./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2689006266
<...>
Warning: Permanently added '10.128.0.130' (ECDSA) to the list of known hosts.
execve("./syz-executor2689006266", ["./syz-executor2689006266"], 0x7ffdb720a720 /* 10 vars */) = 0
brk(NULL) = 0x5555570b6000
brk(0x5555570b6c40) = 0x5555570b6c40
arch_prctl(ARCH_SET_FS, 0x5555570b6300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor2689006266", 4096) = 28
brk(0x5555570d7c40) = 0x5555570d7c40
brk(0x5555570d8000) = 0x5555570d8000
mprotect(0x7f4eceb1b000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
getpid() = 5070
mkdir("./syzkaller.Kza8CB", 0700) = 0
chmod("./syzkaller.Kza8CB", 0777) = 0
chdir("./syzkaller.Kza8CB") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570b65d0) = 5071
./strace-static-x86_64: Process 5071 attached
[pid 5071] chdir("./0") = 0
[pid 5071] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5071] setpgid(0, 0) = 0
[pid 5071] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5071] write(3, "1000", 4) = 4
[pid 5071] close(3) = 0
[pid 5071] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5071] memfd_create("syzkaller", 0) = 3
[pid 5071] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4ec665a000
syzkaller login: [ 65.061088][ T5071] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5071 'syz-executor268'
[pid 5071] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5071] munmap(0x7f4ec665a000, 16777216) = 0
[pid 5071] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5071] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5071] close(3) = 0
[pid 5071] mkdir("./file0", 0777) = 0
[ 65.247311][ T5071] loop0: detected capacity change from 0 to 32768
[ 65.261677][ T5071] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz-executor268 (5071)
[ 65.282957][ T5071] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[pid 5071] mount("/dev/loop0", "./file0", "btrfs", MS_NODEV, "enospc_debug,nodatacow,subvolid=0x0000000000000005,nodatacow,") = 0
[pid 5071] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5071] chdir("./file0") = 0
[pid 5071] ioctl(4, LOOP_CLR_FD) = 0
[pid 5071] close(4) = 0
[pid 5071] openat(AT_FDCWD, "cpuacct.usage_percpu", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 5071] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5071] write(5, "7", 1) = 1
[pid 5071] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = -1 ENOMEM (Cannot allocate memory)
[pid 5071] exit_group(0) = ?
[ 65.291748][ T5071] BTRFS info (device loop0): setting nodatacow, compression disabled
[ 65.300204][ T5071] BTRFS info (device loop0): using free space tree
[ 65.328141][ T5071] BTRFS info (device loop0): enabling ssd optimizations
[ 65.335281][ T5071] BTRFS info (device loop0): auto enabling async discard
[pid 5071] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5071, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=21 /* 0.21 s */} ---
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555570b7620 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./0/binderfs") = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555570bf660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555570bf660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./0/file0") = 0
getdents64(3, 0x5555570b7620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./0") = 0
mkdir("./1", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5100 attached
, child_tidptr=0x5555570b65d0) = 5100
[pid 5100] chdir("./1") = 0
[pid 5100] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5100] setpgid(0, 0) = 0
[pid 5100] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5100] write(3, "1000", 4) = 4
[pid 5100] close(3) = 0
[pid 5100] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5100] memfd_create("syzkaller", 0) = 3
[pid 5100] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4ec665a000
[pid 5100] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5100] munmap(0x7f4ec665a000, 16777216) = 0
[pid 5100] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5100] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5100] close(3) = 0
[pid 5100] mkdir("./file0", 0777) = 0
[ 65.828256][ T5100] loop0: detected capacity change from 0 to 32768
[ 65.839274][ T5100] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz-executor268 (5100)
[ 65.856260][ T5100] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 65.865603][ T5100] BTRFS info (device loop0): setting nodatacow, compression disabled
[pid 5100] mount("/dev/loop0", "./file0", "btrfs", MS_NODEV, "enospc_debug,nodatacow,subvolid=0x0000000000000005,nodatacow,") = 0
[pid 5100] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5100] chdir("./file0") = 0
[pid 5100] ioctl(4, LOOP_CLR_FD) = 0
[pid 5100] close(4) = 0
[ 65.874365][ T5100] BTRFS info (device loop0): using free space tree
[ 65.896160][ T5100] BTRFS info (device loop0): enabling ssd optimizations
[ 65.903365][ T5100] BTRFS info (device loop0): auto enabling async discard
[pid 5100] openat(AT_FDCWD, "cpuacct.usage_percpu", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 5100] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5100] write(5, "7", 1) = 1
[pid 5100] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 5100] exit_group(0) = ?
