./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor790257210
<...>
Warning: Permanently added '10.128.10.46' (ED25519) to the list of known hosts.
execve("./syz-executor790257210", ["./syz-executor790257210"], 0x7ffc4b0c5d10 /* 10 vars */) = 0
brk(NULL) = 0x555555d0a000
brk(0x555555d0ad00) = 0x555555d0ad00
arch_prctl(ARCH_SET_FS, 0x555555d0a380) = 0
set_tid_address(0x555555d0a650) = 5016
set_robust_list(0x555555d0a660, 24) = 0
rseq(0x555555d0aca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor790257210", 4096) = 27
getrandom("\xb3\xa4\x3a\x91\x06\xd5\x51\xf3", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x555555d0ad00
brk(0x555555d2bd00) = 0x555555d2bd00
brk(0x555555d2c000) = 0x555555d2c000
mprotect(0x7f12a08d7000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
mkdir("./syzkaller.b9PYof", 0700) = 0
chmod("./syzkaller.b9PYof", 0777) = 0
chdir("./syzkaller.b9PYof") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
[ 79.329112][ T26] audit: type=1400 audit(1691294475.201:83): avc: denied { write } for pid=5013 comm="strace-static-x" path="pipe:[29897]" dev="pipefs" ino=29897 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[ 79.359984][ T26] audit: type=1400 audit(1691294475.231:84): avc: denied { execmem } for pid=5016 comm="syz-executor790" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d0a650) = 5017
./strace-static-x86_64: Process 5017 attached
[pid 5017] set_robust_list(0x555555d0a660, 24) = 0
[pid 5017] chdir("./0") = 0
[pid 5017] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5017] setpgid(0, 0) = 0
[pid 5017] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[ 79.380142][ T26] audit: type=1400 audit(1691294475.231:85): avc: denied { read write } for pid=5016 comm="syz-executor790" name="loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[pid 5017] write(3, "1000", 4) = 4
[pid 5017] close(3) = 0
[pid 5017] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5017] memfd_create("syzkaller", 0) = 3
[pid 5017] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f129841f000
[ 79.413800][ T26] audit: type=1400 audit(1691294475.231:86): avc: denied { open } for pid=5016 comm="syz-executor790" path="/dev/loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 79.438451][ T26] audit: type=1400 audit(1691294475.231:87): avc: denied { ioctl } for pid=5016 comm="syz-executor790" path="/dev/loop0" dev="devtmpfs" ino=648 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 79.443254][ T5017] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5017 'syz-executor790'
[pid 5017] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5017] munmap(0x7f129841f000, 16777216) = 0
[pid 5017] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5017] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5017] close(3) = 0
[pid 5017] mkdir("./bus", 0777) = 0
[ 79.670903][ T5017] loop0: detected capacity change from 0 to 32768
[ 79.683020][ T26] audit: type=1400 audit(1691294475.551:88): avc: denied { mounton } for pid=5017 comm="syz-executor790" path="/root/syzkaller.b9PYof/0/bus" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[ 79.699025][ T5017] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor790 (5017)
[ 79.727842][ T5017] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 79.736835][ T5017] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 79.747738][ T5017] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 79.758964][ T5017] BTRFS info (device loop0): force clearing of disk cache
[ 79.766483][ T5017] BTRFS info (device loop0): force zlib compression, level 3
[ 79.773924][ T5017] BTRFS info (device loop0): using free space tree
[ 79.800745][ T5017] BTRFS info (device loop0): enabling ssd optimizations
[ 79.807901][ T5017] BTRFS info (device loop0): auto enabling async discard
[ 79.816997][ T5017] BTRFS info (device loop0): rebuilding free space tree
[pid 5017] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "user_subvol_rm_allowed,noinode_cache,inode_cache,clear_cache,compress-force,noacl,treelog,") = 0
[pid 5017] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5017] chdir("./bus") = 0
[pid 5017] ioctl(4, LOOP_CLR_FD) = 0
[pid 5017] close(4) = 0
[pid 5017] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5017] write(4, "19", 2) = 2
[ 79.848185][ T26] audit: type=1400 audit(1691294475.721:89): avc: denied { mount } for pid=5017 comm="syz-executor790" name="/" dev="loop0" ino=256 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[ 79.874234][ T5017] audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=64
[ 79.882677][ T5017] audit: out of memory in audit_log_start
[pid 5017] open("./file0", O_WRONLY|O_LARGEFILE|O_NOFOLLOW|O_TMPFILE, 000) = 5
[pid 5017] exit_group(0) = ?
[pid 5017] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5017, si_uid=0, si_status=0, si_utime=0, si_stime=38 /* 0.38 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555d0b6f0 /* 4 entries */, 32768) = 104
[ 79.896559][ T26] audit: type=1400 audit(1691294475.771:90): avc: denied { write open } for pid=5017 comm="syz-executor790" path=2F726F6F742F73797A6B616C6C65722E623950596F662F302F6275732F66696C65302F23323633202864656C6574656429 dev="loop0" ino=263 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555d13730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555d13730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./0/bus") = 0
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/binderfs") = 0
getdents64(3, 0x555555d0b6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./0") = 0
mkdir("./1", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d0a650) = 5045
./strace-static-x86_64: Process 5045 attached
[pid 5045] set_robust_list(0x555555d0a660, 24) = 0
[pid 5045] chdir("./1") = 0
[pid 5045] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5045] setpgid(0, 0) = 0
[pid 5045] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5045] write(3, "1000", 4) = 4
[pid 5045] close(3) = 0
[pid 5045] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5045] memfd_create("syzkaller", 0) = 3
[pid 5045] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f129841f000
[pid 5045] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5045] munmap(0x7f129841f000, 16777216) = 0
[pid 5045] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5045] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5045] close(3) = 0
[pid 5045] mkdir("./bus", 0777) = 0
[ 80.392934][ T5045] loop0: detected capacity change from 0 to 32768
[ 80.405051][ T5045] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor790 (5045)
[ 80.427022][ T5045] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 80.435904][ T5045] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 80.446749][ T5045] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 80.457594][ T5045] BTRFS info (device loop0): force clearing of disk cache
[ 80.464790][ T5045] BTRFS info (device loop0): force zlib compression, level 3
[ 80.472218][ T5045] BTRFS info (device loop0): using free space tree
[pid 5045] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "user_subvol_rm_allowed,noinode_cache,inode_cache,clear_cache,compress-force,noacl,treelog,") = 0
[pid 5045] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5045] chdir("./bus") = 0
[pid 5045] ioctl(4, LOOP_CLR_FD) = 0
[pid 5045] close(4) = 0
[pid 5045] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5045] write(4, "19", 2) = 2
[ 80.491774][ T5045] BTRFS info (device loop0): enabling ssd optimizations
[ 80.498905][ T5045] BTRFS info (device loop0): auto enabling async discard
[ 80.507163][ T5045] BTRFS info (device loop0): rebuilding free space tree
[ 80.529814][ T5045] FAULT_INJECTION: forcing a failure.
[ 80.529814][ T5045] name failslab, interval 1, probability 0, space 0, times 0
[ 80.543605][ T5045] CPU: 1 PID: 5045 Comm: syz-executor790 Not tainted 6.5.0-rc4-syzkaller-00245-gf6a691685962 #0
[ 80.554085][ T5045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[ 80.564176][ T5045] Call Trace:
[ 80.567493][ T5045]
[ 80.570471][ T5045] dump_stack_lvl+0x125/0x1b0
[ 80.575218][ T5045] should_fail_ex+0x496/0x5b0
[ 80.579953][ T5045] should_failslab+0x9/0x20
[ 80.584502][ T5045] __kmem_cache_alloc_node+0x5f/0x470
[ 80.589945][ T5045] ? spin_bug+0x1d0/0x1d0
[ 80.594334][ T5045] kmalloc_trace+0x25/0xe0
[ 80.598801][ T5045] join_transaction+0x136/0x1030
[ 80.603807][ T5045] start_transaction+0x757/0x14d0
[ 80.608887][ T5045] btrfs_tmpfile+0x2b9/0x440
[ 80.613543][ T5045] ? btrfs_create_new_inode+0x2610/0x2610
[ 80.619328][ T5045] ? do_raw_spin_unlock+0x173/0x230
[ 80.624603][ T5045] ? _raw_spin_unlock+0x28/0x40
[ 80.629532][ T5045] ? d_alloc+0x1b7/0x220
[ 80.633822][ T5045] vfs_tmpfile+0x2b1/0x4d0
[ 80.638317][ T5045] path_openat+0xc96/0x29c0
[ 80.642877][ T5045] ? path_lookupat+0x770/0x770
[ 80.647691][ T5045] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 80.653743][ T5045] do_filp_open+0x1de/0x430
[ 80.658323][ T5045] ? may_open_dev+0xf0/0xf0
[ 80.662887][ T5045] ? find_held_lock+0x2d/0x110
[ 80.667706][ T5045] ? _raw_spin_unlock+0x28/0x40
[ 80.672626][ T5045] ? alloc_fd+0x2da/0x6c0
[ 80.677019][ T5045] do_sys_openat2+0x176/0x1e0
[ 80.681771][ T5045] ? build_open_flags+0x690/0x690
[ 80.686858][ T5045] ? ptrace_notify+0xf4/0x130
[ 80.691582][ T5045] ? reacquire_held_locks+0x4b0/0x4b0
[ 80.697016][ T5045] __x64_sys_open+0x154/0x1e0
[ 80.701776][ T5045] ? do_sys_open+0x160/0x160
[ 80.706423][ T5045] ? _raw_spin_unlock_irq+0x2e/0x50
[ 80.711680][ T5045] ? ptrace_notify+0xf4/0x130
[ 80.716409][ T5045] do_syscall_64+0x38/0xb0
[ 80.720869][ T5045] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 80.726812][ T5045] RIP: 0033:0x7f12a085e2a9
[ 80.731268][ T5045] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 80.750917][ T5045] RSP: 002b:00007ffd73ae0528 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[ 80.759342][ T5045] RAX: ffffffffffffffda RBX: 00007ffd73ae0550 RCX: 00007f12a085e2a9
[ 80.767359][ T5045] RDX: 0000000000000000 RSI: 0000000000438001 RDI: 0000000020000000
[ 80.775348][ T5045] RBP: 0000000000000002 R08: 00007ffd73ae02c6 R09: 00007ffd73ae0570
[ 80.783342][ T5045] R10: 0000000000000002 R11: 0000000000000246 R12: 00007ffd73ae054c
[pid 5045] open("./file0", O_WRONLY|O_LARGEFILE|O_NOFOLLOW|O_TMPFILE, 000) = -1 ENOMEM (Cannot allocate memory)
[pid 5045] exit_group(0) = ?
[pid 5045] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5045, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=32 /* 0.32 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555d0b6f0 /* 4 entries */, 32768) = 104
[ 80.791327][ T5045] R13: 0000000000000001 R14: 431bde82d7b634db R15: 00007ffd73ae0590
[ 80.799316][ T5045]
umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555d13730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555d13730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./1/bus") = 0
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/binderfs") = 0
getdents64(3, 0x555555d0b6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./1") = 0
mkdir("./2", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d0a650) = 5065
./strace-static-x86_64: Process 5065 attached
[pid 5065] set_robust_list(0x555555d0a660, 24) = 0
[pid 5065] chdir("./2") = 0
[pid 5065] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5065] setpgid(0, 0) = 0
[pid 5065] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5065] write(3, "1000", 4) = 4
[pid 5065] close(3) = 0
[pid 5065] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5065] memfd_create("syzkaller", 0) = 3
[pid 5065] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f129841f000
[pid 5065] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5065] munmap(0x7f129841f000, 16777216) = 0
[pid 5065] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5065] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5065] close(3) = 0
[pid 5065] mkdir("./bus", 0777) = 0
[ 81.172591][ T5065] loop0: detected capacity change from 0 to 32768
[ 81.185214][ T5065] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor790 (5065)
[ 81.202231][ T5065] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 81.211400][ T5065] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 81.222534][ T5065] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 81.233657][ T5065] BTRFS info (device loop0): force clearing of disk cache
[ 81.241091][ T5065] BTRFS info (device loop0): force zlib compression, level 3
[ 81.248699][ T5065] BTRFS info (device loop0): using free space tree
[pid 5065] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "user_subvol_rm_allowed,noinode_cache,inode_cache,clear_cache,compress-force,noacl,treelog,") = 0
[pid 5065] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5065] chdir("./bus") = 0
[pid 5065] ioctl(4, LOOP_CLR_FD) = 0
[pid 5065] close(4) = 0
[pid 5065] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5065] write(4, "19", 2) = 2
[ 81.266437][ T5065] BTRFS info (device loop0): enabling ssd optimizations
[ 81.273739][ T5065] BTRFS info (device loop0): auto enabling async discard
[ 81.282647][ T5065] BTRFS info (device loop0): rebuilding free space tree
[ 81.310192][ T5065] FAULT_INJECTION: forcing a failure.
[ 81.310192][ T5065] name failslab, interval 1, probability 0, space 0, times 0
[ 81.323508][ T5065] CPU: 0 PID: 5065 Comm: syz-executor790 Not tainted 6.5.0-rc4-syzkaller-00245-gf6a691685962 #0
[ 81.333985][ T5065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[ 81.344082][ T5065] Call Trace:
[ 81.347394][ T5065]
[ 81.350363][ T5065] dump_stack_lvl+0x125/0x1b0
[ 81.355096][ T5065] should_fail_ex+0x496/0x5b0
[ 81.359834][ T5065] should_failslab+0x9/0x20
[ 81.364385][ T5065] __kmem_cache_alloc_node+0x5f/0x470
[ 81.369821][ T5065] ? spin_bug+0x1d0/0x1d0
[ 81.374228][ T5065] kmalloc_trace+0x25/0xe0
[ 81.378695][ T5065] join_transaction+0x136/0x1030
[ 81.383700][ T5065] start_transaction+0x757/0x14d0
[ 81.388771][ T5065] btrfs_tmpfile+0x2b9/0x440
[ 81.393394][ T5065] ? btrfs_create_new_inode+0x2610/0x2610
[ 81.399145][ T5065] ? do_raw_spin_unlock+0x173/0x230
[ 81.404380][ T5065] ? _raw_spin_unlock+0x28/0x40
[ 81.409268][ T5065] ? d_alloc+0x1b7/0x220
[ 81.413533][ T5065] vfs_tmpfile+0x2b1/0x4d0
[ 81.417978][ T5065] path_openat+0xc96/0x29c0
[ 81.422513][ T5065] ? path_lookupat+0x770/0x770
[ 81.427306][ T5065] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 81.433318][ T5065] do_filp_open+0x1de/0x430
[ 81.437857][ T5065] ? may_open_dev+0xf0/0xf0
[ 81.442387][ T5065] ? find_held_lock+0x2d/0x110
[ 81.447176][ T5065] ? _raw_spin_unlock+0x28/0x40
[ 81.452067][ T5065] ? alloc_fd+0x2da/0x6c0
[ 81.456436][ T5065] do_sys_openat2+0x176/0x1e0
[ 81.461159][ T5065] ? build_open_flags+0x690/0x690
[ 81.466223][ T5065] ? ptrace_notify+0xf4/0x130
[ 81.470940][ T5065] ? reacquire_held_locks+0x4b0/0x4b0
[ 81.476360][ T5065] __x64_sys_open+0x154/0x1e0
[ 81.481089][ T5065] ? do_sys_open+0x160/0x160
[ 81.485720][ T5065] ? _raw_spin_unlock_irq+0x2e/0x50
[ 81.490954][ T5065] ? ptrace_notify+0xf4/0x130
[ 81.495661][ T5065] do_syscall_64+0x38/0xb0
[ 81.500102][ T5065] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 81.506022][ T5065] RIP: 0033:0x7f12a085e2a9
[ 81.510452][ T5065] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 81.530080][ T5065] RSP: 002b:00007ffd73ae0528 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[ 81.538543][ T5065] RAX: ffffffffffffffda RBX: 00007ffd73ae0550 RCX: 00007f12a085e2a9
[ 81.546531][ T5065] RDX: 0000000000000000 RSI: 0000000000438001 RDI: 0000000020000000
[ 81.554531][ T5065] RBP: 0000000000000002 R08: 00007ffd73ae02c6 R09: 00007ffd73ae0570
[ 81.562533][ T5065] R10: 0000000000000002 R11: 0000000000000246 R12: 00007ffd73ae054c
[pid 5065] open("./file0", O_WRONLY|O_LARGEFILE|O_NOFOLLOW|O_TMPFILE, 000) = -1 ENOMEM (Cannot allocate memory)
[pid 5065] exit_group(0) = ?
[pid 5065] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5065, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=28 /* 0.28 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555d0b6f0 /* 4 entries */, 32768) = 104
[ 81.570530][ T5065] R13: 0000000000000002 R14: 431bde82d7b634db R15: 00007ffd73ae0590
[ 81.578528][ T5065]
umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555d13730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555d13730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./2/bus") = 0
umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./2/binderfs") = 0
getdents64(3, 0x555555d0b6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./2") = 0
mkdir("./3", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d0a650) = 5089
./strace-static-x86_64: Process 5089 attached
[pid 5089] set_robust_list(0x555555d0a660, 24) = 0
[pid 5089] chdir("./3") = 0
[pid 5089] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5089] setpgid(0, 0) = 0
[pid 5089] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5089] write(3, "1000", 4) = 4
[pid 5089] close(3) = 0
[pid 5089] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5089] memfd_create("syzkaller", 0) = 3
[pid 5089] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f129841f000
[pid 5089] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5089] munmap(0x7f129841f000, 16777216) = 0
[pid 5089] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5089] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5089] close(3) = 0
[pid 5089] mkdir("./bus", 0777) = 0
[ 81.973257][ T5089] loop0: detected capacity change from 0 to 32768
[ 81.984395][ T5089] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor790 (5089)
[ 82.001143][ T5089] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 82.010081][ T5089] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 82.020945][ T5089] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 82.031829][ T5089] BTRFS info (device loop0): force clearing of disk cache
[ 82.039024][ T5089] BTRFS info (device loop0): force zlib compression, level 3
[ 82.046548][ T5089] BTRFS info (device loop0): using free space tree
[ 82.066640][ T5089] BTRFS info (device loop0): enabling ssd optimizations
[pid 5089] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "user_subvol_rm_allowed,noinode_cache,inode_cache,clear_cache,compress-force,noacl,treelog,") = 0
[pid 5089] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5089] chdir("./bus") = 0
[pid 5089] ioctl(4, LOOP_CLR_FD) = 0
[pid 5089] close(4) = 0
[pid 5089] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5089] write(4, "19", 2) = 2
[pid 5089] open("./file0", O_WRONLY|O_LARGEFILE|O_NOFOLLOW|O_TMPFILE, 000) = 5
[pid 5089] exit_group(0) = ?
