./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2253524300
<...>
[ 31.994340][ T4653] dhcpcd-run-hook (4653) used greatest stack depth: 22392 bytes left
forked to background, child pid 4649
[ 33.851880][ T4650] 8021q: adding VLAN 0 to HW filter on device bond0
[ 33.863385][ T4650] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK
syzkaller
Warning: Permanently added '10.128.10.42' (ECDSA) to the list of known hosts.
execve("./syz-executor2253524300", ["./syz-executor2253524300"], 0x7ffd63d259f0 /* 10 vars */) = 0
brk(NULL) = 0x555556d29000
brk(0x555556d29c40) = 0x555556d29c40
arch_prctl(ARCH_SET_FS, 0x555556d29300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor2253524300", 4096) = 28
brk(0x555556d4ac40) = 0x555556d4ac40
brk(0x555556d4b000) = 0x555556d4b000
mprotect(0x7f642e7e6000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
getpid() = 5071
mkdir("./syzkaller.fu3TjE", 0700) = 0
chmod("./syzkaller.fu3TjE", 0777) = 0
chdir("./syzkaller.fu3TjE") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556d295d0) = 5072
./strace-static-x86_64: Process 5072 attached
[pid 5072] chdir("./0") = 0
[pid 5072] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5072] setpgid(0, 0) = 0
[pid 5072] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5072] write(3, "1000", 4) = 4
[pid 5072] close(3) = 0
[pid 5072] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5072] memfd_create("syzkaller", 0) = 3
[pid 5072] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6426325000
syzkaller login: [ 52.448355][ T5072] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5072 'syz-executor225'
[pid 5072] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5072] munmap(0x7f6426325000, 16777216) = 0
[pid 5072] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5072] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5072] close(3) = 0
[pid 5072] mkdir("./file0", 0777) = 0
[ 52.633599][ T5072] loop0: detected capacity change from 0 to 32768
[ 52.657141][ T5072] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor225 (5072)
[pid 5072] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0
[pid 5072] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5072] chdir("./file0") = 0
[pid 5072] ioctl(4, LOOP_CLR_FD) = 0
[pid 5072] close(4) = 0
[pid 5072] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 52.680472][ T5072] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 52.689428][ T5072] BTRFS info (device loop0): enabling ssd optimizations
[ 52.696393][ T5072] BTRFS info (device loop0): using spread ssd allocation scheme
[ 52.704461][ T5072] BTRFS info (device loop0): turning on sync discard
[ 52.711626][ T5072] BTRFS info (device loop0): using free space tree
[pid 5072] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 5072] creat("./file0/file0", 000) = 5
[pid 5072] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 5072] write(6, "5", 1) = 1
[ 52.846737][ T5072] FAULT_INJECTION: forcing a failure.
[ 52.846737][ T5072] name failslab, interval 1, probability 0, space 0, times 1
[ 52.856304][ T33] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 52.859535][ T5072] CPU: 1 PID: 5072 Comm: syz-executor225 Not tainted 6.2.0-rc3-next-20230109-syzkaller #0
[ 52.878510][ T5072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 52.888856][ T5072] Call Trace:
[ 52.892147][ T5072]
[ 52.895082][ T5072] dump_stack_lvl+0xd1/0x138
[ 52.899705][ T5072] should_fail_ex.cold+0x5/0xa
[ 52.904486][ T5072] should_failslab+0x9/0x20
[ 52.909012][ T5072] __kmem_cache_alloc_node+0x5b/0x330
[ 52.914392][ T5072] ? tomoyo_supervisor+0xcfc/0xf10
[ 52.919512][ T5072] ? common_lsm_audit+0x1ed0/0x1ed0
[ 52.924729][ T5072] ? tomoyo_supervisor+0xcfc/0xf10
[ 52.929864][ T5072] __kmalloc+0x4a/0xd0
[ 52.933953][ T5072] ? strstr+0x109/0x160
[ 52.938122][ T5072] tomoyo_supervisor+0xcfc/0xf10
[ 52.943087][ T5072] ? tomoyo_profile+0x60/0x60
[ 52.947795][ T5072] ? lockdep_hardirqs_on+0x7d/0x100
[ 52.953037][ T5072] ? tomoyo_check_path_number_acl+0xa9/0x320
[ 52.959051][ T5072] tomoyo_path_number_perm+0x410/0x570
[ 52.964529][ T5072] ? tomoyo_execute_permission+0x4a0/0x4a0
