./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2164746115
<...>
Warning: Permanently added '10.128.0.89' (ECDSA) to the list of known hosts.
execve("./syz-executor2164746115", ["./syz-executor2164746115"], 0x7ffccd4d2f50 /* 10 vars */) = 0
brk(NULL) = 0x5555562f4000
brk(0x5555562f4c40) = 0x5555562f4c40
arch_prctl(ARCH_SET_FS, 0x5555562f4300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor2164746115", 4096) = 28
brk(0x555556315c40) = 0x555556315c40
brk(0x555556316000) = 0x555556316000
mprotect(0x7f17f7bd2000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
getpid() = 4993
mkdir("./syzkaller.IkUPxL", 0700) = 0
chmod("./syzkaller.IkUPxL", 0777) = 0
chdir("./syzkaller.IkUPxL") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555562f45d0) = 4994
./strace-static-x86_64: Process 4994 attached
[pid 4994] chdir("./0") = 0
[pid 4994] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 4994] setpgid(0, 0) = 0
[pid 4994] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 4994] write(3, "1000", 4) = 4
[pid 4994] close(3) = 0
[pid 4994] symlink("/dev/binderfs", "./binderfs") = 0
[pid 4994] memfd_create("syzkaller", 0) = 3
[pid 4994] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17ef711000
[ 56.467699][ T4994] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=4994 'syz-executor216'
[pid 4994] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 4994] munmap(0x7f17ef711000, 16777216) = 0
[pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 4994] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 4994] close(3) = 0
[pid 4994] mkdir("./file0", 0777) = 0
[ 56.636308][ T4994] loop0: detected capacity change from 0 to 32768
[ 56.649809][ T4994] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (4994)
[ 56.669380][ T4994] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[pid 4994] mount("/dev/loop0", "./file0", "btrfs", 0, "noinode_cache,noautodefrag,ref_verify,") = 0
[pid 4994] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 4994] chdir("./file0") = 0
[pid 4994] ioctl(4, LOOP_CLR_FD) = 0
[pid 4994] close(4) = 0
[ 56.678730][ T4994] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 56.689845][ T4994] BTRFS info (device loop0): doing ref verification
[ 56.696675][ T4994] BTRFS info (device loop0): using free space tree
[ 56.718832][ T4994] BTRFS info (device loop0): enabling ssd optimizations
[ 56.725955][ T4994] BTRFS info (device loop0): auto enabling async discard
[pid 4994] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 4994] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 4994] openat(AT_FDCWD, "blkio.bfq.time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[pid 4994] write(5, "\x63\x67\x72\x6f\x75\x70\x2e\x63\x6f\x6e\x74\x72\x6f\x6c\x6c\x65\x72\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191
[pid 4994] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 4994] write(6, "5", 1) = 1
[ 56.824880][ T4994] FAULT_INJECTION: forcing a failure.
[ 56.824880][ T4994] name failslab, interval 1, probability 0, space 0, times 1
[ 56.840705][ T12] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 56.850273][ T4994] CPU: 0 PID: 4994 Comm: syz-executor216 Not tainted 6.4.0-rc7-syzkaller-00226-ga92b7d26c743 #0
[ 56.860714][ T4994] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 56.870790][ T4994] Call Trace:
[ 56.874090][ T4994]
[ 56.877044][ T4994] dump_stack_lvl+0x1e7/0x2d0
[ 56.881770][ T4994] ? nf_tcp_handle_invalid+0x650/0x650
[ 56.887256][ T4994] ? panic+0x770/0x770
[ 56.891356][ T4994] ? tomoyo_init_log+0x1cfd/0x2040
[ 56.896505][ T4994] should_fail_ex+0x3aa/0x4e0
[ 56.901215][ T4994] should_failslab+0x9/0x20
[ 56.905834][ T4994] slab_pre_alloc_hook+0x59/0x2b0
[ 56.910884][ T4994] ? tomoyo_supervisor+0xe06/0x11f0
[ 56.916077][ T4994] __kmem_cache_alloc_node+0x4b/0x290
[ 56.921450][ T4994] ? rcu_lock_release+0x30/0x30
[ 56.926323][ T4994] ? tomoyo_supervisor+0xe06/0x11f0
[ 56.931519][ T4994] __kmalloc+0xa8/0x230
[ 56.935685][ T4994] tomoyo_supervisor+0xe06/0x11f0
[ 56.940702][ T4994] ? print_irqtrace_events+0x220/0x220
[ 56.946157][ T4994] ? tomoyo_path_permission+0x1cc/0x360
[ 56.951700][ T4994] ? tomoyo_profile+0x50/0x50
[ 56.956368][ T4994] ? kasan_quarantine_put+0xd8/0x230
[ 56.961648][ T4994] ? lockdep_hardirqs_on+0x98/0x140