[pid 5100] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5100, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=23 /* 0.23 s */} ---
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 65.939490][ T5100] ERROR: Out of memory at tomoyo_memory_ok.
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555570b7620 /* 4 entries */, 32768) = 112
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./1/binderfs") = 0
[ 66.024378][ T9] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555570bf660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555570bf660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./1/file0") = 0
getdents64(3, 0x5555570b7620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./1") = 0
mkdir("./2", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570b65d0) = 5119
./strace-static-x86_64: Process 5119 attached
[pid 5119] chdir("./2") = 0
[pid 5119] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5119] setpgid(0, 0) = 0
[pid 5119] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5119] write(3, "1000", 4) = 4
[pid 5119] close(3) = 0
[pid 5119] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5119] memfd_create("syzkaller", 0) = 3
[pid 5119] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4ec665a000
[pid 5119] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5119] munmap(0x7f4ec665a000, 16777216) = 0
[pid 5119] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5119] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5119] close(3) = 0
[pid 5119] mkdir("./file0", 0777) = 0
[ 66.382534][ T5119] loop0: detected capacity change from 0 to 32768
[ 66.393679][ T5119] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz-executor268 (5119)
[ 66.408637][ T5119] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 66.417553][ T5119] BTRFS info (device loop0): setting nodatacow, compression disabled
[ 66.425824][ T5119] BTRFS info (device loop0): using free space tree
[pid 5119] mount("/dev/loop0", "./file0", "btrfs", MS_NODEV, "enospc_debug,nodatacow,subvolid=0x0000000000000005,nodatacow,") = 0
[pid 5119] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5119] chdir("./file0") = 0
[pid 5119] ioctl(4, LOOP_CLR_FD) = 0
[pid 5119] close(4) = 0
[pid 5119] openat(AT_FDCWD, "cpuacct.usage_percpu", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 5119] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5119] write(5, "7", 1) = 1
[ 66.447290][ T5119] BTRFS info (device loop0): enabling ssd optimizations
[ 66.454386][ T5119] BTRFS info (device loop0): auto enabling async discard
[ 66.477654][ T5119] FAULT_INJECTION: forcing a failure.
[ 66.477654][ T5119] name failslab, interval 1, probability 0, space 0, times 0
[ 66.490912][ T5119] CPU: 1 PID: 5119 Comm: syz-executor268 Not tainted 6.3.0-rc2-syzkaller-00363-g478a351ce0d6 #0
[ 66.501381][ T5119] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 66.511581][ T5119] Call Trace:
[ 66.514893][ T5119]
[ 66.517862][ T5119] dump_stack_lvl+0x1e7/0x2d0
[ 66.522611][ T5119] ? nf_tcp_handle_invalid+0x650/0x650
[ 66.528117][ T5119] ? panic+0x770/0x770
[ 66.532229][ T5119] ? __might_sleep+0xc0/0xc0
[ 66.536868][ T5119] should_fail_ex+0x3aa/0x4e0
[ 66.541601][ T5119] should_failslab+0x9/0x20
[ 66.546147][ T5119] slab_pre_alloc_hook+0x59/0x2b0
[ 66.551229][ T5119] ? btrfs_sysfs_add_qgroups+0x127/0x3c0
[ 66.556902][ T5119] __kmem_cache_alloc_node+0x4b/0x290
[ 66.562369][ T5119] ? btrfs_sysfs_add_qgroups+0x127/0x3c0
[ 66.568051][ T5119] kmalloc_trace+0x2a/0xe0
[ 66.572524][ T5119] btrfs_sysfs_add_qgroups+0x127/0x3c0
[ 66.578023][ T5119] ? __kasan_kmalloc+0x98/0xb0
[ 66.582927][ T5119] btrfs_quota_enable+0x235/0x1f40
[ 66.588134][ T5119] ? __del_qgroup_rb+0x540/0x540