[ 52.970354][ T5072] ? ptrace_stop.part.0+0x4e3/0x8e0
[ 52.975565][ T5072] ? rcu_read_lock_sched_held+0x3e/0x70
[ 52.981133][ T5072] ? find_held_lock+0x2d/0x110
[ 52.985920][ T5072] ? do_one_initcall+0x5e3/0x7d0
[ 52.990873][ T5072] ? lock_downgrade+0x6e0/0x6e0
[ 52.995741][ T5072] security_file_ioctl+0x54/0xb0
[ 53.000698][ T5072] __x64_sys_ioctl+0xb7/0x210
[ 53.005396][ T5072] do_syscall_64+0x39/0xb0
[ 53.009828][ T5072] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 53.015730][ T5072] RIP: 0033:0x7f642e772b99
[ 53.020148][ T5072] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[pid 5072] ioctl(5, FS_IOC_SETFSLABEL, "\x81\xb3\xde\x25\x34\x83\x1d\xeb\x49\x60\x7b\x06\x03\xf5\xb5\x27\x60\x4b\x34\xb8\xc5\x7a\xa0\x99\xf4\xe8\xaf\xa5\x56\xb5\x42\x72\x9f\xc5\x90\xb6\x82\x1c\x6d\x50\x58\xb4\xd8\xe3\x40\x22\xeb\xa5\x6a\x71\x18\x8f\xc9\x01\xa5\xb7\x80\xa0\xcb\xec\x86\xb5\x2e\xd2\xc4\xeb\x32\x88\x98\xbe\x74\xce\xed\x81\x6b\x79\x57\xd9\xc6\xd8\xb5\x9b\x97\x48\x60\x51\x39\x67\xae\xe2\xc9\xaa\x33\x9d\x8e\xde\x28\x96\x65\xd6\xe9\x4e\x20\x1c\xd2\x48\x05\xd2\x5c\xd0\xf6\x3e\x48\xb4\xdd\x5e\xa8\xf1\x01\x57\x35\x2f\x59\x48\xec\x81\x4a\xc7\xda\x25\x05\x4e\x12\x90\x69\x19\xe7\x14\x3e\x2a\x60\x3e\xc6\x49") = 0
[pid 5072] exit_group(0) = ?
[pid 5072] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5072, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=28 /* 0.28 s */} ---
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556d2a620 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./0/binderfs") = 0
[ 53.039771][ T5072] RSP: 002b:00007ffdcf59f388 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 53.048193][ T5072] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f642e772b99
[ 53.056167][ T5072] RDX: 00000000200001c0 RSI: 0000000041009432 RDI: 0000000000000005
[ 53.064145][ T5072] RBP: 00007ffdcf59f3b0 R08: 0000000000000001 R09: 00007ffdcf59f3c0
[ 53.072119][ T5072] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[ 53.080177][ T5072] R13: 00007ffdcf59f3f0 R14: 00007ffdcf59f3d0 R15: 0000000000000000
[ 53.088170][ T5072]
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556d32660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556d32660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./0/file0") = 0
getdents64(3, 0x555556d2a620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./0") = 0
mkdir("./1", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5100 attached
, child_tidptr=0x555556d295d0) = 5100
[pid 5100] chdir("./1") = 0
[pid 5100] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5100] setpgid(0, 0) = 0
[pid 5100] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5100] write(3, "1000", 4) = 4
[pid 5100] close(3) = 0
[pid 5100] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5100] memfd_create("syzkaller", 0) = 3
[pid 5100] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6426325000
[pid 5100] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5100] munmap(0x7f6426325000, 16777216) = 0
[pid 5100] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5100] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5100] close(3) = 0
[pid 5100] mkdir("./file0", 0777) = 0
[ 53.480122][ T5100] loop0: detected capacity change from 0 to 32768
[ 53.495114][ T5100] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 53.504013][ T5100] BTRFS info (device loop0): enabling ssd optimizations
[ 53.511312][ T5100] BTRFS info (device loop0): using spread ssd allocation scheme
[ 53.518959][ T5100] BTRFS info (device loop0): turning on sync discard
[pid 5100] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0
[pid 5100] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5100] chdir("./file0") = 0
[pid 5100] ioctl(4, LOOP_CLR_FD) = 0
[pid 5100] close(4) = 0
[pid 5100] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 53.526003][ T5100] BTRFS info (device loop0): using free space tree
[pid 5100] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 5100] creat("./file0/file0", 000) = 5
[pid 5100] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 5100] write(6, "5", 1) = 1
[ 53.602207][ T5100] FAULT_INJECTION: forcing a failure.
