./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2453064605
<...>
Warning: Permanently added '10.128.0.198' (ECDSA) to the list of known hosts.
execve("./syz-executor2453064605", ["./syz-executor2453064605"], 0x7ffd38043a30 /* 10 vars */) = 0
brk(NULL) = 0x555555c3e000
brk(0x555555c3ec40) = 0x555555c3ec40
arch_prctl(ARCH_SET_FS, 0x555555c3e300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor2453064605", 4096) = 28
brk(0x555555c5fc40) = 0x555555c5fc40
brk(0x555555c60000) = 0x555555c60000
mprotect(0x7f5574c3a000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
getpid() = 5079
mkdir("./syzkaller.QnTCFh", 0700) = 0
chmod("./syzkaller.QnTCFh", 0777) = 0
chdir("./syzkaller.QnTCFh") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5081 attached
, child_tidptr=0x555555c3e5d0) = 5081
[pid 5081] chdir("./0") = 0
[pid 5081] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5081] setpgid(0, 0) = 0
[pid 5081] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5081] write(3, "1000", 4) = 4
[pid 5081] close(3) = 0
[pid 5081] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5081] memfd_create("syzkaller", 0) = 3
[pid 5081] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f556c775000
[ 52.275613][ T5081] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5081 'syz-executor245'
[pid 5081] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216) = 16777216
[pid 5081] munmap(0x7f556c775000, 16777216) = 0
[pid 5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5081] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5081] close(3) = 0
[pid 5081] mkdir("./file0", 0777) = 0
[ 52.477579][ T5081] loop0: detected capacity change from 0 to 32768
[ 52.488230][ T5081] XFS: ikeep mount option is deprecated.
[ 52.502753][ T5081] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[pid 5081] mount("/dev/loop0", "./file0", "xfs", MS_SYNCHRONOUS|MS_SILENT, "gqnoenforce,pqnoenforce,ikeep,,nouuid") = 0
[pid 5081] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5081] chdir("./file0") = 0
[pid 5081] ioctl(4, LOOP_CLR_FD) = 0
[pid 5081] close(4) = 0
[pid 5081] open("./file0", O_RDONLY) = 4
[pid 5081] dup2(4, 4) = 4
[pid 5081] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5081] write(5, "7", 1) = 1
[ 52.529223][ T5081] XFS (loop0): Ending clean mount
[ 52.538118][ T5081] XFS (loop0): Quotacheck needed: Please wait.
[ 52.558729][ T5081] XFS (loop0): Quotacheck: Done.
[ 52.580927][ T5081] FAULT_INJECTION: forcing a failure.
[ 52.580927][ T5081] name fail_usercopy, interval 1, probability 0, space 0, times 1
[ 52.594866][ T5081] CPU: 0 PID: 5081 Comm: syz-executor245 Not tainted 6.2.0-rc3-next-20230111-syzkaller #0
[ 52.604799][ T5081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 52.614856][ T5081] Call Trace:
[ 52.618137][ T5081]
[ 52.621063][ T5081] dump_stack_lvl+0xd1/0x138
[ 52.625670][ T5081] should_fail_ex.cold+0x5/0xa
[ 52.630433][ T5081] _copy_from_user+0x2e/0x170
[ 52.635106][ T5081] do_vfs_ioctl+0x10d8/0x15b0
[ 52.639785][ T5081] ? vfs_fileattr_set+0xc40/0xc40
[ 52.644823][ T5081] ? find_held_lock+0x2d/0x110
[ 52.649588][ T5081] ? do_one_initcall+0x402/0x7d0
[ 52.654520][ T5081] ? lock_downgrade+0x6e0/0x6e0
[ 52.659367][ T5081] ? bpf_lsm_file_ioctl+0x9/0x10
[ 52.664302][ T5081] __x64_sys_ioctl+0x10c/0x210
[ 52.669058][ T5081] do_syscall_64+0x39/0xb0
[ 52.673463][ T5081] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 52.679349][ T5081] RIP: 0033:0x7f5574bc2a79
[ 52.683754][ T5081] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 52.703353][ T5081] RSP: 002b:00007ffd69c7c5b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 52.711754][ T5081] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f5574bc2a79
[ 52.719726][ T5081] RDX: 0000000020000140 RSI: 00000000401c5820 RDI: 0000000000000004
[pid 5081] ioctl(4, FS_IOC_FSSETXATTR, {fsx_xflags=0, fsx_extsize=0, fsx_projid=0xfffffffe, fsx_cowextsize=0}) = -1 EFAULT (Bad address)
[pid 5081] exit_group(0) = ?