[pid 5089] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5089, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=28 /* 0.28 s */} ---
umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555d0b6f0 /* 4 entries */, 32768) = 104
[ 82.073639][ T5089] BTRFS info (device loop0): auto enabling async discard
[ 82.081534][ T5089] BTRFS info (device loop0): rebuilding free space tree
umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555d13730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555d13730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./3/bus") = 0
umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./3/binderfs") = 0
getdents64(3, 0x555555d0b6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./3") = 0
mkdir("./4", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d0a650) = 5106
./strace-static-x86_64: Process 5106 attached
[pid 5106] set_robust_list(0x555555d0a660, 24) = 0
[pid 5106] chdir("./4") = 0
[pid 5106] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5106] setpgid(0, 0) = 0
[pid 5106] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5106] write(3, "1000", 4) = 4
[pid 5106] close(3) = 0
[pid 5106] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5106] memfd_create("syzkaller", 0) = 3
[pid 5106] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f129841f000
[pid 5106] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5106] munmap(0x7f129841f000, 16777216) = 0
[pid 5106] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5106] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5106] close(3) = 0
[pid 5106] mkdir("./bus", 0777) = 0
[ 82.546414][ T5106] loop0: detected capacity change from 0 to 32768
[ 82.556759][ T5106] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor790 (5106)
[ 82.573697][ T5106] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 82.582576][ T5106] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 82.593443][ T5106] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 82.604316][ T5106] BTRFS info (device loop0): force clearing of disk cache
[ 82.611574][ T5106] BTRFS info (device loop0): force zlib compression, level 3
[ 82.619099][ T5106] BTRFS info (device loop0): using free space tree
[ 82.637678][ T5106] BTRFS info (device loop0): enabling ssd optimizations
[pid 5106] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "user_subvol_rm_allowed,noinode_cache,inode_cache,clear_cache,compress-force,noacl,treelog,") = 0
[pid 5106] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5106] chdir("./bus") = 0
[pid 5106] ioctl(4, LOOP_CLR_FD) = 0
[pid 5106] close(4) = 0
[pid 5106] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5106] write(4, "19", 2) = 2
[ 82.644815][ T5106] BTRFS info (device loop0): auto enabling async discard
[ 82.652564][ T5106] BTRFS info (device loop0): rebuilding free space tree
[ 82.676430][ T5106] FAULT_INJECTION: forcing a failure.
[ 82.676430][ T5106] name failslab, interval 1, probability 0, space 0, times 0
[ 82.689391][ T5106] CPU: 0 PID: 5106 Comm: syz-executor790 Not tainted 6.5.0-rc4-syzkaller-00245-gf6a691685962 #0
[ 82.699859][ T5106] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[ 82.709961][ T5106] Call Trace:
[ 82.713281][ T5106]
[ 82.716244][ T5106] dump_stack_lvl+0x125/0x1b0
[ 82.720951][ T5106] should_fail_ex+0x496/0x5b0
[ 82.725668][ T5106] should_failslab+0x9/0x20
[ 82.730216][ T5106] kmem_cache_alloc+0x61/0x400
[ 82.735025][ T5106] ? do_raw_spin_unlock+0x173/0x230
[ 82.740256][ T5106] start_transaction+0x6b3/0x14d0
[ 82.745310][ T5106] btrfs_tmpfile+0x2b9/0x440
[ 82.749930][ T5106] ? btrfs_create_new_inode+0x2610/0x2610
[ 82.755694][ T5106] ? do_raw_spin_unlock+0x173/0x230
[ 82.760951][ T5106] ? _raw_spin_unlock+0x28/0x40
[ 82.765852][ T5106] ? d_alloc+0x1b7/0x220
[ 82.770121][ T5106] vfs_tmpfile+0x2b1/0x4d0
[ 82.774571][ T5106] path_openat+0xc96/0x29c0
[ 82.779105][ T5106] ? path_lookupat+0x770/0x770
[ 82.783904][ T5106] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 82.789915][ T5106] do_filp_open+0x1de/0x430
[ 82.794464][ T5106] ? may_open_dev+0xf0/0xf0
[ 82.799022][ T5106] ? find_held_lock+0x2d/0x110
[ 82.803846][ T5106] ? _raw_spin_unlock+0x28/0x40
[ 82.808739][ T5106] ? alloc_fd+0x2da/0x6c0
[ 82.813109][ T5106] do_sys_openat2+0x176/0x1e0
[ 82.817824][ T5106] ? build_open_flags+0x690/0x690
[ 82.822883][ T5106] ? ptrace_notify+0xf4/0x130
[ 82.827590][ T5106] ? reacquire_held_locks+0x4b0/0x4b0
[ 82.832996][ T5106] __x64_sys_open+0x154/0x1e0
[ 82.837711][ T5106] ? do_sys_open+0x160/0x160
[ 82.842337][ T5106] ? _raw_spin_unlock_irq+0x2e/0x50
[ 82.847569][ T5106] ? ptrace_notify+0xf4/0x130
[ 82.852268][ T5106] do_syscall_64+0x38/0xb0
[ 82.856706][ T5106] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 82.862641][ T5106] RIP: 0033:0x7f12a085e2a9
[ 82.867084][ T5106] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 82.886720][ T5106] RSP: 002b:00007ffd73ae0528 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[pid 5106] open("./file0", O_WRONLY|O_LARGEFILE|O_NOFOLLOW|O_TMPFILE, 000) = -1 ENOMEM (Cannot allocate memory)
[pid 5106] exit_group(0) = ?
[pid 5106] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5106, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=35 /* 0.35 s */} ---
umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555d0b6f0 /* 4 entries */, 32768) = 104
[ 82.895158][ T5106] RAX: ffffffffffffffda RBX: 00007ffd73ae0550 RCX: 00007f12a085e2a9
[ 82.903144][ T5106] RDX: 0000000000000000 RSI: 0000000000438001 RDI: 0000000020000000
[ 82.911136][ T5106] RBP: 0000000000000002 R08: 00007ffd73ae02c6 R09: 00007ffd73ae0570
[ 82.919129][ T5106] R10: 0000000000000002 R11: 0000000000000246 R12: 00007ffd73ae054c
[ 82.927117][ T5106] R13: 0000000000000004 R14: 431bde82d7b634db R15: 00007ffd73ae0590
[ 82.935113][ T5106]
umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555d13730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555d13730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./4/bus") = 0
umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./4/binderfs") = 0
getdents64(3, 0x555555d0b6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./4") = 0
mkdir("./5", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d0a650) = 5123
./strace-static-x86_64: Process 5123 attached
[pid 5123] set_robust_list(0x555555d0a660, 24) = 0
[pid 5123] chdir("./5") = 0
[pid 5123] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5123] setpgid(0, 0) = 0
[pid 5123] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5123] write(3, "1000", 4) = 4
[pid 5123] close(3) = 0
[pid 5123] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5123] memfd_create("syzkaller", 0) = 3
[pid 5123] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f129841f000
[pid 5123] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5123] munmap(0x7f129841f000, 16777216) = 0
[pid 5123] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5123] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5123] close(3) = 0
[pid 5123] mkdir("./bus", 0777) = 0
[ 83.388284][ T5123] loop0: detected capacity change from 0 to 32768
[ 83.399586][ T5123] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor790 (5123)
[ 83.416636][ T5123] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 83.425461][ T5123] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 83.436526][ T5123] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 83.447589][ T5123] BTRFS info (device loop0): force clearing of disk cache
[ 83.454976][ T5123] BTRFS info (device loop0): force zlib compression, level 3
[ 83.462397][ T5123] BTRFS info (device loop0): using free space tree
[pid 5123] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "user_subvol_rm_allowed,noinode_cache,inode_cache,clear_cache,compress-force,noacl,treelog,") = 0
[pid 5123] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5123] chdir("./bus") = 0
[pid 5123] ioctl(4, LOOP_CLR_FD) = 0
[pid 5123] close(4) = 0
[pid 5123] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5123] write(4, "19", 2) = 2
[ 83.482481][ T5123] BTRFS info (device loop0): enabling ssd optimizations
[ 83.489698][ T5123] BTRFS info (device loop0): auto enabling async discard
[ 83.498022][ T5123] BTRFS info (device loop0): rebuilding free space tree
[ 83.526434][ T5123] FAULT_INJECTION: forcing a failure.
[ 83.526434][ T5123] name failslab, interval 1, probability 0, space 0, times 0
[ 83.539609][ T5123] CPU: 0 PID: 5123 Comm: syz-executor790 Not tainted 6.5.0-rc4-syzkaller-00245-gf6a691685962 #0
[ 83.550088][ T5123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[ 83.560207][ T5123] Call Trace:
[ 83.563527][ T5123]
[ 83.566507][ T5123] dump_stack_lvl+0x125/0x1b0
[ 83.571241][ T5123] should_fail_ex+0x496/0x5b0
[ 83.576000][ T5123] should_failslab+0x9/0x20
[ 83.580558][ T5123] kmem_cache_alloc+0x61/0x400
[ 83.585393][ T5123] btrfs_create_new_inode+0x234/0x2610
[ 83.590927][ T5123] ? btrfs_link+0x790/0x790
[ 83.595500][ T5123] ? record_root_in_trans+0x2f7/0x3e0
[ 83.600952][ T5123] btrfs_tmpfile+0x2ed/0x440
[ 83.605604][ T5123] ? btrfs_create_new_inode+0x2610/0x2610
[ 83.611399][ T5123] ? do_raw_spin_unlock+0x173/0x230
[ 83.616667][ T5123] ? _raw_spin_unlock+0x28/0x40
[ 83.621567][ T5123] ? d_alloc+0x1b7/0x220
[ 83.625841][ T5123] vfs_tmpfile+0x2b1/0x4d0
[ 83.630290][ T5123] path_openat+0xc96/0x29c0
[ 83.634825][ T5123] ? path_lookupat+0x770/0x770
[ 83.639614][ T5123] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 83.645633][ T5123] do_filp_open+0x1de/0x430
[ 83.650268][ T5123] ? may_open_dev+0xf0/0xf0
[ 83.654808][ T5123] ? find_held_lock+0x2d/0x110
[ 83.659615][ T5123] ? _raw_spin_unlock+0x28/0x40
[ 83.664512][ T5123] ? alloc_fd+0x2da/0x6c0
[ 83.668889][ T5123] do_sys_openat2+0x176/0x1e0
[ 83.673614][ T5123] ? build_open_flags+0x690/0x690
[ 83.678685][ T5123] ? ptrace_notify+0xf4/0x130
[ 83.683405][ T5123] ? reacquire_held_locks+0x4b0/0x4b0
[ 83.688811][ T5123] __x64_sys_open+0x154/0x1e0
[ 83.693523][ T5123] ? do_sys_open+0x160/0x160
[ 83.698147][ T5123] ? _raw_spin_unlock_irq+0x2e/0x50
[ 83.703381][ T5123] ? ptrace_notify+0xf4/0x130
[ 83.708081][ T5123] do_syscall_64+0x38/0xb0
[ 83.712517][ T5123] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 83.718433][ T5123] RIP: 0033:0x7f12a085e2a9
[ 83.722873][ T5123] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 83.742503][ T5123] RSP: 002b:00007ffd73ae0528 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[ 83.750942][ T5123] RAX: ffffffffffffffda RBX: 00007ffd73ae0550 RCX: 00007f12a085e2a9
[ 83.758962][ T5123] RDX: 0000000000000000 RSI: 0000000000438001 RDI: 0000000020000000
[ 83.766955][ T5123] RBP: 0000000000000002 R08: 00007ffd73ae02c6 R09: 00007ffd73ae0570
[ 83.774944][ T5123] R10: 0000000000000002 R11: 0000000000000246 R12: 00007ffd73ae054c
[pid 5123] open("./file0", O_WRONLY|O_LARGEFILE|O_NOFOLLOW|O_TMPFILE, 000) = -1 ENOMEM (Cannot allocate memory)
[pid 5123] exit_group(0) = ?
[pid 5123] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5123, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=31 /* 0.31 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555d0b6f0 /* 4 entries */, 32768) = 104
[ 83.782932][ T5123] R13: 0000000000000005 R14: 431bde82d7b634db R15: 00007ffd73ae0590
[ 83.790926][ T5123]
umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555d13730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555d13730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./5/bus") = 0
umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./5/binderfs") = 0
getdents64(3, 0x555555d0b6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./5") = 0
mkdir("./6", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d0a650) = 5140
./strace-static-x86_64: Process 5140 attached
[pid 5140] set_robust_list(0x555555d0a660, 24) = 0
[pid 5140] chdir("./6") = 0
[pid 5140] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5140] setpgid(0, 0) = 0
[pid 5140] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5140] write(3, "1000", 4) = 4
[pid 5140] close(3) = 0
[pid 5140] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5140] memfd_create("syzkaller", 0) = 3
[pid 5140] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f129841f000
[pid 5140] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5140] munmap(0x7f129841f000, 16777216) = 0
[pid 5140] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5140] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5140] close(3) = 0
[pid 5140] mkdir("./bus", 0777) = 0
[ 84.209976][ T5140] loop0: detected capacity change from 0 to 32768
[ 84.221330][ T5140] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor790 (5140)
[ 84.238190][ T5140] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 84.247005][ T5140] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 84.257929][ T5140] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 84.268767][ T5140] BTRFS info (device loop0): force clearing of disk cache
[ 84.275981][ T5140] BTRFS info (device loop0): force zlib compression, level 3
[ 84.283393][ T5140] BTRFS info (device loop0): using free space tree
[ 84.303608][ T5140] BTRFS info (device loop0): enabling ssd optimizations
[pid 5140] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "user_subvol_rm_allowed,noinode_cache,inode_cache,clear_cache,compress-force,noacl,treelog,") = 0
[pid 5140] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5140] chdir("./bus") = 0
[pid 5140] ioctl(4, LOOP_CLR_FD) = 0
[pid 5140] close(4) = 0
[pid 5140] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5140] write(4, "19", 2) = 2
[ 84.310721][ T5140] BTRFS info (device loop0): auto enabling async discard
[ 84.319578][ T5140] BTRFS info (device loop0): rebuilding free space tree
[ 84.350345][ T5140] FAULT_INJECTION: forcing a failure.
[ 84.350345][ T5140] name failslab, interval 1, probability 0, space 0, times 0
[ 84.363554][ T5140] CPU: 1 PID: 5140 Comm: syz-executor790 Not tainted 6.5.0-rc4-syzkaller-00245-gf6a691685962 #0
[ 84.374048][ T5140] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[ 84.384250][ T5140] Call Trace:
[ 84.387565][ T5140]
[ 84.390532][ T5140] dump_stack_lvl+0x125/0x1b0
[ 84.395262][ T5140] should_fail_ex+0x496/0x5b0
[ 84.400001][ T5140] should_failslab+0x9/0x20
[ 84.404560][ T5140] __kmem_cache_alloc_node+0x5f/0x470
[ 84.410000][ T5140] ? spin_bug+0x1d0/0x1d0
[ 84.414403][ T5140] kmalloc_trace+0x25/0xe0
[ 84.418861][ T5140] join_transaction+0x136/0x1030
[ 84.423849][ T5140] start_transaction+0x757/0x14d0
[ 84.428900][ T5140] btrfs_tmpfile+0x2b9/0x440
[ 84.433528][ T5140] ? btrfs_create_new_inode+0x2610/0x2610
[ 84.439282][ T5140] ? do_raw_spin_unlock+0x173/0x230
[ 84.444516][ T5140] ? _raw_spin_unlock+0x28/0x40
[ 84.449490][ T5140] ? d_alloc+0x1b7/0x220
[ 84.453757][ T5140] vfs_tmpfile+0x2b1/0x4d0
[ 84.458201][ T5140] path_openat+0xc96/0x29c0
[ 84.462740][ T5140] ? path_lookupat+0x770/0x770
[ 84.467534][ T5140] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 84.473546][ T5140] do_filp_open+0x1de/0x430
[ 84.478101][ T5140] ? may_open_dev+0xf0/0xf0
[ 84.482661][ T5140] ? find_held_lock+0x2d/0x110
[ 84.487465][ T5140] ? _raw_spin_unlock+0x28/0x40
[ 84.492356][ T5140] ? alloc_fd+0x2da/0x6c0
[ 84.496730][ T5140] do_sys_openat2+0x176/0x1e0
[ 84.501451][ T5140] ? build_open_flags+0x690/0x690
[ 84.506518][ T5140] ? ptrace_notify+0xf4/0x130
[ 84.511224][ T5140] ? reacquire_held_locks+0x4b0/0x4b0
[ 84.516641][ T5140] __x64_sys_open+0x154/0x1e0
[ 84.521356][ T5140] ? do_sys_open+0x160/0x160
[ 84.525983][ T5140] ? _raw_spin_unlock_irq+0x2e/0x50
[ 84.531216][ T5140] ? ptrace_notify+0xf4/0x130
[ 84.535909][ T5140] do_syscall_64+0x38/0xb0
[ 84.540345][ T5140] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 84.546264][ T5140] RIP: 0033:0x7f12a085e2a9
[ 84.550698][ T5140] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 84.570326][ T5140] RSP: 002b:00007ffd73ae0528 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[ 84.578771][ T5140] RAX: ffffffffffffffda RBX: 00007ffd73ae0550 RCX: 00007f12a085e2a9
[ 84.586761][ T5140] RDX: 0000000000000000 RSI: 0000000000438001 RDI: 0000000020000000
[ 84.594754][ T5140] RBP: 0000000000000002 R08: 00007ffd73ae02c6 R09: 00007ffd73ae0570
[ 84.602741][ T5140] R10: 0000000000000002 R11: 0000000000000246 R12: 00007ffd73ae054c
[pid 5140] open("./file0", O_WRONLY|O_LARGEFILE|O_NOFOLLOW|O_TMPFILE, 000) = -1 ENOMEM (Cannot allocate memory)
[pid 5140] exit_group(0) = ?
