./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1968374315
<...>
Warning: Permanently added '10.128.1.76' (ED25519) to the list of known hosts.
execve("./syz-executor1968374315", ["./syz-executor1968374315"], 0x7ffd20609b80 /* 10 vars */) = 0
brk(NULL) = 0x55555691a000
brk(0x55555691ad00) = 0x55555691ad00
arch_prctl(ARCH_SET_FS, 0x55555691a380) = 0
set_tid_address(0x55555691a650) = 5025
set_robust_list(0x55555691a660, 24) = 0
rseq(0x55555691aca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor1968374315", 4096) = 28
getrandom("\x9f\xf7\x56\x4d\x05\xfa\xcc\x44", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x55555691ad00
brk(0x55555693bd00) = 0x55555693bd00
brk(0x55555693c000) = 0x55555693c000
mprotect(0x7f422cdd4000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
[ 78.177821][ T27] audit: type=1400 audit(1694274274.960:83): avc: denied { write } for pid=5022 comm="strace-static-x" path="pipe:[3709]" dev="pipefs" ino=3709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
mkdir("./syzkaller.S1Xn21", 0700) = 0
chmod("./syzkaller.S1Xn21", 0777) = 0
chdir("./syzkaller.S1Xn21") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5026 attached
, child_tidptr=0x55555691a650) = 5026
[pid 5026] set_robust_list(0x55555691a660, 24) = 0
[pid 5026] chdir("./0") = 0
[pid 5026] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5026] setpgid(0, 0) = 0
[pid 5026] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5026] write(3, "1000", 4) = 4
[pid 5026] close(3) = 0
[pid 5026] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5026] memfd_create("syzkaller", 0) = 3
[pid 5026] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f422491c000
[ 78.217659][ T27] audit: type=1400 audit(1694274275.000:84): avc: denied { execmem } for pid=5025 comm="syz-executor196" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 78.236765][ T5026] syz-executor196[5026]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
[ 78.254764][ T27] audit: type=1400 audit(1694274275.000:85): avc: denied { read write } for pid=5025 comm="syz-executor196" name="loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 78.289355][ T27] audit: type=1400 audit(1694274275.000:86): avc: denied { open } for pid=5025 comm="syz-executor196" path="/dev/loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 78.315171][ T27] audit: type=1400 audit(1694274275.000:87): avc: denied { ioctl } for pid=5025 comm="syz-executor196" path="/dev/loop0" dev="devtmpfs" ino=648 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 78.342254][ T27] audit: type=1400 audit(1694274275.070:88): avc: denied { append } for pid=4463 comm="syslogd" name="messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 78.365229][ T27] audit: type=1400 audit(1694274275.070:89): avc: denied { open } for pid=4463 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 78.388668][ T27] audit: type=1400 audit(1694274275.070:90): avc: denied { getattr } for pid=4463 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[pid 5026] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5026] munmap(0x7f422491c000, 16777216) = 0
[pid 5026] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5026] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5026] close(3) = 0
[pid 5026] mkdir("./file0", 0777) = 0
[ 78.485175][ T5026] loop0: detected capacity change from 0 to 32768
[ 78.494409][ T27] audit: type=1400 audit(1694274275.270:91): avc: denied { mounton } for pid=5026 comm="syz-executor196" path="/root/syzkaller.S1Xn21/0/file0" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[ 78.496295][ T5026] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz-executor196 (5026)
[ 78.536434][ T5026] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 78.545145][ T5026] BTRFS info (device loop0): using free space tree
[ 78.566494][ T5026] BTRFS info (device loop0): enabling ssd optimizations
[ 78.573456][ T5026] BTRFS info (device loop0): auto enabling async discard
[pid 5026] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0
[pid 5026] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5026] chdir("./file0") = 0
[pid 5026] ioctl(4, LOOP_CLR_FD) = 0
[pid 5026] close(4) = 0
[pid 5026] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 5026] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5026] write(5, "7", 1) = 1
[ 78.582712][ T27] audit: type=1400 audit(1694274275.370:92): avc: denied { mount } for pid=5026 comm="syz-executor196" name="/" dev="loop0" ino=256 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[ 78.601181][ T5026] FAULT_INJECTION: forcing a failure.