[pid 5081] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5081, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=20 /* 0.20 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555c3f620 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./0/binderfs") = 0
[ 52.727684][ T5081] RBP: 00007ffd69c7c5e0 R08: 0000000000000001 R09: 00007ffd69c7c5f0
[ 52.735642][ T5081] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 52.743607][ T5081] R13: 00007ffd69c7c620 R14: 00007ffd69c7c600 R15: 0000000000000000
[ 52.751575][ T5081]
[ 52.767762][ T5079] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555c47660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555c47660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./0/file0") = 0
getdents64(3, 0x555555c3f620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./0") = 0
mkdir("./1", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c3e5d0) = 5090
./strace-static-x86_64: Process 5090 attached
[pid 5090] chdir("./1") = 0
[pid 5090] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5090] setpgid(0, 0) = 0
[pid 5090] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5090] write(3, "1000", 4) = 4
[pid 5090] close(3) = 0
[pid 5090] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5090] memfd_create("syzkaller", 0) = 3
[pid 5090] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f556c775000
[pid 5090] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216) = 16777216
[pid 5090] munmap(0x7f556c775000, 16777216) = 0
[pid 5090] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5090] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5090] close(3) = 0
[pid 5090] mkdir("./file0", 0777) = 0
[ 53.081544][ T5090] loop0: detected capacity change from 0 to 32768
[ 53.091613][ T5090] XFS: ikeep mount option is deprecated.
[ 53.102204][ T5090] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[pid 5090] mount("/dev/loop0", "./file0", "xfs", MS_SYNCHRONOUS|MS_SILENT, "gqnoenforce,pqnoenforce,ikeep,,nouuid") = 0
[pid 5090] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5090] chdir("./file0") = 0
[pid 5090] ioctl(4, LOOP_CLR_FD) = 0
[pid 5090] close(4) = 0
[pid 5090] open("./file0", O_RDONLY) = 4
[pid 5090] dup2(4, 4) = 4
[pid 5090] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[ 53.128041][ T5090] XFS (loop0): Ending clean mount
[ 53.135764][ T5090] XFS (loop0): Quotacheck needed: Please wait.
[ 53.157612][ T5090] XFS (loop0): Quotacheck: Done.
[pid 5090] write(5, "7", 1) = 1
[ 53.193177][ T5090] FAULT_INJECTION: forcing a failure.
[ 53.193177][ T5090] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 53.207517][ T5090] CPU: 1 PID: 5090 Comm: syz-executor245 Not tainted 6.2.0-rc3-next-20230111-syzkaller #0
[ 53.217457][ T5090] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 53.227540][ T5090] Call Trace:
[ 53.230817][ T5090]
[ 53.233739][ T5090] dump_stack_lvl+0xd1/0x138
[ 53.238328][ T5090] should_fail_ex.cold+0x5/0xa
[ 53.243087][ T5090] _copy_from_user+0x2e/0x170
[ 53.247758][ T5090] do_vfs_ioctl+0x10d8/0x15b0
[ 53.252429][ T5090] ? vfs_fileattr_set+0xc40/0xc40
[ 53.257457][ T5090] ? find_held_lock+0x2d/0x110
[ 53.262230][ T5090] ? do_one_initcall+0x402/0x7d0
[ 53.267160][ T5090] ? lock_downgrade+0x6e0/0x6e0
[ 53.272006][ T5090] ? bpf_lsm_file_ioctl+0x9/0x10
[ 53.276941][ T5090] __x64_sys_ioctl+0x10c/0x210
[ 53.281708][ T5090] do_syscall_64+0x39/0xb0
[ 53.286115][ T5090] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 53.292003][ T5090] RIP: 0033:0x7f5574bc2a79
[ 53.296409][ T5090] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 53.316021][ T5090] RSP: 002b:00007ffd69c7c5b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 53.324456][ T5090] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f5574bc2a79
[ 53.332434][ T5090] RDX: 0000000020000140 RSI: 00000000401c5820 RDI: 0000000000000004
[pid 5090] ioctl(4, FS_IOC_FSSETXATTR, {fsx_xflags=0, fsx_extsize=0, fsx_projid=0xfffffffe, fsx_cowextsize=0}) = -1 EFAULT (Bad address)
[pid 5090] exit_group(0) = ?