[ 53.602207][ T5100] name failslab, interval 1, probability 0, space 0, times 0
[ 53.603189][ T46] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 53.625093][ T5100] CPU: 0 PID: 5100 Comm: syz-executor225 Not tainted 6.2.0-rc3-next-20230109-syzkaller #0
[ 53.635030][ T5100] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 53.645115][ T5100] Call Trace:
[ 53.648414][ T5100]
[ 53.651367][ T5100] dump_stack_lvl+0xd1/0x138
[ 53.655996][ T5100] should_fail_ex.cold+0x5/0xa
[ 53.660796][ T5100] should_failslab+0x9/0x20
[ 53.665340][ T5100] __kmem_cache_alloc_node+0x5b/0x330
[ 53.670749][ T5100] ? tomoyo_supervisor+0xcfc/0xf10
[ 53.675896][ T5100] ? common_lsm_audit+0x1ed0/0x1ed0
[ 53.681147][ T5100] ? tomoyo_supervisor+0xcfc/0xf10
[ 53.686287][ T5100] __kmalloc+0x4a/0xd0
[ 53.690409][ T5100] ? strstr+0x109/0x160
[ 53.694605][ T5100] tomoyo_supervisor+0xcfc/0xf10
[ 53.699584][ T5100] ? tomoyo_profile+0x60/0x60
[ 53.704289][ T5100] ? lockdep_hardirqs_on+0x7d/0x100
[ 53.709543][ T5100] ? tomoyo_check_path_number_acl+0xa9/0x320
[ 53.715574][ T5100] tomoyo_path_number_perm+0x410/0x570
[ 53.721070][ T5100] ? tomoyo_execute_permission+0x4a0/0x4a0
[ 53.726922][ T5100] ? ptrace_stop.part.0+0x4e3/0x8e0
[ 53.732154][ T5100] ? rcu_read_lock_sched_held+0x3e/0x70
[ 53.737733][ T5100] ? find_held_lock+0x2d/0x110
[ 53.742505][ T5100] ? do_one_initcall+0x5e3/0x7d0
[ 53.747438][ T5100] ? lock_downgrade+0x6e0/0x6e0
[ 53.752290][ T5100] security_file_ioctl+0x54/0xb0
[ 53.757230][ T5100] __x64_sys_ioctl+0xb7/0x210
[ 53.761903][ T5100] do_syscall_64+0x39/0xb0
[ 53.766315][ T5100] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 53.772199][ T5100] RIP: 0033:0x7f642e772b99
[ 53.776603][ T5100] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[pid 5100] ioctl(5, FS_IOC_SETFSLABEL, "\x81\xb3\xde\x25\x34\x83\x1d\xeb\x49\x60\x7b\x06\x03\xf5\xb5\x27\x60\x4b\x34\xb8\xc5\x7a\xa0\x99\xf4\xe8\xaf\xa5\x56\xb5\x42\x72\x9f\xc5\x90\xb6\x82\x1c\x6d\x50\x58\xb4\xd8\xe3\x40\x22\xeb\xa5\x6a\x71\x18\x8f\xc9\x01\xa5\xb7\x80\xa0\xcb\xec\x86\xb5\x2e\xd2\xc4\xeb\x32\x88\x98\xbe\x74\xce\xed\x81\x6b\x79\x57\xd9\xc6\xd8\xb5\x9b\x97\x48\x60\x51\x39\x67\xae\xe2\xc9\xaa\x33\x9d\x8e\xde\x28\x96\x65\xd6\xe9\x4e\x20\x1c\xd2\x48\x05\xd2\x5c\xd0\xf6\x3e\x48\xb4\xdd\x5e\xa8\xf1\x01\x57\x35\x2f\x59\x48\xec\x81\x4a\xc7\xda\x25\x05\x4e\x12\x90\x69\x19\xe7\x14\x3e\x2a\x60\x3e\xc6\x49") = 0
[pid 5100] exit_group(0) = ?
