./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1489332354 <...> Warning: Permanently added '10.128.0.70' (ECDSA) to the list of known hosts. execve("./syz-executor1489332354", ["./syz-executor1489332354"], 0x7ffde403fb50 /* 10 vars */) = 0 brk(NULL) = 0x55555694b000 brk(0x55555694bc40) = 0x55555694bc40 arch_prctl(ARCH_SET_FS, 0x55555694b300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x55555694b5d0) = 5004 set_robust_list(0x55555694b5e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7fba5f3fd730, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7fba5f3fde00}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7fba5f3fd7d0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fba5f3fde00}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1489332354", 4096) = 28 brk(0x55555696cc40) = 0x55555696cc40 brk(0x55555696d000) = 0x55555696d000 mprotect(0x7fba5f4c4000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 getpid() = 5004 mkdir("./syzkaller.bAtPTz", 0700) = 0 chmod("./syzkaller.bAtPTz", 0777) = 0 chdir("./syzkaller.bAtPTz") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555694b5d0) = 5005 ./strace-static-x86_64: Process 5005 attached [pid 5005] set_robust_list(0x55555694b5e0, 24) = 0 [pid 5005] chdir("./0") = 0 [pid 5005] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5005] setpgid(0, 0) = 0 [pid 5005] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5005] write(3, "1000", 4) = 4 [pid 5005] close(3) = 0 [pid 5005] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5005] futex(0x7fba5f4ca7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5005] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fba5f3cc000 [pid 5005] mprotect(0x7fba5f3cd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5005] clone(child_stack=0x7fba5f3ec3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5007], tls=0x7fba5f3ec700, child_tidptr=0x7fba5f3ec9d0) = 5007 [pid 5005] futex(0x7fba5f4ca7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5005] futex(0x7fba5f4ca7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5007 attached [pid 5007] set_robust_list(0x7fba5f3ec9e0, 24) = 0 [pid 5007] memfd_create("syzkaller", 0) = 3 [pid 5007] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fba56fcc000 [ 81.419561][ T5007] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5007 'syz-executor148' [pid 5007] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5007] munmap(0x7fba56fcc000, 16777216) = 0 [pid 5007] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5007] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5007] close(3) = 0 [pid 5007] mkdir("./bus", 0777) = 0 [ 81.661662][ T5007] loop0: detected capacity change from 0 to 32768 [ 81.675153][ T5007] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor148 (5007) [ 81.697418][ T5007] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 81.706282][ T5007] BTRFS info (device loop0): doing ref verification [ 81.713106][ T5007] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 81.723984][ T5007] BTRFS info (device loop0): force zlib compression, level 3 [ 81.731652][ T5007] BTRFS info (device loop0): allowing degraded mounts [ 81.738471][ T5007] BTRFS info (device loop0): using free space tree [pid 5007] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5007] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5007] chdir("./bus") = 0 [pid 5007] ioctl(4, LOOP_CLR_FD) = 0 [pid 5007] close(4) = 0 [pid 5007] futex(0x7fba5f4ca7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5005] <... futex resumed>) = 0 [pid 5005] futex(0x7fba5f4ca7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5005] futex(0x7fba5f4ca7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5007] <... futex resumed>) = 1 [pid 5007] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5007] futex(0x7fba5f4ca7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5005] <... futex resumed>) = 0 [pid 5005] futex(0x7fba5f4ca7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5005] futex(0x7fba5f4ca7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5007] <... futex resumed>) = 1 [pid 5007] open("./file0", O_RDONLY) = 5 [pid 5007] futex(0x7fba5f4ca7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5005] <... futex resumed>) = 0 [pid 5005] futex(0x7fba5f4ca7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5005] futex(0x7fba5f4ca7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5007] <... futex resumed>) = 1 [ 81.762142][ T5007] BTRFS info (device loop0): auto enabling async discard [pid 5007] ioctl(5, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5005] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5005] futex(0x7fba5f4ca7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5005] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fba57fab000 [pid 5005] mprotect(0x7fba57fac000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5005] clone(child_stack=0x7fba57fcb3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5024], tls=0x7fba57fcb700, child_tidptr=0x7fba57fcb9d0) = 5024 [pid 5005] futex(0x7fba5f4ca7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5005] futex(0x7fba5f4ca7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5007] <... ioctl resumed>) = 0 [pid 5007] futex(0x7fba5f4ca7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5007] futex(0x7fba5f4ca7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5024 attached [pid 5024] set_robust_list(0x7fba57fcb9e0, 24) = 0 [pid 5024] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5005] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5005] futex(0x7fba5f4ca7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5007] <... futex resumed>) = 0 [pid 5005] <... futex resumed>) = 1 [pid 5007] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5005] futex(0x7fba5f4ca7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5007] <... mmap resumed>) = 0x20000000 [pid 5007] futex(0x7fba5f4ca7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5005] <... futex resumed>) = 0 [pid 5005] futex(0x7fba5f4ca7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5005] futex(0x7fba5f4ca7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5007] <... futex resumed>) = 1 [pid 5024] <... write resumed>) = 860160 [pid 