./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor406461630
<...>
Warning: Permanently added '10.128.0.202' (ED25519) to the list of known hosts.
execve("./syz-executor406461630", ["./syz-executor406461630"], 0x7ffdd59380d0 /* 10 vars */) = 0
brk(NULL) = 0x55555710b000
brk(0x55555710bd00) = 0x55555710bd00
arch_prctl(ARCH_SET_FS, 0x55555710b380) = 0
set_tid_address(0x55555710b650) = 5059
set_robust_list(0x55555710b660, 24) = 0
rseq(0x55555710bca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor406461630", 4096) = 27
getrandom("\x5b\x83\x0d\x83\x43\xef\x05\xae", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x55555710bd00
brk(0x55555712cd00) = 0x55555712cd00
brk(0x55555712d000) = 0x55555712d000
mprotect(0x7f292347a000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
mkdir("./syzkaller.lBXJ3R", 0700) = 0
chmod("./syzkaller.lBXJ3R", 0777) = 0
chdir("./syzkaller.lBXJ3R") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5060 attached
, child_tidptr=0x55555710b650) = 5060
[pid 5060] set_robust_list(0x55555710b660, 24) = 0
[pid 5060] chdir("./0") = 0
[pid 5060] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5060] setpgid(0, 0) = 0
[pid 5060] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5060] write(3, "1000", 4) = 4
[pid 5060] close(3) = 0
[pid 5060] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5060] memfd_create("syzkaller", 0) = 3
[pid 5060] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f291afc2000
[pid 5060] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5060] munmap(0x7f291afc2000, 138412032) = 0
[pid 5060] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5060] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5060] close(3) = 0
[pid 5060] mkdir("./file0", 0777) = 0
[ 70.856752][ T5060] loop0: detected capacity change from 0 to 32768
[ 70.874370][ T5060] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor406 (5060)
[ 70.897025][ T5060] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 70.906013][ T5060] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 70.916853][ T5060] BTRFS info (device loop0): doing ref verification
[ 70.923551][ T5060] BTRFS info (device loop0): using free space tree
[pid 5060] mount("/dev/loop0", "./file0", "btrfs", 0, "noinode_cache,noautodefrag,ref_verify,") = 0
[pid 5060] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5060] chdir("./file0") = 0
[pid 5060] ioctl(4, LOOP_CLR_FD) = 0
[pid 5060] close(4) = 0
[pid 5060] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 70.951691][ T5060] BTRFS info (device loop0): enabling ssd optimizations
[ 70.958799][ T5060] BTRFS info (device loop0): auto enabling async discard
[pid 5060] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 5060] openat(AT_FDCWD, "blkio.bfq.time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[pid 5060] write(5, "\x63\x67\x72\x6f\x75\x70\x2e\x63\x6f\x6e\x74\x72\x6f\x6c\x6c\x65\x72\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191
[pid 5060] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 5060] write(6, "5", 1) = 1
[ 71.067974][ T48] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 71.136258][ T5060] FAULT_INJECTION: forcing a failure.
[ 71.136258][ T5060] name failslab, interval 1, probability 0, space 0, times 1
[ 71.151151][ T5060] CPU: 0 PID: 5060 Comm: syz-executor406 Not tainted 6.7.0-rc1-syzkaller-00213-g791c8ab095f7 #0
[ 71.161643][ T5060] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 71.171745][ T5060] Call Trace:
[ 71.175065][ T5060]
[ 71.178042][ T5060] dump_stack_lvl+0x1e7/0x2d0
[ 71.182797][ T5060] ? nf_tcp_handle_invalid+0x650/0x650
[ 71.188309][ T5060] ? panic+0x850/0x850
[ 71.192458][ T5060] ? __might_sleep+0xe0/0xe0
[ 71.197205][ T5060] should_fail_ex+0x3aa/0x4e0
[ 71.201963][ T5060] ? tomoyo_supervisor+0xe06/0x11f0
[ 71.207215][ T5060] should_failslab+0x9/0x20
[ 71.211729][ T5060] __kmem_cache_alloc_node+0x6d/0x300
[ 71.217121][ T5060] ? common_lsm_audit+0x1ad0/0x1ad0
[ 71.222338][ T5060] ? tomoyo_supervisor+0xe06/0x11f0
[ 71.227593][ T5060] __kmalloc+0xa2/0x1a0
[ 71.231794][ T5060] tomoyo_supervisor+0xe06/0x11f0
[ 71.236855][ T5060] ? print_irqtrace_events+0x220/0x220
[ 71.242323][ T5060] ? tomoyo_path_permission+0x1cc/0x360
[ 71.247884][ T5060] ? tomoyo_profile+0x50/0x50
[ 71.252589][ T5060] ? kasan_quarantine_put+0xd8/0x230
[ 71.257890][ T5060] ? lockdep_hardirqs_on+0x98/0x140