[ 66.593119][ T5119] ? read_lock_is_recursive+0x20/0x20
[ 66.598572][ T5119] ? __down_write_common+0x161/0x200
[ 66.603913][ T5119] ? clear_nonspinnable+0x60/0x60
[ 66.608997][ T5119] btrfs_ioctl_quota_ctl+0x141/0x180
[ 66.614342][ T5119] ? btrfs_ioctl_get_supported_features+0x50/0x50
[ 66.620806][ T5119] __se_sys_ioctl+0xf1/0x160
[ 66.625456][ T5119] do_syscall_64+0x41/0xc0
[ 66.629926][ T5119] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 66.635868][ T5119] RIP: 0033:0x7f4eceaa7a99
[ 66.640318][ T5119] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 66.660062][ T5119] RSP: 002b:00007ffe23239688 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 66.668532][ T5119] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f4eceaa7a99
[ 66.676558][ T5119] RDX: 0000000020000000 RSI: 00000000c0109428 RDI: 0000000000000004
[ 66.684566][ T5119] RBP: 00007ffe232396b0 R08: 0000000000000001 R09: 00007ffe232396c0
[pid 5119] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = -1 ENOMEM (Cannot allocate memory)
[pid 5119] exit_group(0) = ?
[pid 5119] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5119, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=22 /* 0.22 s */} ---
umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555570b7620 /* 4 entries */, 32768) = 112
umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./2/binderfs") = 0
[ 66.692580][ T5119] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 66.700587][ T5119] R13: 00007ffe232396f0 R14: 00007ffe232396d0 R15: 0000000000000002
[ 66.708586][ T5119]
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555570bf660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555570bf660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./2/file0") = 0
getdents64(3, 0x5555570b7620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./2") = 0
mkdir("./3", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570b65d0) = 5138
./strace-static-x86_64: Process 5138 attached
[pid 5138] chdir("./3") = 0
[pid 5138] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5138] setpgid(0, 0) = 0
[pid 5138] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5138] write(3, "1000", 4) = 4
[pid 5138] close(3) = 0
[pid 5138] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5138] memfd_create("syzkaller", 0) = 3
[pid 5138] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4ec665a000
[pid 5138] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5138] munmap(0x7f4ec665a000, 16777216) = 0
[pid 5138] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5138] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5138] close(3) = 0
[pid 5138] mkdir("./file0", 0777) = 0
[ 67.066896][ T5138] loop0: detected capacity change from 0 to 32768
[ 67.078329][ T5138] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz-executor268 (5138)
[ 67.094818][ T5138] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 67.103565][ T5138] BTRFS info (device loop0): setting nodatacow, compression disabled
[pid 5138] mount("/dev/loop0", "./file0", "btrfs", MS_NODEV, "enospc_debug,nodatacow,subvolid=0x0000000000000005,nodatacow,") = 0
[pid 5138] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5138] chdir("./file0") = 0
[pid 5138] ioctl(4, LOOP_CLR_FD) = 0
[pid 5138] close(4) = 0
[pid 5138] openat(AT_FDCWD, "cpuacct.usage_percpu", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 5138] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5138] write(5, "7", 1) = 1
[ 67.111682][ T5138] BTRFS info (device loop0): using free space tree
[ 67.132470][ T5138] BTRFS info (device loop0): enabling ssd optimizations
[ 67.139482][ T5138] BTRFS info (device loop0): auto enabling async discard
[ 67.174930][ T5138] FAULT_INJECTION: forcing a failure.