[pid 5140] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5140, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=33 /* 0.33 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555d0b6f0 /* 4 entries */, 32768) = 104
[ 84.610736][ T5140] R13: 0000000000000006 R14: 431bde82d7b634db R15: 00007ffd73ae0590
[ 84.618734][ T5140]
umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555d13730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555d13730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./6/bus") = 0
umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./6/binderfs") = 0
getdents64(3, 0x555555d0b6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./6") = 0
mkdir("./7", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d0a650) = 5157
./strace-static-x86_64: Process 5157 attached
[pid 5157] set_robust_list(0x555555d0a660, 24) = 0
[pid 5157] chdir("./7") = 0
[pid 5157] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5157] setpgid(0, 0) = 0
[pid 5157] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5157] write(3, "1000", 4) = 4
[pid 5157] close(3) = 0
[pid 5157] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5157] memfd_create("syzkaller", 0) = 3
[pid 5157] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f129841f000
[pid 5157] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5157] munmap(0x7f129841f000, 16777216) = 0
[pid 5157] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5157] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5157] close(3) = 0
[pid 5157] mkdir("./bus", 0777) = 0
[ 85.031520][ T5157] loop0: detected capacity change from 0 to 32768
[ 85.042600][ T5157] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor790 (5157)
[ 85.061914][ T5157] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 85.070930][ T5157] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 85.082194][ T5157] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 85.093310][ T5157] BTRFS info (device loop0): force clearing of disk cache
[ 85.100805][ T5157] BTRFS info (device loop0): force zlib compression, level 3
[ 85.108520][ T5157] BTRFS info (device loop0): using free space tree
[pid 5157] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "user_subvol_rm_allowed,noinode_cache,inode_cache,clear_cache,compress-force,noacl,treelog,") = 0
[pid 5157] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5157] chdir("./bus") = 0
[pid 5157] ioctl(4, LOOP_CLR_FD) = 0
[pid 5157] close(4) = 0
[pid 5157] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5157] write(4, "19", 2) = 2
[ 85.128463][ T5157] BTRFS info (device loop0): enabling ssd optimizations
[ 85.135537][ T5157] BTRFS info (device loop0): auto enabling async discard
[ 85.143284][ T5157] BTRFS info (device loop0): rebuilding free space tree
[ 85.169456][ T5157] FAULT_INJECTION: forcing a failure.
[ 85.169456][ T5157] name failslab, interval 1, probability 0, space 0, times 0
[ 85.182753][ T5157] CPU: 0 PID: 5157 Comm: syz-executor790 Not tainted 6.5.0-rc4-syzkaller-00245-gf6a691685962 #0
[ 85.193232][ T5157] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[ 85.203312][ T5157] Call Trace:
[ 85.206606][ T5157]
[ 85.209550][ T5157] dump_stack_lvl+0x125/0x1b0
[ 85.214256][ T5157] should_fail_ex+0x496/0x5b0
[ 85.218969][ T5157] should_failslab+0x9/0x20
[ 85.223498][ T5157] __kmem_cache_alloc_node+0x5f/0x470
[ 85.228910][ T5157] ? spin_bug+0x1d0/0x1d0
[ 85.233272][ T5157] kmalloc_trace+0x25/0xe0
[ 85.237723][ T5157] join_transaction+0x136/0x1030
[ 85.242702][ T5157] start_transaction+0x757/0x14d0
[ 85.247751][ T5157] btrfs_tmpfile+0x2b9/0x440
[ 85.252373][ T5157] ? btrfs_create_new_inode+0x2610/0x2610
[ 85.258136][ T5157] ? do_raw_spin_unlock+0x173/0x230
[ 85.263368][ T5157] ? _raw_spin_unlock+0x28/0x40
[ 85.268263][ T5157] ? d_alloc+0x1b7/0x220
[ 85.272533][ T5157] vfs_tmpfile+0x2b1/0x4d0
[ 85.276982][ T5157] path_openat+0xc96/0x29c0
[ 85.281529][ T5157] ? path_lookupat+0x770/0x770
[ 85.286326][ T5157] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 85.292342][ T5157] do_filp_open+0x1de/0x430
[ 85.296885][ T5157] ? may_open_dev+0xf0/0xf0
[ 85.301417][ T5157] ? find_held_lock+0x2d/0x110
[ 85.306213][ T5157] ? _raw_spin_unlock+0x28/0x40
[ 85.311103][ T5157] ? alloc_fd+0x2da/0x6c0
[ 85.315473][ T5157] do_sys_openat2+0x176/0x1e0
[ 85.320189][ T5157] ? build_open_flags+0x690/0x690
[ 85.325250][ T5157] ? ptrace_notify+0xf4/0x130
[ 85.329951][ T5157] ? reacquire_held_locks+0x4b0/0x4b0
[ 85.335365][ T5157] __x64_sys_open+0x154/0x1e0
[ 85.340083][ T5157] ? do_sys_open+0x160/0x160
[ 85.344704][ T5157] ? _raw_spin_unlock_irq+0x2e/0x50
[ 85.349939][ T5157] ? ptrace_notify+0xf4/0x130
[ 85.354638][ T5157] do_syscall_64+0x38/0xb0
[ 85.359074][ T5157] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 85.364995][ T5157] RIP: 0033:0x7f12a085e2a9
[ 85.369429][ T5157] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 85.389063][ T5157] RSP: 002b:00007ffd73ae0528 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[ 85.397503][ T5157] RAX: ffffffffffffffda RBX: 00007ffd73ae0550 RCX: 00007f12a085e2a9
[ 85.405505][ T5157] RDX: 0000000000000000 RSI: 0000000000438001 RDI: 0000000020000000
[ 85.413493][ T5157] RBP: 0000000000000002 R08: 00007ffd73ae02c6 R09: 00007ffd73ae0570
[ 85.421485][ T5157] R10: 0000000000000002 R11: 0000000000000246 R12: 00007ffd73ae054c
[pid 5157] open("./file0", O_WRONLY|O_LARGEFILE|O_NOFOLLOW|O_TMPFILE, 000) = -1 ENOMEM (Cannot allocate memory)
[pid 5157] exit_group(0) = ?
[pid 5157] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5157, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=29 /* 0.29 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555d0b6f0 /* 4 entries */, 32768) = 104
[ 85.429474][ T5157] R13: 0000000000000007 R14: 431bde82d7b634db R15: 00007ffd73ae0590
[ 85.437471][ T5157]
umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555d13730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555d13730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./7/bus") = 0
umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./7/binderfs") = 0
getdents64(3, 0x555555d0b6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./7") = 0
mkdir("./8", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d0a650) = 5174
./strace-static-x86_64: Process 5174 attached
[pid 5174] set_robust_list(0x555555d0a660, 24) = 0
[pid 5174] chdir("./8") = 0
[pid 5174] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5174] setpgid(0, 0) = 0
[pid 5174] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5174] write(3, "1000", 4) = 4
[pid 5174] close(3) = 0
[pid 5174] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5174] memfd_create("syzkaller", 0) = 3
[pid 5174] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f129841f000
[pid 5174] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5174] munmap(0x7f129841f000, 16777216) = 0
[pid 5174] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5174] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5174] close(3) = 0
[pid 5174] mkdir("./bus", 0777) = 0
[ 85.875313][ T5174] loop0: detected capacity change from 0 to 32768
[ 85.886285][ T5174] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor790 (5174)
[ 85.904306][ T5174] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 85.913213][ T5174] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 85.924113][ T5174] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 85.935012][ T5174] BTRFS info (device loop0): force clearing of disk cache
[ 85.942160][ T5174] BTRFS info (device loop0): force zlib compression, level 3
[ 85.949790][ T5174] BTRFS info (device loop0): using free space tree
[ 85.966948][ T5174] BTRFS info (device loop0): enabling ssd optimizations
[pid 5174] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "user_subvol_rm_allowed,noinode_cache,inode_cache,clear_cache,compress-force,noacl,treelog,") = 0
[pid 5174] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5174] chdir("./bus") = 0
[pid 5174] ioctl(4, LOOP_CLR_FD) = 0
[pid 5174] close(4) = 0
[pid 5174] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5174] write(4, "19", 2) = 2
[ 85.973940][ T5174] BTRFS info (device loop0): auto enabling async discard
[ 85.981926][ T5174] BTRFS info (device loop0): rebuilding free space tree
[ 86.006480][ T5174] FAULT_INJECTION: forcing a failure.
[ 86.006480][ T5174] name failslab, interval 1, probability 0, space 0, times 0
[ 86.019492][ T5174] CPU: 0 PID: 5174 Comm: syz-executor790 Not tainted 6.5.0-rc4-syzkaller-00245-gf6a691685962 #0
[ 86.029956][ T5174] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[ 86.040060][ T5174] Call Trace:
[ 86.043350][ T5174]
[ 86.046303][ T5174] dump_stack_lvl+0x125/0x1b0
[ 86.051039][ T5174] should_fail_ex+0x496/0x5b0
[ 86.055785][ T5174] should_failslab+0x9/0x20
[ 86.060343][ T5174] __kmem_cache_alloc_node+0x5f/0x470
[ 86.065784][ T5174] ? spin_bug+0x1d0/0x1d0
[ 86.070177][ T5174] kmalloc_trace+0x25/0xe0
[ 86.074646][ T5174] join_transaction+0x136/0x1030
[ 86.079673][ T5174] start_transaction+0x757/0x14d0
[ 86.084759][ T5174] btrfs_tmpfile+0x2b9/0x440
[ 86.089409][ T5174] ? btrfs_create_new_inode+0x2610/0x2610
[ 86.095208][ T5174] ? do_raw_spin_unlock+0x173/0x230
[ 86.100466][ T5174] ? _raw_spin_unlock+0x28/0x40
[ 86.105379][ T5174] ? d_alloc+0x1b7/0x220
[ 86.109671][ T5174] vfs_tmpfile+0x2b1/0x4d0
[ 86.114146][ T5174] path_openat+0xc96/0x29c0
[ 86.118714][ T5174] ? path_lookupat+0x770/0x770
[ 86.123558][ T5174] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 86.129606][ T5174] do_filp_open+0x1de/0x430
[ 86.134172][ T5174] ? may_open_dev+0xf0/0xf0
[ 86.138746][ T5174] ? find_held_lock+0x2d/0x110
[ 86.143573][ T5174] ? _raw_spin_unlock+0x28/0x40
[ 86.148503][ T5174] ? alloc_fd+0x2da/0x6c0
[ 86.152905][ T5174] do_sys_openat2+0x176/0x1e0
[ 86.157650][ T5174] ? build_open_flags+0x690/0x690
[ 86.162749][ T5174] ? ptrace_notify+0xf4/0x130
[ 86.167480][ T5174] ? reacquire_held_locks+0x4b0/0x4b0
[ 86.172923][ T5174] __x64_sys_open+0x154/0x1e0
[ 86.177674][ T5174] ? do_sys_open+0x160/0x160
[ 86.182341][ T5174] ? _raw_spin_unlock_irq+0x2e/0x50
[ 86.187617][ T5174] ? ptrace_notify+0xf4/0x130
[ 86.192350][ T5174] do_syscall_64+0x38/0xb0
[ 86.196823][ T5174] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 86.202777][ T5174] RIP: 0033:0x7f12a085e2a9
[ 86.207237][ T5174] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 86.226905][ T5174] RSP: 002b:00007ffd73ae0528 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[ 86.235382][ T5174] RAX: ffffffffffffffda RBX: 00007ffd73ae0550 RCX: 00007f12a085e2a9
[ 86.243412][ T5174] RDX: 0000000000000000 RSI: 0000000000438001 RDI: 0000000020000000
[ 86.251442][ T5174] RBP: 0000000000000002 R08: 00007ffd73ae02c6 R09: 00007ffd73ae0570
[ 86.259465][ T5174] R10: 0000000000000002 R11: 0000000000000246 R12: 00007ffd73ae054c
[ 86.267488][ T5174] R13: 0000000000000008 R14: 431bde82d7b634db R15: 00007ffd73ae0590
[pid 5174] open("./file0", O_WRONLY|O_LARGEFILE|O_NOFOLLOW|O_TMPFILE, 000) = -1 ENOMEM (Cannot allocate memory)
[pid 5174] exit_group(0) = ?
[pid 5174] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5174, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=30 /* 0.30 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555d0b6f0 /* 4 entries */, 32768) = 104
[ 86.275525][ T5174]
umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555d13730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555d13730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./8/bus") = 0
umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./8/binderfs") = 0
getdents64(3, 0x555555d0b6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./8") = 0
mkdir("./9", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d0a650) = 5191
./strace-static-x86_64: Process 5191 attached
[pid 5191] set_robust_list(0x555555d0a660, 24) = 0
[pid 5191] chdir("./9") = 0
[pid 5191] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5191] setpgid(0, 0) = 0
[pid 5191] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5191] write(3, "1000", 4) = 4
[pid 5191] close(3) = 0
[pid 5191] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5191] memfd_create("syzkaller", 0) = 3
[pid 5191] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f129841f000
[pid 5191] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5191] munmap(0x7f129841f000, 16777216) = 0
[pid 5191] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5191] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5191] close(3) = 0
[pid 5191] mkdir("./bus", 0777) = 0
[ 86.671325][ T5191] loop0: detected capacity change from 0 to 32768
[ 86.682871][ T5191] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor790 (5191)
[ 86.700965][ T5191] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 86.709987][ T5191] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 86.720837][ T5191] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 86.731676][ T5191] BTRFS info (device loop0): force clearing of disk cache
[ 86.738858][ T5191] BTRFS info (device loop0): force zlib compression, level 3
[ 86.746511][ T5191] BTRFS info (device loop0): using free space tree
[pid 5191] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "user_subvol_rm_allowed,noinode_cache,inode_cache,clear_cache,compress-force,noacl,treelog,") = 0
[pid 5191] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5191] chdir("./bus") = 0
[pid 5191] ioctl(4, LOOP_CLR_FD) = 0
[pid 5191] close(4) = 0
[pid 5191] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5191] write(4, "19", 2) = 2
[ 86.770183][ T5191] BTRFS info (device loop0): enabling ssd optimizations
[ 86.777415][ T5191] BTRFS info (device loop0): auto enabling async discard
[ 86.785552][ T5191] BTRFS info (device loop0): rebuilding free space tree
[ 86.820204][ T5191] FAULT_INJECTION: forcing a failure.
[ 86.820204][ T5191] name failslab, interval 1, probability 0, space 0, times 0
[ 86.833790][ T5191] CPU: 0 PID: 5191 Comm: syz-executor790 Not tainted 6.5.0-rc4-syzkaller-00245-gf6a691685962 #0
[ 86.844273][ T5191] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[ 86.854377][ T5191] Call Trace:
[ 86.857686][ T5191]
[ 86.860646][ T5191] dump_stack_lvl+0x125/0x1b0
[ 86.865394][ T5191] should_fail_ex+0x496/0x5b0
[ 86.870151][ T5191] should_failslab+0x9/0x20
[ 86.874709][ T5191] kmem_cache_alloc+0x61/0x400
[ 86.879548][ T5191] btrfs_create_new_inode+0x234/0x2610
[ 86.885078][ T5191] ? btrfs_link+0x790/0x790
[ 86.889637][ T5191] ? record_root_in_trans+0x2f7/0x3e0
[ 86.895082][ T5191] btrfs_tmpfile+0x2ed/0x440
[ 86.899724][ T5191] ? btrfs_create_new_inode+0x2610/0x2610
[ 86.905499][ T5191] ? do_raw_spin_unlock+0x173/0x230
[ 86.910757][ T5191] ? _raw_spin_unlock+0x28/0x40
[ 86.915669][ T5191] ? d_alloc+0x1b7/0x220
[ 86.919981][ T5191] vfs_tmpfile+0x2b1/0x4d0
[ 86.924452][ T5191] path_openat+0xc96/0x29c0
[ 86.929009][ T5191] ? path_lookupat+0x770/0x770
[ 86.933820][ T5191] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 86.939859][ T5191] do_filp_open+0x1de/0x430
[ 86.944424][ T5191] ? may_open_dev+0xf0/0xf0
[ 86.948985][ T5191] ? find_held_lock+0x2d/0x110
[ 86.953805][ T5191] ? _raw_spin_unlock+0x28/0x40
[ 86.958723][ T5191] ? alloc_fd+0x2da/0x6c0
[ 86.963123][ T5191] do_sys_openat2+0x176/0x1e0
[ 86.967864][ T5191] ? build_open_flags+0x690/0x690
[ 86.972958][ T5191] ? ptrace_notify+0xf4/0x130
[ 86.977679][ T5191] ? reacquire_held_locks+0x4b0/0x4b0
[ 86.983122][ T5191] __x64_sys_open+0x154/0x1e0
[ 86.987866][ T5191] ? do_sys_open+0x160/0x160
[ 86.992516][ T5191] ? _raw_spin_unlock_irq+0x2e/0x50
[ 86.997781][ T5191] ? ptrace_notify+0xf4/0x130
[ 87.002508][ T5191] do_syscall_64+0x38/0xb0
[ 87.006973][ T5191] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 87.012914][ T5191] RIP: 0033:0x7f12a085e2a9
[ 87.017368][ T5191] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 87.037037][ T5191] RSP: 002b:00007ffd73ae0528 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[ 87.045507][ T5191] RAX: ffffffffffffffda RBX: 00007ffd73ae0550 RCX: 00007f12a085e2a9
[ 87.053518][ T5191] RDX: 0000000000000000 RSI: 0000000000438001 RDI: 0000000020000000
[ 87.061553][ T5191] RBP: 0000000000000002 R08: 00007ffd73ae02c6 R09: 00007ffd73ae0570
[pid 5191] open("./file0", O_WRONLY|O_LARGEFILE|O_NOFOLLOW|O_TMPFILE, 000) = -1 ENOMEM (Cannot allocate memory)
[pid 5191] exit_group(0) = ?