5024] futex(0x7fba5f4ca7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5024] futex(0x7fba5f4ca7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5007] openat(AT_FDCWD, "/proc/bus/input/devices", O_RDONLY) = 6 [pid 5007] futex(0x7fba5f4ca7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5005] <... futex resumed>) = 0 [pid 5005] futex(0x7fba5f4ca7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5005] futex(0x7fba5f4ca7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5007] <... futex resumed>) = 1 [pid 5007] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 7 [pid 5007] write(7, "6", 1) = 1 [ 81.906578][ T51] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 81.948433][ T5007] FAULT_INJECTION: forcing a failure. [ 81.948433][ T5007] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 81.962262][ T5007] CPU: 1 PID: 5007 Comm: syz-executor148 Not tainted 6.4.0-rc2-next-20230515-syzkaller #0 [ 81.972211][ T5007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 81.982411][ T5007] Call Trace: [ 81.985730][ T5007] [ 81.988705][ T5007] dump_stack_lvl+0x136/0x150 [ 81.993580][ T5007] should_fail_ex+0x4a3/0x5b0 [ 81.998349][ T5007] _copy_to_user+0x30/0xc0 [ 82.002843][ T5007] cp_new_stat+0x485/0x5c0 [ 82.007348][ T5007] ? cp_old_stat+0x780/0x780 [ 82.012005][ T5007] ? from_vfsuid+0x170/0x170 [ 82.016664][ T5007] ? vfs_getattr_nosec+0x2e3/0x440 [ 82.021836][ T5007] ? fput+0x2f/0x1a0 [ 82.025755][ T5007] ? vfs_fstat+0x8c/0xb0 [ 82.030014][ T5007] __do_sys_newfstat+0xe0/0xf0 [ 82.034798][ T5007] ? __do_sys_fstat+0xf0/0xf0 [ 82.039496][ T5007] ? lockdep_hardirqs_on+0x7d/0x100 [ 82.044710][ T5007] ? _raw_spin_unlock_irq+0x2e/0x50 [ 82.049931][ T5007] ? ptrace_notify+0xfe/0x140 [ 82.054633][ T5007] ? syscall_trace_enter.constprop.0+0xb0/0x1e0 [ 82.060894][ T5007] do_syscall_64+0x39/0xb0 [ 82.065342][ T5007] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 82.071269][ T5007] RIP: 0033:0x7fba5f4407d9 [ 82.076823][ T5007] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [pid 5007] fstat(6, 0x20001300) = -1 EFAULT (Bad address) [pid 5005] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5007] futex(0x7fba5f4ca7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5007] futex(0x7fba5f4ca7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5005] exit_group(0) = ? [pid 5024] <... futex resumed>) = ? [pid 5007] <... futex resumed>) = ? [pid 5007] +++ exited with 0 +++ [pid 5024] +++ exited with 0 +++ [pid 5005] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5005, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=35 /* 0.35 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555694c620 /* 4 entries */, 32768) = 104 [ 82.096459][ T5007] RSP: 002b:00007fba5f3ec2e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000005 [ 82.104895][ T5007] RAX: ffffffffffffffda RBX: 00007fba5f4ca7a0 RCX: 00007fba5f4407d9 [ 82.112876][ T5007] RDX: 00000000000002f0 RSI: 0000000020001300 RDI: 0000000000000006 [ 82.120869][ T5007] RBP: 00007fba5f4971b0 R08: 0000000000000001 R09: 0000000000000036 [ 82.128859][ T5007] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fba5f4ca7a8 [ 82.136844][ T5007] R13: 00007fba5f3ec2f0 R14: 0073656369766564 R15: 0000000000000001 [ 82.144848][ T5007] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556954660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556954660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/bus") = 0 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./0/binderfs") = 0 getdents64(3, 0x55555694c620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555694b5d0) = 5033 ./strace-static-x86_64: Process 5033 attached [pid 5033] set_robust_list(0x55555694b5e0, 24) = 0 [pid 5033] chdir("./1") = 0 [pid 5033] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5033] setpgid(0, 0) = 0 [pid 5033] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5033] write(3, "1000", 4) = 4 [pid 5033] close(3) = 0 [pid 5033] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5033] futex(0x7fba5f4ca7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5033] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fba5f3cc000 [pid 5033] mprotect(0x7fba5f3cd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5033] clone(child_stack=0x7fba5f3ec3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5034], tls=0x7fba5f3ec700, child_tidptr=0x7fba5f3ec9d0) = 5034 [pid 5033] futex(0x7fba5f4ca7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5033] futex(0x7fba5f4ca7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5034 attached [pid 5034] set_robust_list(0x7fba5f3ec9e0, 24) = 0 [pid 5034] memfd_create("syzkaller", 0) = 3 [pid 5034] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fba56fcc000 [pid 5034] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5034] munmap(0x7fba56fcc000, 16777216) = 0 [pid 5034] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5034] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5034] close(3) = 0 [pid 5034] mkdir("./bus", 0777) = 0 [ 82.704249][ T5034] loop0: detected capacity change from 0 to 32768 [ 82.714725][ T5034] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor148 (5034) [ 82.729903][ T5034] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 82.738807][ T5034] BTRFS info (device loop0): doing ref verification [pid 5034] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5034] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5034] chdir("./bus") = 0 [pid 5034] ioctl(4, LOOP_CLR_FD) = 0 [pid 5034] close(4) = 0 [pid 5034] futex(0x7fba5f4ca7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5033] <... futex resumed>) = 0 [pid 5034] futex(0x7fba5f4ca7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5033] futex(0x7fba5f4ca7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5034] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5033] <... futex resumed>) = 0 [pid 5034] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5033] futex(0x7fba5f4ca7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5034] <... openat resumed>) = 4 [pid 5034] futex(0x7fba5f4ca7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5033] <... futex resumed>) = 0 [pid 5033] futex(0x7fba5f4ca7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 82.745448][ T5034] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 82.757035][ T5034] BTRFS info (device loop0): force zlib compression, level 3 [ 82.764572][ T5034] BTRFS info (device loop0): allowing degraded mounts [ 82.772442][ T5034] BTRFS info (device loop0): using free space tree [ 82.793462][ T5034] BTRFS info (device loop0): auto enabling async discard [pid 5033] futex(0x7fba5f4ca7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5034] <... futex resumed>) = 1 [pid 5034] open("./file0", O_RDONLY) = 5 [pid 5034] futex(0x7fba5f4ca7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5033] <... futex resumed>) = 0 [pid 5033] futex(0x7fba5f4ca7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5033] futex(0x7fba5f4ca7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5034] <... futex resumed>) = 1 [pid 5034] ioctl(5, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5034] futex(0x7fba5f4ca7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5033] <... futex resumed>) = 0 [pid 5034] <... futex resumed>) = 1 [pid 5033] futex(0x7fba5f4ca7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5034] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5033] <... futex resumed>) = 0 [pid 5033] futex(0x7fba5f4ca7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5033] futex(0x7fba5f4ca7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5033] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fba57fab000 [pid 5033] mprotect(0x7fba57fac000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5033] clone(child_stack=0x7fba57fcb3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5051], tls=0x7fba57fcb700, child_tidptr=0x7fba57fcb9d0) = 5051 [pid 5033] futex(0x7fba5f4ca7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5051 attached [pid 5033] futex(0x7fba5f4ca7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5051] set_robust_list(0x7fba57fcb9e0, 24) = 0 [pid 5051] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5034] <... write resumed>) = 1261568 [pid 5034] futex(0x7fba5f4ca7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5034] futex(0x7fba5f4ca7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5051] <... mmap resumed>) = 0x20000000 [pid 5051] futex(0x7fba5f4ca7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5033] <... futex resumed>) = 0 [pid 5033] futex(0x7fba5f4ca7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5033] futex(0x7fba5f4ca7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5051] <... futex resumed>) = 1 [pid 5051] futex(0x7fba5f4ca7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5034] <... futex resumed>) = 0 [pid 5034] openat(AT_FDCWD, "/proc/bus/input/devices", O_RDONLY) = 6 [pid 5034] futex(0x7fba5f4ca7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5033] <... futex resumed>) = 0 [pid 5034] futex(0x7fba5f4ca7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5033] futex(0x7fba5f4ca7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5033] futex(0x7fba5f4ca7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5034] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5034] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 7 [pid 5034] write(7, "6", 1) = 1 [ 82.902136][ T41] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 82.949818][ T5034] FAULT_INJECTION: forcing a failure. [ 82.949818][ T5034] name failslab, interval 1, probability 0, space 0, times 1 [ 82.963315][ T5034] CPU: 0 PID: 5034 Comm: syz-executor148 Not tainted 6.4.0-rc2-next-20230515-syzkaller #0 [ 82.975026][ T5034] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 82.986883][ T5034] Call Trace: [ 82.990381][ T5034] [ 82.993353][ T5034] dump_stack_lvl+0x136/0x150 [ 82.998110][ T5034] should_fail_ex+0x4a3/0x5b0 [ 83.003199][ T5034] ? kasan_quarantine_put+0xf9/0x220 [ 83.008552][ T5034] should_failslab+0x9/0x20 [ 83.013144][ T5034] __kmem_cache_alloc_node+0x5b/0x320 [ 83.018562][ T5034] ? ulist_add_merge.part.0+0x85/0x4b0 [ 83.024088][ T5034] kmalloc_trace+0x26/0xe0 [ 83.028562][ T5034] ulist_add_merge.part.0+0x85/0x4b0 [ 83.033914][ T5034] ulist_add+0x106/0x160 [ 83.038233][ T5034] qgroup_reserve+0x4c2/0x9a0 [ 83.042967][ T5034] ? __qgroup_excl_accounting+0xec0/0xec0 [ 83.048714][ T5034] ? btrfs_transaction_in_commit+0x94/0xb0 [ 83.054550][ T5034] ? rcu_is_watching+0x12/0xb0 [ 83.059341][ T5034] btrfs_qgroup_reserve_meta+0x1dc/0x2f0 [ 83.065011][ T5034] __btrfs_qgroup_reserve_meta+0x37/0xc0 [ 83.070774][ T5034] btrfs_delalloc_reserve_metadata+0x1ff/0x740 [ 83.076998][ T5034] btrfs_delalloc_reserve_space+0x5d/0x260 [ 83.082853][ T5034] btrfs_page_mkwrite+0x2dd/0x11a0 [ 83.088019][ T5034] ? __lock_acquire+0x1987/0x5f30 [ 83.093114][ T5034] ? btrfs_dio_write+0xe0/0xe0 [ 83.097900][ T5034] ? lock_downgrade+0x690/0x690 [ 83.102795][ T5034] ? vm_normal_page+0x14a/0x2a0 [ 83.107699][ T5034] do_page_mkwrite+0x1a1/0x690 [ 83.112490][ T5034] do_wp_page+0x356/0x34e0 [ 83.116948][ T5034] ? lock_sync+0x190/0x190 [ 83.121436][ T5034] ? finish_mkwrite_fault+0x3d0/0x3d0 [ 83.126853][ T5034] ? rcu_is_watching+0x12/0xb0 [ 83.131652][ T5034] ? do_raw_spin_lock+0x124/0x2b0 [ 83.136738][ T5034] ? spin_bug+0x1c0/0x1c0 [ 83.141100][ T5034] ? lock_acquire+0x32/0xc0 [ 83.145646][ T5034] ? __handle_mm_fault+0x132b/0x4170 [ 83.150970][ T5034] __handle_mm_fault+0x1635/0x4170 [ 83.156120][ T5034] ? vm_iomap_memory+0x190/0x190 [ 83.161105][ T5034] ? mt_validate_nulls+0xd10/0xd10 [ 83.166297][ T5034] handle_mm_fault+0x2af/0x9f0 [ 83.171116][ T5034] do_user_addr_fault+0x51a/0x1210 [ 83.176289][ T5034] exc_page_fault+0x98/0x170 [ 83.180903][ T5034] asm_exc_page_fault+0x26/0x30 [ 83.185983][ T5034] RIP: 0010:rep_movs_alternative+0x5f/0xb0 [ 83.191877][ T5034] Code: 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08 73 e8 eb c9 66 0f 1f 44 00 00 4c 8b 06 4c 8b 4e 08 4c 8b 56 10 4c 8b 5e 18 <4c> 89 07 4c 89 4f 08 4c 89 57 10 4c 89 5f 18 4c 8b 46 20 4c 8b 4e [ 83.211532][ T5034] RSP: 0018:ffffc90003c3fc78 EFLAGS: 00050206 [ 83.217626][ T5034] RAX: 0000000000000001 RBX: 0000000000000090 RCX: 0000000000000090 [ 83.225621][ T5034] RDX: fffff52000787fae RSI: ffffc90003c3fce0 RDI: 0000000020001300 [ 83.233607][ T5034] RBP: 0000000020001300 R08: 0000000000000017 R09: 00000000f00000a8 [ 83.241681][ T5034] R10: 0000000000000001 R11: 0000000000008124 R12: ffffc90003c3fce0 [ 83.249756][ T5034] R13: 0000000020001390 R14: 0000000000000000 R15: 