[ 67.174930][ T5138] name failslab, interval 1, probability 0, space 0, times 0
[ 67.188192][ T5138] CPU: 0 PID: 5138 Comm: syz-executor268 Not tainted 6.3.0-rc2-syzkaller-00363-g478a351ce0d6 #0
[ 67.198744][ T5138] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 67.208845][ T5138] Call Trace:
[ 67.212191][ T5138]
[ 67.215157][ T5138] dump_stack_lvl+0x1e7/0x2d0
[ 67.219886][ T5138] ? nf_tcp_handle_invalid+0x650/0x650
[ 67.225397][ T5138] ? panic+0x770/0x770
[ 67.229521][ T5138] ? __might_sleep+0xc0/0xc0
[ 67.234157][ T5138] ? unwind_next_frame+0x19a7/0x2180
[ 67.239487][ T5138] should_fail_ex+0x3aa/0x4e0
[ 67.244228][ T5138] should_failslab+0x9/0x20
[ 67.248772][ T5138] slab_pre_alloc_hook+0x59/0x2b0
[ 67.253935][ T5138] ? is_bpf_text_address+0x253/0x270
[ 67.259289][ T5138] kmem_cache_alloc+0x52/0x2e0
[ 67.264122][ T5138] ? __kernfs_new_node+0xdf/0x740
[ 67.269212][ T5138] __kernfs_new_node+0xdf/0x740
[ 67.274133][ T5138] ? kernfs_new_node+0x170/0x170
[ 67.279113][ T5138] ? stack_trace_save+0x117/0x1c0
[ 67.284179][ T5138] ? stack_trace_snprint+0xf0/0xf0
[ 67.289366][ T5138] ? __stack_depot_save+0x20/0x650
[ 67.294529][ T5138] kernfs_create_dir_ns+0x94/0x230
[ 67.299664][ T5138] sysfs_create_dir_ns+0x189/0x390
[ 67.304797][ T5138] ? sysfs_warn_dup+0xa0/0xa0
[ 67.309517][ T5138] kobject_add_internal+0x6df/0xd20
[ 67.314776][ T5138] ? kfree+0x31/0x1a0
[ 67.318781][ T5138] kobject_init_and_add+0x124/0x190
[ 67.324086][ T5138] ? kobject_add+0x210/0x210
[ 67.328719][ T5138] btrfs_sysfs_add_qgroups+0x171/0x3c0
[ 67.334187][ T5138] ? __kasan_kmalloc+0x98/0xb0
[ 67.339057][ T5138] btrfs_quota_enable+0x235/0x1f40
[ 67.344199][ T5138] ? __del_qgroup_rb+0x540/0x540
[ 67.349149][ T5138] ? read_lock_is_recursive+0x20/0x20
[ 67.354549][ T5138] ? __down_write_common+0x161/0x200
[ 67.359865][ T5138] ? clear_nonspinnable+0x60/0x60
[ 67.364914][ T5138] btrfs_ioctl_quota_ctl+0x141/0x180
[ 67.370211][ T5138] ? btrfs_ioctl_get_supported_features+0x50/0x50
[ 67.376640][ T5138] __se_sys_ioctl+0xf1/0x160
[ 67.381250][ T5138] do_syscall_64+0x41/0xc0
[ 67.385696][ T5138] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 67.391608][ T5138] RIP: 0033:0x7f4eceaa7a99
[ 67.396034][ T5138] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 67.415747][ T5138] RSP: 002b:00007ffe23239688 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 67.424175][ T5138] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f4eceaa7a99
[ 67.432157][ T5138] RDX: 0000000020000000 RSI: 00000000c0109428 RDI: 0000000000000004
[ 67.440137][ T5138] RBP: 00007ffe232396b0 R08: 0000000000000001 R09: 00007ffe232396c0
[ 67.448155][ T5138] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 67.456145][ T5138] R13: 00007ffe232396f0 R14: 00007ffe232396d0 R15: 0000000000000003
[ 67.464141][ T5138]
[ 67.473404][ T5138] kobject_add_internal failed for qgroups (error: -12 parent: 395ef67a-297e-477c-816d-cd80a5b93e5d)
[ 67.485214][ T5138] ------------[ cut here ]------------
[ 67.490745][ T5138] kernfs: can not remove 'enabled', no directory
[ 67.498168][ T5138] WARNING: CPU: 0 PID: 5138 at fs/kernfs/dir.c:1649 kernfs_remove_by_name_ns+0xf8/0x150
[ 67.508015][ T5138] Modules linked in:
[ 67.511939][ T5138] CPU: 0 PID: 5138 Comm: syz-executor268 Not tainted 6.3.0-rc2-syzkaller-00363-g478a351ce0d6 #0
[ 67.522414][ T5138] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 67.532514][ T5138] RIP: 0010:kernfs_remove_by_name_ns+0xf8/0x150
[ 67.538796][ T5138] Code: ff 03 48 89 df e8 d8 ef ff ff 48 89 df e8 70 94 ff ff 31 db eb 27 e8 87 8b 72 ff 48 c7 c7 80 97 f9 8a 4c 89 e6 e8 08 99 3a ff <0f> 0b bb fe ff ff ff eb 12 e8 6a 8b 72 ff bb fe ff ff ff 4c 89 f7
[ 67.558455][ T5138] RSP: 0018:ffffc9000445fb00 EFLAGS: 00010246
[ 67.564592][ T5138] RAX: c28c2635b6629a00 RBX: ffffffff8d44b1a0 RCX: ffff888028b1ba80
[ 67.572647][ T5138] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[ 67.580631][ T5138] RBP: dffffc0000000000 R08: ffffffff81527d42 R09: fffff5200088bed9
[ 67.588666][ T5138] R10: 0000000000000000 R11: dffffc0000000001 R12: ffffffff8b2a3860
[ 67.596707][ T5138] R13: 0000000000000000 R14: ffffffff8b2a3800 R15: 0000000000000000
[ 67.604748][ T5138] FS: 00005555570b6300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[ 67.613764][ T5138] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 67.620384][ T5138] CR2: 00007f4eceb1f138 CR3: 0000000077306000 CR4: 00000000003506f0
[ 67.628423][ T5138] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 67.636470][ T5138] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 67.644870][ T5138] Call Trace:
[ 67.648173][ T5138]
[ 67.651116][ T5138] sysfs_remove_group+0xfe/0x2a0
[ 67.656139][ T5138] sysfs_remove_groups+0x54/0xa0
[ 67.661124][ T5138] __kobject_del+0x84/0x310
[ 67.665769][ T5138] kobject_del+0x45/0x60
[ 67.670071][ T5138] btrfs_sysfs_del_qgroups+0x1cd/0x230
[ 67.675624][ T5138] btrfs_sysfs_add_qgroups+0x392/0x3c0
[ 67.681113][ T5138] ? __kasan_kmalloc+0x98/0xb0
[ 67.685977][ T5138] btrfs_quota_enable+0x235/0x1f40
[ 67.691140][ T5138] ? __del_qgroup_rb+0x540/0x540
[ 67.696158][ T5138] ? read_lock_is_recursive+0x20/0x20
[ 67.701565][ T5138] ? __down_write_common+0x161/0x200
[ 67.706919][ T5138] ? clear_nonspinnable+0x60/0x60
[ 67.712020][ T5138] btrfs_ioctl_quota_ctl+0x141/0x180
[ 67.717395][ T5138] ? btrfs_ioctl_get_supported_features+0x50/0x50
[ 67.723968][ T5138] __se_sys_ioctl+0xf1/0x160
[ 67.728586][ T5138] do_syscall_64+0x41/0xc0
[ 67.733094][ T5138] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 67.739021][ T5138] RIP: 0033:0x7f4eceaa7a99
[ 67.743493][ T5138] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 67.763278][ T5138] RSP: 002b:00007ffe23239688 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 67.771759][ T5138] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f4eceaa7a99
[ 67.779854][ T5138] RDX: 0000000020000000 RSI: 00000000c0109428 RDI: 0000000000000004
[ 67.787910][ T5138] RBP: 00007ffe232396b0 R08: 0000000000000001 R09: 00007ffe232396c0
[ 67.795986][ T5138] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 67.804033][ T5138] R13: 00007ffe232396f0 R14: 00007ffe232396d0 R15: 0000000000000003
[ 67.812139][ T5138]
[ 67.815189][ T5138] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 67.822474][ T5138] CPU: 0 PID: 5138 Comm: syz-executor268 Not tainted 6.3.0-rc2-syzkaller-00363-g478a351ce0d6 #0
[ 67.832916][ T5138] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 67.842984][ T5138] Call Trace:
[ 67.846328][ T5138]
[ 67.849279][ T5138] dump_stack_lvl+0x1e7/0x2d0
[ 67.853983][ T5138] ? nf_tcp_handle_invalid+0x650/0x650
[ 67.859482][ T5138] ? panic+0x770/0x770
[ 67.863597][ T5138] ? vscnprintf+0x5d/0x80
[ 67.867980][ T5138] panic+0x31c/0x770
[ 67.871928][ T5138] ? __warn+0x171/0x4a0
[ 67.876103][ T5138] ? memcpy_page_flushcache+0x100/0x100
[ 67.881671][ T5138] __warn+0x314/0x4a0
[ 67.885676][ T5138] ? kernfs_remove_by_name_ns+0xf8/0x150
[ 67.891365][ T5138] report_bug+0x2b3/0x500
[ 67.895727][ T5138] ? kernfs_remove_by_name_ns+0xf8/0x150
[ 67.901419][ T5138] handle_bug+0x3d/0x70
[ 67.905601][ T5138] exc_invalid_op+0x1a/0x50
[ 67.910131][ T5138] asm_exc_invalid_op+0x1a/0x20
[ 67.915010][ T5138] RIP: 0010:kernfs_remove_by_name_ns+0xf8/0x150
[ 67.921269][ T5138] Code: ff 03 48 89 df e8 d8 ef ff ff 48 89 df e8 70 94 ff ff 31 db eb 27 e8 87 8b 72 ff 48 c7 c7 80 97 f9 8a 4c 89 e6 e8 08 99 3a ff <0f> 0b bb fe ff ff ff eb 12 e8 6a 8b 72 ff bb fe ff ff ff 4c 89 f7
[ 67.940909][ T5138] RSP: 0018:ffffc9000445fb00 EFLAGS: 00010246
[ 67.947006][ T5138] RAX: c28c2635b6629a00 RBX: ffffffff8d44b1a0 RCX: ffff888028b1ba80
[ 67.955015][ T5138] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[ 67.963019][ T5138] RBP: dffffc0000000000 R08: ffffffff81527d42 R09: fffff5200088bed9
[ 67.971019][ T5138] R10: 0000000000000000 R11: dffffc0000000001 R12: ffffffff8b2a3860
[ 67.979038][ T5138] R13: 0000000000000000 R14: ffffffff8b2a3800 R15: 0000000000000000
[ 67.987141][ T5138] ? __warn_printk+0x292/0x360
[ 67.991955][ T5138] sysfs_remove_group+0xfe/0x2a0
[ 67.996911][ T5138] sysfs_remove_groups+0x54/0xa0
[ 68.001867][ T5138] __kobject_del+0x84/0x310
[ 68.006393][ T5138] kobject_del+0x45/0x60
[ 68.010649][ T5138] btrfs_sysfs_del_qgroups+0x1cd/0x230
[ 68.016124][ T5138] btrfs_sysfs_add_qgroups+0x392/0x3c0
[ 68.021711][ T5138] ? __kasan_kmalloc+0x98/0xb0
[ 68.026512][ T5138] btrfs_quota_enable+0x235/0x1f40
[ 68.032025][ T5138] ? __del_qgroup_rb+0x540/0x540
[ 68.037155][ T5138] ? read_lock_is_recursive+0x20/0x20
[ 68.042983][ T5138] ? __down_write_common+0x161/0x200
[ 68.048303][ T5138] ? clear_nonspinnable+0x60/0x60
[ 68.053530][ T5138] btrfs_ioctl_quota_ctl+0x141/0x180
[ 68.058832][ T5138] ? btrfs_ioctl_get_supported_features+0x50/0x50
[ 68.065268][ T5138] __se_sys_ioctl+0xf1/0x160
[ 68.069968][ T5138] do_syscall_64+0x41/0xc0
[ 68.074513][ T5138] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 68.080437][ T5138] RIP: 0033:0x7f4eceaa7a99
[ 68.084888][ T5138] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 68.104537][ T5138] RSP: 002b:00007ffe23239688 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 68.112977][ T5138] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f4eceaa7a99
[ 68.120986][ T5138] RDX: 0000000020000000 RSI: 00000000c0109428 RDI: 0000000000000004
[ 68.128967][ T5138] RBP: 00007ffe232396b0 R08: 0000000000000001 R09: 00007ffe232396c0
[ 68.137067][ T5138] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 68.145073][ T5138] R13: 00007ffe232396f0 R14: 00007ffe232396d0 R15: 0000000000000003
[ 68.153091][ T5138]
[ 68.156314][ T5138] Kernel Offset: disabled
[ 68.160769][ T5138] Rebooting in 86400 seconds..