[ 78.601181][ T5026] name failslab, interval 1, probability 0, space 0, times 1
[ 78.617776][ T5026] CPU: 0 PID: 5026 Comm: syz-executor196 Not tainted 6.5.0-syzkaller-12821-g6099776f9f26 #0
[ 78.627870][ T5026] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 78.638118][ T5026] Call Trace:
[ 78.641412][ T5026]
[ 78.644356][ T5026] dump_stack_lvl+0x125/0x1b0
[ 78.649084][ T5026] should_fail_ex+0x496/0x5b0
[ 78.653789][ T5026] should_failslab+0x9/0x20
[ 78.658322][ T5026] __kmem_cache_alloc_node+0x5f/0x470
[ 78.663717][ T5026] ? common_lsm_audit+0x2210/0x2210
[ 78.668952][ T5026] ? tomoyo_supervisor+0xcdb/0xea0
[ 78.674080][ T5026] __kmalloc+0x4f/0x100
[ 78.678266][ T5026] tomoyo_supervisor+0xcdb/0xea0
[ 78.683230][ T5026] ? tomoyo_profile+0x60/0x60
[ 78.688019][ T5026] ? tomoyo_check_path_number_acl+0xa6/0x2f0
[ 78.694032][ T5026] tomoyo_path_number_perm+0x448/0x590
[ 78.699518][ T5026] ? tomoyo_execute_permission+0x4a0/0x4a0
[ 78.705353][ T5026] ? do_raw_spin_lock+0x12e/0x2b0
[ 78.710421][ T5026] ? rcu_is_watching+0x12/0xb0
[ 78.715208][ T5026] ? lock_release+0x4bf/0x680
[ 78.719920][ T5026] security_file_ioctl+0x72/0xb0
[ 78.724892][ T5026] __x64_sys_ioctl+0xbb/0x210
[ 78.729596][ T5026] do_syscall_64+0x38/0xb0
[ 78.734057][ T5026] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 78.739973][ T5026] RIP: 0033:0x7f422cd5b1e9
[ 78.744404][ T5026] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 78.764218][ T5026] RSP: 002b:00007ffcc91133f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 78.772653][ T5026] RAX: ffffffffffffffda RBX: 00007ffcc9113420 RCX: 00007f422cd5b1e9
[pid 5026] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 5026] exit_group(0) = ?
[ 78.780651][ T5026] RDX: 0000000020000000 RSI: 00000000c0109428 RDI: 0000000000000004
[ 78.788739][ T5026] RBP: 0000000000000001 R08: 00007ffcc9113197 R09: 00007ffcc9113440
[ 78.796728][ T5026] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001
[ 78.804805][ T5026] R13: 0000000000000000 R14: 431bde82d7b634db R15: 00007ffcc9113460
[ 78.812801][ T5026]
[pid 5026] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5026, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=23 /* 0.23 s */} ---
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55555691b6f0 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/binderfs") = 0
[ 78.844183][ T39] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556923730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556923730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./0/file0") = 0
getdents64(3, 0x55555691b6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./0") = 0
mkdir("./1", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555691a650) = 5045
./strace-static-x86_64: Process 5045 attached
[pid 5045] set_robust_list(0x55555691a660, 24) = 0
[pid 5045] chdir("./1") = 0
[pid 5045] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5045] setpgid(0, 0) = 0
[pid 5045] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5045] write(3, "1000", 4) = 4
[pid 5045] close(3) = 0
[pid 5045] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5045] memfd_create("syzkaller", 0) = 3
[pid 5045] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f422491c000
[pid 5045] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5045] munmap(0x7f422491c000, 16777216) = 0
[pid 5045] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5045] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5045] close(3) = 0
[pid 5045] mkdir("./file0", 0777) = 0
[ 79.148285][ T5045] loop0: detected capacity change from 0 to 32768
[ 79.158272][ T5045] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz-executor196 (5045)
[ 79.176049][ T5045] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 79.184770][ T5045] BTRFS info (device loop0): using free space tree
[pid 5045] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0
[pid 5045] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5045] chdir("./file0") = 0
[pid 5045] ioctl(4, LOOP_CLR_FD) = 0
[pid 5045] close(4) = 0
[pid 5045] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 5045] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5045] write(5, "7", 1) = 1
[ 79.205723][ T5045] BTRFS info (device loop0): enabling ssd optimizations
[ 79.212690][ T5045] BTRFS info (device loop0): auto enabling async discard
[ 79.239247][ T5045] FAULT_INJECTION: forcing a failure.