[ 56.966846][ T4994] ? __kmem_cache_free+0x264/0x3c0
[ 56.971957][ T4994] ? tomoyo_check_path_acl+0xeb/0x1c0
[ 56.977352][ T4994] ? tomoyo_check_acl+0x378/0x3f0
[ 56.982387][ T4994] ? tomoyo_execute_permission+0x410/0x410
[ 56.988201][ T4994] tomoyo_path_permission+0x243/0x360
[ 56.993601][ T4994] tomoyo_path_perm+0x455/0x700
[ 56.998463][ T4994] ? tomoyo_path_permission+0x360/0x360
[ 57.004021][ T4994] ? rcu_read_lock_any_held+0xb7/0x160
[ 57.009479][ T4994] ? rcu_read_lock_bh_held+0x120/0x120
[ 57.014935][ T4994] ? print_irqtrace_events+0x220/0x220
[ 57.020397][ T4994] security_file_truncate+0x61/0x90
[ 57.025617][ T4994] do_sys_ftruncate+0x254/0x380
[ 57.030472][ T4994] do_syscall_64+0x41/0xc0
[ 57.034880][ T4994] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 57.040774][ T4994] RIP: 0033:0x7f17f7b5ead9
[ 57.045182][ T4994] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 57.064796][ T4994] RSP: 002b:00007ffe745448b8 EFLAGS: 00000246 ORIG_RAX: 000000000000004d
[pid 4994] ftruncate(5, 0) = 0
[pid 4994] exit_group(0) = ?
[ 57.073235][ T4994] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f17f7b5ead9
[ 57.081198][ T4994] RDX: 00000000000008e0 RSI: 0000000000000000 RDI: 0000000000000005
[ 57.089164][ T4994] RBP: 00007ffe745448e0 R08: 0000000000000001 R09: 00007ffe745448f0
[ 57.097139][ T4994] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[ 57.105131][ T4994] R13: 00007ffe74544920 R14: 00007ffe74544900 R15: 0000000000000000
[ 57.113141][ T4994]
[pid 4994] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4994, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=28 /* 0.28 s */} ---
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555562f5620 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./0/binderfs") = 0
[ 57.125354][ T4994] syz-executor216 (4994) used greatest stack depth: 19888 bytes left
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555562fd660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562fd660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./0/file0") = 0
getdents64(3, 0x5555562f5620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./0") = 0
mkdir("./1", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555562f45d0) = 5016
./strace-static-x86_64: Process 5016 attached
[pid 5016] chdir("./1") = 0
[pid 5016] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5016] setpgid(0, 0) = 0
[pid 5016] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5016] write(3, "1000", 4) = 4
[pid 5016] close(3) = 0
[pid 5016] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5016] memfd_create("syzkaller", 0) = 3
[pid 5016] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17ef711000
[pid 5016] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5016] munmap(0x7f17ef711000, 16777216) = 0
[pid 5016] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5016] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5016] close(3) = 0
[pid 5016] mkdir("./file0", 0777) = 0
[ 57.418617][ T5016] loop0: detected capacity change from 0 to 32768
[ 57.430144][ T5016] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (5016)
[ 57.447708][ T5016] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 57.456677][ T5016] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[pid 5016] mount("/dev/loop0", "./file0", "btrfs", 0, "noinode_cache,noautodefrag,ref_verify,") = 0
[pid 5016] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5016] chdir("./file0") = 0
[pid 5016] ioctl(4, LOOP_CLR_FD) = 0
[pid 5016] close(4) = 0
[pid 5016] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 57.467963][ T5016] BTRFS info (device loop0): doing ref verification
[ 57.474763][ T5016] BTRFS info (device loop0): using free space tree
[ 57.492916][ T5016] BTRFS info (device loop0): enabling ssd optimizations
[ 57.499925][ T5016] BTRFS info (device loop0): auto enabling async discard
[pid 5016] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 5016] openat(AT_FDCWD, "blkio.bfq.time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[pid 5016] write(5, "\x63\x67\x72\x6f\x75\x70\x2e\x63\x6f\x6e\x74\x72\x6f\x6c\x6c\x65\x72\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191
[pid 5016] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 5016] write(6, "5", 1) = 1
[ 57.541110][ T5016] FAULT_INJECTION: forcing a failure.
