5285] getname_flags+0xf9/0x4f0 [ 85.489148][ T5285] user_path_at_empty+0x2c/0x60 [ 85.494081][ T5285] __se_sys_mount+0x29a/0x3c0 [ 85.498929][ T5285] ? __x64_sys_mount+0xc0/0xc0 [ 85.504036][ T5285] ? syscall_enter_from_user_mode+0x32/0x230 [ 85.510133][ T5285] ? __x64_sys_mount+0x20/0xc0 [ 85.514987][ T5285] do_syscall_64+0x41/0xc0 [ 85.519493][ T5285] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 85.525490][ T5285] RIP: 0033:0x7f41770c949a [ 85.529995][ T5285] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 85.550663][ T5285] RSP: 002b:00007f4177084028 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 85.559089][ T5285] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f41770c949a [ 85.567317][ T5285] RDX: 0000000020000180 RSI: 0000000020000100 RDI: 0000000000000000 [ 85.575457][ T5285] RBP: 0000000020000180 R08: 00007f41770840c0 R09: 0000000000000000 [pid 5287] <... mount resumed>) = -1 EFAULT (Bad address) [ 85.583422][ T5285] R10: 0000000001a404bc R11: 0000000000000286 R12: 0000000000000000 [ 85.591499][ T5285] R13: 0000000020000100 R14: 0000000000000000 R15: 00007f41770840c0 [ 85.599571][ T5285] [pid 5287] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5282] <... mount resumed>) = -1 EFAULT (Bad address) [pid 5287] <... futex resumed>) = 1 [pid 5284] <... futex resumed>) = 0 [pid 5282] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5284] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5282] <... futex resumed>) = 1 [pid 5280] <... futex resumed>) = 0 [pid 5287] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0) = -1 EBADF (Bad file descriptor) [pid 5280] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5287] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5280] <... futex resumed>) = 0 [pid 5284] <... futex resumed>) = 0 [pid 5284] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5280] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5287] <... futex resumed>) = 0 [pid 5287] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5284] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5284] exit_group(0 [pid 5282] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0) = -1 EBADF (Bad file descriptor) [pid 5284] <... exit_group resumed>) = ? [pid 5282] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5287] <... futex resumed>) = ? [pid 5287] +++ exited with 0 +++ [pid 5282] <... futex resumed>) = 1 [pid 5280] <... futex resumed>) = 0 [pid 5280] exit_group(0) = ? [pid 5282] +++ exited with 0 +++ [pid 5284] +++ exited with 0 +++ [pid 5027] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5284, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=41 /* 0.41 s */} --- [pid 5027] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5280] +++ exited with 0 +++ [pid 5029] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5280, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=34 /* 0.34 s */} --- [pid 5029] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5029] umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5027] umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5029] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5029] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5027] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5029] <... openat resumed>) = 3 [pid 5029] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5029] getdents64(3, 0x555555981730 /* 4 entries */, 32768) = 104 [pid 5027] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5029] umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5027] <... openat resumed>) = 3 [pid 5029] newfstatat(AT_FDCWD, "./8/bus", [pid 5027] newfstatat(3, "", [pid 5029] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5029] umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5027] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5029] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5310] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5029] openat(AT_FDCWD, "./8/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5027] getdents64(3, [pid 5029] <... openat resumed>) = 4 [pid 5029] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5029] getdents64(4, 0x555555989770 /* 2 entries */, 32768) = 48 [pid 5029] getdents64(4, 0x555555989770 /* 0 entries */, 32768) = 0 [pid 5029] close(4) = 0 [pid 5029] rmdir("./8/bus") = 0 [pid 5027] <... getdents64 resumed>0x555555981730 /* 4 entries */, 32768) = 104 [pid 5285] <... mount resumed>) = -1 EFAULT (Bad address) [pid 5029] umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5027] umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5285] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5029] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5027] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5285] <... futex resumed>) = 1 [pid 5283] <... futex resumed>) = 0 [pid 5029] newfstatat(AT_FDCWD, "./8/binderfs", [pid 5027] newfstatat(AT_FDCWD, "./7/bus", [pid 5285] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5283] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5029] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5283] <... futex resumed>) = 0 [pid 5029] unlink("./8/binderfs" [pid 5283] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5029] <... unlink resumed>) = 0 [pid 5029] getdents64(3, [pid 5285] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5029] <... getdents64 resumed>0x555555981730 /* 0 entries */, 32768) = 0 [pid 5285] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5029] close(3) = 0 [pid 5029] rmdir("./8") = 0 [pid 5285] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5029] mkdir("./9", 0777 [pid 5027] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5029] <... mkdir resumed>) = 0 [pid 5029] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5027] umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5029] <... openat resumed>) = 3 [pid 5285] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5029] ioctl(3, LOOP_CLR_FD [pid 5027] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5285] <... futex resumed>) = 1 [pid 5283] <... futex resumed>) = 0 [pid 5029] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5027] openat(AT_FDCWD, "./7/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5285] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5283] exit_group(0 [pid 5029] close(3 [pid 5285] <... futex resumed>) = ? [pid 5283] <... exit_group resumed>) = ? [pid 5029] <... close resumed>) = 0 [pid 5027] <... openat resumed>) = 4 [pid 5285] +++ exited with 0 +++ [pid 5029] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5311 attached [pid 5283] +++ exited with 0 +++ [pid 5311] set_robust_list(0x5555559806a0, 24 [pid 5029] <... clone resumed>, child_tidptr=0x555555980690) = 5311 [pid 5311] <... set_robust_list resumed>) = 0 [pid 5311] chdir("./9") = 0 [pid 5311] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5311] setpgid(0, 0) = 0 [pid 5311] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5311] write(3, "1000", 4) = 4 [pid 5311] close(3) = 0 [pid 5311] symlink("/dev/binderfs", "./binderfs" [pid 5027] newfstatat(4, "", [pid 5026] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5283, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=34 /* 0.34 s */} --- [pid 5027] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5026] umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5027] getdents64(4, [pid 5026] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5027] <... getdents64 resumed>0x555555989770 /* 2 entries */, 32768) = 48 [pid 5027] getdents64(4, 0x555555989770 /* 0 entries */, 32768) = 0 [pid 5027] close(4) = 0 [pid 5027] rmdir("./7/bus") = 0 [pid 5311] <... symlink resumed>) = 0 [pid 5027] umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5026] <... openat resumed>) = 3 [pid 5026] newfstatat(3, "", [pid 5027] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5311] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5027] newfstatat(AT_FDCWD, "./7/binderfs", [pid 5026] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5027] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5027] unlink("./7/binderfs") = 0 [pid 5311] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, NULL, 8) = 0 [pid 5027] getdents64(3, [pid 5026] getdents64(3, [pid 5027] <... getdents64 resumed>0x555555981730 /* 0 entries */, 32768) = 0 [pid 5026] <... getdents64 resumed>0x555555981730 /* 4 entries */, 32768) = 104 [pid 5027] close(3 [pid 5311] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5027] <... close resumed>) = 0 [pid 5027] rmdir("./7" [pid 5026] umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5311] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5311] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4177064000 [pid 5311] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5311] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5026] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5311] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0} [pid 5027] <... rmdir resumed>) = 0 [pid 5026] newfstatat(AT_FDCWD, "./8/bus", [pid 5027] mkdir("./8", 0777 [pid 5311] <... clone3 resumed> => {parent_tid=[5312]}, 88) = 5312 [pid 5026] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5311] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5311] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5027] <... mkdir resumed>) = 0 [pid 5026] umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5311] <... futex resumed>) = 0 [pid 5311] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5027] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5026] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5027] <... openat resumed>) = 3 [pid 5026] openat(AT_FDCWD, "./8/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5027] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 5312 attached ) = -1 ENXIO (No such device or address) [pid 5026] <... openat resumed>) = 4 [pid 5312] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053 [pid 5027] close(3 [pid 5026] newfstatat(4, "", [pid 5312] <... rseq resumed>) = 0 [pid 5027] <... close resumed>) = 0 [pid 5312] set_robust_list(0x7f41770849a0, 24 [pid 5027] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5026] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5312] <... set_robust_list resumed>) = 0 [pid 5312] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5026] getdents64(4, [pid 5312] memfd_create("syzkaller", 0) = 3 [pid 5026] <... getdents64 resumed>0x555555989770 /* 2 entries */, 32768) = 48 [pid 5312] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f416ec64000 ./strace-static-x86_64: Process 5313 attached [pid 5027] <... clone resumed>, child_tidptr=0x555555980690) = 5313 [pid 5026] getdents64(4, [pid 5313] set_robust_list(0x5555559806a0, 24 [pid 5026] <... getdents64 resumed>0x555555989770 /* 0 entries */, 32768) = 0 [pid 5313] <... set_robust_list resumed>) = 0 [pid 5026] close(4 [pid 5313] chdir("./8" [pid 5026] <... close resumed>) = 0 [pid 5026] rmdir("./8/bus") = 0 [pid 5026] umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5313] <... chdir resumed>) = 0 [pid 5026] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5313] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5026] newfstatat(AT_FDCWD, "./8/binderfs", [pid 5313] <... prctl resumed>) = 0 [pid 5313] setpgid(0, 0 [pid 5026] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5313] <... setpgid resumed>) = 0 [pid 5313] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5026] unlink("./8/binderfs") = 0 [pid 5313] <... openat resumed>) = 3 [pid 5313] write(3, "1000", 4 [pid 5026] getdents64(3, [pid 5313] <... write resumed>) = 4 [pid 5026] <... getdents64 resumed>0x555555981730 /* 0 entries */, 32768) = 0 [pid 5313] close(3) = 0 [pid 5026] close(3 [pid 5313] symlink("/dev/binderfs", "./binderfs" [pid 5026] <... close resumed>) = 0 [pid 5313] <... symlink resumed>) = 0 [pid 5026] rmdir("./8") = 0 [pid 5026] mkdir("./9", 0777 [pid 5306] <... write resumed>) = 16777216 [pid 5026] <... mkdir resumed>) = 0 [pid 5313] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5026] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5313] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, [pid 5026] <... openat resumed>) = 3 [pid 5026] ioctl(3, LOOP_CLR_FD [pid 5306] munmap(0x7f416ec64000, 138412032 [pid 5313] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5026] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5313] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5026] close(3 [pid 5313] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5306] <... munmap resumed>) = 0 [pid 5306] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5313] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5026] <... close resumed>) = 0 [pid 5306] <... openat resumed>) = 4 [pid 5306] ioctl(4, LOOP_SET_FD, 3 [pid 5026] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5313] <... mmap resumed>) = 0x7f4177064000 [pid 5308] <... write resumed>) = 16777216 [pid 5306] <... ioctl resumed>) = 0 ./strace-static-x86_64: Process 5314 attached [pid 5313] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE [pid 5308] munmap(0x7f416ec64000, 138412032 [pid 5313] <... mprotect resumed>) = 0 [pid 5026] <... clone resumed>, child_tidptr=0x555555980690) = 5314 [pid 5313] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5313] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0}./strace-static-x86_64: Process 5315 attached [pid 5315] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053) = 0 [pid 5315] set_robust_list(0x7f41770849a0, 24) = 0 [pid 5315] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5315] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5314] set_robust_list(0x5555559806a0, 24 [pid 5313] <... clone3 resumed> => {parent_tid=[5315]}, 88) = 5315 [pid 5313] rt_sigprocmask(SIG_SETMASK, [], [pid 5314] <... set_robust_list resumed>) = 0 [pid 5314] chdir("./9" [pid 5306] close(3 [pid 5314] <... chdir resumed>) = 0 [pid 5306] <... close resumed>) = 0 [pid 5314] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5306] mkdir("./bus", 0777 [pid 5314] <... prctl resumed>) = 0 [pid 5306] <... mkdir resumed>) = 0 [pid 5314] setpgid(0, 0 [pid 5313] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 85.924828][ T5306] loop3: detected capacity change from 0 to 32768 [pid 5314] <... setpgid resumed>) = 0 [pid 5313] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5308] <... munmap resumed>) = 0 [pid 5306] mount("/dev/loop3", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5315] <... futex resumed>) = 0 [pid 5314] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5313] <... futex resumed>) = 1 [pid 5308] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5315] memfd_create("syzkaller", 0 [pid 5313] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5315] <... memfd_create resumed>) = 3 [pid 5308] <... openat resumed>) = 4 [pid 5315] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5314] <... openat resumed>) = 3 [pid 5308] ioctl(4, LOOP_SET_FD, 3 [pid 5315] <... mmap resumed>) = 0x7f416ec64000 [pid 5314] write(3, "1000", 4 [pid 5308] <... ioctl resumed>) = 0 [pid 5314] <... write resumed>) = 4 [pid 5314] close(3 [pid 5308] close(3) = 0 [pid 5314] <... close resumed>) = 0 [pid 5308] mkdir("./bus", 0777) = 0 [pid 5314] symlink("/dev/binderfs", "./binderfs" [pid 5308] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5314] <... symlink resumed>) = 0 [pid 5314] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 85.968064][ T5306] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop3 scanned by syz-executor340 (5306) [ 85.985246][ T5308] loop0: detected capacity change from 0 to 32768 [pid 5314] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, NULL, 8) = 0 [pid 5314] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5314] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4177064000 [pid 5314] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5314] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5314] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0}./strace-static-x86_64: Process 5316 attached => {parent_tid=[5316]}, 88) = 5316 [pid 5314] rt_sigprocmask(SIG_SETMASK, [], [pid 5316] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053 [pid 5314] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5316] <... rseq resumed>) = 0 [pid 5314] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5316] set_robust_list(0x7f41770849a0, 24 [pid 5314] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5316] <... set_robust_list resumed>) = 0 [pid 5316] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5316] memfd_create("syzkaller", 0) = 3 [pid 5308] <... mount resumed>) = -1 EEXIST (File exists) [pid 5308] ioctl(4, LOOP_CLR_FD [pid 5316] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f416ec64000 [ 86.026722][ T5306] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 86.041893][ T5308] BTRFS warning: duplicate device /dev/loop0 devid 1 generation 8 scanned by syz-executor340 (5308) [ 86.051266][ T5306] BTRFS info (device loop3): doing ref verification [ 86.086148][ T5306] BTRFS warning (device loop3): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 86.120560][ T5306] BTRFS info (device loop3): force zlib compression, level 3 [pid 5310] <... write resumed>) = 16777216 [pid 5312] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5310] munmap(0x7f416ec64000, 138412032) = 0 [pid 5310] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [ 86.153095][ T5306] BTRFS info (device loop3): allowing degraded mounts [ 86.187462][ T5306] BTRFS info (device loop3): using free space tree [pid 5310] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5310] close(3) = 0 [pid 5310] mkdir("./bus", 0777) = 0 [pid 5310] mount("/dev/loop5", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5315] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5316] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5310] <... mount resumed>) = -1 EEXIST (File exists) [ 86.232943][ T5310] loop5: detected capacity change from 0 to 32768 [ 86.255816][ T5310] BTRFS warning: duplicate device /dev/loop5 devid 1 generation 8 scanned by syz-executor340 (5310) [ 86.443647][ T5306] BTRFS info (device loop3): auto enabling async discard [pid 5310] ioctl(4, LOOP_CLR_FD [pid 5312] <... write resumed>) = 16777216 [pid 5312] munmap(0x7f416ec64000, 138412032 [pid 5306] <... mount resumed>) = 0 [pid 5306] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5306] chdir("./bus") = 0 [pid 5306] ioctl(4, LOOP_CLR_FD) = 0 [pid 5306] close(4) = 0 [pid 5306] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5306] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5304] <... futex resumed>) = 0 [pid 5312] <... munmap resumed>) = 0 [pid 5304] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5304] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5312] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5308] <... ioctl resumed>) = 0 [pid 5306] <... futex resumed>) = 0 [pid 5312] <... openat resumed>) = 4 [pid 5308] close(4 [pid 5306] open("./file0", O_RDONLY [pid 5312] ioctl(4, LOOP_SET_FD, 3 [pid 5308] <... close resumed>) = 0 [pid 5308] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5308] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5306] <... open resumed>) = 4 [pid 5305] <... futex resumed>) = 0 [pid 5306] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5305] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5306] <... futex resumed>) = 1 [pid 5305] <... futex resumed>) = 0 [pid 5304] <... futex resumed>) = 0 [pid 5304] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5304] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5308] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5306] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5305] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5308] open("./file0", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5308] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5312] <... ioctl resumed>) = 0 [pid 5308] <... futex resumed>) = 1 [pid 5305] <... futex resumed>) = 0 [pid 5312] close(3) = 0 [pid 5305] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5312] mkdir("./bus", 0777) = 0 [pid 5308] ioctl(-1, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5305] <... futex resumed>) = 0 [pid 5308] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5308] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5308] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5305] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5312] mount("/dev/loop4", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5305] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5305] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5305] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5308] <... futex resumed>) = 0 [pid 5308] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3 [pid 5308] write(3, "15", 2) = 2 [pid 5308] creat("./bus", 000 [pid 5312] <... mount resumed>) = -1 EEXIST (File exists) [pid 5308] <... creat resumed>) = -1 EISDIR (Is a directory) [pid 5304] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5304] futex(0x7f41771546dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5308] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5304] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5308] <... futex resumed>) = 1 [ 86.560128][ T5312] loop4: detected capacity change from 0 to 32768 [ 86.598770][ T5312] BTRFS warning: duplicate device /dev/loop4 devid 1 generation 8 scanned by syz-executor340 (5312) [pid 5308] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5312] ioctl(4, LOOP_CLR_FD [pid 5306] <... ioctl resumed>) = 0 [pid 5305] <... futex resumed>) = 0 [pid 5304] <... mmap resumed>) = 0x7f4177043000 [pid 5305] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5306] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5305] <... futex resumed>) = 1 [pid 5306] <... futex resumed>) = 0 [pid 5305] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5306] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5308] <... futex resumed>) = 0 [pid 5304] mprotect(0x7f4177044000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5308] mkdir(".", 0777 [pid 5304] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5308] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5308] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5304] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5304] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177063990, parent_tid=0x7f4177063990, exit_signal=0, stack=0x7f4177043000, stack_size=0x20300, tls=0x7f41770636c0}./strace-static-x86_64: Process 5332 attached => {parent_tid=[5332]}, 88) = 5332 [pid 5332] rseq(0x7f4177063fe0, 0x20, 0, 0x53053053 [pid 5304] rt_sigprocmask(SIG_SETMASK, [], [pid 5332] <... rseq resumed>) = 0 [pid 5332] set_robust_list(0x7f41770639a0, 24) = 0 [pid 5332] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5332] futex(0x7f41771546d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5304] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 86.644646][ T5308] FAULT_INJECTION: forcing a failure. [ 86.644646][ T5308] name fail_usercopy, interval 1, probability 0, space 0, times 0 [pid 5304] futex(0x7f41771546d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5332] <... futex resumed>) = 0 [pid 5304] <... futex resumed>) = 1 [pid 5332] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5304] futex(0x7f41771546dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5332] <... openat resumed>) = 5 [ 86.733079][ T5308] CPU: 1 PID: 5308 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 86.743814][ T5308] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 86.754150][ T5308] Call Trace: [ 86.757445][ T5308] [ 86.760398][ T5308] dump_stack_lvl+0x1e7/0x2d0 [ 86.765109][ T5308] ? nf_tcp_handle_invalid+0x650/0x650 [ 86.770950][ T5308] ? panic+0x770/0x770 [ 86.775300][ T5308] should_fail_ex+0x3aa/0x4e0 [ 86.780016][ T5308] strncpy_from_user+0x36/0x2e0 [ 86.786398][ T5308] getname_flags+0xf9/0x4f0 [ 86.791110][ T5308] user_path_at_empty+0x2c/0x60 [ 86.796255][ T5308] __se_sys_mount+0x29a/0x3c0 [ 86.800979][ T5308] ? __x64_sys_mount+0xc0/0xc0 [ 86.805942][ T5308] ? syscall_enter_from_user_mode+0x32/0x230 [ 86.812192][ T5308] ? __x64_sys_mount+0x20/0xc0 [ 86.817123][ T5308] do_syscall_64+0x41/0xc0 [ 86.821649][ T5308] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 86.827558][ T5308] RIP: 0033:0x7f41770c949a [ 86.831966][ T5308] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 86.852723][ T5308] RSP: 002b:00007f4177084028 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 86.861145][ T5308] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f41770c949a [ 86.869112][ T5308] RDX: 0000000020000180 RSI: 0000000020000100 RDI: 0000000000000000 [pid 5332] write(5, "15", 2) = 2 [pid 5316] <... write resumed>) = 16777216 [pid 5304] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 86.877076][ T5308] RBP: 0000000020000180 R08: 00007f41770840c0 R09: 0000000000000000 [ 86.885039][ T5308] R10: 0000000001a404bc R11: 0000000000000286 R12: 0000000000000000 [ 86.893115][ T5308] R13: 0000000020000100 R14: 0000000000000000 R15: 00007f41770840c0 [ 86.901093][ T5308] [ 86.945424][ T2430] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [pid 5332] creat("./bus", 000 [pid 5316] munmap(0x7f416ec64000, 138412032 [pid 5315] <... write resumed>) = 16777216 [pid 5310] <... ioctl resumed>) = 0 [pid 5304] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5316] <... munmap resumed>) = 0 [pid 5315] munmap(0x7f416ec64000, 138412032 [pid 5310] close(4 [pid 5308] <... mount resumed>) = -1 EFAULT (Bad address) [pid 5310] <... close resumed>) = 0 [pid 5308] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5315] <... munmap resumed>) = 0 [pid 5310] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5308] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5310] <... futex resumed>) = 1 [pid 5310] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5309] <... futex resumed>) = 0 [pid 5309] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5310] <... futex resumed>) = 0 [pid 5309] <... futex resumed>) = 1 [pid 5310] open("./file0", O_RDONLY [pid 5309] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5310] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 5310] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5309] <... futex resumed>) = 0 [pid 5309] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5309] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5310] ioctl(-1, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = -1 EBADF (Bad file descriptor) [pid 5310] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5309] <... futex resumed>) = 0 [pid 5309] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5309] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5310] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3 [pid 5310] write(3, "15", 2) = 2 [pid 5310] creat("./bus", 000) = -1 EISDIR (Is a directory) [pid 5310] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5309] <... futex resumed>) = 0 [pid 5310] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5309] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5310] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5309] <... futex resumed>) = 0 [pid 5310] mkdir(".", 0777 [pid 5309] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5315] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5310] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5315] <... openat resumed>) = 4 [pid 5310] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5316] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5315] ioctl(4, LOOP_SET_FD, 3 [pid 5312] <... ioctl resumed>) = 0 [pid 5306] <... futex resumed>) = 0 [pid 5305] <... futex resumed>) = 0 [pid 5304] <... futex resumed>) = 1 [pid 5316] <... openat resumed>) = 4 [pid 5312] close(4 [pid 5306] mkdir(".", 0777 [pid 5305] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5304] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5316] ioctl(4, LOOP_SET_FD, 3 [pid 5308] <... futex resumed>) = 0 [pid 5306] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5305] <... futex resumed>) = 1 [pid 5308] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5305] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5306] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5308] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5308] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5305] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5308] <... futex resumed>) = 0 [pid 5305] exit_group(0) = ? [pid 5308] +++ exited with 0 +++ [ 86.998525][ T5310] FAULT_INJECTION: forcing a failure. [ 86.998525][ T5310] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 87.012696][ T5332] FAULT_INJECTION: forcing a failure. [ 87.012696][ T5332] name failslab, interval 1, probability 0, space 0, times 0 [ 87.015911][ T5315] loop2: detected capacity change from 0 to 32768 [ 87.037798][ T5310] CPU: 0 PID: 5310 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 87.048263][ T5310] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 87.058436][ T5310] Call Trace: [ 87.058822][ T5316] loop1: detected capacity change from 0 to 32768 [ 87.061797][ T5310] [ 87.071151][ T5310] dump_stack_lvl+0x1e7/0x2d0 [ 87.075851][ T5310] ? nf_tcp_handle_invalid+0x650/0x650 [ 87.081342][ T5310] ? panic+0x770/0x770 [ 87.085446][ T5310] should_fail_ex+0x3aa/0x4e0 [ 87.090134][ T5310] strncpy_from_user+0x36/0x2e0 [pid 5316] <... ioctl resumed>) = 0 [pid 5315] <... ioctl resumed>) = 0 [pid 5312] <... close resumed>) = 0 [pid 5305] +++ exited with 0 +++ [pid 5315] close(3) = 0 [pid 5315] mkdir("./bus", 0777) = 0 [pid 5315] mount("/dev/loop2", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5312] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 87.095262][ T5310] getname_flags+0xf9/0x4f0 [ 87.099936][ T5310] user_path_at_empty+0x2c/0x60 [ 87.104813][ T5310] __se_sys_mount+0x29a/0x3c0 [ 87.109501][ T5310] ? __x64_sys_mount+0xc0/0xc0 [ 87.114357][ T5310] ? syscall_enter_from_user_mode+0x32/0x230 [ 87.120434][ T5310] ? __x64_sys_mount+0x20/0xc0 [ 87.125298][ T5310] do_syscall_64+0x41/0xc0 [ 87.129751][ T5310] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 87.135689][ T5310] RIP: 0033:0x7f41770c949a [pid 5312] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5316] close(3) = 0 [pid 5316] mkdir("./bus", 0777) = 0 [ 87.140123][ T5310] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 87.159924][ T5310] RSP: 002b:00007f4177084028 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 87.168355][ T5310] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f41770c949a [ 87.176438][ T5310] RDX: 0000000020000180 RSI: 0000000020000100 RDI: 0000000000000000 [ 87.184432][ T5310] RBP: 0000000020000180 R08: 00007f41770840c0 R09: 0000000000000000 [ 87.192509][ T5310] R10: 0000000001a404bc R11: 0000000000000286 R12: 0000000000000000 [ 87.200498][ T5310] R13: 0000000020000100 R14: 0000000000000000 R15: 00007f41770840c0 [ 87.208498][ T5310] [ 87.211693][ T5332] CPU: 1 PID: 5332 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 87.222141][ T5332] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 87.232201][ T5332] Call Trace: [ 87.235563][ T5332] [ 87.238489][ T5332] dump_stack_lvl+0x1e7/0x2d0 [ 87.243260][ T5332] ? nf_tcp_handle_invalid+0x650/0x650 [ 87.248716][ T5332] ? panic+0x770/0x770 [ 87.252865][ T5332] ? __might_sleep+0xc0/0xc0 [ 87.257464][ T5332] should_fail_ex+0x3aa/0x4e0 [ 87.262172][ T5332] should_failslab+0x9/0x20 [ 87.266758][ T5332] slab_pre_alloc_hook+0x59/0x310 [ 87.271819][ T5332] kmem_cache_alloc+0x52/0x300 [ 87.276663][ T5332] ? alloc_extent_state+0x25/0x2e0 [ 87.281793][ T5332] alloc_extent_state+0x25/0x2e0 [ 87.286814][ T5332] __set_extent_bit+0x1c8/0x1b00 [ 87.291753][ T5332] ? __down_write_common+0x161/0x200 [ 87.297034][ T5332] ? PageUptodate+0xd7/0x290 [ 87.301618][ T5332] ? __write_extent_buffer+0x20f/0x410 [ 87.307139][ T5332] ? __asan_memcpy+0x40/0x70 [ 87.311937][ T5332] set_extent_bit+0x3b/0x50 [ 87.316471][ T5332] btrfs_alloc_tree_block+0xaf5/0x1800 [ 87.322047][ T5332] ? alloc_reserved_file_extent+0x5e0/0x5e0 [ 87.327965][ T5332] ? mark_lock+0x9a/0x340 [ 87.332292][ T5332] ? read_extent_buffer+0x11f/0x2a0 [ 87.337487][ T5332] ? __asan_memcpy+0x40/0x70 [ 87.342076][ T5332] __btrfs_cow_block+0x465/0x1a90 [ 87.347134][ T5332] ? btrfs_cow_block+0xa10/0xa10 [ 87.352154][ T5332] ? btrfs_qgroup_add_swapped_blocks+0x750/0x7f0 [ 87.358492][ T5332] ? rcu_is_watching+0x15/0xb0 [ 87.363256][ T5332] btrfs_cow_block+0x35e/0xa10 [ 87.368055][ T5332] btrfs_search_slot+0xbf9/0x2f80 [ 87.373168][ T5332] ? btrfs_find_item+0x5c0/0x5c0 [ 87.378118][ T5332] ? btrfs_create_new_inode+0xd73/0x2710 [ 87.383763][ T5332] ? __lock_acquire+0x7f70/0x7f70 [ 87.388789][ T5332] ? do_raw_spin_lock+0x14d/0x3a0 [ 87.393827][ T5332] ? do_raw_spin_unlock+0x13b/0x8b0 [ 87.399112][ T5332] btrfs_insert_empty_items+0x9c/0x180 [ 87.404607][ T5332] btrfs_create_new_inode+0x10b3/0x2710 [ 87.410605][ T5332] ? btrfs_new_inode_args_destroy+0x160/0x160 [ 87.416873][ T5332] btrfs_create_common+0x1f9/0x300 [ 87.422015][ T5332] ? btrfs_tmpfile+0x4e0/0x4e0 [ 87.427058][ T5332] ? do_raw_spin_unlock+0x13b/0x8b0 [ 87.432361][ T5332] ? btrfs_create+0x75/0x140 [ 87.436966][ T5332] ? btrfs_lookup+0x40/0x40 [ 87.441817][ T5332] path_openat+0x13e7/0x3180 [ 87.446523][ T5332] ? do_filp_open+0x490/0x490 [ 87.451208][ T5332] do_filp_open+0x234/0x490 [ 87.455974][ T5332] ? vfs_tmpfile+0x4b0/0x4b0 [ 87.461828][ T5332] ? _raw_spin_unlock+0x28/0x40 [ 87.466916][ T5332] ? alloc_fd+0x59c/0x640 [ 87.471708][ T5332] do_sys_openat2+0x13e/0x1d0 [ 87.476485][ T5332] ? do_sys_open+0x230/0x230 [ 87.481162][ T5332] ? _raw_spin_unlock_irq+0x2e/0x50 [ 87.486380][ T5332] ? ptrace_notify+0x278/0x380 [ 87.491277][ T5332] __x64_sys_creat+0x123/0x160 [ 87.496684][ T5332] ? __x64_compat_sys_openat+0x290/0x290 [ 87.502425][ T5332] ? syscall_enter_from_user_mode+0x32/0x230 [ 87.509033][ T5332] ? syscall_enter_from_user_mode+0x8c/0x230 [ 87.515571][ T5332] do_syscall_64+0x41/0xc0 [ 87.520041][ T5332] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 87.526139][ T5332] RIP: 0033:0x7f41770c8049 [ 87.530771][ T5332] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 87.550401][ T5332] RSP: 002b:00007f4177063208 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 87.558818][ T5332] RAX: ffffffffffffffda RBX: 00007f41771546d8 RCX: 00007f41770c8049 [ 87.566870][ T5332] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000040 [ 87.574841][ T5332] RBP: 00007f41771546d0 R08: 00007f4177062fa6 R09: 0000000000003531 [ 87.582980][ T5332] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f41771211d0 [ 87.591031][ T5332] R13: 00007f4177063210 R14: 0000000000000002 R15: 00007f417711c070 [pid 5316] mount("/dev/loop1", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5311] <... futex resumed>) = 0 [pid 5310] <... mount resumed>) = -1 EFAULT (Bad address) [pid 5311] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5310] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5025] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5305, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=33 /* 0.33 s */} --- [pid 5311] <... futex resumed>) = 1 [pid 5310] <... futex resumed>) = 1 [pid 5309] <... futex resumed>) = 0 [pid 5311] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5310] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5309] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5310] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5309] <... futex resumed>) = 0 [pid 5025] umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5310] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5309] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5025] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5310] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5025] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5310] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5025] <... openat resumed>) = 3 [pid 5310] <... futex resumed>) = 1 [pid 5309] <... futex resumed>) = 0 [pid 5025] newfstatat(3, "", [pid 5310] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5309] exit_group(0 [pid 5025] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5310] <... futex resumed>) = ? [pid 5309] <... exit_group resumed>) = ? [pid 5025] getdents64(3, [pid 5315] <... mount resumed>) = -1 EEXIST (File exists) [pid 5312] <... futex resumed>) = 0 [pid 5310] +++ exited with 0 +++ [pid 5309] +++ exited with 0 +++ [pid 5025] <... getdents64 resumed>0x555555981730 /* 4 entries */, 32768) = 104 [pid 5025] umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5025] newfstatat(AT_FDCWD, "./8/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5025] umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5025] openat(AT_FDCWD, "./8/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5025] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5025] getdents64(4, 0x555555989770 /* 2 entries */, 32768) = 48 [pid 5025] getdents64(4, 0x555555989770 /* 0 entries */, 32768) = 0 [pid 5315] ioctl(4, LOOP_CLR_FD [pid 5312] open("./file0", O_RDONLY [pid 5030] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5309, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=35 /* 0.35 s */} --- [pid 5025] close(4) = 0 [pid 5025] rmdir("./8/bus") = 0 [pid 5025] umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5025] newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5025] unlink("./8/binderfs") = 0 [pid 5025] getdents64(3, 0x555555981730 /* 0 entries */, 32768) = 0 [pid 5025] close(3) = 0 [pid 5025] rmdir("./8") = 0 [pid 5025] mkdir("./9", 0777) = 0 [pid 5025] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5025] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5025] close(3 [pid 5316] <... mount resumed>) = -1 EEXIST (File exists) [pid 5312] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 5316] ioctl(4, LOOP_CLR_FD [pid 5312] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5311] <... futex resumed>) = 0 [pid 5030] umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5312] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5311] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5030] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5312] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5311] <... futex resumed>) = 0 [pid 5332] <... creat resumed>) = 6 [pid 5030] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5332] futex(0x7f41771546dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5312] ioctl(-1, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5311] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5030] <... openat resumed>) = 3 [pid 5332] <... futex resumed>) = 0 [pid 5312] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5030] newfstatat(3, "", [pid 5312] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5030] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5312] <... futex resumed>) = 1 [pid 5311] <... futex resumed>) = 0 [pid 5030] getdents64(3, [pid 5311] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5030] <... getdents64 resumed>0x555555981730 /* 4 entries */, 32768) = 104 [pid 5312] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5311] <... futex resumed>) = 0 [pid 5030] umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5311] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5030] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5025] <... close resumed>) = 0 [pid 5025] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5334 attached , child_tidptr=0x555555980690) = 5334 [pid 5334] set_robust_list(0x5555559806a0, 24) = 0 [ 87.599200][ T5332] [ 87.610643][ T5315] BTRFS warning: duplicate device /dev/loop2 devid 1 generation 8 scanned by syz-executor340 (5315) [ 87.629196][ T5316] BTRFS warning: duplicate device /dev/loop1 devid 1 generation 8 scanned by syz-executor340 (5316) [pid 5334] chdir("./9") = 0 [pid 5332] futex(0x7f41771546d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5312] <... openat resumed>) = 3 [pid 5311] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5030] newfstatat(AT_FDCWD, "./7/bus", [pid 5334] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5311] futex(0x7f41771546dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5306] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5334] <... prctl resumed>) = 0 [pid 5312] write(3, "15", 2 [pid 5311] <... futex resumed>) = 0 [pid 5030] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5312] <... write resumed>) = 2 [pid 5311] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5030] umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5334] setpgid(0, 0 [pid 5312] creat("./bus", 000 [pid 5311] <... mmap resumed>) = 0x7f4177043000 [pid 5306] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5030] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5334] <... setpgid resumed>) = 0 [pid 5311] mprotect(0x7f4177044000, 131072, PROT_READ|PROT_WRITE [pid 5030] openat(AT_FDCWD, "./7/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5312] <... creat resumed>) = -1 EISDIR (Is a directory) [pid 5311] <... mprotect resumed>) = 0 [pid 5312] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5311] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5030] <... openat resumed>) = 4 [pid 5312] <... futex resumed>) = 0 [pid 5311] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5306] <... futex resumed>) = 1 [pid 5304] <... futex resumed>) = 0 [pid 5030] newfstatat(4, "", [pid 5312] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5311] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177063990, parent_tid=0x7f4177063990, exit_signal=0, stack=0x7f4177043000, stack_size=0x20300, tls=0x7f41770636c0} [pid 5306] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5304] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5306] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5304] <... futex resumed>) = 0 [pid 5030] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 ./strace-static-x86_64: Process 5335 attached [pid 5334] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5311] <... clone3 resumed> => {parent_tid=[5335]}, 88) = 5335 [pid 5306] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5304] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5030] getdents64(4, [pid 5335] rseq(0x7f4177063fe0, 0x20, 0, 0x53053053 [pid 5334] <... openat resumed>) = 3 [pid 5311] rt_sigprocmask(SIG_SETMASK, [], [pid 5306] <... futex resumed>) = 0 [pid 5304] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5030] <... getdents64 resumed>0x555555989770 /* 2 entries */, 32768) = 48 [pid 5335] <... rseq resumed>) = 0 [pid 5334] write(3, "1000", 4 [pid 5311] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5306] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5304] exit_group(0 [pid 5030] getdents64(4, [pid 5335] set_robust_list(0x7f41770639a0, 24 [pid 5334] <... write resumed>) = 4 [pid 5311] futex(0x7f41771546d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5335] <... set_robust_list resumed>) = 0 [pid 5334] close(3 [pid 5311] <... futex resumed>) = 0 [pid 5030] <... getdents64 resumed>0x555555989770 /* 0 entries */, 32768) = 0 [pid 5304] <... exit_group resumed>) = ? [pid 5335] rt_sigprocmask(SIG_SETMASK, [], [pid 5334] <... close resumed>) = 0 [pid 5311] futex(0x7f41771546dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5030] close(4 [pid 5335] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5334] symlink("/dev/binderfs", "./binderfs" [pid 5030] <... close resumed>) = 0 [pid 5335] mkdir(".", 0777 [pid 5334] <... symlink resumed>) = 0 [pid 5030] rmdir("./7/bus" [pid 5335] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5334] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5332] <... futex resumed>) = ? [pid 5334] <... futex resumed>) = 0 [pid 5332] +++ exited with 0 +++ [pid 5335] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5334] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, [pid 5030] <... rmdir resumed>) = 0 [pid 5335] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5334] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5030] umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5335] futex(0x7f41771546dc, FUTEX_WAKE_PRIVATE, 1000000 [ 87.686693][ T5306] BTRFS error (device loop3: state M): unrecognized mount option '18446744073709551615017777777777777777777770177777777777777777777718446744073709551615lbZ~Ƣ8žH~אa*Oѓ< 5^Sus%e [ 87.686693][ T5306] /ĖEaofmߚtҮ~г#a C$n-SGWmxeGy|sL=~ä_;N' [pid 5334] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5030] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5335] <... futex resumed>) = 1 [pid 5334] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5311] <... futex resumed>) = 0 [pid 5306] <... futex resumed>) = ? [pid 5030] newfstatat(AT_FDCWD, "./7/binderfs", [pid 5335] futex(0x7f41771546d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5334] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5311] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5306] +++ exited with 0 +++ [pid 5304] +++ exited with 0 +++ [pid 5030] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5334] <... mmap resumed>) = 0x7f4177064000 [pid 5312] <... futex resumed>) = 0 [pid 5311] <... futex resumed>) = 1 [pid 5030] unlink("./7/binderfs" [pid 5334] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE [pid 5312] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5311] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5030] <... unlink resumed>) = 0 [pid 5334] <... mprotect resumed>) = 0 [pid 5312] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5030] getdents64(3, [pid 5028] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5304, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=46 /* 0.46 s */} --- [pid 5334] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5312] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5030] <... getdents64 resumed>0x555555981730 /* 0 entries */, 32768) = 0 [pid 5028] umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5312] <... futex resumed>) = 1 [pid 5311] <... futex resumed>) = 0 [pid 5030] close(3 [pid 5028] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5334] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5312] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5311] exit_group(0 [pid 5030] <... close resumed>) = 0 [pid 5028] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5334] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0} [pid 5030] rmdir("./7" [pid 5028] <... openat resumed>) = 3 [pid 5028] newfstatat(3, "", [pid 5334] <... clone3 resumed> => {parent_tid=[5336]}, 88) = 5336 [pid 5030] <... rmdir resumed>) = 0 [pid 5028] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5334] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5336 attached NULL, 8) = 0 [pid 5030] mkdir("./8", 0777 [pid 5028] getdents64(3, [pid 5336] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053 [pid 5334] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5311] <... exit_group resumed>) = ? [pid 5335] <... futex resumed>) = ? [pid 5030] <... mkdir resumed>) = 0 [pid 5312] <... futex resumed>) = ? [pid 5028] <... getdents64 resumed>0x555555981730 /* 4 entries */, 32768) = 104 [pid 5334] <... futex resumed>) = 0 [pid 5312] +++ exited with 0 +++ [pid 5335] +++ exited with 0 +++ [pid 5030] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5028] umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5336] <... rseq resumed>) = 0 [pid 5334] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5336] set_robust_list(0x7f41770849a0, 24 [pid 5030] <... openat resumed>) = 3 [pid 5336] <... set_robust_list resumed>) = 0 [pid 5336] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5336] memfd_create("syzkaller", 0) = 3 [pid 5336] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5311] +++ exited with 0 +++ [pid 5030] ioctl(3, LOOP_CLR_FD [pid 5336] <... mmap resumed>) = 0x7f416ec64000 [pid 5030] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5029] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5311, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=34 /* 0.34 s */} --- [pid 5029] restart_syscall(<... resuming interrupted clone ...