[ 79.239247][ T5045] name failslab, interval 1, probability 0, space 0, times 0
[ 79.253834][ T5045] CPU: 1 PID: 5045 Comm: syz-executor196 Not tainted 6.5.0-syzkaller-12821-g6099776f9f26 #0
[ 79.263960][ T5045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 79.274036][ T5045] Call Trace:
[ 79.277354][ T5045]
[ 79.280298][ T5045] dump_stack_lvl+0x125/0x1b0
[ 79.285022][ T5045] should_fail_ex+0x496/0x5b0
[ 79.289722][ T5045] should_failslab+0x9/0x20
[ 79.294253][ T5045] __kmem_cache_alloc_node+0x5f/0x470
[ 79.299663][ T5045] ? common_lsm_audit+0x2210/0x2210
[ 79.304908][ T5045] ? tomoyo_supervisor+0xcdb/0xea0
[ 79.310039][ T5045] __kmalloc+0x4f/0x100
[ 79.314210][ T5045] tomoyo_supervisor+0xcdb/0xea0
[ 79.319155][ T5045] ? tomoyo_profile+0x60/0x60
[ 79.323847][ T5045] ? tomoyo_check_path_number_acl+0xa6/0x2f0
[ 79.329844][ T5045] tomoyo_path_number_perm+0x448/0x590
[ 79.335319][ T5045] ? tomoyo_execute_permission+0x4a0/0x4a0
[ 79.341172][ T5045] ? do_raw_spin_lock+0x12e/0x2b0
[ 79.346218][ T5045] ? rcu_is_watching+0x12/0xb0
[ 79.350986][ T5045] ? lock_release+0x4bf/0x680
[ 79.355686][ T5045] security_file_ioctl+0x72/0xb0
[ 79.360639][ T5045] __x64_sys_ioctl+0xbb/0x210
[ 79.365331][ T5045] do_syscall_64+0x38/0xb0
[ 79.369776][ T5045] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 79.375688][ T5045] RIP: 0033:0x7f422cd5b1e9
[ 79.380131][ T5045] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[pid 5045] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 5045] exit_group(0) = ?
[pid 5045] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5045, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=20 /* 0.20 s */} ---
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55555691b6f0 /* 4 entries */, 32768) = 112
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/binderfs") = 0
[ 79.399830][ T5045] RSP: 002b:00007ffcc91133f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 79.408251][ T5045] RAX: ffffffffffffffda RBX: 00007ffcc9113420 RCX: 00007f422cd5b1e9
[ 79.416226][ T5045] RDX: 0000000020000000 RSI: 00000000c0109428 RDI: 0000000000000004
[ 79.424200][ T5045] RBP: 0000000000000001 R08: 00007ffcc9113197 R09: 00007ffcc9113440
[ 79.432172][ T5045] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcc911341c
[ 79.440145][ T5045] R13: 0000000000000001 R14: 431bde82d7b634db R15: 00007ffcc9113460
[ 79.448139][ T5045]
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556923730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556923730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./1/file0") = 0
getdents64(3, 0x55555691b6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./1") = 0
mkdir("./2", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
[ 79.480428][ T1038] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555691a650) = 5062
./strace-static-x86_64: Process 5062 attached
[pid 5062] set_robust_list(0x55555691a660, 24) = 0
[pid 5062] chdir("./2") = 0
[pid 5062] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5062] setpgid(0, 0) = 0
[pid 5062] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5062] write(3, "1000", 4) = 4
[pid 5062] close(3) = 0
[pid 5062] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5062] memfd_create("syzkaller", 0) = 3
[pid 5062] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f422491c000
[pid 5062] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5062] munmap(0x7f422491c000, 16777216) = 0
[pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5062] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5062] close(3) = 0
[pid 5062] mkdir("./file0", 0777) = 0
[ 79.809977][ T5062] loop0: detected capacity change from 0 to 32768
[ 79.820317][ T5062] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz-executor196 (5062)
[ 79.838374][ T5062] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 79.847027][ T5062] BTRFS info (device loop0): using free space tree
[pid 5062] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0
[pid 5062] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5062] chdir("./file0") = 0
[pid 5062] ioctl(4, LOOP_CLR_FD) = 0
[pid 5062] close(4) = 0
[pid 5062] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 5062] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5062] write(5, "7", 1) = 1
[ 79.867076][ T5062] BTRFS info (device loop0): enabling ssd optimizations
[ 79.874057][ T5062] BTRFS info (device loop0): auto enabling async discard
[ 79.890499][ T5062] FAULT_INJECTION: forcing a failure.