[ 57.541110][ T5016] name failslab, interval 1, probability 0, space 0, times 0
[ 57.554008][ T5016] CPU: 0 PID: 5016 Comm: syz-executor216 Not tainted 6.4.0-rc7-syzkaller-00226-ga92b7d26c743 #0
[ 57.564190][ T12] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 57.564424][ T5016] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 57.564442][ T5016] Call Trace:
[ 57.564449][ T5016]
[ 57.589838][ T5016] dump_stack_lvl+0x1e7/0x2d0
[ 57.594554][ T5016] ? nf_tcp_handle_invalid+0x650/0x650
[ 57.600042][ T5016] ? panic+0x770/0x770
[ 57.604143][ T5016] ? tomoyo_init_log+0x1cfd/0x2040
[ 57.609278][ T5016] should_fail_ex+0x3aa/0x4e0
[ 57.613987][ T5016] should_failslab+0x9/0x20
[ 57.618514][ T5016] slab_pre_alloc_hook+0x59/0x2b0
[ 57.623568][ T5016] ? tomoyo_supervisor+0xe06/0x11f0
[ 57.628791][ T5016] __kmem_cache_alloc_node+0x4b/0x290
[ 57.634191][ T5016] ? rcu_lock_release+0x30/0x30
[ 57.639068][ T5016] ? tomoyo_supervisor+0xe06/0x11f0
[ 57.644290][ T5016] __kmalloc+0xa8/0x230
[ 57.648471][ T5016] tomoyo_supervisor+0xe06/0x11f0
[ 57.653526][ T5016] ? print_irqtrace_events+0x220/0x220
[ 57.659015][ T5016] ? tomoyo_path_permission+0x1cc/0x360
[ 57.664586][ T5016] ? tomoyo_profile+0x50/0x50
[ 57.669371][ T5016] ? kasan_quarantine_put+0xd8/0x230
[ 57.674678][ T5016] ? lockdep_hardirqs_on+0x98/0x140
[ 57.679919][ T5016] ? __kmem_cache_free+0x264/0x3c0
[ 57.685061][ T5016] ? tomoyo_check_path_acl+0xeb/0x1c0
[ 57.690459][ T5016] ? tomoyo_check_acl+0x378/0x3f0
[ 57.695504][ T5016] ? tomoyo_execute_permission+0x410/0x410
[ 57.701322][ T5016] tomoyo_path_permission+0x243/0x360
[ 57.706695][ T5016] tomoyo_path_perm+0x455/0x700
[ 57.711546][ T5016] ? tomoyo_path_permission+0x360/0x360
[ 57.717147][ T5016] ? rcu_read_lock_any_held+0xb7/0x160
[ 57.722633][ T5016] ? rcu_read_lock_bh_held+0x120/0x120
[ 57.728118][ T5016] ? print_irqtrace_events+0x220/0x220
[ 57.733601][ T5016] security_file_truncate+0x61/0x90
[ 57.739085][ T5016] do_sys_ftruncate+0x254/0x380
[ 57.743945][ T5016] do_syscall_64+0x41/0xc0
[ 57.748350][ T5016] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 57.754246][ T5016] RIP: 0033:0x7f17f7b5ead9
[ 57.758796][ T5016] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 57.778401][ T5016] RSP: 002b:00007ffe745448b8 EFLAGS: 00000246 ORIG_RAX: 000000000000004d
[pid 5016] ftruncate(5, 0) = 0
[pid 5016] exit_group(0) = ?