[pid 5100] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5100, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=24 /* 0.24 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556d2a620 /* 4 entries */, 32768) = 112
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./1/binderfs") = 0
[ 53.796222][ T5100] RSP: 002b:00007ffdcf59f388 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 53.804666][ T5100] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f642e772b99
[ 53.812665][ T5100] RDX: 00000000200001c0 RSI: 0000000041009432 RDI: 0000000000000005
[ 53.820639][ T5100] RBP: 00007ffdcf59f3b0 R08: 0000000000000001 R09: 00007ffdcf59f3c0
[ 53.828730][ T5100] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[ 53.836723][ T5100] R13: 00007ffdcf59f3f0 R14: 00007ffdcf59f3d0 R15: 0000000000000001
[ 53.844726][ T5100]
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556d32660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556d32660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./1/file0") = 0
getdents64(3, 0x555556d2a620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./1") = 0
mkdir("./2", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556d295d0) = 5120
./strace-static-x86_64: Process 5120 attached
[pid 5120] chdir("./2") = 0
[pid 5120] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5120] setpgid(0, 0) = 0
[pid 5120] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5120] write(3, "1000", 4) = 4
[pid 5120] close(3) = 0
[pid 5120] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5120] memfd_create("syzkaller", 0) = 3
[pid 5120] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6426325000
[pid 5120] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5120] munmap(0x7f6426325000, 16777216) = 0
[pid 5120] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5120] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5120] close(3) = 0
[pid 5120] mkdir("./file0", 0777) = 0
[ 54.159003][ T5120] loop0: detected capacity change from 0 to 32768
[ 54.172660][ T5120] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 54.181722][ T5120] BTRFS info (device loop0): enabling ssd optimizations
[ 54.188935][ T5120] BTRFS info (device loop0): using spread ssd allocation scheme
[ 54.197101][ T5120] BTRFS info (device loop0): turning on sync discard
[pid 5120] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0
[pid 5120] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5120] chdir("./file0") = 0
[pid 5120] ioctl(4, LOOP_CLR_FD) = 0
[pid 5120] close(4) = 0
[pid 5120] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 54.203986][ T5120] BTRFS info (device loop0): using free space tree
[pid 5120] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 5120] creat("./file0/file0", 000) = 5
[pid 5120] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 5120] write(6, "5", 1) = 1
[ 54.276797][ T5120] FAULT_INJECTION: forcing a failure.
[ 54.276797][ T5120] name failslab, interval 1, probability 0, space 0, times 0
[ 54.294260][ T5120] CPU: 0 PID: 5120 Comm: syz-executor225 Not tainted 6.2.0-rc3-next-20230109-syzkaller #0
[ 54.297592][ T46] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 54.304191][ T5120] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 54.304219][ T5120] Call Trace:
[ 54.304227][ T5120]
[ 54.304238][ T5120] dump_stack_lvl+0xd1/0x138
[ 54.304276][ T5120] should_fail_ex.cold+0x5/0xa
[ 54.304303][ T5120] ? __btrfs_free_extent+0x1d0/0x1370
[ 54.304330][ T5120] should_failslab+0x9/0x20
[ 54.304363][ T5120] kmem_cache_alloc+0x5a/0x320
[ 54.304399][ T5120] __btrfs_free_extent+0x1d0/0x1370
[ 54.304438][ T5120] ? lookup_extent_backref+0x110/0x110