> [pid 5030] close(3 [pid 5029] <... restart_syscall resumed>) = 0 [pid 5030] <... close resumed>) = 0 [pid 5030] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5029] umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5029] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 5337 attached [pid 5030] <... clone resumed>, child_tidptr=0x555555980690) = 5337 [pid 5029] <... openat resumed>) = 3 [pid 5337] set_robust_list(0x5555559806a0, 24 [pid 5029] newfstatat(3, "", [pid 5337] <... set_robust_list resumed>) = 0 [pid 5029] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5337] chdir("./8" [pid 5029] getdents64(3, [pid 5337] <... chdir resumed>) = 0 [pid 5029] <... getdents64 resumed>0x555555981730 /* 4 entries */, 32768) = 104 [pid 5337] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5029] umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5337] <... prctl resumed>) = 0 [pid 5029] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5337] setpgid(0, 0 [pid 5029] newfstatat(AT_FDCWD, "./9/bus", [pid 5337] <... setpgid resumed>) = 0 [pid 5029] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5337] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5029] umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5029] openat(AT_FDCWD, "./9/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5029] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5337] <... openat resumed>) = 3 [pid 5029] getdents64(4, [pid 5337] write(3, "1000", 4 [pid 5029] <... getdents64 resumed>0x555555989770 /* 2 entries */, 32768) = 48 [pid 5029] getdents64(4, 0x555555989770 /* 0 entries */, 32768) = 0 [pid 5029] close(4) = 0 [pid 5029] rmdir("./9/bus") = 0 [pid 5029] umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5029] newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5029] unlink("./9/binderfs") = 0 [pid 5337] <... write resumed>) = 4 [pid 5029] getdents64(3, 0x555555981730 /* 0 entries */, 32768) = 0 [pid 5029] close(3) = 0 [pid 5029] rmdir("./9") = 0 [pid 5029] mkdir("./10", 0777) = 0 [pid 5029] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5029] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5029] close(3 [pid 5337] close(3 [pid 5029] <... close resumed>) = 0 [pid 5029] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5338 attached [pid 5338] set_robust_list(0x5555559806a0, 24 [pid 5337] <... close resumed>) = 0 [pid 5029] <... clone resumed>, child_tidptr=0x555555980690) = 5338 [pid 5338] <... set_robust_list resumed>) = 0 [pid 5337] symlink("/dev/binderfs", "./binderfs" [pid 5338] chdir("./10" [pid 5337] <... symlink resumed>) = 0 [pid 5338] <... chdir resumed>) = 0 [pid 5337] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5338] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5337] <... futex resumed>) = 0 [pid 5338] <... prctl resumed>) = 0 [pid 5337] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, NULL, 8) = 0 [pid 5337] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5337] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4177064000 [pid 5337] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5338] setpgid(0, 0 [pid 5337] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5338] <... setpgid resumed>) = 0 [pid 5337] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0} [pid 5338] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5337] <... clone3 resumed> => {parent_tid=[5339]}, 88) = 5339 [pid 5338] <... openat resumed>) = 3 [pid 5337] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5337] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5337] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5338] write(3, "1000", 4) = 4 ./strace-static-x86_64: Process 5339 attached [pid 5339] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053) = 0 [pid 5339] set_robust_list(0x7f41770849a0, 24) = 0 [pid 5339] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5339] memfd_create("syzkaller", 0) = 3 [pid 5339] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5338] close(3 [pid 5339] <... mmap resumed>) = 0x7f416ec64000 [pid 5338] <... close resumed>) = 0 [pid 5338] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5338] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5338] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, NULL, 8) = 0 [pid 5338] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5338] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4177064000 [pid 5338] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE [pid 5315] <... ioctl resumed>) = 0 [pid 5315] close(4) = 0 [pid 5338] <... mprotect resumed>) = 0 [pid 5338] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5315] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5313] <... futex resumed>) = 0 [pid 5313] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5313] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5315] <... futex resumed>) = 1 [pid 5315] open("./file0", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5338] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5315] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5313] <... futex resumed>) = 0 [pid 5338] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0} [pid 5313] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5315] ioctl(-1, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = -1 EBADF (Bad file descriptor) [pid 5315] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5315] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5340 attached [pid 5338] <... clone3 resumed> => {parent_tid=[5340]}, 88) = 5340 [pid 5313] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5340] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053 [pid 5313] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5340] <... rseq resumed>) = 0 [pid 5313] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5340] set_robust_list(0x7f41770849a0, 24 [pid 5315] <... futex resumed>) = 0 [pid 5313] <... futex resumed>) = 1 [pid 5315] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5313] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5340] <... set_robust_list resumed>) = 0 [pid 5315] <... openat resumed>) = 3 [pid 5340] rt_sigprocmask(SIG_SETMASK, [], [pid 5315] write(3, "15", 2 [pid 5340] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5315] <... write resumed>) = 2 [pid 5340] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5315] creat("./bus", 000) = -1 EISDIR (Is a directory) [pid 5315] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5313] <... futex resumed>) = 0 [pid 5315] mkdir(".", 0777 [pid 5313] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5315] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5313] <... futex resumed>) = 0 [pid 5315] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5313] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5338] rt_sigprocmask(SIG_SETMASK, [], [pid 5316] <... ioctl resumed>) = 0 [pid 5338] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5316] close(4 [pid 5338] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5316] <... close resumed>) = 0 [pid 5340] <... futex resumed>) = 0 [pid 5338] <... futex resumed>) = 1 [pid 5316] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5340] memfd_create("syzkaller", 0 [pid 5338] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5316] <... futex resumed>) = 1 [pid 5314] <... futex resumed>) = 0 [pid 5316] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5340] <... memfd_create resumed>) = 3 [pid 5314] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5340] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5314] <... futex resumed>) = 1 [pid 5340] <... mmap resumed>) = 0x7f416ec64000 [pid 5314] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5316] <... futex resumed>) = 0 [pid 5316] open("./file0", O_RDONLY) = -1 ENOENT (No such file or directory) [ 87.999216][ T5315] FAULT_INJECTION: forcing a failure. [ 87.999216][ T5315] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 88.045788][ T5315] CPU: 1 PID: 5315 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 88.056537][ T5315] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 88.066612][ T5315] Call Trace: [ 88.069938][ T5315] [ 88.072895][ T5315] dump_stack_lvl+0x1e7/0x2d0 [ 88.077605][ T5315] ? nf_tcp_handle_invalid+0x650/0x650 [ 88.083178][ T5315] ? panic+0x770/0x770 [ 88.087282][ T5315] should_fail_ex+0x3aa/0x4e0 [ 88.092075][ T5315] strncpy_from_user+0x36/0x2e0 [ 88.096943][ T5315] getname_flags+0xf9/0x4f0 [ 88.101463][ T5315] user_path_at_empty+0x2c/0x60 [ 88.106336][ T5315] __se_sys_mount+0x29a/0x3c0 [ 88.111033][ T5315] ? __x64_sys_mount+0xc0/0xc0 [ 88.115802][ T5315] ? syscall_enter_from_user_mode+0x32/0x230 [ 88.121786][ T5315] ? __x64_sys_mount+0x20/0xc0 [ 88.126544][ T5315] do_syscall_64+0x41/0xc0 [ 88.130962][ T5315] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 88.137050][ T5315] RIP: 0033:0x7f41770c949a [ 88.141459][ T5315] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 88.161417][ T5315] RSP: 002b:00007f4177084028 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 88.169847][ T5315] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f41770c949a [ 88.177909][ T5315] RDX: 0000000020000180 RSI: 0000000020000100 RDI: 0000000000000000 [ 88.185897][ T5315] RBP: 0000000020000180 R08: 00007f41770840c0 R09: 0000000000000000 [ 88.194068][ T5315] R10: 0000000001a404bc R11: 0000000000000286 R12: 0000000000000000 [ 88.202157][ T5315] R13: 0000000020000100 R14: 0000000000000000 R15: 00007f41770840c0 [ 88.210491][ T5315] [pid 5316] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5336] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5314] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5314] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5316] <... futex resumed>) = 0 [pid 5316] ioctl(-1, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5314] <... futex resumed>) = 0 [pid 5314] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5316] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5316] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5314] <... futex resumed>) = 0 [pid 5314] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5316] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5314] <... futex resumed>) = 0 [pid 5316] <... openat resumed>) = 3 [pid 5314] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5316] write(3, "15", 2) = 2 [pid 5316] creat("./bus", 000) = -1 EISDIR (Is a directory) [pid 5316] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5314] <... futex resumed>) = 0 [pid 5316] mkdir(".", 0777 [pid 5314] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5316] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5314] <... futex resumed>) = 0 [pid 5314] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5316] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5315] <... mount resumed>) = -1 EFAULT (Bad address) [pid 5315] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5313] <... futex resumed>) = 0 [pid 5313] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5313] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5315] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0) = -1 EBADF (Bad file descriptor) [pid 5315] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5313] <... futex resumed>) = 0 [pid 5313] exit_group(0) = ? [pid 5315] +++ exited with 0 +++ [pid 5313] +++ exited with 0 +++ [pid 5340] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 88.296311][ T5316] FAULT_INJECTION: forcing a failure. [ 88.296311][ T5316] name failslab, interval 1, probability 0, space 0, times 0 [pid 5339] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5027] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5313, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=44 /* 0.44 s */} --- [pid 5027] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5027] umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5027] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5027] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5027] getdents64(3, 0x555555981730 /* 4 entries */, 32768) = 104 [pid 5027] umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5027] newfstatat(AT_FDCWD, "./8/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5027] umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5027] openat(AT_FDCWD, "./8/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5027] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5027] getdents64(4, 0x555555989770 /* 2 entries */, 32768) = 48 [pid 5027] getdents64(4, 0x555555989770 /* 0 entries */, 32768) = 0 [pid 5027] close(4) = 0 [pid 5027] rmdir("./8/bus") = 0 [pid 5027] umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5027] newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5027] unlink("./8/binderfs") = 0 [pid 5027] getdents64(3, 0x555555981730 /* 0 entries */, 32768) = 0 [pid 5027] close(3) = 0 [pid 5027] rmdir("./8") = 0 [pid 5027] mkdir("./9", 0777) = 0 [pid 5027] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5027] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5027] close(3) = 0 [pid 5027] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555980690) = 5341 [ 88.355244][ T5316] CPU: 0 PID: 5316 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 88.366669][ T5316] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 88.376846][ T5316] Call Trace: [ 88.380175][ T5316] [ 88.383139][ T5316] dump_stack_lvl+0x1e7/0x2d0 [ 88.387857][ T5316] ? nf_tcp_handle_invalid+0x650/0x650 [ 88.393414][ T5316] ? panic+0x770/0x770 [ 88.397618][ T5316] should_fail_ex+0x3aa/0x4e0 [ 88.402453][ T5316] should_failslab+0x9/0x20 [ 88.407014][ T5316] slab_pre_alloc_hook+0x59/0x310 [ 88.412152][ T5316] ? tomoyo_encode+0x26f/0x530 [ 88.416915][ T5316] __kmem_cache_alloc_node+0x4b/0x270 [ 88.422367][ T5316] ? arch_stack_walk+0x162/0x1a0 [ 88.427411][ T5316] ? tomoyo_encode+0x26f/0x530 [ 88.432190][ T5316] __kmalloc+0xa8/0x230 [ 88.436618][ T5316] tomoyo_encode+0x26f/0x530 [ 88.441280][ T5316] tomoyo_mount_permission+0x356/0xb80 [ 88.446787][ T5316] ? __stack_depot_save+0x20/0x650 [ 88.452110][ T5316] ? tomoyo_mount_permission+0x295/0xb80 [ 88.457951][ T5316] ? tomoyo_get_name+0x510/0x510 [ 88.463402][ T5316] security_sb_mount+0x8c/0xc0 [ 88.468201][ T5316] path_mount+0xb9/0xfa0 [ 88.472476][ T5316] ? kmem_cache_free+0x292/0x500 [ 88.477522][ T5316] ? user_path_at_empty+0x4c/0x60 [ 88.482815][ T5316] __se_sys_mount+0x2d9/0x3c0 [ 88.487503][ T5316] ? __x64_sys_mount+0xc0/0xc0 [ 88.492347][ T5316] ? syscall_enter_from_user_mode+0x32/0x230 [ 88.498766][ T5316] ? __x64_sys_mount+0x20/0xc0 [ 88.503531][ T5316] do_syscall_64+0x41/0xc0 [ 88.507942][ T5316] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 88.513850][ T5316] RIP: 0033:0x7f41770c949a [ 88.518267][ T5316] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 88.538067][ T5316] RSP: 002b:00007f4177084028 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 88.547023][ T5316] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f41770c949a ./strace-static-x86_64: Process 5341 attached [pid 5341] set_robust_list(0x5555559806a0, 24 [pid 5028] <... umount2 resumed>) = 0 [pid 5341] <... set_robust_list resumed>) = 0 [pid 5341] chdir("./9") = 0 [pid 5341] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5341] setpgid(0, 0) = 0 [pid 5341] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5341] write(3, "1000", 4) = 4 [pid 5341] close(3) = 0 [pid 5341] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5341] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5341] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, NULL, 8) = 0 [pid 5341] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5341] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4177064000 [pid 5341] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5341] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5341] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0} => {parent_tid=[5342]}, 88) = 5342 [pid 5341] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5341] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5341] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5342 attached [pid 5342] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053) = 0 [pid 5342] set_robust_list(0x7f41770849a0, 24) = 0 [pid 5342] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5342] memfd_create("syzkaller", 0) = 3 [ 88.555187][ T5316] RDX: 0000000020000180 RSI: 0000000020000100 RDI: 0000000000000000 [ 88.563162][ T5316] RBP: 0000000020000180 R08: 00007f41770840c0 R09: 0000000000000000 [ 88.571412][ T5316] R10: 0000000001a404bc R11: 0000000000000286 R12: 0000000000000000 [ 88.579578][ T5316] R13: 0000000020000100 R14: 0000000000000000 R15: 00007f41770840c0 [ 88.587651][ T5316] [pid 5342] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f416ec64000 [pid 5316] <... mount resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 5316] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5314] <... futex resumed>) = 0 [pid 5314] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5314] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5316] <... futex resumed>) = 1 [pid 5316] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0) = -1 EBADF (Bad file descriptor) [pid 5316] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5314] <... futex resumed>) = 0 [pid 5316] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5314] exit_group(0 [pid 5316] <... futex resumed>) = ? [pid 5314] <... exit_group resumed>) = ? [pid 5316] +++ exited with 0 +++ [pid 5314] +++ exited with 0 +++ [pid 5028] umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5026] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5314, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=44 /* 0.44 s */} --- [pid 5028] newfstatat(AT_FDCWD, "./8/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5028] umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5028] openat(AT_FDCWD, "./8/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5026] umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5028] <... openat resumed>) = 4 [pid 5026] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5026] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5028] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5026] <... openat resumed>) = 3 [pid 5028] getdents64(4, [pid 5026] newfstatat(3, "", [pid 5028] <... getdents64 resumed>0x555555989770 /* 2 entries */, 32768) = 48 [pid 5028] getdents64(4, [pid 5026] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5028] <... getdents64 resumed>0x555555989770 /* 0 entries */, 32768) = 0 [pid 5026] getdents64(3, [pid 5028] close(4 [pid 5026] <... getdents64 resumed>0x555555981730 /* 4 entries */, 32768) = 104 [pid 5028] <... close resumed>) = 0 [pid 5026] umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5028] rmdir("./8/bus") = 0 [pid 5026] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5028] umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5026] newfstatat(AT_FDCWD, "./9/bus", [pid 5028] newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5026] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5028] unlink("./8/binderfs") = 0 [pid 5026] umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5028] getdents64(3, [pid 5026] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5028] <... getdents64 resumed>0x555555981730 /* 0 entries */, 32768) = 0 [pid 5026] openat(AT_FDCWD, "./9/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5026] newfstatat(4, "", [pid 5028] close(3) = 0 [pid 5028] rmdir("./8" [pid 5026] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5026] getdents64(4, [pid 5028] <... rmdir resumed>) = 0 [pid 5028] mkdir("./9", 0777 [pid 5026] <... getdents64 resumed>0x555555989770 /* 2 entries */, 32768) = 48 [pid 5026] getdents64(4, [pid 5028] <... mkdir resumed>) = 0 [pid 5026] <... getdents64 resumed>0x555555989770 /* 0 entries */, 32768) = 0 [pid 5026] close(4) = 0 [pid 5028] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5026] rmdir("./9/bus" [pid 5028] <... openat resumed>) = 3 [pid 5026] <... rmdir resumed>) = 0 [pid 5028] ioctl(3, LOOP_CLR_FD [pid 5026] umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5028] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5026] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5028] close(3 [pid 5026] newfstatat(AT_FDCWD, "./9/binderfs", [pid 5028] <... close resumed>) = 0 [pid 5026] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5026] unlink("./9/binderfs") = 0 [pid 5026] getdents64(3, 0x555555981730 /* 0 entries */, 32768) = 0 [pid 5026] close(3) = 0 [pid 5026] rmdir("./9") = 0 [pid 5026] mkdir("./10", 0777) = 0 [pid 5028] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5026] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 ./strace-static-x86_64: Process 5343 attached [pid 5026] ioctl(3, LOOP_CLR_FD [pid 5343] set_robust_list(0x5555559806a0, 24 [pid 5028] <... clone resumed>, child_tidptr=0x555555980690) = 5343 [pid 5026] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5026] close(3 [pid 5343] <... set_robust_list resumed>) = 0 [pid 5026] <... close resumed>) = 0 [pid 5343] chdir("./9" [pid 5026] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5344 attached [pid 5343] <... chdir resumed>) = 0 [pid 5343] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5344] set_robust_list(0x5555559806a0, 24 [pid 5343] setpgid(0, 0 [pid 5026] <... clone resumed>, child_tidptr=0x555555980690) = 5344 [pid 5343] <... setpgid resumed>) = 0 [pid 5344] <... set_robust_list resumed>) = 0 [pid 5343] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5344] chdir("./10") = 0 [pid 5344] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5344] setpgid(0, 0) = 0 [pid 5343] <... openat resumed>) = 3 [pid 5344] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5343] write(3, "1000", 4 [pid 5344] <... openat resumed>) = 3 [pid 5343] <... write resumed>) = 4 [pid 5344] write(3, "1000", 4 [pid 5343] close(3 [pid 5344] <... write resumed>) = 4 [pid 5343] <... close resumed>) = 0 [pid 5344] close(3 [pid 5343] symlink("/dev/binderfs", "./binderfs" [pid 5344] <... close resumed>) = 0 [pid 5344] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5344] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5343] <... symlink resumed>) = 0 [pid 5343] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5343] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, NULL, 8) = 0 [pid 5343] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5343] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4177064000 [pid 5343] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5344] <... futex resumed>) = 0 [pid 5344] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, NULL, 8) = 0 [pid 5344] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5343] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5344] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5343] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5343] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0} [pid 5344] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5343] <... clone3 resumed> => {parent_tid=[5345]}, 88) = 5345 [pid 5343] rt_sigprocmask(SIG_SETMASK, [], [pid 5344] <... mmap resumed>) = 0x7f4177064000 [pid 5343] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5344] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 5345 attached ) = 0 [pid 5343] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5345] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053 [pid 5344] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5345] <... rseq resumed>) = 0 [pid 5345] set_robust_list(0x7f41770849a0, 24 [pid 5344] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5344] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0} [pid 5343] <... futex resumed>) = 0 [pid 5345] <... set_robust_list resumed>) = 0 [pid 5343] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5346 attached [pid 5345] rt_sigprocmask(SIG_SETMASK, [], [pid 5344] <... clone3 resumed> => {parent_tid=[5346]}, 88) = 5346 [pid 5345] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5344] rt_sigprocmask(SIG_SETMASK, [], [pid 5345] memfd_create("syzkaller", 0 [pid 5344] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5344] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5345] <... memfd_create resumed>) = 3 [pid 5344] <... futex resumed>) = 0 [pid 5345] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5344] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5346] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053 [pid 5345] <... mmap resumed>) = 0x7f416ec64000 [pid 5346] <... rseq resumed>) = 0 [pid 5346] set_robust_list(0x7f41770849a0, 24) = 0 [pid 5346] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5346] memfd_create("syzkaller", 0) = 3 [pid 5346] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f416ec64000 [pid 5336] <... write resumed>) = 16777216 [pid 5336] munmap(0x7f416ec64000, 138412032 [pid 5342] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5336] <... munmap resumed>) = 0 [pid 5336] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5336] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5336] close(3) = 0 [pid 5336] mkdir("./bus", 0777 [pid 5339] <... write resumed>) = 16777216 [pid 5336] <... mkdir resumed>) = 0 [pid 5339] munmap(0x7f416ec64000, 138412032 [ 89.016288][ T5336] loop0: detected capacity change from 0 to 32768 [pid 5336] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5339] <... munmap resumed>) = 0 [pid 5339] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [ 89.089034][ T5336] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor340 (5336) [pid 5339] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5340] <... write resumed>) = 16777216 [ 89.132566][ T5339] loop5: detected capacity change from 0 to 32768 [ 89.144992][ T5336] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 89.171833][ T5336] BTRFS info (device loop0): doing ref verification [pid 5339] close(3) = 0 [pid 5346] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5345] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5339] mkdir("./bus", 0777) = 0 [pid 5339] mount("/dev/loop5", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5340] munmap(0x7f416ec64000, 138412032) = 0 [ 89.192251][ T5336] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 89.212150][ T5339] BTRFS warning: duplicate device /dev/loop5 devid 1 generation 8 scanned by syz-executor340 (5339) [ 89.229770][ T5336] BTRFS info (device loop0): force zlib compression, level 3 [pid 5340] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5339] <... mount resumed>) = -1 EEXIST (File exists) [pid 5339] ioctl(4, LOOP_CLR_FD [pid 5340] <... openat resumed>) = 4 [pid 5340] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5340] close(3) = 0 [pid 5340] mkdir("./bus", 0777) = 0 [ 89.244393][ T5336] BTRFS info (device loop0): allowing degraded mounts [ 89.251557][ T5336] BTRFS info (device loop0): using free space tree [ 89.272920][ T5340] loop4: detected capacity change from 0 to 32768 [pid 5340] mount("/dev/loop4", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = -1 EEXIST (File exists) [ 89.292141][ T5340] BTRFS warning: duplicate device /dev/loop4 devid 1 generation 8 scanned by syz-executor340 (5340) [ 89.423084][ T5336] BTRFS info (device loop0): auto enabling async discard [pid 5340] ioctl(4, LOOP_CLR_FD [pid 5336] <... mount resumed>) = 0 [pid 5336] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5345] <... write resumed>) = 16777216 [pid 5336] <... openat resumed>) = 3 [pid 5336] chdir("./bus") = 0 [pid 5345] munmap(0x7f416ec64000, 138412032 [pid 5336] ioctl(4, LOOP_CLR_FD) = 0 [pid 5342] <... write resumed>) = 16777216 [pid 5336] close(4 [pid 5342] munmap(0x7f416ec64000, 138412032 [pid 5336] <... close resumed>) = 0 [pid 5336] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5334] <... futex resumed>) = 0 [pid 5334] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5334] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5345] <... munmap resumed>) = 0 [pid 5336] open("./file0", O_RDONLY [pid 5345] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5336] <... open resumed>) = 4 [pid 5345] <... openat resumed>) = 4 [pid 5336] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5345] ioctl(4, LOOP_SET_FD, 3 [pid 5336] <... futex resumed>) = 1 [pid 5334] <... futex resumed>) = 0 [pid 5334] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5345] <... ioctl resumed>) = 0 [pid 5342] <... munmap resumed>) = 0 [pid 5336] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5334] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5342] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5342] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5342] close(3) = 0 [pid 5345] close(3) = 0 [pid 5345] mkdir("./bus", 0777 [pid 5342] mkdir("./bus", 0777 [pid 5345] <... mkdir resumed>) = 0 [pid 5345] mount("/dev/loop3", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5342] <... mkdir resumed>) = 0 [pid 5342] mount("/dev/loop2", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5339] <... ioctl resumed>) = 0 [pid 5339] close(4 [pid 5334] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5334] futex(0x7f41771546dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5334] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4177043000 [pid 5334] mprotect(0x7f4177044000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5334] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5339] <... close resumed>) = 0 [pid 5334] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177063990, parent_tid=0x7f4177063990, exit_signal=0, stack=0x7f4177043000, stack_size=0x20300, tls=0x7f41770636c0} [pid 5339] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5337] <... futex resumed>) = 0 [pid 5334] <... clone3 resumed> => {parent_tid=[5362]}, 88) = 5362 [pid 5339] open("./file0", O_RDONLY [pid 5337] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5334] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5362 attached [pid 5339] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 5337] <... futex resumed>) = 0 [pid 5334] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5362] rseq(0x7f4177063fe0, 0x20, 0, 0x53053053 [ 89.573631][ T5345] loop3: detected capacity change from 0 to 32768 [ 89.586133][ T5342] loop2: detected capacity change from 0 to 32768 [ 89.611234][ T5345] BTRFS warning: duplicate device /dev/loop3 devid 1 generation 8 scanned by syz-executor340 (5345) [pid 5339] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5337] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5334] futex(0x7f41771546d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5362] <... rseq resumed>) = 0 [pid 5339] <... futex resumed>) = 0 [pid 5339] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5334] <... futex resumed>) = 0 [pid 5334] futex(0x7f41771546dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5362] set_robust_list(0x7f41770639a0, 24 [pid 5337] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5337] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5362] <... set_robust_list resumed>) = 0 [pid 5362] rt_sigprocmask(SIG_SETMASK, [], [pid 5339] <... futex resumed>) = 0 [pid 5337] <... futex resumed>) = 1 [pid 5362] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5339] ioctl(-1, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = -1 EBADF (Bad file descriptor) [pid 5362] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5339] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5337] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5339] <... futex resumed>) = 0 [pid 5339] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5362] <... openat resumed>) = 5 [pid 5337] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5362] write(5, "15", 2) = 2 [pid 5337] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5362] creat("./bus", 000 [pid 5339] <... futex resumed>) = 0 [pid 5337] <... futex resumed>) = 1 [pid 5336] <... ioctl resumed>) = 0 [pid 5339] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5336] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5339] <... openat resumed>) = 3 [pid 5336] <... futex resumed>) = 0 [pid 5345] <... mount resumed>) = -1 EEXIST (File exists) [pid 5339] write(3, "15", 2 [pid 5336] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5345] ioctl(4, LOOP_CLR_FD [pid 5339] <... write resumed>) = 2 [pid 5339] creat("./bus", 000) = -1 EISDIR (Is a directory) [pid 5339] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5339] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5340] <... ioctl resumed>) = 0 [pid 5340] close(4 [pid 5337] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5340] <... close resumed>) = 0 [pid 5340] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5338] <... futex resumed>) = 0 [pid 5340] open("./file0", O_RDONLY [pid 5338] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5337] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5337] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5337] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5340] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 5339] <... futex resumed>) = 0 [pid 5338] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5340] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5339] mkdir(".", 0777 [pid 5340] <... futex resumed>) = 1 [pid 5339] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5338] <... futex resumed>) = 0 [ 89.666808][ T5362] FAULT_INJECTION: forcing a failure. [ 89.666808][ T5362] name failslab, interval 1, probability 0, space 0, times 0 [ 89.696024][ T5362] CPU: 1 PID: 5362 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [pid 5339] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5338] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5334] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5340] ioctl(-1, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5338] <... futex resumed>) = 0 [pid 5334] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5340] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5334] <... futex resumed>) = 1 [pid 5340] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5338] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5334] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5340] <... futex resumed>) = 0 [pid 5338] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5340] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5338] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5336] <... futex resumed>) = 0 [pid 5340] <... openat resumed>) = 3 [pid 5338] <... futex resumed>) = 0 [pid 5336] mkdir(".", 0777 [pid 5340] write(3, "15", 2 [pid 5338] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5336] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5342] <... mount resumed>) = -1 EEXIST (File exists) [pid 5340] <... write resumed>) = 2 [pid 5336] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5342] ioctl(4, LOOP_CLR_FD [ 89.707325][ T5362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 89.711245][ T5339] FAULT_INJECTION: forcing a failure. [ 89.711245][ T5339] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 89.717571][ T5362] Call Trace: [ 89.717607][ T5362] [ 89.717617][ T5362] dump_stack_lvl+0x1e7/0x2d0 [ 89.717649][ T5362] ? nf_tcp_handle_invalid+0x650/0x650 [ 89.733199][ T5342] BTRFS warning: duplicate device /dev/loop2 devid 1 generation 8 scanned by syz-executor340 (5342) [ 89.734610][ T5362] ? panic+0x770/0x770 [ 89.734636][ T5362] ? __might_sleep+0xc0/0xc0 [ 89.734665][ T5362] should_fail_ex+0x3aa/0x4e0 [ 89.771953][ T5362] should_failslab+0x9/0x20 [ 89.776730][ T5362] slab_pre_alloc_hook+0x59/0x310 [ 89.781765][ T5362] ? join_transaction+0x144/0xce0 [ 89.786906][ T5362] __kmem_cache_alloc_node+0x4b/0x270 [ 89.792746][ T5362] ? do_raw_spin_unlock+0x13b/0x8b0 [ 89.798077][ T5362] ? join_transaction+0x144/0xce0 [ 89.803102][ T5362] kmalloc_trace+0x2a/0xe0 [ 89.807925][ T5362] join_transaction+0x144/0xce0 [ 89.813214][ T5362] start_transaction+0xb71/0x11a0 [ 89.818332][ T5362] btrfs_create_common+0x1d6/0x300 [ 89.823626][ T5362] ? btrfs_tmpfile+0x4e0/0x4e0 [ 89.828588][ T5362] ? do_raw_spin_unlock+0x13b/0x8b0 [ 89.833902][ T5362] ? btrfs_create+0x75/0x140 [ 89.838591][ T5362] ? btrfs_lookup+0x40/0x40 [ 89.843555][ T5362] path_openat+0x13e7/0x3180 [ 89.848209][ T5362] ? do_filp_open+0x490/0x490 [ 89.853084][ T5362] do_filp_open+0x234/0x490 [ 89.857587][ T5362] ? vfs_tmpfile+0x4b0/0x4b0 [ 89.862283][ T5362] ? _raw_spin_unlock+0x28/0x40 [ 89.867125][ T5362] ? alloc_fd+0x59c/0x640 [ 89.871459][ T5362] do_sys_openat2+0x13e/0x1d0 [ 89.876136][ T5362] ? do_sys_open+0x230/0x230 [ 89.880813][ T5362] ? _raw_spin_unlock_irq+0x2e/0x50 [ 89.886104][ T5362] ? ptrace_notify+0x278/0x380 [ 89.891351][ T5362] __x64_sys_creat+0x123/0x160 [ 89.896307][ T5362] ? __x64_compat_sys_openat+0x290/0x290 [ 89.901962][ T5362] ? syscall_enter_from_user_mode+0x32/0x230 [ 89.908070][ T5362] ? syscall_enter_from_user_mode+0x8c/0x230 [ 89.914193][ T5362] do_syscall_64+0x41/0xc0 [ 89.918724][ T5362] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 89.924646][ T5362] RIP: 0033:0x7f41770c8049 [ 89.929068][ T5362] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 89.949631][ T5362] RSP: 002b:00007f4177063208 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 89.958340][ T5362] RAX: ffffffffffffffda RBX: 00007f41771546d8 RCX: 00007f41770c8049 [pid 5340] creat("./bus", 000) = -1 EISDIR (Is a directory) [pid 5340] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5338] <... futex resumed>) = 0 [ 89.966412][ T5362] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000040 [ 89.974477][ T5362] RBP: 00007f41771546d0 R08: 00007f4177062fa6 R09: 0000000000003531 [ 89.982637][ T5362] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f41771211d0 [ 89.990797][ T5362] R13: 00007f4177063210 R14: 0000000000000002 R15: 00007f417711c070 [ 89.998804][ T5362] [ 90.024192][ T5339] CPU: 0 PID: 5339 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 90.035479][ T5339] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 90.045826][ T5339] Call Trace: [ 90.049481][ T5339] [ 90.052534][ T5339] dump_stack_lvl+0x1e7/0x2d0 [ 90.057590][ T5339] ? nf_tcp_handle_invalid+0x650/0x650 [ 90.063087][ T5339] ? panic+0x770/0x770 [ 90.067373][ T5339] should_fail_ex+0x3aa/0x4e0 [ 90.072183][ T5339] strncpy_from_user+0x36/0x2e0 [ 90.077123][ T5339] getname_flags+0xf9/0x4f0 [ 90.081817][ T5339] user_path_at_empty+0x2c/0x60 [ 90.086664][ T5339] __se_sys_mount+0x29a/0x3c0 [ 90.091432][ T5339] ? __x64_sys_mount+0xc0/0xc0 [ 90.096364][ T5339] ? syscall_enter_from_user_mode+0x32/0x230 [ 90.102517][ T5339] ? __x64_sys_mount+0x20/0xc0 [ 90.107458][ T5339] do_syscall_64+0x41/0xc0 [ 90.111953][ T5339] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 90.117841][ T5339] RIP: 0033:0x7f41770c949a [ 90.122275][ T5339] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 90.142485][ T5339] RSP: 002b:00007f4177084028 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 90.151063][ T5339] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f41770c949a [ 90.160435][ T5339] RDX: 0000000020000180 RSI: 0000000020000100 RDI: 0000000000000000 [pid 5340] mkdir(".", 0777 [pid 5338] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5362] <... creat resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 5346] <... write resumed>) = 16777216 [pid 5340] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5339] <... mount resumed>) = -1 EFAULT (Bad address) [pid 5338] <... futex resumed>) = 0 [pid 5362] futex(0x7f41771546dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5346] munmap(0x7f416ec64000, 138412032 [pid 5340] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5338] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5362] <... futex resumed>) = 0 [pid 5339] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5362] futex(0x7f41771546d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5339] <... futex resumed>) = 1 [pid 5337] <... futex resumed>) = 0 [pid 5337] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5337] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5339] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0) = -1 EBADF (Bad file descriptor) [pid 5339] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5339] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5337] <... futex resumed>) = 0 [pid 5337] exit_group(0) = ? [pid 5339] <... futex resumed>) = ? [pid 5346] <... munmap resumed>) = 0 [ 90.168497][ T5339] RBP: 0000000020000180 R08: 00007f41770840c0 R09: 0000000000000000 [ 90.176458][ T5339] R10: 0000000001a404bc R11: 0000000000000286 R12: 0000000000000000 [ 90.184511][ T5339] R13: 0000000020000100 R14: 0000000000000000 R15: 00007f41770840c0 [ 90.192583][ T5339] [ 90.202340][ T5340] FAULT_INJECTION: forcing a failure. [ 90.202340][ T5340] name failslab, interval 1, probability 0, space 0, times 0 [pid 5346] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5346] ioctl(4, LOOP_SET_FD, 3 [pid 5339] +++ exited with 0 +++ [pid 5337] +++ exited with 0 +++ [pid 5030] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5337, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=35 /* 0.35 s */} --- [pid 5030] umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5030] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5030] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5030] getdents64(3, 0x555555981730 /* 4 entries */, 32768) = 104 [pid 5030] umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5030] newfstatat(AT_FDCWD, "./8/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5030] umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 90.229378][ T5346] loop1: detected capacity change from 0 to 32768 [ 90.245926][ T2430] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 90.273571][ T5336] BTRFS error (device loop0: state M): unrecognized mount option '18446744073709551615017777777777777777777770177777777777777777777718446744073709551615lbZ~Ƣ8žH~אa*Oѓ< 5^Sus%e [ 90.273571][ T5336] /ĖEaofmߚtҮ~г#a C$n-SGWmxeGy|sL=~ä_;N' [ 90.282328][ T5340] CPU: 1 PID: 5340 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 90.314502][ T5340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 90.324900][ T5340] Call Trace: [ 90.328208][ T5340] [ 90.331149][ T5340] dump_stack_lvl+0x1e7/0x2d0 [ 90.335851][ T5340] ? nf_tcp_handle_invalid+0x650/0x650 [ 90.341513][ T5340] ? panic+0x770/0x770 [ 90.345629][ T5340] should_fail_ex+0x3aa/0x4e0 [ 90.350420][ T5340] should_failslab+0x9/0x20 [ 90.355301][ T5340] slab_pre_alloc_hook+0x59/0x310 [ 90.360559][ T5340] ? tomoyo_encode+0x26f/0x530 [ 90.366166][ T5340] __kmem_cache_alloc_node+0x4b/0x270 [ 90.368155][ T5345] FAULT_INJECTION: forcing a failure. [ 90.368155][ T5345] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 90.371549][ T5340] ? arch_stack_walk+0x162/0x1a0 [ 90.389872][ T5340] ? tomoyo_encode+0x26f/0x530 [ 90.394657][ T5340] __kmalloc+0xa8/0x230 [ 90.398990][ T5340] tomoyo_encode+0x26f/0x530 [ 90.403595][ T5340] tomoyo_mount_permission+0x356/0xb80 [ 90.409055][ T5340] ? __stack_depot_save+0x20/0x650 [ 90.414159][ T5340] ? tomoyo_mount_permission+0x295/0xb80 [ 90.419884][ T5340] ? tomoyo_get_name+0x510/0x510 [ 90.425119][ T5340] security_sb_mount+0x8c/0xc0 [ 90.429941][ T5340] path_mount+0xb9/0xfa0 [ 90.434211][ T5340] ? kmem_cache_free+0x292/0x500 [ 90.439200][ T5340] ? user_path_at_empty+0x4c/0x60 [ 90.444501][ T5340] __se_sys_mount+0x2d9/0x3c0 [ 90.449249][ T5340] ? __x64_sys_mount+0xc0/0xc0 [ 90.454108][ T5340] ? syscall_enter_from_user_mode+0x32/0x230 [ 90.460174][ T5340] ? __x64_sys_mount+0x20/0xc0 [ 90.464956][ T5340] do_syscall_64+0x41/0xc0 [ 90.469381][ T5340] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 90.475645][ T5340] RIP: 0033:0x7f41770c949a [ 90.480349][ T5340] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 90.500956][ T5340] RSP: 002b:00007f4177084028 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 90.509780][ T5340] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f41770c949a [ 90.519007][ T5340] RDX: 0000000020000180 RSI: 0000000020000100 RDI: 0000000000000000 [pid 5345] <... ioctl resumed>) = 0 [pid 5336] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5345] close(4) = 0 [pid 5345] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5346] <... ioctl resumed>) = 0 [pid 5345] <... futex resumed>) = 1 [pid 5346] close(3 [pid 5345] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5346] <... close resumed>) = 0 [pid 5346] mkdir("./bus", 0777) = 0 [pid 5346] mount("/dev/loop1", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5336] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5336] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5334] <... futex resumed>) = 0 [pid 5334] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5336] <... futex resumed>) = 0 [pid 5336] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0) = -1 EBADF (Bad file descriptor) [pid 5336] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5336] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5334] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5334] exit_group(0) = ? [pid 5336] <... futex resumed>) = ? [pid 5336] +++ exited with 0 +++ [pid 5343] <... futex resumed>) = 0 [pid 5343] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5345] <... futex resumed>) = 0 [pid 5343] <... futex resumed>) = 1 [pid 5345] open("./file0", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5345] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5345] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5343] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5343] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5345] <... futex resumed>) = 0 [pid 5343] <... futex resumed>) = 1 [pid 5345] ioctl(-1, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = -1 EBADF (Bad file descriptor) [pid 5345] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5345] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5343] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5343] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5345] <... futex resumed>) = 0 [pid 5343] <... futex resumed>) = 1 [pid 5345] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3 [pid 5345] write(3, "15", 2) = 2 [pid 5345] creat("./bus", 000) = -1 EISDIR (Is a directory) [pid 5345] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5345] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5343] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5343] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5345] <... futex resumed>) = 0 [pid 5343] <... futex resumed>) = 1 [pid 5345] mkdir(".", 0777) = -1 EEXIST (File exists) [ 90.527436][ T5340] RBP: 0000000020000180 R08: 00007f41770840c0 R09: 0000000000000000 [ 90.535426][ T5340] R10: 0000000001a404bc R11: 0000000000000286 R12: 0000000000000000 [ 90.543698][ T5340] R13: 0000000020000100 R14: 0000000000000000 R15: 00007f41770840c0 [ 90.551817][ T5340] [ 90.561959][ T5346] BTRFS warning: duplicate device /dev/loop1 devid 1 generation 8 scanned by syz-executor340 (5346) [ 90.563660][ T5345] CPU: 1 PID: 5345 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 90.584144][ T5345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 90.594392][ T5345] Call Trace: [ 90.597670][ T5345] [ 90.600595][ T5345] dump_stack_lvl+0x1e7/0x2d0 [ 90.605298][ T5345] ? nf_tcp_handle_invalid+0x650/0x650 [ 90.610752][ T5345] ? panic+0x770/0x770 [ 90.614846][ T5345] should_fail_ex+0x3aa/0x4e0 [ 90.619523][ T5345] strncpy_from_user+0x36/0x2e0 [ 90.624378][ T5345] getname_flags+0xf9/0x4f0 [ 90.628976][ T5345] user_path_at_empty+0x2c/0x60 [ 90.634212][ T5345] __se_sys_mount+0x29a/0x3c0 [ 90.639062][ T5345] ? __x64_sys_mount+0xc0/0xc0 [ 90.643833][ T5345] ? syscall_enter_from_user_mode+0x32/0x230 [ 90.649860][ T5345] ? __x64_sys_mount+0x20/0xc0 [ 90.654736][ T5345] do_syscall_64+0x41/0xc0 [ 90.659151][ T5345] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 90.665047][ T5345] RIP: 0033:0x7f41770c949a [ 90.669915][ T5345] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 90.689948][ T5345] RSP: 002b:00007f4177084028 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 90.698394][ T5345] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f41770c949a [ 90.706533][ T5345] RDX: 0000000020000180 RSI: 0000000020000100 RDI: 0000000000000000 [ 90.714496][ T5345] RBP: 0000000020000180 R08: 00007f41770840c0 R09: 0000000000000000 [ 90.722470][ T5345] R10: 0000000001a404bc R11: 0000000000000286 R12: 0000000000000000 [pid 5345] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5362] <... futex resumed>) = ? [pid 5343] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5030] openat(AT_FDCWD, "./8/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5362] +++ exited with 0 +++ [pid 5346] <... mount resumed>) = -1 EEXIST (File exists) [pid 5334] +++ exited with 0 +++ [pid 5030] <... openat resumed>) = 4 [pid 5025] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5334, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=34 /* 0.34 s */} --- [pid 5345] <... mount resumed>) = -1 EFAULT (Bad address) [pid 5345] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5345] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5343] <... futex resumed>) = 0 [pid 5025] umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5025] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5025] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5025] getdents64(3, 0x555555981730 /* 4 entries */, 32768) = 104 [pid 5025] umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5343] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5340] <... mount resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 5343] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5340] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5338] <... futex resumed>) = 0 [pid 5340] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5338] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5340] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5338] <... futex resumed>) = 0 [pid 5340] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5338] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5340] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5340] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5338] <... futex resumed>) = 0 [pid 5340] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5338] exit_group(0 [pid 5340] <... futex resumed>) = ? [pid 5338] <... exit_group resumed>) = ? [pid 5340] +++ exited with 0 +++ [pid 5338] +++ exited with 0 +++ [pid 5029] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5338, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=33 /* 0.33 s */} --- [pid 5029] umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5029] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5029] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5029] getdents64(3, [pid 5030] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5030] getdents64(4, 0x555555989770 /* 2 entries */, 32768) = 48 [pid 5030] getdents64(4, 0x555555989770 /* 0 entries */, 32768) = 0 [pid 5030] close(4) = 0 [pid 5030] rmdir("./8/bus" [pid 5345] <... futex resumed>) = 0 [pid 5030] <... rmdir resumed>) = 0 [pid 5029] <... getdents64 resumed>0x555555981730 /* 4 entries */, 32768) = 104 [pid 5030] umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5029] umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5346] ioctl(4, LOOP_CLR_FD [pid 5345] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5030] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5029] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5345] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5030] newfstatat(AT_FDCWD, "./8/binderfs", [pid 5029] newfstatat(AT_FDCWD, "./10/bus", [pid 5345] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5030] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5029] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5345] <... futex resumed>) = 1 [pid 5343] <... futex resumed>) = 0 [pid 5030] unlink("./8/binderfs" [pid 5029] umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5345] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5343] exit_group(0 [pid 5030] <... unlink resumed>) = 0 [pid 5029] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5343] <... exit_group resumed>) = ? [pid 5345] <... futex resumed>) = ? [pid 5345] +++ exited with 0 +++ [pid 5343] +++ exited with 0 +++ [pid 5030] getdents64(3, [pid 5029] openat(AT_FDCWD, "./10/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5028] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5343, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=35 /* 0.35 s */} --- [pid 5030] <... getdents64 resumed>0x555555981730 /* 0 entries */, 32768) = 0 [pid 5029] <... openat resumed>) = 4 [ 90.730433][ T5345] R13: 0000000020000100 R14: 0000000000000000 R15: 00007f41770840c0 [ 90.738516][ T5345] [pid 5030] close(3) = 0 [pid 5028] umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5030] rmdir("./8" [pid 5029] newfstatat(4, "", [pid 5028] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5030] <... rmdir resumed>) = 0 [pid 5029] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5028] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5029] getdents64(4, [pid 5028] <... openat resumed>) = 3 [pid 5029] <... getdents64 resumed>0x555555989770 /* 2 entries */, 32768) = 48 [pid 5028] newfstatat(3, "", [pid 5029] getdents64(4, [pid 5028] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5029] <... getdents64 resumed>0x555555989770 /* 0 entries */, 32768) = 0 [pid 5028] getdents64(3, [pid 5029] close(4 [pid 5028] <... getdents64 resumed>0x555555981730 /* 4 entries */, 32768) = 104 [pid 5029] <... close resumed>) = 0 [pid 5028] umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5029] rmdir("./10/bus" [pid 5028] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5030] mkdir("./9", 0777 [pid 5029] <... rmdir resumed>) = 0 [pid 5028] newfstatat(AT_FDCWD, "./9/bus", [pid 5342] <... ioctl resumed>) = 0 [pid 5029] umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5028] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5030] <... mkdir resumed>) = 0 [pid 5029] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5028] umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5029] newfstatat(AT_FDCWD, "./10/binderfs", [pid 5028] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5030] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5029] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5028] openat(AT_FDCWD, "./9/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5030] <... openat resumed>) = 3 [pid 5029] unlink("./10/binderfs" [pid 5028] <... openat resumed>) = 4 [pid 5028] newfstatat(4, "", [pid 5030] ioctl(3, LOOP_CLR_FD [pid 5028] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5342] close(4 [pid 5030] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5029] <... unlink resumed>) = 0 [pid 5028] getdents64(4, 0x555555989770 /* 2 entries */, 32768) = 48 [pid 5028] getdents64(4, [pid 5342] <... close resumed>) = 0 [pid 5028] <... getdents64 resumed>0x555555989770 /* 0 entries */, 32768) = 0 [pid 5030] close(3 [pid 5029] getdents64(3, [pid 5028] close(4) = 0 [pid 5028] rmdir("./9/bus" [pid 5029] <... getdents64 resumed>0x555555981730 /* 0 entries */, 32768) = 0 [pid 5028] <... rmdir resumed>) = 0 [pid 5029] close(3 [pid 5028] umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5029] <... close resumed>) = 0 [pid 5028] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5029] rmdir("./10" [pid 5028] newfstatat(AT_FDCWD, "./9/binderfs", [pid 5029] <... rmdir resumed>) = 0 [pid 5028] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5028] unlink("./9/binderfs") = 0 [pid 5028] getdents64(3, [pid 5030] <... close resumed>) = 0 [pid 5028] <... getdents64 resumed>0x555555981730 /* 0 entries */, 32768) = 0 [pid 5030] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5029] mkdir("./11", 0777 [pid 5028] close(3 [pid 5342] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5029] <... mkdir resumed>) = 0 [pid 5028] <... close resumed>) = 0 [pid 5029] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5028] rmdir("./9" [pid 5029] <... openat resumed>) = 3 [pid 5028] <... rmdir resumed>) = 0 [pid 5030] <... clone resumed>, child_tidptr=0x555555980690) = 5363 [pid 5029] ioctl(3, LOOP_CLR_FD [pid 5028] mkdir("./10", 0777./strace-static-x86_64: Process 5363 attached [pid 5029] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5028] <... mkdir resumed>) = 0 [pid 5363] set_robust_list(0x5555559806a0, 24 [pid 5029] close(3 [pid 5028] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5363] <... set_robust_list resumed>) = 0 [pid 5029] <... close resumed>) = 0 [pid 5028] <... openat resumed>) = 3 [pid 5363] chdir("./9" [pid 5029] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5363] <... chdir resumed>) = 0 [pid 5342] <... futex resumed>) = 1 [pid 5341] <... futex resumed>) = 0 [pid 5363] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5341] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5028] ioctl(3, LOOP_CLR_FD [pid 5363] <... prctl resumed>) = 0 [pid 5342] open("./file0", O_RDONLY [pid 5341] <... futex resumed>) = 0 [pid 5028] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5341] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5028] close(3) = 0 [pid 5363] setpgid(0, 0 [pid 5029] <... clone resumed>, child_tidptr=0x555555980690) = 5364 [pid 5028] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5342] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 5342] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5341] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5364 attached [pid 5363] <... setpgid resumed>) = 0 [pid 5364] set_robust_list(0x5555559806a0, 24 [pid 5363] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5028] <... clone resumed>, child_tidptr=0x555555980690) = 5365 [pid 5364] <... set_robust_list resumed>) = 0 [pid 5363] <... openat resumed>) = 3 [pid 5342] ioctl(-1, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5341] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5364] chdir("./11" [pid 5342] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5341] <... futex resumed>) = 0 [pid 5364] <... chdir resumed>) = 0 [pid 5341] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5364] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5342] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5364] <... prctl resumed>) = 0 [pid 5342] <... futex resumed>) = 1 [pid 5341] <... futex resumed>) = 0 [pid 5364] setpgid(0, 0 [pid 5363] write(3, "1000", 4 [pid 5342] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5341] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5364] <... setpgid resumed>) = 0 [pid 5363] <... write resumed>) = 4 [pid 5364] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5363] close(3 [pid 5364] <... openat resumed>) = 3 [pid 5363] <... close resumed>) = 0 [pid 5363] symlink("/dev/binderfs", "./binderfs"./strace-static-x86_64: Process 5365 attached [pid 5364] write(3, "1000", 4 [pid 5363] <... symlink resumed>) = 0 [pid 5342] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5341] <... futex resumed>) = 0 [pid 5342] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5341] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5364] <... write resumed>) = 4 [pid 5364] close(3 [pid 5342] <... openat resumed>) = 3 [pid 5365] set_robust_list(0x5555559806a0, 24 [pid 5364] <... close resumed>) = 0 [pid 5363] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5364] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5363] <... futex resumed>) = 0 [pid 5363] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, [pid 5364] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5363] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5364] <... futex resumed>) = 0 [pid 5363] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5364] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, [pid 5363] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5365] <... set_robust_list resumed>) = 0 [pid 5364] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5363] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5364] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5363] <... mmap resumed>) = 0x7f4177064000 [pid 5364] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5363] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE [pid 5364] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5363] <... mprotect resumed>) = 0 [pid 5364] <... mmap resumed>) = 0x7f4177064000 [pid 5364] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE [pid 5363] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5364] <... mprotect resumed>) = 0 [pid 5364] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5363] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5364] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0} [pid 5363] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0}./strace-static-x86_64: Process 5366 attached ./strace-static-x86_64: Process 5367 attached [pid 5366] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053 [pid 5364] <... clone3 resumed> => {parent_tid=[5366]}, 88) = 5366 [pid 5363] <... clone3 resumed> => {parent_tid=[5367]}, 88) = 5367 [pid 5367] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053 [pid 5365] chdir("./10") = 0 [pid 5363] rt_sigprocmask(SIG_SETMASK, [], [pid 5342] write(3, "15", 2 [pid 5367] <... rseq resumed>) = 0 [pid 5366] <... rseq resumed>) = 0 [pid 5364] rt_sigprocmask(SIG_SETMASK, [], [pid 5363] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5367] set_robust_list(0x7f41770849a0, 24 [pid 5366] set_robust_list(0x7f41770849a0, 24 [pid 5364] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5367] <... set_robust_list resumed>) = 0 [pid 5366] <... set_robust_list resumed>) = 0 [pid 5364] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5363] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5367] rt_sigprocmask(SIG_SETMASK, [], [pid 5366] rt_sigprocmask(SIG_SETMASK, [], [pid 5364] <... futex resumed>) = 0 [pid 