[pid 5090] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5090, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=20 /* 0.20 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555c3f620 /* 4 entries */, 32768) = 112
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./1/binderfs") = 0
[ 53.340407][ T5090] RBP: 00007ffd69c7c5e0 R08: 0000000000000001 R09: 00007ffd69c7c5f0
[ 53.348643][ T5090] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 53.356626][ T5090] R13: 00007ffd69c7c620 R14: 00007ffd69c7c600 R15: 0000000000000001
[ 53.364619][ T5090]
[ 53.380667][ T5079] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555c47660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555c47660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./1/file0") = 0
getdents64(3, 0x555555c3f620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./1") = 0
mkdir("./2", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5099 attached
, child_tidptr=0x555555c3e5d0) = 5099
[pid 5099] chdir("./2") = 0
[pid 5099] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5099] setpgid(0, 0) = 0
[pid 5099] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5099] write(3, "1000", 4) = 4
[pid 5099] close(3) = 0
[pid 5099] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5099] memfd_create("syzkaller", 0) = 3
[pid 5099] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f556c775000
[pid 5099] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216) = 16777216
[pid 5099] munmap(0x7f556c775000, 16777216) = 0
[pid 5099] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5099] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5099] close(3) = 0
[pid 5099] mkdir("./file0", 0777) = 0
[ 53.677848][ T5099] loop0: detected capacity change from 0 to 32768
[ 53.689280][ T5099] XFS: ikeep mount option is deprecated.
[ 53.700064][ T5099] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[pid 5099] mount("/dev/loop0", "./file0", "xfs", MS_SYNCHRONOUS|MS_SILENT, "gqnoenforce,pqnoenforce,ikeep,,nouuid") = 0
[pid 5099] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5099] chdir("./file0") = 0
[pid 5099] ioctl(4, LOOP_CLR_FD) = 0
[pid 5099] close(4) = 0
[pid 5099] open("./file0", O_RDONLY) = 4
[pid 5099] dup2(4, 4) = 4
[pid 5099] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5099] write(5, "7", 1) = 1
[pid 5099] ioctl(4, FS_IOC_FSSETXATTR, {fsx_xflags=0, fsx_extsize=0, fsx_projid=0xfffffffe, fsx_cowextsize=0}) = 0
[pid 5099] exit_group(0) = ?
[pid 5099] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5099, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=20 /* 0.20 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555c3f620 /* 4 entries */, 32768) = 112
umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./2/binderfs") = 0
[ 53.727252][ T5099] XFS (loop0): Ending clean mount
[ 53.735472][ T5099] XFS (loop0): Quotacheck needed: Please wait.
[ 53.757505][ T5099] XFS (loop0): Quotacheck: Done.
[ 53.787441][ T5079] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555c47660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555c47660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./2/file0") = 0
getdents64(3, 0x555555c3f620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./2") = 0
mkdir("./3", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c3e5d0) = 5108
./strace-static-x86_64: Process 5108 attached
[pid 5108] chdir("./3") = 0
[pid 5108] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5108] setpgid(0, 0) = 0
[pid 5108] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5108] write(3, "1000", 4) = 4
[pid 5108] close(3) = 0
[pid 5108] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5108] memfd_create("syzkaller", 0) = 3
[pid 5108] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f556c775000
[pid 5108] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216) = 16777216
[pid 5108] munmap(0x7f556c775000, 16777216) = 0
[pid 5108] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5108] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5108] close(3) = 0
[pid 5108] mkdir("./file0", 0777) = 0
[ 54.101808][ T5108] loop0: detected capacity change from 0 to 32768
[ 54.110787][ T5108] XFS: ikeep mount option is deprecated.