[pid 5191] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5191, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=28 /* 0.28 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555d0b6f0 /* 4 entries */, 32768) = 104
[ 87.069575][ T5191] R10: 0000000000000002 R11: 0000000000000246 R12: 00007ffd73ae054c
[ 87.077595][ T5191] R13: 0000000000000009 R14: 431bde82d7b634db R15: 00007ffd73ae0590
[ 87.085619][ T5191]
umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555d13730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555d13730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./9/bus") = 0
umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./9/binderfs") = 0
getdents64(3, 0x555555d0b6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./9") = 0
mkdir("./10", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d0a650) = 5209
./strace-static-x86_64: Process 5209 attached
[pid 5209] set_robust_list(0x555555d0a660, 24) = 0
[pid 5209] chdir("./10") = 0
[pid 5209] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5209] setpgid(0, 0) = 0
[pid 5209] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5209] write(3, "1000", 4) = 4
[pid 5209] close(3) = 0
[pid 5209] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5209] memfd_create("syzkaller", 0) = 3
[pid 5209] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f129841f000
[pid 5209] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5209] munmap(0x7f129841f000, 16777216) = 0
[pid 5209] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5209] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5209] close(3) = 0
[pid 5209] mkdir("./bus", 0777) = 0
[ 87.641206][ T5209] loop0: detected capacity change from 0 to 32768
[ 87.650762][ T5209] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor790 (5209)
[ 87.668721][ T5209] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 87.677909][ T5209] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 87.688858][ T5209] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 87.699723][ T5209] BTRFS info (device loop0): force clearing of disk cache
[ 87.706940][ T5209] BTRFS info (device loop0): force zlib compression, level 3
[ 87.714368][ T5209] BTRFS info (device loop0): using free space tree
[ 87.733983][ T5209] BTRFS info (device loop0): enabling ssd optimizations
[pid 5209] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "user_subvol_rm_allowed,noinode_cache,inode_cache,clear_cache,compress-force,noacl,treelog,") = 0
[pid 5209] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5209] chdir("./bus") = 0
[pid 5209] ioctl(4, LOOP_CLR_FD) = 0
[pid 5209] close(4) = 0
[pid 5209] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5209] write(4, "19", 2) = 2
[ 87.741217][ T5209] BTRFS info (device loop0): auto enabling async discard
[ 87.749429][ T5209] BTRFS info (device loop0): rebuilding free space tree
[ 87.778235][ T5209] FAULT_INJECTION: forcing a failure.
[ 87.778235][ T5209] name failslab, interval 1, probability 0, space 0, times 0
[ 87.795418][ T5209] CPU: 1 PID: 5209 Comm: syz-executor790 Not tainted 6.5.0-rc4-syzkaller-00245-gf6a691685962 #0
[ 87.805921][ T5209] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[ 87.816022][ T5209] Call Trace:
[ 87.819337][ T5209]
[ 87.822303][ T5209] dump_stack_lvl+0x125/0x1b0
[ 87.827036][ T5209] should_fail_ex+0x496/0x5b0
[ 87.831785][ T5209] should_failslab+0x9/0x20
[ 87.836342][ T5209] kmem_cache_alloc+0x61/0x400
[ 87.841171][ T5209] btrfs_create_new_inode+0x234/0x2610
[ 87.846690][ T5209] ? btrfs_link+0x790/0x790
[ 87.851250][ T5209] ? record_root_in_trans+0x2f7/0x3e0
[ 87.856697][ T5209] btrfs_tmpfile+0x2ed/0x440
[ 87.861345][ T5209] ? btrfs_create_new_inode+0x2610/0x2610
[ 87.867124][ T5209] ? do_raw_spin_unlock+0x173/0x230
[ 87.872379][ T5209] ? _raw_spin_unlock+0x28/0x40
[ 87.877383][ T5209] ? d_alloc+0x1b7/0x220
[ 87.881678][ T5209] vfs_tmpfile+0x2b1/0x4d0
[ 87.886147][ T5209] path_openat+0xc96/0x29c0
[ 87.890733][ T5209] ? path_lookupat+0x770/0x770
[ 87.895550][ T5209] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 87.901602][ T5209] do_filp_open+0x1de/0x430
[ 87.906167][ T5209] ? may_open_dev+0xf0/0xf0
[ 87.910726][ T5209] ? find_held_lock+0x2d/0x110
[ 87.915548][ T5209] ? _raw_spin_unlock+0x28/0x40
[ 87.920486][ T5209] ? alloc_fd+0x2da/0x6c0
[ 87.924872][ T5209] do_sys_openat2+0x176/0x1e0
[ 87.929608][ T5209] ? build_open_flags+0x690/0x690
[ 87.934696][ T5209] ? ptrace_notify+0xf4/0x130
[ 87.939413][ T5209] ? reacquire_held_locks+0x4b0/0x4b0
[ 87.944884][ T5209] __x64_sys_open+0x154/0x1e0
[ 87.949622][ T5209] ? do_sys_open+0x160/0x160
[ 87.954276][ T5209] ? _raw_spin_unlock_irq+0x2e/0x50
[ 87.959550][ T5209] ? ptrace_notify+0xf4/0x130
[ 87.964273][ T5209] do_syscall_64+0x38/0xb0
[ 87.968738][ T5209] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 87.974689][ T5209] RIP: 0033:0x7f12a085e2a9
[ 87.979141][ T5209] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 87.998769][ T5209] RSP: 002b:00007ffd73ae0528 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[ 88.007201][ T5209] RAX: ffffffffffffffda RBX: 00007ffd73ae0550 RCX: 00007f12a085e2a9
[ 88.015204][ T5209] RDX: 0000000000000000 RSI: 0000000000438001 RDI: 0000000020000000
[ 88.023180][ T5209] RBP: 0000000000000002 R08: 00007ffd73ae02c6 R09: 00007ffd73ae0570
[ 88.031156][ T5209] R10: 0000000000000002 R11: 0000000000000246 R12: 00007ffd73ae054c
[pid 5209] open("./file0", O_WRONLY|O_LARGEFILE|O_NOFOLLOW|O_TMPFILE, 000) = -1 ENOMEM (Cannot allocate memory)
[pid 5209] exit_group(0) = ?
[pid 5209] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5209, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=30 /* 0.30 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555d0b6f0 /* 4 entries */, 32768) = 104
[ 88.039132][ T5209] R13: 000000000000000a R14: 431bde82d7b634db R15: 00007ffd73ae0590
[ 88.047139][ T5209]
umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555d13730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555d13730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./10/bus") = 0
umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./10/binderfs") = 0
getdents64(3, 0x555555d0b6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./10") = 0
mkdir("./11", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5226 attached
[pid 5226] set_robust_list(0x555555d0a660, 24) = 0
[pid 5226] chdir("./11") = 0
[pid 5226] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5226] setpgid(0, 0) = 0
[pid 5226] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5016] <... clone resumed>, child_tidptr=0x555555d0a650) = 5226
[pid 5226] write(3, "1000", 4) = 4
[pid 5226] close(3) = 0
[pid 5226] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5226] memfd_create("syzkaller", 0) = 3
[pid 5226] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f129841f000
[pid 5226] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5226] munmap(0x7f129841f000, 16777216) = 0
[pid 5226] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5226] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5226] close(3) = 0
[pid 5226] mkdir("./bus", 0777) = 0
[ 88.442027][ T5226] loop0: detected capacity change from 0 to 32768
[ 88.453422][ T5226] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor790 (5226)
[ 88.470463][ T5226] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 88.479292][ T5226] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 88.490438][ T5226] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 88.501522][ T5226] BTRFS info (device loop0): force clearing of disk cache
[ 88.508952][ T5226] BTRFS info (device loop0): force zlib compression, level 3
[ 88.516602][ T5226] BTRFS info (device loop0): using free space tree
[ 88.534339][ T5226] BTRFS info (device loop0): enabling ssd optimizations
[pid 5226] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "user_subvol_rm_allowed,noinode_cache,inode_cache,clear_cache,compress-force,noacl,treelog,") = 0
[pid 5226] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5226] chdir("./bus") = 0
[pid 5226] ioctl(4, LOOP_CLR_FD) = 0
[pid 5226] close(4) = 0
[pid 5226] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5226] write(4, "19", 2) = 2
[ 88.541453][ T5226] BTRFS info (device loop0): auto enabling async discard
[ 88.549431][ T5226] BTRFS info (device loop0): rebuilding free space tree
[ 88.576423][ T5226] FAULT_INJECTION: forcing a failure.
[ 88.576423][ T5226] name failslab, interval 1, probability 0, space 0, times 0
[ 88.589350][ T5226] CPU: 0 PID: 5226 Comm: syz-executor790 Not tainted 6.5.0-rc4-syzkaller-00245-gf6a691685962 #0
[ 88.599843][ T5226] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[ 88.609937][ T5226] Call Trace:
[ 88.613253][ T5226]
[ 88.616221][ T5226] dump_stack_lvl+0x125/0x1b0
[ 88.620956][ T5226] should_fail_ex+0x496/0x5b0
[ 88.625700][ T5226] should_failslab+0x9/0x20
[ 88.630258][ T5226] __kmem_cache_alloc_node+0x5f/0x470
[ 88.635692][ T5226] ? spin_bug+0x1d0/0x1d0
[ 88.640073][ T5226] kmalloc_trace+0x25/0xe0
[ 88.644522][ T5226] join_transaction+0x136/0x1030
[ 88.649539][ T5226] start_transaction+0x757/0x14d0
[ 88.654599][ T5226] btrfs_tmpfile+0x2b9/0x440
[ 88.659226][ T5226] ? btrfs_create_new_inode+0x2610/0x2610
[ 88.664985][ T5226] ? do_raw_spin_unlock+0x173/0x230
[ 88.670221][ T5226] ? _raw_spin_unlock+0x28/0x40
[ 88.675115][ T5226] ? d_alloc+0x1b7/0x220
[ 88.679380][ T5226] vfs_tmpfile+0x2b1/0x4d0
[ 88.683839][ T5226] path_openat+0xc96/0x29c0
[ 88.688371][ T5226] ? path_lookupat+0x770/0x770
[ 88.693168][ T5226] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 88.699185][ T5226] do_filp_open+0x1de/0x430
[ 88.703736][ T5226] ? may_open_dev+0xf0/0xf0
[ 88.708302][ T5226] ? find_held_lock+0x2d/0x110
[ 88.713111][ T5226] ? _raw_spin_unlock+0x28/0x40
[ 88.718011][ T5226] ? alloc_fd+0x2da/0x6c0
[ 88.722396][ T5226] do_sys_openat2+0x176/0x1e0
[ 88.727121][ T5226] ? build_open_flags+0x690/0x690
[ 88.732206][ T5226] ? ptrace_notify+0xf4/0x130
[ 88.736912][ T5226] ? reacquire_held_locks+0x4b0/0x4b0
[ 88.742354][ T5226] __x64_sys_open+0x154/0x1e0
[ 88.747072][ T5226] ? do_sys_open+0x160/0x160
[ 88.751701][ T5226] ? _raw_spin_unlock_irq+0x2e/0x50
[ 88.756937][ T5226] ? ptrace_notify+0xf4/0x130
[ 88.761637][ T5226] do_syscall_64+0x38/0xb0
[ 88.766076][ T5226] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 88.772013][ T5226] RIP: 0033:0x7f12a085e2a9
[ 88.776468][ T5226] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 88.796109][ T5226] RSP: 002b:00007ffd73ae0528 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[ 88.804552][ T5226] RAX: ffffffffffffffda RBX: 00007ffd73ae0550 RCX: 00007f12a085e2a9
[ 88.812543][ T5226] RDX: 0000000000000000 RSI: 0000000000438001 RDI: 0000000020000000
[ 88.820626][ T5226] RBP: 0000000000000002 R08: 00007ffd73ae02c6 R09: 00007ffd73ae0570
[ 88.828620][ T5226] R10: 0000000000000002 R11: 0000000000000246 R12: 00007ffd73ae054c
[pid 5226] open("./file0", O_WRONLY|O_LARGEFILE|O_NOFOLLOW|O_TMPFILE, 000) = -1 ENOMEM (Cannot allocate memory)
[pid 5226] exit_group(0) = ?
[pid 5226] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5226, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=25 /* 0.25 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555d0b6f0 /* 4 entries */, 32768) = 104
[ 88.836637][ T5226] R13: 000000000000000b R14: 431bde82d7b634db R15: 00007ffd73ae0590
[ 88.844633][ T5226]
umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555d13730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555d13730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./11/bus") = 0
umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./11/binderfs") = 0
getdents64(3, 0x555555d0b6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./11") = 0
mkdir("./12", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d0a650) = 5243
./strace-static-x86_64: Process 5243 attached
[pid 5243] set_robust_list(0x555555d0a660, 24) = 0
[pid 5243] chdir("./12") = 0
[pid 5243] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5243] setpgid(0, 0) = 0
[pid 5243] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5243] write(3, "1000", 4) = 4
[pid 5243] close(3) = 0
[pid 5243] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5243] memfd_create("syzkaller", 0) = 3
[pid 5243] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f129841f000
[pid 5243] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5243] munmap(0x7f129841f000, 16777216) = 0
[pid 5243] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5243] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5243] close(3) = 0
[pid 5243] mkdir("./bus", 0777) = 0
[ 89.281746][ T5243] loop0: detected capacity change from 0 to 32768
[ 89.291838][ T5243] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor790 (5243)
[ 89.308679][ T5243] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 89.317691][ T5243] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 89.328544][ T5243] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 89.339392][ T5243] BTRFS info (device loop0): force clearing of disk cache
[ 89.346606][ T5243] BTRFS info (device loop0): force zlib compression, level 3
[ 89.354035][ T5243] BTRFS info (device loop0): using free space tree
[ 89.373536][ T5243] BTRFS info (device loop0): enabling ssd optimizations
[pid 5243] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "user_subvol_rm_allowed,noinode_cache,inode_cache,clear_cache,compress-force,noacl,treelog,") = 0
[pid 5243] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5243] chdir("./bus") = 0
[pid 5243] ioctl(4, LOOP_CLR_FD) = 0
[pid 5243] close(4) = 0
[pid 5243] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5243] write(4, "19", 2) = 2
[ 89.380754][ T5243] BTRFS info (device loop0): auto enabling async discard
[ 89.388755][ T5243] BTRFS info (device loop0): rebuilding free space tree
[ 89.416458][ T5243] FAULT_INJECTION: forcing a failure.
[ 89.416458][ T5243] name failslab, interval 1, probability 0, space 0, times 0
[ 89.434637][ T5243] CPU: 1 PID: 5243 Comm: syz-executor790 Not tainted 6.5.0-rc4-syzkaller-00245-gf6a691685962 #0
[ 89.445149][ T5243] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[ 89.455253][ T5243] Call Trace:
[ 89.458570][ T5243]
[ 89.461535][ T5243] dump_stack_lvl+0x125/0x1b0
[ 89.466261][ T5243] should_fail_ex+0x496/0x5b0
[ 89.471000][ T5243] should_failslab+0x9/0x20
[ 89.475614][ T5243] __kmem_cache_alloc_node+0x5f/0x470
[ 89.481062][ T5243] ? spin_bug+0x1d0/0x1d0
[ 89.485465][ T5243] kmalloc_trace+0x25/0xe0
[ 89.489942][ T5243] join_transaction+0x136/0x1030
[ 89.494954][ T5243] start_transaction+0x757/0x14d0
[ 89.500033][ T5243] btrfs_tmpfile+0x2b9/0x440
[ 89.504691][ T5243] ? btrfs_create_new_inode+0x2610/0x2610
[ 89.510476][ T5243] ? do_raw_spin_unlock+0x173/0x230
[ 89.515737][ T5243] ? _raw_spin_unlock+0x28/0x40
[ 89.520652][ T5243] ? d_alloc+0x1b7/0x220
[ 89.524949][ T5243] vfs_tmpfile+0x2b1/0x4d0
[ 89.529425][ T5243] path_openat+0xc96/0x29c0
[ 89.533988][ T5243] ? path_lookupat+0x770/0x770
[ 89.538811][ T5243] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 89.544858][ T5243] do_filp_open+0x1de/0x430
[ 89.549419][ T5243] ? may_open_dev+0xf0/0xf0
[ 89.553981][ T5243] ? find_held_lock+0x2d/0x110
[ 89.558802][ T5243] ? _raw_spin_unlock+0x28/0x40
[ 89.563718][ T5243] ? alloc_fd+0x2da/0x6c0
[ 89.568117][ T5243] do_sys_openat2+0x176/0x1e0
[ 89.572859][ T5243] ? build_open_flags+0x690/0x690
[ 89.577950][ T5243] ? ptrace_notify+0xf4/0x130
[ 89.582670][ T5243] ? reacquire_held_locks+0x4b0/0x4b0
[ 89.588121][ T5243] __x64_sys_open+0x154/0x1e0
[ 89.592877][ T5243] ? do_sys_open+0x160/0x160
[ 89.597530][ T5243] ? _raw_spin_unlock_irq+0x2e/0x50
[ 89.602801][ T5243] ? ptrace_notify+0xf4/0x130
[ 89.607531][ T5243] do_syscall_64+0x38/0xb0
[ 89.611996][ T5243] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 89.617945][ T5243] RIP: 0033:0x7f12a085e2a9
[ 89.622399][ T5243] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 89.642095][ T5243] RSP: 002b:00007ffd73ae0528 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[ 89.650532][ T5243] RAX: ffffffffffffffda RBX: 00007ffd73ae0550 RCX: 00007f12a085e2a9
[ 89.658516][ T5243] RDX: 0000000000000000 RSI: 0000000000438001 RDI: 0000000020000000
[ 89.666506][ T5243] RBP: 0000000000000002 R08: 00007ffd73ae02c6 R09: 00007ffd73ae0570
[ 89.674507][ T5243] R10: 0000000000000002 R11: 0000000000000246 R12: 00007ffd73ae054c
[pid 5243] open("./file0", O_WRONLY|O_LARGEFILE|O_NOFOLLOW|O_TMPFILE, 000) = -1 ENOMEM (Cannot allocate memory)
[pid 5243] exit_group(0) = ?