5367] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5366] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5365] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5364] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5363] <... futex resumed>) = 0 [pid 5342] <... write resumed>) = 2 [pid 5366] memfd_create("syzkaller", 0 [pid 5367] memfd_create("syzkaller", 0 [pid 5363] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5342] creat("./bus", 000 [pid 5365] <... prctl resumed>) = 0 [pid 5366] <... memfd_create resumed>) = 3 [pid 5365] setpgid(0, 0 [pid 5342] <... creat resumed>) = -1 EISDIR (Is a directory) [pid 5365] <... setpgid resumed>) = 0 [pid 5367] <... memfd_create resumed>) = 3 [pid 5366] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5365] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5342] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5365] <... openat resumed>) = 3 [pid 5342] <... futex resumed>) = 1 [pid 5365] write(3, "1000", 4 [pid 5341] <... futex resumed>) = 0 [pid 5365] <... write resumed>) = 4 [pid 5341] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5365] close(3 [pid 5367] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5366] <... mmap resumed>) = 0x7f416ec64000 [pid 5365] <... close resumed>) = 0 [pid 5342] mkdir(".", 0777 [pid 5341] <... futex resumed>) = 0 [pid 5365] symlink("/dev/binderfs", "./binderfs" [pid 5342] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5341] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5367] <... mmap resumed>) = 0x7f416ec64000 [pid 5365] <... symlink resumed>) = 0 [pid 5342] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5365] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5365] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, NULL, 8) = 0 [pid 5365] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5365] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4177064000 [pid 5365] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE) = 0 [ 90.942694][ T5342] FAULT_INJECTION: forcing a failure. [ 90.942694][ T5342] name failslab, interval 1, probability 0, space 0, times 0 [pid 5365] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 91.010949][ T5342] CPU: 0 PID: 5342 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 91.022129][ T5342] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 91.032490][ T5342] Call Trace: [ 91.035975][ T5342] [ 91.038932][ T5342] dump_stack_lvl+0x1e7/0x2d0 [ 91.043646][ T5342] ? nf_tcp_handle_invalid+0x650/0x650 [ 91.049298][ T5342] ? panic+0x770/0x770 [ 91.053492][ T5342] should_fail_ex+0x3aa/0x4e0 [ 91.058220][ T5342] should_failslab+0x9/0x20 [ 91.062854][ T5342] slab_pre_alloc_hook+0x59/0x310 [ 91.067992][ T5342] ? tomoyo_encode+0x26f/0x530 [ 91.073120][ T5342] __kmem_cache_alloc_node+0x4b/0x270 [ 91.078786][ T5342] ? arch_stack_walk+0x162/0x1a0 [ 91.083751][ T5342] ? tomoyo_encode+0x26f/0x530 [ 91.088551][ T5342] __kmalloc+0xa8/0x230 [ 91.092736][ T5342] tomoyo_encode+0x26f/0x530 [ 91.097354][ T5342] tomoyo_mount_permission+0x356/0xb80 [ 91.102942][ T5342] ? __stack_depot_save+0x20/0x650 [ 91.108083][ T5342] ? tomoyo_mount_permission+0x295/0xb80 [ 91.113755][ T5342] ? tomoyo_get_name+0x510/0x510 [ 91.118780][ T5342] security_sb_mount+0x8c/0xc0 [ 91.123832][ T5342] path_mount+0xb9/0xfa0 [ 91.128090][ T5342] ? kmem_cache_free+0x292/0x500 [ 91.133154][ T5342] ? user_path_at_empty+0x4c/0x60 [ 91.138202][ T5342] __se_sys_mount+0x2d9/0x3c0 [ 91.142902][ T5342] ? __x64_sys_mount+0xc0/0xc0 [ 91.147951][ T5342] ? syscall_enter_from_user_mode+0x32/0x230 [ 91.154138][ T5342] ? __x64_sys_mount+0x20/0xc0 [ 91.158933][ T5342] do_syscall_64+0x41/0xc0 [ 91.163369][ T5342] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 91.169279][ T5342] RIP: 0033:0x7f41770c949a [ 91.173805][ T5342] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 91.193610][ T5342] RSP: 002b:00007f4177084028 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 91.194625][ T5346] FAULT_INJECTION: forcing a failure. [pid 5365] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0} [pid 5346] <... ioctl resumed>) = 0 [pid 5346] close(4) = 0 [pid 5346] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5346] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5344] <... futex resumed>) = 0 [pid 5344] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5346] <... futex resumed>) = 0 [pid 5344] <... futex resumed>) = 1 [pid 5346] open("./file0", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5346] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5346] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5344] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5344] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5346] <... futex resumed>) = 0 [pid 5344] <... futex resumed>) = 1 [pid 5346] ioctl(-1, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = -1 EBADF (Bad file descriptor) [pid 5346] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5346] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5344] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5344] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5346] <... futex resumed>) = 0 [pid 5344] <... futex resumed>) = 1 [pid 5346] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5344] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5346] <... openat resumed>) = 3 [pid 5346] write(3, "15", 2) = 2 [pid 5346] creat("./bus", 000) = -1 EISDIR (Is a directory) [pid 5346] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5344] <... futex resumed>) = 0 [pid 5346] mkdir(".", 0777 [pid 5344] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5346] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5344] <... futex resumed>) = 0 [pid 5346] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5344] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5368 attached [pid 5365] <... clone3 resumed> => {parent_tid=[5368]}, 88) = 5368 [pid 5342] <... mount resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 5368] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053 [pid 5365] rt_sigprocmask(SIG_SETMASK, [], [pid 5368] <... rseq resumed>) = 0 [pid 5365] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5342] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5368] set_robust_list(0x7f41770849a0, 24) = 0 [pid 5365] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5342] <... futex resumed>) = 1 [pid 5341] <... futex resumed>) = 0 [pid 5368] rt_sigprocmask(SIG_SETMASK, [], [pid 5365] <... futex resumed>) = 0 [pid 5342] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5341] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5368] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5365] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5342] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5341] <... futex resumed>) = 0 [pid 5342] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5368] memfd_create("syzkaller", 0 [pid 5342] <... futex resumed>) = 0 [pid 5341] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5368] <... memfd_create resumed>) = 3 [pid 5342] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5368] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5341] exit_group(0 [pid 5368] <... mmap resumed>) = 0x7f416ec64000 [pid 5341] <... exit_group resumed>) = ? [pid 5342] <... futex resumed>) = ? [pid 5342] +++ exited with 0 +++ [pid 5341] +++ exited with 0 +++ [ 91.194625][ T5346] name failslab, interval 1, probability 0, space 0, times 0 [ 91.202104][ T5342] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f41770c949a [ 91.202120][ T5342] RDX: 0000000020000180 RSI: 0000000020000100 RDI: 0000000000000000 [ 91.202133][ T5342] RBP: 0000000020000180 R08: 00007f41770840c0 R09: 0000000000000000 [ 91.202145][ T5342] R10: 0000000001a404bc R11: 0000000000000286 R12: 0000000000000000 [ 91.202156][ T5342] R13: 0000000020000100 R14: 0000000000000000 R15: 00007f41770840c0 [ 91.202182][ T5342] [pid 5027] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5341, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=38 /* 0.38 s */} --- [pid 5027] umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5027] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5027] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5027] getdents64(3, 0x555555981730 /* 4 entries */, 32768) = 104 [pid 5027] umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5027] newfstatat(AT_FDCWD, "./9/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5027] umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5027] openat(AT_FDCWD, "./9/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5027] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5027] getdents64(4, 0x555555989770 /* 2 entries */, 32768) = 48 [pid 5027] getdents64(4, 0x555555989770 /* 0 entries */, 32768) = 0 [pid 5027] close(4) = 0 [pid 5027] rmdir("./9/bus") = 0 [pid 5027] umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5027] newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5027] unlink("./9/binderfs") = 0 [pid 5027] getdents64(3, 0x555555981730 /* 0 entries */, 32768) = 0 [pid 5027] close(3) = 0 [pid 5027] rmdir("./9") = 0 [pid 5027] mkdir("./10", 0777) = 0 [pid 5027] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5027] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5027] close(3) = 0 [pid 5027] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555980690) = 5369 ./strace-static-x86_64: Process 5369 attached [pid 5369] set_robust_list(0x5555559806a0, 24) = 0 [pid 5369] chdir("./10") = 0 [pid 5369] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5369] setpgid(0, 0) = 0 [pid 5369] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5367] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5369] write(3, "1000", 4) = 4 [pid 5369] close(3) = 0 [pid 5369] symlink("/dev/binderfs", "./binderfs") = 0 [ 91.351985][ T5346] CPU: 0 PID: 5346 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 91.362747][ T5346] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 91.373357][ T5346] Call Trace: [ 91.376673][ T5346] [ 91.379713][ T5346] dump_stack_lvl+0x1e7/0x2d0 [ 91.384423][ T5346] ? nf_tcp_handle_invalid+0x650/0x650 [ 91.389931][ T5346] ? panic+0x770/0x770 [ 91.394214][ T5346] should_fail_ex+0x3aa/0x4e0 [ 91.399034][ T5346] should_failslab+0x9/0x20 [ 91.403830][ T5346] slab_pre_alloc_hook+0x59/0x310 [ 91.409060][ T5346] ? tomoyo_encode+0x26f/0x530 [ 91.413901][ T5346] __kmem_cache_alloc_node+0x4b/0x270 [ 91.419389][ T5346] ? arch_stack_walk+0x162/0x1a0 [ 91.424421][ T5346] ? tomoyo_encode+0x26f/0x530 [ 91.429331][ T5346] __kmalloc+0xa8/0x230 [ 91.433616][ T5346] tomoyo_encode+0x26f/0x530 [ 91.438253][ T5346] tomoyo_mount_permission+0x356/0xb80 [ 91.443851][ T5346] ? __stack_depot_save+0x20/0x650 [ 91.448996][ T5346] ? tomoyo_mount_permission+0x295/0xb80 [ 91.454748][ T5346] ? tomoyo_get_name+0x510/0x510 [ 91.460006][ T5346] security_sb_mount+0x8c/0xc0 [ 91.465144][ T5346] path_mount+0xb9/0xfa0 [ 91.470630][ T5346] ? kmem_cache_free+0x292/0x500 [ 91.475967][ T5346] ? user_path_at_empty+0x4c/0x60 [ 91.482122][ T5346] __se_sys_mount+0x2d9/0x3c0 [ 91.487049][ T5346] ? __x64_sys_mount+0xc0/0xc0 [ 91.491848][ T5346] ? syscall_enter_from_user_mode+0x32/0x230 [ 91.498131][ T5346] ? __x64_sys_mount+0x20/0xc0 [ 91.503116][ T5346] do_syscall_64+0x41/0xc0 [ 91.507748][ T5346] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 91.513891][ T5346] RIP: 0033:0x7f41770c949a [ 91.518348][ T5346] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 91.538617][ T5346] RSP: 002b:00007f4177084028 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [pid 5369] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5369] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, NULL, 8) = 0 [pid 5369] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5369] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4177064000 [pid 5369] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5369] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5369] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0} => {parent_tid=[5370]}, 88) = 5370 [pid 5369] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5369] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5369] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5370 attached [pid 5370] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053) = 0 [pid 5370] set_robust_list(0x7f41770849a0, 24) = 0 [pid 5370] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5370] memfd_create("syzkaller", 0) = 3 [pid 5370] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f416ec64000 [pid 5025] <... umount2 resumed>) = 0 [pid 5025] umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5025] newfstatat(AT_FDCWD, "./9/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5025] umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5025] openat(AT_FDCWD, "./9/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5025] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5025] getdents64(4, 0x555555989770 /* 2 entries */, 32768) = 48 [pid 5025] getdents64(4, 0x555555989770 /* 0 entries */, 32768) = 0 [pid 5025] close(4) = 0 [pid 5025] rmdir("./9/bus") = 0 [pid 5025] umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5025] newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5025] unlink("./9/binderfs") = 0 [pid 5025] getdents64(3, 0x555555981730 /* 0 entries */, 32768) = 0 [pid 5025] close(3) = 0 [pid 5025] rmdir("./9") = 0 [pid 5025] mkdir("./10", 0777) = 0 [pid 5025] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5025] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5025] close(3) = 0 [pid 5025] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555980690) = 5371 [ 91.547501][ T5346] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f41770c949a [ 91.555514][ T5346] RDX: 0000000020000180 RSI: 0000000020000100 RDI: 0000000000000000 [ 91.563879][ T5346] RBP: 0000000020000180 R08: 00007f41770840c0 R09: 0000000000000000 [ 91.572581][ T5346] R10: 0000000001a404bc R11: 0000000000000286 R12: 0000000000000000 [ 91.580592][ T5346] R13: 0000000020000100 R14: 0000000000000000 R15: 00007f41770840c0 [ 91.588885][ T5346] [pid 5366] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216./strace-static-x86_64: Process 5371 attached [pid 5346] <... mount resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 5371] set_robust_list(0x5555559806a0, 24 [pid 5346] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5371] <... set_robust_list resumed>) = 0 [pid 5346] <... futex resumed>) = 1 [pid 5344] <... futex resumed>) = 0 [pid 5346] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5344] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5371] chdir("./10") = 0 [pid 5346] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5344] <... futex resumed>) = 0 [pid 5371] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5346] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5344] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5371] <... prctl resumed>) = 0 [pid 5346] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5371] setpgid(0, 0 [pid 5346] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5371] <... setpgid resumed>) = 0 [pid 5346] <... futex resumed>) = 1 [pid 5344] <... futex resumed>) = 0 [pid 5344] exit_group(0 [pid 5371] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5344] <... exit_group resumed>) = ? [pid 5371] <... openat resumed>) = 3 [pid 5371] write(3, "1000", 4 [pid 5346] +++ exited with 0 +++ [pid 5344] +++ exited with 0 +++ [pid 5371] <... write resumed>) = 4 [pid 5371] close(3 [pid 5026] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5344, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=42 /* 0.42 s */} --- [pid 5371] <... close resumed>) = 0 [pid 5026] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5026] umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5026] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5026] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5026] getdents64(3, 0x555555981730 /* 4 entries */, 32768) = 104 [pid 5026] umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5371] symlink("/dev/binderfs", "./binderfs" [pid 5026] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5026] newfstatat(AT_FDCWD, "./10/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5371] <... symlink resumed>) = 0 [pid 5026] umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5371] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5026] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5371] <... futex resumed>) = 0 [pid 5026] openat(AT_FDCWD, "./10/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5371] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, NULL, 8) = 0 [pid 5371] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5371] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4177064000 [pid 5026] <... openat resumed>) = 4 [pid 5371] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5026] newfstatat(4, "", [pid 5371] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5371] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0}./strace-static-x86_64: Process 5372 attached [pid 5372] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053 [pid 5371] <... clone3 resumed> => {parent_tid=[5372]}, 88) = 5372 [pid 5372] <... rseq resumed>) = 0 [pid 5371] rt_sigprocmask(SIG_SETMASK, [], [pid 5372] set_robust_list(0x7f41770849a0, 24 [pid 5371] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5372] <... set_robust_list resumed>) = 0 [pid 5371] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5372] rt_sigprocmask(SIG_SETMASK, [], [pid 5371] <... futex resumed>) = 0 [pid 5026] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5372] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5371] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5026] getdents64(4, [pid 5372] memfd_create("syzkaller", 0 [pid 5026] <... getdents64 resumed>0x555555989770 /* 2 entries */, 32768) = 48 [pid 5372] <... memfd_create resumed>) = 3 [pid 5026] getdents64(4, 0x555555989770 /* 0 entries */, 32768) = 0 [pid 5372] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5026] close(4) = 0 [pid 5026] rmdir("./10/bus") = 0 [pid 5026] umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5026] newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5026] unlink("./10/binderfs") = 0 [pid 5372] <... mmap resumed>) = 0x7f416ec64000 [pid 5026] getdents64(3, 0x555555981730 /* 0 entries */, 32768) = 0 [pid 5026] close(3) = 0 [pid 5026] rmdir("./10") = 0 [pid 5026] mkdir("./11", 0777) = 0 [pid 5026] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5026] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5026] close(3) = 0 [pid 5026] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5373 attached [pid 5373] set_robust_list(0x5555559806a0, 24) = 0 [pid 5373] chdir("./11" [pid 5026] <... clone resumed>, child_tidptr=0x555555980690) = 5373 [pid 5373] <... chdir resumed>) = 0 [pid 5373] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5370] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5373] setpgid(0, 0) = 0 [pid 5373] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5373] write(3, "1000", 4) = 4 [pid 5373] close(3) = 0 [pid 5373] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5373] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5373] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, NULL, 8) = 0 [pid 5373] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5373] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4177064000 [pid 5373] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5373] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5373] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0}./strace-static-x86_64: Process 5374 attached [pid 5368] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5373] <... clone3 resumed> => {parent_tid=[5374]}, 88) = 5374 [pid 5373] rt_sigprocmask(SIG_SETMASK, [], [pid 5374] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053 [pid 5373] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5374] <... rseq resumed>) = 0 [pid 5373] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5374] set_robust_list(0x7f41770849a0, 24 [pid 5373] <... futex resumed>) = 0 [pid 5374] <... set_robust_list resumed>) = 0 [pid 5373] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5374] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5374] memfd_create("syzkaller", 0) = 3 [pid 5374] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f416ec64000 [pid 5367] <... write resumed>) = 16777216 [pid 5367] munmap(0x7f416ec64000, 138412032) = 0 [pid 5367] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 5367] ioctl(4, LOOP_SET_FD, 3 [pid 5372] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5367] <... ioctl resumed>) = 0 [pid 5367] close(3) = 0 [pid 5367] mkdir("./bus", 0777) = 0 [ 92.043108][ T5367] loop5: detected capacity change from 0 to 32768 [ 92.055868][ T5367] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop5 scanned by syz-executor340 (5367) [ 92.132512][ T5367] BTRFS info (device loop5): using crc32c (crc32c-intel) checksum algorithm [ 92.141455][ T5367] BTRFS info (device loop5): doing ref verification [pid 5367] mount("/dev/loop5", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5366] <... write resumed>) = 16777216 [pid 5366] munmap(0x7f416ec64000, 138412032) = 0 [pid 5374] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5366] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [ 92.173889][ T5367] BTRFS warning (device loop5): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 92.212512][ T5367] BTRFS info (device loop5): force zlib compression, level 3 [pid 5366] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5366] close(3) = 0 [ 92.219957][ T5367] BTRFS info (device loop5): allowing degraded mounts [ 92.227442][ T5366] loop4: detected capacity change from 0 to 32768 [pid 5366] mkdir("./bus", 0777) = 0 [pid 5366] mount("/dev/loop4", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = -1 EEXIST (File exists) [ 92.272093][ T5367] BTRFS info (device loop5): using free space tree [ 92.280664][ T5366] BTRFS warning: duplicate device /dev/loop4 devid 1 generation 8 scanned by syz-executor340 (5366) [pid 5366] ioctl(4, LOOP_CLR_FD [pid 5370] <... write resumed>) = 16777216 [pid 5370] munmap(0x7f416ec64000, 138412032 [pid 5368] <... write resumed>) = 16777216 [pid 5370] <... munmap resumed>) = 0 [pid 5368] munmap(0x7f416ec64000, 138412032) = 0 [pid 5368] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5368] ioctl(4, LOOP_SET_FD, 3 [pid 5370] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5370] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5370] close(3) = 0 [pid 5370] mkdir("./bus", 0777 [pid 5368] <... ioctl resumed>) = 0 [pid 5370] <... mkdir resumed>) = 0 [pid 5368] close(3) = 0 [pid 5368] mkdir("./bus", 0777 [pid 5370] mount("/dev/loop2", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5368] <... mkdir resumed>) = 0 [ 92.408302][ T5368] loop3: detected capacity change from 0 to 32768 [ 92.423952][ T5370] loop2: detected capacity change from 0 to 32768 [ 92.445660][ T5370] BTRFS warning: duplicate device /dev/loop2 devid 1 generation 8 scanned by syz-executor340 (5370) [pid 5368] mount("/dev/loop3", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5372] <... write resumed>) = 16777216 [pid 5370] <... mount resumed>) = -1 EEXIST (File exists) [pid 5372] munmap(0x7f416ec64000, 138412032) = 0 [pid 5372] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5372] ioctl(4, LOOP_SET_FD, 3 [pid 5370] ioctl(4, LOOP_CLR_FD [pid 5372] <... ioctl resumed>) = 0 [pid 5372] close(3) = 0 [pid 5372] mkdir("./bus", 0777) = 0 [pid 5372] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5367] <... mount resumed>) = 0 [pid 5367] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5367] chdir("./bus") = 0 [pid 5367] ioctl(4, LOOP_CLR_FD) = 0 [ 92.489105][ T5367] BTRFS info (device loop5): auto enabling async discard [ 92.516896][ T5368] BTRFS warning: duplicate device /dev/loop3 devid 1 generation 8 scanned by syz-executor340 (5368) [ 92.527021][ T5372] loop0: detected capacity change from 0 to 32768 [pid 5367] close(4) = 0 [pid 5368] <... mount resumed>) = -1 EEXIST (File exists) [pid 5367] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5363] <... futex resumed>) = 0 [pid 5363] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5363] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5367] open("./file0", O_RDONLY) = 4 [pid 5368] ioctl(4, LOOP_CLR_FD [pid 5367] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5367] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5363] <... futex resumed>) = 0 [pid 5363] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5367] <... futex resumed>) = 0 [pid 5363] <... futex resumed>) = 1 [pid 5367] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5363] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5367] <... ioctl resumed>) = 0 [pid 5367] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5367] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5363] <... futex resumed>) = 0 [pid 5363] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5367] <... futex resumed>) = 0 [pid 5363] <... futex resumed>) = 1 [pid 5367] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5363] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5367] <... openat resumed>) = 5 [pid 5367] write(5, "15", 2) = 2 [pid 5367] creat("./bus", 000 [pid 5372] <... mount resumed>) = -1 EEXIST (File exists) [ 92.568139][ T5372] BTRFS warning: duplicate device /dev/loop0 devid 1 generation 8 scanned by syz-executor340 (5372) [pid 5372] ioctl(4, LOOP_CLR_FD [pid 5363] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5363] futex(0x7f41771546dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5363] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4177043000 [pid 5363] mprotect(0x7f4177044000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5363] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 92.665305][ T5367] FAULT_INJECTION: forcing a failure. [ 92.665305][ T5367] name failslab, interval 1, probability 0, space 0, times 0 [ 92.678355][ T5367] CPU: 0 PID: 5367 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 92.688821][ T5367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 92.698929][ T5367] Call Trace: [ 92.702362][ T5367] [ 92.705477][ T5367] dump_stack_lvl+0x1e7/0x2d0 [ 92.710367][ T5367] ? nf_tcp_handle_invalid+0x650/0x650 [ 92.715882][ T5367] ? panic+0x770/0x770 [ 92.720177][ T5367] ? mark_lock+0x9a/0x340 [ 92.724617][ T5367] should_fail_ex+0x3aa/0x4e0 [ 92.729317][ T5367] should_failslab+0x9/0x20 [ 92.733994][ T5367] slab_pre_alloc_hook+0x59/0x310 [ 92.739023][ T5367] ? ulist_add_merge+0x14c/0x480 [ 92.744144][ T5367] __kmem_cache_alloc_node+0x4b/0x270 [ 92.750759][ T5367] ? ulist_add_merge+0x14c/0x480 [ 92.755953][ T5367] kmalloc_trace+0x2a/0xe0 [ 92.760386][ T5367] ulist_add_merge+0x14c/0x480 [ 92.765156][ T5367] btrfs_qgroup_convert_reserved_meta+0x503/0x960 [ 92.771597][ T5367] ? __btrfs_qgroup_free_meta+0x380/0x380 [ 92.777313][ T5367] ? join_transaction+0xb08/0xce0 [ 92.782339][ T5367] ? rcu_is_watching+0x15/0xb0 [ 92.787284][ T5367] ? trace_btrfs_space_reservation+0x96/0x210 [ 92.793439][ T5367] start_transaction+0x1011/0x11a0 [ 92.798833][ T5367] btrfs_create_common+0x1d6/0x300 [ 92.804044][ T5367] ? btrfs_tmpfile+0x4e0/0x4e0 [ 92.809717][ T5367] ? do_raw_spin_unlock+0x13b/0x8b0 [ 92.815276][ T5367] ? btrfs_create+0x75/0x140 [ 92.820048][ T5367] ? btrfs_lookup+0x40/0x40 [ 92.824934][ T5367] path_openat+0x13e7/0x3180 [ 92.829862][ T5367] ? do_filp_open+0x490/0x490 [ 92.835523][ T5367] do_filp_open+0x234/0x490 [ 92.840225][ T5367] ? vfs_tmpfile+0x4b0/0x4b0 [ 92.845036][ T5367] ? _raw_spin_unlock+0x28/0x40 [ 92.850246][ T5367] ? alloc_fd+0x59c/0x640 [ 92.857085][ T5367] do_sys_openat2+0x13e/0x1d0 [ 92.862140][ T5367] ? do_sys_open+0x230/0x230 [ 92.866748][ T5367] ? _raw_spin_unlock_irq+0x2e/0x50 [ 92.872046][ T5367] ? ptrace_notify+0x278/0x380 [ 92.876991][ T5367] __x64_sys_creat+0x123/0x160 [ 92.881840][ T5367] ? __x64_compat_sys_openat+0x290/0x290 [ 92.887673][ T5367] ? syscall_enter_from_user_mode+0x32/0x230 [ 92.893655][ T5367] ? syscall_enter_from_user_mode+0x8c/0x230 [ 92.899638][ T5367] do_syscall_64+0x41/0xc0 [ 92.904059][ T5367] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 92.909958][ T5367] RIP: 0033:0x7f41770c8049 [ 92.914369][ T5367] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 92.934253][ T5367] RSP: 002b:00007f4177084208 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 92.942762][ T5367] RAX: ffffffffffffffda RBX: 00007f41771546c8 RCX: 00007f41770c8049 [ 92.951109][ T5367] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000040 [pid 5363] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177063990, parent_tid=0x7f4177063990, exit_signal=0, stack=0x7f4177043000, stack_size=0x20300, tls=0x7f41770636c0} => {parent_tid=[5391]}, 88) = 5391 [pid 5363] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5363] futex(0x7f41771546d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 92.960816][ T5367] RBP: 00007f41771546c0 R08: 00007f4177083fa6 R09: 0000000000003531 [ 92.969982][ T5367] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f41771211d0 [ 92.979312][ T5367] R13: 00007f4177084210 R14: 0000000000000002 R15: 00007f417711c070 [ 92.990413][ T5367] [pid 5363] futex(0x7f41771546dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5391 attached [pid 5374] <... write resumed>) = 16777216 [pid 5367] <... creat resumed>) = 6 [pid 5366] <... ioctl resumed>) = 0 [pid 5391] rseq(0x7f4177063fe0, 0x20, 0, 0x53053053 [pid 5374] munmap(0x7f416ec64000, 138412032 [pid 5368] <... ioctl resumed>) = 0 [pid 5367] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5366] close(4 [pid 5391] <... rseq resumed>) = 0 [pid 5374] <... munmap resumed>) = 0 [pid 5368] close(4 [pid 5367] <... futex resumed>) = 0 [pid 5366] <... close resumed>) = 0 [pid 5391] set_robust_list(0x7f41770639a0, 24 [pid 5374] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5368] <... close resumed>) = 0 [pid 5367] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5366] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5391] <... set_robust_list resumed>) = 0 [pid 5374] <... openat resumed>) = 4 [pid 5368] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5366] <... futex resumed>) = 1 [ 93.055695][ T42] BTRFS info (device loop5): qgroup scan completed (inconsistency flag cleared) [pid 5391] rt_sigprocmask(SIG_SETMASK, [], [pid 5374] ioctl(4, LOOP_SET_FD, 3 [pid 5368] <... futex resumed>) = 1 [pid 5366] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5365] <... futex resumed>) = 0 [pid 5391] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5365] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5391] mkdir(".", 0777 [pid 5368] open("./file0", O_RDONLY [pid 5365] <... futex resumed>) = 0 [pid 5391] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5365] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5391] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5364] <... futex resumed>) = 0 [ 93.157074][ T5374] loop1: detected capacity change from 0 to 32768 [ 93.160258][ T5391] BTRFS error (device loop5: state M): unrecognized mount option '18446744073709551615017777777777777777777770177777777777777777777718446744073709551615lbZ~Ƣ8žH~אa*Oѓ< 5^Sus%e [ 93.160258][ T5391] /ĖEaofmߚtҮ~г#a C$n-SGWmxeGy|sL=~ä_;N' [pid 5364] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5368] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 5374] <... ioctl resumed>) = 0 [pid 5370] <... ioctl resumed>) = 0 [pid 5366] <... futex resumed>) = 0 [pid 5365] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5364] <... futex resumed>) = 1 [pid 5374] close(3 [pid 5366] open("./file0", O_RDONLY [pid 5365] futex(0x7f41771546dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5364] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5374] <... close resumed>) = 0 [pid 5366] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 5365] <... futex resumed>) = 0 [pid 5374] mkdir("./bus", 0777 [pid 5366] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5365] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5366] <... futex resumed>) = 1 [pid 5374] <... mkdir resumed>) = 0 [pid 5366] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5365] <... mmap resumed>) = 0x7f4177043000 [pid 5374] mount("/dev/loop1", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5365] mprotect(0x7f4177044000, 131072, PROT_READ|PROT_WRITE [pid 5364] <... futex resumed>) = 0 [pid 5364] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5365] <... mprotect resumed>) = 0 [pid 5366] <... futex resumed>) = 0 [pid 5364] <... futex resumed>) = 1 [pid 5366] ioctl(-1, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = -1 EBADF (Bad file descriptor) [pid 5366] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5366] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5365] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5365] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177063990, parent_tid=0x7f4177063990, exit_signal=0, stack=0x7f4177043000, stack_size=0x20300, tls=0x7f41770636c0} => {parent_tid=[5392]}, 88) = 5392 [pid 5365] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5364] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5365] futex(0x7f41771546d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5364] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5365] <... futex resumed>) = 0 [pid 5365] futex(0x7f41771546dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5364] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5368] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5366] <... futex resumed>) = 0 [ 93.198549][ T5374] BTRFS warning: duplicate device /dev/loop1 devid 1 generation 8 scanned by syz-executor340 (5374) [pid 5364] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5368] <... futex resumed>) = 0 [pid 5366] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3 [pid 5366] write(3, "15", 2) = 2 [pid 5366] creat("./bus", 000 [pid 5368] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5366] <... creat resumed>) = -1 EISDIR (Is a directory) [pid 5366] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5366] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5364] <... futex resumed>) = 0 [pid 5370] close(4 [pid 5364] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5392 attached [pid 5392] rseq(0x7f4177063fe0, 0x20, 0, 0x53053053) = 0 [pid 5392] set_robust_list(0x7f41770639a0, 24) = 0 [pid 5366] <... futex resumed>) = 0 [pid 5370] <... close resumed>) = 0 [pid 5364] <... futex resumed>) = 1 [pid 5392] rt_sigprocmask(SIG_SETMASK, [], [pid 5370] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5366] mkdir(".", 0777 [pid 5364] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5392] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5366] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5370] <... futex resumed>) = 1 [pid 5392] ioctl(-1, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5369] <... futex resumed>) = 0 [pid 5366] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5392] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5374] <... mount resumed>) = -1 EEXIST (File exists) [pid 5370] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5369] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5392] futex(0x7f41771546dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5374] ioctl(4, LOOP_CLR_FD [pid 5370] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5369] <... futex resumed>) = 0 [pid 5370] open("./file0", O_RDONLY [pid 5392] <... futex resumed>) = 1 [pid 5369] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5365] <... futex resumed>) = 0 [pid 5365] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5370] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 5368] <... futex resumed>) = 0 [pid 5365] <... futex resumed>) = 1 [pid 5391] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5370] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5368] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5365] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5391] futex(0x7f41771546dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5370] <... futex resumed>) = 1 [pid 5369] <... futex resumed>) = 0 [pid 5368] <... openat resumed>) = 3 [pid 5363] <... futex resumed>) = 0 [pid 5392] futex(0x7f41771546d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5391] futex(0x7f41771546d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5370] ioctl(-1, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5369] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [ 93.229292][ T5366] FAULT_INJECTION: forcing a failure. [ 93.229292][ T5366] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 93.258214][ T5366] CPU: 0 PID: 5366 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 93.268948][ T5366] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 93.279115][ T5366] Call Trace: [ 93.282413][ T5366] [ 93.285438][ T5366] dump_stack_lvl+0x1e7/0x2d0 [ 93.290261][ T5366] ? nf_tcp_handle_invalid+0x650/0x650 [ 93.295753][ T5366] ? panic+0x770/0x770 [ 93.299858][ T5366] should_fail_ex+0x3aa/0x4e0 [ 93.304969][ T5366] strncpy_from_user+0x36/0x2e0 [ 93.310108][ T5366] getname_flags+0xf9/0x4f0 [ 93.314823][ T5366] user_path_at_empty+0x2c/0x60 [ 93.319693][ T5366] __se_sys_mount+0x29a/0x3c0 [ 93.324399][ T5366] ? __x64_sys_mount+0xc0/0xc0 [ 93.329268][ T5366] ? syscall_enter_from_user_mode+0x32/0x230 [ 93.335354][ T5366] ? __x64_sys_mount+0x20/0xc0 [ 93.340134][ T5366] do_syscall_64+0x41/0xc0 [ 93.344829][ T5366] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 93.350827][ T5366] RIP: 0033:0x7f41770c949a [ 93.355251][ T5366] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [pid 5368] write(3, "15", 2 [pid 5363] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5370] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5369] <... futex resumed>) = 0 [pid 5368] <... write resumed>) = 2 [pid 5367] <... futex resumed>) = 0 [pid 5363] <... futex resumed>) = 1 [pid 5370] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5369] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5368] creat("./bus", 000 [pid 5367] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5363] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5372] <... ioctl resumed>) = 0 [pid 5370] <... futex resumed>) = 0 [pid 5369] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5368] <... creat resumed>) = -1 EISDIR (Is a directory) [pid 5372] close(4 [pid 5370] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5369] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5370] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5369] <... futex resumed>) = 0 [pid 5370] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5369] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5370] <... openat resumed>) = 3 [pid 5372] <... close resumed>) = 0 [pid 5370] write(3, "15", 2 [pid 5372] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5370] <... write resumed>) = 2 [pid 5372] <... futex resumed>) = 1 [pid 5370] creat("./bus", 000 [pid 5372] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5370] <... creat resumed>) = -1 EISDIR (Is a directory) [pid 5370] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5369] <... futex resumed>) = 0 [pid 5370] mkdir(".", 0777 [pid 5369] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5369] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5370] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5370] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5371] <... futex resumed>) = 0 [pid 5368] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5367] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5366] <... mount resumed>) = -1 EFAULT (Bad address) [pid 5365] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5371] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5368] <... futex resumed>) = 0 [pid 5367] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5366] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5365] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5371] <... futex resumed>) = 1 [pid 5368] mkdir(".", 0777 [pid 5367] <... futex resumed>) = 1 [pid 5366] <... futex resumed>) = 1 [pid 5365] <... futex resumed>) = 0 [pid 5371] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5368] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5367] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5366] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5365] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [ 93.366437][ T5370] FAULT_INJECTION: forcing a failure. [ 93.366437][ T5370] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 93.377496][ T5366] RSP: 002b:00007f4177084028 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 93.377523][ T5366] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f41770c949a [ 93.377535][ T5366] RDX: 0000000020000180 RSI: 0000000020000100 RDI: 0000000000000000 [ 93.377546][ T5366] RBP: 0000000020000180 R08: 00007f41770840c0 R09: 0000000000000000 [ 93.377556][ T5366] R10: 0000000001a404bc R11: 0000000000000286 R12: 0000000000000000 [ 93.377566][ T5366] R13: 0000000020000100 R14: 0000000000000000 R15: 00007f41770840c0 [ 93.377591][ T5366] [ 93.429171][ T5368] FAULT_INJECTION: forcing a failure. [ 93.429171][ T5368] name failslab, interval 1, probability 0, space 0, times 0 [ 93.444009][ T5370] CPU: 1 PID: 5370 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 93.474665][ T5370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 93.486866][ T5370] Call Trace: [ 93.490265][ T5370] [ 93.493213][ T5370] dump_stack_lvl+0x1e7/0x2d0 [ 93.498115][ T5370] ? nf_tcp_handle_invalid+0x650/0x650 [ 93.504144][ T5370] ? panic+0x770/0x770 [ 93.508265][ T5370] should_fail_ex+0x3aa/0x4e0 [ 93.513076][ T5370] strncpy_from_user+0x36/0x2e0 [ 93.517961][ T5370] getname_flags+0xf9/0x4f0 [ 93.522590][ T5370] user_path_at_empty+0x2c/0x60 [ 93.527661][ T5370] __se_sys_mount+0x29a/0x3c0 [ 93.532580][ T5370] ? __x64_sys_mount+0xc0/0xc0 [ 93.537769][ T5370] ? syscall_enter_from_user_mode+0x32/0x230 [ 93.544053][ T5370] ? __x64_sys_mount+0x20/0xc0 [ 93.548914][ T5370] do_syscall_64+0x41/0xc0 [ 93.553330][ T5370] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 93.559446][ T5370] RIP: 0033:0x7f41770c949a [ 93.564119][ T5370] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 93.583899][ T5370] RSP: 002b:00007f4177084028 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 93.592402][ T5370] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f41770c949a [ 93.600645][ T5370] RDX: 0000000020000180 RSI: 0000000020000100 RDI: 0000000000000000 [ 93.608822][ T5370] RBP: 0000000020000180 R08: 00007f41770840c0 R09: 0000000000000000 [ 93.617106][ T5370] R10: 0000000001a404bc R11: 0000000000000286 R12: 0000000000000000 [pid 5368] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5372] <... futex resumed>) = 0 [pid 5364] <... futex resumed>) = 0 [pid 5363] <... futex resumed>) = 0 [pid 5371] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5371] futex(0x7f41771546dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5371] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4177043000 [pid 5371] mprotect(0x7f4177044000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5371] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5371] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177063990, parent_tid=0x7f4177063990, exit_signal=0, stack=0x7f4177043000, stack_size=0x20300, tls=0x7f41770636c0} => {parent_tid=[5393]}, 88) = 5393 [pid 5371] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5371] futex(0x7f41771546d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5371] futex(0x7f41771546dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5371] futex(0x7f41771546ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5371] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4177022000 [pid 5371] mprotect(0x7f4177023000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5371] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5371] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177042990, parent_tid=0x7f4177042990, exit_signal=0, stack=0x7f4177022000, stack_size=0x20300, tls=0x7f41770426c0}./strace-static-x86_64: Process 5394 attached [pid 5394] rseq(0x7f4177042fe0, 0x20, 0, 0x53053053 [pid 5371] <... clone3 resumed> => {parent_tid=[5394]}, 88) = 5394 [pid 5394] <... rseq resumed>) = 0 [pid 5371] rt_sigprocmask(SIG_SETMASK, [], [pid 5394] set_robust_list(0x7f41770429a0, 24 [pid 5371] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5394] <... set_robust_list resumed>) = 0 [pid 5371] futex(0x7f41771546e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5394] rt_sigprocmask(SIG_SETMASK, [], [pid 5371] <... futex resumed>) = 0 [pid 5394] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5371] futex(0x7f41771546ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5394] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3 [ 93.625345][ T5370] R13: 0000000020000100 R14: 0000000000000000 R15: 00007f41770840c0 [ 93.633672][ T5370] [ 93.638635][ T5368] CPU: 1 PID: 5368 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 93.649451][ T5368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 93.659539][ T5368] Call Trace: [ 93.662845][ T5368] [ 93.665895][ T5368] dump_stack_lvl+0x1e7/0x2d0 [ 93.670695][ T5368] ? nf_tcp_handle_invalid+0x650/0x650 [ 93.676266][ T5368] ? panic+0x770/0x770 [ 93.680459][ T5368] should_fail_ex+0x3aa/0x4e0 [ 93.685220][ T5368] should_failslab+0x9/0x20 [ 93.689830][ T5368] slab_pre_alloc_hook+0x59/0x310 [ 93.695192][ T5368] ? tomoyo_encode+0x26f/0x530 [ 93.699977][ T5368] __kmem_cache_alloc_node+0x4b/0x270 [ 93.705457][ T5368] ? arch_stack_walk+0x162/0x1a0 [ 93.710671][ T5368] ? tomoyo_encode+0x26f/0x530 [ 93.715728][ T5368] __kmalloc+0xa8/0x230 [ 93.719919][ T5368] tomoyo_encode+0x26f/0x530 [ 93.724916][ T5368] tomoyo_mount_permission+0x356/0xb80 [ 93.730949][ T5368] ? __stack_depot_save+0x20/0x650 [ 93.736399][ T5368] ? tomoyo_mount_permission+0x295/0xb80 [ 93.742249][ T5368] ? tomoyo_get_name+0x510/0x510 [ 93.747399][ T5368] security_sb_mount+0x8c/0xc0 [ 93.752473][ T5368] path_mount+0xb9/0xfa0 [ 93.756865][ T5368] ? kmem_cache_free+0x292/0x500 [ 93.762115][ T5368] ? user_path_at_empty+0x4c/0x60 [ 93.767532][ T5368] __se_sys_mount+0x2d9/0x3c0 [ 93.772590][ T5368] ? __x64_sys_mount+0xc0/0xc0 [ 93.777400][ T5368] ? syscall_enter_from_user_mode+0x32/0x230 [ 93.783421][ T5368] ? __x64_sys_mount+0x20/0xc0 [ 93.788538][ T5368] do_syscall_64+0x41/0xc0 [ 93.793396][ T5368] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 93.799310][ T5368] RIP: 0033:0x7f41770c949a [ 93.803801][ T5368] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [pid 5394] write(3, "15", 2./strace-static-x86_64: Process 5393 attached ) = 2 [pid 5372] open("./file0", O_RDONLY [pid 5364] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5363] exit_group(0 [pid 5394] creat("./bus", 000 [pid 5371] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5394] <... creat resumed>) = -1 EISDIR (Is a directory) [pid 5371] futex(0x7f41771546fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5394] futex(0x7f41771546ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5371] <... futex resumed>) = 0 [pid 5394] <... futex resumed>) = 0 [pid 5371] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5394] futex(0x7f41771546e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5371] <... mmap resumed>) = 0x7f4177001000 [pid 5371] mprotect(0x7f4177002000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5371] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5371] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177021990, parent_tid=0x7f4177021990, exit_signal=0, stack=0x7f4177001000, stack_size=0x20300, tls=0x7f41770216c0} => {parent_tid=[5395]}, 88) = 5395 [pid 5371] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5371] futex(0x7f41771546f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5371] futex(0x7f41771546fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5395 attached [pid 5393] rseq(0x7f4177063fe0, 0x20, 0, 0x53053053 [pid 5391] <... futex resumed>) = ? [pid 5374] <... ioctl resumed>) = 0 [pid 5372] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 5368] <... mount resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 5367] <... futex resumed>) = ? [pid 5364] <... futex resumed>) = 1 [pid 5363] <... exit_group resumed>) = ? [pid 5395] rseq(0x7f4177021fe0, 0x20, 0, 0x53053053 [pid 5393] <... rseq resumed>) = 0 [pid 5391] +++ exited with 0 +++ [pid 5374] close(4 [pid 5372] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5367] +++ exited with 0 +++ [pid 5395] <... rseq resumed>) = 0 [pid 5393] set_robust_list(0x7f41770639a0, 24 [pid 5374] <... close resumed>) = 0 [pid 5372] <... futex resumed>) = 0 [pid 5370] <... mount resumed>) = -1 EFAULT (Bad address) [pid 5368] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5366] <... futex resumed>) = 0 [pid 5364] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5363] +++ exited with 0 +++ [pid 5395] set_robust_list(0x7f41770219a0, 24 [pid 5393] <... set_robust_list resumed>) = 0 [pid 5374] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5372] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5370] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5368] <... futex resumed>) = 1 [pid 5366] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5365] <... futex resumed>) = 0 [pid 5395] <... set_robust_list resumed>) = 0 [pid 5393] rt_sigprocmask(SIG_SETMASK, [], [pid 5374] <... futex resumed>) = 1 [pid 5373] <... futex resumed>) = 0 [pid 5370] <... futex resumed>) = 1 [pid 5369] <... futex resumed>) = 0 [pid 5368] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5366] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5365] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5395] rt_sigprocmask(SIG_SETMASK, [], [pid 5393] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5374] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5373] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5370] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5369] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5368] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5366] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5365] <... futex resumed>) = 0 [pid 5030] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5363, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=43 /* 0.43 s */} --- [pid 5395] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5393] ioctl(-1, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5374] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5373] <... futex resumed>) = 0 [pid 5370] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5369] <... futex resumed>) = 0 [pid 5368] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5366] <... futex resumed>) = 1 [pid 5365] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5364] <... futex resumed>) = 0 [ 93.824184][ T5368] RSP: 002b:00007f4177084028 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 93.833466][ T5368] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f41770c949a [ 93.841738][ T5368] RDX: 0000000020000180 RSI: 0000000020000100 RDI: 0000000000000000 [ 93.850162][ T5368] RBP: 0000000020000180 R08: 00007f41770840c0 R09: 0000000000000000 [ 93.858865][ T5368] R10: 0000000001a404bc R11: 0000000000000286 R12: 0000000000000000 [ 93.867463][ T5368] R13: 0000000020000100 R14: 0000000000000000 R15: 00007f41770840c0 [ 93.875466][ T5368] [pid 5030] umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5395] mkdir(".", 0777 [pid 5393] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5374] open("./file0", O_RDONLY [pid 5373] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5370] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5369] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5368] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5366] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5364] exit_group(0 [pid 5030] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5395] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5393] futex(0x7f41771546dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5374] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 5370] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5368] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5366] <... futex resumed>) = ? [pid 5364] <... exit_group resumed>) = ? [pid 5030] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5395] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5393] <... futex resumed>) = 0 [pid 5374] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5370] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5368] <... futex resumed>) = 1 [pid 5366] +++ exited with 0 +++ [pid 5365] <... futex resumed>) = 0 [pid 5030] <... openat resumed>) = 3 [pid 5395] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5393] futex(0x7f41771546d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5374] <... futex resumed>) = 1 [pid 5373] <... futex resumed>) = 0 [pid 5370] <... futex resumed>) = 1 [pid 5369] <... futex resumed>) = 0 [pid 5368] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5365] exit_group(0 [pid 5030] newfstatat(3, "", [pid 5395] futex(0x7f41771546fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5392] <... futex resumed>) = ? [pid 5374] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5373] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5370] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5369] exit_group(0 [pid 5368] <... futex resumed>) = ? [pid 5365] <... exit_group resumed>) = ? [pid 5364] +++ exited with 0 +++ [pid 5030] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5395] <... futex resumed>) = 1 [pid 5392] +++ exited with 0 +++ [pid 5374] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5373] <... futex resumed>) = 0 [pid 5371] <... futex resumed>) = 0 [pid 5370] <... futex resumed>) = ? [pid 5369] <... exit_group resumed>) = ? [pid 5030] getdents64(3, [pid 5371] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5030] <... getdents64 resumed>0x555555981730 /* 4 entries */, 32768) = 104 [pid 5029] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5364, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=34 /* 0.34 s */} --- [pid 5373] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5372] <... futex resumed>) = 0 [pid 5371] <... futex resumed>) = 1 [pid 5368] +++ exited with 0 +++ [pid 5365] +++ exited with 0 +++ [pid 5030] umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5029] umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5372] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5371] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5029] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5395] futex(0x7f41771546f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5374] ioctl(-1, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5372] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5370] +++ exited with 0 +++ [pid 5369] +++ exited with 0 +++ [pid 