[ 71.263133][ T5060] ? __kmem_cache_free+0x263/0x3a0
[ 71.268255][ T5060] ? tomoyo_check_path_acl+0xeb/0x1c0
[ 71.273638][ T5060] ? tomoyo_check_acl+0x378/0x3f0
[ 71.278664][ T5060] ? tomoyo_execute_permission+0x410/0x410
[ 71.284520][ T5060] tomoyo_path_permission+0x243/0x360
[ 71.289957][ T5060] tomoyo_path_perm+0x480/0x730
[ 71.294853][ T5060] ? tomoyo_path_perm+0x287/0x730
[ 71.299887][ T5060] ? tomoyo_path_permission+0x360/0x360
[ 71.305472][ T5060] ? rcu_read_lock_any_held+0xb7/0x160
[ 71.310960][ T5060] ? rcu_read_lock_bh_held+0x120/0x120
[ 71.316440][ T5060] ? print_irqtrace_events+0x220/0x220
[ 71.321910][ T5060] security_file_truncate+0x61/0x90
[ 71.327112][ T5060] do_sys_ftruncate+0x260/0x390
[ 71.331991][ T5060] do_syscall_64+0x45/0x110
[ 71.336506][ T5060] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 71.342407][ T5060] RIP: 0033:0x7f29234012e9
[ 71.346824][ T5060] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 71.366432][ T5060] RSP: 002b:00007ffe1c6eba38 EFLAGS: 00000246 ORIG_RAX: 000000000000004d
[ 71.374851][ T5060] RAX: ffffffffffffffda RBX: 00007ffe1c6eba60 RCX: 00007f29234012e9
[pid 5060] ftruncate(5, 0) = 0
[pid 5060] exit_group(0) = ?
[pid 5060] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5060, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=33 /* 0.33 s */} ---
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55555710c6f0 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[ 71.382828][ T5060] RDX: 00007f29234003b0 RSI: 0000000000000000 RDI: 0000000000000005
[ 71.390799][ T5060] RBP: 0000000000000001 R08: 00007ffe1c6eb7d7 R09: 00007ffe1c6eba80
[ 71.398770][ T5060] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001
[ 71.406737][ T5060] R13: 0000000000000000 R14: 431bde82d7b634db R15: 00007ffe1c6ebaa0
[ 71.414725][ T5060]
unlink("./0/binderfs") = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555557114730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555557114730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./0/file0") = 0
getdents64(3, 0x55555710c6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./0") = 0
mkdir("./1", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5079 attached
, child_tidptr=0x55555710b650) = 5079
[pid 5079] set_robust_list(0x55555710b660, 24) = 0
[pid 5079] chdir("./1") = 0
[pid 5079] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5079] setpgid(0, 0) = 0
[pid 5079] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5079] write(3, "1000", 4) = 4
[pid 5079] close(3) = 0
[pid 5079] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5079] memfd_create("syzkaller", 0) = 3
[pid 5079] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f291afc2000
[pid 5079] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5079] munmap(0x7f291afc2000, 138412032) = 0
[pid 5079] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5079] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5079] close(3) = 0
[pid 5079] mkdir("./file0", 0777) = 0
[ 71.993215][ T5079] loop0: detected capacity change from 0 to 32768
[ 72.009170][ T5079] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor406 (5079)
[ 72.026473][ T5079] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[pid 5079] mount("/dev/loop0", "./file0", "btrfs", 0, "noinode_cache,noautodefrag,ref_verify,") = 0
[pid 5079] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5079] chdir("./file0") = 0
[pid 5079] ioctl(4, LOOP_CLR_FD) = 0
[pid 5079] close(4) = 0
[ 72.035270][ T5079] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 72.046108][ T5079] BTRFS info (device loop0): doing ref verification
[ 72.052775][ T5079] BTRFS info (device loop0): using free space tree
[ 72.075282][ T5079] BTRFS info (device loop0): enabling ssd optimizations
[ 72.082390][ T5079] BTRFS info (device loop0): auto enabling async discard
[pid 5079] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 5079] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 5079] openat(AT_FDCWD, "blkio.bfq.time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[pid 5079] write(5, "\x63\x67\x72\x6f\x75\x70\x2e\x63\x6f\x6e\x74\x72\x6f\x6c\x6c\x65\x72\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191
[pid 5079] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 5079] write(6, "5", 1) = 1
[ 72.179342][ T5079] FAULT_INJECTION: forcing a failure.