[ 54.120855][ T5108] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[pid 5108] mount("/dev/loop0", "./file0", "xfs", MS_SYNCHRONOUS|MS_SILENT, "gqnoenforce,pqnoenforce,ikeep,,nouuid") = 0
[pid 5108] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5108] chdir("./file0") = 0
[pid 5108] ioctl(4, LOOP_CLR_FD) = 0
[pid 5108] close(4) = 0
[pid 5108] open("./file0", O_RDONLY) = 4
[pid 5108] dup2(4, 4) = 4
[pid 5108] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5108] write(5, "7", 1) = 1
[ 54.147787][ T5108] XFS (loop0): Ending clean mount
[ 54.155122][ T5108] XFS (loop0): Quotacheck needed: Please wait.
[ 54.172033][ T5108] XFS (loop0): Quotacheck: Done.
[ 54.198723][ T5108] FAULT_INJECTION: forcing a failure.
[ 54.198723][ T5108] name failslab, interval 1, probability 0, space 0, times 0
[ 54.212467][ T5108] CPU: 1 PID: 5108 Comm: syz-executor245 Not tainted 6.2.0-rc3-next-20230111-syzkaller #0
[ 54.222389][ T5108] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 54.232459][ T5108] Call Trace:
[ 54.235732][ T5108]
[ 54.238658][ T5108] dump_stack_lvl+0xd1/0x138
[ 54.243259][ T5108] should_fail_ex.cold+0x5/0xa
[ 54.248035][ T5108] ? radix_tree_node_alloc.constprop.0+0x7c/0x350
[ 54.254460][ T5108] should_failslab+0x9/0x20
[ 54.258970][ T5108] kmem_cache_alloc+0x5a/0x320
[ 54.263760][ T5108] ? __mutex_lock+0x231/0x1360
[ 54.268526][ T5108] radix_tree_node_alloc.constprop.0+0x7c/0x350
[ 54.274794][ T5108] radix_tree_extend+0x1a1/0x4a0
[ 54.279765][ T5108] radix_tree_insert+0x43c/0x640
[ 54.284747][ T5108] xfs_qm_dqget_cache_insert.constprop.0+0x38/0x430
[ 54.291367][ T5108] xfs_qm_dqget+0x16e/0x4b0
[ 54.295900][ T5108] ? xfs_dquot_to_disk+0x750/0x750
[ 54.301018][ T5108] ? xfs_qm_vop_dqalloc+0x785/0xfe0
[ 54.306230][ T5108] ? rcu_read_lock_sched_held+0x3e/0x70
[ 54.311814][ T5108] xfs_qm_vop_dqalloc+0x7a2/0xfe0
[ 54.316869][ T5108] ? xfs_qm_mount_quotas+0x690/0x690
[ 54.322165][ T5108] ? asm_sysvec_reschedule_ipi+0x1a/0x20
[ 54.327808][ T5108] xfs_fileattr_set+0x69e/0x20c0
[ 54.332759][ T5108] ? xfs_fileattr_get+0xd0/0xd0
[ 54.337619][ T5108] ? projid_m_show+0x220/0x220
[ 54.342391][ T5108] ? xfs_fileattr_get+0xa5/0xd0
[ 54.347254][ T5108] ? rcu_read_lock_sched_held+0x3e/0x70
[ 54.352816][ T5108] ? trace_xfs_iunlock+0x24a/0x340
[ 54.357937][ T5108] vfs_fileattr_set+0x7ff/0xc40
[ 54.362791][ T5108] ? ioctl_file_clone+0x100/0x100
[ 54.367836][ T5108] ? __mnt_want_write+0x1fe/0x2e0
[ 54.372890][ T5108] do_vfs_ioctl+0xf8d/0x15b0
[ 54.377501][ T5108] ? vfs_fileattr_set+0xc40/0xc40
[ 54.382534][ T5108] ? find_held_lock+0x2d/0x110
[ 54.387333][ T5108] ? do_one_initcall+0x402/0x7d0
[ 54.392305][ T5108] ? bpf_lsm_file_ioctl+0x9/0x10
[ 54.397260][ T5108] __x64_sys_ioctl+0x10c/0x210