5028] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5365, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=39 /* 0.39 s */} --- [pid 5374] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5372] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5374] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5372] <... futex resumed>) = 1 [pid 5371] <... futex resumed>) = 0 [pid 5027] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5369, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=40 /* 0.40 s */} --- [pid 5374] <... futex resumed>) = 1 [pid 5373] <... futex resumed>) = 0 [pid 5372] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5371] exit_group(0 [pid 5028] umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5027] umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5395] <... futex resumed>) = ? [pid 5394] <... futex resumed>) = ? [pid 5393] <... futex resumed>) = ? [pid 5374] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5373] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5372] <... futex resumed>) = ? [pid 5371] <... exit_group resumed>) = ? [pid 5028] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5027] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5395] +++ exited with 0 +++ [pid 5394] +++ exited with 0 +++ [pid 5393] +++ exited with 0 +++ [pid 5374] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5373] <... futex resumed>) = 0 [pid 5372] +++ exited with 0 +++ [pid 5029] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5028] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5027] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5374] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5373] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5371] +++ exited with 0 +++ [pid 5029] <... openat resumed>) = 3 [pid 5028] <... openat resumed>) = 3 [pid 5027] <... openat resumed>) = 3 [pid 5374] <... openat resumed>) = 3 [pid 5029] newfstatat(3, "", [pid 5028] newfstatat(3, "", [pid 5027] newfstatat(3, "", [pid 5374] write(3, "15", 2 [pid 5029] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5028] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5025] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5371, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=37 /* 0.37 s */} --- [pid 5027] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5374] <... write resumed>) = 2 [pid 5028] getdents64(3, [pid 5025] umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5374] creat("./bus", 000 [pid 5028] <... getdents64 resumed>0x555555981730 /* 4 entries */, 32768) = 104 [pid 5025] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5374] <... creat resumed>) = -1 EISDIR (Is a directory) [pid 5028] umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5025] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5374] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5028] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5025] <... openat resumed>) = 3 [pid 5374] <... futex resumed>) = 1 [pid 5373] <... futex resumed>) = 0 [pid 5028] newfstatat(AT_FDCWD, "./10/bus", [pid 5025] newfstatat(3, "", [pid 5374] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5373] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5028] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5025] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5374] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5373] <... futex resumed>) = 0 [pid 5028] umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5025] getdents64(3, [pid 5374] mkdir(".", 0777 [pid 5373] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5028] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5025] <... getdents64 resumed>0x555555981730 /* 4 entries */, 32768) = 104 [pid 5374] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5028] openat(AT_FDCWD, "./10/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5025] umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5374] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5028] <... openat resumed>) = 4 [pid 5025] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5029] getdents64(3, [pid 5027] getdents64(3, [pid 5025] newfstatat(AT_FDCWD, "./10/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5025] umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5028] newfstatat(4, "", [pid 5025] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5028] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5025] openat(AT_FDCWD, "./10/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5028] getdents64(4, [pid 5025] <... openat resumed>) = 4 [pid 5028] <... getdents64 resumed>0x555555989770 /* 2 entries */, 32768) = 48 [pid 5025] newfstatat(4, "", [pid 5028] getdents64(4, [pid 5025] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5028] <... getdents64 resumed>0x555555989770 /* 0 entries */, 32768) = 0 [pid 5025] getdents64(4, [pid 5028] close(4 [pid 5025] <... getdents64 resumed>0x555555989770 /* 2 entries */, 32768) = 48 [pid 5028] <... close resumed>) = 0 [pid 5025] getdents64(4, [pid 5028] rmdir("./10/bus" [pid 5025] <... getdents64 resumed>0x555555989770 /* 0 entries */, 32768) = 0 [pid 5028] <... rmdir resumed>) = 0 [pid 5025] close(4 [pid 5028] umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5025] <... close resumed>) = 0 [pid 5028] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5025] rmdir("./10/bus" [pid 5027] <... getdents64 resumed>0x555555981730 /* 4 entries */, 32768) = 104 [pid 5028] newfstatat(AT_FDCWD, "./10/binderfs", [pid 5025] <... rmdir resumed>) = 0 [pid 5027] umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5029] <... getdents64 resumed>0x555555981730 /* 4 entries */, 32768) = 104 [pid 5027] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5029] umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5028] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5027] newfstatat(AT_FDCWD, "./10/bus", [pid 5025] umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5029] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5028] unlink("./10/binderfs" [pid 5027] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5025] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5029] newfstatat(AT_FDCWD, "./11/bus", [pid 5028] <... unlink resumed>) = 0 [pid 5027] umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5025] newfstatat(AT_FDCWD, "./10/binderfs", [pid 5029] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5028] getdents64(3, [pid 5027] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5025] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5028] <... getdents64 resumed>0x555555981730 /* 0 entries */, 32768) = 0 [pid 5027] openat(AT_FDCWD, "./10/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5025] unlink("./10/binderfs" [pid 5028] close(3 [pid 5027] <... openat resumed>) = 4 [pid 5025] <... unlink resumed>) = 0 [pid 5028] <... close resumed>) = 0 [pid 5027] newfstatat(4, "", [pid 5025] getdents64(3, [pid 5028] rmdir("./10" [pid 5027] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5025] <... getdents64 resumed>0x555555981730 /* 0 entries */, 32768) = 0 [pid 5028] <... rmdir resumed>) = 0 [pid 5027] getdents64(4, [pid 5025] close(3 [pid 5028] mkdir("./11", 0777 [pid 5025] <... close resumed>) = 0 [pid 5028] <... mkdir resumed>) = 0 [pid 5025] rmdir("./10") = 0 [pid 5025] mkdir("./11", 0777 [pid 5027] <... getdents64 resumed>0x555555989770 /* 2 entries */, 32768) = 48 [pid 5025] <... mkdir resumed>) = 0 [pid 5029] umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5028] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5027] getdents64(4, [pid 5025] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5028] <... openat resumed>) = 3 [pid 5025] <... openat resumed>) = 3 [pid 5028] ioctl(3, LOOP_CLR_FD [pid 5025] ioctl(3, LOOP_CLR_FD [ 93.953116][ T5030] BTRFS warning (device loop5): qgroup 0/5 has unreleased space, type 2 rsv 20480 [ 93.962937][ T5374] FAULT_INJECTION: forcing a failure. [ 93.962937][ T5374] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 93.963018][ T5030] BTRFS error (device loop5): qgroup reserved space leaked [pid 5028] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5025] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5028] close(3 [pid 5025] close(3 [pid 5028] <... close resumed>) = 0 [pid 5025] <... close resumed>) = 0 [pid 5028] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5025] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5397 attached [pid 5397] set_robust_list(0x5555559806a0, 24 [pid 5025] <... clone resumed>, child_tidptr=0x555555980690) = 5397 ./strace-static-x86_64: Process 5396 attached [pid 5397] <... set_robust_list resumed>) = 0 [pid 5397] chdir("./11" [pid 5396] set_robust_list(0x5555559806a0, 24 [pid 5028] <... clone resumed>, child_tidptr=0x555555980690) = 5396 [pid 5397] <... chdir resumed>) = 0 [pid 5396] <... set_robust_list resumed>) = 0 [pid 5397] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5396] chdir("./11" [pid 5397] <... prctl resumed>) = 0 [pid 5397] setpgid(0, 0) = 0 [pid 5396] <... chdir resumed>) = 0 [pid 5397] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5396] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5396] setpgid(0, 0) = 0 [pid 5396] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5397] <... openat resumed>) = 3 [pid 5397] write(3, "1000", 4) = 4 [pid 5396] <... openat resumed>) = 3 [pid 5397] close(3) = 0 [pid 5397] symlink("/dev/binderfs", "./binderfs" [pid 5396] write(3, "1000", 4) = 4 [pid 5396] close(3) = 0 [pid 5396] symlink("/dev/binderfs", "./binderfs" [pid 5397] <... symlink resumed>) = 0 [pid 5396] <... symlink resumed>) = 0 [pid 5397] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5397] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, [pid 5396] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5397] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5396] <... futex resumed>) = 0 [pid 5397] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5396] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, [pid 5397] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5396] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5397] <... mmap resumed>) = 0x7f4177064000 [pid 5396] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5397] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE [pid 5396] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5397] <... mprotect resumed>) = 0 [pid 5396] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5397] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5396] <... mmap resumed>) = 0x7f4177064000 [pid 5397] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5396] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5397] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0} [pid 5396] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5396] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0} [pid 5397] <... clone3 resumed> => {parent_tid=[5398]}, 88) = 5398 ./strace-static-x86_64: Process 5399 attached [pid 5397] rt_sigprocmask(SIG_SETMASK, [], [pid 5399] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053 [pid 5397] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5396] <... clone3 resumed> => {parent_tid=[5399]}, 88) = 5399 [pid 5399] <... rseq resumed>) = 0 [pid 5397] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5396] rt_sigprocmask(SIG_SETMASK, [], [pid 5399] set_robust_list(0x7f41770849a0, 24 [pid 5397] <... futex resumed>) = 0 [pid 5396] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5399] <... set_robust_list resumed>) = 0 [pid 5397] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5396] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5399] rt_sigprocmask(SIG_SETMASK, [], [pid 5396] <... futex resumed>) = 0 [pid 5399] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5399] memfd_create("syzkaller", 0 [pid 5396] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5399] <... memfd_create resumed>) = 3 [pid 5399] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f416ec64000 [ 93.999040][ T5374] CPU: 0 PID: 5374 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 94.009784][ T5374] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 94.020657][ T5374] Call Trace: [ 94.024319][ T5374] [ 94.027633][ T5374] dump_stack_lvl+0x1e7/0x2d0 [ 94.032709][ T5374] ? nf_tcp_handle_invalid+0x650/0x650 [ 94.038336][ T5374] ? panic+0x770/0x770 [ 94.042638][ T5374] should_fail_ex+0x3aa/0x4e0 [ 94.047899][ T5374] strncpy_from_user+0x36/0x2e0 [ 94.052985][ T5374] getname_flags+0xf9/0x4f0 [ 94.058300][ T5374] user_path_at_empty+0x2c/0x60 [ 94.063278][ T5374] __se_sys_mount+0x29a/0x3c0 [ 94.067989][ T5374] ? __x64_sys_mount+0xc0/0xc0 [ 94.072955][ T5374] ? syscall_enter_from_user_mode+0x32/0x230 [ 94.079063][ T5374] ? __x64_sys_mount+0x20/0xc0 [ 94.083976][ T5374] do_syscall_64+0x41/0xc0 [ 94.088423][ T5374] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 94.094348][ T5374] RIP: 0033:0x7f41770c949a [pid 5029] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5027] <... getdents64 resumed>0x555555989770 /* 0 entries */, 32768) = 0 [pid 5029] openat(AT_FDCWD, "./11/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5027] close(4 [pid 5029] <... openat resumed>) = 4 [pid 5027] <... close resumed>) = 0 [pid 5029] newfstatat(4, "", [pid 5027] rmdir("./10/bus" [pid 5029] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5027] <... rmdir resumed>) = 0 [pid 5029] getdents64(4, [pid 5027] umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5029] <... getdents64 resumed>0x555555989770 /* 2 entries */, 32768) = 48 [pid 5027] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5029] getdents64(4, [pid 5027] newfstatat(AT_FDCWD, "./10/binderfs", [pid 5029] <... getdents64 resumed>0x555555989770 /* 0 entries */, 32768) = 0 [pid 5027] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5029] close(4 [pid 5027] unlink("./10/binderfs" [pid 5029] <... close resumed>) = 0 [pid 5027] <... unlink resumed>) = 0 [pid 5029] rmdir("./11/bus" [pid 5027] getdents64(3, [pid 5029] <... rmdir resumed>) = 0 [pid 5027] <... getdents64 resumed>0x555555981730 /* 0 entries */, 32768) = 0 [pid 5029] umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5027] close(3 [pid 5029] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5027] <... close resumed>) = 0 [pid 5029] newfstatat(AT_FDCWD, "./11/binderfs", [pid 5027] rmdir("./10" [pid 5029] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5027] <... rmdir resumed>) = 0 [pid 5029] unlink("./11/binderfs" [pid 5027] mkdir("./11", 0777 [pid 5029] <... unlink resumed>) = 0 [pid 5027] <... mkdir resumed>) = 0 [pid 5029] getdents64(3, [pid 5027] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5029] <... getdents64 resumed>0x555555981730 /* 0 entries */, 32768) = 0 [pid 5027] <... openat resumed>) = 3 [pid 5029] close(3 [pid 5027] ioctl(3, LOOP_CLR_FD [pid 5029] <... close resumed>) = 0 [pid 5027] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5029] rmdir("./11" [pid 5027] close(3 [pid 5029] <... rmdir resumed>) = 0 [pid 5027] <... close resumed>) = 0 [pid 5029] mkdir("./12", 0777 [pid 5027] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5029] <... mkdir resumed>) = 0 [pid 5029] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5027] <... clone resumed>, child_tidptr=0x555555980690) = 5400 [pid 5029] <... openat resumed>) = 3 [pid 5029] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5029] close(3) = 0 [pid 5029] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555980690) = 5401 [ 94.099093][ T5374] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 94.118900][ T5374] RSP: 002b:00007f4177084028 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 94.127436][ T5374] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f41770c949a [ 94.135522][ T5374] RDX: 0000000020000180 RSI: 0000000020000100 RDI: 0000000000000000 [ 94.144144][ T5374] RBP: 0000000020000180 R08: 00007f41770840c0 R09: 0000000000000000 ./strace-static-x86_64: Process 5401 attached ./strace-static-x86_64: Process 5400 attached ./strace-static-x86_64: Process 5398 attached [pid 5374] <... mount resumed>) = -1 EFAULT (Bad address) [pid 5400] set_robust_list(0x5555559806a0, 24 [pid 5398] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053 [pid 5401] set_robust_list(0x5555559806a0, 24 [pid 5400] <... set_robust_list resumed>) = 0 [pid 5374] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5401] <... set_robust_list resumed>) = 0 [pid 5400] chdir("./11" [pid 5398] <... rseq resumed>) = 0 [pid 5374] <... futex resumed>) = 1 [pid 5373] <... futex resumed>) = 0 [pid 5373] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5373] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5400] <... chdir resumed>) = 0 [pid 5398] set_robust_list(0x7f41770849a0, 24 [pid 5374] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5400] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5398] <... set_robust_list resumed>) = 0 [pid 5374] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [ 94.152409][ T5374] R10: 0000000001a404bc R11: 0000000000000286 R12: 0000000000000000 [ 94.160580][ T5374] R13: 0000000020000100 R14: 0000000000000000 R15: 00007f41770840c0 [ 94.168694][ T5374] [pid 5401] chdir("./12" [pid 5400] <... prctl resumed>) = 0 [pid 5398] rt_sigprocmask(SIG_SETMASK, [], [pid 5374] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5401] <... chdir resumed>) = 0 [pid 5400] setpgid(0, 0 [pid 5374] <... futex resumed>) = 1 [pid 5373] <... futex resumed>) = 0 [pid 5401] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5400] <... setpgid resumed>) = 0 [pid 5398] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5373] exit_group(0 [pid 5401] <... prctl resumed>) = 0 [pid 5373] <... exit_group resumed>) = ? [pid 5401] setpgid(0, 0 [pid 5400] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5398] memfd_create("syzkaller", 0 [pid 5401] <... setpgid resumed>) = 0 [pid 5398] <... memfd_create resumed>) = 3 [pid 5374] +++ exited with 0 +++ [pid 5373] +++ exited with 0 +++ [pid 5400] <... openat resumed>) = 3 [pid 5400] write(3, "1000", 4 [pid 5398] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5401] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5026] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5373, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=43 /* 0.43 s */} --- [pid 5401] <... openat resumed>) = 3 [pid 5400] <... write resumed>) = 4 [pid 5398] <... mmap resumed>) = 0x7f416ec64000 [pid 5026] umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5401] write(3, "1000", 4 [pid 5400] close(3 [pid 5026] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5401] <... write resumed>) = 4 [pid 5400] <... close resumed>) = 0 [pid 5026] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5401] close(3 [pid 5400] symlink("/dev/binderfs", "./binderfs" [pid 5026] <... openat resumed>) = 3 [pid 5401] <... close resumed>) = 0 [pid 5400] <... symlink resumed>) = 0 [pid 5026] newfstatat(3, "", [pid 5401] symlink("/dev/binderfs", "./binderfs" [pid 5400] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5026] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5401] <... symlink resumed>) = 0 [pid 5400] <... futex resumed>) = 0 [pid 5026] getdents64(3, [pid 5400] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, [pid 5026] <... getdents64 resumed>0x555555981730 /* 4 entries */, 32768) = 104 [pid 5026] umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5026] newfstatat(AT_FDCWD, "./11/bus", [pid 5401] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5400] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5026] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5401] <... futex resumed>) = 0 [pid 5400] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5026] umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5401] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, [pid 5400] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5026] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5401] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5400] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5026] openat(AT_FDCWD, "./11/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5401] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5400] <... mmap resumed>) = 0x7f4177064000 [pid 5026] <... openat resumed>) = 4 [pid 5401] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5400] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE [pid 5026] newfstatat(4, "", [pid 5401] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5400] <... mprotect resumed>) = 0 [pid 5401] <... mmap resumed>) = 0x7f4177064000 [pid 5026] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5400] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5026] getdents64(4, 0x555555989770 /* 2 entries */, 32768) = 48 [pid 5026] getdents64(4, 0x555555989770 /* 0 entries */, 32768) = 0 [pid 5400] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5026] close(4) = 0 [pid 5400] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0} [pid 5026] rmdir("./11/bus"./strace-static-x86_64: Process 5402 attached ) = 0 [pid 5026] umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5400] <... clone3 resumed> => {parent_tid=[5402]}, 88) = 5402 [pid 5026] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5400] rt_sigprocmask(SIG_SETMASK, [], [pid 5026] newfstatat(AT_FDCWD, "./11/binderfs", [pid 5401] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5026] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5401] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5026] unlink("./11/binderfs" [pid 5401] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5026] <... unlink resumed>) = 0 [pid 5401] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0} [pid 5400] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 5403 attached [pid 5400] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5026] getdents64(3, [pid 5403] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053 [pid 5401] <... clone3 resumed> => {parent_tid=[5403]}, 88) = 5403 [pid 5400] <... futex resumed>) = 0 [pid 5026] <... getdents64 resumed>0x555555981730 /* 0 entries */, 32768) = 0 [pid 5403] <... rseq resumed>) = 0 [pid 5402] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053 [pid 5401] rt_sigprocmask(SIG_SETMASK, [], [pid 5400] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5026] close(3 [pid 5402] <... rseq resumed>) = 0 [pid 5402] set_robust_list(0x7f41770849a0, 24) = 0 [pid 5402] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5402] memfd_create("syzkaller", 0) = 3 [pid 5402] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f416ec64000 [pid 5401] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5026] <... close resumed>) = 0 [pid 5403] set_robust_list(0x7f41770849a0, 24 [pid 5401] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5026] rmdir("./11" [pid 5403] <... set_robust_list resumed>) = 0 [pid 5403] rt_sigprocmask(SIG_SETMASK, [], [pid 5026] <... rmdir resumed>) = 0 [pid 5403] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5401] <... futex resumed>) = 0 [pid 5026] mkdir("./12", 0777 [pid 5401] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5403] memfd_create("syzkaller", 0 [pid 5026] <... mkdir resumed>) = 0 [pid 5026] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5403] <... memfd_create resumed>) = 3 [pid 5403] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5026] <... openat resumed>) = 3 [pid 5403] <... mmap resumed>) = 0x7f416ec64000 [pid 5026] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5026] close(3) = 0 [pid 5026] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555980690) = 5404 ./strace-static-x86_64: Process 5404 attached [pid 5404] set_robust_list(0x5555559806a0, 24) = 0 [pid 5404] chdir("./12") = 0 [pid 5404] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5404] setpgid(0, 0) = 0 [pid 5404] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5404] write(3, "1000", 4) = 4 [pid 5404] close(3) = 0 [pid 5404] symlink("/dev/binderfs", "./binderfs" [pid 5399] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5404] <... symlink resumed>) = 0 [pid 5404] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5404] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, NULL, 8) = 0 [pid 5404] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5404] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4177064000 [pid 5404] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5404] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5404] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0}./strace-static-x86_64: Process 5405 attached [pid 5405] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053) = 0 [pid 5405] set_robust_list(0x7f41770849a0, 24) = 0 [pid 5405] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5405] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5404] <... clone3 resumed> => {parent_tid=[5405]}, 88) = 5405 [pid 5404] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5404] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5405] <... futex resumed>) = 0 [pid 5404] <... futex resumed>) = 1 [pid 5405] memfd_create("syzkaller", 0) = 3 [pid 5404] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5405] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f416ec64000 [pid 5030] <... umount2 resumed>) = 0 [pid 5398] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5030] umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5030] newfstatat(AT_FDCWD, "./9/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5030] umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5030] openat(AT_FDCWD, "./9/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5030] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5030] getdents64(4, 0x555555989770 /* 2 entries */, 32768) = 48 [pid 5030] getdents64(4, 0x555555989770 /* 0 entries */, 32768) = 0 [pid 5030] close(4) = 0 [pid 5403] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5030] rmdir("./9/bus") = 0 [pid 5030] umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5030] newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5030] unlink("./9/binderfs" [pid 5402] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5030] <... unlink resumed>) = 0 [pid 5030] getdents64(3, 0x555555981730 /* 0 entries */, 32768) = 0 [pid 5030] close(3) = 0 [pid 5030] rmdir("./9") = 0 [pid 5030] mkdir("./10", 0777) = 0 [pid 5030] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5030] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5030] close(3) = 0 [pid 5030] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555980690) = 5406 ./strace-static-x86_64: Process 5406 attached [pid 5406] set_robust_list(0x5555559806a0, 24) = 0 [pid 5406] chdir("./10") = 0 [pid 5406] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5406] setpgid(0, 0) = 0 [pid 5405] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5406] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5406] write(3, "1000", 4) = 4 [pid 5406] close(3) = 0 [pid 5406] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5406] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5406] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, NULL, 8) = 0 [pid 5406] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5398] <... write resumed>) = 16777216 [pid 5406] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5406] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4177064000 [pid 5398] munmap(0x7f416ec64000, 138412032 [pid 5406] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5406] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5398] <... munmap resumed>) = 0 [pid 5398] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5406] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0} => {parent_tid=[5407]}, 88) = 5407 ./strace-static-x86_64: Process 5407 attached [pid 5406] rt_sigprocmask(SIG_SETMASK, [], [pid 5398] <... openat resumed>) = 4 [pid 5407] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053 [pid 5398] ioctl(4, LOOP_SET_FD, 3 [pid 5407] <... rseq resumed>) = 0 [pid 5407] set_robust_list(0x7f41770849a0, 24 [pid 5406] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5406] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5406] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5407] <... set_robust_list resumed>) = 0 [pid 5398] <... ioctl resumed>) = 0 [pid 5407] rt_sigprocmask(SIG_SETMASK, [], [pid 5398] close(3 [pid 5407] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5398] <... close resumed>) = 0 [pid 5407] memfd_create("syzkaller", 0) = 3 [pid 5398] mkdir("./bus", 0777 [pid 5407] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f416ec64000 [pid 5398] <... mkdir resumed>) = 0 [ 94.845860][ T5398] loop0: detected capacity change from 0 to 32768 [ 94.876351][ T5398] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor340 (5398) [ 94.931384][ T5398] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 94.962108][ T5398] BTRFS info (device loop0): doing ref verification [ 94.968870][ T5398] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 95.022113][ T5398] BTRFS info (device loop0): force zlib compression, level 3 [ 95.029928][ T5398] BTRFS info (device loop0): allowing degraded mounts [pid 5398] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5399] <... write resumed>) = 16777216 [pid 5399] munmap(0x7f416ec64000, 138412032) = 0 [pid 5399] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5399] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5399] close(3) = 0 [pid 5399] mkdir("./bus", 0777) = 0 [ 95.062445][ T5398] BTRFS info (device loop0): using free space tree [ 95.073552][ T5399] loop3: detected capacity change from 0 to 32768 [pid 5399] mount("/dev/loop3", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5407] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5402] <... write resumed>) = 16777216 [pid 5402] munmap(0x7f416ec64000, 138412032) = 0 [pid 5402] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5402] ioctl(4, LOOP_SET_FD, 3 [pid 5399] <... mount resumed>) = -1 EEXIST (File exists) [ 95.110815][ T5399] BTRFS warning: duplicate device /dev/loop3 devid 1 generation 8 scanned by syz-executor340 (5399) [pid 5399] ioctl(4, LOOP_CLR_FD [pid 5402] <... ioctl resumed>) = 0 [pid 5402] close(3) = 0 [pid 5402] mkdir("./bus", 0777) = 0 [ 95.156217][ T5402] loop2: detected capacity change from 0 to 32768 [pid 5402] mount("/dev/loop2", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = -1 EEXIST (File exists) [pid 5403] <... write resumed>) = 16777216 [pid 5402] ioctl(4, LOOP_CLR_FD [pid 5403] munmap(0x7f416ec64000, 138412032) = 0 [pid 5403] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5398] <... mount resumed>) = 0 [pid 5403] <... openat resumed>) = 4 [pid 5398] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5398] chdir("./bus") = 0 [pid 5398] ioctl(4, LOOP_CLR_FD) = 0 [ 95.202697][ T5402] BTRFS warning: duplicate device /dev/loop2 devid 1 generation 8 scanned by syz-executor340 (5402) [ 95.223653][ T5398] BTRFS info (device loop0): auto enabling async discard [pid 5398] close(4 [pid 5403] ioctl(4, LOOP_SET_FD, 3 [pid 5398] <... close resumed>) = 0 [pid 5398] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5398] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5397] <... futex resumed>) = 0 [pid 5403] <... ioctl resumed>) = 0 [pid 5397] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5403] close(3 [pid 5397] <... futex resumed>) = 0 [pid 5403] <... close resumed>) = 0 [pid 5397] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5403] mkdir("./bus", 0777 [pid 5398] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5403] <... mkdir resumed>) = 0 [pid 5398] open("./file0", O_RDONLY [pid 5403] mount("/dev/loop4", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5398] <... open resumed>) = 4 [ 95.273142][ T5403] loop4: detected capacity change from 0 to 32768 [pid 5405] <... write resumed>) = 16777216 [pid 5398] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5405] munmap(0x7f416ec64000, 138412032 [pid 5398] <... futex resumed>) = 1 [pid 5397] <... futex resumed>) = 0 [pid 5398] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5397] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5397] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5405] <... munmap resumed>) = 0 [pid 5405] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 95.314908][ T5403] BTRFS warning: duplicate device /dev/loop4 devid 1 generation 8 scanned by syz-executor340 (5403) [pid 5405] ioctl(4, LOOP_SET_FD, 3 [pid 5398] <... ioctl resumed>) = 0 [pid 5398] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5397] <... futex resumed>) = 0 [pid 5397] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5398] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5397] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5405] <... ioctl resumed>) = 0 [pid 5405] close(3) = 0 [pid 5398] <... openat resumed>) = 5 [pid 5398] write(5, "15", 2) = 2 [ 95.370815][ T5405] loop1: detected capacity change from 0 to 32768 [ 95.394433][ T5398] FAULT_INJECTION: forcing a failure. [ 95.394433][ T5398] name failslab, interval 1, probability 0, space 0, times 0 [pid 5398] creat("./bus", 000 [pid 5405] mkdir("./bus", 0777 [pid 5403] <... mount resumed>) = -1 EEXIST (File exists) [ 95.424508][ T5398] CPU: 0 PID: 5398 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 95.435086][ T5398] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 95.446183][ T5398] Call Trace: [ 95.449567][ T5398] [ 95.452603][ T5398] dump_stack_lvl+0x1e7/0x2d0 [ 95.457484][ T5398] ? nf_tcp_handle_invalid+0x650/0x650 [ 95.463208][ T5398] ? panic+0x770/0x770 [ 95.467333][ T5398] should_fail_ex+0x3aa/0x4e0 [ 95.472044][ T5398] should_failslab+0x9/0x20 [ 95.476575][ T5398] slab_pre_alloc_hook+0x59/0x310 [ 95.481646][ T5398] kmem_cache_alloc+0x52/0x300 [ 95.486440][ T5398] ? btrfs_create_new_inode+0x251/0x2710 [ 95.492294][ T5398] btrfs_create_new_inode+0x251/0x2710 [ 95.497795][ T5398] ? do_raw_spin_unlock+0x13b/0x8b0 [ 95.503121][ T5398] ? btrfs_qgroup_convert_reserved_meta+0x446/0x960 [ 95.509752][ T5398] ? btrfs_new_inode_args_destroy+0x160/0x160 [ 95.515952][ T5398] ? __btrfs_qgroup_free_meta+0x380/0x380 [ 95.521884][ T5398] ? join_transaction+0x400/0xce0 [ 95.526968][ T5398] btrfs_create_common+0x1f9/0x300 [ 95.532155][ T5398] ? btrfs_tmpfile+0x4e0/0x4e0 [ 95.537028][ T5398] ? do_raw_spin_unlock+0x13b/0x8b0 [ 95.542263][ T5398] ? btrfs_create+0x75/0x140 [ 95.546901][ T5398] ? btrfs_lookup+0x40/0x40 [ 95.551435][ T5398] path_openat+0x13e7/0x3180 [ 95.556088][ T5398] ? do_filp_open+0x490/0x490 [ 95.560819][ T5398] do_filp_open+0x234/0x490 [ 95.565521][ T5398] ? vfs_tmpfile+0x4b0/0x4b0 [ 95.570273][ T5398] ? _raw_spin_unlock+0x28/0x40 [ 95.575147][ T5398] ? alloc_fd+0x59c/0x640 [ 95.579507][ T5398] do_sys_openat2+0x13e/0x1d0 [ 95.584212][ T5398] ? do_sys_open+0x230/0x230 [ 95.588838][ T5398] ? _raw_spin_unlock_irq+0x2e/0x50 [ 95.594405][ T5398] ? ptrace_notify+0x278/0x380 [ 95.599376][ T5398] __x64_sys_creat+0x123/0x160 [ 95.604180][ T5398] ? __x64_compat_sys_openat+0x290/0x290 [ 95.609847][ T5398] ? syscall_enter_from_user_mode+0x32/0x230 [ 95.615864][ T5398] ? syscall_enter_from_user_mode+0x8c/0x230 [pid 5403] ioctl(4, LOOP_CLR_FD [pid 5407] <... write resumed>) = 16777216 [pid 5405] <... mkdir resumed>) = 0 [pid 5402] <... ioctl resumed>) = 0 [pid 5399] <... ioctl resumed>) = 0 [pid 5402] close(4) = 0 [pid 5402] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5402] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [ 95.621978][ T5398] do_syscall_64+0x41/0xc0 [ 95.626422][ T5398] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 95.632436][ T5398] RIP: 0033:0x7f41770c8049 [ 95.637235][ T5398] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 95.658265][ T5398] RSP: 002b:00007f4177084208 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 95.666807][ T5398] RAX: ffffffffffffffda RBX: 00007f41771546c8 RCX: 00007f41770c8049 [pid 5405] mount("/dev/loop1", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5407] munmap(0x7f416ec64000, 138412032 [pid 5399] close(4 [pid 5407] <... munmap resumed>) = 0 [pid 5399] <... close resumed>) = 0 [pid 5399] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5399] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5396] <... futex resumed>) = 0 [pid 5396] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5399] <... futex resumed>) = 0 [pid 5396] <... futex resumed>) = 1 [pid 5399] open("./file0", O_RDONLY [pid 5396] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5399] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 5407] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5399] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5396] <... futex resumed>) = 0 [pid 5407] <... openat resumed>) = 4 [pid 5399] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5396] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5399] ioctl(-1, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5396] <... futex resumed>) = 0 [pid 5399] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5396] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5399] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5396] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5399] <... futex resumed>) = 0 [pid 5396] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5399] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5396] <... futex resumed>) = 0 [pid 5407] ioctl(4, LOOP_SET_FD, 3 [pid 5399] <... openat resumed>) = 3 [ 95.674983][ T5398] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000040 [ 95.683160][ T5398] RBP: 00007f41771546c0 R08: 00007f4177083fa6 R09: 0000000000003531 [ 95.691496][ T5398] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f41771211d0 [ 95.699584][ T5398] R13: 00007f4177084210 R14: 0000000000000002 R15: 00007f417711c070 [ 95.704114][ T5407] loop5: detected capacity change from 0 to 32768 [ 95.707748][ T5398] [pid 5396] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5400] <... futex resumed>) = 0 [pid 5399] write(3, "15", 2 [pid 5397] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5400] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5399] <... write resumed>) = 2 [pid 5397] futex(0x7f41771546dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5399] creat("./bus", 000) = -1 EISDIR (Is a directory) [pid 5399] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5402] <... futex resumed>) = 0 [pid 5400] <... futex resumed>) = 1 [pid 5399] <... futex resumed>) = 1 [pid 5397] <... futex resumed>) = 0 [pid 5402] open("./file0", O_RDONLY [pid 5399] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5396] <... futex resumed>) = 0 [pid 5397] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5400] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5402] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 5397] <... mmap resumed>) = 0x7f4177043000 [pid 5396] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5402] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5399] <... futex resumed>) = 0 [pid 5397] mprotect(0x7f4177044000, 131072, PROT_READ|PROT_WRITE [pid 5396] <... futex resumed>) = 1 [pid 5407] <... ioctl resumed>) = 0 [pid 5405] <... mount resumed>) = -1 EEXIST (File exists) [pid 5402] <... futex resumed>) = 1 [pid 5400] <... futex resumed>) = 0 [pid 5399] mkdir(".", 0777 [pid 5398] <... creat resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 5397] <... mprotect resumed>) = 0 [pid 5396] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5407] close(3 [pid 5405] ioctl(4, LOOP_CLR_FD [pid 5402] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5400] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5399] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5398] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [ 95.718689][ T5405] BTRFS warning: duplicate device /dev/loop1 devid 1 generation 8 scanned by syz-executor340 (5405) [pid 5397] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5407] <... close resumed>) = 0 [pid 5402] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5400] <... futex resumed>) = 0 [pid 5399] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5398] <... futex resumed>) = 0 [pid 5397] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5407] mkdir("./bus", 0777 [pid 5402] ioctl(-1, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5400] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5402] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5402] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5402] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5400] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5407] <... mkdir resumed>) = 0 [pid 5400] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5407] mount("/dev/loop5", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5402] <... futex resumed>) = 0 [pid 5400] <... futex resumed>) = 1 [pid 5402] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5400] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5407] <... mount resumed>) = -1 EEXIST (File exists) [pid 5402] <... openat resumed>) = 3 [pid 5398] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [ 95.759820][ T5399] FAULT_INJECTION: forcing a failure. [ 95.759820][ T5399] name failslab, interval 1, probability 0, space 0, times 0 [ 95.763218][ T2402] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 95.784414][ T5407] BTRFS warning: duplicate device /dev/loop5 devid 1 generation 8 scanned by syz-executor340 (5407) [ 95.796907][ T5399] CPU: 0 PID: 5399 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 95.807541][ T5399] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 95.817977][ T5399] Call Trace: [ 95.821288][ T5399] [ 95.824239][ T5399] dump_stack_lvl+0x1e7/0x2d0 [ 95.829034][ T5399] ? nf_tcp_handle_invalid+0x650/0x650 [ 95.834740][ T5399] ? panic+0x770/0x770 [ 95.838843][ T5399] ? __might_sleep+0xc0/0xc0 [ 95.843827][ T5399] should_fail_ex+0x3aa/0x4e0 [ 95.848627][ T5399] should_failslab+0x9/0x20 [ 95.853258][ T5399] slab_pre_alloc_hook+0x59/0x310 [pid 5397] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177063990, parent_tid=0x7f4177063990, exit_signal=0, stack=0x7f4177043000, stack_size=0x20300, tls=0x7f41770636c0} [pid 5402] write(3, "15", 2) = 2 [pid 5402] creat("./bus", 000) = -1 EISDIR (Is a directory) [pid 5407] ioctl(4, LOOP_CLR_FD [pid 5402] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 95.858419][ T5399] ? __might_sleep+0xc0/0xc0 [ 95.863233][ T5399] kmem_cache_alloc+0x52/0x300 [ 95.868209][ T5399] ? getname_flags+0xbc/0x4f0 [ 95.872913][ T5399] getname_flags+0xbc/0x4f0 [ 95.877605][ T5399] user_path_at_empty+0x2c/0x60 [ 95.882581][ T5399] __se_sys_mount+0x29a/0x3c0 [ 95.887290][ T5399] ? __x64_sys_mount+0xc0/0xc0 [ 95.892317][ T5399] ? syscall_enter_from_user_mode+0x32/0x230 [ 95.898432][ T5399] ? __x64_sys_mount+0x20/0xc0 [ 95.903251][ T5399] do_syscall_64+0x41/0xc0 [pid 5402] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5397] <... clone3 resumed> => {parent_tid=[5424]}, 88) = 5424 [pid 5397] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5397] futex(0x7f41771546d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 95.907705][ T5399] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 95.913626][ T5399] RIP: 0033:0x7f41770c949a [ 95.918078][ T5399] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 95.938147][ T5399] RSP: 002b:00007f4177084028 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 95.946684][ T5399] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f41770c949a [pid 5397] futex(0x7f41771546dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5424 attached [pid 5400] <... futex resumed>) = 0 [pid 5424] rseq(0x7f4177063fe0, 0x20, 0, 0x53053053 [pid 5400] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5424] <... rseq resumed>) = 0 [pid 5400] <... futex resumed>) = 1 [pid 5402] <... futex resumed>) = 0 [pid 5424] set_robust_list(0x7f41770639a0, 24 [pid 5402] mkdir(".", 0777 [pid 5400] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5424] <... set_robust_list resumed>) = 0 [pid 5402] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5402] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5424] rt_sigprocmask(SIG_SETMASK, [], [pid 5399] <... mount resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 5424] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5424] mkdir(".", 0777 [pid 5399] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5424] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5399] <... futex resumed>) = 1 [pid 5396] <... futex resumed>) = 0 [pid 5424] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5399] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5396] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5396] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5399] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5399] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0) = -1 EBADF (Bad file descriptor) [ 95.955044][ T5399] RDX: 0000000020000180 RSI: 0000000020000100 RDI: 0000000000000000 [ 95.963402][ T5399] RBP: 0000000020000180 R08: 00007f41770840c0 R09: 0000000000000000 [ 95.971581][ T5399] R10: 0000000001a404bc R11: 0000000000000286 R12: 0000000000000000 [ 95.979677][ T5399] R13: 0000000020000100 R14: 0000000000000000 R15: 00007f41770840c0 [ 95.987864][ T5399] [ 95.994232][ T5402] FAULT_INJECTION: forcing a failure. [ 95.994232][ T5402] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 96.034832][ T5424] BTRFS error (device loop0: state M): unrecognized mount option '18446744073709551615017777777777777777777770177777777777777777777718446744073709551615lbZ~Ƣ8žH~אa*Oѓ< 5^Sus%e [ 96.034832][ T5424] /ĖEaofmߚtҮ~г#a C$n-SGWmxeGy|sL=~ä_;N' [ 96.058301][ T5402] CPU: 1 PID: 5402 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 96.075384][ T5402] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 96.085741][ T5402] Call Trace: [ 96.089035][ T5402] [ 96.091986][ T5402] dump_stack_lvl+0x1e7/0x2d0 [ 96.096690][ T5402] ? nf_tcp_handle_invalid+0x650/0x650 [ 96.102213][ T5402] ? panic+0x770/0x770 [ 96.106305][ T5402] should_fail_ex+0x3aa/0x4e0 [ 96.111028][ T5402] strncpy_from_user+0x36/0x2e0 [ 96.115992][ T5402] getname_flags+0xf9/0x4f0 [ 96.120520][ T5402] user_path_at_empty+0x2c/0x60 [ 96.125382][ T5402] __se_sys_mount+0x29a/0x3c0 [ 96.130067][ T5402] ? __x64_sys_mount+0xc0/0xc0 [ 96.137263][ T5402] ? syscall_enter_from_user_mode+0x32/0x230 [ 96.143419][ T5402] ? __x64_sys_mount+0x20/0xc0 [ 96.148327][ T5402] do_syscall_64+0x41/0xc0 [ 96.152745][ T5402] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 96.158643][ T5402] RIP: 0033:0x7f41770c949a [ 96.163145][ T5402] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [pid 5424] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5405] <... ioctl resumed>) = 0 [pid 5399] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5424] futex(0x7f41771546dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5405] close(4 [pid 5399] <... futex resumed>) = 1 [pid 5424] <... futex resumed>) = 1 [pid 5424] futex(0x7f41771546d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5399] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5397] <... futex resumed>) = 0 [pid 5397] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5396] <... futex resumed>) = 0 [ 96.183004][ T5402] RSP: 002b:00007f4177084028 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 96.191416][ T5402] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f41770c949a [ 96.199480][ T5402] RDX: 0000000020000180 RSI: 0000000020000100 RDI: 0000000000000000 [ 96.207543][ T5402] RBP: 0000000020000180 R08: 00007f41770840c0 R09: 0000000000000000 [ 96.215511][ T5402] R10: 0000000001a404bc R11: 0000000000000286 R12: 0000000000000000 [ 96.223564][ T5402] R13: 0000000020000100 R14: 0000000000000000 R15: 00007f41770840c0 [ 96.231542][ T5402] [pid 5396] exit_group(0 [pid 5398] <... futex resumed>) = 0 [pid 5397] <... futex resumed>) = 1 [pid 5396] <... exit_group resumed>) = ? [pid 5399] <... futex resumed>) = ? [pid 5398] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5399] +++ exited with 0 +++ [pid 5398] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5397] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5396] +++ exited with 0 +++ [pid 5398] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5405] <... close resumed>) = 0 [pid 5398] <... futex resumed>) = 0 [pid 5398] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5405] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5404] <... futex resumed>) = 0 [pid 5028] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5396, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=37 /* 0.37 s */} --- [pid 5405] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5404] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5405] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5404] <... futex resumed>) = 0 [pid 5405] open("./file0", O_RDONLY [pid 5404] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5405] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 5397] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5407] <... ioctl resumed>) = 0 [pid 5405] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5397] exit_group(0 [pid 5405] <... futex resumed>) = 1 [pid 5404] <... futex resumed>) = 0 [pid 5405] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5404] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5405] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5404] <... futex resumed>) = 0 [pid 5405] ioctl(-1, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5404] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5405] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5405] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5404] <... futex resumed>) = 0 [pid 5405] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5404] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5404] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5398] <... futex resumed>) = ? [pid 5397] <... exit_group resumed>) = ? [pid 5424] <... futex resumed>) = ? [pid 5424] +++ exited with 0 +++ [pid 5398] +++ exited with 0 +++ [pid 5028] umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5028] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5028] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5397] +++ exited with 0 +++ [pid 5028] getdents64(3, 0x555555981730 /* 4 entries */, 32768) = 104 [pid 5025] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5397, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=29 /* 0.29 s */} --- [pid 5028] umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5025] restart_syscall(<... resuming interrupted clone ...