[ 72.179342][ T5079] name failslab, interval 1, probability 0, space 0, times 0
[ 72.208867][ T5079] CPU: 0 PID: 5079 Comm: syz-executor406 Not tainted 6.7.0-rc1-syzkaller-00213-g791c8ab095f7 #0
[ 72.219355][ T5079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 72.229447][ T5079] Call Trace:
[ 72.232735][ T5079]
[ 72.235670][ T5079] dump_stack_lvl+0x1e7/0x2d0
[ 72.240368][ T5079] ? nf_tcp_handle_invalid+0x650/0x650
[ 72.245844][ T5079] ? panic+0x850/0x850
[ 72.249950][ T5079] ? __might_sleep+0xe0/0xe0
[ 72.254564][ T5079] should_fail_ex+0x3aa/0x4e0
[ 72.259269][ T5079] ? tomoyo_init_log+0x1b3d/0x2040
[ 72.264396][ T5079] should_failslab+0x9/0x20
[ 72.268910][ T5079] __kmem_cache_alloc_node+0x6d/0x300
[ 72.274305][ T5079] ? make_kgid+0x6f0/0x6f0
[ 72.278743][ T5079] ? tomoyo_init_log+0x1b3d/0x2040
[ 72.283875][ T5079] __kmalloc+0xa2/0x1a0
[ 72.288130][ T5079] tomoyo_init_log+0x1b3d/0x2040
[ 72.293102][ T5079] ? common_lsm_audit+0x1ad0/0x1ad0
[ 72.298335][ T5079] ? tomoyo_profile+0x11/0x50
[ 72.303033][ T5079] ? tomoyo_profile+0x11/0x50
[ 72.307734][ T5079] tomoyo_supervisor+0x386/0x11f0
[ 72.312781][ T5079] ? print_irqtrace_events+0x220/0x220
[ 72.318273][ T5079] ? tomoyo_path_permission+0x1cc/0x360
[ 72.323830][ T5079] ? tomoyo_profile+0x50/0x50
[ 72.328522][ T5079] ? kasan_quarantine_put+0xd8/0x230
[ 72.333823][ T5079] ? lockdep_hardirqs_on+0x98/0x140
[ 72.339040][ T5079] ? __kmem_cache_free+0x263/0x3a0
[ 72.344163][ T5079] ? tomoyo_check_path_acl+0xeb/0x1c0
[ 72.349543][ T5079] ? tomoyo_check_acl+0x378/0x3f0
[ 72.354576][ T5079] ? tomoyo_execute_permission+0x410/0x410
[ 72.360508][ T5079] tomoyo_path_permission+0x243/0x360
[ 72.365895][ T5079] tomoyo_path_perm+0x480/0x730
[ 72.370774][ T5079] ? tomoyo_path_perm+0x287/0x730
[ 72.375808][ T5079] ? tomoyo_path_permission+0x360/0x360
[ 72.381386][ T5079] ? rcu_read_lock_any_held+0xb7/0x160
[ 72.386861][ T5079] ? rcu_read_lock_bh_held+0x120/0x120
[ 72.392335][ T5079] ? print_irqtrace_events+0x220/0x220
[ 72.397809][ T5079] security_file_truncate+0x61/0x90
[ 72.403026][ T5079] do_sys_ftruncate+0x260/0x390
[ 72.407893][ T5079] do_syscall_64+0x45/0x110
[ 72.412434][ T5079] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 72.418357][ T5079] RIP: 0033:0x7f29234012e9
[ 72.422783][ T5079] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 72.442407][ T5079] RSP: 002b:00007ffe1c6eba38 EFLAGS: 00000246 ORIG_RAX: 000000000000004d
[ 72.450855][ T5079] RAX: ffffffffffffffda RBX: 00007ffe1c6eba60 RCX: 00007f29234012e9
[ 72.458840][ T5079] RDX: 00007f29234003b0 RSI: 0000000000000000 RDI: 0000000000000005
[ 72.466814][ T5079] RBP: 0000000000000001 R08: 00007ffe1c6eb7d7 R09: 00007ffe1c6eba80
[pid 5079] ftruncate(5, 0) = 0
[pid 5079] exit_group(0) = ?