[pid 5016] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5016, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=20 /* 0.20 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555562f5620 /* 4 entries */, 32768) = 112
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./1/binderfs") = 0
[ 57.786826][ T5016] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f17f7b5ead9
[ 57.794817][ T5016] RDX: 00000000000008e0 RSI: 0000000000000000 RDI: 0000000000000005
[ 57.802801][ T5016] RBP: 00007ffe745448e0 R08: 0000000000000001 R09: 00007ffe745448f0
[ 57.810766][ T5016] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[ 57.818735][ T5016] R13: 00007ffe74544920 R14: 00007ffe74544900 R15: 0000000000000001
[ 57.826720][ T5016]
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555562fd660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562fd660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./1/file0") = 0
getdents64(3, 0x5555562f5620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./1") = 0
mkdir("./2", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5034 attached
, child_tidptr=0x5555562f45d0) = 5034
[pid 5034] chdir("./2") = 0
[pid 5034] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5034] setpgid(0, 0) = 0
[pid 5034] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5034] write(3, "1000", 4) = 4
[pid 5034] close(3) = 0
[pid 5034] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5034] memfd_create("syzkaller", 0) = 3
[pid 5034] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17ef711000
[pid 5034] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5034] munmap(0x7f17ef711000, 16777216) = 0
[pid 5034] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5034] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5034] close(3) = 0
[pid 5034] mkdir("./file0", 0777) = 0
[ 58.114172][ T5034] loop0: detected capacity change from 0 to 32768
[ 58.125670][ T5034] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor216 (5034)
[ 58.142308][ T5034] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 58.151031][ T5034] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[pid 5034] mount("/dev/loop0", "./file0", "btrfs", 0, "noinode_cache,noautodefrag,ref_verify,") = 0
[pid 5034] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5034] chdir("./file0") = 0
[pid 5034] ioctl(4, LOOP_CLR_FD) = 0
[pid 5034] close(4) = 0
[pid 5034] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 5034] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 5034] openat(AT_FDCWD, "blkio.bfq.time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[ 58.162140][ T5034] BTRFS info (device loop0): doing ref verification
[ 58.168747][ T5034] BTRFS info (device loop0): using free space tree
[ 58.187523][ T5034] BTRFS info (device loop0): enabling ssd optimizations
[ 58.194827][ T5034] BTRFS info (device loop0): auto enabling async discard
[pid 5034] write(5, "\x63\x67\x72\x6f\x75\x70\x2e\x63\x6f\x6e\x74\x72\x6f\x6c\x6c\x65\x72\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191
[pid 5034] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 5034] write(6, "5", 1) = 1
[ 58.249518][ T5034] FAULT_INJECTION: forcing a failure.
[ 58.249518][ T5034] name failslab, interval 1, probability 0, space 0, times 0
[ 58.262561][ T5034] CPU: 0 PID: 5034 Comm: syz-executor216 Not tainted 6.4.0-rc7-syzkaller-00226-ga92b7d26c743 #0
[ 58.273089][ T5034] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 58.283168][ T5034] Call Trace:
[ 58.286468][ T5034]
[ 58.289417][ T5034] dump_stack_lvl+0x1e7/0x2d0
[ 58.294119][ T5034] ? nf_tcp_handle_invalid+0x650/0x650
[ 58.299602][ T5034] ? panic+0x770/0x770
[ 58.303708][ T5034] should_fail_ex+0x3aa/0x4e0
[ 58.308412][ T5034] should_failslab+0x9/0x20
[ 58.312935][ T5034] slab_pre_alloc_hook+0x59/0x2b0
[ 58.317986][ T5034] ? ulist_add_merge+0x14c/0x470
[ 58.322949][ T5034] __kmem_cache_alloc_node+0x4b/0x290
[ 58.326121][ T12] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 58.328342][ T5034] ? ulist_add_merge+0x14c/0x470
[ 58.342451][ T5034] kmalloc_trace+0x2a/0xe0
[ 58.346894][ T5034] ulist_add_merge+0x14c/0x470
[ 58.351693][ T5034] clear_state_bit+0x148/0x330
[ 58.356488][ T5034] __clear_extent_bit+0x523/0xb20
[ 58.361548][ T5034] clear_record_extent_bits+0x52/0x90
[ 58.366945][ T5034] __btrfs_qgroup_release_data+0x4a4/0xa60
[ 58.372757][ T5034] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0
[ 58.378729][ T5034] ? btrfs_qgroup_free_data+0x40/0x40
[ 58.384097][ T5034] ? print_irqtrace_events+0x220/0x220
[ 58.389549][ T5034] ? _raw_spin_lock_irq+0xdf/0x120
[ 58.394664][ T5034] ? _raw_spin_unlock_irq+0x2e/0x50
[ 58.399959][ T5034] btrfs_invalidate_folio+0x87d/0xfc0
[ 58.405348][ T5034] ? folio_test_hugetlb+0xa0/0x1d0
[ 58.410477][ T5034] ? btrfs_readahead+0x20/0x20
[ 58.415239][ T5034] ? truncate_inode_pages_range+0x11b0/0x11b0
[ 58.421310][ T5034] ? btrfs_readahead+0x20/0x20
[ 58.426076][ T5034] truncate_cleanup_folio+0x1e3/0x5f0
[ 58.431461][ T5034] truncate_inode_pages_range+0x2bc/0x11b0
[ 58.437296][ T5034] ? mapping_evict_folio+0x5d0/0x5d0
[ 58.442601][ T5034] ? unmap_mapping_pages+0x180/0x180
[ 58.447885][ T5034] ? inode_maybe_inc_iversion+0x1a3/0x1f0
[ 58.453612][ T5034] ? generic_set_encrypted_ci_d_ops+0x100/0x100
[ 58.459862][ T5034] truncate_setsize+0xcf/0xf0
[ 58.464550][ T5034] btrfs_setattr+0x622/0x11b0
[ 58.469234][ T5034] ? smack_inode_setattr+0x1cd/0x260
[ 58.474552][ T5034] ? btrfs_permission+0x1b0/0x1b0
[ 58.479586][ T5034] ? current_time+0x1be/0x300
[ 58.484257][ T5034] ? atime_needs_update+0x6d0/0x6d0
[ 58.489469][ T5034] ? evm_inode_setattr+0x100/0x740
[ 58.494586][ T5034] ? bpf_lsm_inode_setattr+0x9/0x10
[ 58.499779][ T5034] ? security_inode_setattr+0xd7/0x130
[ 58.505232][ T5034] ? btrfs_permission+0x1b0/0x1b0
[ 58.510249][ T5034] notify_change+0xc8b/0xf40
[ 58.514854][ T5034] do_truncate+0x220/0x300
[ 58.519287][ T5034] ? put_page_bootmem+0x2e0/0x2e0
[ 58.524328][ T5034] ? print_irqtrace_events+0x220/0x220
[ 58.529790][ T5034] do_sys_ftruncate+0x2e4/0x380
[ 58.534660][ T5034] do_syscall_64+0x41/0xc0
[ 58.539065][ T5034] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 58.544950][ T5034] RIP: 0033:0x7f17f7b5ead9
[ 58.549359][ T5034] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 58.568989][ T5034] RSP: 002b:00007ffe745448b8 EFLAGS: 00000246 ORIG_RAX: 000000000000004d
[ 58.577420][ T5034] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f17f7b5ead9
[ 58.585402][ T5034] RDX: 00000000000008e0 RSI: 0000000000000000 RDI: 0000000000000005
[ 58.593395][ T5034] RBP: 00007ffe745448e0 R08: 0000000000000001 R09: 00007ffe745448f0
[ 58.601384][ T5034] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[ 58.609356][ T5034] R13: 00007ffe74544920 R14: 00007ffe74544900 R15: 0000000000000002
[ 58.617338][ T5034]
[ 58.620969][ T5034] ------------[ cut here ]------------
[ 58.626496][ T5034] kernel BUG at fs/btrfs/extent-io-tree.c:515!