> [pid 5028] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5025] <... restart_syscall resumed>) = 0 [pid 5028] newfstatat(AT_FDCWD, "./11/bus", [pid 5405] <... openat resumed>) = 3 [pid 5028] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5028] umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5025] umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5028] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5025] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5028] openat(AT_FDCWD, "./11/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5025] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5028] <... openat resumed>) = 4 [pid 5025] <... openat resumed>) = 3 [pid 5028] newfstatat(4, "", [pid 5025] newfstatat(3, "", [pid 5028] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5025] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5028] getdents64(4, [pid 5405] write(3, "15", 2 [pid 5025] getdents64(3, [pid 5405] <... write resumed>) = 2 [pid 5028] <... getdents64 resumed>0x555555989770 /* 2 entries */, 32768) = 48 [pid 5025] <... getdents64 resumed>0x555555981730 /* 4 entries */, 32768) = 104 [pid 5405] creat("./bus", 000 [pid 5028] getdents64(4, [pid 5025] umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5405] <... creat resumed>) = -1 EISDIR (Is a directory) [pid 5028] <... getdents64 resumed>0x555555989770 /* 0 entries */, 32768) = 0 [pid 5407] close(4 [pid 5403] <... ioctl resumed>) = 0 [pid 5402] <... mount resumed>) = -1 EFAULT (Bad address) [pid 5405] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5028] close(4 [pid 5405] <... futex resumed>) = 1 [pid 5404] <... futex resumed>) = 0 [pid 5028] <... close resumed>) = 0 [pid 5405] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5404] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5403] close(4 [pid 5028] rmdir("./11/bus" [pid 5405] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5404] <... futex resumed>) = 0 [pid 5403] <... close resumed>) = 0 [pid 5028] <... rmdir resumed>) = 0 [pid 5405] mkdir(".", 0777 [pid 5404] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5403] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5028] umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5407] <... close resumed>) = 0 [pid 5405] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5403] <... futex resumed>) = 1 [pid 5402] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5401] <... futex resumed>) = 0 [pid 5028] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5407] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5405] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5403] open("./file0", O_RDONLY [pid 5402] <... futex resumed>) = 1 [pid 5401] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5400] <... futex resumed>) = 0 [pid 5028] newfstatat(AT_FDCWD, "./11/binderfs", [pid 5403] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 5402] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5401] <... futex resumed>) = 0 [pid 5400] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5028] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5028] unlink("./11/binderfs") = 0 [pid 5028] getdents64(3, 0x555555981730 /* 0 entries */, 32768) = 0 [pid 5028] close(3) = 0 [pid 5028] rmdir("./11") = 0 [pid 5028] mkdir("./12", 0777) = 0 [pid 5028] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5028] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5028] close(3) = 0 [pid 5028] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5400] <... futex resumed>) = 0 [pid 5400] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5401] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5402] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5407] <... futex resumed>) = 1 [pid 5406] <... futex resumed>) = 0 [pid 5406] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5407] open("./file0", O_RDONLY [pid 5406] <... futex resumed>) = 0 [pid 5403] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5402] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5407] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 5406] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5403] <... futex resumed>) = 1 [pid 5402] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5401] <... futex resumed>) = 0 [pid 5407] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5403] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5402] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5401] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5406] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5402] <... futex resumed>) = 1 [pid 5403] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5401] <... futex resumed>) = 0 [pid 5400] <... futex resumed>) = 0 [pid 5406] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5403] ioctl(-1, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5402] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5401] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5400] exit_group(0 [pid 5406] <... futex resumed>) = 0 [pid 5403] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5400] <... exit_group resumed>) = ? [pid 5407] <... futex resumed>) = 0 [pid 5406] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5403] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5402] <... futex resumed>) = ? [pid 5403] <... futex resumed>) = 1 [pid 5401] <... futex resumed>) = 0 [pid 5401] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5403] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5401] <... futex resumed>) = 0 [pid 5401] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5407] ioctl(-1, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5403] <... openat resumed>) = 3 [pid 5402] +++ exited with 0 +++ [pid 5400] +++ exited with 0 +++ [pid 5027] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5400, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=45 /* 0.45 s */} --- [pid 5027] umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5028] <... clone resumed>, child_tidptr=0x555555980690) = 5425 [pid 5027] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5027] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5027] newfstatat(3, "", [pid 5407] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5403] write(3, "15", 2 [pid 5027] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5027] getdents64(3, 0x555555981730 /* 4 entries */, 32768) = 104 [pid 5027] umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 5425 attached [pid 5425] set_robust_list(0x5555559806a0, 24 [pid 5027] newfstatat(AT_FDCWD, "./11/bus", [pid 5425] <... set_robust_list resumed>) = 0 [pid 5027] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5425] chdir("./12" [pid 5407] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5403] <... write resumed>) = 2 [pid 5027] umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5407] <... futex resumed>) = 1 [pid 5406] <... futex resumed>) = 0 [pid 5403] creat("./bus", 000 [pid 5027] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5425] <... chdir resumed>) = 0 [pid 5407] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5406] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5403] <... creat resumed>) = -1 EISDIR (Is a directory) [pid 5027] openat(AT_FDCWD, "./11/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5425] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5407] <... openat resumed>) = 3 [pid 5406] <... futex resumed>) = 0 [pid 5403] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5027] <... openat resumed>) = 4 [pid 5425] <... prctl resumed>) = 0 [pid 5406] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5403] <... futex resumed>) = 1 [pid 5401] <... futex resumed>) = 0 [pid 5027] newfstatat(4, "", [pid 5403] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [ 96.329754][ T5405] FAULT_INJECTION: forcing a failure. [ 96.329754][ T5405] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 96.367955][ T5405] CPU: 1 PID: 5405 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 96.378434][ T5405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 96.388606][ T5405] Call Trace: [ 96.391909][ T5405] [ 96.394859][ T5405] dump_stack_lvl+0x1e7/0x2d0 [ 96.399576][ T5405] ? nf_tcp_handle_invalid+0x650/0x650 [ 96.405332][ T5405] ? panic+0x770/0x770 [ 96.409433][ T5405] should_fail_ex+0x3aa/0x4e0 [ 96.414142][ T5405] strncpy_from_user+0x36/0x2e0 [ 96.416644][ T5403] FAULT_INJECTION: forcing a failure. [pid 5401] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5027] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5407] write(3, "15", 2 [pid 5403] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5401] <... futex resumed>) = 0 [pid 5401] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5425] setpgid(0, 0) = 0 [pid 5425] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5425] write(3, "1000", 4) = 4 [pid 5425] close(3) = 0 [pid 5425] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5403] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 5403] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5425] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5407] <... write resumed>) = 2 [pid 5406] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5425] <... futex resumed>) = 0 [pid 5407] creat("./bus", 000 [pid 5406] futex(0x7f41771546dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5425] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, [pid 5407] <... creat resumed>) = -1 EISDIR (Is a directory) [pid 5406] <... futex resumed>) = 0 [pid 5425] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5407] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5406] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5425] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5407] <... futex resumed>) = 0 [pid 5406] <... mmap resumed>) = 0x7f4177043000 [pid 5425] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5407] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5406] mprotect(0x7f4177044000, 131072, PROT_READ|PROT_WRITE [pid 5425] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5406] <... mprotect resumed>) = 0 [pid 5425] <... mmap resumed>) = 0x7f4177064000 [pid 5406] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5425] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE [pid 5406] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5425] <... mprotect resumed>) = 0 [pid 5406] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177063990, parent_tid=0x7f4177063990, exit_signal=0, stack=0x7f4177043000, stack_size=0x20300, tls=0x7f41770636c0} [pid 5425] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5406] <... clone3 resumed> => {parent_tid=[5426]}, 88) = 5426 [pid 5406] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5406] futex(0x7f41771546d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5406] futex(0x7f41771546dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5425] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5425] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0} => {parent_tid=[5427]}, 88) = 5427 [pid 5425] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5425] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5425] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5427 attached [pid 5427] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053) = 0 [pid 5427] set_robust_list(0x7f41770849a0, 24) = 0 [pid 5427] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5427] memfd_create("syzkaller", 0) = 3 [pid 5427] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f416ec64000 [ 96.416644][ T5403] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 96.418999][ T5405] getname_flags+0xf9/0x4f0 [ 96.419029][ T5405] user_path_at_empty+0x2c/0x60 [ 96.441676][ T5405] __se_sys_mount+0x29a/0x3c0 [ 96.446479][ T5405] ? __x64_sys_mount+0xc0/0xc0 [ 96.451372][ T5405] ? syscall_enter_from_user_mode+0x32/0x230 [ 96.457418][ T5405] ? __x64_sys_mount+0x20/0xc0 [ 96.462213][ T5405] do_syscall_64+0x41/0xc0 [ 96.467008][ T5405] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 96.473016][ T5405] RIP: 0033:0x7f41770c949a [ 96.477906][ T5405] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 96.499640][ T5405] RSP: 002b:00007f4177084028 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 96.508412][ T5405] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f41770c949a [ 96.517026][ T5405] RDX: 0000000020000180 RSI: 0000000020000100 RDI: 0000000000000000 ./strace-static-x86_64: Process 5426 attached [pid 5426] rseq(0x7f4177063fe0, 0x20, 0, 0x53053053 [pid 5027] getdents64(4, [pid 5426] <... rseq resumed>) = 0 [pid 5426] set_robust_list(0x7f41770639a0, 24 [pid 5027] <... getdents64 resumed>0x555555989770 /* 2 entries */, 32768) = 48 [pid 5426] <... set_robust_list resumed>) = 0 [pid 5426] rt_sigprocmask(SIG_SETMASK, [], [pid 5027] getdents64(4, [pid 5405] <... mount resumed>) = -1 EFAULT (Bad address) [pid 5405] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5404] <... futex resumed>) = 0 [ 96.525015][ T5405] RBP: 0000000020000180 R08: 00007f41770840c0 R09: 0000000000000000 [ 96.533180][ T5405] R10: 0000000001a404bc R11: 0000000000000286 R12: 0000000000000000 [ 96.541434][ T5405] R13: 0000000020000100 R14: 0000000000000000 R15: 00007f41770840c0 [ 96.550055][ T5405] [pid 5404] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5404] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5405] <... futex resumed>) = 1 [pid 5426] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5027] <... getdents64 resumed>0x555555989770 /* 0 entries */, 32768) = 0 [ 96.574435][ T5403] CPU: 0 PID: 5403 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 96.585142][ T5403] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 96.595575][ T5403] Call Trace: [ 96.598959][ T5403] [ 96.601984][ T5403] dump_stack_lvl+0x1e7/0x2d0 [ 96.606693][ T5403] ? nf_tcp_handle_invalid+0x650/0x650 [ 96.612183][ T5403] ? panic+0x770/0x770 [ 96.616398][ T5403] should_fail_ex+0x3aa/0x4e0 [ 96.621379][ T5403] strncpy_from_user+0x36/0x2e0 [ 96.626301][ T5403] getname_flags+0xf9/0x4f0 [ 96.630934][ T5403] user_path_at_empty+0x2c/0x60 [ 96.635944][ T5403] __se_sys_mount+0x29a/0x3c0 [ 96.640909][ T5403] ? __x64_sys_mount+0xc0/0xc0 [ 96.645896][ T5403] ? syscall_enter_from_user_mode+0x32/0x230 [ 96.651908][ T5403] ? __x64_sys_mount+0x20/0xc0 [ 96.656750][ T5403] do_syscall_64+0x41/0xc0 [ 96.661177][ T5403] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 96.667191][ T5403] RIP: 0033:0x7f41770c949a [ 96.671615][ T5403] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 96.691518][ T5403] RSP: 002b:00007f4177084028 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 96.699961][ T5403] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f41770c949a [ 96.707965][ T5403] RDX: 0000000020000180 RSI: 0000000020000100 RDI: 0000000000000000 [ 96.715948][ T5403] RBP: 0000000020000180 R08: 00007f41770840c0 R09: 0000000000000000 [ 96.724015][ T5403] R10: 0000000001a404bc R11: 0000000000000286 R12: 0000000000000000 [ 96.731980][ T5403] R13: 0000000020000100 R14: 0000000000000000 R15: 00007f41770840c0 [ 96.740054][ T5403] [pid 5426] mkdir(".", 0777 [pid 5405] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5027] close(4 [pid 5404] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5027] <... close resumed>) = 0 [pid 5426] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5405] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5027] rmdir("./11/bus") = 0 [pid 5426] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5405] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5027] umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5405] <... futex resumed>) = 0 [pid 5027] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5426] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5027] newfstatat(AT_FDCWD, "./11/binderfs", [pid 5405] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5027] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5426] futex(0x7f41771546dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5027] unlink("./11/binderfs") = 0 [pid 5027] getdents64(3, 0x555555981730 /* 0 entries */, 32768) = 0 [pid 5027] close(3) = 0 [pid 5027] rmdir("./11") = 0 [pid 5426] futex(0x7f41771546d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5027] mkdir("./12", 0777 [pid 5427] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5027] <... mkdir resumed>) = 0 [pid 5406] <... futex resumed>) = 0 [pid 5027] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5027] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5027] close(3) = 0 [pid 5406] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5404] exit_group(0 [pid 5027] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555980690) = 5428 [pid 5404] <... exit_group resumed>) = ? [pid 5405] <... futex resumed>) = ? [pid 5406] <... futex resumed>) = 1 [pid 5406] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5405] +++ exited with 0 +++ [pid 5404] +++ exited with 0 +++ [pid 5026] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5404, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=36 /* 0.36 s */} --- [pid 5026] umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5026] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5026] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5026] getdents64(3, 0x555555981730 /* 4 entries */, 32768) = 104 [pid 5026] umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5026] newfstatat(AT_FDCWD, "./12/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5026] umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5026] openat(AT_FDCWD, "./12/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5026] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5026] getdents64(4, 0x555555989770 /* 2 entries */, 32768) = 48 [pid 5026] getdents64(4, 0x555555989770 /* 0 entries */, 32768) = 0 [pid 5026] close(4) = 0 [pid 5026] rmdir("./12/bus") = 0 [pid 5026] umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5026] newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5026] unlink("./12/binderfs") = 0 [pid 5026] getdents64(3, 0x555555981730 /* 0 entries */, 32768) = 0 [pid 5026] close(3) = 0 [pid 5026] rmdir("./12" [pid 5407] <... futex resumed>) = 0 [pid 5026] <... rmdir resumed>) = 0 [pid 5407] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0) = -1 EBADF (Bad file descriptor) [pid 5407] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5406] <... futex resumed>) = 0 [pid 5406] exit_group(0 [pid 5426] <... futex resumed>) = ? [pid 5406] <... exit_group resumed>) = ? [pid 5426] +++ exited with 0 +++ [pid 5026] mkdir("./13", 0777) = 0 [pid 5026] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5026] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5026] close(3) = 0 [pid 5026] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555980690) = 5429 [pid 5407] +++ exited with 0 +++ [pid 5406] +++ exited with 0 +++ [pid 5030] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5406, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=33 /* 0.33 s */} --- [pid 5030] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5030] umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5428 attached ) = -1 EINVAL (Invalid argument) [pid 5030] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5030] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 ./strace-static-x86_64: Process 5429 attached [pid 5030] getdents64(3, [pid 5429] set_robust_list(0x5555559806a0, 24 [pid 5030] <... getdents64 resumed>0x555555981730 /* 4 entries */, 32768) = 104 [pid 5429] <... set_robust_list resumed>) = 0 [pid 5030] umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5429] chdir("./13" [pid 5030] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5429] <... chdir resumed>) = 0 [pid 5030] newfstatat(AT_FDCWD, "./10/bus", [pid 5429] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5030] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5429] <... prctl resumed>) = 0 [pid 5030] umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5429] setpgid(0, 0 [pid 5030] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5429] <... setpgid resumed>) = 0 [pid 5030] openat(AT_FDCWD, "./10/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5429] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5030] <... openat resumed>) = 4 [pid 5429] <... openat resumed>) = 3 [pid 5030] newfstatat(4, "", [pid 5429] write(3, "1000", 4 [pid 5030] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5429] <... write resumed>) = 4 [pid 5030] getdents64(4, [pid 5429] close(3 [pid 5030] <... getdents64 resumed>0x555555989770 /* 2 entries */, 32768) = 48 [pid 5429] <... close resumed>) = 0 [pid 5428] set_robust_list(0x5555559806a0, 24 [pid 5429] symlink("/dev/binderfs", "./binderfs" [pid 5030] getdents64(4, [pid 5429] <... symlink resumed>) = 0 [pid 5030] <... getdents64 resumed>0x555555989770 /* 0 entries */, 32768) = 0 [pid 5429] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5030] close(4 [pid 5429] <... futex resumed>) = 0 [pid 5030] <... close resumed>) = 0 [pid 5429] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, [pid 5030] rmdir("./10/bus" [pid 5429] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5030] <... rmdir resumed>) = 0 [pid 5429] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5030] umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5429] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5030] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5429] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4177064000 [pid 5030] newfstatat(AT_FDCWD, "./10/binderfs", [pid 5429] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE [pid 5030] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5429] <... mprotect resumed>) = 0 [pid 5429] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5030] unlink("./10/binderfs" [pid 5429] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5030] <... unlink resumed>) = 0 [pid 5429] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0} [pid 5030] getdents64(3, ./strace-static-x86_64: Process 5430 attached [pid 5430] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053 [pid 5429] <... clone3 resumed> => {parent_tid=[5430]}, 88) = 5430 [pid 5030] <... getdents64 resumed>0x555555981730 /* 0 entries */, 32768) = 0 [pid 5430] <... rseq resumed>) = 0 [pid 5429] rt_sigprocmask(SIG_SETMASK, [], [pid 5030] close(3 [pid 5430] set_robust_list(0x7f41770849a0, 24 [pid 5429] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5428] <... set_robust_list resumed>) = 0 [pid 5030] <... close resumed>) = 0 [pid 5430] <... set_robust_list resumed>) = 0 [pid 5429] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5030] rmdir("./10" [pid 5430] rt_sigprocmask(SIG_SETMASK, [], [pid 5429] <... futex resumed>) = 0 [pid 5428] chdir("./12" [pid 5030] <... rmdir resumed>) = 0 [pid 5430] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5429] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5030] mkdir("./11", 0777 [pid 5430] memfd_create("syzkaller", 0 [pid 5030] <... mkdir resumed>) = 0 [pid 5430] <... memfd_create resumed>) = 3 [pid 5030] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5430] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5030] <... openat resumed>) = 3 [pid 5430] <... mmap resumed>) = 0x7f416ec64000 [pid 5030] ioctl(3, LOOP_CLR_FD [pid 5428] <... chdir resumed>) = 0 [pid 5030] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5428] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5030] close(3) = 0 [pid 5030] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5431 attached [pid 5428] <... prctl resumed>) = 0 [pid 5431] set_robust_list(0x5555559806a0, 24 [pid 5428] setpgid(0, 0 [pid 5030] <... clone resumed>, child_tidptr=0x555555980690) = 5431 [pid 5431] <... set_robust_list resumed>) = 0 [pid 5428] <... setpgid resumed>) = 0 [pid 5428] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5431] chdir("./11") = 0 [pid 5428] <... openat resumed>) = 3 [pid 5431] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5431] setpgid(0, 0 [pid 5428] write(3, "1000", 4 [pid 5403] <... mount resumed>) = -1 EFAULT (Bad address) [pid 5431] <... setpgid resumed>) = 0 [pid 5428] <... write resumed>) = 4 [pid 5431] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5428] close(3) = 0 [pid 5403] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5431] <... openat resumed>) = 3 [pid 5428] symlink("/dev/binderfs", "./binderfs" [pid 5403] <... futex resumed>) = 1 [pid 5401] <... futex resumed>) = 0 [pid 5401] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5428] <... symlink resumed>) = 0 [pid 5431] write(3, "1000", 4 [pid 5401] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5431] <... write resumed>) = 4 [pid 5431] close(3 [pid 5403] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5431] <... close resumed>) = 0 [pid 5428] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5403] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5431] symlink("/dev/binderfs", "./binderfs" [pid 5428] <... futex resumed>) = 0 [pid 5403] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5401] <... futex resumed>) = 0 [pid 5431] <... symlink resumed>) = 0 [pid 5428] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, [pid 5403] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5401] exit_group(0 [pid 5431] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5428] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5401] <... exit_group resumed>) = ? [pid 5431] <... futex resumed>) = 0 [pid 5428] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5403] <... futex resumed>) = ? [pid 5431] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, [pid 5428] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5403] +++ exited with 0 +++ [pid 5401] +++ exited with 0 +++ [pid 5431] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5428] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5029] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5401, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=38 /* 0.38 s */} --- [pid 5431] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5428] <... mmap resumed>) = 0x7f4177064000 [pid 5029] umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5431] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5428] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE [pid 5431] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5029] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5428] <... mprotect resumed>) = 0 [pid 5029] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5431] <... mmap resumed>) = 0x7f4177064000 [pid 5029] <... openat resumed>) = 3 [pid 5431] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE [pid 5029] newfstatat(3, "", [pid 5431] <... mprotect resumed>) = 0 [pid 5029] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5431] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5029] getdents64(3, [pid 5431] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5428] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5029] <... getdents64 resumed>0x555555981730 /* 4 entries */, 32768) = 104 [pid 5431] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0}./strace-static-x86_64: Process 5433 attached => {parent_tid=[5433]}, 88) = 5433 [pid 5433] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053 [pid 5029] umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5431] rt_sigprocmask(SIG_SETMASK, [], [pid 5433] <... rseq resumed>) = 0 [pid 5433] set_robust_list(0x7f41770849a0, 24 [pid 5431] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5433] <... set_robust_list resumed>) = 0 [pid 5433] rt_sigprocmask(SIG_SETMASK, [], [pid 5431] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5433] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5431] <... futex resumed>) = 0 [pid 5431] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5029] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5433] memfd_create("syzkaller", 0 [pid 5029] newfstatat(AT_FDCWD, "./12/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5433] <... memfd_create resumed>) = 3 [pid 5029] umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5428] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5029] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5428] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0} [pid 5029] openat(AT_FDCWD, "./12/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5433] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5029] <... openat resumed>) = 4 [pid 5029] newfstatat(4, "", [pid 5433] <... mmap resumed>) = 0x7f416ec64000 [pid 5029] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5029] getdents64(4, 0x555555989770 /* 2 entries */, 32768) = 48 ./strace-static-x86_64: Process 5434 attached [pid 5029] getdents64(4, [pid 5434] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053) = 0 [pid 5434] set_robust_list(0x7f41770849a0, 24 [pid 5428] <... clone3 resumed> => {parent_tid=[5434]}, 88) = 5434 [pid 5029] <... getdents64 resumed>0x555555989770 /* 0 entries */, 32768) = 0 [pid 5434] <... set_robust_list resumed>) = 0 [pid 5434] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5434] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5029] close(4) = 0 [pid 5428] rt_sigprocmask(SIG_SETMASK, [], [pid 5029] rmdir("./12/bus") = 0 [pid 5428] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5029] umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5428] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5434] <... futex resumed>) = 0 [pid 5428] <... futex resumed>) = 1 [pid 5029] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5434] memfd_create("syzkaller", 0 [pid 5428] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5029] newfstatat(AT_FDCWD, "./12/binderfs", [pid 5434] <... memfd_create resumed>) = 3 [pid 5434] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f416ec64000 [pid 5029] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5029] unlink("./12/binderfs") = 0 [pid 5029] getdents64(3, 0x555555981730 /* 0 entries */, 32768) = 0 [pid 5029] close(3) = 0 [pid 5029] rmdir("./12") = 0 [pid 5029] mkdir("./13", 0777) = 0 [pid 5029] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5029] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5029] close(3) = 0 [pid 5029] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5435 attached [pid 5435] set_robust_list(0x5555559806a0, 24 [pid 5029] <... clone resumed>, child_tidptr=0x555555980690) = 5435 [pid 5435] <... set_robust_list resumed>) = 0 [pid 5435] chdir("./13") = 0 [pid 5435] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5435] setpgid(0, 0) = 0 [pid 5435] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5435] write(3, "1000", 4) = 4 [pid 5435] close(3) = 0 [pid 5435] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5435] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5435] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, NULL, 8) = 0 [pid 5435] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5435] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4177064000 [pid 5435] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5435] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5435] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0}./strace-static-x86_64: Process 5436 attached => {parent_tid=[5436]}, 88) = 5436 [pid 5433] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5427] <... write resumed>) = 16777216 [pid 5435] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5436] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053) = 0 [pid 5435] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5435] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5436] set_robust_list(0x7f41770849a0, 24) = 0 [pid 5436] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5436] memfd_create("syzkaller", 0 [pid 5427] munmap(0x7f416ec64000, 138412032 [pid 5436] <... memfd_create resumed>) = 3 [pid 5436] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f416ec64000 [pid 5430] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5427] <... munmap resumed>) = 0 [pid 5025] <... umount2 resumed>) = 0 [pid 5025] umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5025] newfstatat(AT_FDCWD, "./11/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5025] umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5025] openat(AT_FDCWD, "./11/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5025] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5025] getdents64(4, 0x555555989770 /* 2 entries */, 32768) = 48 [pid 5025] getdents64(4, 0x555555989770 /* 0 entries */, 32768) = 0 [pid 5025] close(4) = 0 [pid 5025] rmdir("./11/bus") = 0 [pid 5025] umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5025] newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5025] unlink("./11/binderfs" [pid 5427] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5025] <... unlink resumed>) = 0 [pid 5427] ioctl(4, LOOP_SET_FD, 3 [pid 5025] getdents64(3, 0x555555981730 /* 0 entries */, 32768) = 0 [pid 5025] close(3) = 0 [pid 5025] rmdir("./11") = 0 [pid 5025] mkdir("./12", 0777) = 0 [pid 5025] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5025] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5025] close(3 [pid 5427] <... ioctl resumed>) = 0 [pid 5025] <... close resumed>) = 0 [pid 5025] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5427] close(3) = 0 [pid 5427] mkdir("./bus", 0777 [pid 5025] <... clone resumed>, child_tidptr=0x555555980690) = 5437 ./strace-static-x86_64: Process 5437 attached [pid 5437] set_robust_list(0x5555559806a0, 24 [pid 5427] <... mkdir resumed>) = 0 [pid 5437] <... set_robust_list resumed>) = 0 [pid 5437] chdir("./12") = 0 [pid 5437] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5437] setpgid(0, 0 [ 97.214056][ T5427] loop3: detected capacity change from 0 to 32768 [pid 5427] mount("/dev/loop3", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5437] <... setpgid resumed>) = 0 [pid 5434] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5437] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5437] write(3, "1000", 4) = 4 [ 97.261518][ T5427] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop3 scanned by syz-executor340 (5427) [pid 5437] close(3) = 0 [pid 5437] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5437] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5437] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, NULL, 8) = 0 [pid 5437] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5437] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4177064000 [pid 5437] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5437] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5437] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0}./strace-static-x86_64: Process 5438 attached [pid 5438] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053) = 0 [ 97.307436][ T5427] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 97.342156][ T5427] BTRFS info (device loop3): doing ref verification [pid 5438] set_robust_list(0x7f41770849a0, 24) = 0 [pid 5438] rt_sigprocmask(SIG_SETMASK, [], [pid 5437] <... clone3 resumed> => {parent_tid=[5438]}, 88) = 5438 [pid 5438] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5437] rt_sigprocmask(SIG_SETMASK, [], [pid 5438] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5437] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5438] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5437] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5438] memfd_create("syzkaller", 0 [pid 5437] <... futex resumed>) = 0 [pid 5438] <... memfd_create resumed>) = 3 [pid 5437] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5438] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f416ec64000 [ 97.350403][ T5427] BTRFS warning (device loop3): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 97.382125][ T5427] BTRFS info (device loop3): force zlib compression, level 3 [ 97.389678][ T5427] BTRFS info (device loop3): allowing degraded mounts [ 97.413276][ T5427] BTRFS info (device loop3): using free space tree [pid 5436] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5434] <... write resumed>) = 16777216 [pid 5434] munmap(0x7f416ec64000, 138412032) = 0 [pid 5434] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 97.612117][ T5427] BTRFS info (device loop3): auto enabling async discard [pid 5434] ioctl(4, LOOP_SET_FD, 3 [pid 5427] <... mount resumed>) = 0 [pid 5427] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5427] chdir("./bus") = 0 [pid 5427] ioctl(4, LOOP_CLR_FD) = 0 [pid 5427] close(4) = 0 [pid 5427] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5427] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5425] <... futex resumed>) = 0 [pid 5425] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5425] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5434] <... ioctl resumed>) = 0 [pid 5427] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5434] close(3 [pid 5427] open("./file0", O_RDONLY [pid 5434] <... close resumed>) = 0 [pid 5427] <... open resumed>) = 4 [pid 5434] mkdir("./bus", 0777 [pid 5427] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5425] <... futex resumed>) = 0 [pid 5427] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5434] <... mkdir resumed>) = 0 [pid 5425] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5434] mount("/dev/loop2", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5427] <... futex resumed>) = 0 [pid 5425] <... futex resumed>) = 1 [pid 5427] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [ 97.666416][ T5434] loop2: detected capacity change from 0 to 32768 [pid 5425] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5427] <... ioctl resumed>) = 0 [pid 5427] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5425] <... futex resumed>) = 0 [pid 5427] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5425] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5427] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5425] <... futex resumed>) = 0 [pid 5427] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5425] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5427] <... openat resumed>) = 5 [pid 5438] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5427] write(5, "15", 2) = 2 [pid 5427] creat("./bus", 000 [pid 5434] <... mount resumed>) = -1 EEXIST (File exists) [ 97.741741][ T5434] BTRFS warning: duplicate device /dev/loop2 devid 1 generation 8 scanned by syz-executor340 (5434) [ 97.791193][ T5427] FAULT_INJECTION: forcing a failure. [ 97.791193][ T5427] name failslab, interval 1, probability 0, space 0, times 0 [ 97.804391][ T5427] CPU: 1 PID: 5427 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 97.815143][ T5427] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 97.825488][ T5427] Call Trace: [ 97.828819][ T5427] [ 97.831765][ T5427] dump_stack_lvl+0x1e7/0x2d0 [ 97.836562][ T5427] ? nf_tcp_handle_invalid+0x650/0x650 [ 97.842317][ T5427] ? panic+0x770/0x770 [ 97.846438][ T5427] ? mark_lock+0x9a/0x340 [ 97.850796][ T5427] should_fail_ex+0x3aa/0x4e0 [ 97.855510][ T5427] should_failslab+0x9/0x20 [ 97.860147][ T5427] slab_pre_alloc_hook+0x59/0x310 [ 97.865295][ T5427] ? ulist_add_merge+0x14c/0x480 [ 97.869749][ T2402] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [ 97.870324][ T5427] __kmem_cache_alloc_node+0x4b/0x270 [ 97.884981][ T5427] ? ulist_add_merge+0x14c/0x480 [ 97.889946][ T5427] kmalloc_trace+0x2a/0xe0 [ 97.894576][ T5427] ulist_add_merge+0x14c/0x480 [ 97.899547][ T5427] btrfs_qgroup_convert_reserved_meta+0x503/0x960 [ 97.906000][ T5427] ? __btrfs_qgroup_free_meta+0x380/0x380 [ 97.911740][ T5427] ? join_transaction+0xb08/0xce0 [ 97.916906][ T5427] ? rcu_is_watching+0x15/0xb0 [ 97.921684][ T5427] ? trace_btrfs_space_reservation+0x96/0x210 [ 97.927835][ T5427] start_transaction+0x1011/0x11a0 [ 97.932958][ T5427] btrfs_create_common+0x1d6/0x300 [ 97.938160][ T5427] ? btrfs_tmpfile+0x4e0/0x4e0 [ 97.942921][ T5427] ? do_raw_spin_unlock+0x13b/0x8b0 [ 97.948128][ T5427] ? btrfs_create+0x75/0x140 [ 97.952805][ T5427] ? btrfs_lookup+0x40/0x40 [ 97.957307][ T5427] path_openat+0x13e7/0x3180 [ 97.962025][ T5427] ? do_filp_open+0x490/0x490 [ 97.966752][ T5427] do_filp_open+0x234/0x490 [ 97.971252][ T5427] ? vfs_tmpfile+0x4b0/0x4b0 [ 97.975941][ T5427] ? _raw_spin_unlock+0x28/0x40 [ 97.980951][ T5427] ? alloc_fd+0x59c/0x640 [ 97.985454][ T5427] do_sys_openat2+0x13e/0x1d0 [ 97.990154][ T5427] ? do_sys_open+0x230/0x230 [ 97.994756][ T5427] ? _raw_spin_unlock_irq+0x2e/0x50 [ 98.000033][ T5427] ? ptrace_notify+0x278/0x380 [ 98.005034][ T5427] __x64_sys_creat+0x123/0x160 [ 98.009831][ T5427] ? __x64_compat_sys_openat+0x290/0x290 [ 98.015585][ T5427] ? syscall_enter_from_user_mode+0x32/0x230 [ 98.021851][ T5427] ? syscall_enter_from_user_mode+0x8c/0x230 [ 98.027840][ T5427] do_syscall_64+0x41/0xc0 [ 98.032261][ T5427] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 98.038411][ T5427] RIP: 0033:0x7f41770c8049 [ 98.042848][ T5427] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 98.062646][ T5427] RSP: 002b:00007f4177084208 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 98.071151][ T5427] RAX: ffffffffffffffda RBX: 00007f41771546c8 RCX: 00007f41770c8049 [ 98.079315][ T5427] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000040 [pid 5434] ioctl(4, LOOP_CLR_FD [pid 5425] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5433] <... write resumed>) = 16777216 [pid 5430] <... write resumed>) = 16777216 [pid 5433] munmap(0x7f416ec64000, 138412032 [pid 5430] munmap(0x7f416ec64000, 138412032) = 0 [pid 5433] <... munmap resumed>) = 0 [ 98.087289][ T5427] RBP: 00007f41771546c0 R08: 00007f4177083fa6 R09: 0000000000003531 [ 98.095344][ T5427] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f41771211d0 [ 98.103311][ T5427] R13: 00007f4177084210 R14: 0000000000000002 R15: 00007f417711c070 [ 98.111291][ T5427] [pid 5433] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5430] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5430] ioctl(4, LOOP_SET_FD, 3 [pid 5425] futex(0x7f41771546dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5425] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5433] <... openat resumed>) = 4 [pid 5433] ioctl(4, LOOP_SET_FD, 3 [pid 5425] <... mmap resumed>) = 0x7f4177043000 [pid 5430] <... ioctl resumed>) = 0 [pid 5430] close(3 [pid 5425] mprotect(0x7f4177044000, 131072, PROT_READ|PROT_WRITE [pid 5436] <... write resumed>) = 16777216 [pid 5425] <... mprotect resumed>) = 0 [pid 5433] <... ioctl resumed>) = 0 [pid 5430] <... close resumed>) = 0 [pid 5425] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5430] mkdir("./bus", 0777 [pid 5425] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177063990, parent_tid=0x7f4177063990, exit_signal=0, stack=0x7f4177043000, stack_size=0x20300, tls=0x7f41770636c0} [pid 5433] close(3) = 0 [pid 5433] mkdir("./bus", 0777 [pid 5430] <... mkdir resumed>) = 0 [pid 5430] mount("/dev/loop1", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5433] <... mkdir resumed>) = 0 [pid 5425] <... clone3 resumed> => {parent_tid=[5456]}, 88) = 5456 [pid 5425] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5425] futex(0x7f41771546d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5433] mount("/dev/loop5", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5425] <... futex resumed>) = 0 [pid 5425] futex(0x7f41771546dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5430] <... mount resumed>) = -1 EEXIST (File exists) [ 98.145597][ T5430] loop1: detected capacity change from 0 to 32768 [ 98.155839][ T5433] loop5: detected capacity change from 0 to 32768 [ 98.172323][ T5430] BTRFS warning: duplicate device /dev/loop1 devid 1 generation 8 scanned by syz-executor340 (5430) [pid 5430] ioctl(4, LOOP_CLR_FD [pid 5436] munmap(0x7f416ec64000, 138412032 [pid 5433] <... mount resumed>) = -1 EEXIST (File exists) [pid 5433] ioctl(4, LOOP_CLR_FD [pid 5427] <... creat resumed>) = 6 [pid 5427] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5427] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5456 attached [ 98.193790][ T5433] BTRFS warning: duplicate device /dev/loop5 devid 1 generation 8 scanned by syz-executor340 (5433) [pid 5456] rseq(0x7f4177063fe0, 0x20, 0, 0x53053053 [pid 5436] <... munmap resumed>) = 0 [pid 5436] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5456] <... rseq resumed>) = 0 [pid 5456] set_robust_list(0x7f41770639a0, 24) = 0 [pid 5456] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5456] mkdir(".", 0777 [pid 5436] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5456] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5456] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5436] close(3) = 0 [pid 5436] mkdir("./bus", 0777) = 0 [pid 5436] mount("/dev/loop4", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = -1 EEXIST (File exists) [ 98.303608][ T5436] loop4: detected capacity change from 0 to 32768 [ 98.341870][ T5436] BTRFS warning: duplicate device /dev/loop4 devid 1 generation 8 scanned by syz-executor340 (5436) [pid 5436] ioctl(4, LOOP_CLR_FD [pid 5438] <... write resumed>) = 16777216 [pid 5438] munmap(0x7f416ec64000, 138412032) = 0 [pid 5438] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 98.384067][ T5456] BTRFS error (device loop3: state M): unrecognized mount option '18446744073709551615017777777777777777777770177777777777777777777718446744073709551615lbZ~Ƣ8žH~אa*Oѓ< 5^Sus%e [ 98.384067][ T5456] /ĖEaofmߚtҮ~г#a C$n-SGWmxeGy|sL=~ä_;N' [pid 5438] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5438] close(3) = 0 [pid 5438] mkdir("./bus", 0777) = 0 [pid 5438] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5456] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5456] futex(0x7f41771546dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5425] <... futex resumed>) = 0 [pid 5456] futex(0x7f41771546d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5425] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5427] <... futex resumed>) = 0 [pid 5425] <... futex resumed>) = 1 [pid 5427] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [ 98.440454][ T5438] loop0: detected capacity change from 0 to 32768 [pid 5425] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5427] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5427] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5425] <... futex resumed>) = 0 [pid 5427] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5425] exit_group(0) = ? [pid 5456] <... futex resumed>) = ? [pid 5427] <... futex resumed>) = ? [pid 5456] +++ exited with 0 +++ [pid 5427] +++ exited with 0 +++ [pid 5425] +++ exited with 0 +++ [pid 5028] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5425, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=34 /* 0.34 s */} --- [pid 5028] umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5028] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5028] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 98.491619][ T5438] BTRFS warning: duplicate device /dev/loop0 devid 1 generation 8 scanned by syz-executor340 (5438) [pid 5028] getdents64(3, 0x555555981730 /* 4 entries */, 32768) = 104 [pid 5438] <... mount resumed>) = -1 EEXIST (File exists) [pid 5028] umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5438] ioctl(4, LOOP_CLR_FD [pid 5434] <... ioctl resumed>) = 0 [pid 5430] <... ioctl resumed>) = 0 [ 98.577616][ T5028] BTRFS warning (device loop3): qgroup 0/5 has unreleased space, type 2 rsv 20480 [ 98.594628][ T5028] BTRFS error (device loop3): qgroup reserved space leaked [pid 5434] close(4 [pid 5430] close(4 [pid 5434] <... close resumed>) = 0 [pid 5434] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5430] <... close resumed>) = 0 [pid 5428] <... futex resumed>) = 0 [pid 5434] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5430] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5428] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5434] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5430] <... futex resumed>) = 1 [pid 5429] <... futex resumed>) = 0 [pid 5428] <... futex resumed>) = 0 [pid 5429] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5429] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5428] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5434] open("./file0", O_RDONLY [pid 5430] open("./file0", O_RDONLY [pid 5434] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 5430] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 5434] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5430] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5434] <... futex resumed>) = 1 [pid 5429] <... futex resumed>) = 0 [pid 5428] <... futex resumed>) = 0 [pid 5434] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5430] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5429] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5428] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5434] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5430] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5429] <... futex resumed>) = 0 [pid 5428] <... futex resumed>) = 0 [pid 5429] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5428] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5434] ioctl(-1, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5430] ioctl(-1, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = -1 EBADF (Bad file descriptor) [pid 5434] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5434] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5430] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5434] <... futex resumed>) = 1 [pid 5430] <... futex resumed>) = 1 [pid 5429] <... futex resumed>) = 0 [pid 5434] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5430] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5429] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5428] <... futex resumed>) = 0 [pid 5433] <... ioctl resumed>) = 0 [pid 5430] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5429] <... futex resumed>) = 0 [pid 5428] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5434] <... futex resumed>) = 0 [pid 5433] close(4 [pid 5430] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5429] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5428] <... futex resumed>) = 1 [pid 5434] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5433] <... close resumed>) = 0 [pid 5430] <... openat resumed>) = 3 [pid 5428] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5434] <... openat resumed>) = 3 [pid 5433] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5430] write(3, "15", 2 [pid 5434] write(3, "15", 2 [pid 5433] <... futex resumed>) = 1 [pid 5431] <... futex resumed>) = 0 [pid 5430] <... write resumed>) = 2 [pid 5434] <... write resumed>) = 2 [pid 5433] open("./file0", O_RDONLY [pid 5431] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5430] creat("./bus", 000 [pid 5431] <... futex resumed>) = 0 [pid 5434] creat("./bus", 000 [pid 5431] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5430] <... creat resumed>) = -1 EISDIR (Is a directory) [pid 5434] <... creat resumed>) = -1 EISDIR (Is a directory) [pid 5434] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5430] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5434] <... futex resumed>) = 1 [pid 5430] <... futex resumed>) = 1 [pid 5428] <... futex resumed>) = 0 [pid 5434] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5430] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5428] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5434] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5428] <... futex resumed>) = 0 [pid 5434] mkdir(".", 0777 [pid 5433] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 5429] <... futex resumed>) = 0 [pid 5428] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5434] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5433] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5429] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5433] <... futex resumed>) = 1 [pid 5431] <... futex resumed>) = 0 [pid 5429] <... futex resumed>) = 1 [pid 5430] <... futex resumed>) = 0 [pid 5434] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5433] ioctl(-1, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5431] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5430] mkdir(".", 0777 [pid 5429] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5433] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5431] <... futex resumed>) = 0 [pid 5433] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5431] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5433] <... futex resumed>) = 0 [pid 5431] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5433] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5431] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5433] <... openat resumed>) = 3 [pid 5431] <... futex resumed>) = 0 [pid 5433] write(3, "15", 2) = 2 [pid 5431] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5433] creat("./bus", 000) = -1 EISDIR (Is a directory) [pid 5433] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5431] <... futex resumed>) = 0 [pid 5433] mkdir(".", 0777 [pid 5431] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5433] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5431] <... futex resumed>) = 0 [ 98.695131][ T5434] FAULT_INJECTION: forcing a failure. [ 98.695131][ T5434] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 98.706206][ T5433] FAULT_INJECTION: forcing a failure. [ 98.706206][ T5433] name failslab, interval 1, probability 0, space 0, times 0 [ 98.725065][ T5434] CPU: 1 PID: 5434 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [pid 5433] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5431] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5430] <... mkdir resumed>) = -1 EEXIST (File exists) [ 98.735528][ T5434] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 98.746219][ T5434] Call Trace: [ 98.749598][ T5434] [ 98.752724][ T5434] dump_stack_lvl+0x1e7/0x2d0 [ 98.757512][ T5434] ? nf_tcp_handle_invalid+0x650/0x650 [ 98.763083][ T5434] ? panic+0x770/0x770 [ 98.767537][ T5434] should_fail_ex+0x3aa/0x4e0 [ 98.772342][ T5434] strncpy_from_user+0x36/0x2e0 [ 98.777482][ T5434] getname_flags+0xf9/0x4f0 [ 98.782016][ T5434] user_path_at_empty+0x2c/0x60 [ 98.786988][ T5434] __se_sys_mount+0x29a/0x3c0 [ 98.791792][ T5434] ? __x64_sys_mount+0xc0/0xc0 [ 98.796776][ T5434] ? syscall_enter_from_user_mode+0x32/0x230 [ 98.802959][ T5434] ? __x64_sys_mount+0x20/0xc0 [ 98.807934][ T5434] do_syscall_64+0x41/0xc0 [ 98.812490][ T5434] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 98.818581][ T5434] RIP: 0033:0x7f41770c949a [ 98.823102][ T5434] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 98.843260][ T5434] RSP: 002b:00007f4177084028 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 98.851676][ T5434] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f41770c949a [ 98.859643][ T5434] RDX: 0000000020000180 RSI: 0000000020000100 RDI: 0000000000000000 [ 98.867632][ T5434] RBP: 0000000020000180 R08: 00007f41770840c0 R09: 0000000000000000 [ 98.875692][ T5434] R10: 0000000001a404bc R11: 0000000000000286 R12: 0000000000000000 [ 98.883662][ T5434] R13: 0000000020000100 R14: 0000000000000000 R15: 00007f41770840c0 [ 98.891636][ T5434] [ 98.897285][ T5433] CPU: 0 PID: 5433 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 98.898153][ T5430] FAULT_INJECTION: forcing a failure. [ 98.898153][ T5430] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 98.908792][ T5433] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 98.908807][ T5433] Call Trace: [ 98.908814][ T5433] [ 98.908821][ T5433] dump_stack_lvl+0x1e7/0x2d0 [ 98.908850][ T5433] ? nf_tcp_handle_invalid+0x650/0x650 [ 98.908870][ T5433] ? panic+0x770/0x770 [ 98.908899][ T5433] should_fail_ex+0x3aa/0x4e0 [ 98.908927][ T5433] should_failslab+0x9/0x20 [ 98.908947][ T5433] slab_pre_alloc_hook+0x59/0x310 [ 98.908973][ T5433] ? tomoyo_encode+0x26f/0x530 [ 98.908994][ T5433] __kmem_cache_alloc_node+0x4b/0x270 [ 98.909014][ T5433] ? arch_stack_walk+0x162/0x1a0 [ 98.909033][ T5433] ? tomoyo_encode+0x26f/0x530 [ 98.909054][ T5433] __kmalloc+0xa8/0x230 [ 98.909076][ T5433] tomoyo_encode+0x26f/0x530 [ 98.996232][ T5433] tomoyo_mount_permission+0x356/0xb80 [ 99.001817][ T5433] ? __stack_depot_save+0x20/0x650 [ 99.006970][ T5433] ? tomoyo_mount_permission+0x295/0xb80 [ 99.012793][ T5433] ? tomoyo_get_name+0x510/0x510 [ 99.017804][ T5433] security_sb_mount+0x8c/0xc0 [ 99.022948][ T5433] path_mount+0xb9/0xfa0 [ 99.027277][ T5433] ? kmem_cache_free+0x292/0x500 [ 99.032231][ T5433] ? user_path_at_empty+0x4c/0x60 [ 99.037301][ T5433] __se_sys_mount+0x2d9/0x3c0 [ 99.042006][ T5433] ? __x64_sys_mount+0xc0/0xc0 [ 99.046782][ T5433] ? syscall_enter_from_user_mode+0x32/0x230 [ 99.052879][ T5433] ? __x64_sys_mount+0x20/0xc0 [ 99.057689][ T5433] do_syscall_64+0x41/0xc0 [ 99.062143][ T5433] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 99.068235][ T5433] RIP: 0033:0x7f41770c949a [ 99.072698][ T5433] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 99.092342][ T5433] RSP: 002b:00007f4177084028 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 99.100852][ T5433] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f41770c949a [ 99.108835][ T5433] RDX: 0000000020000180 RSI: 0000000020000100 RDI: 0000000000000000 [ 99.116999][ T5433] RBP: 0000000020000180 R08: 00007f41770840c0 R09: 0000000000000000 [ 99.125162][ T5433] R10: 0000000001a404bc R11: 0000000000000286 R12: 0000000000000000 [ 99.133154][ T5433] R13: 0000000020000100 R14: 0000000000000000 R15: 00007f41770840c0 [ 99.141154][ T5433] [ 99.155299][ T5430] CPU: 1 PID: 5430 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 99.165860][ T5430] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 99.175936][ T5430] Call Trace: [ 99.179230][ T5430] [ 99.182170][ T5430] dump_stack_lvl+0x1e7/0x2d0 [ 99.186940][ T5430] ? nf_tcp_handle_invalid+0x650/0x650 [ 99.192394][ T5430] ? panic+0x770/0x770 [ 99.196464][ T5430] should_fail_ex+0x3aa/0x4e0 [ 99.201144][ T5430] strncpy_from_user+0x36/0x2e0 [ 99.206085][ T5430] getname_flags+0xf9/0x4f0 [ 99.210592][ T5430] user_path_at_empty+0x2c/0x60 [ 99.215530][ T5430] __se_sys_mount+0x29a/0x3c0 [ 99.220293][ T5430] ? __x64_sys_mount+0xc0/0xc0 [ 99.225062][ T5430] ? syscall_enter_from_user_mode+0x32/0x230 [ 99.231126][ T5430] ? __x64_sys_mount+0x20/0xc0 [ 99.235973][ T5430] do_syscall_64+0x41/0xc0 [ 99.240384][ T5430] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 99.246546][ T5430] RIP: 0033:0x7f41770c949a [ 99.250993][ T5430] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 99.270965][ T5430] RSP: 002b:00007f4177084028 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 99.279419][ T5430] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f41770c949a [ 99.287475][ T5430] RDX: 0000000020000180 RSI: 0000000020000100 RDI: 0000000000000000 [ 99.295443][ T5430] RBP: 0000000020000180 R08: 00007f41770840c0 R09: 0000000000000000 [pid 5430] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5438] <... ioctl resumed>) = 0 [pid 5436] <... ioctl resumed>) = 0 [pid 5434] <... mount resumed>) = -1 EFAULT (Bad address) [pid 5434] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5434] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5430] <... mount resumed>) = -1 EFAULT (Bad address) [pid 5430] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5028] <... umount2 resumed>) = 0 [pid 5028] umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5438] close(4 [pid 5436] close(4 [pid 5028] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5429] <... futex resumed>) = 0 [pid 5429] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5438] <... close resumed>) = 0 [pid 5436] <... close resumed>) = 0 [pid 5433] <... mount resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 5430] <... futex resumed>) = 1 [pid 5428] <... futex resumed>) = 0 [pid 5028] newfstatat(AT_FDCWD, "./12/bus", [pid 5438] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5436] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5429] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5433] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5430] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5428] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5430] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5428] <... futex resumed>) = 1 [pid 5430] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5428] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5433] <... futex resumed>) = 1 [pid 5431] <... futex resumed>) = 0 [pid 5430] <... futex resumed>) = 1 [pid 5429] <... futex resumed>) = 0 [pid 5438] <... futex resumed>) = 1 [pid 5437] <... futex resumed>) = 0 [pid 5436] <... futex resumed>) = 1 [pid 5435] <... futex resumed>) = 0 [pid 5431] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5430] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5429] exit_group(0 [pid 5028] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5438] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5437] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5436] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5435] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5434] <... futex resumed>) = 0 [ 99.303505][ T5430] R10: 0000000001a404bc R11: 0000000000000286 R12: 0000000000000000 [ 99.311468][ T5430] R13: 0000000020000100 R14: 0000000000000000 R15: 00007f41770840c0 [ 99.319448][ T5430] [pid 5431] <... futex resumed>) = 0 [pid 5430] <... futex resumed>) = ? [pid 5429] <... exit_group resumed>) = ? [pid 5028] umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5438] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5437] <... futex resumed>) = 0 [pid 5436] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5435] <... futex resumed>) = 0 [pid 5434] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5433] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5431] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5430] +++ exited with 0 +++ [pid 5429] +++ exited with 0 +++ [pid 5028] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5438] open("./file0", O_RDONLY [pid 5437] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5436] open("./file0", O_RDONLY [pid 5435] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5433] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5434] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5028] openat(AT_FDCWD, "./12/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5438] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 5436] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 5434] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5433] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5028] <... openat resumed>) = 4 [pid 5026] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5429, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=55 /* 0.55 s */} --- [pid 5438] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5436] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5434] <... futex resumed>) = 1 [pid 5433] <... futex resumed>) = 1 [pid 5431] <... futex resumed>) = 0 [pid 5428] <... futex resumed>) = 0 [pid 5028] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5028] getdents64(4, 0x555555989770 /* 2 entries */, 32768) = 48 [pid 5028] getdents64(4, 0x555555989770 /* 0 entries */, 32768) = 0 [pid 5436] <... futex resumed>) = 1 [pid 5431] exit_group(0 [pid 5028] close(4 [pid 5026] restart_syscall(<... resuming interrupted clone ...