[ 54.402050][ T5108] do_syscall_64+0x39/0xb0
[ 54.406470][ T5108] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 54.412370][ T5108] RIP: 0033:0x7f5574bc2a79
[ 54.416780][ T5108] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 54.436385][ T5108] RSP: 002b:00007ffd69c7c5b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 54.444796][ T5108] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f5574bc2a79
[ 54.452772][ T5108] RDX: 0000000020000140 RSI: 00000000401c5820 RDI: 0000000000000004
[ 54.460757][ T5108] RBP: 00007ffd69c7c5e0 R08: 0000000000000001 R09: 00007ffd69c7c5f0
[ 54.468732][ T5108] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 54.476703][ T5108] R13: 00007ffd69c7c620 R14: 00007ffd69c7c600 R15: 0000000000000003
[ 54.484687][ T5108]
[ 54.491306][ T5108] ------------[ cut here ]------------
[ 54.496773][ T5108] WARNING: CPU: 1 PID: 5108 at fs/xfs/xfs_dquot.c:801 xfs_qm_dqget_cache_insert.constprop.0+0x36a/0x430
[ 54.507991][ T5108] Modules linked in:
[ 54.511956][ T5108] CPU: 1 PID: 5108 Comm: syz-executor245 Not tainted 6.2.0-rc3-next-20230111-syzkaller #0
[ 54.521926][ T5108] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 54.532032][ T5108] RIP: 0010:xfs_qm_dqget_cache_insert.constprop.0+0x36a/0x430
[ 54.539526][ T5108] Code: e9 c4 fd ff ff e8 d6 2f 6b fe 0f 0b e9 1c ff ff ff e8 aa 1a b9 fe e9 59 fd ff ff e8 40 1b b9 fe e9 20 fd ff ff e8 b6 2f 6b fe <0f> 0b e9 7f fd ff ff e8 aa 2f 6b fe e8 e5 ff 53 fe 31 ff 89 c3 89
[ 54.559239][ T5108] RSP: 0018:ffffc90003e778f0 EFLAGS: 00010293
[ 54.565384][ T5108] RAX: 0000000000000000 RBX: ffff8880285a0800 RCX: 0000000000000000
[ 54.573423][ T5108] RDX: ffff88802675ba80 RSI: ffffffff8316913a RDI: 0000000000000005
[ 54.581462][ T5108] RBP: ffff8880260ee080 R08: 0000000000000005 R09: 00000000ffffffef
[ 54.589453][ T5108] R10: 00000000fffffff4 R11: 0000000000000000 R12: 00000000fffffff4
[ 54.597511][ T5108] R13: ffff8880285a08f0 R14: ffff8880285a08a0 R15: 0000000000000000
[ 54.605593][ T5108] FS: 0000555555c3e300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[ 54.614629][ T5108] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 54.621277][ T5108] CR2: 00007f5574c3e140 CR3: 0000000079dc4000 CR4: 00000000003506e0
[ 54.629285][ T5108] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 54.637307][ T5108] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 54.645364][ T5108] Call Trace:
[ 54.648651][ T5108]
[ 54.651635][ T5108] xfs_qm_dqget+0x16e/0x4b0
[ 54.656170][ T5108] ? xfs_dquot_to_disk+0x750/0x750
[ 54.661338][ T5108] ? xfs_qm_vop_dqalloc+0x785/0xfe0
[ 54.666571][ T5108] ? rcu_read_lock_sched_held+0x3e/0x70
[ 54.672190][ T5108] xfs_qm_vop_dqalloc+0x7a2/0xfe0