[ 79.890499][ T5062] name failslab, interval 1, probability 0, space 0, times 0
[ 79.903464][ T5062] CPU: 0 PID: 5062 Comm: syz-executor196 Not tainted 6.5.0-syzkaller-12821-g6099776f9f26 #0
[ 79.913568][ T5062] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 79.923652][ T5062] Call Trace:
[ 79.926944][ T5062]
[ 79.929882][ T5062] dump_stack_lvl+0x125/0x1b0
[ 79.934599][ T5062] should_fail_ex+0x496/0x5b0
[ 79.939300][ T5062] should_failslab+0x9/0x20
[ 79.943844][ T5062] __kmem_cache_alloc_node+0x5f/0x470
[ 79.949246][ T5062] kmalloc_trace+0x25/0xe0
[ 79.953697][ T5062] btrfs_sysfs_add_qgroups+0x113/0x2a0
[ 79.959196][ T5062] btrfs_quota_enable+0x31d/0x1c60
[ 79.964355][ T5062] ? lock_acquire+0x464/0x510
[ 79.969068][ T5062] ? btrfs_free_qgroup_config+0xe0/0xe0
[ 79.974657][ T5062] ? lock_release+0x4bf/0x680
[ 79.979369][ T5062] ? __might_fault+0xe5/0x190
[ 79.984080][ T5062] ? preempt_count_sub+0x150/0x150
[ 79.989249][ T5062] ? down_write+0x14f/0x200
[ 79.993783][ T5062] ? down_write_killable_nested+0x250/0x250
[ 79.999712][ T5062] ? _copy_from_user+0x5d/0xf0
[ 80.004511][ T5062] btrfs_ioctl+0x4b27/0x5cf0
[ 80.009135][ T5062] ? btrfs_ioctl_get_supported_features+0x40/0x40
[ 80.015585][ T5062] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 80.021608][ T5062] ? do_vfs_ioctl+0x379/0x1920
[ 80.026402][ T5062] ? vfs_fileattr_set+0xbf0/0xbf0
[ 80.031461][ T5062] ? ioctl_has_perm.constprop.0.isra.0+0x2f0/0x460
[ 80.037998][ T5062] ? ioctl_has_perm.constprop.0.isra.0+0x2f9/0x460
[ 80.044534][ T5062] ? selinux_bprm_creds_for_exec+0xb30/0xb30
[ 80.050816][ T5062] ? lock_release+0x4bf/0x680
[ 80.055615][ T5062] ? selinux_file_ioctl+0x17d/0x270
[ 80.060841][ T5062] ? selinux_file_ioctl+0xb5/0x270
[ 80.065981][ T5062] ? btrfs_ioctl_get_supported_features+0x40/0x40
[ 80.072433][ T5062] __x64_sys_ioctl+0x18f/0x210
[ 80.077224][ T5062] do_syscall_64+0x38/0xb0
[ 80.081682][ T5062] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 80.087593][ T5062] RIP: 0033:0x7f422cd5b1e9
[ 80.091997][ T5062] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[pid 5062] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = -1 ENOMEM (Cannot allocate memory)
[pid 5062] exit_group(0) = ?