> [pid 5438] <... futex resumed>) = 1 [pid 5438] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5437] <... futex resumed>) = 0 [pid 5436] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5435] <... futex resumed>) = 0 [pid 5434] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5431] <... exit_group resumed>) = ? [pid 5428] exit_group(0 [pid 5028] <... close resumed>) = 0 [pid 5026] <... restart_syscall resumed>) = 0 [pid 5028] rmdir("./12/bus") = 0 [pid 5028] umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5428] <... exit_group resumed>) = ? [pid 5028] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5028] newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5028] unlink("./12/binderfs" [pid 5433] +++ exited with 0 +++ [pid 5431] +++ exited with 0 +++ [pid 5028] <... unlink resumed>) = 0 [pid 5438] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5437] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5435] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5434] <... futex resumed>) = ? [pid 5030] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5431, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=38 /* 0.38 s */} --- [pid 5028] getdents64(3, 0x555555981730 /* 0 entries */, 32768) = 0 [pid 5028] close(3) = 0 [pid 5028] rmdir("./12") = 0 [pid 5026] umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5028] mkdir("./13", 0777 [pid 5434] +++ exited with 0 +++ [pid 5438] ioctl(-1, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5437] <... futex resumed>) = 0 [pid 5436] <... futex resumed>) = 0 [pid 5435] <... futex resumed>) = 1 [pid 5428] +++ exited with 0 +++ [pid 5028] <... mkdir resumed>) = 0 [pid 5026] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5437] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5436] ioctl(-1, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5435] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5030] umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5028] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5027] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5428, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=38 /* 0.38 s */} --- [pid 5436] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5030] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5028] <... openat resumed>) = 3 [pid 5026] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5436] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5030] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5028] ioctl(3, LOOP_CLR_FD [pid 5030] <... openat resumed>) = 3 [pid 5028] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5030] newfstatat(3, "", [pid 5028] close(3 [pid 5438] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5436] <... futex resumed>) = 1 [pid 5435] <... futex resumed>) = 0 [pid 5030] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5028] <... close resumed>) = 0 [pid 5026] <... openat resumed>) = 3 [pid 5438] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5436] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5435] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5030] getdents64(3, [pid 5028] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5027] umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5026] newfstatat(3, "", [pid 5438] <... futex resumed>) = 1 [pid 5437] <... futex resumed>) = 0 [pid 5436] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5435] <... futex resumed>) = 0 [pid 5030] <... getdents64 resumed>0x555555981730 /* 4 entries */, 32768) = 104 [pid 5027] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5026] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5438] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5437] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5436] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5435] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5030] umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5027] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5026] getdents64(3, [pid 5438] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5437] <... futex resumed>) = 0 [pid 5436] <... openat resumed>) = 3 [pid 5030] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5028] <... clone resumed>, child_tidptr=0x555555980690) = 5459 [pid 5027] <... openat resumed>) = 3 [pid 5026] <... getdents64 resumed>0x555555981730 /* 4 entries */, 32768) = 104 ./strace-static-x86_64: Process 5459 attached [pid 5438] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5437] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5436] write(3, "15", 2 [pid 5030] newfstatat(AT_FDCWD, "./11/bus", [pid 5027] newfstatat(3, "", [pid 5026] umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5459] set_robust_list(0x5555559806a0, 24 [pid 5438] <... openat resumed>) = 3 [pid 5436] <... write resumed>) = 2 [pid 5030] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5027] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5026] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5459] <... set_robust_list resumed>) = 0 [pid 5438] write(3, "15", 2 [pid 5436] creat("./bus", 000 [pid 5030] umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5027] getdents64(3, [pid 5026] newfstatat(AT_FDCWD, "./13/bus", [pid 5459] chdir("./13" [pid 5438] <... write resumed>) = 2 [pid 5436] <... creat resumed>) = -1 EISDIR (Is a directory) [pid 5030] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5438] creat("./bus", 000 [pid 5436] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5030] openat(AT_FDCWD, "./11/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5027] <... getdents64 resumed>0x555555981730 /* 4 entries */, 32768) = 104 [pid 5026] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5459] <... chdir resumed>) = 0 [pid 5438] <... creat resumed>) = -1 EISDIR (Is a directory) [pid 5436] <... futex resumed>) = 1 [pid 5435] <... futex resumed>) = 0 [pid 5030] <... openat resumed>) = 4 [pid 5027] umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5026] umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5459] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5438] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5436] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5435] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5030] newfstatat(4, "", [pid 5027] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5026] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5459] <... prctl resumed>) = 0 [pid 5438] <... futex resumed>) = 1 [pid 5437] <... futex resumed>) = 0 [pid 5436] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5435] <... futex resumed>) = 0 [pid 5030] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5027] newfstatat(AT_FDCWD, "./12/bus", [pid 5026] openat(AT_FDCWD, "./13/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5459] setpgid(0, 0 [pid 5438] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5437] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5436] mkdir(".", 0777 [pid 5435] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5030] getdents64(4, [pid 5027] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5026] <... openat resumed>) = 4 [pid 5459] <... setpgid resumed>) = 0 [pid 5438] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5437] <... futex resumed>) = 0 [pid 5436] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5027] umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5026] newfstatat(4, "", [pid 5459] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5438] mkdir(".", 0777 [pid 5437] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5436] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5030] <... getdents64 resumed>0x555555989770 /* 2 entries */, 32768) = 48 [pid 5027] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5026] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5459] <... openat resumed>) = 3 [pid 5438] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5030] getdents64(4, 0x555555989770 /* 0 entries */, 32768) = 0 [pid 5030] close(4) = 0 [pid 5030] rmdir("./11/bus") = 0 [pid 5030] umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5030] newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5030] unlink("./11/binderfs") = 0 [pid 5030] getdents64(3, 0x555555981730 /* 0 entries */, 32768) = 0 [pid 5030] close(3) = 0 [pid 5030] rmdir("./11") = 0 [pid 5459] write(3, "1000", 4 [pid 5438] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5026] getdents64(4, [pid 5459] <... write resumed>) = 4 [pid 5027] openat(AT_FDCWD, "./12/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5030] mkdir("./12", 0777) = 0 [pid 5030] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5030] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5030] close(3) = 0 [pid 5030] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555980690) = 5460 [pid 5438] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5438] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5438] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5026] <... getdents64 resumed>0x555555989770 /* 2 entries */, 32768) = 48 [ 99.439483][ T5436] FAULT_INJECTION: forcing a failure. [ 99.439483][ T5436] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 99.454003][ T5436] CPU: 0 PID: 5436 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 99.464564][ T5436] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 99.474739][ T5436] Call Trace: [ 99.478149][ T5436] [ 99.481198][ T5436] dump_stack_lvl+0x1e7/0x2d0 [pid 5026] getdents64(4, 0x555555989770 /* 0 entries */, 32768) = 0 [pid 5026] close(4) = 0 [pid 5026] rmdir("./13/bus") = 0 [pid 5026] umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5026] newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5026] unlink("./13/binderfs") = 0 [pid 5026] getdents64(3, 0x555555981730 /* 0 entries */, 32768) = 0 [pid 5026] close(3) = 0 [pid 5026] rmdir("./13"./strace-static-x86_64: Process 5460 attached [pid 5459] close(3 [pid 5027] <... openat resumed>) = 4 [pid 5027] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5027] getdents64(4, 0x555555989770 /* 2 entries */, 32768) = 48 [pid 5027] getdents64(4, 0x555555989770 /* 0 entries */, 32768) = 0 [pid 5027] close(4) = 0 [pid 5027] rmdir("./12/bus") = 0 [pid 5026] <... rmdir resumed>) = 0 [pid 5460] set_robust_list(0x5555559806a0, 24 [pid 5459] <... close resumed>) = 0 [pid 5460] <... set_robust_list resumed>) = 0 [pid 5459] symlink("/dev/binderfs", "./binderfs" [pid 5027] umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5026] mkdir("./14", 0777 [pid 5460] chdir("./12") = 0 [pid 5027] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5026] <... mkdir resumed>) = 0 [pid 5027] newfstatat(AT_FDCWD, "./12/binderfs", [pid 5460] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5459] <... symlink resumed>) = 0 [pid 5027] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5460] <... prctl resumed>) = 0 [pid 5027] unlink("./12/binderfs" [pid 5026] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5460] setpgid(0, 0 [pid 5027] <... unlink resumed>) = 0 [pid 5460] <... setpgid resumed>) = 0 [pid 5026] <... openat resumed>) = 3 [pid 5460] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [ 99.486098][ T5436] ? nf_tcp_handle_invalid+0x650/0x650 [ 99.491720][ T5436] ? panic+0x770/0x770 [ 99.495853][ T5436] should_fail_ex+0x3aa/0x4e0 [ 99.500672][ T5436] strncpy_from_user+0x36/0x2e0 [ 99.505885][ T5436] getname_flags+0xf9/0x4f0 [ 99.510608][ T5436] user_path_at_empty+0x2c/0x60 [ 99.515603][ T5436] __se_sys_mount+0x29a/0x3c0 [ 99.520395][ T5436] ? __x64_sys_mount+0xc0/0xc0 [ 99.525310][ T5436] ? syscall_enter_from_user_mode+0x32/0x230 [ 99.531597][ T5436] ? __x64_sys_mount+0x20/0xc0 [pid 5459] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5026] ioctl(3, LOOP_CLR_FD [pid 5460] <... openat resumed>) = 3 [pid 5459] <... futex resumed>) = 0 [pid 5027] getdents64(3, [pid 5026] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5460] write(3, "1000", 4 [pid 5459] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, [pid 5027] <... getdents64 resumed>0x555555981730 /* 0 entries */, 32768) = 0 [pid 5026] close(3 [pid 5460] <... write resumed>) = 4 [pid 5459] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5027] close(3 [pid 5026] <... close resumed>) = 0 [pid 5027] <... close resumed>) = 0 [pid 5026] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5027] rmdir("./12") = 0 [pid 5027] mkdir("./13", 0777) = 0 [pid 5460] close(3 [pid 5459] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5027] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5460] <... close resumed>) = 0 [pid 5459] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5460] symlink("/dev/binderfs", "./binderfs" [pid 5459] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5027] <... openat resumed>) = 3 [pid 5460] <... symlink resumed>) = 0 [pid 5459] <... mmap resumed>) = 0x7f4177064000 [pid 5027] ioctl(3, LOOP_CLR_FD [pid 5460] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5459] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE [pid 5027] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5026] <... clone resumed>, child_tidptr=0x555555980690) = 5461 [pid 5459] <... mprotect resumed>) = 0 [pid 5459] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5027] close(3) = 0 [pid 5027] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5460] <... futex resumed>) = 0 [pid 5459] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5460] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, [pid 5459] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0} [pid 5460] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5027] <... clone resumed>, child_tidptr=0x555555980690) = 5462 [pid 5460] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5459] <... clone3 resumed> => {parent_tid=[5463]}, 88) = 5463 [pid 5460] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5459] rt_sigprocmask(SIG_SETMASK, [], [pid 5460] <... mmap resumed>) = 0x7f4177064000 [pid 5459] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5460] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE [pid 5459] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5460] <... mprotect resumed>) = 0 [pid 5459] <... futex resumed>) = 0 [ 99.536420][ T5436] do_syscall_64+0x41/0xc0 [ 99.540879][ T5436] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 99.546814][ T5436] RIP: 0033:0x7f41770c949a [ 99.551259][ T5436] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 99.571303][ T5436] RSP: 002b:00007f4177084028 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 99.579839][ T5436] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f41770c949a [pid 5460] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5459] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5460] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5460] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0}./strace-static-x86_64: Process 5464 attached => {parent_tid=[5464]}, 88) = 5464 [pid 5464] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053 [pid 5460] rt_sigprocmask(SIG_SETMASK, [], [pid 5464] <... rseq resumed>) = 0 [pid 5460] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5464] set_robust_list(0x7f41770849a0, 24 [pid 5460] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5464] <... set_robust_list resumed>) = 0 [pid 5460] <... futex resumed>) = 0 [pid 5464] rt_sigprocmask(SIG_SETMASK, [], [pid 5460] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5464] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5464] memfd_create("syzkaller", 0) = 3 [pid 5464] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f416ec64000 [pid 5437] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5463 attached ./strace-static-x86_64: Process 5462 attached ./strace-static-x86_64: Process 5461 attached [pid 5437] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5463] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053 [pid 5462] set_robust_list(0x5555559806a0, 24 [pid 5461] set_robust_list(0x5555559806a0, 24 [pid 5463] <... rseq resumed>) = 0 [pid 5462] <... set_robust_list resumed>) = 0 [pid 5461] <... set_robust_list resumed>) = 0 [pid 5438] <... futex resumed>) = 0 [pid 5437] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5436] <... mount resumed>) = -1 EFAULT (Bad address) [pid 5461] chdir("./14" [pid 5438] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5463] set_robust_list(0x7f41770849a0, 24 [pid 5462] chdir("./13" [pid 5461] <... chdir resumed>) = 0 [pid 5438] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5436] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5462] <... chdir resumed>) = 0 [pid 5438] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5436] <... futex resumed>) = 1 [pid 5435] <... futex resumed>) = 0 [pid 5462] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5438] <... futex resumed>) = 1 [pid 5437] <... futex resumed>) = 0 [pid 5436] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5435] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5462] <... prctl resumed>) = 0 [pid 5438] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5437] exit_group(0 [pid 5436] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5435] <... futex resumed>) = 0 [pid 5462] setpgid(0, 0 [pid 5438] <... futex resumed>) = ? [pid 5437] <... exit_group resumed>) = ? [pid 5436] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5435] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5462] <... setpgid resumed>) = 0 [pid 5461] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5438] +++ exited with 0 +++ [pid 5436] <... futex resumed>) = 0 [pid 5437] +++ exited with 0 +++ [pid 5436] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5435] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5461] <... prctl resumed>) = 0 [pid 5462] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5461] setpgid(0, 0 [pid 5435] exit_group(0 [pid 5025] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5437, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=35 /* 0.35 s */} --- [pid 5462] <... openat resumed>) = 3 [pid 5461] <... setpgid resumed>) = 0 [pid 5436] <... futex resumed>) = ? [pid 5435] <... exit_group resumed>) = ? [pid 5025] restart_syscall(<... resuming interrupted clone ...> [pid 5461] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5436] +++ exited with 0 +++ [pid 5025] <... restart_syscall resumed>) = 0 [pid 5435] +++ exited with 0 +++ [pid 5461] <... openat resumed>) = 3 [pid 5029] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5435, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=36 /* 0.36 s */} --- [pid 5025] umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5025] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5025] newfstatat(3, "", [pid 5029] umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5025] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5029] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5025] getdents64(3, [pid 5463] <... set_robust_list resumed>) = 0 [pid 5462] write(3, "1000", 4 [pid 5461] write(3, "1000", 4 [pid 5029] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5025] <... getdents64 resumed>0x555555981730 /* 4 entries */, 32768) = 104 [pid 5463] rt_sigprocmask(SIG_SETMASK, [], [pid 5462] <... write resumed>) = 4 [pid 5461] <... write resumed>) = 4 [pid 5029] <... openat resumed>) = 3 [pid 5025] umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5463] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5462] close(3 [pid 5461] close(3 [pid 5029] newfstatat(3, "", [pid 5025] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5463] memfd_create("syzkaller", 0 [pid 5462] <... close resumed>) = 0 [pid 5461] <... close resumed>) = 0 [pid 5029] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5025] newfstatat(AT_FDCWD, "./12/bus", [pid 5463] <... memfd_create resumed>) = 3 [pid 5462] symlink("/dev/binderfs", "./binderfs" [pid 5461] symlink("/dev/binderfs", "./binderfs" [pid 5029] getdents64(3, [pid 5025] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5461] <... symlink resumed>) = 0 [pid 5029] <... getdents64 resumed>0x555555981730 /* 4 entries */, 32768) = 104 [pid 5025] umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5463] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5462] <... symlink resumed>) = 0 [pid 5461] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5029] umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5025] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5462] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5461] <... futex resumed>) = 0 [pid 5029] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5025] openat(AT_FDCWD, "./12/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5463] <... mmap resumed>) = 0x7f416ec64000 [pid 5462] <... futex resumed>) = 0 [pid 5461] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, [pid 5029] newfstatat(AT_FDCWD, "./13/bus", [pid 5025] <... openat resumed>) = 4 [pid 5462] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, [pid 5461] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5029] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5025] newfstatat(4, "", [pid 5462] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5461] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5462] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5461] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5029] umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5025] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5462] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5461] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5029] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 99.587841][ T5436] RDX: 0000000020000180 RSI: 0000000020000100 RDI: 0000000000000000 [ 99.595939][ T5436] RBP: 0000000020000180 R08: 00007f41770840c0 R09: 0000000000000000 [ 99.604023][ T5436] R10: 0000000001a404bc R11: 0000000000000286 R12: 0000000000000000 [ 99.612170][ T5436] R13: 0000000020000100 R14: 0000000000000000 R15: 00007f41770840c0 [ 99.620276][ T5436] [pid 5462] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5461] <... mmap resumed>) = 0x7f4177064000 [pid 5029] openat(AT_FDCWD, "./13/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5025] getdents64(4, [pid 5462] <... mmap resumed>) = 0x7f4177064000 [pid 5461] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE [pid 5029] <... openat resumed>) = 4 [pid 5025] <... getdents64 resumed>0x555555989770 /* 2 entries */, 32768) = 48 [pid 5462] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE [pid 5461] <... mprotect resumed>) = 0 [pid 5462] <... mprotect resumed>) = 0 [pid 5461] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5029] newfstatat(4, "", [pid 5025] getdents64(4, [pid 5462] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5461] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5029] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5461] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0} [pid 5025] <... getdents64 resumed>0x555555989770 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 5465 attached [pid 5462] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5029] getdents64(4, [pid 5465] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053 [pid 5462] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0} [pid 5461] <... clone3 resumed> => {parent_tid=[5465]}, 88) = 5465 [pid 5025] close(4./strace-static-x86_64: Process 5466 attached [pid 5465] <... rseq resumed>) = 0 [pid 5461] rt_sigprocmask(SIG_SETMASK, [], [pid 5029] <... getdents64 resumed>0x555555989770 /* 2 entries */, 32768) = 48 [pid 5025] <... close resumed>) = 0 [pid 5466] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053 [pid 5465] set_robust_list(0x7f41770849a0, 24 [pid 5462] <... clone3 resumed> => {parent_tid=[5466]}, 88) = 5466 [pid 5461] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5029] getdents64(4, [pid 5466] <... rseq resumed>) = 0 [pid 5465] <... set_robust_list resumed>) = 0 [pid 5462] rt_sigprocmask(SIG_SETMASK, [], [pid 5461] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5029] <... getdents64 resumed>0x555555989770 /* 0 entries */, 32768) = 0 [pid 5025] rmdir("./12/bus" [pid 5466] set_robust_list(0x7f41770849a0, 24 [pid 5465] rt_sigprocmask(SIG_SETMASK, [], [pid 5462] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5461] <... futex resumed>) = 0 [pid 5029] close(4 [pid 5025] <... rmdir resumed>) = 0 [pid 5466] <... set_robust_list resumed>) = 0 [pid 5465] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5462] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5461] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5466] rt_sigprocmask(SIG_SETMASK, [], [pid 5465] memfd_create("syzkaller", 0 [pid 5462] <... futex resumed>) = 0 [pid 5029] <... close resumed>) = 0 [pid 5466] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5465] <... memfd_create resumed>) = 3 [pid 5462] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5029] rmdir("./13/bus" [pid 5025] umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5466] memfd_create("syzkaller", 0 [pid 5465] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5029] <... rmdir resumed>) = 0 [pid 5025] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5466] <... memfd_create resumed>) = 3 [pid 5025] newfstatat(AT_FDCWD, "./12/binderfs", [pid 5466] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5029] umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5466] <... mmap resumed>) = 0x7f416ec64000 [pid 5029] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5025] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5465] <... mmap resumed>) = 0x7f416ec64000 [pid 5029] newfstatat(AT_FDCWD, "./13/binderfs", [pid 5025] unlink("./12/binderfs" [pid 5029] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5025] <... unlink resumed>) = 0 [pid 5029] unlink("./13/binderfs") = 0 [pid 5025] getdents64(3, 0x555555981730 /* 0 entries */, 32768) = 0 [pid 5025] close(3) = 0 [pid 5025] rmdir("./12") = 0 [pid 5025] mkdir("./13", 0777) = 0 [pid 5025] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5029] getdents64(3, [pid 5025] ioctl(3, LOOP_CLR_FD [pid 5029] <... getdents64 resumed>0x555555981730 /* 0 entries */, 32768) = 0 [pid 5025] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5029] close(3 [pid 5025] close(3 [pid 5029] <... close resumed>) = 0 [pid 5025] <... close resumed>) = 0 [pid 5029] rmdir("./13" [pid 5025] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5029] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 5467 attached [pid 5025] <... clone resumed>, child_tidptr=0x555555980690) = 5467 [pid 5467] set_robust_list(0x5555559806a0, 24 [pid 5029] mkdir("./14", 0777 [pid 5467] <... set_robust_list resumed>) = 0 [pid 5467] chdir("./13" [pid 5029] <... mkdir resumed>) = 0 [pid 5029] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5029] ioctl(3, LOOP_CLR_FD [pid 5467] <... chdir resumed>) = 0 [pid 5029] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5467] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5029] close(3) = 0 [pid 5029] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555980690) = 5468 [pid 5467] <... prctl resumed>) = 0 ./strace-static-x86_64: Process 5468 attached [pid 5467] setpgid(0, 0 [pid 5468] set_robust_list(0x5555559806a0, 24) = 0 [pid 5467] <... setpgid resumed>) = 0 [pid 5467] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5468] chdir("./14" [pid 5467] <... openat resumed>) = 3 [pid 5468] <... chdir resumed>) = 0 [pid 5467] write(3, "1000", 4 [pid 5468] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5467] <... write resumed>) = 4 [pid 5467] close(3 [pid 5468] setpgid(0, 0 [pid 5467] <... close resumed>) = 0 [pid 5468] <... setpgid resumed>) = 0 [pid 5467] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5468] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5467] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5468] <... openat resumed>) = 3 [pid 5467] <... futex resumed>) = 0 [pid 5468] write(3, "1000", 4 [pid 5467] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, [pid 5468] <... write resumed>) = 4 [pid 5467] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5468] close(3 [pid 5467] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5468] <... close resumed>) = 0 [pid 5467] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5468] symlink("/dev/binderfs", "./binderfs" [pid 5467] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4177064000 [pid 5468] <... symlink resumed>) = 0 [pid 5467] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5468] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5467] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5467] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0} [pid 5468] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, ./strace-static-x86_64: Process 5470 attached NULL, 8) = 0 [pid 5467] <... clone3 resumed> => {parent_tid=[5470]}, 88) = 5470 [pid 5470] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053) = 0 [pid 5470] set_robust_list(0x7f41770849a0, 24 [pid 5468] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5467] rt_sigprocmask(SIG_SETMASK, [], [pid 5470] <... set_robust_list resumed>) = 0 [pid 5468] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5467] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5470] rt_sigprocmask(SIG_SETMASK, [], [pid 5468] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5467] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5470] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5468] <... mmap resumed>) = 0x7f4177064000 [pid 5470] memfd_create("syzkaller", 0 [pid 5468] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5470] <... memfd_create resumed>) = 3 [pid 5468] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5467] <... futex resumed>) = 0 [pid 5470] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5468] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5467] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5470] <... mmap resumed>) = 0x7f416ec64000 [pid 5468] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0} => {parent_tid=[5471]}, 88) = 5471 [pid 5468] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5468] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5471 attached ) = 0 [pid 5471] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053 [pid 5468] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5471] <... rseq resumed>) = 0 [pid 5471] set_robust_list(0x7f41770849a0, 24) = 0 [pid 5471] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5464] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5471] memfd_create("syzkaller", 0) = 3 [pid 5471] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f416ec64000 [pid 5463] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5465] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5466] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5470] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5471] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5464] <... write resumed>) = 16777216 [pid 5464] munmap(0x7f416ec64000, 138412032) = 0 [pid 5464] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 5464] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5464] close(3) = 0 [pid 5464] mkdir("./bus", 0777) = 0 [ 100.517573][ T5464] loop5: detected capacity change from 0 to 32768 [pid 5464] mount("/dev/loop5", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5463] <... write resumed>) = 16777216 [pid 5463] munmap(0x7f416ec64000, 138412032) = 0 [ 100.563365][ T5464] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop5 scanned by syz-executor340 (5464) [pid 5463] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5463] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5463] close(3) = 0 [pid 5465] <... write resumed>) = 16777216 [ 100.624184][ T5464] BTRFS info (device loop5): using crc32c (crc32c-intel) checksum algorithm [ 100.652437][ T5463] loop3: detected capacity change from 0 to 32768 [ 100.665357][ T5464] BTRFS info (device loop5): doing ref verification [pid 5465] munmap(0x7f416ec64000, 138412032 [pid 5466] <... write resumed>) = 16777216 [pid 5463] mkdir("./bus", 0777) = 0 [pid 5463] mount("/dev/loop3", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5465] <... munmap resumed>) = 0 [pid 5466] munmap(0x7f416ec64000, 138412032 [pid 5465] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5465] ioctl(4, LOOP_SET_FD, 3 [pid 5466] <... munmap resumed>) = 0 [pid 5465] <... ioctl resumed>) = 0 [pid 5465] close(3) = 0 [pid 5465] mkdir("./bus", 0777) = 0 [pid 5463] <... mount resumed>) = -1 EEXIST (File exists) [ 100.690441][ T5464] BTRFS warning (device loop5): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 100.705926][ T5463] BTRFS warning: duplicate device /dev/loop3 devid 1 generation 8 scanned by syz-executor340 (5463) [ 100.712956][ T5464] BTRFS info (device loop5): force zlib compression, level 3 [ 100.728938][ T5465] loop1: detected capacity change from 0 to 32768 [pid 5465] mount("/dev/loop1", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5463] ioctl(4, LOOP_CLR_FD [pid 5466] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5466] ioctl(4, LOOP_SET_FD, 3 [pid 5470] <... write resumed>) = 16777216 [pid 5466] <... ioctl resumed>) = 0 [pid 5466] close(3 [pid 5470] munmap(0x7f416ec64000, 138412032 [pid 5466] <... close resumed>) = 0 [pid 5465] <... mount resumed>) = -1 EEXIST (File exists) [pid 5465] ioctl(4, LOOP_CLR_FD [pid 5470] <... munmap resumed>) = 0 [pid 5466] mkdir("./bus", 0777 [pid 5471] <... write resumed>) = 16777216 [pid 5470] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5466] <... mkdir resumed>) = 0 [pid 5471] munmap(0x7f416ec64000, 138412032 [pid 5470] <... openat resumed>) = 4 [pid 5466] mount("/dev/loop2", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [ 100.745858][ T5465] BTRFS warning: duplicate device /dev/loop1 devid 1 generation 8 scanned by syz-executor340 (5465) [ 100.759151][ T5466] loop2: detected capacity change from 0 to 32768 [ 100.760055][ T5464] BTRFS info (device loop5): allowing degraded mounts [ 100.779555][ T5464] BTRFS info (device loop5): using free space tree [pid 5470] ioctl(4, LOOP_SET_FD, 3 [pid 5466] <... mount resumed>) = -1 EEXIST (File exists) [pid 5466] ioctl(4, LOOP_CLR_FD [pid 5471] <... munmap resumed>) = 0 [pid 5471] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5471] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5470] <... ioctl resumed>) = 0 [pid 5470] close(3) = 0 [pid 5470] mkdir("./bus", 0777) = 0 [ 100.795209][ T5466] BTRFS warning: duplicate device /dev/loop2 devid 1 generation 8 scanned by syz-executor340 (5466) [ 100.807048][ T5470] loop0: detected capacity change from 0 to 32768 [ 100.812375][ T5471] loop4: detected capacity change from 0 to 32768 [pid 5470] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5471] close(3) = 0 [pid 5471] mkdir("./bus", 0777) = 0 [pid 5471] mount("/dev/loop4", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5470] <... mount resumed>) = -1 EEXIST (File exists) [pid 5470] ioctl(4, LOOP_CLR_FD [pid 5471] <... mount resumed>) = -1 EEXIST (File exists) [ 100.843005][ T5470] BTRFS warning: duplicate device /dev/loop0 devid 1 generation 8 scanned by syz-executor340 (5470) [ 100.880455][ T5471] BTRFS warning: duplicate device /dev/loop4 devid 1 generation 8 scanned by syz-executor340 (5471) [ 100.939075][ T5464] BTRFS info (device loop5): auto enabling async discard [pid 5471] ioctl(4, LOOP_CLR_FD [pid 5464] <... mount resumed>) = 0 [pid 5464] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5464] chdir("./bus") = 0 [pid 5464] ioctl(4, LOOP_CLR_FD) = 0 [pid 5464] close(4) = 0 [pid 5464] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5460] <... futex resumed>) = 0 [pid 5464] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5460] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5464] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5460] <... futex resumed>) = 0 [pid 5464] open("./file0", O_RDONLY [pid 5460] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5464] <... open resumed>) = 4 [pid 5464] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5460] <... futex resumed>) = 0 [pid 5464] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5460] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5464] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5460] <... futex resumed>) = 0 [pid 5464] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5460] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5464] <... ioctl resumed>) = 0 [pid 5464] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5460] <... futex resumed>) = 0 [pid 5464] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5460] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5464] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5460] <... futex resumed>) = 0 [pid 5464] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5460] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5464] <... openat resumed>) = 5 [pid 5464] write(5, "15", 2) = 2 [pid 5464] creat("./bus", 000 [pid 5463] <... ioctl resumed>) = 0 [pid 5463] close(4) = 0 [pid 5463] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5463] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5459] <... futex resumed>) = 0 [pid 5459] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5459] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5463] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5460] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5460] futex(0x7f41771546dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5460] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4177043000 [pid 5460] mprotect(0x7f4177044000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5460] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5463] open("./file0", O_RDONLY [pid 5460] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177063990, parent_tid=0x7f4177063990, exit_signal=0, stack=0x7f4177043000, stack_size=0x20300, tls=0x7f41770636c0} [pid 5463] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 5460] <... clone3 resumed> => {parent_tid=[5489]}, 88) = 5489 [pid 5460] rt_sigprocmask(SIG_SETMASK, [], [pid 5463] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5460] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5460] futex(0x7f41771546d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5459] <... futex resumed>) = 0 [pid 5460] <... futex resumed>) = 0 [pid 5459] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5489 attached [pid 5460] futex(0x7f41771546dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5459] <... futex resumed>) = 0 [pid 5463] ioctl(-1, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5489] rseq(0x7f4177063fe0, 0x20, 0, 0x53053053 [pid 5463] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5459] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5465] <... ioctl resumed>) = 0 [pid 5463] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5489] <... rseq resumed>) = 0 [pid 5463] <... futex resumed>) = 1 [pid 5489] set_robust_list(0x7f41770639a0, 24 [pid 5463] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5489] <... set_robust_list resumed>) = 0 [pid 5459] <... futex resumed>) = 0 [pid 5489] rt_sigprocmask(SIG_SETMASK, [], [pid 5459] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5489] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5459] <... futex resumed>) = 1 [pid 5463] <... futex resumed>) = 0 [pid 5489] mkdir(".", 0777 [pid 5459] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5463] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5489] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5489] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5463] <... openat resumed>) = 3 [pid 5463] write(3, "15", 2) = 2 [pid 5463] creat("./bus", 000) = -1 EISDIR (Is a directory) [ 101.217632][ T5464] FAULT_INJECTION: forcing a failure. [ 101.217632][ T5464] name failslab, interval 1, probability 0, space 0, times 0 [ 101.255013][ T1264] BTRFS info (device loop5): qgroup scan completed (inconsistency flag cleared) [pid 5459] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5459] futex(0x7f41771546dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5459] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4177043000 [pid 5459] mprotect(0x7f4177044000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5459] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5459] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177063990, parent_tid=0x7f4177063990, exit_signal=0, stack=0x7f4177043000, stack_size=0x20300, tls=0x7f41770636c0} => {parent_tid=[5490]}, 88) = 5490 [pid 5459] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5459] futex(0x7f41771546d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5459] futex(0x7f41771546dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5490 attached [pid 5465] close(4 [pid 5490] rseq(0x7f4177063fe0, 0x20, 0, 0x53053053 [pid 5465] <... close resumed>) = 0 [pid 5490] <... rseq resumed>) = 0 [pid 5465] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5490] set_robust_list(0x7f41770639a0, 24 [pid 5465] <... futex resumed>) = 1 [pid 5490] <... set_robust_list resumed>) = 0 [pid 5465] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5490] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5490] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 5490] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"...) = -1 EINVAL (Invalid argument) [pid 5490] futex(0x7f41771546dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5459] <... futex resumed>) = 0 [ 101.271306][ T5464] CPU: 0 PID: 5464 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 101.282129][ T5464] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 101.292211][ T5464] Call Trace: [ 101.295602][ T5464] [ 101.298548][ T5464] dump_stack_lvl+0x1e7/0x2d0 [ 101.303567][ T5464] ? nf_tcp_handle_invalid+0x650/0x650 [ 101.309172][ T5464] ? panic+0x770/0x770 [ 101.313381][ T5464] should_fail_ex+0x3aa/0x4e0 [pid 5490] futex(0x7f41771546d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5459] futex(0x7f41771546d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5490] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5461] <... futex resumed>) = 0 [pid 5459] <... futex resumed>) = 0 [pid 5461] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5459] futex(0x7f41771546dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5490] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5465] <... futex resumed>) = 0 [pid 5461] <... futex resumed>) = 1 [pid 5490] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5465] open("./file0", O_RDONLY [pid 5461] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5490] futex(0x7f41771546dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5465] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 5490] <... futex resumed>) = 1 [pid 5465] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5459] <... futex resumed>) = 0 [pid 5465] <... futex resumed>) = 1 [pid 5461] <... futex resumed>) = 0 [pid 5461] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5461] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5490] futex(0x7f41771546d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5465] ioctl(-1, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = -1 EBADF (Bad file descriptor) [pid 5465] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5471] <... ioctl resumed>) = 0 [pid 5471] close(4) = 0 [pid 5471] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5465] <... futex resumed>) = 1 [pid 5461] <... futex resumed>) = 0 [pid 5471] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5465] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5461] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5465] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5461] <... futex resumed>) = 0 [pid 5461] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5465] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3 [pid 5465] write(3, "15", 2) = 2 [ 101.318462][ T5464] should_failslab+0x9/0x20 [ 101.323059][ T5464] slab_pre_alloc_hook+0x59/0x310 [ 101.330126][ T5464] ? btrfs_record_root_in_trans+0x16e/0x180 [ 101.336250][ T5464] kmem_cache_alloc+0x52/0x300 [ 101.341159][ T5464] ? btrfs_create_new_inode+0x251/0x2710 [ 101.346934][ T5464] btrfs_create_new_inode+0x251/0x2710 [ 101.352448][ T5464] ? __mutex_unlock_slowpath+0x21c/0x750 [ 101.358167][ T5464] ? btrfs_new_inode_args_destroy+0x160/0x160 [ 101.364670][ T5464] btrfs_create_common+0x1f9/0x300 [pid 5465] creat("./bus", 000 [pid 5470] <... ioctl resumed>) = 0 [pid 5468] <... futex resumed>) = 0 [pid 5465] <... creat resumed>) = -1 EISDIR (Is a directory) [pid 5468] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5468] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5471] <... futex resumed>) = 0 [pid 5465] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5461] <... futex resumed>) = 0 [pid 5461] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5461] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5471] open("./file0", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5471] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5465] mkdir(".", 0777 [pid 5471] <... futex resumed>) = 1 [pid 5468] <... futex resumed>) = 0 [pid 5465] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5468] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5465] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5468] <... futex resumed>) = 0 [pid 5471] ioctl(-1, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5468] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5471] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5471] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5468] <... futex resumed>) = 0 [pid 5468] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5468] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5471] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3 [pid 5471] write(3, "15", 2 [pid 5470] close(4 [pid 5471] <... write resumed>) = 2 [pid 5470] <... close resumed>) = 0 [pid 5470] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 101.369847][ T5464] ? btrfs_tmpfile+0x4e0/0x4e0 [ 101.374762][ T5464] ? do_raw_spin_unlock+0x13b/0x8b0 [ 101.378967][ T5465] FAULT_INJECTION: forcing a failure. [ 101.378967][ T5465] name failslab, interval 1, probability 0, space 0, times 0 [ 101.379996][ T5464] ? btrfs_create+0x75/0x140 [ 101.397611][ T5464] ? btrfs_lookup+0x40/0x40 [ 101.402223][ T5464] path_openat+0x13e7/0x3180 [ 101.407068][ T5464] ? do_filp_open+0x490/0x490 [ 101.411826][ T5464] do_filp_open+0x234/0x490 [ 101.416547][ T5464] ? vfs_tmpfile+0x4b0/0x4b0 [pid 5470] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5471] creat("./bus", 000) = -1 EISDIR (Is a directory) [pid 5471] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5468] <... futex resumed>) = 0 [pid 5468] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5468] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5471] mkdir(".", 0777) = -1 EEXIST (File exists) [ 101.417265][ T5471] FAULT_INJECTION: forcing a failure. [ 101.417265][ T5471] name failslab, interval 1, probability 0, space 0, times 0 [ 101.421347][ T5464] ? _raw_spin_unlock+0x28/0x40 [ 101.421371][ T5464] ? alloc_fd+0x59c/0x640 [ 101.443612][ T5464] do_sys_openat2+0x13e/0x1d0 [ 101.448329][ T5464] ? do_sys_open+0x230/0x230 [ 101.452947][ T5464] ? _raw_spin_unlock_irq+0x2e/0x50 [ 101.458251][ T5464] ? ptrace_notify+0x278/0x380 [ 101.463265][ T5464] __x64_sys_creat+0x123/0x160 [pid 5471] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5467] <... futex resumed>) = 0 [pid 5467] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5467] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5470] <... futex resumed>) = 0 [pid 5470] open("./file0", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 5470] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5467] <... futex resumed>) = 0 [pid 5470] ioctl(-1, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5467] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5470] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5467] <... futex resumed>) = 0 [pid 5470] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [ 101.468154][ T5464] ? __x64_compat_sys_openat+0x290/0x290 [ 101.473904][ T5464] ? syscall_enter_from_user_mode+0x32/0x230 [ 101.479914][ T5464] ? syscall_enter_from_user_mode+0x8c/0x230 [ 101.486113][ T5464] do_syscall_64+0x41/0xc0 [ 101.491086][ T5464] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 101.497385][ T5464] RIP: 0033:0x7f41770c8049 [ 101.501953][ T5464] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [pid 5467] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5467] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5470] <... futex resumed>) = 0 [pid 5467] <... futex resumed>) = 0 [pid 5470] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5467] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5470] <... openat resumed>) = 3 [pid 5470] write(3, "15", 2) = 2 [pid 5470] creat("./bus", 000) = -1 EISDIR (Is a directory) [pid 5470] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5467] <... futex resumed>) = 0 [pid 5470] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5467] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5470] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5467] <... futex resumed>) = 0 [pid 5467] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5470] mkdir(".", 0777) = -1 EEXIST (File exists) [ 101.522206][ T5464] RSP: 002b:00007f4177084208 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 101.530747][ T5464] RAX: ffffffffffffffda RBX: 00007f41771546c8 RCX: 00007f41770c8049 [ 101.538927][ T5464] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000040 [ 101.547020][ T5464] RBP: 00007f41771546c0 R08: 00007f4177083fa6 R09: 0000000000003531 [ 101.555020][ T5464] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f41771211d0 [ 101.563026][ T5464] R13: 00007f4177084210 R14: 0000000000000002 R15: 00007f417711c070 [pid 5470] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5466] <... ioctl resumed>) = 0 [ 101.571057][ T5464] [ 101.574582][ T5470] FAULT_INJECTION: forcing a failure. [ 101.574582][ T5470] name failslab, interval 1, probability 0, space 0, times 0 [ 101.589404][ T5471] CPU: 1 PID: 5471 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 101.600050][ T5471] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 101.610121][ T5471] Call Trace: [ 101.613594][ T5471] [ 101.616540][ T5471] dump_stack_lvl+0x1e7/0x2d0 [ 101.621410][ T5471] ? nf_tcp_handle_invalid+0x650/0x650 [ 101.626964][ T5471] ? panic+0x770/0x770 [ 101.631042][ T5471] should_fail_ex+0x3aa/0x4e0 [ 101.636107][ T5471] should_failslab+0x9/0x20 [ 101.640605][ T5471] slab_pre_alloc_hook+0x59/0x310 [ 101.645953][ T5471] ? tomoyo_encode+0x26f/0x530 [ 101.651745][ T5471] __kmem_cache_alloc_node+0x4b/0x270 [ 101.657169][ T5471] ? arch_stack_walk+0x162/0x1a0 [ 101.662205][ T5471] ? tomoyo_encode+0x26f/0x530 [ 101.667244][ T5471] __kmalloc+0xa8/0x230 [ 101.671785][ T5471] tomoyo_encode+0x26f/0x530 [ 101.676503][ T5471] tomoyo_mount_permission+0x356/0xb80 [ 101.682614][ T5471] ? __stack_depot_save+0x20/0x650 [ 101.688394][ T5471] ? tomoyo_mount_permission+0x295/0xb80 [ 101.694361][ T5471] ? tomoyo_get_name+0x510/0x510 [ 101.700598][ T5471] security_sb_mount+0x8c/0xc0 [ 101.705455][ T5471] path_mount+0xb9/0xfa0 [ 101.709782][ T5471] ? kmem_cache_free+0x292/0x500 [ 101.714725][ T5471] ? user_path_at_empty+0x4c/0x60 [ 101.719750][ T5471] __se_sys_mount+0x2d9/0x3c0 [ 101.724602][ T5471] ? __x64_sys_mount+0xc0/0xc0 [ 101.729564][ T5471] ? syscall_enter_from_user_mode+0x32/0x230 [ 101.735806][ T5471] ? __x64_sys_mount+0x20/0xc0 [ 101.741297][ T5471] do_syscall_64+0x41/0xc0 [ 101.745823][ T5471] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 101.751994][ T5471] RIP: 0033:0x7f41770c949a [ 101.756416][ T5471] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 101.776564][ T5471] RSP: 002b:00007f4177084028 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 101.785177][ T5471] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f41770c949a [ 101.793414][ T5471] RDX: 0000000020000180 RSI: 0000000020000100 RDI: 0000000000000000 [ 101.801765][ T5471] RBP: 0000000020000180 R08: 00007f41770840c0 R09: 0000000000000000 [ 101.810164][ T5471] R10: 0000000001a404bc R11: 0000000000000286 R12: 0000000000000000 [ 101.818136][ T5471] R13: 0000000020000100 R14: 0000000000000000 R15: 00007f41770840c0 [ 101.827102][ T5471] [ 101.831103][ T5465] CPU: 1 PID: 5465 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 101.842564][ T5465] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 101.853179][ T5465] Call Trace: [ 101.857016][ T5465] [ 101.859991][ T5465] dump_stack_lvl+0x1e7/0x2d0 [ 101.864721][ T5465] ? nf_tcp_handle_invalid+0x650/0x650 [ 101.870301][ T5465] ? panic+0x770/0x770 [ 101.874581][ T5465] should_fail_ex+0x3aa/0x4e0 [ 101.879899][ T5465] should_failslab+0x9/0x20 [ 101.884525][ T5465] slab_pre_alloc_hook+0x59/0x310 [ 101.889768][ T5465] ? tomoyo_encode+0x26f/0x530 [ 101.894560][ T5465] __kmem_cache_alloc_node+0x4b/0x270 [ 101.900318][ T5465] ? arch_stack_walk+0x162/0x1a0 [ 101.905337][ T5465] ? tomoyo_encode+0x26f/0x530 [ 101.910129][ T5465] __kmalloc+0xa8/0x230 [ 101.914452][ T5465] tomoyo_encode+0x26f/0x530 [pid 5463] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5466] close(4 [pid 5463] <... futex resumed>) = 0 [pid 5471] <... mount resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 5466] <... close resumed>) = 0 [pid 5463] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5466] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5462] <... futex resumed>) = 0 [pid 5466] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5462] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5466] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5462] <... futex resumed>) = 0 [pid 5466] open("./file0", O_RDONLY [pid 5462] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5466] <... open resumed>) = -1 ENOENT (No such file or directory) [ 101.919097][ T5465] tomoyo_mount_permission+0x356/0xb80 [ 101.924764][ T5465] ? __stack_depot_save+0x20/0x650 [ 101.929897][ T5465] ? tomoyo_mount_permission+0x295/0xb80 [ 101.935565][ T5465] ? tomoyo_get_name+0x510/0x510 [ 101.940595][ T5465] security_sb_mount+0x8c/0xc0 [ 101.945611][ T5465] path_mount+0xb9/0xfa0 [ 101.949977][ T5465] ? kmem_cache_free+0x292/0x500 [ 101.955123][ T5465] ? user_path_at_empty+0x4c/0x60 [ 101.960275][ T5465] __se_sys_mount+0x2d9/0x3c0 [ 101.965093][ T5465] ? __x64_sys_mount+0xc0/0xc0 [pid 5466] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5462] <... futex resumed>) = 0 [pid 5466] ioctl(-1, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5462] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5466] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5462] <... futex resumed>) = 0 [pid 5466] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5462] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5459] exit_group(0 [pid 5466] <... futex resumed>) = 0 [pid 5463] <... futex resumed>) = ? [pid 5462] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5459] <... exit_group resumed>) = ? [pid 5466] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5463] +++ exited with 0 +++ [pid 5462] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5471] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5466] <... openat resumed>) = 3 [pid 5462] <... futex resumed>) = 0 [pid 5471] <... futex resumed>) = 1 [pid 5466] write(3, "15", 2 [pid 5462] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5471] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5466] <... write resumed>) = 2 [pid 5466] creat("./bus", 000 [pid 5468] <... futex resumed>) = 0 [ 101.970338][ T5465] ? syscall_enter_from_user_mode+0x32/0x230 [ 101.976758][ T5465] ? __x64_sys_mount+0x20/0xc0 [ 101.981559][ T5465] do_syscall_64+0x41/0xc0 [ 101.986213][ T5465] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 101.991416][ T5466] FAULT_INJECTION: forcing a failure. [ 101.991416][ T5466] name failslab, interval 1, probability 0, space 0, times 0 [ 101.992209][ T5465] RIP: 0033:0x7f41770c949a [pid 5466] <... creat resumed>) = -1 EISDIR (Is a directory) [pid 5490] <... futex resumed>) = ? [pid 5468] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5466] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5490] +++ exited with 0 +++ [pid 5471] <... futex resumed>) = 0 [pid 5468] <... futex resumed>) = 1 [pid 5466] <... futex resumed>) = 1 [pid 5462] <... futex resumed>) = 0 [pid 5459] +++ exited with 0 +++ [pid 5471] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5468] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5466] mkdir(".", 0777 [pid 5462] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5471] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5466] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5462] <... futex resumed>) = 0 [ 101.992231][ T5465] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 101.992245][ T5465] RSP: 002b:00007f4177084028 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 101.992265][ T5465] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f41770c949a [ 101.992278][ T5465] RDX: 0000000020000180 RSI: 0000000020000100 RDI: 0000000000000000 [ 101.992289][ T5465] RBP: 0000000020000180 R08: 00007f41770840c0 R09: 0000000000000000 [ 102.065318][ T5465] R10: 0000000001a404bc R11: 0000000000000286 R12: 0000000000000000 [pid 5028] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5459, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=38 /* 0.38 s */} --- [pid 5471] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5466] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5462] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5471] <... futex resumed>) = 1 [pid 5468] <... futex resumed>) = 0 [pid 5028] restart_syscall(<... resuming interrupted clone ...