0000000000000000 [ 83.257766][ T5034] _copy_to_user+0xab/0xc0 [ 83.262218][ T5034] cp_new_stat+0x485/0x5c0 [ 83.266672][ T5034] ? cp_old_stat+0x780/0x780 [ 83.271309][ T5034] ? from_vfsuid+0x170/0x170 [ 83.275950][ T5034] ? vfs_getattr_nosec+0x2e3/0x440 [ 83.281147][ T5034] ? fput+0x2f/0x1a0 [ 83.285067][ T5034] ? vfs_fstat+0x8c/0xb0 [ 83.289344][ T5034] __do_sys_newfstat+0xe0/0xf0 [ 83.294140][ T5034] ? __do_sys_fstat+0xf0/0xf0 [ 83.298847][ T5034] ? lockdep_hardirqs_on+0x7d/0x100 [ 83.304079][ T5034] ? _raw_spin_unlock_irq+0x2e/0x50 [ 83.309328][ T5034] ? ptrace_notify+0xfe/0x140 [ 83.314058][ T5034] ? syscall_trace_enter.constprop.0+0xb0/0x1e0 [ 83.320324][ T5034] do_syscall_64+0x39/0xb0 [ 83.324772][ T5034] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 83.330702][ T5034] RIP: 0033:0x7fba5f4407d9 [ 83.335133][ T5034] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 83.354778][ T5034] RSP: 002b:00007fba5f3ec2e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000005 [ 83.363309][ T5034] RAX: ffffffffffffffda RBX: 00007fba5f4ca7a0 RCX: 00007fba5f4407d9 [ 83.371398][ T5034] RDX: 00000000000002f0 RSI: 0000000020001300 RDI: 0000000000000006 [ 83.379519][ T5034] RBP: 00007fba5f4971b0 R08: 0000000000000001 R09: 0000000000000036 [ 83.387541][ T5034] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fba5f4ca7a8 [pid 5034] fstat(6, [pid 5033] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5034] <... fstat resumed>{st_mode=S_IFREG|0444, st_size=0, ...}) = 0 [pid 5034] futex(0x7fba5f4ca7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5033] exit_group(0 [pid 5034] ???( [pid 5033] <... exit_group resumed>) = ? [pid 5034] <... ??? resumed>) = ? [pid 5034] +++ exited with 0 +++ [pid 5051] <... futex resumed>) = ? [pid 5051] +++ exited with 0 +++ [pid 5033] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5033, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=33 /* 0.33 s */} --- umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555694c620 /* 4 entries */, 32768) = 104 [ 83.396341][ T5034] R13: 00007fba5f3ec2f0 R14: 0073656369766564 R15: 0000000000000001 [ 83.404447][ T5034] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556954660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556954660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/bus") = 0 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./1/binderfs") = 0 getdents64(3, 0x55555694c620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555694b5d0) = 5052 ./strace-static-x86_64: Process 5052 attached [pid 5052] set_robust_list(0x55555694b5e0, 24) = 0 [pid 5052] chdir("./2") = 0 [pid 5052] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5052] setpgid(0, 0) = 0 [pid 5052] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5052] write(3, "1000", 4) = 4 [pid 5052] close(3) = 0 [pid 5052] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5052] futex(0x7fba5f4ca7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5052] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fba5f3cc000 [pid 5052] mprotect(0x7fba5f3cd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5052] clone(child_stack=0x7fba5f3ec3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5053 attached , parent_tid=[5053], tls=0x7fba5f3ec700, child_tidptr=0x7fba5f3ec9d0) = 5053 [pid 5053] set_robust_list(0x7fba5f3ec9e0, 24 [pid 5052] futex(0x7fba5f4ca7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5053] <... set_robust_list resumed>) = 0 [pid 5052] <... futex resumed>) = 0 [pid 5052] futex(0x7fba5f4ca7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5053] memfd_create("syzkaller", 0) = 3 [pid 5053] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fba56fcc000 [pid 5053] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5053] munmap(0x7fba56fcc000, 16777216) = 0 [pid 5053] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5053] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5053] close(3) = 0 [pid 5053] mkdir("./bus", 0777) = 0 [ 83.935787][ T5053] loop0: detected capacity change from 0 to 32768 [ 83.945860][ T5053] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor148 (5053) [ 83.962941][ T5053] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 83.971775][ T5053] BTRFS info (device loop0): doing ref verification [pid 5053] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5053] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5053] chdir("./bus") = 0 [pid 5053] ioctl(4, LOOP_CLR_FD) = 0 [pid 5053] close(4) = 0 [pid 5053] futex(0x7fba5f4ca7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5052] <... futex resumed>) = 0 [pid 5052] futex(0x7fba5f4ca7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5052] futex(0x7fba5f4ca7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5053] <... futex resumed>) = 1 [pid 5053] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5053] futex(0x7fba5f4ca7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5052] <... futex resumed>) = 0 [pid 5052] futex(0x7fba5f4ca7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5052] futex(0x7fba5f4ca7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5053] <... futex resumed>) = 1 [pid 5053] open("./file0", O_RDONLY) = 5 [pid 5053] futex(0x7fba5f4ca7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5052] <... futex resumed>) = 0 [pid 5052] futex(0x7fba5f4ca7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5052] futex(0x7fba5f4ca7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5053] <... futex resumed>) = 1 [ 83.978639][ T5053] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 83.989510][ T5053] BTRFS info (device loop0): force zlib compression, level 3 [ 83.997476][ T5053] BTRFS info (device loop0): allowing degraded mounts [ 84.004275][ T5053] BTRFS info (device loop0): using free space tree [ 84.023545][ T5053] BTRFS info (device loop0): auto enabling async discard [pid 5053] ioctl(5, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5053] futex(0x7fba5f4ca7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5052] <... futex resumed>) = 0 [pid 