[ 54.364582][ T5120] ? __btrfs_run_delayed_refs+0x577/0x39f0
[ 54.370407][ T5120] ? lock_downgrade+0x6e0/0x6e0
[ 54.375263][ T5120] ? _raw_read_unlock+0x28/0x40
[ 54.380126][ T5120] ? btrfs_tree_mod_log_lowest_seq+0x86/0xb0
[ 54.386135][ T5120] __btrfs_run_delayed_refs+0x12ff/0x39f0
[ 54.391895][ T5120] ? check_ref_cleanup+0x3e0/0x3e0
[ 54.397031][ T5120] ? lock_release+0x810/0x810
[ 54.401803][ T5120] ? btrfs_commit_transaction+0x136/0x36e0
[ 54.407624][ T5120] ? rcu_read_lock_sched_held+0x3e/0x70
[ 54.413528][ T5120] btrfs_run_delayed_refs+0x19a/0x490
[ 54.418918][ T5120] btrfs_commit_transaction+0x1e94/0x36e0
[ 54.424655][ T5120] ? trace_lock_acquire+0x1f1/0x290
[ 54.429877][ T5120] ? create_pending_snapshots+0x2c0/0x2c0
[ 54.435612][ T5120] ? lock_downgrade+0x6e0/0x6e0
[ 54.440470][ T5120] ? do_raw_spin_lock+0x124/0x2b0
[ 54.445503][ T5120] ? rwlock_bug.part.0+0x90/0x90
[ 54.450456][ T5120] ? lock_acquire+0x32/0xc0
[ 54.455049][ T5120] ? btrfs_ioctl_set_fslabel+0x298/0x3a0
[ 54.460698][ T5120] btrfs_ioctl_set_fslabel+0x326/0x3a0
[ 54.466164][ T5120] ? btrfs_flush_workqueue+0x40/0x40
[ 54.471483][ T5120] ? tomoyo_path_number_perm+0x242/0x570
[ 54.477136][ T5120] ? lock_downgrade+0x6e0/0x6e0
[ 54.481995][ T5120] ? __kmem_cache_free+0xaf/0x2d0
[ 54.487030][ T5120] btrfs_ioctl+0x3e44/0x5900
[ 54.491638][ T5120] ? tomoyo_path_number_perm+0x166/0x570
[ 54.497284][ T5120] ? tomoyo_execute_permission+0x4a0/0x4a0
[ 54.503103][ T5120] ? btrfs_ioctl_get_supported_features+0x50/0x50
[ 54.509532][ T5120] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 54.515447][ T5120] ? do_vfs_ioctl+0x132/0x15b0
[ 54.520220][ T5120] ? vfs_fileattr_set+0xc40/0xc40
[ 54.525266][ T5120] ? find_held_lock+0x2d/0x110
[ 54.530051][ T5120] ? do_one_initcall+0x5e3/0x7d0
[ 54.535004][ T5120] ? lock_downgrade+0x6e0/0x6e0
[ 54.539873][ T5120] ? bpf_lsm_file_ioctl+0x9/0x10
[ 54.544823][ T5120] ? btrfs_ioctl_get_supported_features+0x50/0x50
[ 54.551254][ T5120] __x64_sys_ioctl+0x197/0x210
[ 54.556041][ T5120] do_syscall_64+0x39/0xb0
[ 54.560477][ T5120] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 54.566384][ T5120] RIP: 0033:0x7f642e772b99
[ 54.570806][ T5120] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 54.590421][ T5120] RSP: 002b:00007ffdcf59f388 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 54.598842][ T5120] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f642e772b99
[ 54.606817][ T5120] RDX: 00000000200001c0 RSI: 0000000041009432 RDI: 0000000000000005
[ 54.614790][ T5120] RBP: 00007ffdcf59f3b0 R08: 0000000000000001 R09: 00007ffdcf59f3c0
[ 54.622767][ T5120] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[ 54.630738][ T5120] R13: 00007ffdcf59f3f0 R14: 00007ffdcf59f3d0 R15: 0000000000000002
[ 54.638735][ T5120]
[ 54.642260][ T5120] BTRFS error (device loop0): failed to run delayed ref for logical 5345280 num_bytes 4096 type 176 action 2 ref_mod 1: -12
[ 54.660292][ T5120] BTRFS: error (device loop0: state A) in btrfs_run_delayed_refs:2151: errno=-12 Out of memory
[pid 5120] ioctl(5, FS_IOC_SETFSLABEL, "\x81\xb3\xde\x25\x34\x83\x1d\xeb\x49\x60\x7b\x06\x03\xf5\xb5\x27\x60\x4b\x34\xb8\xc5\x7a\xa0\x99\xf4\xe8\xaf\xa5\x56\xb5\x42\x72\x9f\xc5\x90\xb6\x82\x1c\x6d\x50\x58\xb4\xd8\xe3\x40\x22\xeb\xa5\x6a\x71\x18\x8f\xc9\x01\xa5\xb7\x80\xa0\xcb\xec\x86\xb5\x2e\xd2\xc4\xeb\x32\x88\x98\xbe\x74\xce\xed\x81\x6b\x79\x57\xd9\xc6\xd8\xb5\x9b\x97\x48\x60\x51\x39\x67\xae\xe2\xc9\xaa\x33\x9d\x8e\xde\x28\x96\x65\xd6\xe9\x4e\x20\x1c\xd2\x48\x05\xd2\x5c\xd0\xf6\x3e\x48\xb4\xdd\x5e\xa8\xf1\x01\x57\x35\x2f\x59\x48\xec\x81\x4a\xc7\xda\x25\x05\x4e\x12\x90\x69\x19\xe7\x14\x3e\x2a\x60\x3e\xc6\x49") = -1 ENOMEM (Cannot allocate memory)
[pid 5120] exit_group(0) = ?