[pid 5079] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5079, si_uid=0, si_status=0, si_utime=0, si_stime=30 /* 0.30 s */} ---
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[ 72.474789][ T5079] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffe1c6eba5c
[ 72.482767][ T5079] R13: 0000000000000001 R14: 431bde82d7b634db R15: 00007ffe1c6ebaa0
[ 72.490761][ T5079]
[ 72.510424][ T48] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
getdents64(3, 0x55555710c6f0 /* 4 entries */, 32768) = 112
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/binderfs") = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555557114730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555557114730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./1/file0") = 0
getdents64(3, 0x55555710c6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./1") = 0
mkdir("./2", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5096 attached
[pid 5096] set_robust_list(0x55555710b660, 24) = 0
[pid 5096] chdir("./2"
[pid 5059] <... clone resumed>, child_tidptr=0x55555710b650) = 5096
[pid 5096] <... chdir resumed>) = 0
[pid 5096] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5096] setpgid(0, 0) = 0
[pid 5096] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5096] write(3, "1000", 4) = 4
[pid 5096] close(3) = 0
[pid 5096] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5096] memfd_create("syzkaller", 0) = 3
[pid 5096] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f291afc2000
[pid 5096] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5096] munmap(0x7f291afc2000, 138412032) = 0
[pid 5096] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5096] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5096] close(3) = 0
[pid 5096] mkdir("./file0", 0777) = 0
[ 73.116441][ T5096] loop0: detected capacity change from 0 to 32768
[ 73.141883][ T5096] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor406 (5096)
[ 73.159094][ T5096] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 73.167973][ T5096] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 73.179232][ T5096] BTRFS info (device loop0): doing ref verification
[ 73.185888][ T5096] BTRFS info (device loop0): using free space tree
[ 73.208811][ T5096] BTRFS info (device loop0): enabling ssd optimizations
[pid 5096] mount("/dev/loop0", "./file0", "btrfs", 0, "noinode_cache,noautodefrag,ref_verify,") = 0
[pid 5096] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5096] chdir("./file0") = 0
[pid 5096] ioctl(4, LOOP_CLR_FD) = 0
[pid 5096] close(4) = 0
[ 73.215845][ T5096] BTRFS info (device loop0): auto enabling async discard
[pid 5096] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 5096] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 5096] openat(AT_FDCWD, "blkio.bfq.time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[pid 5096] write(5, "\x63\x67\x72\x6f\x75\x70\x2e\x63\x6f\x6e\x74\x72\x6f\x6c\x6c\x65\x72\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191
[pid 5096] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 5096] write(6, "5", 1) = 1
[ 73.334203][ T48] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 73.371383][ T5096] FAULT_INJECTION: forcing a failure.
[ 73.371383][ T5096] name failslab, interval 1, probability 0, space 0, times 0
[ 73.384741][ T5096] CPU: 0 PID: 5096 Comm: syz-executor406 Not tainted 6.7.0-rc1-syzkaller-00213-g791c8ab095f7 #0
[ 73.395203][ T5096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 73.405321][ T5096] Call Trace:
[ 73.408626][ T5096]
[ 73.411630][ T5096] dump_stack_lvl+0x1e7/0x2d0
[ 73.416348][ T5096] ? nf_tcp_handle_invalid+0x650/0x650
[ 73.421827][ T5096] ? panic+0x850/0x850
[ 73.425937][ T5096] should_fail_ex+0x3aa/0x4e0
[ 73.430648][ T5096] ? ulist_add_merge+0x14c/0x480
[ 73.435594][ T5096] should_failslab+0x9/0x20
[ 73.440106][ T5096] __kmem_cache_alloc_node+0x6d/0x300
[ 73.445489][ T5096] ? read_lock_is_recursive+0x20/0x20
[ 73.450866][ T5096] ? __kasan_slab_alloc+0x66/0x70
[ 73.455899][ T5096] ? ulist_add_merge+0x14c/0x480
[ 73.460853][ T5096] kmalloc_trace+0x2a/0x60
[ 73.465309][ T5096] ulist_add_merge+0x14c/0x480
[ 73.470084][ T5096] clear_state_bit+0x148/0x330
[ 73.474860][ T5096] __clear_extent_bit+0x52b/0xb10
[ 73.479902][ T5096] clear_record_extent_bits+0x4d/0x80
[ 73.485293][ T5096] __btrfs_qgroup_release_data+0x5cc/0xaa0
[ 73.491118][ T5096] ? mark_lock+0x9a/0x350
[ 73.495453][ T5096] ? lockdep_hardirqs_on_prepare+0x43c/0x780
[ 73.501462][ T5096] ? btrfs_qgroup_free_data+0x40/0x40
[ 73.506925][ T5096] ? print_irqtrace_events+0x220/0x220
[ 73.512393][ T5096] ? _raw_spin_lock_irq+0xdf/0x120
[ 73.517606][ T5096] ? _raw_spin_unlock_irq+0x2e/0x50
[ 73.522820][ T5096] btrfs_invalidate_folio+0x7cf/0xad0
[ 73.528206][ T5096] ? btrfs_readahead+0x20/0x20
[ 73.532981][ T5096] ? truncate_inode_pages_range+0xf70/0xf70
[ 73.538924][ T5096] ? btrfs_readahead+0x20/0x20
[ 73.543733][ T5096] truncate_cleanup_folio+0x106/0x3d0
[ 73.549136][ T5096] truncate_inode_pages_range+0x2b6/0xf70
[ 73.554878][ T5096] ? mapping_evict_folio+0x530/0x530
[ 73.560208][ T5096] ? unmap_mapping_pages+0x180/0x180
[ 73.565501][ T5096] ? inode_maybe_inc_iversion+0x1a3/0x1f0
[ 73.571247][ T5096] ? generic_set_encrypted_ci_d_ops+0x100/0x100
[ 73.577531][ T5096] truncate_setsize+0xcf/0xf0
[ 73.582225][ T5096] btrfs_setattr+0x605/0x11a0
[ 73.586918][ T5096] ? smack_inode_setattr+0x1cd/0x260
[ 73.592214][ T5096] ? smack_inode_permission+0x380/0x380
[ 73.597763][ T5096] ? btrfs_permission+0x1b0/0x1b0
[ 73.602893][ T5096] ? current_time+0x1be/0x2b0
[ 73.607577][ T5096] ? inode_set_ctime_current+0x80/0x80
[ 73.613056][ T5096] ? evm_inode_setattr+0x100/0x740
[ 73.618178][ T5096] ? bpf_lsm_inode_setattr+0x9/0x10
[ 73.623384][ T5096] ? security_inode_setattr+0xd7/0x130
[ 73.628846][ T5096] ? btrfs_permission+0x1b0/0x1b0
[ 73.633876][ T5096] notify_change+0xb99/0xe60
[ 73.638492][ T5096] do_truncate+0x220/0x300
[ 73.642947][ T5096] ? put_page_bootmem+0x2e0/0x2e0
[ 73.648040][ T5096] ? print_irqtrace_events+0x220/0x220
[ 73.653526][ T5096] do_sys_ftruncate+0x2f3/0x390
[ 73.658394][ T5096] do_syscall_64+0x45/0x110
[ 73.662907][ T5096] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 73.668823][ T5096] RIP: 0033:0x7f29234012e9
[ 73.673256][ T5096] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 73.692877][ T5096] RSP: 002b:00007ffe1c6eba38 EFLAGS: 00000246 ORIG_RAX: 000000000000004d
[ 73.701406][ T5096] RAX: ffffffffffffffda RBX: 00007ffe1c6eba60 RCX: 00007f29234012e9
[ 73.709384][ T5096] RDX: 00007f29234003b0 RSI: 0000000000000000 RDI: 0000000000000005
[ 73.717377][ T5096] RBP: 0000000000000001 R08: 00007ffe1c6eb7d7 R09: 00007ffe1c6eba80
[ 73.725357][ T5096] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffe1c6eba5c
[ 73.733333][ T5096] R13: 0000000000000002 R14: 431bde82d7b634db R15: 00007ffe1c6ebaa0
[ 73.741329][ T5096]
[ 73.744889][ T5096] ------------[ cut here ]------------
[ 73.750407][ T5096] kernel BUG at fs/btrfs/extent-io-tree.c:560!