5052] futex(0x7fba5f4ca7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5052] futex(0x7fba5f4ca7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5053] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5052] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5052] futex(0x7fba5f4ca7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5052] futex(0x7fba5f4ca7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5052] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fba57fab000 [pid 5052] mprotect(0x7fba57fac000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5052] clone(child_stack=0x7fba57fcb3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5070], tls=0x7fba57fcb700, child_tidptr=0x7fba57fcb9d0) = 5070 [pid 5052] futex(0x7fba5f4ca7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5052] futex(0x7fba5f4ca7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5070 attached [pid 5070] set_robust_list(0x7fba57fcb9e0, 24) = 0 [ 84.098735][ T10] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 5070] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5052] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5052] futex(0x7fba5f4ca7cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5052] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5053] <... write resumed>) = 1261568 [pid 5052] <... mmap resumed>) = 0x7fba57f8a000 [pid 5052] mprotect(0x7fba57f8b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5053] futex(0x7fba5f4ca7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5053] futex(0x7fba5f4ca7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5052] clone(child_stack=0x7fba57faa3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5071], tls=0x7fba57faa700, child_tidptr=0x7fba57faa9d0) = 5071 [pid 5052] futex(0x7fba5f4ca7c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5052] futex(0x7fba5f4ca7cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5071 attached [pid 5071] set_robust_list(0x7fba57faa9e0, 24) = 0 [pid 5071] openat(AT_FDCWD, "/proc/bus/input/devices", O_RDONLY) = 6 [pid 5071] futex(0x7fba5f4ca7cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5052] <... futex resumed>) = 0 [pid 5052] futex(0x7fba5f4ca7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5053] <... futex resumed>) = 0 [pid 5052] <... futex resumed>) = 1 [pid 5053] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5052] futex(0x7fba5f4ca7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5053] <... openat resumed>) = 7 [pid 5053] write(7, "6", 1) = 1 [pid 5053] fstat(6, [pid 5071] <... futex resumed>) = 1 [ 84.271315][ T5053] FAULT_INJECTION: forcing a failure. [ 84.271315][ T5053] name failslab, interval 1, probability 0, space 0, times 0 [ 84.285785][ T5053] CPU: 0 PID: 5053 Comm: syz-executor148 Not tainted 6.4.0-rc2-next-20230515-syzkaller #0 [ 84.295745][ T5053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 84.305853][ T5053] Call Trace: [ 84.309176][ T5053] [ 84.312158][ T5053] dump_stack_lvl+0x136/0x150 [ 84.316916][ T5053] should_fail_ex+0x4a3/0x5b0 [ 84.321666][ T5053] should_failslab+0x9/0x20 [ 84.326224][ T5053] kmem_cache_alloc+0x63/0x3b0 [ 84.331091][ T5053] alloc_extent_state+0x23/0x2e0 [ 84.336270][ T5053] __set_extent_bit+0x5ab/0x15f0 [ 84.341298][ T5053] set_record_extent_bits+0x5c/0x90 [ 84.346577][ T5053] qgroup_reserve_data+0x233/0xa80 [ 84.351782][ T5053] btrfs_qgroup_reserve_data+0x2f/0xd0 [ 84.357322][ T5053] btrfs_check_data_free_space+0x111/0x280 [ 84.363547][ T5053] btrfs_delalloc_reserve_space+0x37/0x260 [pid 5071] futex(0x7fba5f4ca7c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5070] <... mmap resumed>) = 0x20000000 [pid 5070] futex(0x7fba5f4ca7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 84.369659][ T5053] btrfs_page_mkwrite+0x2dd/0x11a0 [ 84.374806][ T5053] ? __lock_acquire+0x1987/0x5f30 [ 84.379864][ T5053] ? btrfs_dio_write+0xe0/0xe0 [ 84.384642][ T5053] ? lock_downgrade+0x690/0x690 [ 84.389540][ T5053] ? vm_normal_page+0x14a/0x2a0 [ 84.394446][ T5053] do_page_mkwrite+0x1a1/0x690 [ 84.399254][ T5053] do_wp_page+0x356/0x34e0 [ 84.403697][ T5053] ? lock_sync+0x190/0x190 [ 84.408139][ T5053] ? finish_mkwrite_fault+0x3d0/0x3d0 [ 84.413529][ T5053] ? rcu_is_watching+0x12/0xb0 [ 84.418345][ T5053] ? do_raw_spin_lock+0x124/0x2b0 [ 84.423398][ T5053] ? spin_bug+0x1c0/0x1c0 [ 84.427755][ T5053] ? lock_acquire+0x32/0xc0 [ 84.432298][ T5053] ? __handle_mm_fault+0x132b/0x4170 [ 84.437612][ T5053] __handle_mm_fault+0x1635/0x4170 [ 84.442758][ T5053] ? vm_iomap_memory+0x190/0x190 [ 84.447713][ T5053] ? mt_validate_nulls+0xd10/0xd10 [ 84.452867][ T5053] handle_mm_fault+0x2af/0x9f0 [ 84.457659][ T5053] do_user_addr_fault+0x51a/0x1210 [ 84.462798][ T5053] exc_page_fault+0x98/0x170 [ 84.467412][ T5053] asm_exc_page_fault+0x26/0x30 [ 84.472396][ T5053] RIP: 0010:rep_movs_alternative+0x5f/0xb0 [ 84.478250][ T5053] Code: 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08 73 e8 eb c9 66 0f 1f 44 00 00 4c 8b 06 4c 8b 4e 08 4c 8b 56 10 4c 8b 5e 18 <4c> 89 07 4c 89 4f 08 4c 89 57 10 4c 89 5f 18 4c 8b 46 20 4c 8b 4e [ 84.497883][ T5053] RSP: 0018:ffffc90003dcfc78 EFLAGS: 00050206 [ 84.503968][ T5053] RAX: 0000000000000001 RBX: 0000000000000090 RCX: 0000000000000090 [ 84.512038][ T5053] RDX: fffff520007b9fae RSI: ffffc90003dcfce0 RDI: 0000000020001300 [ 84.520021][ T5053] RBP: 0000000020001300 R08: 0000000000000017 R09: 00000000f00000a8 [ 84.528002][ T5053] R10: 0000000000000001 R11: 0000000000008124 R12: ffffc90003dcfce0 [ 84.535982][ T5053] R13: 0000000020001390 R14: 0000000000000000 R15: 0000000000000000 [ 84.543984][ T5053] _copy_to_user+0xab/0xc0 [ 84.548437][ T5053] cp_new_stat+0x485/0x5c0 [ 84.552884][ T5053] ? cp_old_stat+0x780/0x780 [ 84.557499][ T5053] ? from_vfsuid+0x170/0x170 [ 84.562114][ T5053] ? vfs_getattr_nosec+0x2e3/0x440 [ 84.567253][ T5053] ? fput+0x2f/0x1a0 [ 84.571170][ T5053] ? vfs_fstat+0x8c/0xb0 [ 84.575427][ T5053] __do_sys_newfstat+0xe0/0xf0 [ 84.580205][ T5053] ? __do_sys_fstat+0xf0/0xf0 [ 84.584916][ T5053] ? lockdep_hardirqs_on+0x7d/0x100 [ 84.590141][ T5053] ? _raw_spin_unlock_irq+0x2e/0x50 [ 84.595372][ T5053] ? ptrace_notify+0xfe/0x140 [ 84.600087][ T5053] ? syscall_trace_enter.constprop.0+0xb0/0x1e0 [ 84.606389][ T5053] do_syscall_64+0x39/0xb0 [ 84.610848][ T5053] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 84.616774][ T5053] RIP: 0033:0x7fba5f4407d9 [ 84.621318][ T5053] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 84.640959][ T5053] RSP: 002b:00007fba5f3ec2e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000005 [ 84.649388][ T5053] RAX: ffffffffffffffda RBX: 00007fba5f4ca7a0 RCX: 00007fba5f4407d9 [ 84.657370][ T5053] RDX: 00000000000002f0 RSI: 0000000020001300 RDI: 0000000000000006 [pid 5070] futex(0x7fba5f4ca7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5053] <... fstat resumed>{st_mode=S_IFREG|0444, st_size=0, ...