[ 54.677253][ T5108] ? xfs_qm_mount_quotas+0x690/0x690
[ 54.682610][ T5108] ? asm_sysvec_reschedule_ipi+0x1a/0x20
[ 54.688280][ T5108] xfs_fileattr_set+0x69e/0x20c0
[ 54.693311][ T5108] ? xfs_fileattr_get+0xd0/0xd0
[ 54.698190][ T5108] ? projid_m_show+0x220/0x220
[ 54.703063][ T5108] ? xfs_fileattr_get+0xa5/0xd0
[ 54.707948][ T5108] ? rcu_read_lock_sched_held+0x3e/0x70
[ 54.713576][ T5108] ? trace_xfs_iunlock+0x24a/0x340
[ 54.718709][ T5108] vfs_fileattr_set+0x7ff/0xc40
[ 54.723620][ T5108] ? ioctl_file_clone+0x100/0x100
[ 54.728669][ T5108] ? __mnt_want_write+0x1fe/0x2e0
[ 54.733784][ T5108] do_vfs_ioctl+0xf8d/0x15b0
[ 54.738412][ T5108] ? vfs_fileattr_set+0xc40/0xc40
[ 54.743534][ T5108] ? find_held_lock+0x2d/0x110
[ 54.748346][ T5108] ? do_one_initcall+0x402/0x7d0
[ 54.753387][ T5108] ? bpf_lsm_file_ioctl+0x9/0x10
[ 54.758445][ T5108] __x64_sys_ioctl+0x10c/0x210
[ 54.763323][ T5108] do_syscall_64+0x39/0xb0
[ 54.767769][ T5108] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 54.773742][ T5108] RIP: 0033:0x7f5574bc2a79
[ 54.778182][ T5108] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 54.797897][ T5108] RSP: 002b:00007ffd69c7c5b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 54.806369][ T5108] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f5574bc2a79
[ 54.814449][ T5108] RDX: 0000000020000140 RSI: 00000000401c5820 RDI: 0000000000000004
[ 54.822471][ T5108] RBP: 00007ffd69c7c5e0 R08: 0000000000000001 R09: 00007ffd69c7c5f0
[ 54.830511][ T5108] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 54.838531][ T5108] R13: 00007ffd69c7c620 R14: 00007ffd69c7c600 R15: 0000000000000003
[ 54.846601][ T5108]
[ 54.849639][ T5108] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 54.856938][ T5108] CPU: 1 PID: 5108 Comm: syz-executor245 Not tainted 6.2.0-rc3-next-20230111-syzkaller #0
[ 54.866849][ T5108] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 54.876920][ T5108] Call Trace:
[ 54.880207][ T5108]
[ 54.883142][ T5108] dump_stack_lvl+0xd1/0x138
[ 54.887751][ T5108] panic+0x2cc/0x626
[ 54.891660][ T5108] ? panic_print_sys_info.part.0+0x112/0x112
[ 54.897676][ T5108] ? xfs_qm_dqget_cache_insert.constprop.0+0x36a/0x430
[ 54.904537][ T5108] check_panic_on_warn.cold+0x19/0x35
[ 54.909929][ T5108] __warn+0xf2/0x1a0
[ 54.913857][ T5108] ? xfs_qm_dqget_cache_insert.constprop.0+0x36a/0x430
[ 54.920745][ T5108] report_bug+0x1c0/0x210
[ 54.925101][ T5108] handle_bug+0x3c/0x70
[ 54.929267][ T5108] exc_invalid_op+0x18/0x50
[ 54.933772][ T5108] asm_exc_invalid_op+0x1a/0x20
[ 54.938636][ T5108] RIP: 0010:xfs_qm_dqget_cache_insert.constprop.0+0x36a/0x430