[ 58.632725][ T5034] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[ 58.638800][ T5034] CPU: 0 PID: 5034 Comm: syz-executor216 Not tainted 6.4.0-rc7-syzkaller-00226-ga92b7d26c743 #0
[ 58.649201][ T5034] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 58.659258][ T5034] RIP: 0010:clear_state_bit+0x328/0x330
[ 58.664818][ T5034] Code: 34 fe e9 9a fd ff ff 44 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c c7 fe ff ff 4c 89 ef e8 52 84 34 fe e9 ba fe ff ff e8 58 a1 dc fd <0f> 0b 66 0f 1f 44 00 00 f3 0f 1e fa 55 48 89 e5 41 57 41 56 41 55
[ 58.684456][ T5034] RSP: 0018:ffffc90003cdf450 EFLAGS: 00010293
[ 58.690538][ T5034] RAX: ffffffff83aee398 RBX: 00000000fffffff4 RCX: ffff88801f69bb80
[ 58.698514][ T5034] RDX: 0000000000000000 RSI: 00000000fffffff4 RDI: 0000000000000000
[ 58.706482][ T5034] RBP: 0000000000000000 R08: ffffffff83aee1c3 R09: fffffbfff1a0390b
[ 58.714449][ T5034] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff88807c624d80
[ 58.722410][ T5034] R13: ffffc90003cdf658 R14: 0000000000000800 R15: dffffc0000000000
[ 58.730372][ T5034] FS: 00005555562f4300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[ 58.739288][ T5034] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 58.745859][ T5034] CR2: 0000000020009000 CR3: 0000000029eab000 CR4: 00000000003506f0
[ 58.753825][ T5034] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 58.761784][ T5034] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 58.769744][ T5034] Call Trace:
[ 58.773013][ T5034]
[ 58.775933][ T5034] ? __die_body+0x5e/0xa0
[ 58.780281][ T5034] ? die+0x87/0xb0
[ 58.784001][ T5034] ? do_trap+0x11e/0x350
[ 58.788245][ T5034] ? clear_state_bit+0x328/0x330
[ 58.793173][ T5034] ? clear_state_bit+0x328/0x330
[ 58.798110][ T5034] ? do_error_trap+0x141/0x1f0
[ 58.802869][ T5034] ? clear_state_bit+0x328/0x330
[ 58.807803][ T5034] ? do_int3+0x30/0x30
[ 58.811868][ T5034] ? handle_invalid_op+0x2c/0x40
[ 58.816798][ T5034] ? clear_state_bit+0x328/0x330
[ 58.821727][ T5034] ? exc_invalid_op+0x33/0x50
[ 58.826411][ T5034] ? asm_exc_invalid_op+0x1a/0x20
[ 58.831440][ T5034] ? clear_state_bit+0x153/0x330
[ 58.836379][ T5034] ? clear_state_bit+0x328/0x330
[ 58.841419][ T5034] ? clear_state_bit+0x328/0x330
[ 58.846366][ T5034] __clear_extent_bit+0x523/0xb20
[ 58.851400][ T5034] clear_record_extent_bits+0x52/0x90
[ 58.856772][ T5034] __btrfs_qgroup_release_data+0x4a4/0xa60
[ 58.862582][ T5034] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0
[ 58.868554][ T5034] ? btrfs_qgroup_free_data+0x40/0x40
[ 58.873920][ T5034] ? print_irqtrace_events+0x220/0x220
[ 58.879370][ T5034] ? _raw_spin_lock_irq+0xdf/0x120
[ 58.884473][ T5034] ? _raw_spin_unlock_irq+0x2e/0x50
[ 58.889664][ T5034] btrfs_invalidate_folio+0x87d/0xfc0
[ 58.895026][ T5034] ? folio_test_hugetlb+0xa0/0x1d0
[ 58.900131][ T5034] ? btrfs_readahead+0x20/0x20
[ 58.904880][ T5034] ? truncate_inode_pages_range+0x11b0/0x11b0
[ 58.910939][ T5034] ? btrfs_readahead+0x20/0x20
[ 58.915687][ T5034] truncate_cleanup_folio+0x1e3/0x5f0
[ 58.921048][ T5034] truncate_inode_pages_range+0x2bc/0x11b0
[ 58.926844][ T5034] ? mapping_evict_folio+0x5d0/0x5d0