}) = 0 [pid 5052] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5053] futex(0x7fba5f4ca7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5052] exit_group(0 [pid 5053] <... futex resumed>) = 0 [pid 5052] <... exit_group resumed>) = ? [pid 5071] <... futex resumed>) = ? [pid 5071] +++ exited with 0 +++ [pid 5070] <... futex resumed>) = ? [pid 5070] +++ exited with 0 +++ [pid 5053] +++ exited with 0 +++ [pid 5052] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5052, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=30 /* 0.30 s */} --- umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555694c620 /* 4 entries */, 32768) = 104 [ 84.665983][ T5053] RBP: 00007fba5f4971b0 R08: 0000000000000001 R09: 0000000000000036 [ 84.674068][ T5053] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fba5f4ca7a8 [ 84.682066][ T5053] R13: 00007fba5f3ec2f0 R14: 0073656369766564 R15: 0000000000000001 [ 84.690078][ T5053] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556954660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556954660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/bus") = 0 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./2/binderfs") = 0 getdents64(3, 0x55555694c620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5075 attached , child_tidptr=0x55555694b5d0) = 5075 [pid 5075] set_robust_list(0x55555694b5e0, 24) = 0 [pid 5075] chdir("./3") = 0 [pid 5075] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5075] setpgid(0, 0) = 0 [pid 5075] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5075] write(3, "1000", 4) = 4 [pid 5075] close(3) = 0 [pid 5075] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5075] futex(0x7fba5f4ca7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5075] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fba5f3cc000 [pid 5075] mprotect(0x7fba5f3cd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5075] clone(child_stack=0x7fba5f3ec3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5076], tls=0x7fba5f3ec700, child_tidptr=0x7fba5f3ec9d0) = 5076 [pid 5075] futex(0x7fba5f4ca7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5075] futex(0x7fba5f4ca7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5076 attached [pid 5076] set_robust_list(0x7fba5f3ec9e0, 24) = 0 [pid 5076] memfd_create("syzkaller", 0) = 3 [pid 5076] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fba56fcc000 [pid 5076] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5076] munmap(0x7fba56fcc000, 16777216) = 0 [pid 5076] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5076] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5076] close(3) = 0 [pid 5076] mkdir("./bus", 0777) = 0 [ 85.168493][ T5076] loop0: detected capacity change from 0 to 32768 [ 85.180391][ T5076] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor148 (5076) [ 85.197729][ T5076] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 85.206536][ T5076] BTRFS info (device loop0): doing ref verification [pid 5076] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5076] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5076] chdir("./bus") = 0 [pid 5076] ioctl(4, LOOP_CLR_FD) = 0 [pid 5076] close(4) = 0 [pid 5076] futex(0x7fba5f4ca7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5075] <... futex resumed>) = 0 [pid 5075] futex(0x7fba5f4ca7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5075] futex(0x7fba5f4ca7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5076] openat(AT_FDCWD, "blkio.bfq.io_service_time_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5076] futex(0x7fba5f4ca7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5075] <... futex resumed>) = 0 [pid 5075] futex(0x7fba5f4ca7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5075] futex(0x7fba5f4ca7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5076] open("./file0", O_RDONLY) = 5 [pid 5076] futex(0x7fba5f4ca7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5075] <... futex resumed>) = 0 [pid 5075] futex(0x7fba5f4ca7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5075] futex(0x7fba5f4ca7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 85.213441][ T5076] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 85.224351][ T5076] BTRFS info (device loop0): force zlib compression, level 3 [ 85.232023][ T5076] BTRFS info (device loop0): allowing degraded mounts [ 85.238897][ T5076] BTRFS info (device loop0): using free space tree [ 85.258727][ T5076] BTRFS info (device loop0): auto enabling async discard [pid 5076] ioctl(5, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5076] futex(0x7fba5f4ca7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5075] <... futex resumed>) = 0 [pid 5075] futex(0x7fba5f4ca7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5075] futex(0x7fba5f4ca7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5076] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5075] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5075] futex(0x7fba5f4ca7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5075] futex(0x7fba5f4ca7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5075] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fba57fab000 [pid 5075] mprotect(0x7fba57fac000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5075] clone(child_stack=0x7fba57fcb3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5093], tls=0x7fba57fcb700, child_tidptr=0x7fba57fcb9d0) = 5093 [pid 5075] futex(0x7fba5f4ca7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 85.325840][ T10] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 5075] futex(0x7fba5f4ca7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5093 attached [pid 5093] set_robust_list(0x7fba57fcb9e0, 24) = 0 [pid 5093] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5075] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5075] futex(0x7fba5f4ca7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5075] futex(0x7fba5f4ca7cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5075] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5076] <... write