[pid 5243] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5243, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=29 /* 0.29 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555d0b6f0 /* 4 entries */, 32768) = 104
[ 89.682510][ T5243] R13: 000000000000000c R14: 431bde82d7b634db R15: 00007ffd73ae0590
[ 89.690502][ T5243]
umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555d13730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555d13730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./12/bus") = 0
umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./12/binderfs") = 0
getdents64(3, 0x555555d0b6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./12") = 0
mkdir("./13", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d0a650) = 5260
./strace-static-x86_64: Process 5260 attached
[pid 5260] set_robust_list(0x555555d0a660, 24) = 0
[pid 5260] chdir("./13") = 0
[pid 5260] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5260] setpgid(0, 0) = 0
[pid 5260] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5260] write(3, "1000", 4) = 4
[pid 5260] close(3) = 0
[pid 5260] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5260] memfd_create("syzkaller", 0) = 3
[pid 5260] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f129841f000
[pid 5260] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5260] munmap(0x7f129841f000, 16777216) = 0
[pid 5260] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5260] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5260] close(3) = 0
[pid 5260] mkdir("./bus", 0777) = 0
[ 90.088570][ T5260] loop0: detected capacity change from 0 to 32768
[ 90.099472][ T5260] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor790 (5260)
[ 90.117115][ T5260] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 90.125956][ T5260] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 90.136785][ T5260] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 90.147632][ T5260] BTRFS info (device loop0): force clearing of disk cache
[ 90.154824][ T5260] BTRFS info (device loop0): force zlib compression, level 3
[ 90.162235][ T5260] BTRFS info (device loop0): using free space tree
[ 90.180185][ T5260] BTRFS info (device loop0): enabling ssd optimizations
[pid 5260] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "user_subvol_rm_allowed,noinode_cache,inode_cache,clear_cache,compress-force,noacl,treelog,") = 0
[pid 5260] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5260] chdir("./bus") = 0
[pid 5260] ioctl(4, LOOP_CLR_FD) = 0
[pid 5260] close(4) = 0
[pid 5260] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5260] write(4, "19", 2) = 2
[ 90.187357][ T5260] BTRFS info (device loop0): auto enabling async discard
[ 90.195466][ T5260] BTRFS info (device loop0): rebuilding free space tree
[ 90.229126][ T5260] FAULT_INJECTION: forcing a failure.
[ 90.229126][ T5260] name failslab, interval 1, probability 0, space 0, times 0
[ 90.242096][ T5260] CPU: 1 PID: 5260 Comm: syz-executor790 Not tainted 6.5.0-rc4-syzkaller-00245-gf6a691685962 #0
[ 90.252565][ T5260] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[ 90.262655][ T5260] Call Trace:
[ 90.265940][ T5260]
[ 90.268878][ T5260] dump_stack_lvl+0x125/0x1b0
[ 90.273585][ T5260] should_fail_ex+0x496/0x5b0
[ 90.278327][ T5260] should_failslab+0x9/0x20
[ 90.282877][ T5260] kmem_cache_alloc+0x61/0x400
[ 90.287675][ T5260] btrfs_create_new_inode+0x234/0x2610
[ 90.293173][ T5260] ? btrfs_link+0x790/0x790
[ 90.297725][ T5260] ? record_root_in_trans+0x2f7/0x3e0
[ 90.303158][ T5260] btrfs_tmpfile+0x2ed/0x440
[ 90.307778][ T5260] ? btrfs_create_new_inode+0x2610/0x2610
[ 90.313553][ T5260] ? do_raw_spin_unlock+0x173/0x230
[ 90.318802][ T5260] ? _raw_spin_unlock+0x28/0x40
[ 90.323692][ T5260] ? d_alloc+0x1b7/0x220
[ 90.328067][ T5260] vfs_tmpfile+0x2b1/0x4d0
[ 90.332542][ T5260] path_openat+0xc96/0x29c0
[ 90.337103][ T5260] ? path_lookupat+0x770/0x770
[ 90.341889][ T5260] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 90.347894][ T5260] do_filp_open+0x1de/0x430
[ 90.352444][ T5260] ? may_open_dev+0xf0/0xf0
[ 90.357014][ T5260] ? find_held_lock+0x2d/0x110
[ 90.361847][ T5260] ? _raw_spin_unlock+0x28/0x40
[ 90.366749][ T5260] ? alloc_fd+0x2da/0x6c0
[ 90.371147][ T5260] do_sys_openat2+0x176/0x1e0
[ 90.375887][ T5260] ? build_open_flags+0x690/0x690
[ 90.380939][ T5260] ? ptrace_notify+0xf4/0x130
[ 90.385647][ T5260] ? reacquire_held_locks+0x4b0/0x4b0
[ 90.391084][ T5260] __x64_sys_open+0x154/0x1e0
[ 90.395797][ T5260] ? do_sys_open+0x160/0x160
[ 90.400454][ T5260] ? _raw_spin_unlock_irq+0x2e/0x50
[ 90.405703][ T5260] ? ptrace_notify+0xf4/0x130
[ 90.410403][ T5260] do_syscall_64+0x38/0xb0
[ 90.414865][ T5260] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 90.420807][ T5260] RIP: 0033:0x7f12a085e2a9
[ 90.425262][ T5260] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 90.444941][ T5260] RSP: 002b:00007ffd73ae0528 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[ 90.453415][ T5260] RAX: ffffffffffffffda RBX: 00007ffd73ae0550 RCX: 00007f12a085e2a9
[ 90.461438][ T5260] RDX: 0000000000000000 RSI: 0000000000438001 RDI: 0000000020000000
[ 90.469462][ T5260] RBP: 0000000000000002 R08: 00007ffd73ae02c6 R09: 00007ffd73ae0570
[pid 5260] open("./file0", O_WRONLY|O_LARGEFILE|O_NOFOLLOW|O_TMPFILE, 000) = -1 ENOMEM (Cannot allocate memory)
[pid 5260] exit_group(0) = ?
[pid 5260] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5260, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=32 /* 0.32 s */} ---
umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555d0b6f0 /* 4 entries */, 32768) = 104
[ 90.477487][ T5260] R10: 0000000000000002 R11: 0000000000000246 R12: 00007ffd73ae054c
[ 90.485504][ T5260] R13: 000000000000000d R14: 431bde82d7b634db R15: 00007ffd73ae0590
[ 90.493530][ T5260]
umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555d13730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555d13730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./13/bus") = 0
umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./13/binderfs") = 0
getdents64(3, 0x555555d0b6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./13") = 0
mkdir("./14", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d0a650) = 5277
./strace-static-x86_64: Process 5277 attached
[pid 5277] set_robust_list(0x555555d0a660, 24) = 0
[pid 5277] chdir("./14") = 0
[pid 5277] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5277] setpgid(0, 0) = 0
[pid 5277] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5277] write(3, "1000", 4) = 4
[pid 5277] close(3) = 0
[pid 5277] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5277] memfd_create("syzkaller", 0) = 3
[pid 5277] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f129841f000
[pid 5277] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5277] munmap(0x7f129841f000, 16777216) = 0
[pid 5277] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5277] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5277] close(3) = 0
[pid 5277] mkdir("./bus", 0777) = 0
[ 90.893879][ T5277] loop0: detected capacity change from 0 to 32768
[ 90.905574][ T5277] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor790 (5277)
[ 90.920566][ T5277] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 90.929400][ T5277] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 90.940363][ T5277] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 90.951516][ T5277] BTRFS info (device loop0): force clearing of disk cache
[ 90.958738][ T5277] BTRFS info (device loop0): force zlib compression, level 3
[ 90.966212][ T5277] BTRFS info (device loop0): using free space tree
[ 90.985981][ T5277] BTRFS info (device loop0): enabling ssd optimizations
[pid 5277] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "user_subvol_rm_allowed,noinode_cache,inode_cache,clear_cache,compress-force,noacl,treelog,") = 0
[pid 5277] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5277] chdir("./bus") = 0
[pid 5277] ioctl(4, LOOP_CLR_FD) = 0
[pid 5277] close(4) = 0
[pid 5277] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5277] write(4, "19", 2) = 2
[ 90.993096][ T5277] BTRFS info (device loop0): auto enabling async discard
[ 91.001173][ T5277] BTRFS info (device loop0): rebuilding free space tree
[ 91.028048][ T5277] FAULT_INJECTION: forcing a failure.
[ 91.028048][ T5277] name failslab, interval 1, probability 0, space 0, times 0
[ 91.041102][ T5277] CPU: 1 PID: 5277 Comm: syz-executor790 Not tainted 6.5.0-rc4-syzkaller-00245-gf6a691685962 #0
[ 91.051592][ T5277] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[ 91.061662][ T5277] Call Trace:
[ 91.064948][ T5277]
[ 91.067887][ T5277] dump_stack_lvl+0x125/0x1b0
[ 91.072591][ T5277] should_fail_ex+0x496/0x5b0
[ 91.077326][ T5277] should_failslab+0x9/0x20
[ 91.081864][ T5277] __kmem_cache_alloc_node+0x5f/0x470
[ 91.087263][ T5277] ? spin_bug+0x1d0/0x1d0
[ 91.091615][ T5277] kmalloc_trace+0x25/0xe0
[ 91.096057][ T5277] join_transaction+0x136/0x1030
[ 91.101068][ T5277] start_transaction+0x757/0x14d0
[ 91.106144][ T5277] btrfs_tmpfile+0x2b9/0x440
[ 91.110794][ T5277] ? btrfs_create_new_inode+0x2610/0x2610
[ 91.116578][ T5277] ? do_raw_spin_unlock+0x173/0x230
[ 91.121865][ T5277] ? _raw_spin_unlock+0x28/0x40
[ 91.126738][ T5277] ? d_alloc+0x1b7/0x220
[ 91.131014][ T5277] vfs_tmpfile+0x2b1/0x4d0
[ 91.135452][ T5277] path_openat+0xc96/0x29c0
[ 91.139982][ T5277] ? path_lookupat+0x770/0x770
[ 91.144778][ T5277] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 91.150814][ T5277] do_filp_open+0x1de/0x430
[ 91.155382][ T5277] ? may_open_dev+0xf0/0xf0
[ 91.159954][ T5277] ? find_held_lock+0x2d/0x110
[ 91.164776][ T5277] ? _raw_spin_unlock+0x28/0x40
[ 91.169691][ T5277] ? alloc_fd+0x2da/0x6c0
[ 91.174090][ T5277] do_sys_openat2+0x176/0x1e0
[ 91.178828][ T5277] ? build_open_flags+0x690/0x690
[ 91.183918][ T5277] ? ptrace_notify+0xf4/0x130
[ 91.188643][ T5277] ? reacquire_held_locks+0x4b0/0x4b0
[ 91.194076][ T5277] __x64_sys_open+0x154/0x1e0
[ 91.198821][ T5277] ? do_sys_open+0x160/0x160
[ 91.203472][ T5277] ? _raw_spin_unlock_irq+0x2e/0x50
[ 91.208737][ T5277] ? ptrace_notify+0xf4/0x130
[ 91.213476][ T5277] do_syscall_64+0x38/0xb0
[ 91.218029][ T5277] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 91.223969][ T5277] RIP: 0033:0x7f12a085e2a9
[ 91.228428][ T5277] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 91.248085][ T5277] RSP: 002b:00007ffd73ae0528 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[ 91.256551][ T5277] RAX: ffffffffffffffda RBX: 00007ffd73ae0550 RCX: 00007f12a085e2a9
[ 91.264575][ T5277] RDX: 0000000000000000 RSI: 0000000000438001 RDI: 0000000020000000
[ 91.272593][ T5277] RBP: 0000000000000002 R08: 00007ffd73ae02c6 R09: 00007ffd73ae0570
[ 91.280616][ T5277] R10: 0000000000000002 R11: 0000000000000246 R12: 00007ffd73ae054c
[pid 5277] open("./file0", O_WRONLY|O_LARGEFILE|O_NOFOLLOW|O_TMPFILE, 000) = -1 ENOMEM (Cannot allocate memory)
[pid 5277] exit_group(0) = ?
[pid 5277] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5277, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=30 /* 0.30 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555d0b6f0 /* 4 entries */, 32768) = 104
[ 91.288638][ T5277] R13: 000000000000000e R14: 431bde82d7b634db R15: 00007ffd73ae0590
[ 91.296664][ T5277]
umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555d13730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555d13730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./14/bus") = 0
umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./14/binderfs") = 0
getdents64(3, 0x555555d0b6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./14") = 0
mkdir("./15", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d0a650) = 5294
./strace-static-x86_64: Process 5294 attached
[pid 5294] set_robust_list(0x555555d0a660, 24) = 0
[pid 5294] chdir("./15") = 0
[pid 5294] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5294] setpgid(0, 0) = 0
[pid 5294] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5294] write(3, "1000", 4) = 4
[pid 5294] close(3) = 0
[pid 5294] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5294] memfd_create("syzkaller", 0) = 3
[pid 5294] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f129841f000
[pid 5294] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5294] munmap(0x7f129841f000, 16777216) = 0
[pid 5294] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5294] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5294] close(3) = 0
[pid 5294] mkdir("./bus", 0777) = 0
[ 91.725588][ T5294] loop0: detected capacity change from 0 to 32768
[ 91.735575][ T5294] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor790 (5294)
[ 91.752468][ T5294] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 91.761591][ T5294] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 91.772764][ T5294] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 91.783893][ T5294] BTRFS info (device loop0): force clearing of disk cache
[ 91.791350][ T5294] BTRFS info (device loop0): force zlib compression, level 3
[ 91.799085][ T5294] BTRFS info (device loop0): using free space tree
[ 91.818649][ T5294] BTRFS info (device loop0): enabling ssd optimizations
[pid 5294] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "user_subvol_rm_allowed,noinode_cache,inode_cache,clear_cache,compress-force,noacl,treelog,") = 0
[pid 5294] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5294] chdir("./bus") = 0
[pid 5294] ioctl(4, LOOP_CLR_FD) = 0
[pid 5294] close(4) = 0
[pid 5294] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5294] write(4, "19", 2) = 2
[ 91.825978][ T5294] BTRFS info (device loop0): auto enabling async discard
[ 91.833939][ T5294] BTRFS info (device loop0): rebuilding free space tree
[ 91.850210][ T5294] FAULT_INJECTION: forcing a failure.
[ 91.850210][ T5294] name failslab, interval 1, probability 0, space 0, times 0
[ 91.863017][ T5294] CPU: 0 PID: 5294 Comm: syz-executor790 Not tainted 6.5.0-rc4-syzkaller-00245-gf6a691685962 #0
[ 91.866908][ T1458] cfg80211: failed to load regulatory.db
[ 91.873453][ T5294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[ 91.889197][ T5294] Call Trace:
[ 91.892514][ T5294]
[ 91.895484][ T5294] dump_stack_lvl+0x125/0x1b0
[ 91.900213][ T5294] should_fail_ex+0x496/0x5b0
[ 91.904948][ T5294] should_failslab+0x9/0x20
[ 91.909493][ T5294] __kmem_cache_alloc_node+0x5f/0x470
[ 91.914957][ T5294] ? spin_bug+0x1d0/0x1d0
[ 91.919347][ T5294] kmalloc_trace+0x25/0xe0
[ 91.923788][ T5294] join_transaction+0x136/0x1030
[ 91.928767][ T5294] start_transaction+0x757/0x14d0
[ 91.933820][ T5294] btrfs_tmpfile+0x2b9/0x440
[ 91.938444][ T5294] ? btrfs_create_new_inode+0x2610/0x2610
[ 91.944198][ T5294] ? do_raw_spin_unlock+0x173/0x230
[ 91.949428][ T5294] ? _raw_spin_unlock+0x28/0x40
[ 91.954321][ T5294] ? d_alloc+0x1b7/0x220
[ 91.958592][ T5294] vfs_tmpfile+0x2b1/0x4d0
[ 91.963035][ T5294] path_openat+0xc96/0x29c0
[ 91.967570][ T5294] ? path_lookupat+0x770/0x770
[ 91.972382][ T5294] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 91.978395][ T5294] do_filp_open+0x1de/0x430
[ 91.982928][ T5294] ? may_open_dev+0xf0/0xf0
[ 91.987460][ T5294] ? find_held_lock+0x2d/0x110
[ 91.992249][ T5294] ? _raw_spin_unlock+0x28/0x40
[ 91.997139][ T5294] ? alloc_fd+0x2da/0x6c0
[ 92.001509][ T5294] do_sys_openat2+0x176/0x1e0
[ 92.006218][ T5294] ? build_open_flags+0x690/0x690
[ 92.011278][ T5294] ? ptrace_notify+0xf4/0x130
[ 92.015975][ T5294] ? reacquire_held_locks+0x4b0/0x4b0
[ 92.021374][ T5294] __x64_sys_open+0x154/0x1e0
[ 92.026085][ T5294] ? do_sys_open+0x160/0x160
[ 92.030714][ T5294] ? _raw_spin_unlock_irq+0x2e/0x50
[ 92.035950][ T5294] ? ptrace_notify+0xf4/0x130
[ 92.040651][ T5294] do_syscall_64+0x38/0xb0
[ 92.045094][ T5294] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 92.051023][ T5294] RIP: 0033:0x7f12a085e2a9
[ 92.055462][ T5294] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[pid 5294] open("./file0", O_WRONLY|O_LARGEFILE|O_NOFOLLOW|O_TMPFILE, 000) = -1 ENOMEM (Cannot allocate memory)
[pid 5294] exit_group(0) = ?