[ 58.932126][ T5034] ? unmap_mapping_pages+0x180/0x180
[ 58.937396][ T5034] ? inode_maybe_inc_iversion+0x1a3/0x1f0
[ 58.943108][ T5034] ? generic_set_encrypted_ci_d_ops+0x100/0x100
[ 58.949339][ T5034] truncate_setsize+0xcf/0xf0
[ 58.954006][ T5034] btrfs_setattr+0x622/0x11b0
[ 58.958669][ T5034] ? smack_inode_setattr+0x1cd/0x260
[ 58.963956][ T5034] ? btrfs_permission+0x1b0/0x1b0
[ 58.968978][ T5034] ? current_time+0x1be/0x300
[ 58.973652][ T5034] ? atime_needs_update+0x6d0/0x6d0
[ 58.978848][ T5034] ? evm_inode_setattr+0x100/0x740
[ 58.983955][ T5034] ? bpf_lsm_inode_setattr+0x9/0x10
[ 58.989146][ T5034] ? security_inode_setattr+0xd7/0x130
[ 58.994598][ T5034] ? btrfs_permission+0x1b0/0x1b0
[ 58.999612][ T5034] notify_change+0xc8b/0xf40
[ 59.004196][ T5034] do_truncate+0x220/0x300
[ 59.008607][ T5034] ? put_page_bootmem+0x2e0/0x2e0
[ 59.013623][ T5034] ? print_irqtrace_events+0x220/0x220
[ 59.019074][ T5034] do_sys_ftruncate+0x2e4/0x380
[ 59.023913][ T5034] do_syscall_64+0x41/0xc0
[ 59.028318][ T5034] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 59.034203][ T5034] RIP: 0033:0x7f17f7b5ead9
[ 59.038611][ T5034] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 59.058204][ T5034] RSP: 002b:00007ffe745448b8 EFLAGS: 00000246 ORIG_RAX: 000000000000004d
[ 59.066612][ T5034] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f17f7b5ead9
[ 59.074573][ T5034] RDX: 00000000000008e0 RSI: 0000000000000000 RDI: 0000000000000005
[ 59.082529][ T5034] RBP: 00007ffe745448e0 R08: 0000000000000001 R09: 00007ffe745448f0
[ 59.090485][ T5034] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[ 59.098441][ T5034] R13: 00007ffe74544920 R14: 00007ffe74544900 R15: 0000000000000002
[ 59.106406][ T5034]
[ 59.109413][ T5034] Modules linked in:
[ 59.113437][ T5034] ---[ end trace 0000000000000000 ]---
[ 59.118892][ T5034] RIP: 0010:clear_state_bit+0x328/0x330
[ 59.124470][ T5034] Code: 34 fe e9 9a fd ff ff 44 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c c7 fe ff ff 4c 89 ef e8 52 84 34 fe e9 ba fe ff ff e8 58 a1 dc fd <0f> 0b 66 0f 1f 44 00 00 f3 0f 1e fa 55 48 89 e5 41 57 41 56 41 55
[ 59.144118][ T5034] RSP: 0018:ffffc90003cdf450 EFLAGS: 00010293
[ 59.150176][ T5034] RAX: ffffffff83aee398 RBX: 00000000fffffff4 RCX: ffff88801f69bb80
[ 59.158179][ T5034] RDX: 0000000000000000 RSI: 00000000fffffff4 RDI: 0000000000000000
[ 59.166276][ T5034] RBP: 0000000000000000 R08: ffffffff83aee1c3 R09: fffffbfff1a0390b
[ 59.174285][ T5034] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff88807c624d80
[ 59.182295][ T5034] R13: ffffc90003cdf658 R14: 0000000000000800 R15: dffffc0000000000
[ 59.190272][ T5034] FS: 00005555562f4300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[ 59.199322][ T5034] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 59.205953][ T5034] CR2: 0000000020009000 CR3: 0000000029eab000 CR4: 00000000003506f0
[ 59.213963][ T5034] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 59.221995][ T5034] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 59.229975][ T5034] Kernel panic - not syncing: Fatal exception
[ 59.236245][ T5034] Kernel Offset: disabled
[ 59.240565][ T5034] Rebooting in 86400 seconds..