[ 73.756601][ T5096] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[ 73.762694][ T5096] CPU: 0 PID: 5096 Comm: syz-executor406 Not tainted 6.7.0-rc1-syzkaller-00213-g791c8ab095f7 #0
[ 73.773111][ T5096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 73.783162][ T5096] RIP: 0010:clear_state_bit+0x32b/0x330
[ 73.788726][ T5096] Code: fe e9 98 fd ff ff 44 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c c5 fe ff ff 4c 89 ef e8 e0 39 2f fe e9 b8 fe ff ff e8 76 5b d3 fd 90 <0f> 0b 0f 1f 00 66 0f 1f 00 55 41 57 41 56 41 55 41 54 53 48 83 ec
[ 73.808331][ T5096] RSP: 0018:ffffc900041d7470 EFLAGS: 00010293
[ 73.814419][ T5096] RAX: ffffffff83bb233a RBX: 00000000fffffff4 RCX: ffff88801ab55940
[ 73.822391][ T5096] RDX: 0000000000000000 RSI: 00000000fffffff4 RDI: 0000000000000000
[ 73.830367][ T5096] RBP: 0000000000000000 R08: ffffffff83bb2163 R09: 00000000ffffffff
[ 73.838338][ T5096] R10: dffffc0000000000 R11: fffffbfff1b4556b R12: ffff88801f20d480
[ 73.846485][ T5096] R13: ffffc900041d7678 R14: 0000000000000800 R15: dffffc0000000000
[ 73.854460][ T5096] FS: 000055555710b380(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[ 73.863389][ T5096] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 73.869989][ T5096] CR2: 0000000020009000 CR3: 0000000078928000 CR4: 00000000003506f0
[ 73.877989][ T5096] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 73.885961][ T5096] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 73.893947][ T5096] Call Trace:
[ 73.897243][ T5096]
[ 73.900182][ T5096] ? __die_body+0x8b/0xe0
[ 73.904528][ T5096] ? die+0xa1/0xd0
[ 73.908264][ T5096] ? do_trap+0x153/0x380
[ 73.912539][ T5096] ? clear_state_bit+0x32b/0x330
[ 73.917509][ T5096] ? do_error_trap+0x1dc/0x2c0
[ 73.922301][ T5096] ? clear_state_bit+0x32b/0x330
[ 73.927257][ T5096] ? do_int3+0x50/0x50
[ 73.931339][ T5096] ? handle_invalid_op+0x34/0x40
[ 73.936287][ T5096] ? clear_state_bit+0x32b/0x330
[ 73.941231][ T5096] ? exc_invalid_op+0x34/0x50
[ 73.945916][ T5096] ? asm_exc_invalid_op+0x1a/0x20
[ 73.950951][ T5096] ? clear_state_bit+0x153/0x330
[ 73.956066][ T5096] ? clear_state_bit+0x32a/0x330
[ 73.961012][ T5096] ? clear_state_bit+0x32b/0x330
[ 73.965960][ T5096] __clear_extent_bit+0x52b/0xb10
[ 73.970998][ T5096] clear_record_extent_bits+0x4d/0x80
[ 73.976382][ T5096] __btrfs_qgroup_release_data+0x5cc/0xaa0
[ 73.982394][ T5096] ? mark_lock+0x9a/0x350
[ 73.986733][ T5096] ? lockdep_hardirqs_on_prepare+0x43c/0x780
[ 73.992809][ T5096] ? btrfs_qgroup_free_data+0x40/0x40
[ 73.998187][ T5096] ? print_irqtrace_events+0x220/0x220
[ 74.003678][ T5096] ? _raw_spin_lock_irq+0xdf/0x120
[ 74.008811][ T5096] ? _raw_spin_unlock_irq+0x2e/0x50
[ 74.014028][ T5096] btrfs_invalidate_folio+0x7cf/0xad0
[ 74.019417][ T5096] ? btrfs_readahead+0x20/0x20
[ 74.024188][ T5096] ? truncate_inode_pages_range+0xf70/0xf70
[ 74.030101][ T5096] ? btrfs_readahead+0x20/0x20
[ 74.034877][ T5096] truncate_cleanup_folio+0x106/0x3d0
[ 74.040267][ T5096] truncate_inode_pages_range+0x2b6/0xf70
[ 74.046006][ T5096] ? mapping_evict_folio+0x530/0x530
[ 74.051318][ T5096] ? unmap_mapping_pages+0x180/0x180
[ 74.056609][ T5096] ? inode_maybe_inc_iversion+0x1a3/0x1f0