[pid 5062] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5062, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=29 /* 0.29 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55555691b6f0 /* 4 entries */, 32768) = 112
umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./2/binderfs") = 0
[ 80.111594][ T5062] RSP: 002b:00007ffcc91133f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 80.119992][ T5062] RAX: ffffffffffffffda RBX: 00007ffcc9113420 RCX: 00007f422cd5b1e9
[ 80.128123][ T5062] RDX: 0000000020000000 RSI: 00000000c0109428 RDI: 0000000000000004
[ 80.136097][ T5062] RBP: 0000000000000001 R08: 00007ffcc9113197 R09: 00007ffcc9113440
[ 80.144102][ T5062] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcc911341c
[ 80.152061][ T5062] R13: 0000000000000002 R14: 431bde82d7b634db R15: 00007ffcc9113460
[ 80.160109][ T5062]
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556923730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556923730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./2/file0") = 0
getdents64(3, 0x55555691b6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./2") = 0
mkdir("./3", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5079 attached
, child_tidptr=0x55555691a650) = 5079
[pid 5079] set_robust_list(0x55555691a660, 24) = 0
[pid 5079] chdir("./3") = 0
[pid 5079] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5079] setpgid(0, 0) = 0
[pid 5079] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5079] write(3, "1000", 4) = 4
[pid 5079] close(3) = 0
[pid 5079] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5079] memfd_create("syzkaller", 0) = 3
[pid 5079] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f422491c000
[pid 5079] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5079] munmap(0x7f422491c000, 16777216) = 0
[pid 5079] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5079] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5079] close(3) = 0
[pid 5079] mkdir("./file0", 0777) = 0
[ 80.457585][ T5079] loop0: detected capacity change from 0 to 32768
[ 80.467795][ T5079] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz-executor196 (5079)
[ 80.483124][ T5079] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 80.492962][ T5079] BTRFS info (device loop0): using free space tree
[pid 5079] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0
[pid 5079] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5079] chdir("./file0") = 0
[pid 5079] ioctl(4, LOOP_CLR_FD) = 0
[pid 5079] close(4) = 0
[pid 5079] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 5079] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5079] write(5, "7", 1) = 1
[ 80.513205][ T5079] BTRFS info (device loop0): enabling ssd optimizations
[ 80.520414][ T5079] BTRFS info (device loop0): auto enabling async discard
[ 80.534610][ T5079] FAULT_INJECTION: forcing a failure.
[ 80.534610][ T5079] name failslab, interval 1, probability 0, space 0, times 0
[ 80.547397][ T5079] CPU: 0 PID: 5079 Comm: syz-executor196 Not tainted 6.5.0-syzkaller-12821-g6099776f9f26 #0
[ 80.557497][ T5079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 80.567555][ T5079] Call Trace:
[ 80.570819][ T5079]
[ 80.573750][ T5079] dump_stack_lvl+0x125/0x1b0
[ 80.578481][ T5079] should_fail_ex+0x496/0x5b0
[ 80.583192][ T5079] should_failslab+0x9/0x20
[ 80.587731][ T5079] __kmem_cache_alloc_node+0x5f/0x470
[ 80.593132][ T5079] kmalloc_trace+0x25/0xe0
[ 80.597598][ T5079] btrfs_sysfs_add_qgroups+0x113/0x2a0
[ 80.603087][ T5079] btrfs_quota_enable+0x31d/0x1c60
[ 80.608332][ T5079] ? lock_acquire+0x464/0x510
[ 80.613151][ T5079] ? btrfs_free_qgroup_config+0xe0/0xe0
[ 80.618743][ T5079] ? lock_release+0x4bf/0x680
[ 80.623549][ T5079] ? __might_fault+0xe5/0x190
[ 80.628269][ T5079] ? preempt_count_sub+0x150/0x150
[ 80.633423][ T5079] ? down_write+0x14f/0x200
[ 80.637961][ T5079] ? down_write_killable_nested+0x250/0x250
[ 80.643894][ T5079] ? _copy_from_user+0x5d/0xf0
[ 80.648692][ T5079] btrfs_ioctl+0x4b27/0x5cf0