> [pid 5471] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5468] exit_group(0 [pid 5028] <... restart_syscall resumed>) = 0 [pid 5471] <... futex resumed>) = ? [pid 5468] <... exit_group resumed>) = ? [pid 5471] +++ exited with 0 +++ [pid 5468] +++ exited with 0 +++ [pid 5029] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5468, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=35 /* 0.35 s */} --- [pid 5028] umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5029] umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5028] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5029] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5029] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5028] <... openat resumed>) = 3 [pid 5029] <... openat resumed>) = 3 [pid 5028] newfstatat(3, "", [pid 5029] newfstatat(3, "", [pid 5028] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5029] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5029] getdents64(3, [pid 5028] getdents64(3, [pid 5029] <... getdents64 resumed>0x555555981730 /* 4 entries */, 32768) = 104 [pid 5028] <... getdents64 resumed>0x555555981730 /* 4 entries */, 32768) = 104 [pid 5029] umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5028] umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5029] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5028] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5029] newfstatat(AT_FDCWD, "./14/bus", [pid 5028] newfstatat(AT_FDCWD, "./13/bus", [pid 5029] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5028] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5029] umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5028] umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5029] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5028] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 102.073372][ T5465] R13: 0000000020000100 R14: 0000000000000000 R15: 00007f41770840c0 [ 102.081611][ T5465] [ 102.086412][ T5470] CPU: 0 PID: 5470 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 102.096889][ T5470] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 102.107037][ T5470] Call Trace: [ 102.110414][ T5470] [ 102.113369][ T5470] dump_stack_lvl+0x1e7/0x2d0 [ 102.118056][ T5470] ? nf_tcp_handle_invalid+0x650/0x650 [ 102.123601][ T5470] ? panic+0x770/0x770 [ 102.127785][ T5470] ? __might_sleep+0xc0/0xc0 [ 102.132474][ T5470] should_fail_ex+0x3aa/0x4e0 [ 102.137419][ T5470] should_failslab+0x9/0x20 [ 102.141951][ T5470] slab_pre_alloc_hook+0x59/0x310 [ 102.147012][ T5470] ? __might_sleep+0xc0/0xc0 [ 102.151637][ T5470] kmem_cache_alloc+0x52/0x300 [ 102.156435][ T5470] ? getname_flags+0xbc/0x4f0 [ 102.161153][ T5470] getname_flags+0xbc/0x4f0 [ 102.165677][ T5470] user_path_at_empty+0x2c/0x60 [ 102.170645][ T5470] __se_sys_mount+0x29a/0x3c0 [ 102.175381][ T5470] ? __x64_sys_mount+0xc0/0xc0 [ 102.180203][ T5470] ? syscall_enter_from_user_mode+0x32/0x230 [ 102.186200][ T5470] ? __x64_sys_mount+0x20/0xc0 [ 102.190972][ T5470] do_syscall_64+0x41/0xc0 [ 102.195405][ T5470] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 102.201401][ T5470] RIP: 0033:0x7f41770c949a [ 102.205825][ T5470] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [pid 5464] <... creat resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 5029] openat(AT_FDCWD, "./14/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5464] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5029] <... openat resumed>) = 4 [pid 5464] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5029] newfstatat(4, "", [pid 5465] <... mount resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 5029] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5028] openat(AT_FDCWD, "./13/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [ 102.225769][ T5470] RSP: 002b:00007f4177084028 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 102.234207][ T5470] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f41770c949a [ 102.234517][ T5489] BTRFS error (device loop5: state M): unrecognized mount option '18446744073709551615017777777777777777777770177777777777777777777718446744073709551615lbZ~Ƣ8žH~אa*Oѓ< 5^Sus%e [ 102.234517][ T5489] /ĖEaofmߚtҮ~г#a C$n-SGWmxeGy|sL=~ä_;N' [ 102.242187][ T5470] RDX: 0000000020000180 RSI: 0000000020000100 RDI: 0000000000000000 [ 102.242202][ T5470] RBP: 0000000020000180 R08: 00007f41770840c0 R09: 0000000000000000 [ 102.242213][ T5470] R10: 0000000001a404bc R11: 0000000000000286 R12: 0000000000000000 [ 102.242223][ T5470] R13: 0000000020000100 R14: 0000000000000000 R15: 00007f41770840c0 [ 102.242248][ T5470] [ 102.243712][ T5466] CPU: 0 PID: 5466 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 102.318637][ T5466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 102.328692][ T5466] Call Trace: [ 102.332234][ T5466] [ 102.335160][ T5466] dump_stack_lvl+0x1e7/0x2d0 [ 102.339943][ T5466] ? nf_tcp_handle_invalid+0x650/0x650 [ 102.345424][ T5466] ? panic+0x770/0x770 [ 102.349513][ T5466] should_fail_ex+0x3aa/0x4e0 [ 102.354244][ T5466] should_failslab+0x9/0x20 [ 102.358856][ T5466] slab_pre_alloc_hook+0x59/0x310 [ 102.363909][ T5466] ? tomoyo_encode+0x26f/0x530 [ 102.368690][ T5466] __kmem_cache_alloc_node+0x4b/0x270 [ 102.374334][ T5466] ? arch_stack_walk+0x162/0x1a0 [ 102.379271][ T5466] ? tomoyo_encode+0x26f/0x530 [ 102.384034][ T5466] __kmalloc+0xa8/0x230 [ 102.388196][ T5466] tomoyo_encode+0x26f/0x530 [ 102.392874][ T5466] tomoyo_mount_permission+0x356/0xb80 [ 102.398421][ T5466] ? __stack_depot_save+0x20/0x650 [ 102.403522][ T5466] ? tomoyo_mount_permission+0x295/0xb80 [ 102.409166][ T5466] ? tomoyo_get_name+0x510/0x510 [ 102.414294][ T5466] security_sb_mount+0x8c/0xc0 [ 102.419077][ T5466] path_mount+0xb9/0xfa0 [ 102.423336][ T5466] ? kmem_cache_free+0x292/0x500 [ 102.428295][ T5466] ? user_path_at_empty+0x4c/0x60 [ 102.433343][ T5466] __se_sys_mount+0x2d9/0x3c0 [ 102.438024][ T5466] ? __x64_sys_mount+0xc0/0xc0 [ 102.442878][ T5466] ? syscall_enter_from_user_mode+0x32/0x230 [ 102.449126][ T5466] ? __x64_sys_mount+0x20/0xc0 [ 102.453906][ T5466] do_syscall_64+0x41/0xc0 [ 102.458435][ T5466] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 102.464620][ T5466] RIP: 0033:0x7f41770c949a [ 102.469137][ T5466] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 102.489809][ T5466] RSP: 002b:00007f4177084028 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 102.499119][ T5466] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f41770c949a [ 102.507189][ T5466] RDX: 0000000020000180 RSI: 0000000020000100 RDI: 0000000000000000 [ 102.515425][ T5466] RBP: 0000000020000180 R08: 00007f41770840c0 R09: 0000000000000000 [pid 5029] getdents64(4, [pid 5489] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5470] <... mount resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 5465] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5029] <... getdents64 resumed>0x555555989770 /* 2 entries */, 32768) = 48 [pid 5028] <... openat resumed>) = 4 [pid 5465] <... futex resumed>) = 1 [pid 5489] futex(0x7f41771546dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5470] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5465] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5461] <... futex resumed>) = 0 [pid 5029] getdents64(4, [pid 5028] newfstatat(4, "", [pid 5489] <... futex resumed>) = 1 [pid 5470] <... futex resumed>) = 1 [pid 5467] <... futex resumed>) = 0 [pid 5461] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5460] <... futex resumed>) = 0 [pid 5029] <... getdents64 resumed>0x555555989770 /* 0 entries */, 32768) = 0 [pid 5028] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5489] futex(0x7f41771546d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5470] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5467] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5465] <... futex resumed>) = 0 [pid 5461] <... futex resumed>) = 1 [pid 5460] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5029] close(4 [pid 5028] getdents64(4, [pid 5470] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5467] <... futex resumed>) = 0 [pid 5465] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5029] <... close resumed>) = 0 [pid 5470] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5465] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5470] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5467] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5465] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5464] <... futex resumed>) = 0 [pid 5460] <... futex resumed>) = 1 [pid 5029] rmdir("./14/bus" [pid 5470] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5467] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5465] <... futex resumed>) = 0 [pid 5461] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5460] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5028] <... getdents64 resumed>0x555555989770 /* 2 entries */, 32768) = 48 [pid 5470] <... futex resumed>) = 0 [pid 5465] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5467] exit_group(0 [pid 5470] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5467] <... exit_group resumed>) = ? [pid 5470] <... futex resumed>) = ? [pid 5464] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0) = -1 EBADF (Bad file descriptor) [pid 5464] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5464] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5466] <... mount resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 5466] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5462] <... futex resumed>) = 0 [pid 5462] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5462] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5466] <... futex resumed>) = 1 [pid 5466] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0) = -1 EBADF (Bad file descriptor) [pid 5466] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5462] <... futex resumed>) = 0 [pid 5470] +++ exited with 0 +++ [pid 5467] +++ exited with 0 +++ [pid 5461] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5460] <... futex resumed>) = 0 [pid 5029] <... rmdir resumed>) = 0 [pid 5028] getdents64(4, [pid 5461] exit_group(0 [pid 5029] umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5025] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5467, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=37 /* 0.37 s */} --- [pid 5460] exit_group(0 [pid 5029] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5028] <... getdents64 resumed>0x555555989770 /* 0 entries */, 32768) = 0 [pid 5461] <... exit_group resumed>) = ? [pid 5489] <... futex resumed>) = ? [pid 5465] <... futex resumed>) = ? [pid 5460] <... exit_group resumed>) = ? [pid 5029] newfstatat(AT_FDCWD, "./14/binderfs", [pid 5028] close(4 [pid 5465] +++ exited with 0 +++ [pid 5028] <... close resumed>) = 0 [pid 5464] <... futex resumed>) = ? [pid 5028] rmdir("./13/bus" [pid 5025] umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5029] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5464] +++ exited with 0 +++ [pid 5462] exit_group(0) = ? [pid 5028] <... rmdir resumed>) = 0 [pid 5029] unlink("./14/binderfs" [pid 5028] umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5025] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5489] +++ exited with 0 +++ [pid 5466] <... futex resumed>) = ? [pid 5460] +++ exited with 0 +++ [pid 5030] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5460, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=36 /* 0.36 s */} --- [pid 5025] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5466] +++ exited with 0 +++ [pid 5462] +++ exited with 0 +++ [pid 5029] <... unlink resumed>) = 0 [pid 5025] <... openat resumed>) = 3 [pid 5028] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5028] newfstatat(AT_FDCWD, "./13/binderfs", [pid 5025] newfstatat(3, "", [pid 5030] umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5029] getdents64(3, [pid 5028] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5030] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5025] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5030] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5029] <... getdents64 resumed>0x555555981730 /* 0 entries */, 32768) = 0 [pid 5028] unlink("./13/binderfs" [pid 5027] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5462, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=51 /* 0.51 s */} --- [pid 5025] getdents64(3, [pid 5028] <... unlink resumed>) = 0 [pid 5025] <... getdents64 resumed>0x555555981730 /* 4 entries */, 32768) = 104 [pid 5030] <... openat resumed>) = 3 [pid 5025] umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5030] newfstatat(3, "", [pid 5028] getdents64(3, [pid 5029] close(3 [pid 5025] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5030] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5028] <... getdents64 resumed>0x555555981730 /* 0 entries */, 32768) = 0 [pid 5025] newfstatat(AT_FDCWD, "./13/bus", [pid 5029] <... close resumed>) = 0 [pid 5028] close(3 [pid 5030] getdents64(3, [pid 5025] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5029] rmdir("./14" [pid 5028] <... close resumed>) = 0 [pid 5025] umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5030] <... getdents64 resumed>0x555555981730 /* 4 entries */, 32768) = 104 [pid 5028] rmdir("./13" [pid 5025] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5029] <... rmdir resumed>) = 0 [pid 5025] openat(AT_FDCWD, "./13/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5030] umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5028] <... rmdir resumed>) = 0 [pid 5025] <... openat resumed>) = 4 [pid 5025] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5027] umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5025] getdents64(4, 0x555555989770 /* 2 entries */, 32768) = 48 [pid 5027] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5025] getdents64(4, [pid 5027] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5025] <... getdents64 resumed>0x555555989770 /* 0 entries */, 32768) = 0 [pid 5461] +++ exited with 0 +++ [pid 5028] mkdir("./14", 0777) = 0 [pid 5026] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5461, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=47 /* 0.47 s */} --- [pid 5025] close(4 [pid 5027] <... openat resumed>) = 3 [pid 5025] <... close resumed>) = 0 [pid 5027] newfstatat(3, "", [pid 5025] rmdir("./13/bus" [pid 5026] umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5027] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5027] getdents64(3, 0x555555981730 /* 4 entries */, 32768) = 104 [pid 5025] <... rmdir resumed>) = 0 [pid 5026] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5025] umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5026] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5025] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5027] umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5026] <... openat resumed>) = 3 [pid 5025] newfstatat(AT_FDCWD, "./13/binderfs", [pid 5026] newfstatat(3, "", [pid 5027] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5025] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5028] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5026] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5025] unlink("./13/binderfs" [pid 5026] getdents64(3, [pid 5027] newfstatat(AT_FDCWD, "./13/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5025] <... unlink resumed>) = 0 [pid 5026] <... getdents64 resumed>0x555555981730 /* 4 entries */, 32768) = 104 [pid 5025] getdents64(3, [pid 5026] umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5025] <... getdents64 resumed>0x555555981730 /* 0 entries */, 32768) = 0 [pid 5026] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5025] close(3 [pid 5026] newfstatat(AT_FDCWD, "./14/bus", [pid 5027] umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5025] <... close resumed>) = 0 [pid 5027] openat(AT_FDCWD, "./13/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5026] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5028] <... openat resumed>) = 3 [pid 5027] <... openat resumed>) = 4 [pid 5026] umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5025] rmdir("./13" [pid 5027] newfstatat(4, "", [pid 5026] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5029] mkdir("./15", 0777 [pid 5028] ioctl(3, LOOP_CLR_FD [pid 5027] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5026] openat(AT_FDCWD, "./14/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5025] <... rmdir resumed>) = 0 [pid 5027] getdents64(4, 0x555555989770 /* 2 entries */, 32768) = 48 [pid 5026] <... openat resumed>) = 4 [pid 5025] mkdir("./14", 0777 [pid 5027] getdents64(4, [pid 5026] newfstatat(4, "", [pid 5027] <... getdents64 resumed>0x555555989770 /* 0 entries */, 32768) = 0 [pid 5027] close(4) = 0 [pid 5027] rmdir("./13/bus") = 0 [pid 5025] <... mkdir resumed>) = 0 [pid 5027] umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5025] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5027] newfstatat(AT_FDCWD, "./13/binderfs", [pid 5028] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5027] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5025] <... openat resumed>) = 3 [pid 5028] close(3 [ 102.523391][ T5466] R10: 0000000001a404bc R11: 0000000000000286 R12: 0000000000000000 [ 102.531386][ T5466] R13: 0000000020000100 R14: 0000000000000000 R15: 00007f41770840c0 [ 102.539488][ T5466] [pid 5027] unlink("./13/binderfs" [pid 5026] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5025] ioctl(3, LOOP_CLR_FD [pid 5029] <... mkdir resumed>) = 0 [pid 5028] <... close resumed>) = 0 [pid 5025] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5027] <... unlink resumed>) = 0 [pid 5026] getdents64(4, [pid 5025] close(3 [pid 5029] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5028] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5027] getdents64(3, [pid 5025] <... close resumed>) = 0 [pid 5027] <... getdents64 resumed>0x555555981730 /* 0 entries */, 32768) = 0 [pid 5026] <... getdents64 resumed>0x555555989770 /* 2 entries */, 32768) = 48 [pid 5025] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5029] <... openat resumed>) = 3 [pid 5027] close(3 [pid 5026] getdents64(4, [pid 5029] ioctl(3, LOOP_CLR_FD [pid 5027] <... close resumed>) = 0 [pid 5026] <... getdents64 resumed>0x555555989770 /* 0 entries */, 32768) = 0 [pid 5025] <... clone resumed>, child_tidptr=0x555555980690) = 5492 [pid 5029] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5027] rmdir("./13" [pid 5026] close(4 [pid 5029] close(3 [pid 5026] <... close resumed>) = 0 [pid 5029] <... close resumed>) = 0 [pid 5028] <... clone resumed>, child_tidptr=0x555555980690) = 5491 [pid 5026] rmdir("./14/bus"./strace-static-x86_64: Process 5491 attached ./strace-static-x86_64: Process 5492 attached [pid 5029] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5027] <... rmdir resumed>) = 0 [pid 5026] <... rmdir resumed>) = 0 [pid 5491] set_robust_list(0x5555559806a0, 24 [pid 5492] set_robust_list(0x5555559806a0, 24 [pid 5027] mkdir("./14", 0777 [pid 5491] <... set_robust_list resumed>) = 0 [pid 5492] <... set_robust_list resumed>) = 0 [pid 5027] <... mkdir resumed>) = 0 [pid 5491] chdir("./14" [pid 5492] chdir("./14" [pid 5027] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5492] <... chdir resumed>) = 0 [pid 5027] <... openat resumed>) = 3 ./strace-static-x86_64: Process 5493 attached [pid 5491] <... chdir resumed>) = 0 [pid 5492] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5493] set_robust_list(0x5555559806a0, 24 [pid 5491] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5027] ioctl(3, LOOP_CLR_FD [pid 5493] <... set_robust_list resumed>) = 0 [pid 5491] <... prctl resumed>) = 0 [pid 5027] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5491] setpgid(0, 0 [pid 5493] chdir("./15" [pid 5491] <... setpgid resumed>) = 0 [pid 5027] close(3 [pid 5492] <... prctl resumed>) = 0 [pid 5491] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5492] setpgid(0, 0 [pid 5027] <... close resumed>) = 0 [pid 5493] <... chdir resumed>) = 0 [pid 5492] <... setpgid resumed>) = 0 [pid 5027] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5493] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5491] <... openat resumed>) = 3 [pid 5492] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5026] umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5494 attached [pid 5493] <... prctl resumed>) = 0 [pid 5491] write(3, "1000", 4 [pid 5027] <... clone resumed>, child_tidptr=0x555555980690) = 5494 [pid 5026] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5026] newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5026] unlink("./14/binderfs" [pid 5494] set_robust_list(0x5555559806a0, 24 [pid 5493] setpgid(0, 0 [pid 5491] <... write resumed>) = 4 [pid 5029] <... clone resumed>, child_tidptr=0x555555980690) = 5493 [pid 5026] <... unlink resumed>) = 0 [pid 5026] getdents64(3, 0x555555981730 /* 0 entries */, 32768) = 0 [pid 5026] close(3) = 0 [pid 5026] rmdir("./14" [pid 5493] <... setpgid resumed>) = 0 [pid 5491] close(3 [pid 5494] <... set_robust_list resumed>) = 0 [pid 5026] <... rmdir resumed>) = 0 [pid 5026] mkdir("./15", 0777 [pid 5494] chdir("./14" [pid 5493] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5491] <... close resumed>) = 0 [pid 5492] <... openat resumed>) = 3 [pid 5493] <... openat resumed>) = 3 [pid 5491] symlink("/dev/binderfs", "./binderfs" [pid 5492] write(3, "1000", 4 [pid 5494] <... chdir resumed>) = 0 [pid 5494] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5492] <... write resumed>) = 4 [pid 5494] <... prctl resumed>) = 0 [pid 5491] <... symlink resumed>) = 0 [pid 5492] close(3 [pid 5026] <... mkdir resumed>) = 0 [pid 5494] setpgid(0, 0 [pid 5493] write(3, "1000", 4 [pid 5491] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5492] <... close resumed>) = 0 [pid 5494] <... setpgid resumed>) = 0 [pid 5493] <... write resumed>) = 4 [pid 5491] <... futex resumed>) = 0 [pid 5492] symlink("/dev/binderfs", "./binderfs" [pid 5026] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5493] close(3 [pid 5491] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, [pid 5492] <... symlink resumed>) = 0 [pid 5494] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5493] <... close resumed>) = 0 [pid 5491] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5492] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5026] <... openat resumed>) = 3 [pid 5026] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5026] close(3 [pid 5493] symlink("/dev/binderfs", "./binderfs" [pid 5491] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5492] <... futex resumed>) = 0 [pid 5026] <... close resumed>) = 0 [pid 5494] <... openat resumed>) = 3 [pid 5493] <... symlink resumed>) = 0 [pid 5491] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5492] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, [pid 5026] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5494] write(3, "1000", 4 [pid 5493] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5491] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5492] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5491] <... mmap resumed>) = 0x7f4177064000 [pid 5492] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5491] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE [pid 5492] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5491] <... mprotect resumed>) = 0 [pid 5492] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5491] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5492] <... mmap resumed>) = 0x7f4177064000 [pid 5491] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5492] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE [pid 5491] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0} [pid 5492] <... mprotect resumed>) = 0 ./strace-static-x86_64: Process 5495 attached [pid 5493] <... futex resumed>) = 0 [pid 5492] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5026] <... clone resumed>, child_tidptr=0x555555980690) = 5495 [pid 5495] set_robust_list(0x5555559806a0, 24 [pid 5493] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, [pid 5491] <... clone3 resumed> => {parent_tid=[5496]}, 88) = 5496 [pid 5492] <... rt_sigprocmask resumed>[], 8) = 0 ./strace-static-x86_64: Process 5496 attached [pid 5495] <... set_robust_list resumed>) = 0 [pid 5494] <... write resumed>) = 4 [pid 5493] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5491] rt_sigprocmask(SIG_SETMASK, [], [pid 5492] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0}./strace-static-x86_64: Process 5497 attached [pid 5496] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053 [pid 5495] chdir("./15" [pid 5494] close(3 [pid 5493] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5491] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5497] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053 [pid 5493] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5491] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5492] <... clone3 resumed> => {parent_tid=[5497]}, 88) = 5497 [pid 5497] <... rseq resumed>) = 0 [pid 5493] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5491] <... futex resumed>) = 0 [pid 5492] rt_sigprocmask(SIG_SETMASK, [], [pid 5497] set_robust_list(0x7f41770849a0, 24 [pid 5493] <... mmap resumed>) = 0x7f4177064000 [pid 5491] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5492] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5497] <... set_robust_list resumed>) = 0 [pid 5496] <... rseq resumed>) = 0 [pid 5495] <... chdir resumed>) = 0 [pid 5494] <... close resumed>) = 0 [pid 5493] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE [pid 5492] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5497] rt_sigprocmask(SIG_SETMASK, [], [pid 5496] set_robust_list(0x7f41770849a0, 24 [pid 5495] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5494] symlink("/dev/binderfs", "./binderfs" [pid 5493] <... mprotect resumed>) = 0 [pid 5492] <... futex resumed>) = 0 [pid 5497] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5496] <... set_robust_list resumed>) = 0 [pid 5495] <... prctl resumed>) = 0 [pid 5494] <... symlink resumed>) = 0 [pid 5493] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5497] memfd_create("syzkaller", 0 [pid 5496] rt_sigprocmask(SIG_SETMASK, [], [pid 5495] setpgid(0, 0 [pid 5492] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5497] <... memfd_create resumed>) = 3 [pid 5496] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5495] <... setpgid resumed>) = 0 [pid 5494] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5493] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5497] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5496] memfd_create("syzkaller", 0 [pid 5495] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5494] <... futex resumed>) = 0 [pid 5493] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0} [pid 5497] <... mmap resumed>) = 0x7f416ec64000 [pid 5496] <... memfd_create resumed>) = 3 [pid 5495] <... openat resumed>) = 3 [pid 5494] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, ./strace-static-x86_64: Process 5498 attached [pid 5496] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5495] write(3, "1000", 4 [pid 5494] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5498] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053 [pid 5496] <... mmap resumed>) = 0x7f416ec64000 [pid 5495] <... write resumed>) = 4 [pid 5494] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5498] <... rseq resumed>) = 0 [pid 5495] close(3 [pid 5494] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5498] set_robust_list(0x7f41770849a0, 24 [pid 5495] <... close resumed>) = 0 [pid 5494] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5493] <... clone3 resumed> => {parent_tid=[5498]}, 88) = 5498 [pid 5493] rt_sigprocmask(SIG_SETMASK, [], [pid 5494] <... mmap resumed>) = 0x7f4177064000 [pid 5493] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5493] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5495] symlink("/dev/binderfs", "./binderfs" [pid 5493] <... futex resumed>) = 0 [pid 5498] <... set_robust_list resumed>) = 0 [pid 5495] <... symlink resumed>) = 0 [pid 5494] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE [pid 5493] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5498] rt_sigprocmask(SIG_SETMASK, [], [pid 5494] <... mprotect resumed>) = 0 [pid 5498] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5494] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5498] memfd_create("syzkaller", 0 [pid 5495] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5494] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5498] <... memfd_create resumed>) = 3 [pid 5495] <... futex resumed>) = 0 [pid 5494] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0} [pid 5498] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5495] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, [pid 5498] <... mmap resumed>) = 0x7f416ec64000 [pid 5495] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5494] <... clone3 resumed> => {parent_tid=[5499]}, 88) = 5499 ./strace-static-x86_64: Process 5499 attached [pid 5495] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5494] rt_sigprocmask(SIG_SETMASK, [], [pid 5499] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053 [pid 5495] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5494] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5499] <... rseq resumed>) = 0 [pid 5495] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5494] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5499] set_robust_list(0x7f41770849a0, 24 [pid 5495] <... mmap resumed>) = 0x7f4177064000 [pid 5494] <... futex resumed>) = 0 [pid 5499] <... set_robust_list resumed>) = 0 [pid 5495] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE [pid 5494] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5499] rt_sigprocmask(SIG_SETMASK, [], [pid 5495] <... mprotect resumed>) = 0 [pid 5499] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5495] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5499] memfd_create("syzkaller", 0 [pid 5495] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5495] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0}./strace-static-x86_64: Process 5500 attached [pid 5499] <... memfd_create resumed>) = 3 [pid 5495] <... clone3 resumed> => {parent_tid=[5500]}, 88) = 5500 [pid 5500] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053 [pid 5495] rt_sigprocmask(SIG_SETMASK, [], [pid 5500] <... rseq resumed>) = 0 [pid 5500] set_robust_list(0x7f41770849a0, 24 [pid 5499] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5495] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5500] <... set_robust_list resumed>) = 0 [pid 5500] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5499] <... mmap resumed>) = 0x7f416ec64000 [pid 5495] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5500] memfd_create("syzkaller", 0 [pid 5495] <... futex resumed>) = 0 [pid 5495] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5500] <... memfd_create resumed>) = 3 [pid 5500] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f416ec64000 [pid 5030] <... umount2 resumed>) = 0 [pid 5030] umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5030] newfstatat(AT_FDCWD, "./12/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5497] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5030] umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5030] openat(AT_FDCWD, "./12/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5030] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5030] getdents64(4, 0x555555989770 /* 2 entries */, 32768) = 48 [pid 5030] getdents64(4, 0x555555989770 /* 0 entries */, 32768) = 0 [pid 5030] close(4) = 0 [pid 5030] rmdir("./12/bus") = 0 [pid 5500] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5496] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5030] umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5498] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5030] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5030] newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5030] unlink("./12/binderfs") = 0 [pid 5030] getdents64(3, 0x555555981730 /* 0 entries */, 32768) = 0 [pid 5030] close(3 [pid 5499] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5030] <... close resumed>) = 0 [pid 5030] rmdir("./12") = 0 [pid 5030] mkdir("./13", 0777) = 0 [pid 5030] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5030] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5030] close(3) = 0 [pid 5030] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555980690) = 5501 ./strace-static-x86_64: Process 5501 attached [pid 5501] set_robust_list(0x5555559806a0, 24) = 0 [pid 5501] chdir("./13") = 0 [pid 5501] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5501] setpgid(0, 0) = 0 [pid 5501] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5501] write(3, "1000", 4) = 4 [pid 5501] close(3) = 0 [pid 5501] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5501] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5501] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, NULL, 8) = 0 [pid 5501] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5501] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4177064000 [pid 5501] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5501] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5501] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0}./strace-static-x86_64: Process 5502 attached [pid 5502] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053) = 0 [pid 5501] <... clone3 resumed> => {parent_tid=[5502]}, 88) = 5502 [pid 5502] set_robust_list(0x7f41770849a0, 24) = 0 [pid 5501] rt_sigprocmask(SIG_SETMASK, [], [pid 5502] rt_sigprocmask(SIG_SETMASK, [], [pid 5501] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5502] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5502] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5501] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5502] <... futex resumed>) = 0 [pid 5502] memfd_create("syzkaller", 0 [pid 5501] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5502] <... memfd_create resumed>) = 3 [pid 5502] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f416ec64000 [pid 5497] <... write resumed>) = 16777216 [pid 5497] munmap(0x7f416ec64000, 138412032) = 0 [pid 5497] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5497] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5497] close(3) = 0 [pid 5497] mkdir("./bus", 0777) = 0 [ 103.465138][ T5497] loop0: detected capacity change from 0 to 32768 [pid 5497] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5500] <... write resumed>) = 16777216 [pid 5500] munmap(0x7f416ec64000, 138412032) = 0 [ 103.507996][ T5497] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor340 (5497) [pid 5500] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 103.563073][ T5497] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 103.592126][ T5497] BTRFS info (device loop0): doing ref verification [ 103.599003][ T5497] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [pid 5500] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5500] close(3) = 0 [pid 5500] mkdir("./bus", 0777) = 0 [ 103.610870][ T5500] loop1: detected capacity change from 0 to 32768 [pid 5500] mount("/dev/loop1", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5499] <... write resumed>) = 16777216 [pid 5500] <... mount resumed>) = -1 EEXIST (File exists) [pid 5500] ioctl(4, LOOP_CLR_FD [pid 5498] <... write resumed>) = 16777216 [pid 5502] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5499] munmap(0x7f416ec64000, 138412032 [pid 5498] munmap(0x7f416ec64000, 138412032) = 0 [ 103.644666][ T5500] BTRFS warning: duplicate device /dev/loop1 devid 1 generation 8 scanned by syz-executor340 (5500) [ 103.665782][ T5497] BTRFS info (device loop0): force zlib compression, level 3 [ 103.674131][ T5497] BTRFS info (device loop0): allowing degraded mounts [pid 5498] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5499] <... munmap resumed>) = 0 [pid 5498] <... openat resumed>) = 4 [pid 5498] ioctl(4, LOOP_SET_FD, 3 [pid 5499] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5498] <... ioctl resumed>) = 0 [ 103.692065][ T5497] BTRFS info (device loop0): using free space tree [ 103.703137][ T5498] loop4: detected capacity change from 0 to 32768 [pid 5499] ioctl(4, LOOP_SET_FD, 3 [pid 5498] close(3) = 0 [pid 5496] <... write resumed>) = 16777216 [pid 5498] mkdir("./bus", 0777) = 0 [pid 5496] munmap(0x7f416ec64000, 138412032) = 0 [pid 5499] <... ioctl resumed>) = 0 [pid 5498] mount("/dev/loop4", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5499] close(3) = 0 [pid 5496] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5499] mkdir("./bus", 0777 [pid 5496] ioctl(4, LOOP_SET_FD, 3 [pid 5499] <... mkdir resumed>) = 0 [ 103.741339][ T5499] loop2: detected capacity change from 0 to 32768 [ 103.772573][ T5498] BTRFS warning: duplicate device /dev/loop4 devid 1 generation 8 scanned by syz-executor340 (5498) [pid 5496] <... ioctl resumed>) = 0 [pid 5499] mount("/dev/loop2", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5498] <... mount resumed>) = -1 EEXIST (File exists) [pid 5496] close(3 [pid 5498] ioctl(4, LOOP_CLR_FD [pid 5496] <... close resumed>) = 0 [pid 5496] mkdir("./bus", 0777) = 0 [ 103.793509][ T5496] loop3: detected capacity change from 0 to 32768 [ 103.816923][ T5499] BTRFS warning: duplicate device /dev/loop2 devid 1 generation 8 scanned by syz-executor340 (5499) [pid 5496] mount("/dev/loop3", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5499] <... mount resumed>) = -1 EEXIST (File exists) [pid 5499] ioctl(4, LOOP_CLR_FD [pid 5500] <... ioctl resumed>) = 0 [pid 5500] close(4) = 0 [pid 5500] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5495] <... futex resumed>) = 0 [pid 5497] <... mount resumed>) = 0 [pid 5496] <... mount resumed>) = -1 EEXIST (File exists) [pid 5495] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5497] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5495] <... futex resumed>) = 0 [pid 5497] <... openat resumed>) = 3 [pid 5495] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5497] chdir("./bus") = 0 [pid 5497] ioctl(4, LOOP_CLR_FD [pid 5500] open("./file0", O_RDONLY [pid 5497] <... ioctl resumed>) = 0 [pid 5496] ioctl(4, LOOP_CLR_FD [pid 5500] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 5497] close(4 [pid 5500] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5497] <... close resumed>) = 0 [pid 5500] <... futex resumed>) = 1 [pid 5497] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5495] <... futex resumed>) = 0 [pid 5500] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5497] <... futex resumed>) = 1 [pid 5495] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5492] <... futex resumed>) = 0 [pid 5500] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5497] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5495] <... futex resumed>) = 0 [pid 5492] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5500] ioctl(-1, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5497] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5495] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5492] <... futex resumed>) = 0 [pid 5500] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5497] open("./file0", O_RDONLY [pid 5492] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5500] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5497] <... open resumed>) = 4 [pid 5500] <... futex resumed>) = 1 [pid 5495] <... futex resumed>) = 0 [pid 5500] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5495] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5500] <... openat resumed>) = 3 [pid 5495] <... futex resumed>) = 0 [pid 5495] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5497] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5500] write(3, "15", 2) = 2 [pid 5497] <... futex resumed>) = 1 [pid 5492] <... futex resumed>) = 0 [ 103.843130][ T5497] BTRFS info (device loop0): auto enabling async discard [ 103.864600][ T5496] BTRFS warning: duplicate device /dev/loop3 devid 1 generation 8 scanned by syz-executor340 (5496) [pid 5500] creat("./bus", 000) = -1 EISDIR (Is a directory) [pid 5492] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5500] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5492] <... futex resumed>) = 0 [pid 5500] <... futex resumed>) = 1 [pid 5495] <... futex resumed>) = 0 [pid 5492] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5500] mkdir(".", 0777 [pid 5497] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5495] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5500] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5495] <... futex resumed>) = 0 [pid 5500] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5495] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5492] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 103.940074][ T5500] FAULT_INJECTION: forcing a failure. [ 103.940074][ T5500] name failslab, interval 1, probability 0, space 0, times 0 [ 103.977584][ T5500] CPU: 1 PID: 5500 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [pid 5492] futex(0x7f41771546dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5492] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4177043000 [pid 5492] mprotect(0x7f4177044000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5492] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5492] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177063990, parent_tid=0x7f4177063990, exit_signal=0, stack=0x7f4177043000, stack_size=0x20300, tls=0x7f41770636c0} => {parent_tid=[5518]}, 88) = 5518 [pid 5492] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5492] futex(0x7f41771546d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5492] futex(0x7f41771546dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5518 attached [pid 5518] rseq(0x7f4177063fe0, 0x20, 0, 0x53053053) = 0 [pid 5518] set_robust_list(0x7f41770639a0, 24) = 0 [pid 5518] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5518] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [ 103.988141][ T5500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 103.998249][ T5500] Call Trace: [ 104.001559][ T5500] [ 104.004611][ T5500] dump_stack_lvl+0x1e7/0x2d0 [ 104.009423][ T5500] ? nf_tcp_handle_invalid+0x650/0x650 [ 104.014917][ T5500] ? panic+0x770/0x770 [ 104.019031][ T5500] should_fail_ex+0x3aa/0x4e0 [ 104.023789][ T5500] should_failslab+0x9/0x20 [ 104.028315][ T5500] slab_pre_alloc_hook+0x59/0x310 [ 104.033374][ T5500] ? tomoyo_encode+0x26f/0x530 [pid 5518] write(5, "15", 2) = 2 [pid 5518] creat("./bus", 000 [pid 5492] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5492] futex(0x7f41771546ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5492] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4177022000 [pid 5492] mprotect(0x7f4177023000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5492] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 104.038597][ T5500] __kmem_cache_alloc_node+0x4b/0x270 [ 104.044001][ T5500] ? arch_stack_walk+0x162/0x1a0 [ 104.048958][ T5500] ? tomoyo_encode+0x26f/0x530 [ 104.050112][ T5518] FAULT_INJECTION: forcing a failure. [ 104.050112][ T5518] name failslab, interval 1, probability 0, space 0, times 0 [ 104.053725][ T5500] __kmalloc+0xa8/0x230 [ 104.053754][ T5500] tomoyo_encode+0x26f/0x530 [ 104.053782][ T5500] tomoyo_mount_permission+0x356/0xb80 [ 104.053810][ T5500] ? __stack_depot_save+0x20/0x650 [ 104.053825][ T5500] ? tomoyo_mount_permission+0x295/0xb80 [ 104.053849][ T5500] ? tomoyo_get_name+0x510/0x510 [ 104.097248][ T5500] security_sb_mount+0x8c/0xc0 [ 104.102040][ T5500] path_mount+0xb9/0xfa0 [ 104.106393][ T5500] ? kmem_cache_free+0x292/0x500 [ 104.111376][ T5500] ? user_path_at_empty+0x4c/0x60 [ 104.116497][ T5500] __se_sys_mount+0x2d9/0x3c0 [ 104.121200][ T5500] ? __x64_sys_mount+0xc0/0xc0 [ 104.125994][ T5500] ? syscall_enter_from_user_mode+0x32/0x230 [ 104.132094][ T5500] ? __x64_sys_mount+0x20/0xc0 [ 104.136883][ T5500] do_syscall_64+0x41/0xc0 [ 104.141308][ T5500] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 104.147391][ T5500] RIP: 0033:0x7f41770c949a [ 104.151829][ T5500] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 104.171985][ T5500] RSP: 002b:00007f4177084028 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 104.180526][ T5500] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f41770c949a [pid 5492] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177042990, parent_tid=0x7f4177042990, exit_signal=0, stack=0x7f4177022000, stack_size=0x20300, tls=0x7f41770426c0} => {parent_tid=[5519]}, 88) = 5519 [pid 5492] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5492] futex(0x7f41771546e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5492] futex(0x7f41771546ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5519 attached [pid 5519] rseq(0x7f4177042fe0, 0x20, 0, 0x53053053) = 0 [pid 5519] set_robust_list(0x7f41770429a0, 24) = 0 [pid 5519] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5519] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 5519] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5497] <... ioctl resumed>) = 0 [pid 5497] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 104.188815][ T5500] RDX: 0000000020000180 RSI: 0000000020000100 RDI: 0000000000000000 [ 104.197168][ T5500] RBP: 0000000020000180 R08: 00007f41770840c0 R09: 0000000000000000 [ 104.205145][ T5500] R10: 0000000001a404bc R11: 0000000000000286 R12: 0000000000000000 [ 104.213769][ T5500] R13: 0000000020000100 R14: 0000000000000000 R15: 00007f41770840c0 [ 104.221804][ T5500] [ 104.302271][ T5518] CPU: 1 PID: 5518 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 104.313012][ T5518] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 104.323503][ T5518] Call Trace: [ 104.326816][ T5518] [ 104.329958][ T5518] dump_stack_lvl+0x1e7/0x2d0 [ 104.334674][ T5518] ? nf_tcp_handle_invalid+0x650/0x650 [ 104.340418][ T5518] ? panic+0x770/0x770 [ 104.344637][ T5518] should_fail_ex+0x3aa/0x4e0 [pid 5497] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5502] <... write resumed>) = 16777216 [pid 5498] <... ioctl resumed>) = 0 [pid 5500] <... mount resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 5500] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5495] <... futex resumed>) = 0 [pid 5495] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5495] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5500] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0) = -1 EBADF (Bad file descriptor) [pid 5500] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5495] <... futex resumed>) = 0 [pid 5500] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5495] exit_group(0 [pid 5500] <... futex resumed>) = ? [pid 5495] <... exit_group resumed>) = ? [pid 5500] +++ exited with 0 +++ [pid 5495] +++ exited with 0 +++ [pid 5026] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5495, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=40 /* 0.40 s */} --- [pid 5026] umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5026] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5026] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5026] getdents64(3, 0x555555981730 /* 4 entries */, 32768) = 104 [pid 5026] umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5026] newfstatat(AT_FDCWD, "./15/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5026] umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5026] openat(AT_FDCWD, "./15/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5026] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5026] getdents64(4, 0x555555989770 /* 2 entries */, 32768) = 48 [pid 5026] getdents64(4, 0x555555989770 /* 0 entries */, 32768) = 0 [pid 5026] close(4) = 0 [pid 5026] rmdir("./15/bus") = 0 [pid 5026] umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5026] newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5026] unlink("./15/binderfs") = 0 [ 104.349499][ T5518] should_failslab+0x9/0x20 [ 104.354127][ T5518] slab_pre_alloc_hook+0x59/0x310 [ 104.359269][ T5518] ? __write_extent_buffer+0x20f/0x410 [ 104.366090][ T5518] kmem_cache_alloc+0x52/0x300 [ 104.370907][ T5518] ? btrfs_alloc_tree_block+0xbb0/0x1800 [ 104.376760][ T5518] ? set_extent_bit+0x3b/0x50 [ 104.381502][ T5518] btrfs_alloc_tree_block+0xbb0/0x1800 [ 104.387199][ T5518] ? alloc_reserved_file_extent+0x5e0/0x5e0 [ 104.393156][ T5518] ? mark_lock+0x9a/0x340 [ 104.397528][ T5518] ? read_extent_buffer+0x11f/0x2a0 [pid 5026] getdents64(3, 0x555555981730 /* 0 entries */, 32768) = 0 [pid 5026] close(3) = 0 [pid 5026] rmdir("./15") = 0 [pid 5026] mkdir("./16", 0777) = 0 [pid 5026] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5026] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 104.402882][ T5518] ? __asan_memcpy+0x40/0x70 [ 104.407517][ T5518] __btrfs_cow_block+0x465/0x1a90 [ 104.412603][ T5518] ? btrfs_cow_block+0xa10/0xa10 [ 104.417645][ T5518] ? btrfs_qgroup_add_swapped_blocks+0x750/0x7f0 [ 104.424066][ T5518] ? rcu_is_watching+0x15/0xb0 [ 104.428917][ T5518] btrfs_cow_block+0x35e/0xa10 [ 104.433948][ T5518] btrfs_search_slot+0xbf9/0x2f80 [ 104.438992][ T5518] ? btrfs_find_item+0x5c0/0x5c0 [ 104.443937][ T5518] ? btrfs_create_new_inode+0xd73/0x2710 [ 104.449654][ T5518] ? __lock_acquire+0x7f70/0x7f70 [ 104.454869][ T5518] ? do_raw_spin_lock+0x14d/0x3a0 [ 104.460086][ T5518] ? do_raw_spin_unlock+0x13b/0x8b0 [ 104.465289][ T5518] btrfs_insert_empty_items+0x9c/0x180 [ 104.470844][ T5518] btrfs_create_new_inode+0x10b3/0x2710 [ 104.476407][ T5518] ? btrfs_new_inode_args_destroy+0x160/0x160 [ 104.482674][ T5518] btrfs_create_common+0x1f9/0x300 [ 104.487885][ T5518] ? btrfs_tmpfile+0x4e0/0x4e0 [ 104.492646][ T5518] ? do_raw_spin_unlock+0x13b/0x8b0 [ 104.497949][ T5518] ? btrfs_create+0x75/0x140 [ 104.502641][ T5518] ? btrfs_lookup+0x40/0x40 [ 104.507145][ T5518] path_openat+0x13e7/0x3180 [ 104.511761][ T5518] ? do_filp_open+0x490/0x490 [ 104.516620][ T5518] do_filp_open+0x234/0x490 [ 104.521126][ T5518] ? vfs_tmpfile+0x4b0/0x4b0 [ 104.525743][ T5518] ? _raw_spin_unlock+0x28/0x40 [ 104.530609][ T5518] ? alloc_fd+0x59c/0x640 [ 104.534961][ T5518] do_sys_openat2+0x13e/0x1d0 [ 104.539772][ T5518] ? do_sys_open+0x230/0x230 [ 104.544460][ T5518] ? _raw_spin_unlock_irq+0x2e/0x50 [ 104.549652][ T5518] ? ptrace_notify+0x278/0x380 [ 104.554519][ T5518] __x64_sys_creat+0x123/0x160 [ 104.559799][ T5518] ? __x64_compat_sys_openat+0x290/0x290 [ 104.565436][ T5518] ? syscall_enter_from_user_mode+0x32/0x230 [ 104.571421][ T5518] ? syscall_enter_from_user_mode+0x8c/0x230 [ 104.577459][ T5518] do_syscall_64+0x41/0xc0 [ 104.581873][ T5518] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 104.587849][ T5518] RIP: 0033:0x7f41770c8049 [ 104.592349][ T5518] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 104.611947][ T5518] RSP: 002b:00007f4177063208 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 104.620712][ T5518] RAX: ffffffffffffffda RBX: 00007f41771546d8 RCX: 00007f41770c8049 [ 104.628766][ T5518] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000040 [ 104.636734][ T5518] RBP: 00007f41771546d0 R08: 00007f4177062fa6 R09: 0000000000003531 [ 104.644871][ T5518] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f41771211d0 [pid 5026] close(3 [pid 5502] munmap(0x7f416ec64000, 138412032 [pid 5498] close(4 [pid 5026] <... close resumed>) = 0 [pid 5498] <... close resumed>) = 0 [pid 5502] <... munmap resumed>) = 0 [ 104.652832][ T5518] R13: 00007f4177063210 R14: 0000000000000002 R15: 00007f417711c070 [ 104.660822][ T5518] [pid 5026] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5498] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5502] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5026] <... clone resumed>, child_tidptr=0x555555980690) = 5521 [pid 5498] <... futex resumed>) = 1 [pid 5502] <... openat resumed>) = 4 [pid 5493] <... futex resumed>) = 0 [pid 5498] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5502] ioctl(4, LOOP_SET_FD, 3 [pid 5493] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5498] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5502] <... ioctl resumed>) = 0 [pid 5493] <... futex resumed>) = 0 [pid 5493] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5502] close(3 [pid 5498] open("./file0", O_RDONLY [pid 5496] <... ioctl resumed>) = 0 [pid 5502] <... close resumed>) = 0 [pid 5498] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 5498] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5502] mkdir("./bus", 0777 [pid 5498] <... futex resumed>) = 1 [pid 5498] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5502] <... mkdir resumed>) = 0 [pid 5502] mount("/dev/loop5", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5493] <... futex resumed>) = 0 [pid 5499] <... ioctl resumed>) = 0 ./strace-static-x86_64: Process 5521 attached [pid 5499] close(4 [pid 5496] close(4 [pid 5493] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5493] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5498] <... futex resumed>) = 0 [pid 5498] ioctl(-1, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = -1 EBADF (Bad file descriptor) [pid 5498] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5502] <... mount resumed>) = -1 EEXIST (File exists) [pid 5498] <... futex resumed>) = 1 [pid 5493] <... futex resumed>) = 0 [pid 5493] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5502] ioctl(4, LOOP_CLR_FD [pid 5493] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5498] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3 [pid 5498] write(3, "15", 2) = 2 [pid 5498] creat("./bus", 000) = -1 EISDIR (Is a directory) [pid 5498] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5493] <... futex resumed>) = 0 [pid 5493] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5496] <... close resumed>) = 0 [pid 5521] set_robust_list(0x5555559806a0, 24 [pid 5499] <... close resumed>) = 0 [pid 5493] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5521] <... set_robust_list resumed>) = 0 [pid 5499] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [ 104.729447][ T5502] loop5: detected capacity change from 0 to 32768 [ 104.745599][ T5502] BTRFS warning: duplicate device /dev/loop5 devid 1 generation 8 scanned by syz-executor340 (5502) [ 104.746571][ T5518] BTRFS error (device loop0: state A): Transaction aborted (error -12) [ 104.766565][ T5518] BTRFS: error (device loop0: state A) in btrfs_create_new_inode:6276: errno=-12 Out of memory [pid 5496] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5521] chdir("./16" [pid 5518] <... creat resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 5499] <... futex resumed>) = 1 [pid 5498] mkdir(".", 0777 [pid 5496] <... futex resumed>) = 1 [pid 5494] <... futex resumed>) = 0 [pid 5491] <... futex resumed>) = 0 [pid 5521] <... chdir resumed>) = 0 [pid 5518] futex(0x7f41771546dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5499] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5496] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5521] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5518] <... futex resumed>) = 0 [pid 5521] <... prctl resumed>) = 0 [pid 5518] futex(0x7f41771546d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5521] setpgid(0, 0) = 0 [pid 5521] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5498] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5494] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5491] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5521] write(3, "1000", 4 [pid 5498] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5496] <... futex resumed>) = 0 [pid 5491] <... futex resumed>) = 1 [pid 5499] <... futex resumed>) = 0 [pid 5494] <... futex resumed>) = 1 [pid 5521] <... write resumed>) = 4 [pid 5499] open("./file0", O_RDONLY [pid 5496] open("./file0", O_RDONLY [pid 5494] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 104.779213][ T5518] BTRFS info (device loop0: state EA): forced readonly [ 104.788151][ T5519] BTRFS warning (device loop0: state EA): Skipping commit of aborted transaction. [pid 5491] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5521] close(3 [pid 5499] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 5496] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 5521] <... close resumed>) = 0 [pid 5499] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5496] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5521] symlink("/dev/binderfs", "./binderfs" [pid 5499] <... futex resumed>) = 0 [pid 5496] <... futex resumed>) = 0 [pid 5521] <... symlink resumed>) = 0 [pid 5499] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5496] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5521] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5521] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, NULL, 8) = 0 [pid 5521] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5521] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4177064000 [pid 5521] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE [pid 5494] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5491] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5494] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5491] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5496] <... futex resumed>) = 0 [pid 5499] <... futex resumed>) = 0 [pid 5494] <... futex resumed>) = 1 [pid 5491] <... futex resumed>) = 1 [pid 5521] <... mprotect resumed>) = 0 [pid 5499] ioctl(-1, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5496] ioctl(-1, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5494] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5521] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5499] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5496] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5491] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5521] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5499] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5496] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5491] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5521] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0} [pid 5499] <... futex resumed>) = 1 [pid 5496] <... futex resumed>) = 0 [pid 5494] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5522 attached [pid 5499] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5496] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5522] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053) = 0 [pid 5521] <... clone3 resumed> => {parent_tid=[5522]}, 88) = 5522 [pid 5522] set_robust_list(0x7f41770849a0, 24 [pid 5521] rt_sigprocmask(SIG_SETMASK, [], [pid 5522] <... set_robust_list resumed>) = 0 [pid 5522] rt_sigprocmask(SIG_SETMASK, [], [pid 5521] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5522] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5521] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5522] memfd_create("syzkaller", 0 [pid 5521] <... futex resumed>) = 0 [pid 5521] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5522] <... memfd_create resumed>) = 3 [pid 5522] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f416ec64000 [pid 5494] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5491] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5499] <... futex resumed>) = 0 [pid 5494] <... futex resumed>) = 1 [pid 5499] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5496] <... futex resumed>) = 0 [pid 5494] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5491] <... futex resumed>) = 1 [pid 5499] <... openat resumed>) = 3 [pid 5496] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5491] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5499] write(3, "15", 2 [pid 5496] <... openat resumed>) = 3 [pid 5499] <... write resumed>) = 2 [pid 5496] write(3, "15", 2 [pid 5499] creat("./bus", 000 [pid 5496] <... write resumed>) = 2 [pid 5499] <... creat resumed>) = -1 EISDIR (Is a directory) [pid 5496] creat("./bus", 000 [pid 5499] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5496] <... creat resumed>) = -1 EISDIR (Is a directory) [pid 5499] <... futex resumed>) = 1 [pid 5496] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5494] <... futex resumed>) = 0 [pid 5499] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5496] <... futex resumed>) = 1 [pid 5494] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5491] <... futex resumed>) = 0 [pid 5499] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5496] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5494] <... futex resumed>) = 0 [pid 5491] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5499] mkdir(".", 0777 [pid 5496] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5494] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5491] <... futex resumed>) = 0 [pid 5499] <... mkdir resumed>) = -1 EEXIST (File exists) [ 104.820195][ T5498] FAULT_INJECTION: forcing a failure. [ 104.820195][ T5498] name failslab, interval 1, probability 0, space 0, times 0 [ 104.841980][ T5519] BTRFS: error (device loop0: state EA) in cleanup_transaction:2005: errno=-12 Out of memory [ 104.866193][ T5499] FAULT_INJECTION: forcing a failure. [ 104.866193][ T5499] name failslab, interval 1, probability 0, space 0, times 0 [ 104.879131][ T5498] CPU: 0 PID: 5498 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 104.880471][ T5496] FAULT_INJECTION: forcing a failure. [ 104.880471][ T5496] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 104.889648][ T5498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 104.889664][ T5498] Call Trace: [ 104.889672][ T5498] [ 104.889680][ T5498] dump_stack_lvl+0x1e7/0x2d0 [ 104.889708][ T5498] ? nf_tcp_handle_invalid+0x650/0x650 [ 104.889729][ T5498] ? panic+0x770/0x770 [ 104.889762][ T5498] should_fail_ex+0x3aa/0x4e0 [ 104.938184][ T5498] should_failslab+0x9/0x20 [ 104.942777][ T5498] slab_pre_alloc_hook+0x59/0x310 [ 104.947999][ T5498] ? tomoyo_encode+0x26f/0x530 [ 104.952846][ T5498] __kmem_cache_alloc_node+0x4b/0x270 [ 104.958258][ T5498] ? arch_stack_walk+0x162/0x1a0 [ 104.963308][ T5498] ? tomoyo_encode+0x26f/0x530 [ 104.968069][ T5498] __kmalloc+0xa8/0x230 [ 104.972223][ T5498] tomoyo_encode+0x26f/0x530 [ 104.976816][ T5498] tomoyo_mount_permission+0x356/0xb80 [ 104.982455][ T5498] ? __stack_depot_save+0x20/0x650 [ 104.987660][ T5498] ? tomoyo_mount_permission+0x295/0xb80 [ 104.994051][ T5498] ? tomoyo_get_name+0x510/0x510 [ 105.000087][ T5498] security_sb_mount+0x8c/0xc0 [ 105.005029][ T5498] path_mount+0xb9/0xfa0 [ 105.009305][ T5498] ? kmem_cache_free+0x292/0x500 [ 105.014437][ T5498] ? user_path_at_empty+0x4c/0x60 [ 105.019839][ T5498] __se_sys_mount+0x2d9/0x3c0 [ 105.025340][ T5498] ? __x64_sys_mount+0xc0/0xc0 [ 105.031089][ T5498] ? syscall_enter_from_user_mode+0x32/0x230 [ 105.037220][ T5498] ? __x64_sys_mount+0x20/0xc0 [ 105.041991][ T5498] do_syscall_64+0x41/0xc0 [ 105.046415][ T5498] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 105.052572][ T5498] RIP: 0033:0x7f41770c949a [ 105.057070][ T5498] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 105.076668][ T5498] RSP: 002b:00007f4177084028 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 105.085097][ T5498] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f41770c949a [ 105.093262][ T5498] RDX: 0000000020000180 RSI: 0000000020000100 RDI: 0000000000000000 [ 105.101271][ T5498] RBP: 0000000020000180 R08: 00007f41770840c0 R09: 0000000000000000 [ 105.109278][ T5498] R10: 0000000001a404bc R11: 0000000000000286 R12: 0000000000000000 [pid 5496] mkdir(".", 0777 [pid 5491] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5499] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5496] <... mkdir resumed>) = -1 EEXIST (File exists) [ 105.117388][ T5498] R13: 0000000020000100 R14: 0000000000000000 R15: 00007f41770840c0 [ 105.125398][ T5498] [ 105.131391][ T5499] CPU: 1 PID: 5499 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 105.131425][ T5519] BTRFS error (device loop0: state EMA): unrecognized mount option '18446744073709551615017777777777777777777770177777777777777777777718446744073709551615lbZ~Ƣ8žH~אa*Oѓ< 5^Sus%e [ 105.131425][ T5519] /ĖEaofmߚtҮ~г#a C$n-SGWmxeGy|sL=~ä_;N' [ 105.141830][ T5499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 105.141843][ T5499] Call Trace: [ 105.141850][ T5499] [ 105.141857][ T5499] dump_stack_lvl+0x1e7/0x2d0 [ 105.141885][ T5499] ? nf_tcp_handle_invalid+0x650/0x650 [ 105.141907][ T5499] ? panic+0x770/0x770 [ 105.202588][ T5499] ? __might_sleep+0xc0/0xc0 [ 105.207482][ T5499] should_fail_ex+0x3aa/0x4e0 [ 105.212293][ T5499] should_failslab+0x9/0x20 [ 105.216838][ T5499] slab_pre_alloc_hook+0x59/0x310 [ 105.221899][ T5499] ? __might_sleep+0xc0/0xc0 [ 105.222440][ T4133] BTRFS error (device loop0: state EMA): fail to start transaction for status update: -30 [ 105.226527][ T5499] kmem_cache_alloc+0x52/0x300 [ 105.241450][ T5499] ? getname_flags+0xbc/0x4f0 [ 105.246158][ T5499] getname_flags+0xbc/0x4f0 [ 105.250685][ T5499] user_path_at_empty+0x2c/0x60 [ 105.255561][ T5499] __se_sys_mount+0x29a/0x3c0 [ 105.260366][ T5499] ? __x64_sys_mount+0xc0/0xc0 [ 105.265231][ T5499] ? syscall_enter_from_user_mode+0x32/0x230 [ 105.271234][ T5499] ? __x64_sys_mount+0x20/0xc0 [ 105.276025][ T5499] do_syscall_64+0x41/0xc0 [ 105.280476][ T5499] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 105.286407][ T5499] RIP: 0033:0x7f41770c949a [ 105.290868][ T5499] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 105.310861][ T5499] RSP: 002b:00007f4177084028 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [pid 5496] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5519] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5502] <... ioctl resumed>) = 0 [pid 5498] <... mount resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 5519] futex(0x7f41771546ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5502] close(4 [pid 5519] <... futex resumed>) = 1 [pid 5502] <... close resumed>) = 0 [pid 5519] futex(0x7f41771546e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5502] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5502] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5492] <... futex resumed>) = 0 [pid 5492] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5492] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5498] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5497] <... futex resumed>) = 0 [pid 5498] <... futex resumed>) = 1 [pid 5497] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5493] <... futex resumed>) = 0 [pid 5497] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5493] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5497] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5493] <... futex resumed>) = 0 [pid 5498] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0) = -1 EBADF (Bad file descriptor) [pid 5498] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5498] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5501] <... futex resumed>) = 0 [pid 5497] <... futex resumed>) = 1 [pid 5493] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5492] <... futex resumed>) = 0 [pid 5501] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5497] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5493] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5492] exit_group(0 [pid 5519] <... futex resumed>) = ? [pid 5502] <... futex resumed>) = 0 [pid 5501] <... futex resumed>) = 1 [pid 5497] <... futex resumed>) = ? [pid 5493] exit_group(0 [pid 5492] <... exit_group resumed>) = ? [pid 5519] +++ exited with 0 +++ [pid 5502] open("./file0", O_RDONLY [pid 5501] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5498] <... futex resumed>) = ? [pid 5497] +++ exited with 0 +++ [pid 5493] <... exit_group resumed>) = ? [pid 5502] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 5498] +++ exited with 0 +++ [pid 5493] +++ exited with 0 +++ [pid 5502] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5029] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5493, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=38 /* 0.38 s */} --- [pid 5502] <... futex resumed>) = 1 [pid 5501] <... futex resumed>) = 0 [pid 5029] restart_syscall(<... resuming interrupted clone ...> [pid 5502] ioctl(-1, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5501] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5029] <... restart_syscall resumed>) = 0 [pid 5502] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5501] <... futex resumed>) = 0 [pid 5502] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5501] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5502] <... futex resumed>) = 0 [pid 5501] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5502] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5501] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5029] umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5502] <... openat resumed>) = 3 [pid 5501] <... futex resumed>) = 0 [pid 5029] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5502] write(3, "15", 2 [pid 5501] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5029] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5502] <... write resumed>) = 2 [pid 5029] <... openat resumed>) = 3 [pid 5502] creat("./bus", 000 [pid 5029] newfstatat(3, "", [pid 5502] <... creat resumed>) = -1 EISDIR (Is a directory) [pid 5029] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5502] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5029] getdents64(3, [pid 5502] <... futex resumed>) = 1 [pid 5501] <... futex resumed>) = 0 [pid 5029] <... getdents64 resumed>0x555555981730 /* 4 entries */, 32768) = 104 [pid 5502] mkdir(".", 0777 [pid 5501] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5029] umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5502] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5501] <... futex resumed>) = 0 [pid 5029] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 105.319376][ T5499] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f41770c949a [ 105.327375][ T5499] RDX: 0000000020000180 RSI: 0000000020000100 RDI: 0000000000000000 [ 105.335373][ T5499] RBP: 0000000020000180 R08: 00007f41770840c0 R09: 0000000000000000 [ 105.344014][ T5499] R10: 0000000001a404bc R11: 0000000000000286 R12: 0000000000000000 [ 105.352204][ T5499] R13: 0000000020000100 R14: 0000000000000000 R15: 00007f41770840c0 [ 105.360220][ T5499] [pid 5502] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\xff\xff\x30\x31\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x37\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\x6c\x62\x5a\xe8\x7e\xc6\xa2\xb7\x07\x38\xc0"... [pid 5501] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5029] newfstatat(AT_FDCWD, "./15/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5029] umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5029] openat(AT_FDCWD, "./15/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5029] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5029] getdents64(4, 0x555555989770 /* 2 entries */, 32768) = 48 [pid 5029] getdents64(4, 0x555555989770 /* 0 entries */, 32768) = 0 [pid 5029] close(4) = 0 [pid 5029] rmdir("./15/bus") = 0 [pid 5029] umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5029] newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5029] unlink("./15/binderfs") = 0 [pid 5029] getdents64(3, 0x555555981730 /* 0 entries */, 32768) = 0 [pid 5029] close(3) = 0 [pid 5029] rmdir("./15") = 0 [pid 5029] mkdir("./16", 0777) = 0 [pid 5029] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5029] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5029] close(3) = 0 [pid 5029] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5522] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5029] <... clone resumed>, child_tidptr=0x555555980690) = 5523 [ 105.396629][ T5502] FAULT_INJECTION: forcing a failure. [ 105.396629][ T5502] name failslab, interval 1, probability 0, space 0, times 0 ./strace-static-x86_64: Process 5523 attached [pid 5523] set_robust_list(0x5555559806a0, 24) = 0 [pid 5523] chdir("./16") = 0 [pid 5523] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5523] setpgid(0, 0) = 0 [pid 5523] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5523] write(3, "1000", 4) = 4 [pid 5523] close(3) = 0 [ 105.449380][ T5496] CPU: 1 PID: 5496 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 105.460812][ T5496] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 105.471500][ T5496] Call Trace: [ 105.474889][ T5496] [ 105.477882][ T5496] dump_stack_lvl+0x1e7/0x2d0 [ 105.482717][ T5496] ? nf_tcp_handle_invalid+0x650/0x650 [ 105.488256][ T5496] ? panic+0x770/0x770 [ 105.492453][ T5496] should_fail_ex+0x3aa/0x4e0 [pid 5523] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5523] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5523] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, NULL, 8) = 0 [pid 5523] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5523] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4177064000 [pid 5523] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5523] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 105.497356][ T5496] strncpy_from_user+0x36/0x2e0 [ 105.502772][ T5496] getname_flags+0xf9/0x4f0 [ 105.507758][ T5496] user_path_at_empty+0x2c/0x60 [ 105.512739][ T5496] __se_sys_mount+0x29a/0x3c0 [ 105.517626][ T5496] ? __x64_sys_mount+0xc0/0xc0 [ 105.522431][ T5496] ? syscall_enter_from_user_mode+0x32/0x230 [ 105.528516][ T5496] ? __x64_sys_mount+0x20/0xc0 [ 105.533450][ T5496] do_syscall_64+0x41/0xc0 [ 105.537990][ T5496] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 105.544183][ T5496] RIP: 0033:0x7f41770c949a [ 105.548617][ T5496] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 105.568250][ T5496] RSP: 002b:00007f4177084028 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 105.576696][ T5496] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f41770c949a [ 105.584866][ T5496] RDX: 0000000020000180 RSI: 0000000020000100 RDI: 0000000000000000 [pid 5523] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0}./strace-static-x86_64: Process 5524 attached [pid 5518] <... futex resumed>) = ? [pid 5524] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053 [pid 5518] +++ exited with 0 +++ [pid 5492] +++ exited with 0 +++ [pid 5523] <... clone3 resumed> => {parent_tid=[5524]}, 88) = 5524 [pid 5523] rt_sigprocmask(SIG_SETMASK, [], [pid 5025] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5492, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=38 /* 0.38 s */} --- [pid 5523] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5025] umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5523] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5025] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5523] <... futex resumed>) = 0 [pid 5025] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5523] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5025] <... openat resumed>) = 3 [pid 5524] <... rseq resumed>) = 0 [pid 5025] newfstatat(3, "", [pid 5524] set_robust_list(0x7f41770849a0, 24 [pid 5025] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5524] <... set_robust_list resumed>) = 0 [pid 5025] getdents64(3, [pid 5524] rt_sigprocmask(SIG_SETMASK, [], [pid 5025] <... getdents64 resumed>0x555555981730 /* 4 entries */, 32768) = 104 [pid 5524] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5025] umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5524] memfd_create("syzkaller", 0) = 3 [pid 5524] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f416ec64000 [ 105.592861][ T5496] RBP: 0000000020000180 R08: 00007f41770840c0 R09: 0000000000000000 [ 105.601558][ T5496] R10: 0000000001a404bc R11: 0000000000000286 R12: 0000000000000000 [ 105.609633][ T5496] R13: 0000000020000100 R14: 0000000000000000 R15: 00007f41770840c0 [ 105.617647][ T5496] [ 105.620869][ T5502] CPU: 0 PID: 5502 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 105.632109][ T5502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 105.642459][ T5502] Call Trace: [ 105.645757][ T5502] [ 105.648965][ T5502] dump_stack_lvl+0x1e7/0x2d0 [ 105.654027][ T5502] ? nf_tcp_handle_invalid+0x650/0x650 [ 105.659680][ T5502] ? panic+0x770/0x770 [ 105.663784][ T5502] should_fail_ex+0x3aa/0x4e0 [ 105.668488][ T5502] should_failslab+0x9/0x20 [ 105.673101][ T5502] slab_pre_alloc_hook+0x59/0x310 [ 105.678324][ T5502] ? tomoyo_encode+0x26f/0x530 [ 105.683648][ T5502] __kmem_cache_alloc_node+0x4b/0x270 [ 105.689306][ T5502] ? arch_stack_walk+0x162/0x1a0 [ 105.694527][ T5502] ? tomoyo_encode+0x26f/0x530 [ 105.699572][ T5502] __kmalloc+0xa8/0x230 [ 105.703773][ T5502] tomoyo_encode+0x26f/0x530 [ 105.708515][ T5502] tomoyo_mount_permission+0x356/0xb80 [ 105.714086][ T5502] ? __stack_depot_save+0x20/0x650 [ 105.719390][ T5502] ? tomoyo_mount_permission+0x295/0xb80 [ 105.725146][ T5502] ? tomoyo_get_name+0x510/0x510 [ 105.730528][ T5502] security_sb_mount+0x8c/0xc0 [ 105.735602][ T5502] path_mount+0xb9/0xfa0 [ 105.739955][ T5502] ? kmem_cache_free+0x292/0x500 [ 105.745370][ T5502] ? user_path_at_empty+0x4c/0x60 [ 105.750611][ T5502] __se_sys_mount+0x2d9/0x3c0 [ 105.755325][ T5502] ? __x64_sys_mount+0xc0/0xc0 [ 105.760137][ T5502] ? syscall_enter_from_user_mode+0x32/0x230 [ 105.766144][ T5502] ? __x64_sys_mount+0x20/0xc0 [ 105.770934][ T5502] do_syscall_64+0x41/0xc0 [ 105.775395][ T5502] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 105.781327][ T5502] RIP: 0033:0x7f41770c949a [ 105.785775][ T5502] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 105.805692][ T5502] RSP: 002b:00007f4177084028 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 105.815102][ T5502] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f41770c949a [ 105.823096][ T5502] RDX: 0000000020000180 RSI: 0000000020000100 RDI: 0000000000000000 [ 105.831356][ T5502] RBP: 0000000020000180 R08: 00007f41770840c0 R09: 0000000000000000 [ 105.840639][ T5502] R10: 0000000001a404bc R11: 0000000000000286 R12: 0000000000000000 [pid 5522] <... write resumed>) = 16777216 [pid 5499] <... mount resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 5496] <... mount resumed>) = -1 EFAULT (Bad address) [pid 5499] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5499] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5496] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5496] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5522] munmap(0x7f416ec64000, 138412032 [pid 5491] <... futex resumed>) = 0 [pid 5494] <... futex resumed>) = 0 [pid 5522] <... munmap resumed>) = 0 [pid 5494] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5491] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5494] <... futex resumed>) = 1 [pid 5491] <... futex resumed>) = 1 [pid 5499] <... futex resumed>) = 0 [pid 5496] <... futex resumed>) = 0 [pid 5499] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5496] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5494] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5491] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5499] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5496] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5499] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5496] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5499] <... futex resumed>) = 1 [pid 5496] <... futex resumed>) = 1 [pid 5499] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5496] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5494] <... futex resumed>) = 0 [pid 5491] <... futex resumed>) = 0 [pid 5491] exit_group(0 [pid 5494] exit_group(0 [pid 5491] <... exit_group resumed>) = ? [pid 5496] <... futex resumed>) = ? [pid 5494] <... exit_group resumed>) = ? [pid 5499] <... futex resumed>) = ? [pid 5496] +++ exited with 0 +++ [pid 5491] +++ exited with 0 +++ [pid 5499] +++ exited with 0 +++ [pid 5494] +++ exited with 0 +++ [pid 5028] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5491, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=44 /* 0.44 s */} --- [pid 5522] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5524] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5027] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5494, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=42 /* 0.42 s */} --- [pid 5522] ioctl(4, LOOP_SET_FD, 3 [pid 5502] <... mount resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 5028] umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5028] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5522] <... ioctl resumed>) = 0 [pid 5522] close(3) = 0 [pid 5522] mkdir("./bus", 0777 [pid 5028] <... openat resumed>) = 3 [pid 5027] umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5522] <... mkdir resumed>) = 0 [pid 5027] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5028] newfstatat(3, "", [pid 5027] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5522] mount("/dev/loop1", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5027] <... openat resumed>) = 3 [pid 5028] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5027] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5028] getdents64(3, [pid 5027] getdents64(3, [pid 5028] <... getdents64 resumed>0x555555981730 /* 4 entries */, 32768) = 104 [pid 5027] <... getdents64 resumed>0x555555981730 /* 4 entries */, 32768) = 104 [pid 5028] umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5027] umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5028] newfstatat(AT_FDCWD, "./14/bus", [pid 5027] newfstatat(AT_FDCWD, "./14/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5028] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5027] umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5028] umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW [ 105.849683][ T5502] R13: 0000000020000100 R14: 0000000000000000 R15: 00007f41770840c0 [ 105.858744][ T5502] [ 105.889210][ T5522] loop1: detected capacity change from 0 to 32768 [ 105.917088][ T5025] ------------[ cut here ]------------ [ 105.923240][ T5025] WARNING: CPU: 0 PID: 5025 at fs/btrfs/space-info.h:198 btrfs_space_info_update_bytes_may_use+0x29f/0x600 [ 105.935394][ T5025] Modules linked in: [ 105.939321][ T5025] CPU: 0 PID: 5025 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 105.946111][ T5522] BTRFS warning: duplicate device /dev/loop1 devid 1 generation 8 scanned by syz-executor340 (5522) [pid 5027] openat(AT_FDCWD, "./14/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5028] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5027] <... openat resumed>) = 4 [pid 5502] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 105.950402][ T5025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 105.972736][ T5025] RIP: 0010:btrfs_space_info_update_bytes_may_use+0x29f/0x600 [ 105.980618][ T5025] Code: 25 00 00 74 08 4c 89 ff e8 8e 48 34 fe 49 8b 1f 48 89 df 48 8b 6c 24 20 48 89 ee e8 0b ab d9 fd 48 39 eb 73 14 e8 f1 a8 d9 fd <0f> 0b 45 31 f6 43 80 7c 25 00 00 75 ac eb b2 e8 dd a8 d9 fd 43 80 [ 106.000598][ T5025] RSP: 0018:ffffc900039f7928 EFLAGS: 00010293 [ 106.007112][ T5025] RAX: ffffffff83b4746f RBX: 000000000015f000 RCX: ffff88801f541dc0 [pid 5502] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5522] <... mount resumed>) = -1 EEXIST (File exists) [pid 5501] <... futex resumed>) = 0 [pid 5028] openat(AT_FDCWD, "./14/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5027] newfstatat(4, "", [pid 5522] ioctl(4, LOOP_CLR_FD [pid 5501] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5028] <... openat resumed>) = 4 [pid 5027] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5502] <... futex resumed>) = 0 [ 106.016059][ T5025] RDX: 0000000000000000 RSI: 0000000000160000 RDI: 000000000015f000 [ 106.024391][ T5025] RBP: 0000000000160000 R08: ffffffff83b47465 R09: 1ffffffff1d32d25 [ 106.033496][ T5025] R10: dffffc0000000000 R11: fffffbfff1d32d26 R12: dffffc0000000000 [ 106.041729][ T5025] R13: 1ffff110042a5a0c R14: ffffffffffea0000 R15: ffff88802152d060 [ 106.050433][ T5025] FS: 00005555559803c0(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 106.059809][ T5025] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [pid 5501] <... futex resumed>) = 1 [pid 5028] newfstatat(4, "", [pid 5027] getdents64(4, [pid 5524] <... write resumed>) = 16777216 [pid 5502] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5501] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5028] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5027] <... getdents64 resumed>0x555555989770 /* 2 entries */, 32768) = 48 [pid 5524] munmap(0x7f416ec64000, 138412032 [pid 5502] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5028] getdents64(4, [pid 5027] getdents64(4, [pid 5502] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5028] <... getdents64 resumed>0x555555989770 /* 2 entries */, 32768) = 48 [pid 5027] <... getdents64 resumed>0x555555989770 /* 0 entries */, 32768) = 0 [pid 5502] <... futex resumed>) = 1 [pid 5501] <... futex resumed>) = 0 [pid 5028] getdents64(4, [pid 5027] close(4 [pid 5502] futex(0x7f41771546c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5501] exit_group(0 [pid 5028] <... getdents64 resumed>0x555555989770 /* 0 entries */, 32768) = 0 [pid 5027] <... close resumed>) = 0 [pid 5502] <... futex resumed>) = ? [ 106.066472][ T5025] CR2: 00007ffc16646b28 CR3: 00000000730d2000 CR4: 00000000003506f0 [ 106.074546][ T5025] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 106.082581][ T5025] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 106.090760][ T5025] Call Trace: [ 106.094132][ T5025] [ 106.097082][ T5025] ? __warn+0x162/0x4a0 [ 106.101328][ T5025] ? btrfs_space_info_update_bytes_may_use+0x29f/0x600 [ 106.108274][ T5025] ? report_bug+0x2b3/0x500 [pid 5501] <... exit_group resumed>) = ? [pid 5028] close(4 [ 106.112974][ T5025] ? btrfs_space_info_update_bytes_may_use+0x29f/0x600 [ 106.120487][ T5025] ? handle_bug+0x3d/0x70 [ 106.124939][ T5025] ? exc_invalid_op+0x1a/0x50 [ 106.129669][ T5025] ? asm_exc_invalid_op+0x1a/0x20 [ 106.134815][ T5025] ? btrfs_space_info_update_bytes_may_use+0x295/0x600 [ 106.141746][ T5025] ? btrfs_space_info_update_bytes_may_use+0x29f/0x600 [ 106.148719][ T5025] ? btrfs_space_info_update_bytes_may_use+0x29f/0x600 [ 106.155864][ T5025] ? btrfs_space_info_update_bytes_may_use+0x29f/0x600 [ 106.156579][ T5524] loop4: detected capacity change from 0 to 32768 [ 106.162861][ T5025] ? __lock_acquire+0x7f70/0x7f70 [ 106.162892][ T5025] btrfs_block_rsv_release+0x47b/0x560 [ 106.162924][ T5025] btrfs_release_global_block_rsv+0x33/0x260 [ 106.186176][ T5025] btrfs_free_block_groups+0xc39/0x1060 [ 106.191982][ T5025] close_ctree+0x75a/0xd40 [ 106.196530][ T5025] ? evict+0x567/0x620 [ 106.200646][ T5025] ? init_tree_roots+0x1db0/0x1db0 [ 106.202225][ T5524] BTRFS warning: duplicate device /dev/loop4 devid 1 generation 8 scanned by syz-executor340 (5524) [ 106.205829][ T5025] ? hook_sb_delete+0x1a3/0xb80 [ 106.221449][ T5025] ? hook_inode_free_security+0xb0/0xb0 [ 106.227218][ T5025] ? __fsnotify_vfsmount_delete+0x20/0x20 [ 106.233015][ T5025] ? clear_inode+0x150/0x150 [ 106.237648][ T5025] ? dput+0x52/0x470 [ 106.241574][ T5025] ? dput+0x452/0x470 [ 106.245957][ T5025] ? fscrypt_destroy_keyring+0x273/0x290 [ 106.252132][ T5025] ? btrfs_fill_super+0x2f0/0x2f0 [ 106.257206][ T5025] generic_shutdown_super+0x13a/0x2c0 [ 106.262696][ T5025] kill_anon_super+0x3b/0x70 [pid 5027] rmdir("./14/bus" [pid 5502] +++ exited with 0 +++ [pid 5501] +++ exited with 0 +++ [pid 5028] <... close resumed>) = 0 [pid 5027] <... rmdir resumed>) = 0 [pid 5524] <... munmap resumed>) = 0 [pid 5028] rmdir("./14/bus" [pid 5027] umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5030] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5501, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=39 /* 0.39 s */} --- [pid 5028] <... rmdir resumed>) = 0 [pid 5027] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5030] umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5028] umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5027] newfstatat(AT_FDCWD, "./14/binderfs", [pid 5030] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5028] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5027] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5030] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5028] newfstatat(AT_FDCWD, "./14/binderfs", [pid 5027] unlink("./14/binderfs" [pid 5030] <... openat resumed>) = 3 [pid 5028] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5027] <... unlink resumed>) = 0 [pid 5030] newfstatat(3, "", [pid 5028] unlink("./14/binderfs" [pid 5027] getdents64(3, [pid 5030] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5028] <... unlink resumed>) = 0 [pid 5027] <... getdents64 resumed>0x555555981730 /* 0 entries */, 32768) = 0 [pid 5030] getdents64(3, [pid 5028] getdents64(3, [pid 5027] close(3 [pid 5030] <... getdents64 resumed>0x555555981730 /* 4 entries */, 32768) = 104 [pid 5028] <... getdents64 resumed>0x555555981730 /* 0 entries */, 32768) = 0 [pid 5027] <... close resumed>) = 0 [pid 5030] umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5028] close(3 [pid 5027] rmdir("./14" [pid 5030] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5028] <... close resumed>) = 0 [pid 5027] <... rmdir resumed>) = 0 [pid 5030] newfstatat(AT_FDCWD, "./13/bus", [pid 5028] rmdir("./14" [pid 5027] mkdir("./15", 0777 [pid 5030] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5028] <... rmdir resumed>) = 0 [pid 5027] <... mkdir resumed>) = 0 [pid 5524] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5030] umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5028] mkdir("./15", 0777 [pid 5027] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5524] <... openat resumed>) = 4 [pid 5030] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5028] <... mkdir resumed>) = 0 [pid 5027] <... openat resumed>) = 3 [pid 5524] ioctl(4, LOOP_SET_FD, 3 [pid 5030] openat(AT_FDCWD, "./13/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5028] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5027] ioctl(3, LOOP_CLR_FD [pid 5030] <... openat resumed>) = 4 [pid 5030] newfstatat(4, "", [pid 5028] <... openat resumed>) = 3 [pid 5027] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5030] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5030] getdents64(4, [pid 5028] ioctl(3, LOOP_CLR_FD [pid 5027] close(3 [pid 5030] <... getdents64 resumed>0x555555989770 /* 2 entries */, 32768) = 48 [pid 5030] getdents64(4, [pid 5028] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5027] <... close resumed>) = 0 [pid 5030] <... getdents64 resumed>0x555555989770 /* 0 entries */, 32768) = 0 [pid 5030] close(4 [pid 5028] close(3 [pid 5027] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5030] <... close resumed>) = 0 [pid 5028] <... close resumed>) = 0 [pid 5030] rmdir("./13/bus") = 0 [pid 5028] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5030] umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5028] <... clone resumed>, child_tidptr=0x555555980690) = 5526 [pid 5027] <... clone resumed>, child_tidptr=0x555555980690) = 5525 ./strace-static-x86_64: Process 5526 attached [pid 5030] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5526] set_robust_list(0x5555559806a0, 24 [pid 5030] newfstatat(AT_FDCWD, "./13/binderfs", [pid 5526] <... set_robust_list resumed>) = 0 [pid 5030] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5526] chdir("./15" [pid 5030] unlink("./13/binderfs" [pid 5526] <... chdir resumed>) = 0 [pid 5030] <... unlink resumed>) = 0 [pid 5526] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5030] getdents64(3, 0x555555981730 /* 0 entries */, 32768) = 0 [pid 5030] close(3 [pid 5526] <... prctl resumed>) = 0 [pid 5030] <... close resumed>) = 0 [pid 5526] setpgid(0, 0 [pid 5030] rmdir("./13" [pid 5526] <... setpgid resumed>) = 0 [pid 5030] <... rmdir resumed>) = 0 [pid 5526] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5030] mkdir("./14", 0777 [pid 5526] <... openat resumed>) = 3 [pid 5030] <... mkdir resumed>) = 0 [pid 5526] write(3, "1000", 4) = 4 [pid 5526] close(3 [pid 5030] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5526] <... close resumed>) = 0 [pid 5524] <... ioctl resumed>) = 0 [pid 5030] <... openat resumed>) = 3 [pid 5526] symlink("/dev/binderfs", "./binderfs" [pid 5524] close(3 [pid 5030] ioctl(3, LOOP_CLR_FD [pid 5526] <... symlink resumed>) = 0 [pid 5524] <... close resumed>) = 0 [pid 5030] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5526] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5524] mkdir("./bus", 0777 [pid 5030] close(3 [pid 5526] <... futex resumed>) = 0 [pid 5524] <... mkdir resumed>) = 0 [pid 5030] <... close resumed>) = 0 [pid 5526] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, NULL, 8) = 0 [pid 5526] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5526] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5030] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5526] <... mmap resumed>) = 0x7f4177064000 [pid 5526] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE [pid 5524] mount("/dev/loop4", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl," [pid 5526] <... mprotect resumed>) = 0 [pid 5526] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5030] <... clone resumed>, child_tidptr=0x555555980690) = 5527 ./strace-static-x86_64: Process 5527 attached [pid 5527] set_robust_list(0x5555559806a0, 24) = 0 [pid 5527] chdir("./14" [pid 5526] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5526] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0}./strace-static-x86_64: Process 5528 attached [pid 5527] <... chdir resumed>) = 0 [pid 5526] <... clone3 resumed> => {parent_tid=[5528]}, 88) = 5528 [pid 5528] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053 [pid 5527] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5526] rt_sigprocmask(SIG_SETMASK, [], [pid 5527] <... prctl resumed>) = 0 [pid 5526] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5527] setpgid(0, 0 [pid 5526] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5527] <... setpgid resumed>) = 0 [pid 5526] <... futex resumed>) = 0 [pid 5527] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5526] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5528] <... rseq resumed>) = 0 [pid 5527] <... openat resumed>) = 3 [pid 5528] set_robust_list(0x7f41770849a0, 24) = 0 [pid 5528] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5528] memfd_create("syzkaller", 0) = 3 [pid 5527] write(3, "1000", 4 [pid 5528] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5527] <... write resumed>) = 4 [pid 5528] <... mmap resumed>) = 0x7f416ec64000 [pid 5527] close(3) = 0 [pid 5527] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5527] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5527] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, NULL, 8) = 0 [pid 5524] <... mount resumed>) = -1 EEXIST (File exists) [pid 5527] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5524] ioctl(4, LOOP_CLR_FD [pid 5527] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5527] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4177064000 [pid 5527] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5527] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5527] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0} => {parent_tid=[5529]}, 88) = 5529 ./strace-static-x86_64: Process 5529 attached [pid 5527] rt_sigprocmask(SIG_SETMASK, [], [pid 5529] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053 [pid 5527] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5529] <... rseq resumed>) = 0 [pid 5529] set_robust_list(0x7f41770849a0, 24) = 0 [pid 5527] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5529] rt_sigprocmask(SIG_SETMASK, [], [pid 5527] <... futex resumed>) = 0 [pid 5529] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5527] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5529] memfd_create("syzkaller", 0) = 3 [pid 5529] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f416ec64000 [ 106.267325][ T5025] btrfs_kill_super+0x41/0x50 [ 106.272089][ T5025] deactivate_locked_super+0xa4/0x110 [ 106.277509][ T5025] cleanup_mnt+0x426/0x4c0 [ 106.282203][ T5025] ? _raw_spin_unlock_irq+0x23/0x50 [ 106.287448][ T5025] task_work_run+0x24a/0x300 [ 106.292204][ T5025] ? task_work_cancel+0x2b0/0x2b0 [ 106.297263][ T5025] ? lockdep_hardirqs_on+0x98/0x140 [ 106.302813][ T5025] ? __x64_sys_umount+0x126/0x170 [ 106.307888][ T5025] ptrace_notify+0x2cd/0x380 [ 106.312639][ T5025] ? do_notify_parent+0x1100/0x1100 [ 106.317969][ T5025] ? __x64_sys_umount+0x126/0x170 [ 106.323189][ T5025] ? path_umount+0xf40/0xf40 [ 106.327819][ T5025] ? syscall_enter_from_user_mode+0x32/0x230 [ 106.333881][ T5025] syscall_exit_to_user_mode+0x15c/0x280 [ 106.340188][ T5025] do_syscall_64+0x4d/0xc0 [ 106.345362][ T5025] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 106.351493][ T5025] RIP: 0033:0x7f41770c92a7 ./strace-static-x86_64: Process 5525 attached [pid 5525] set_robust_list(0x5555559806a0, 24) = 0 [pid 5525] chdir("./15") = 0 [pid 5525] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5525] setpgid(0, 0) = 0 [pid 5525] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5525] write(3, "1000", 4) = 4 [pid 5525] close(3) = 0 [pid 5525] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5525] futex(0x7f41771546cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5525] rt_sigaction(SIGRT_1, {sa_handler=0x7f41770ee460, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41770df610}, NULL, 8) = 0 [pid 5525] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5525] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4177064000 [pid 5525] mprotect(0x7f4177065000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5525] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5525] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4177084990, parent_tid=0x7f4177084990, exit_signal=0, stack=0x7f4177064000, stack_size=0x20300, tls=0x7f41770846c0} => {parent_tid=[5530]}, 88) = 5530 [pid 5525] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5525] futex(0x7f41771546c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5525] futex(0x7f41771546cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5530 attached [pid 5530] rseq(0x7f4177084fe0, 0x20, 0, 0x53053053) = 0 [pid 5530] set_robust_list(0x7f41770849a0, 24) = 0 [pid 5530] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5530] memfd_create("syzkaller", 0) = 3 [pid 5530] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f416ec64000 [ 106.356086][ T5025] Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8 [ 106.376774][ T5025] RSP: 002b:00007ffc166472d8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 [ 106.385357][ T5025] RAX: 0000000000000000 RBX: 00000000000190a8 RCX: 00007f41770c92a7 [ 106.393436][ T5025] RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffc16647390 [ 106.401445][ T5025] RBP: 00007ffc16647390 R08: 0000000000000000 R09: 0000000000000000 [ 106.409490][ T5025] R10: 00000000ffffffff R11: 0000000000000206 R12: 00007ffc16648440 [ 106.417624][ T5025] R13: 0000555555981700 R14: 431bde82d7b634db R15: 00007ffc166483e4 [ 106.425686][ T5025] [ 106.428812][ T5025] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 106.436475][ T5025] CPU: 0 PID: 5025 Comm: syz-executor340 Not tainted 6.6.0-rc7-syzkaller-00018-gd88520ad73b7 #0 [ 106.446999][ T5025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 106.457257][ T5025] Call Trace: [ 106.460653][ T5025] [ 106.463592][ T5025] dump_stack_lvl+0x1e7/0x2d0 [ 106.468301][ T5025] ? nf_tcp_handle_invalid+0x650/0x650 [ 106.473956][ T5025] ? panic+0x770/0x770 [ 106.478215][ T5025] ? vscnprintf+0x5d/0x80 [ 106.482544][ T5025] panic+0x30f/0x770 [ 106.486473][ T5025] ? __warn+0x171/0x4a0 [ 106.490711][ T5025] ? __memcpy_flushcache+0x2b0/0x2b0 [ 106.496017][ T5025] __warn+0x314/0x4a0 [ 106.500081][ T5025] ? btrfs_space_info_update_bytes_may_use+0x29f/0x600 [ 106.507112][ T5025] report_bug+0x2b3/0x500 [ 106.511472][ T5025] ? btrfs_space_info_update_bytes_may_use+0x29f/0x600 [ 106.518354][ T5025] handle_bug+0x3d/0x70 [ 106.522517][ T5025] exc_invalid_op+0x1a/0x50 [ 106.527161][ T5025] asm_exc_invalid_op+0x1a/0x20 [ 106.532049][ T5025] RIP: 0010:btrfs_space_info_update_bytes_may_use+0x29f/0x600 [ 106.539620][ T5025] Code: 25 00 00 74 08 4c 89 ff e8 8e 48 34 fe 49 8b 1f 48 89 df 48 8b 6c 24 20 48 89 ee e8 0b ab d9 fd 48 39 eb 73 14 e8 f1 a8 d9 fd <0f> 0b 45 31 f6 43 80 7c 25 00 00 75 ac eb b2 e8 dd a8 d9 fd 43 80 [ 106.559858][ T5025] RSP: 0018:ffffc900039f7928 EFLAGS: 00010293 [ 106.566013][ T5025] RAX: ffffffff83b4746f RBX: 000000000015f000 RCX: ffff88801f541dc0 [ 106.574009][ T5025] RDX: 0000000000000000 RSI: 0000000000160000 RDI: 000000000015f000 [ 106.581981][ T5025] RBP: 0000000000160000 R08: ffffffff83b47465 R09: 1ffffffff1d32d25 [ 106.590039][ T5025] R10: dffffc0000000000 R11: fffffbfff1d32d26 R12: dffffc0000000000 [ 106.598004][ T5025] R13: 1ffff110042a5a0c R14: ffffffffffea0000 R15: ffff88802152d060 [ 106.606060][ T5025] ? btrfs_space_info_update_bytes_may_use+0x295/0x600 [ 106.612918][ T5025] ? btrfs_space_info_update_bytes_may_use+0x29f/0x600 [ 106.619770][ T5025] ? btrfs_space_info_update_bytes_may_use+0x29f/0x600 [ 106.626640][ T5025] ? __lock_acquire+0x7f70/0x7f70 [ 106.631761][ T5025] btrfs_block_rsv_release+0x47b/0x560 [ 106.637627][ T5025] btrfs_release_global_block_rsv+0x33/0x260 [ 106.643807][ T5025] btrfs_free_block_groups+0xc39/0x1060 [ 106.649530][ T5025] close_ctree+0x75a/0xd40 [ 106.654030][ T5025] ? evict+0x567/0x620 [ 106.658095][ T5025] ? init_tree_roots+0x1db0/0x1db0 [ 106.663213][ T5025] ? hook_sb_delete+0x1a3/0xb80 [ 106.668271][ T5025] ? hook_inode_free_security+0xb0/0xb0 [ 106.674180][ T5025] ? __fsnotify_vfsmount_delete+0x20/0x20 [ 106.680025][ T5025] ? clear_inode+0x150/0x150 [ 106.684629][ T5025] ? dput+0x52/0x470 [ 106.688618][ T5025] ? dput+0x452/0x470 [ 106.692655][ T5025] ? fscrypt_destroy_keyring+0x273/0x290 [ 106.698554][ T5025] ? btrfs_fill_super+0x2f0/0x2f0 [ 106.703747][ T5025] generic_shutdown_super+0x13a/0x2c0 [ 106.709203][ T5025] kill_anon_super+0x3b/0x70 [ 106.713904][ T5025] btrfs_kill_super+0x41/0x50 [ 106.718605][ T5025] deactivate_locked_super+0xa4/0x110 [ 106.724195][ T5025] cleanup_mnt+0x426/0x4c0 [ 106.728736][ T5025] ? _raw_spin_unlock_irq+0x23/0x50 [ 106.734050][ T5025] task_work_run+0x24a/0x300 [ 106.738664][ T5025] ? task_work_cancel+0x2b0/0x2b0 [ 106.743877][ T5025] ? lockdep_hardirqs_on+0x98/0x140 [ 106.749548][ T5025] ? __x64_sys_umount+0x126/0x170 [ 106.754708][ T5025] ptrace_notify+0x2cd/0x380 [ 106.759418][ T5025] ? do_notify_parent+0x1100/0x1100 [ 106.764726][ T5025] ? __x64_sys_umount+0x126/0x170 [ 106.769771][ T5025] ? path_umount+0xf40/0xf40 [ 106.774596][ T5025] ? syscall_enter_from_user_mode+0x32/0x230 [ 106.780622][ T5025] syscall_exit_to_user_mode+0x15c/0x280 [ 106.786550][ T5025] do_syscall_64+0x4d/0xc0 [ 106.791265][ T5025] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 106.798577][ T5025] RIP: 0033:0x7f41770c92a7 [ 106.803289][ T5025] Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8 [ 106.823899][ T5025] RSP: 002b:00007ffc166472d8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 [ 106.835750][ T5025] RAX: 0000000000000000 RBX: 00000000000190a8 RCX: 00007f41770c92a7 [ 106.844266][ T5025] RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffc16647390 [ 106.852516][ T5025] RBP: 00007ffc16647390 R08: 0000000000000000 R09: 0000000000000000 [ 106.860652][ T5025] R10: 00000000ffffffff R11: 0000000000000206 R12: 00007ffc16648440 [ 106.868971][ T5025] R13: 0000555555981700 R14: 431bde82d7b634db R15: 00007ffc166483e4 [ 106.877097][ T5025] [ 106.880635][ T5025] Kernel Offset: disabled [ 106.885057][ T5025] Rebooting in 86400 seconds..