[pid 5120] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5120, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=23 /* 0.23 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556d2a620 /* 4 entries */, 32768) = 112
umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./2/binderfs") = 0
[ 54.672270][ T5120] BTRFS info (device loop0: state EA): forced readonly
[ 54.682633][ T5136] ------------[ cut here ]------------
[ 54.688291][ T5136] WARNING: CPU: 0 PID: 5136 at fs/btrfs/transaction.c:144 btrfs_put_transaction+0x3a0/0x470
[ 54.709411][ T5136] Modules linked in:
[ 54.713377][ T5136] CPU: 1 PID: 5136 Comm: btrfs-transacti Not tainted 6.2.0-rc3-next-20230109-syzkaller #0
[ 54.723390][ T5136] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 54.733970][ T5136] RIP: 0010:btrfs_put_transaction+0x3a0/0x470
[ 54.740618][ T5136] Code: fc ff ff 48 89 df e8 2f 28 6d fe e9 73 fd ff ff e8 25 41 1f fe 0f 0b eb a1 e8 1c 41 1f fe 0f 0b e9 a2 fd ff ff e8 10 41 1f fe <0f> 0b e9 cd fd ff ff 48 89 df e8 a1 28 6d fe e9 01 ff ff ff 4c 89
[ 54.760735][ T5136] RSP: 0018:ffffc90003e2fcb8 EFLAGS: 00010293
[ 54.766836][ T5136] RAX: 0000000000000000 RBX: ffff888029a75028 RCX: 0000000000000000
[ 54.775163][ T5136] RDX: ffff88801b93d7c0 RSI: ffffffff83626c40 RDI: ffff888029a75330
[ 54.783232][ T5136] RBP: ffff888029a75000 R08: 0000000000000005 R09: 0000000000000001
[ 54.791280][ T5136] R10: 0000000000000001 R11: 0000000000000000 R12: ffff888029a75010
[ 54.799374][ T5136] R13: ffff88802b09cce0 R14: ffff88802b09cc10 R15: ffff88802b09c000
[ 54.807376][ T5136] FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[ 54.816367][ T5136] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 54.823016][ T5136] CR2: 00007ffdcf59dff8 CR3: 000000000c48e000 CR4: 00000000003506e0
[ 54.831121][ T5136] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 54.839114][ T5136] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 54.847238][ T5136] Call Trace:
[ 54.850576][ T5136]
[ 54.853509][ T5136] btrfs_cleanup_transaction.isra.0+0x21c/0x1030
[ 54.859904][ T5136] ? btrfs_cleanup_one_transaction+0x19b0/0x19b0
[ 54.866258][ T5136] ? __mutex_unlock_slowpath+0x157/0x5e0
[ 54.871953][ T5136] ? wait_for_completion_io_timeout+0x20/0x20
[ 54.878039][ T5136] ? do_raw_spin_lock+0x124/0x2b0
[ 54.883142][ T5136] ? sched_core_balance+0x15e0/0x15e0
[ 54.888528][ T5136] ? rwlock_bug.part.0+0x90/0x90
[ 54.893552][ T5136] ? lock_acquire+0x32/0xc0
[ 54.898070][ T5136] ? transaction_kthread+0x10d/0x4e0
[ 54.903435][ T5136] transaction_kthread+0x3cb/0x4e0
[ 54.908579][ T5136] ? btrfs_cleanup_transaction.isra.0+0x1030/0x1030
[ 54.915233][ T5136] kthread+0x2e8/0x3a0
[ 54.919369][ T5136] ? kthread_complete_and_exit+0x40/0x40