[ 80.653328][ T5079] ? btrfs_ioctl_get_supported_features+0x40/0x40
[ 80.659782][ T5079] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 80.665719][ T5079] ? do_vfs_ioctl+0x379/0x1920
[ 80.670512][ T5079] ? vfs_fileattr_set+0xbf0/0xbf0
[ 80.675570][ T5079] ? ioctl_has_perm.constprop.0.isra.0+0x2f0/0x460
[ 80.682105][ T5079] ? ioctl_has_perm.constprop.0.isra.0+0x2f9/0x460
[ 80.688645][ T5079] ? selinux_bprm_creds_for_exec+0xb30/0xb30
[ 80.694663][ T5079] ? lock_release+0x4bf/0x680
[ 80.699379][ T5079] ? selinux_file_ioctl+0x17d/0x270
[ 80.704612][ T5079] ? selinux_file_ioctl+0xb5/0x270
[ 80.709755][ T5079] ? btrfs_ioctl_get_supported_features+0x40/0x40
[ 80.716203][ T5079] __x64_sys_ioctl+0x18f/0x210
[ 80.721006][ T5079] do_syscall_64+0x38/0xb0
[ 80.725463][ T5079] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 80.731381][ T5079] RIP: 0033:0x7f422cd5b1e9
[ 80.735814][ T5079] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 80.755449][ T5079] RSP: 002b:00007ffcc91133f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[pid 5079] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = -1 ENOMEM (Cannot allocate memory)
[pid 5079] exit_group(0) = ?
[pid 5079] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5079, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} ---
umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55555691b6f0 /* 4 entries */, 32768) = 112
umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./3/binderfs") = 0
[ 80.763887][ T5079] RAX: ffffffffffffffda RBX: 00007ffcc9113420 RCX: 00007f422cd5b1e9
[ 80.771881][ T5079] RDX: 0000000020000000 RSI: 00000000c0109428 RDI: 0000000000000004
[ 80.779881][ T5079] RBP: 0000000000000001 R08: 00007ffcc9113197 R09: 00007ffcc9113440
[ 80.787874][ T5079] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcc911341c
[ 80.795876][ T5079] R13: 0000000000000003 R14: 431bde82d7b634db R15: 00007ffcc9113460
[ 80.803861][ T5079]
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556923730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556923730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./3/file0") = 0
getdents64(3, 0x55555691b6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./3") = 0
mkdir("./4", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555691a650) = 5096
./strace-static-x86_64: Process 5096 attached
[pid 5096] set_robust_list(0x55555691a660, 24) = 0
[pid 5096] chdir("./4") = 0
[pid 5096] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5096] setpgid(0, 0) = 0
[pid 5096] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5096] write(3, "1000", 4) = 4
[pid 5096] close(3) = 0
[pid 5096] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5096] memfd_create("syzkaller", 0) = 3
[pid 5096] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f422491c000
[pid 5096] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5096] munmap(0x7f422491c000, 16777216) = 0
[pid 5096] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5096] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5096] close(3) = 0
[pid 5096] mkdir("./file0", 0777) = 0
[ 81.093607][ T5096] loop0: detected capacity change from 0 to 32768
[ 81.102918][ T5096] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz-executor196 (5096)
[ 81.118962][ T5096] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 81.127812][ T5096] BTRFS info (device loop0): using free space tree
[pid 5096] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0
[pid 5096] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5096] chdir("./file0") = 0
[pid 5096] ioctl(4, LOOP_CLR_FD) = 0
[pid 5096] close(4) = 0
[pid 5096] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 5096] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5096] write(5, "7", 1) = 1
[ 81.147477][ T5096] BTRFS info (device loop0): enabling ssd optimizations
[ 81.154482][ T5096] BTRFS info (device loop0): auto enabling async discard
[ 81.173518][ T5096] FAULT_INJECTION: forcing a failure.