[ 74.062337][ T5096] ? generic_set_encrypted_ci_d_ops+0x100/0x100
[ 74.068601][ T5096] truncate_setsize+0xcf/0xf0
[ 74.073294][ T5096] btrfs_setattr+0x605/0x11a0
[ 74.077981][ T5096] ? smack_inode_setattr+0x1cd/0x260
[ 74.083271][ T5096] ? smack_inode_permission+0x380/0x380
[ 74.088823][ T5096] ? btrfs_permission+0x1b0/0x1b0
[ 74.093867][ T5096] ? current_time+0x1be/0x2b0
[ 74.098558][ T5096] ? inode_set_ctime_current+0x80/0x80
[ 74.104035][ T5096] ? evm_inode_setattr+0x100/0x740
[ 74.109157][ T5096] ? bpf_lsm_inode_setattr+0x9/0x10
[ 74.114369][ T5096] ? security_inode_setattr+0xd7/0x130
[ 74.119852][ T5096] ? btrfs_permission+0x1b0/0x1b0
[ 74.124930][ T5096] notify_change+0xb99/0xe60
[ 74.129627][ T5096] do_truncate+0x220/0x300
[ 74.134140][ T5096] ? put_page_bootmem+0x2e0/0x2e0
[ 74.139182][ T5096] ? print_irqtrace_events+0x220/0x220
[ 74.144739][ T5096] do_sys_ftruncate+0x2f3/0x390
[ 74.149598][ T5096] do_syscall_64+0x45/0x110
[ 74.154109][ T5096] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 74.160021][ T5096] RIP: 0033:0x7f29234012e9
[ 74.164441][ T5096] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 74.184137][ T5096] RSP: 002b:00007ffe1c6eba38 EFLAGS: 00000246 ORIG_RAX: 000000000000004d
[ 74.192555][ T5096] RAX: ffffffffffffffda RBX: 00007ffe1c6eba60 RCX: 00007f29234012e9
[ 74.200530][ T5096] RDX: 00007f29234003b0 RSI: 0000000000000000 RDI: 0000000000000005
[ 74.208508][ T5096] RBP: 0000000000000001 R08: 00007ffe1c6eb7d7 R09: 00007ffe1c6eba80
[ 74.216479][ T5096] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffe1c6eba5c
[ 74.224471][ T5096] R13: 0000000000000002 R14: 431bde82d7b634db R15: 00007ffe1c6ebaa0
[ 74.232451][ T5096]
[ 74.235472][ T5096] Modules linked in:
[ 74.239539][ T5096] ---[ end trace 0000000000000000 ]---
[ 74.245013][ T5096] RIP: 0010:clear_state_bit+0x32b/0x330
[ 74.250625][ T5096] Code: fe e9 98 fd ff ff 44 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c c5 fe ff ff 4c 89 ef e8 e0 39 2f fe e9 b8 fe ff ff e8 76 5b d3 fd 90 <0f> 0b 0f 1f 00 66 0f 1f 00 55 41 57 41 56 41 55 41 54 53 48 83 ec
[ 74.270338][ T5096] RSP: 0018:ffffc900041d7470 EFLAGS: 00010293
[ 74.276442][ T5096] RAX: ffffffff83bb233a RBX: 00000000fffffff4 RCX: ffff88801ab55940
[ 74.284467][ T5096] RDX: 0000000000000000 RSI: 00000000fffffff4 RDI: 0000000000000000
[ 74.292474][ T5096] RBP: 0000000000000000 R08: ffffffff83bb2163 R09: 00000000ffffffff
[ 74.300490][ T5096] R10: dffffc0000000000 R11: fffffbfff1b4556b R12: ffff88801f20d480
[ 74.308491][ T5096] R13: ffffc900041d7678 R14: 0000000000000800 R15: dffffc0000000000
[ 74.316463][ T5096] FS: 000055555710b380(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[ 74.325442][ T5096] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 74.332061][ T5096] CR2: 0000000020009000 CR3: 0000000078928000 CR4: 00000000003506f0
[ 74.340085][ T5096] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 74.348128][ T5096] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 74.356118][ T5096] Kernel panic - not syncing: Fatal exception
[ 74.362481][ T5096] Kernel Offset: disabled
[ 74.366805][ T5096] Rebooting in 86400 seconds..