[pid 5294] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5294, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=30 /* 0.30 s */} ---
umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555d0b6f0 /* 4 entries */, 32768) = 104
[ 92.075186][ T5294] RSP: 002b:00007ffd73ae0528 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[ 92.083625][ T5294] RAX: ffffffffffffffda RBX: 00007ffd73ae0550 RCX: 00007f12a085e2a9
[ 92.091634][ T5294] RDX: 0000000000000000 RSI: 0000000000438001 RDI: 0000000020000000
[ 92.099628][ T5294] RBP: 0000000000000002 R08: 00007ffd73ae02c6 R09: 00007ffd73ae0570
[ 92.107617][ T5294] R10: 0000000000000002 R11: 0000000000000246 R12: 00007ffd73ae054c
[ 92.115609][ T5294] R13: 000000000000000f R14: 431bde82d7b634db R15: 00007ffd73ae0590
[ 92.123606][ T5294]
umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./15/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555d13730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555d13730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./15/bus") = 0
umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./15/binderfs") = 0
getdents64(3, 0x555555d0b6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./15") = 0
mkdir("./16", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d0a650) = 5311
./strace-static-x86_64: Process 5311 attached
[pid 5311] set_robust_list(0x555555d0a660, 24) = 0
[pid 5311] chdir("./16") = 0
[pid 5311] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5311] setpgid(0, 0) = 0
[pid 5311] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5311] write(3, "1000", 4) = 4
[pid 5311] close(3) = 0
[pid 5311] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5311] memfd_create("syzkaller", 0) = 3
[pid 5311] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f129841f000
[pid 5311] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5311] munmap(0x7f129841f000, 16777216) = 0
[pid 5311] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5311] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5311] close(3) = 0
[pid 5311] mkdir("./bus", 0777) = 0
[ 92.555466][ T5311] loop0: detected capacity change from 0 to 32768
[ 92.564963][ T5311] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor790 (5311)
[ 92.583060][ T5311] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 92.591872][ T5311] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 92.602825][ T5311] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 92.613664][ T5311] BTRFS info (device loop0): force clearing of disk cache
[ 92.620851][ T5311] BTRFS info (device loop0): force zlib compression, level 3
[ 92.628414][ T5311] BTRFS info (device loop0): using free space tree
[ 92.645739][ T5311] BTRFS info (device loop0): enabling ssd optimizations
[pid 5311] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "user_subvol_rm_allowed,noinode_cache,inode_cache,clear_cache,compress-force,noacl,treelog,") = 0
[pid 5311] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5311] chdir("./bus") = 0
[pid 5311] ioctl(4, LOOP_CLR_FD) = 0
[pid 5311] close(4) = 0
[pid 5311] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5311] write(4, "19", 2) = 2
[ 92.652742][ T5311] BTRFS info (device loop0): auto enabling async discard
[ 92.660808][ T5311] BTRFS info (device loop0): rebuilding free space tree
[ 92.690093][ T5311] FAULT_INJECTION: forcing a failure.
[ 92.690093][ T5311] name failslab, interval 1, probability 0, space 0, times 0
[ 92.704046][ T5311] CPU: 1 PID: 5311 Comm: syz-executor790 Not tainted 6.5.0-rc4-syzkaller-00245-gf6a691685962 #0
[ 92.714525][ T5311] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[ 92.724622][ T5311] Call Trace:
[ 92.727937][ T5311]
[ 92.730904][ T5311] dump_stack_lvl+0x125/0x1b0
[ 92.735631][ T5311] should_fail_ex+0x496/0x5b0
[ 92.740378][ T5311] should_failslab+0x9/0x20
[ 92.744927][ T5311] kmem_cache_alloc+0x61/0x400
[ 92.749753][ T5311] ? do_raw_spin_unlock+0x173/0x230
[ 92.755020][ T5311] start_transaction+0x6b3/0x14d0
[ 92.760092][ T5311] btrfs_tmpfile+0x2b9/0x440
[ 92.764736][ T5311] ? btrfs_create_new_inode+0x2610/0x2610
[ 92.770517][ T5311] ? do_raw_spin_unlock+0x173/0x230
[ 92.775774][ T5311] ? _raw_spin_unlock+0x28/0x40
[ 92.780682][ T5311] ? d_alloc+0x1b7/0x220
[ 92.784970][ T5311] vfs_tmpfile+0x2b1/0x4d0
[ 92.789437][ T5311] path_openat+0xc96/0x29c0
[ 92.794109][ T5311] ? path_lookupat+0x770/0x770
[ 92.798928][ T5311] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 92.804974][ T5311] do_filp_open+0x1de/0x430
[ 92.809543][ T5311] ? may_open_dev+0xf0/0xf0
[ 92.814103][ T5311] ? find_held_lock+0x2d/0x110
[ 92.818923][ T5311] ? _raw_spin_unlock+0x28/0x40
[ 92.823848][ T5311] ? alloc_fd+0x2da/0x6c0
[ 92.828246][ T5311] do_sys_openat2+0x176/0x1e0
[ 92.832990][ T5311] ? build_open_flags+0x690/0x690
[ 92.838078][ T5311] ? ptrace_notify+0xf4/0x130
[ 92.842810][ T5311] ? reacquire_held_locks+0x4b0/0x4b0
[ 92.848242][ T5311] __x64_sys_open+0x154/0x1e0
[ 92.852985][ T5311] ? do_sys_open+0x160/0x160
[ 92.857655][ T5311] ? _raw_spin_unlock_irq+0x2e/0x50
[ 92.862919][ T5311] ? ptrace_notify+0xf4/0x130
[ 92.867643][ T5311] do_syscall_64+0x38/0xb0
[ 92.872106][ T5311] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 92.878045][ T5311] RIP: 0033:0x7f12a085e2a9
[ 92.882498][ T5311] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[pid 5311] open("./file0", O_WRONLY|O_LARGEFILE|O_NOFOLLOW|O_TMPFILE, 000) = -1 ENOMEM (Cannot allocate memory)
[pid 5311] exit_group(0) = ?
[pid 5311] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5311, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=37 /* 0.37 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555d0b6f0 /* 4 entries */, 32768) = 104
[ 92.902235][ T5311] RSP: 002b:00007ffd73ae0528 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[ 92.910671][ T5311] RAX: ffffffffffffffda RBX: 00007ffd73ae0550 RCX: 00007f12a085e2a9
[ 92.918652][ T5311] RDX: 0000000000000000 RSI: 0000000000438001 RDI: 0000000020000000
[ 92.926651][ T5311] RBP: 0000000000000002 R08: 00007ffd73ae02c6 R09: 00007ffd73ae0570
[ 92.934632][ T5311] R10: 0000000000000002 R11: 0000000000000246 R12: 00007ffd73ae054c
[ 92.942608][ T5311] R13: 0000000000000010 R14: 431bde82d7b634db R15: 00007ffd73ae0590
[ 92.950593][ T5311]
umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./16/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555d13730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555d13730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./16/bus") = 0
umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./16/binderfs") = 0
getdents64(3, 0x555555d0b6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./16") = 0
mkdir("./17", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d0a650) = 5328
./strace-static-x86_64: Process 5328 attached
[pid 5328] set_robust_list(0x555555d0a660, 24) = 0
[pid 5328] chdir("./17") = 0
[pid 5328] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5328] setpgid(0, 0) = 0
[pid 5328] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5328] write(3, "1000", 4) = 4
[pid 5328] close(3) = 0
[pid 5328] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5328] memfd_create("syzkaller", 0) = 3
[pid 5328] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f129841f000
[pid 5328] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5328] munmap(0x7f129841f000, 16777216) = 0
[pid 5328] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5328] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5328] close(3) = 0
[pid 5328] mkdir("./bus", 0777) = 0
[ 93.319319][ T5328] loop0: detected capacity change from 0 to 32768
[ 93.330603][ T5328] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor790 (5328)
[ 93.348459][ T5328] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 93.357275][ T5328] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 93.368344][ T5328] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 93.379398][ T5328] BTRFS info (device loop0): force clearing of disk cache
[ 93.386877][ T5328] BTRFS info (device loop0): force zlib compression, level 3
[ 93.394292][ T5328] BTRFS info (device loop0): using free space tree
[ 93.411417][ T5328] BTRFS info (device loop0): enabling ssd optimizations
[pid 5328] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "user_subvol_rm_allowed,noinode_cache,inode_cache,clear_cache,compress-force,noacl,treelog,") = 0
[pid 5328] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5328] chdir("./bus") = 0
[pid 5328] ioctl(4, LOOP_CLR_FD) = 0
[pid 5328] close(4) = 0
[pid 5328] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5328] write(4, "19", 2) = 2
[ 93.418759][ T5328] BTRFS info (device loop0): auto enabling async discard
[ 93.426935][ T5328] BTRFS info (device loop0): rebuilding free space tree
[ 93.456426][ T5328] FAULT_INJECTION: forcing a failure.
[ 93.456426][ T5328] name failslab, interval 1, probability 0, space 0, times 0
[ 93.469417][ T5328] CPU: 0 PID: 5328 Comm: syz-executor790 Not tainted 6.5.0-rc4-syzkaller-00245-gf6a691685962 #0
[ 93.480089][ T5328] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[ 93.490162][ T5328] Call Trace:
[ 93.493452][ T5328]
[ 93.496413][ T5328] dump_stack_lvl+0x125/0x1b0
[ 93.501147][ T5328] should_fail_ex+0x496/0x5b0
[ 93.505987][ T5328] should_failslab+0x9/0x20
[ 93.510550][ T5328] kmem_cache_alloc+0x61/0x400
[ 93.515387][ T5328] btrfs_create_new_inode+0x234/0x2610
[ 93.520949][ T5328] ? btrfs_link+0x790/0x790
[ 93.525517][ T5328] ? record_root_in_trans+0x2f7/0x3e0
[ 93.530962][ T5328] btrfs_tmpfile+0x2ed/0x440
[ 93.535605][ T5328] ? btrfs_create_new_inode+0x2610/0x2610
[ 93.541381][ T5328] ? do_raw_spin_unlock+0x173/0x230
[ 93.546733][ T5328] ? _raw_spin_unlock+0x28/0x40
[ 93.551659][ T5328] ? d_alloc+0x1b7/0x220
[ 93.555967][ T5328] vfs_tmpfile+0x2b1/0x4d0
[ 93.560527][ T5328] path_openat+0xc96/0x29c0
[ 93.565088][ T5328] ? path_lookupat+0x770/0x770
[ 93.569905][ T5328] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 93.575946][ T5328] do_filp_open+0x1de/0x430
[ 93.580505][ T5328] ? may_open_dev+0xf0/0xf0
[ 93.585075][ T5328] ? find_held_lock+0x2d/0x110
[ 93.589903][ T5328] ? _raw_spin_unlock+0x28/0x40
[ 93.594820][ T5328] ? alloc_fd+0x2da/0x6c0
[ 93.599225][ T5328] do_sys_openat2+0x176/0x1e0
[ 93.603965][ T5328] ? build_open_flags+0x690/0x690
[ 93.609052][ T5328] ? ptrace_notify+0xf4/0x130
[ 93.613772][ T5328] ? reacquire_held_locks+0x4b0/0x4b0
[ 93.619209][ T5328] __x64_sys_open+0x154/0x1e0
[ 93.623958][ T5328] ? do_sys_open+0x160/0x160
[ 93.628700][ T5328] ? _raw_spin_unlock_irq+0x2e/0x50
[ 93.633972][ T5328] ? ptrace_notify+0xf4/0x130
[ 93.638698][ T5328] do_syscall_64+0x38/0xb0
[ 93.643165][ T5328] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 93.649114][ T5328] RIP: 0033:0x7f12a085e2a9
[ 93.653572][ T5328] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 93.673236][ T5328] RSP: 002b:00007ffd73ae0528 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[ 93.681700][ T5328] RAX: ffffffffffffffda RBX: 00007ffd73ae0550 RCX: 00007f12a085e2a9
[ 93.689728][ T5328] RDX: 0000000000000000 RSI: 0000000000438001 RDI: 0000000020000000
[ 93.697758][ T5328] RBP: 0000000000000002 R08: 00007ffd73ae02c6 R09: 00007ffd73ae0570
[ 93.705790][ T5328] R10: 0000000000000002 R11: 0000000000000246 R12: 00007ffd73ae054c
[pid 5328] open("./file0", O_WRONLY|O_LARGEFILE|O_NOFOLLOW|O_TMPFILE, 000) = -1 ENOMEM (Cannot allocate memory)
[pid 5328] exit_group(0) = ?
[pid 5328] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5328, si_uid=0, si_status=0, si_utime=0, si_stime=32 /* 0.32 s */} ---
umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555d0b6f0 /* 4 entries */, 32768) = 104
[ 93.713812][ T5328] R13: 0000000000000011 R14: 431bde82d7b634db R15: 00007ffd73ae0590
[ 93.721839][ T5328]
umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./17/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555d13730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555d13730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./17/bus") = 0
umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./17/binderfs") = 0
getdents64(3, 0x555555d0b6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./17") = 0
mkdir("./18", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d0a650) = 5345
./strace-static-x86_64: Process 5345 attached
[pid 5345] set_robust_list(0x555555d0a660, 24) = 0
[pid 5345] chdir("./18") = 0
[pid 5345] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5345] setpgid(0, 0) = 0
[pid 5345] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5345] write(3, "1000", 4) = 4
[pid 5345] close(3) = 0
[pid 5345] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5345] memfd_create("syzkaller", 0) = 3
[pid 5345] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f129841f000
[pid 5345] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5345] munmap(0x7f129841f000, 16777216) = 0
[pid 5345] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5345] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5345] close(3) = 0
[pid 5345] mkdir("./bus", 0777) = 0
[ 94.118634][ T5345] loop0: detected capacity change from 0 to 32768
[ 94.131093][ T5345] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor790 (5345)
[ 94.148093][ T5345] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 94.157057][ T5345] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 94.168249][ T5345] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 94.179380][ T5345] BTRFS info (device loop0): force clearing of disk cache
[ 94.186883][ T5345] BTRFS info (device loop0): force zlib compression, level 3
[ 94.194307][ T5345] BTRFS info (device loop0): using free space tree
[pid 5345] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "user_subvol_rm_allowed,noinode_cache,inode_cache,clear_cache,compress-force,noacl,treelog,") = 0
[pid 5345] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5345] chdir("./bus") = 0
[pid 5345] ioctl(4, LOOP_CLR_FD) = 0
[pid 5345] close(4) = 0
[pid 5345] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5345] write(4, "19", 2) = 2
[ 94.213448][ T5345] BTRFS info (device loop0): enabling ssd optimizations
[ 94.220532][ T5345] BTRFS info (device loop0): auto enabling async discard
[ 94.228685][ T5345] BTRFS info (device loop0): rebuilding free space tree
[ 94.262722][ T5345] FAULT_INJECTION: forcing a failure.
[ 94.262722][ T5345] name failslab, interval 1, probability 0, space 0, times 0
[ 94.289468][ T5345] CPU: 0 PID: 5345 Comm: syz-executor790 Not tainted 6.5.0-rc4-syzkaller-00245-gf6a691685962 #0
[ 94.299951][ T5345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[ 94.310043][ T5345] Call Trace:
[ 94.313352][ T5345]
[ 94.316309][ T5345] dump_stack_lvl+0x125/0x1b0
[ 94.321036][ T5345] should_fail_ex+0x496/0x5b0
[ 94.325777][ T5345] should_failslab+0x9/0x20
[ 94.330354][ T5345] __kmem_cache_alloc_node+0x5f/0x470
[ 94.335794][ T5345] ? spin_bug+0x1d0/0x1d0
[ 94.340236][ T5345] kmalloc_trace+0x25/0xe0
[ 94.344694][ T5345] join_transaction+0x136/0x1030
[ 94.349673][ T5345] start_transaction+0x757/0x14d0
[ 94.354719][ T5345] btrfs_tmpfile+0x2b9/0x440
[ 94.359368][ T5345] ? btrfs_create_new_inode+0x2610/0x2610
[ 94.365119][ T5345] ? do_raw_spin_unlock+0x173/0x230
[ 94.370354][ T5345] ? _raw_spin_unlock+0x28/0x40
[ 94.375239][ T5345] ? d_alloc+0x1b7/0x220
[ 94.379504][ T5345] vfs_tmpfile+0x2b1/0x4d0
[ 94.383942][ T5345] path_openat+0xc96/0x29c0
[ 94.388565][ T5345] ? path_lookupat+0x770/0x770
[ 94.393352][ T5345] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 94.399358][ T5345] do_filp_open+0x1de/0x430
[ 94.403902][ T5345] ? may_open_dev+0xf0/0xf0
[ 94.408437][ T5345] ? find_held_lock+0x2d/0x110
[ 94.413233][ T5345] ? _raw_spin_unlock+0x28/0x40
[ 94.418120][ T5345] ? alloc_fd+0x2da/0x6c0
[ 94.422481][ T5345] do_sys_openat2+0x176/0x1e0
[ 94.427191][ T5345] ? build_open_flags+0x690/0x690
[ 94.432269][ T5345] ? ptrace_notify+0xf4/0x130
[ 94.436966][ T5345] ? reacquire_held_locks+0x4b0/0x4b0
[ 94.442368][ T5345] __x64_sys_open+0x154/0x1e0
[ 94.447080][ T5345] ? do_sys_open+0x160/0x160
[ 94.451704][ T5345] ? _raw_spin_unlock_irq+0x2e/0x50
[ 94.457031][ T5345] ? ptrace_notify+0xf4/0x130
[ 94.461729][ T5345] do_syscall_64+0x38/0xb0
[ 94.466291][ T5345] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 94.472222][ T5345] RIP: 0033:0x7f12a085e2a9
[ 94.476658][ T5345] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 94.496297][ T5345] RSP: 002b:00007ffd73ae0528 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[ 94.504739][ T5345] RAX: ffffffffffffffda RBX: 00007ffd73ae0550 RCX: 00007f12a085e2a9
[pid 5345] open("./file0", O_WRONLY|O_LARGEFILE|O_NOFOLLOW|O_TMPFILE, 000) = -1 ENOMEM (Cannot allocate memory)
[pid 5345] exit_group(0) = ?