[ 54.946126][ T5108] Code: e9 c4 fd ff ff e8 d6 2f 6b fe 0f 0b e9 1c ff ff ff e8 aa 1a b9 fe e9 59 fd ff ff e8 40 1b b9 fe e9 20 fd ff ff e8 b6 2f 6b fe <0f> 0b e9 7f fd ff ff e8 aa 2f 6b fe e8 e5 ff 53 fe 31 ff 89 c3 89
[ 54.965759][ T5108] RSP: 0018:ffffc90003e778f0 EFLAGS: 00010293
[ 54.971837][ T5108] RAX: 0000000000000000 RBX: ffff8880285a0800 RCX: 0000000000000000
[ 54.979824][ T5108] RDX: ffff88802675ba80 RSI: ffffffff8316913a RDI: 0000000000000005
[ 54.987800][ T5108] RBP: ffff8880260ee080 R08: 0000000000000005 R09: 00000000ffffffef
[ 54.995793][ T5108] R10: 00000000fffffff4 R11: 0000000000000000 R12: 00000000fffffff4
[ 55.003764][ T5108] R13: ffff8880285a08f0 R14: ffff8880285a08a0 R15: 0000000000000000
[ 55.011750][ T5108] ? xfs_qm_dqget_cache_insert.constprop.0+0x36a/0x430
[ 55.018627][ T5108] xfs_qm_dqget+0x16e/0x4b0
[ 55.023151][ T5108] ? xfs_dquot_to_disk+0x750/0x750
[ 55.028276][ T5108] ? xfs_qm_vop_dqalloc+0x785/0xfe0
[ 55.033488][ T5108] ? rcu_read_lock_sched_held+0x3e/0x70
[ 55.039045][ T5108] xfs_qm_vop_dqalloc+0x7a2/0xfe0
[ 55.044101][ T5108] ? xfs_qm_mount_quotas+0x690/0x690
[ 55.049404][ T5108] ? asm_sysvec_reschedule_ipi+0x1a/0x20
[ 55.055060][ T5108] xfs_fileattr_set+0x69e/0x20c0
[ 55.060031][ T5108] ? xfs_fileattr_get+0xd0/0xd0
[ 55.064988][ T5108] ? projid_m_show+0x220/0x220
[ 55.069768][ T5108] ? xfs_fileattr_get+0xa5/0xd0
[ 55.074815][ T5108] ? rcu_read_lock_sched_held+0x3e/0x70
[ 55.080366][ T5108] ? trace_xfs_iunlock+0x24a/0x340
[ 55.085495][ T5108] vfs_fileattr_set+0x7ff/0xc40
[ 55.090358][ T5108] ? ioctl_file_clone+0x100/0x100
[ 55.095392][ T5108] ? __mnt_want_write+0x1fe/0x2e0
[ 55.100436][ T5108] do_vfs_ioctl+0xf8d/0x15b0
[ 55.105035][ T5108] ? vfs_fileattr_set+0xc40/0xc40
[ 55.110086][ T5108] ? find_held_lock+0x2d/0x110
[ 55.114871][ T5108] ? do_one_initcall+0x402/0x7d0
[ 55.119833][ T5108] ? bpf_lsm_file_ioctl+0x9/0x10
[ 55.124792][ T5108] __x64_sys_ioctl+0x10c/0x210
[ 55.129569][ T5108] do_syscall_64+0x39/0xb0
[ 55.133993][ T5108] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 55.139909][ T5108] RIP: 0033:0x7f5574bc2a79
[ 55.144412][ T5108] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 55.164027][ T5108] RSP: 002b:00007ffd69c7c5b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 55.172906][ T5108] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f5574bc2a79
[ 55.180889][ T5108] RDX: 0000000020000140 RSI: 00000000401c5820 RDI: 0000000000000004
[ 55.188867][ T5108] RBP: 00007ffd69c7c5e0 R08: 0000000000000001 R09: 00007ffd69c7c5f0
[ 55.196855][ T5108] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 55.204839][ T5108] R13: 00007ffd69c7c620 R14: 00007ffd69c7c600 R15: 0000000000000003
[ 55.212837][ T5108]
[ 55.215911][ T5108] Kernel Offset: disabled
[ 55.220313][ T5108] Rebooting in 86400 seconds..