resumed>) = 1261568 [pid 5075] <... mmap resumed>) = 0x7fba57f8a000 [pid 5076] futex(0x7fba5f4ca7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5076] futex(0x7fba5f4ca7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5075] mprotect(0x7fba57f8b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5075] clone(child_stack=0x7fba57faa3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5094], tls=0x7fba57faa700, child_tidptr=0x7fba57faa9d0) = 5094 [pid 5075] futex(0x7fba5f4ca7c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5075] futex(0x7fba5f4ca7cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5094 attached [pid 5094] set_robust_list(0x7fba57faa9e0, 24) = 0 [pid 5094] openat(AT_FDCWD, "/proc/bus/input/devices", O_RDONLY) = 6 [pid 5094] futex(0x7fba5f4ca7cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] <... futex resumed>) = 0 [pid 5075] futex(0x7fba5f4ca7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5076] <... futex resumed>) = 0 [pid 5075] <... futex resumed>) = 1 [pid 5076] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5075] futex(0x7fba5f4ca7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5076] <... openat resumed>) = 7 [ 85.521059][ T5076] FAULT_INJECTION: forcing a failure. [ 85.521059][ T5076] name failslab, interval 1, probability 0, space 0, times 0 [ 85.534081][ T5076] CPU: 1 PID: 5076 Comm: syz-executor148 Not tainted 6.4.0-rc2-next-20230515-syzkaller #0 [ 85.544000][ T5076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 85.554282][ T5076] Call Trace: [ 85.557937][ T5076] [ 85.561147][ T5076] dump_stack_lvl+0x136/0x150 [ 85.566484][ T5076] should_fail_ex+0x4a3/0x5b0 [ 85.571310][ T5076] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 85.577874][ T5076] should_failslab+0x9/0x20 [ 85.582785][ T5076] __kmem_cache_alloc_node+0x5b/0x320 [ 85.588803][ T5076] ? ulist_add_merge.part.0+0x85/0x4b0 [ 85.594834][ T5076] kmalloc_trace+0x26/0xe0 [ 85.599462][ T5076] ulist_add_merge.part.0+0x85/0x4b0 [ 85.604880][ T5076] ulist_add+0x106/0x160 [ 85.609162][ T5076] set_state_bits.isra.0+0x11f/0x1c0 [ 85.614501][ T5076] insert_state+0x7c/0x380 [ 85.618969][ T5076] __set_extent_bit+0x116c/0x15f0 [ 85.624038][ T5076] set_record_extent_bits+0x5c/0x90 [ 85.629276][ T5076] qgroup_reserve_data+0x233/0xa80 [ 85.634512][ T5076] btrfs_qgroup_reserve_data+0x2f/0xd0 [ 85.640200][ T5076] btrfs_check_data_free_space+0x111/0x280 [ 85.646308][ T5076] btrfs_delalloc_reserve_space+0x37/0x260 [ 85.653903][ T5076] btrfs_page_mkwrite+0x2dd/0x11a0 [ 85.659830][ T5076] ? __lock_acquire+0x1987/0x5f30 [ 85.665003][ T5076] ? btrfs_dio_write+0xe0/0xe0 [ 85.670356][ T5076] ? lock_downgrade+0x690/0x690 [ 85.675581][ T5076] ? vm_normal_page+0x14a/0x2a0 [ 85.683413][ T5076] do_page_mkwrite+0x1a1/0x690 [ 85.689419][ T5076] do_wp_page+0x356/0x34e0 [ 85.694124][ T5076] ? lock_sync+0x190/0x190 [ 85.703615][ T5076] ? finish_mkwrite_fault+0x3d0/0x3d0 [ 85.709011][ T5076] ? rcu_is_watching+0x12/0xb0 [ 85.713814][ T5076] ? do_raw_spin_lock+0x124/0x2b0 [ 85.718872][ T5076] ? spin_bug+0x1c0/0x1c0 [ 85.723236][ T5076] ? lock_acquire+0x32/0xc0 [ 85.727774][ T5076] ? __handle_mm_fault+0x132b/0x4170 [ 85.733093][ T5076] __handle_mm_fault+0x1635/0x4170 [ 85.738248][ T5076] ? vm_iomap_memory+0x190/0x190 [ 85.744357][ T5076] ? mt_validate_nulls+0xd10/0xd10 [ 85.750484][ T5076] handle_mm_fault+0x2af/0x9f0 [ 85.755577][ T5076] do_user_addr_fault+0x51a/0x1210 [ 85.761109][ T5076] exc_page_fault+0x98/0x170 [ 85.766262][ T5076] asm_exc_page_fault+0x26/0x30 [ 85.772528][ T5076] RIP: 0010:rep_movs_alternative+0x5f/0xb0 [ 85.778684][ T5076] Code: 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08 73 e8 eb c9 66 0f 1f 44 00 00 4c 8b 06 4c 8b 4e 08 4c 8b 56 10 4c 8b 5e 18 <4c> 89 07 4c 89 4f 08 4c 89 57 10 4c 89 5f 18 4c 8b 46 20 4c 8b 4e [ 85.801364][ T5076] RSP: 0018:ffffc90003c1fc78 EFLAGS: 00050206 [ 85.807450][ T5076] RAX: 0000000000000001 RBX: 0000000000000090 RCX: 0000000000000090 [ 85.815555][ T5076] RDX: fffff52000783fae RSI: ffffc90003c1fce0 RDI: 0000000020001300 [ 85.823626][ T5076] RBP: 0000000020001300 R08: 0000000000000017 R09: 00000000f00000a8 [ 85.831783][ T5076] R10: 0000000000000001 R11: 0000000000008124 R12: ffffc90003c1fce0 [ 85.840105][ T5076] R13: 0000000020001390 R14: 0000000000000000 R15: 0000000000000000 [ 85.849956][ T5076] _copy_to_user+0xab/0xc0 [ 85.854413][ T5076] cp_new_stat+0x485/0x5c0 [ 85.859567][ T5076] ? cp_old_stat+0x780/0x780 [ 85.864337][ T5076] ? from_vfsuid+0x170/0x170 [ 85.869229][ T5076] ? vfs_getattr_nosec+0x2e3/0x440 [ 85.874465][ T5076] ? fput+0x2f/0x1a0 [ 85.878387][ T5076] ? vfs_fstat+0x8c/0xb0 [ 85.882652][ T5076] __do_sys_newfstat+0xe0/0xf0 [ 85.887704][ T5076] ? __do_sys_fstat+0xf0/0xf0 [ 85.893839][ T5076] ? lockdep_hardirqs_on+0x7d/0x100 [ 85.899236][ T5076] ? _raw_spin_unlock_irq+0x2e/0x50 [ 85.904721][ T5076] ? ptrace_notify+0xfe/0x140 [ 85.909435][ T5076] ? syscall_trace_enter.constprop.0+0xb0/0x1e0 [ 85.915719][ T5076] do_syscall_64+0x39/0xb0 [ 85.920173][ T5076] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 85.926101][ T5076] RIP: 0033:0x7fba5f4407d9 [ 85.930557][ T5076] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 85.950772][ T5076] RSP: 002b:00007fba5f3ec2e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000005 [ 85.960163][ T5076] RAX: ffffffffffffffda RBX: 00007fba5f4ca7a0 RCX: 00007fba5f4407d9 [ 85.968775][ T5076] RDX: 00000000000002f0 RSI: 0000000020001300 RDI: 0000000000000006 [ 85.977791][ T5076] RBP: 00007fba5f4971b0 R08: 0000000000000001 R09: 0000000000000036 [ 85.987093][ T5076] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fba5f4ca7a8 [ 85.995867][ T5076] R13: 00007fba5f3ec2f0 R14: 0073656369766564 R15: 0000000000000001 [ 86.003988][ T5076] [ 86.007962][ T5076] ------------[ cut here ]------------ [ 86.014571][ T5076] kernel BUG at fs/btrfs/extent-io-tree.c:379! [ 86.020822][ T5076] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 86.026895][ T5076] CPU: 1 PID: 5076 Comm: syz-executor148 Not tainted 6.4.0-rc2-next-20230515-syzkaller #0 [ 86.037188][ T5076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 86.047475][ T5076] RIP: 0010:set_state_bits.isra.0+0x17b/0x1c0 [ 86.053767][ T5076] Code: 38 d0 7c 04 84 d2 75 31 44 8b 73 7c e8 2e de f7 fd 44 89 e0 44 09 f0 89 43 7c 5b 5d 41 5c 41 5d 41 5e 41 5f c3 e8 15 de f7 fd <0f> 0b 4c 89 ef e8 2b de 4a fe e9 e6 fe ff ff 4c 89 ef e8 1e de 4a [ 86.076912][ T5076] RSP: 0018:ffffc90003c1f440 EFLAGS: 00010293 [ 86.083699][ T5076] RAX: 0000000000000000 RBX: ffff888023096240 RCX: 0000000000000000 [ 86.093168][ T5076] RDX: ffff888026e70000 RSI: ffffffff838c459b RDI: 0000000000000005 [ 86.101432][ T5076] RBP: 00000000fffffff4 R08: 0000000000000005 R09: 0000000000000000 [ 86.109774][ T5076] R10: 00000000fffffff4 R11: 0000000000000001 R12: 0000000000000800 [ 86.118016][ T5076] R13: ffff8880230962bc R14: 0000000000001fff R15: 0000000000000000 [ 86.125998][ T5076] FS: 00007fba5f3ec700(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 86.135290][ T5076] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 86.143708][ T5076] CR2: 0000000020001300 CR3: 0000000017e48000 CR4: 00000000003506e0 [ 86.152052][ T5076] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 86.160561][ T5076] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 86.168820][ T5076] Call Trace: [ 86.172245][ T5076] [ 86.176059][ T5076] insert_state+0x7c/0x380 [ 86.181110][ T5076] __set_extent_bit+0x116c/0x15f0 [ 86.186158][ T5076] set_record_extent_bits+0x5c/0x90 [ 86.191377][ T5076] qgroup_reserve_data+0x233/0xa80 [ 86.196530][ T5076] btrfs_qgroup_reserve_data+0x2f/0xd0 [ 86.202025][ T5076] btrfs_check_data_free_space+0x111/0x280 [ 86.207870][ T5076] btrfs_delalloc_reserve_space+0x37/0x260 [ 86.214584][ T5076] btrfs_page_mkwrite+0x2dd/0x11a0 [ 86.219710][ T5076] ? __lock_acquire+0x1987/0x5f30 [ 86.224774][ T5076] ? btrfs_dio_write+0xe0/0xe0 [ 86.229558][ T5076] ? lock_downgrade+0x690/0x690 [ 86.234442][ T5076] ? vm_normal_page+0x14a/0x2a0 [ 86.239320][ T5076] do_page_mkwrite+0x1a1/0x690 [ 86.244209][ T5076] do_wp_page+0x356/0x34e0 [ 86.248784][ T5076] ? lock_sync+0x190/0x190 [ 86.253321][ T5076] ? finish_mkwrite_fault+0x3d0/0x3d0 [ 86.258975][ T5076] ? rcu_is_watching+0x12/0xb0 [ 86.263769][ T5076] ? do_raw_spin_lock+0x124/0x2b0 [ 86.268820][ T5076] ? spin_bug+0x1c0/0x1c0 [ 86.273178][ T5076] ? lock_acquire+0x32/0xc0 [ 86.277702][ T5076] ? __handle_mm_fault+0x132b/0x4170 [ 86.283025][ T5076] __handle_mm_fault+0x1635/0x4170 [ 86.288187][ T5076] ? vm_iomap_memory+0x190/0x190 [ 86.293163][ T5076] ? mt_validate_nulls+0xd10/0xd10 [ 86.298761][ T5076] handle_mm_fault+0x2af/0x9f0 [ 86.303557][ T5076] do_user_addr_fault+0x51a/0x1210 [ 86.309043][ T5076] exc_page_fault+0x98/0x170 [ 86.313653][ T5076] asm_exc_page_fault+0x26/0x30 [ 86.318525][ T5076] RIP: 0010:rep_movs_alternative+0x5f/0xb0 [ 86.324363][ T5076] Code: 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08 73 e8 eb c9 66 0f 1f 44 00 00 4c 8b 06 4c 8b 4e 08 4c 8b 56 10 4c 8b 5e 18 <4c> 89 07 4c 89 4f 08 4c 89 57 10 4c 89 5f 18 4c 8b 46 20 4c 8b 4e [ 86.343992][ T5076] RSP: 0018:ffffc90003c1fc78 EFLAGS: 00050206 [ 86.350069][ T5076] RAX: 0000000000000001 RBX: 0000000000000090 RCX: 0000000000000090 [ 86.358131][ T5076] RDX: fffff52000783fae RSI: ffffc90003c1fce0 RDI: 0000000020001300 [ 86.366204][ T5076] RBP: 0000000020001300 R08: 0000000000000017 R09: 00000000f00000a8 [ 86.374180][ T5076] R10: 0000000000000001 R11: 0000000000008124 R12: ffffc90003c1fce0 [ 86.382157][ T5076] R13: 0000000020001390 R14: 0000000000000000 R15: 0000000000000000 [ 86.390142][ T5076] _copy_to_user+0xab/0xc0 [ 86.394586][ T5076] cp_new_stat+0x485/0x5c0 [ 86.399026][ T5076] ? cp_old_stat+0x780/0x780 [ 86.403642][ T5076] ? from_vfsuid+0x170/0x170 [ 86.408251][ T5076] ? vfs_getattr_nosec+0x2e3/0x440 [ 86.413421][ T5076] ? fput+0x2f/0x1a0 [ 86.417333][ T5076] ? vfs_fstat+0x8c/0xb0 [ 86.421586][ T5076] __do_sys_newfstat+0xe0/0xf0 [ 86.426355][ T5076] ? __do_sys_fstat+0xf0/0xf0 [ 86.431045][ T5076] ? lockdep_hardirqs_on+0x7d/0x100 [ 86.436272][ T5076] ? _raw_spin_unlock_irq+0x2e/0x50 [ 86.441491][ T5076] ? ptrace_notify+0xfe/0x140 [ 86.446191][ T5076] ? syscall_trace_enter.constprop.0+0xb0/0x1e0 [ 86.452445][ T5076] do_syscall_64+0x39/0xb0 [ 86.456891][ T5076] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 86.462824][ T5076] RIP: 0033:0x7fba5f4407d9 [ 86.467251][ T5076] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 86.488356][ T5076] RSP: 002b:00007fba5f3ec2e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000005 [ 86.496780][ T5076] RAX: ffffffffffffffda RBX: 00007fba5f4ca7a0 RCX: 00007fba5f4407d9 [ 86.504756][ T5076] RDX: 00000000000002f0 RSI: 0000000020001300 RDI: 0000000000000006 [ 86.513078][ T5076] RBP: 00007fba5f4971b0 R08: 0000000000000001 R09: 0000000000000036 [ 86.521052][ T5076] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fba5f4ca7a8 [ 86.529031][ T5076] R13: 00007fba5f3ec2f0 R14: 0073656369766564 R15: 0000000000000001 [ 86.537023][ T5076] [ 86.540046][ T5076] Modules linked in: [ 86.544078][ T5076] ---[ end trace 0000000000000000 ]--- [ 86.549893][ T5076] RIP: 0010:set_state_bits.isra.0+0x17b/0x1c0 [ 86.555998][ T5076] Code: 38 d0 7c 04 84 d2 75 31 44 8b 73 7c e8 2e de f7 fd 44 89 e0 44 09 f0 89 43 7c 5b 5d 41 5c 41 5d 41 5e 41 5f c3 e8 15 de f7 fd <0f> 0b 4c 89 ef e8 2b de 4a fe e9 e6 fe ff ff 4c 89 ef e8 1e de 4a [ 86.576167][ T5076] RSP: 0018:ffffc90003c1f440 EFLAGS: 00010293 [ 86.582264][ T5076] RAX: 0000000000000000 RBX: ffff888023096240 RCX: 0000000000000000 [ 86.590256][ T5076] RDX: ffff888026e70000 RSI: ffffffff838c459b RDI: 0000000000000005 [ 86.598281][ T5076] RBP: 00000000fffffff4 R08: 0000000000000005 R09: 0000000000000000 [ 86.606271][ T5076] R10: 00000000fffffff4 R11: 0000000000000001 R12: 0000000000000800 [ 86.614300][ T5076] R13: ffff8880230962bc R14: 0000000000001fff R15: 0000000000000000 [ 86.622298][ T5076] FS: 00007fba5f3ec700(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 86.631254][ T5076] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 86.637866][ T5076] CR2: 0000000020001300 CR3: 0000000017e48000 CR4: 00000000003506e0 [ 86.645942][ T5076] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 86.653952][ T5076] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 86.662060][ T5076] Kernel panic - not syncing: Fatal exception [ 86.668500][ T5076] Kernel Offset: disabled [ 86.672849][ T5076] Rebooting in 86400 seconds..