[pid 5345] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5345, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=31 /* 0.31 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555d0b6f0 /* 4 entries */, 32768) = 104
[ 94.512731][ T5345] RDX: 0000000000000000 RSI: 0000000000438001 RDI: 0000000020000000
[ 94.520808][ T5345] RBP: 0000000000000002 R08: 00007ffd73ae02c6 R09: 00007ffd73ae0570
[ 94.528816][ T5345] R10: 0000000000000002 R11: 0000000000000246 R12: 00007ffd73ae054c
[ 94.536819][ T5345] R13: 0000000000000012 R14: 431bde82d7b634db R15: 00007ffd73ae0590
[ 94.544820][ T5345]
umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./18/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555d13730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555d13730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./18/bus") = 0
umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./18/binderfs") = 0
getdents64(3, 0x555555d0b6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./18") = 0
mkdir("./19", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d0a650) = 5362
./strace-static-x86_64: Process 5362 attached
[pid 5362] set_robust_list(0x555555d0a660, 24) = 0
[pid 5362] chdir("./19") = 0
[pid 5362] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5362] setpgid(0, 0) = 0
[pid 5362] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5362] write(3, "1000", 4) = 4
[pid 5362] close(3) = 0
[pid 5362] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5362] memfd_create("syzkaller", 0) = 3
[pid 5362] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f129841f000
[pid 5362] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5362] munmap(0x7f129841f000, 16777216) = 0
[pid 5362] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5362] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5362] close(3) = 0
[pid 5362] mkdir("./bus", 0777) = 0
[ 94.952646][ T5362] loop0: detected capacity change from 0 to 32768
[ 94.964310][ T5362] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor790 (5362)
[ 94.980985][ T5362] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 94.990182][ T5362] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 95.001104][ T5362] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 95.012031][ T5362] BTRFS info (device loop0): force clearing of disk cache
[ 95.019249][ T5362] BTRFS info (device loop0): force zlib compression, level 3
[ 95.026819][ T5362] BTRFS info (device loop0): using free space tree
[pid 5362] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "user_subvol_rm_allowed,noinode_cache,inode_cache,clear_cache,compress-force,noacl,treelog,") = 0
[pid 5362] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5362] chdir("./bus") = 0
[pid 5362] ioctl(4, LOOP_CLR_FD) = 0
[pid 5362] close(4) = 0
[pid 5362] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5362] write(4, "19", 2) = 2
[ 95.047841][ T5362] BTRFS info (device loop0): enabling ssd optimizations
[ 95.054992][ T5362] BTRFS info (device loop0): auto enabling async discard
[ 95.063170][ T5362] BTRFS info (device loop0): rebuilding free space tree
[ 95.088772][ T5362] FAULT_INJECTION: forcing a failure.
[ 95.088772][ T5362] name failslab, interval 1, probability 0, space 0, times 0
[ 95.102097][ T5362] CPU: 0 PID: 5362 Comm: syz-executor790 Not tainted 6.5.0-rc4-syzkaller-00245-gf6a691685962 #0
[ 95.112579][ T5362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[ 95.122675][ T5362] Call Trace:
[ 95.125984][ T5362]
[ 95.128946][ T5362] dump_stack_lvl+0x125/0x1b0
[ 95.133652][ T5362] should_fail_ex+0x496/0x5b0
[ 95.138367][ T5362] should_failslab+0x9/0x20
[ 95.142896][ T5362] kmem_cache_alloc+0x61/0x400
[ 95.147699][ T5362] btrfs_create_new_inode+0x234/0x2610
[ 95.153198][ T5362] ? btrfs_link+0x790/0x790
[ 95.157740][ T5362] ? record_root_in_trans+0x2f7/0x3e0
[ 95.163206][ T5362] btrfs_tmpfile+0x2ed/0x440
[ 95.167837][ T5362] ? btrfs_create_new_inode+0x2610/0x2610
[ 95.173590][ T5362] ? do_raw_spin_unlock+0x173/0x230
[ 95.178821][ T5362] ? _raw_spin_unlock+0x28/0x40
[ 95.183714][ T5362] ? d_alloc+0x1b7/0x220
[ 95.187990][ T5362] vfs_tmpfile+0x2b1/0x4d0
[ 95.192436][ T5362] path_openat+0xc96/0x29c0
[ 95.196974][ T5362] ? path_lookupat+0x770/0x770
[ 95.201775][ T5362] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 95.207787][ T5362] do_filp_open+0x1de/0x430
[ 95.212319][ T5362] ? may_open_dev+0xf0/0xf0
[ 95.216855][ T5362] ? find_held_lock+0x2d/0x110
[ 95.221646][ T5362] ? _raw_spin_unlock+0x28/0x40
[ 95.226535][ T5362] ? alloc_fd+0x2da/0x6c0
[ 95.230903][ T5362] do_sys_openat2+0x176/0x1e0
[ 95.235619][ T5362] ? build_open_flags+0x690/0x690
[ 95.240678][ T5362] ? ptrace_notify+0xf4/0x130
[ 95.245399][ T5362] ? reacquire_held_locks+0x4b0/0x4b0
[ 95.250803][ T5362] __x64_sys_open+0x154/0x1e0
[ 95.255515][ T5362] ? do_sys_open+0x160/0x160
[ 95.260141][ T5362] ? _raw_spin_unlock_irq+0x2e/0x50
[ 95.265389][ T5362] ? ptrace_notify+0xf4/0x130
[ 95.270089][ T5362] do_syscall_64+0x38/0xb0
[ 95.274538][ T5362] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 95.280483][ T5362] RIP: 0033:0x7f12a085e2a9
[ 95.284932][ T5362] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 95.304650][ T5362] RSP: 002b:00007ffd73ae0528 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[ 95.313095][ T5362] RAX: ffffffffffffffda RBX: 00007ffd73ae0550 RCX: 00007f12a085e2a9
[ 95.321178][ T5362] RDX: 0000000000000000 RSI: 0000000000438001 RDI: 0000000020000000
[ 95.329171][ T5362] RBP: 0000000000000002 R08: 00007ffd73ae02c6 R09: 00007ffd73ae0570
[ 95.337164][ T5362] R10: 0000000000000002 R11: 0000000000000246 R12: 00007ffd73ae054c
[ 95.345157][ T5362] R13: 0000000000000013 R14: 431bde82d7b634db R15: 00007ffd73ae0590
[pid 5362] open("./file0", O_WRONLY|O_LARGEFILE|O_NOFOLLOW|O_TMPFILE, 000) = -1 ENOMEM (Cannot allocate memory)
[pid 5362] exit_group(0) = ?
[pid 5362] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5362, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=35 /* 0.35 s */} ---
umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555d0b6f0 /* 4 entries */, 32768) = 104
[ 95.353150][ T5362]
umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./19/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555d13730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555d13730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./19/bus") = 0
umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./19/binderfs") = 0
getdents64(3, 0x555555d0b6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./19") = 0
mkdir("./20", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d0a650) = 5379
./strace-static-x86_64: Process 5379 attached
[pid 5379] set_robust_list(0x555555d0a660, 24) = 0
[pid 5379] chdir("./20") = 0
[pid 5379] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5379] setpgid(0, 0) = 0
[pid 5379] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5379] write(3, "1000", 4) = 4
[pid 5379] close(3) = 0
[pid 5379] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5379] memfd_create("syzkaller", 0) = 3
[pid 5379] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f129841f000
[pid 5379] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5379] munmap(0x7f129841f000, 16777216) = 0
[pid 5379] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5379] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5379] close(3) = 0
[pid 5379] mkdir("./bus", 0777) = 0
[ 95.780895][ T5379] loop0: detected capacity change from 0 to 32768
[ 95.792397][ T5379] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor790 (5379)
[ 95.809351][ T5379] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 95.818292][ T5379] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 95.829343][ T5379] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 95.840334][ T5379] BTRFS info (device loop0): force clearing of disk cache
[ 95.847665][ T5379] BTRFS info (device loop0): force zlib compression, level 3
[ 95.855198][ T5379] BTRFS info (device loop0): using free space tree
[ 95.874371][ T5379] BTRFS info (device loop0): enabling ssd optimizations
[pid 5379] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "user_subvol_rm_allowed,noinode_cache,inode_cache,clear_cache,compress-force,noacl,treelog,") = 0
[pid 5379] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5379] chdir("./bus") = 0
[pid 5379] ioctl(4, LOOP_CLR_FD) = 0
[pid 5379] close(4) = 0
[pid 5379] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5379] write(4, "19", 2) = 2
[pid 5379] open("./file0", O_WRONLY|O_LARGEFILE|O_NOFOLLOW|O_TMPFILE, 000) = 5
[pid 5379] exit_group(0) = ?
[pid 5379] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5379, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=31 /* 0.31 s */} ---
umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555d0b6f0 /* 4 entries */, 32768) = 104
[ 95.881526][ T5379] BTRFS info (device loop0): auto enabling async discard
[ 95.889589][ T5379] BTRFS info (device loop0): rebuilding free space tree
umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./20/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./20/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555d13730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555d13730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./20/bus") = 0
umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./20/binderfs") = 0
getdents64(3, 0x555555d0b6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./20") = 0
mkdir("./21", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d0a650) = 5396
./strace-static-x86_64: Process 5396 attached
[pid 5396] set_robust_list(0x555555d0a660, 24) = 0
[pid 5396] chdir("./21") = 0
[pid 5396] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5396] setpgid(0, 0) = 0
[pid 5396] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5396] write(3, "1000", 4) = 4
[pid 5396] close(3) = 0
[pid 5396] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5396] memfd_create("syzkaller", 0) = 3
[pid 5396] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f129841f000
[pid 5396] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5396] munmap(0x7f129841f000, 16777216) = 0
[pid 5396] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5396] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5396] close(3) = 0
[pid 5396] mkdir("./bus", 0777) = 0
[ 96.348503][ T5396] loop0: detected capacity change from 0 to 32768
[ 96.359543][ T5396] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor790 (5396)
[ 96.377414][ T5396] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 96.386276][ T5396] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 96.397179][ T5396] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 96.408023][ T5396] BTRFS info (device loop0): force clearing of disk cache
[ 96.415229][ T5396] BTRFS info (device loop0): force zlib compression, level 3
[ 96.422666][ T5396] BTRFS info (device loop0): using free space tree
[pid 5396] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "user_subvol_rm_allowed,noinode_cache,inode_cache,clear_cache,compress-force,noacl,treelog,") = 0
[pid 5396] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5396] chdir("./bus") = 0
[pid 5396] ioctl(4, LOOP_CLR_FD) = 0
[pid 5396] close(4) = 0
[pid 5396] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5396] write(4, "19", 2) = 2
[ 96.442649][ T5396] BTRFS info (device loop0): enabling ssd optimizations
[ 96.449902][ T5396] BTRFS info (device loop0): auto enabling async discard
[ 96.458233][ T5396] BTRFS info (device loop0): rebuilding free space tree
[ 96.497748][ T5396] FAULT_INJECTION: forcing a failure.
[ 96.497748][ T5396] name failslab, interval 1, probability 0, space 0, times 0
[ 96.510981][ T5396] CPU: 1 PID: 5396 Comm: syz-executor790 Not tainted 6.5.0-rc4-syzkaller-00245-gf6a691685962 #0
[ 96.521441][ T5396] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[ 96.531543][ T5396] Call Trace:
[ 96.534860][ T5396]
[ 96.537829][ T5396] dump_stack_lvl+0x125/0x1b0
[ 96.542562][ T5396] should_fail_ex+0x496/0x5b0
[ 96.547308][ T5396] should_failslab+0x9/0x20
[ 96.551865][ T5396] kmem_cache_alloc+0x61/0x400
[ 96.556692][ T5396] alloc_extent_state+0x1b/0x2d0
[ 96.561681][ T5396] __set_extent_bit+0xb20/0x1530
[ 96.566678][ T5396] ? assert_eb_page_uptodate+0x1e3/0x3a0
[ 96.572393][ T5396] set_extent_bit+0x3b/0x50
[ 96.576947][ T5396] btrfs_alloc_tree_block+0xb4c/0x1420
[ 96.582478][ T5396] ? btrfs_alloc_logged_file_extent+0x580/0x580
[ 96.588793][ T5396] ? find_held_lock+0x2d/0x110
[ 96.593618][ T5396] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 96.599664][ T5396] __btrfs_cow_block+0x3ce/0x18e0
[ 96.604740][ T5396] ? update_ref_for_cow+0xc10/0xc10
[ 96.609986][ T5396] ? btrfs_qgroup_add_swapped_blocks+0x9d0/0x9d0
[ 96.616378][ T5396] ? down_write_nested+0x153/0x200
[ 96.621524][ T5396] btrfs_cow_block+0x2f1/0x820
[ 96.626316][ T5396] btrfs_search_slot+0x12a0/0x30e0
[ 96.631462][ T5396] ? balance_level+0x2420/0x2420
[ 96.636430][ T5396] ? find_held_lock+0x2d/0x110
[ 96.641243][ T5396] ? btrfs_create_new_inode+0x763/0x2610
[ 96.646921][ T5396] ? reacquire_held_locks+0x4b0/0x4b0
[ 96.652334][ T5396] ? do_raw_spin_lock+0x12e/0x2b0
[ 96.657395][ T5396] ? spin_bug+0x1d0/0x1d0
[ 96.661781][ T5396] btrfs_insert_empty_items+0xb7/0x1b0
[ 96.667273][ T5396] ? do_raw_spin_unlock+0x173/0x230
[ 96.672512][ T5396] btrfs_create_new_inode+0x825/0x2610
[ 96.678016][ T5396] ? btrfs_link+0x790/0x790
[ 96.682554][ T5396] ? record_root_in_trans+0x2f7/0x3e0
[ 96.687974][ T5396] btrfs_tmpfile+0x2ed/0x440
[ 96.692596][ T5396] ? btrfs_create_new_inode+0x2610/0x2610
[ 96.698350][ T5396] ? do_raw_spin_unlock+0x173/0x230
[ 96.703595][ T5396] ? _raw_spin_unlock+0x28/0x40
[ 96.708494][ T5396] ? d_alloc+0x1b7/0x220
[ 96.712769][ T5396] vfs_tmpfile+0x2b1/0x4d0
[ 96.717223][ T5396] path_openat+0xc96/0x29c0
[ 96.721768][ T5396] ? path_lookupat+0x770/0x770
[ 96.726568][ T5396] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 96.732587][ T5396] do_filp_open+0x1de/0x430
[ 96.737122][ T5396] ? may_open_dev+0xf0/0xf0
[ 96.741651][ T5396] ? find_held_lock+0x2d/0x110
[ 96.746447][ T5396] ? _raw_spin_unlock+0x28/0x40
[ 96.751338][ T5396] ? alloc_fd+0x2da/0x6c0
[ 96.755710][ T5396] do_sys_openat2+0x176/0x1e0
[ 96.760422][ T5396] ? build_open_flags+0x690/0x690
[ 96.765512][ T5396] ? ptrace_notify+0xf4/0x130
[ 96.770223][ T5396] ? reacquire_held_locks+0x4b0/0x4b0
[ 96.775640][ T5396] __x64_sys_open+0x154/0x1e0
[ 96.780371][ T5396] ? do_sys_open+0x160/0x160
[ 96.785010][ T5396] ? _raw_spin_unlock_irq+0x2e/0x50
[ 96.790253][ T5396] ? ptrace_notify+0xf4/0x130
[ 96.794955][ T5396] do_syscall_64+0x38/0xb0
[ 96.799402][ T5396] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 96.805323][ T5396] RIP: 0033:0x7f12a085e2a9
[ 96.809756][ T5396] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 96.829389][ T5396] RSP: 002b:00007ffd73ae0528 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[ 96.837847][ T5396] RAX: ffffffffffffffda RBX: 00007ffd73ae0550 RCX: 00007f12a085e2a9
[pid 5396] open("./file0", O_WRONLY|O_LARGEFILE|O_NOFOLLOW|O_TMPFILE, 000) = 5
[pid 5396] exit_group(0) = ?