[ 54.925038][ T5136] ret_from_fork+0x1f/0x30
[ 54.929537][ T5136]
[ 54.932582][ T5136] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 54.939866][ T5136] CPU: 1 PID: 5136 Comm: btrfs-transacti Not tainted 6.2.0-rc3-next-20230109-syzkaller #0
[ 54.949844][ T5136] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 54.959898][ T5136] Call Trace:
[ 54.963176][ T5136]
[ 54.966108][ T5136] dump_stack_lvl+0xd1/0x138
[ 54.970718][ T5136] panic+0x2cc/0x626
[ 54.974636][ T5136] ? panic_print_sys_info.part.0+0x112/0x112
[ 54.980676][ T5136] ? btrfs_put_transaction+0x3a0/0x470
[ 54.986155][ T5136] check_panic_on_warn.cold+0x19/0x35
[ 54.991652][ T5136] __warn+0xf2/0x1a0
[ 54.995663][ T5136] ? btrfs_put_transaction+0x3a0/0x470
[ 55.001163][ T5136] report_bug+0x1c0/0x210
[ 55.005515][ T5136] handle_bug+0x3c/0x70
[ 55.009775][ T5136] exc_invalid_op+0x18/0x50
[ 55.014324][ T5136] asm_exc_invalid_op+0x1a/0x20
[ 55.019187][ T5136] RIP: 0010:btrfs_put_transaction+0x3a0/0x470
[ 55.025277][ T5136] Code: fc ff ff 48 89 df e8 2f 28 6d fe e9 73 fd ff ff e8 25 41 1f fe 0f 0b eb a1 e8 1c 41 1f fe 0f 0b e9 a2 fd ff ff e8 10 41 1f fe <0f> 0b e9 cd fd ff ff 48 89 df e8 a1 28 6d fe e9 01 ff ff ff 4c 89
[ 55.044910][ T5136] RSP: 0018:ffffc90003e2fcb8 EFLAGS: 00010293
[ 55.051083][ T5136] RAX: 0000000000000000 RBX: ffff888029a75028 RCX: 0000000000000000
[ 55.059062][ T5136] RDX: ffff88801b93d7c0 RSI: ffffffff83626c40 RDI: ffff888029a75330
[ 55.067036][ T5136] RBP: ffff888029a75000 R08: 0000000000000005 R09: 0000000000000001
[ 55.075017][ T5136] R10: 0000000000000001 R11: 0000000000000000 R12: ffff888029a75010
[ 55.084551][ T5136] R13: ffff88802b09cce0 R14: ffff88802b09cc10 R15: ffff88802b09c000
[ 55.092534][ T5136] ? btrfs_put_transaction+0x3a0/0x470
[ 55.098019][ T5136] ? btrfs_put_transaction+0x3a0/0x470
[ 55.103499][ T5136] btrfs_cleanup_transaction.isra.0+0x21c/0x1030
[ 55.109849][ T5136] ? btrfs_cleanup_one_transaction+0x19b0/0x19b0
[ 55.116189][ T5136] ? __mutex_unlock_slowpath+0x157/0x5e0
[ 55.121843][ T5136] ? wait_for_completion_io_timeout+0x20/0x20
[ 55.127918][ T5136] ? do_raw_spin_lock+0x124/0x2b0
[ 55.132950][ T5136] ? sched_core_balance+0x15e0/0x15e0
[ 55.138329][ T5136] ? rwlock_bug.part.0+0x90/0x90
[ 55.143272][ T5136] ? lock_acquire+0x32/0xc0
[ 55.147779][ T5136] ? transaction_kthread+0x10d/0x4e0
[ 55.153086][ T5136] transaction_kthread+0x3cb/0x4e0
[ 55.158220][ T5136] ? btrfs_cleanup_transaction.isra.0+0x1030/0x1030
[ 55.164823][ T5136] kthread+0x2e8/0x3a0
[ 55.168900][ T5136] ? kthread_complete_and_exit+0x40/0x40
[ 55.174543][ T5136] ret_from_fork+0x1f/0x30
[ 55.178986][ T5136]
[ 55.182165][ T5136] Kernel Offset: disabled
[ 55.186570][ T5136] Rebooting in 86400 seconds..