[pid 5396] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5396, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=32 /* 0.32 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555d0b6f0 /* 4 entries */, 32768) = 104
[ 96.845850][ T5396] RDX: 0000000000000000 RSI: 0000000000438001 RDI: 0000000020000000
[ 96.853841][ T5396] RBP: 0000000000000002 R08: 00007ffd73ae02c6 R09: 00007ffd73ae0570
[ 96.861836][ T5396] R10: 0000000000000002 R11: 0000000000000246 R12: 00007ffd73ae054c
[ 96.869829][ T5396] R13: 0000000000000015 R14: 431bde82d7b634db R15: 00007ffd73ae0590
[ 96.877825][ T5396]
umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./21/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./21/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555d13730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555d13730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./21/bus") = 0
umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./21/binderfs") = 0
getdents64(3, 0x555555d0b6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./21") = 0
mkdir("./22", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5413 attached
, child_tidptr=0x555555d0a650) = 5413
[pid 5413] set_robust_list(0x555555d0a660, 24) = 0
[pid 5413] chdir("./22") = 0
[pid 5413] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5413] setpgid(0, 0) = 0
[pid 5413] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5413] write(3, "1000", 4) = 4
[pid 5413] close(3) = 0
[pid 5413] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5413] memfd_create("syzkaller", 0) = 3
[pid 5413] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f129841f000
[pid 5413] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5413] munmap(0x7f129841f000, 16777216) = 0
[pid 5413] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5413] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5413] close(3) = 0
[pid 5413] mkdir("./bus", 0777) = 0
[ 97.268435][ T5413] loop0: detected capacity change from 0 to 32768
[ 97.279471][ T5413] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor790 (5413)
[ 97.296635][ T5413] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 97.305452][ T5413] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 97.316389][ T5413] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 97.327230][ T5413] BTRFS info (device loop0): force clearing of disk cache
[ 97.334358][ T5413] BTRFS info (device loop0): force zlib compression, level 3
[ 97.341832][ T5413] BTRFS info (device loop0): using free space tree
[ 97.359716][ T5413] BTRFS info (device loop0): enabling ssd optimizations
[pid 5413] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "user_subvol_rm_allowed,noinode_cache,inode_cache,clear_cache,compress-force,noacl,treelog,") = 0
[pid 5413] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5413] chdir("./bus") = 0
[pid 5413] ioctl(4, LOOP_CLR_FD) = 0
[pid 5413] close(4) = 0
[pid 5413] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5413] write(4, "19", 2) = 2
[ 97.367198][ T5413] BTRFS info (device loop0): auto enabling async discard
[ 97.375393][ T5413] BTRFS info (device loop0): rebuilding free space tree
[ 97.399860][ T5413] FAULT_INJECTION: forcing a failure.
[ 97.399860][ T5413] name failslab, interval 1, probability 0, space 0, times 0
[ 97.412795][ T5413] CPU: 1 PID: 5413 Comm: syz-executor790 Not tainted 6.5.0-rc4-syzkaller-00245-gf6a691685962 #0
[ 97.423272][ T5413] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[ 97.433378][ T5413] Call Trace:
[ 97.436699][ T5413]
[ 97.439663][ T5413] dump_stack_lvl+0x125/0x1b0
[ 97.444397][ T5413] should_fail_ex+0x496/0x5b0
[ 97.449146][ T5413] should_failslab+0x9/0x20
[ 97.453728][ T5413] kmem_cache_alloc+0x61/0x400
[ 97.458564][ T5413] btrfs_alloc_tree_block+0xbaf/0x1420
[ 97.464096][ T5413] ? btrfs_alloc_logged_file_extent+0x580/0x580
[ 97.470412][ T5413] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 97.476434][ T5413] __btrfs_cow_block+0x3ce/0x18e0
[ 97.481486][ T5413] ? update_ref_for_cow+0xc10/0xc10
[ 97.486704][ T5413] ? btrfs_qgroup_add_swapped_blocks+0x9d0/0x9d0
[ 97.493067][ T5413] ? down_write_nested+0x153/0x200
[ 97.498206][ T5413] btrfs_cow_block+0x2f1/0x820
[ 97.502995][ T5413] btrfs_search_slot+0x12a0/0x30e0
[ 97.508132][ T5413] ? balance_level+0x2420/0x2420
[ 97.513088][ T5413] ? find_held_lock+0x2d/0x110
[ 97.517877][ T5413] ? btrfs_create_new_inode+0x763/0x2610
[ 97.523546][ T5413] ? reacquire_held_locks+0x4b0/0x4b0
[ 97.528949][ T5413] ? do_raw_spin_lock+0x12e/0x2b0
[ 97.534024][ T5413] ? spin_bug+0x1d0/0x1d0
[ 97.538397][ T5413] btrfs_insert_empty_items+0xb7/0x1b0
[ 97.543908][ T5413] ? do_raw_spin_unlock+0x173/0x230
[ 97.549177][ T5413] btrfs_create_new_inode+0x825/0x2610
[ 97.554680][ T5413] ? btrfs_link+0x790/0x790
[ 97.559215][ T5413] ? record_root_in_trans+0x2f7/0x3e0
[ 97.564634][ T5413] btrfs_tmpfile+0x2ed/0x440
[ 97.569255][ T5413] ? btrfs_create_new_inode+0x2610/0x2610
[ 97.575012][ T5413] ? do_raw_spin_unlock+0x173/0x230
[ 97.580260][ T5413] ? _raw_spin_unlock+0x28/0x40
[ 97.585186][ T5413] ? d_alloc+0x1b7/0x220
[ 97.589462][ T5413] vfs_tmpfile+0x2b1/0x4d0
[ 97.593920][ T5413] path_openat+0xc96/0x29c0
[ 97.598465][ T5413] ? path_lookupat+0x770/0x770
[ 97.603268][ T5413] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 97.609285][ T5413] do_filp_open+0x1de/0x430
[ 97.613823][ T5413] ? may_open_dev+0xf0/0xf0
[ 97.618356][ T5413] ? find_held_lock+0x2d/0x110
[ 97.623177][ T5413] ? _raw_spin_unlock+0x28/0x40
[ 97.628064][ T5413] ? alloc_fd+0x2da/0x6c0
[ 97.632433][ T5413] do_sys_openat2+0x176/0x1e0
[ 97.637146][ T5413] ? build_open_flags+0x690/0x690
[ 97.642210][ T5413] ? ptrace_notify+0xf4/0x130
[ 97.646911][ T5413] ? reacquire_held_locks+0x4b0/0x4b0
[ 97.652333][ T5413] __x64_sys_open+0x154/0x1e0
[ 97.657042][ T5413] ? do_sys_open+0x160/0x160
[ 97.661680][ T5413] ? _raw_spin_unlock_irq+0x2e/0x50
[ 97.666935][ T5413] ? ptrace_notify+0xf4/0x130
[ 97.671643][ T5413] do_syscall_64+0x38/0xb0
[ 97.676094][ T5413] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 97.682019][ T5413] RIP: 0033:0x7f12a085e2a9
[ 97.686458][ T5413] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 97.706095][ T5413] RSP: 002b:00007ffd73ae0528 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[ 97.714534][ T5413] RAX: ffffffffffffffda RBX: 00007ffd73ae0550 RCX: 00007f12a085e2a9
[ 97.722527][ T5413] RDX: 0000000000000000 RSI: 0000000000438001 RDI: 0000000020000000
[ 97.730522][ T5413] RBP: 0000000000000002 R08: 00007ffd73ae02c6 R09: 00007ffd73ae0570
[ 97.738518][ T5413] R10: 0000000000000002 R11: 0000000000000246 R12: 00007ffd73ae054c
[ 97.746515][ T5413] R13: 0000000000000016 R14: 431bde82d7b634db R15: 00007ffd73ae0590
[ 97.754512][ T5413]
[pid 5413] open("./file0", O_WRONLY|O_LARGEFILE|O_NOFOLLOW|O_TMPFILE, 000) = -1 ENOMEM (Cannot allocate memory)
[pid 5413] exit_group(0) = ?
[pid 5413] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5413, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=35 /* 0.35 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555d0b6f0 /* 4 entries */, 32768) = 104
[ 97.765786][ T5413] BTRFS: error (device loop0: state A) in btrfs_create_new_inode:6401: errno=-12 Out of memory
[ 97.782410][ T5413] BTRFS info (device loop0: state EA): forced readonly
[ 97.864948][ T5016] ------------[ cut here ]------------
[ 97.870779][ T5016] WARNING: CPU: 1 PID: 5016 at fs/btrfs/space-info.h:198 btrfs_space_info_update_bytes_may_use+0x448/0x590
[ 97.882399][ T5016] Modules linked in:
[ 97.887051][ T5016] CPU: 1 PID: 5016 Comm: syz-executor790 Not tainted 6.5.0-rc4-syzkaller-00245-gf6a691685962 #0
[ 97.898037][ T5016] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[ 97.908840][ T5016] RIP: 0010:btrfs_space_info_update_bytes_may_use+0x448/0x590
[ 97.916489][ T5016] Code: fd e9 69 fc ff ff e8 a7 57 f4 fd 49 89 ee 4c 89 e6 49 f7 de 4c 89 f7 e8 a6 52 f4 fd 4d 39 f4 0f 83 7c fd ff ff e8 88 57 f4 fd <0f> 0b 45 31 e4 e9 75 fd ff ff e8 79 57 f4 fd 48 8d 7b 18 be ff ff
[ 97.936216][ T5016] RSP: 0018:ffffc9000341fac0 EFLAGS: 00010293
[ 97.942341][ T5016] RAX: 0000000000000000 RBX: ffff888073e4f800 RCX: 0000000000000000
[ 97.950437][ T5016] RDX: ffff88801a736080 RSI: ffffffff8390c8b8 RDI: 0000000000000006
[ 97.958538][ T5016] RBP: ffffffffffea0000 R08: 0000000000000006 R09: 0000000000160000
[ 97.966637][ T5016] R10: 000000000015f000 R11: 0000000000094000 R12: 000000000015f000
[ 97.974728][ T5016] R13: ffff888073e4f860 R14: 0000000000160000 R15: 0000000000000005
[ 97.982746][ T5016] FS: 0000555555d0a380(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[ 97.991792][ T5016] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 97.998488][ T5016] CR2: 00007ffd73adec88 CR3: 000000007f048000 CR4: 00000000003506e0
[ 98.006834][ T5016] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 98.014979][ T5016] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 98.023403][ T5016] Call Trace:
[ 98.026816][ T5016]
[ 98.029785][ T5016] ? __warn+0xe6/0x380
[ 98.033914][ T5016] ? btrfs_space_info_update_bytes_may_use+0x448/0x590
[ 98.040957][ T5016] ? report_bug+0x3bc/0x580
[ 98.046184][ T5016] ? handle_bug+0x3c/0x70
[ 98.050563][ T5016] ? exc_invalid_op+0x17/0x40
[ 98.055371][ T5016] ? asm_exc_invalid_op+0x1a/0x20
[ 98.060443][ T5016] ? btrfs_space_info_update_bytes_may_use+0x448/0x590
[ 98.067407][ T5016] ? btrfs_space_info_update_bytes_may_use+0x448/0x590
[ 98.074309][ T5016] btrfs_block_rsv_release+0x566/0x670
[ 98.079918][ T5016] btrfs_release_global_block_rsv+0x26/0x2e0
[ 98.086014][ T5016] btrfs_free_block_groups+0xa3a/0x11b0
[ 98.092262][ T5016] close_ctree+0x8c7/0xdd0
[ 98.096898][ T5016] ? btrfs_cleanup_transaction.isra.0+0x1200/0x1200
[ 98.104036][ T5016] ? find_rule+0x370/0x370
[ 98.108569][ T5016] ? __fsnotify_vfsmount_delete+0x20/0x20
[ 98.114526][ T5016] ? dispose_list+0x1e0/0x1e0
[ 98.119265][ T5016] ? fscrypt_destroy_keyring+0x1e/0x390
[ 98.125071][ T5016] ? btrfs_set_super+0x70/0x70
[ 98.129899][ T5016] generic_shutdown_super+0x158/0x480
[ 98.135408][ T5016] kill_anon_super+0x3a/0x60
[ 98.140053][ T5016] btrfs_kill_super+0x3b/0x50
[ 98.144842][ T5016] deactivate_locked_super+0x9a/0x170
[ 98.150486][ T5016] deactivate_super+0xde/0x100
[ 98.155415][ T5016] cleanup_mnt+0x222/0x3d0
[ 98.159896][ T5016] task_work_run+0x14d/0x240
[ 98.165003][ T5016] ? task_work_cancel+0x30/0x30
[ 98.169926][ T5016] ptrace_notify+0x10c/0x130
[ 98.174648][ T5016] syscall_exit_to_user_mode_prepare+0x120/0x220
[ 98.181044][ T5016] syscall_exit_to_user_mode+0xd/0x50
[ 98.186527][ T5016] do_syscall_64+0x44/0xb0
[ 98.190977][ T5016] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 98.196998][ T5016] RIP: 0033:0x7f12a085f507
[ 98.201441][ T5016] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8
[ 98.221161][ T5016] RSP: 002b:00007ffd73adf438 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[ 98.229673][ T5016] RAX: 0000000000000000 RBX: 0000000000017acc RCX: 00007f12a085f507
[ 98.237744][ T5016] RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffd73adf4f0
[ 98.245799][ T5016] RBP: 00007ffd73adf4f0 R08: 0000000000000000 R09: 0000000000000000
[ 98.253807][ T5016] R10: 00000000ffffffff R11: 0000000000000202 R12: 00007ffd73ae0570
[ 98.261869][ T5016] R13: 0000555555d0b6c0 R14: 431bde82d7b634db R15: 00007ffd73ae0590
[ 98.269924][ T5016]
[ 98.272953][ T5016] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 98.280235][ T5016] CPU: 1 PID: 5016 Comm: syz-executor790 Not tainted 6.5.0-rc4-syzkaller-00245-gf6a691685962 #0
[ 98.290656][ T5016] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[ 98.300719][ T5016] Call Trace:
[ 98.304001][ T5016]
[ 98.306945][ T5016] dump_stack_lvl+0xd9/0x1b0
[ 98.311548][ T5016] panic+0x6a4/0x750
[ 98.315459][ T5016] ? panic_smp_self_stop+0xa0/0xa0
[ 98.320583][ T5016] ? show_trace_log_lvl+0x29d/0x3c0
[ 98.325801][ T5016] ? btrfs_space_info_update_bytes_may_use+0x448/0x590
[ 98.332670][ T5016] check_panic_on_warn+0xab/0xb0
[ 98.337624][ T5016] __warn+0xf2/0x380
[ 98.341531][ T5016] ? btrfs_space_info_update_bytes_may_use+0x448/0x590
[ 98.348399][ T5016] report_bug+0x3bc/0x580
[ 98.352740][ T5016] handle_bug+0x3c/0x70
[ 98.356913][ T5016] exc_invalid_op+0x17/0x40
[ 98.361432][ T5016] asm_exc_invalid_op+0x1a/0x20
[ 98.366299][ T5016] RIP: 0010:btrfs_space_info_update_bytes_may_use+0x448/0x590
[ 98.373773][ T5016] Code: fd e9 69 fc ff ff e8 a7 57 f4 fd 49 89 ee 4c 89 e6 49 f7 de 4c 89 f7 e8 a6 52 f4 fd 4d 39 f4 0f 83 7c fd ff ff e8 88 57 f4 fd <0f> 0b 45 31 e4 e9 75 fd ff ff e8 79 57 f4 fd 48 8d 7b 18 be ff ff
[ 98.393404][ T5016] RSP: 0018:ffffc9000341fac0 EFLAGS: 00010293
[ 98.399498][ T5016] RAX: 0000000000000000 RBX: ffff888073e4f800 RCX: 0000000000000000
[ 98.407506][ T5016] RDX: ffff88801a736080 RSI: ffffffff8390c8b8 RDI: 0000000000000006
[ 98.415494][ T5016] RBP: ffffffffffea0000 R08: 0000000000000006 R09: 0000000000160000
[ 98.423499][ T5016] R10: 000000000015f000 R11: 0000000000094000 R12: 000000000015f000
[ 98.431500][ T5016] R13: ffff888073e4f860 R14: 0000000000160000 R15: 0000000000000005
[ 98.439503][ T5016] ? btrfs_space_info_update_bytes_may_use+0x448/0x590
[ 98.446384][ T5016] btrfs_block_rsv_release+0x566/0x670
[ 98.451874][ T5016] btrfs_release_global_block_rsv+0x26/0x2e0
[ 98.457876][ T5016] btrfs_free_block_groups+0xa3a/0x11b0
[ 98.463445][ T5016] close_ctree+0x8c7/0xdd0
[ 98.467893][ T5016] ? btrfs_cleanup_transaction.isra.0+0x1200/0x1200
[ 98.474526][ T5016] ? find_rule+0x370/0x370
[ 98.478962][ T5016] ? __fsnotify_vfsmount_delete+0x20/0x20
[ 98.484712][ T5016] ? dispose_list+0x1e0/0x1e0
[ 98.489419][ T5016] ? fscrypt_destroy_keyring+0x1e/0x390
[ 98.494990][ T5016] ? btrfs_set_super+0x70/0x70
[ 98.499790][ T5016] generic_shutdown_super+0x158/0x480
[ 98.505193][ T5016] kill_anon_super+0x3a/0x60
[ 98.509809][ T5016] btrfs_kill_super+0x3b/0x50
[ 98.514525][ T5016] deactivate_locked_super+0x9a/0x170
[ 98.519936][ T5016] deactivate_super+0xde/0x100
[ 98.524731][ T5016] cleanup_mnt+0x222/0x3d0
[ 98.529174][ T5016] task_work_run+0x14d/0x240
[ 98.533796][ T5016] ? task_work_cancel+0x30/0x30
[ 98.538689][ T5016] ptrace_notify+0x10c/0x130
[ 98.543299][ T5016] syscall_exit_to_user_mode_prepare+0x120/0x220
[ 98.549667][ T5016] syscall_exit_to_user_mode+0xd/0x50
[ 98.555070][ T5016] do_syscall_64+0x44/0xb0
[ 98.559515][ T5016] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 98.565433][ T5016] RIP: 0033:0x7f12a085f507
[ 98.569866][ T5016] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8
[ 98.589498][ T5016] RSP: 002b:00007ffd73adf438 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[ 98.597933][ T5016] RAX: 0000000000000000 RBX: 0000000000017acc RCX: 00007f12a085f507
[ 98.605923][ T5016] RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffd73adf4f0
[ 98.613914][ T5016] RBP: 00007ffd73adf4f0 R08: 0000000000000000 R09: 0000000000000000
[ 98.621905][ T5016] R10: 00000000ffffffff R11: 0000000000000202 R12: 00007ffd73ae0570
[ 98.629896][ T5016] R13: 0000555555d0b6c0 R14: 431bde82d7b634db R15: 00007ffd73ae0590
[ 98.637895][ T5016]
[ 98.641199][ T5016] Kernel Offset: disabled
[ 98.645718][ T5016] Rebooting in 86400 seconds..