[ 81.173518][ T5096] name failslab, interval 1, probability 0, space 0, times 0
[ 81.186704][ T5096] CPU: 0 PID: 5096 Comm: syz-executor196 Not tainted 6.5.0-syzkaller-12821-g6099776f9f26 #0
[ 81.196795][ T5096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 81.206839][ T5096] Call Trace:
[ 81.210103][ T5096]
[ 81.213019][ T5096] dump_stack_lvl+0x125/0x1b0
[ 81.217693][ T5096] should_fail_ex+0x496/0x5b0
[ 81.222356][ T5096] should_failslab+0x9/0x20
[ 81.226853][ T5096] __kmem_cache_alloc_node+0x5f/0x470
[ 81.232212][ T5096] kmalloc_trace+0x25/0xe0
[ 81.236617][ T5096] btrfs_sysfs_add_qgroups+0x113/0x2a0
[ 81.242063][ T5096] btrfs_quota_enable+0x31d/0x1c60
[ 81.247185][ T5096] ? lock_acquire+0x464/0x510
[ 81.251906][ T5096] ? btrfs_free_qgroup_config+0xe0/0xe0
[ 81.257493][ T5096] ? lock_release+0x4bf/0x680
[ 81.262207][ T5096] ? __might_fault+0xe5/0x190
[ 81.266936][ T5096] ? preempt_count_sub+0x150/0x150
[ 81.272085][ T5096] ? down_write+0x14f/0x200
[ 81.276614][ T5096] ? down_write_killable_nested+0x250/0x250
[ 81.282540][ T5096] ? _copy_from_user+0x5d/0xf0
[ 81.287337][ T5096] btrfs_ioctl+0x4b27/0x5cf0
[ 81.291958][ T5096] ? btrfs_ioctl_get_supported_features+0x40/0x40
[ 81.298402][ T5096] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 81.304322][ T5096] ? do_vfs_ioctl+0x379/0x1920
[ 81.309098][ T5096] ? vfs_fileattr_set+0xbf0/0xbf0
[ 81.314130][ T5096] ? ioctl_has_perm.constprop.0.isra.0+0x2f0/0x460
[ 81.320647][ T5096] ? ioctl_has_perm.constprop.0.isra.0+0x2f9/0x460
[ 81.327160][ T5096] ? selinux_bprm_creds_for_exec+0xb30/0xb30
[ 81.333154][ T5096] ? lock_release+0x4bf/0x680
[ 81.337844][ T5096] ? selinux_file_ioctl+0x17d/0x270
[ 81.343053][ T5096] ? selinux_file_ioctl+0xb5/0x270
[ 81.348173][ T5096] ? btrfs_ioctl_get_supported_features+0x40/0x40
[ 81.354599][ T5096] __x64_sys_ioctl+0x18f/0x210
[ 81.359372][ T5096] do_syscall_64+0x38/0xb0
[ 81.363807][ T5096] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 81.369709][ T5096] RIP: 0033:0x7f422cd5b1e9
[ 81.374129][ T5096] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[pid 5096] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = -1 ENOMEM (Cannot allocate memory)
[pid 5096] exit_group(0) = ?
[pid 5096] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5096, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=17 /* 0.17 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55555691b6f0 /* 4 entries */, 32768) = 112
umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./4/binderfs") = 0
[ 81.393741][ T5096] RSP: 002b:00007ffcc91133f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 81.402161][ T5096] RAX: ffffffffffffffda RBX: 00007ffcc9113420 RCX: 00007f422cd5b1e9
[ 81.410136][ T5096] RDX: 0000000020000000 RSI: 00000000c0109428 RDI: 0000000000000004
[ 81.418108][ T5096] RBP: 0000000000000001 R08: 00007ffcc9113197 R09: 00007ffcc9113440
[ 81.426082][ T5096] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcc911341c
[ 81.434056][ T5096] R13: 0000000000000004 R14: 431bde82d7b634db R15: 00007ffcc9113460
[ 81.442032][ T5096]
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556923730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556923730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./4/file0") = 0
getdents64(3, 0x55555691b6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./4") = 0
mkdir("./5", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5113 attached
, child_tidptr=0x55555691a650) = 5113
[pid 5113] set_robust_list(0x55555691a660, 24) = 0
[pid 5113] chdir("./5") = 0
[pid 5113] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5113] setpgid(0, 0) = 0
[pid 5113] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5113] write(3, "1000", 4) = 4
[pid 5113] close(3) = 0
[pid 5113] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5113] memfd_create("syzkaller", 0) = 3
[pid 5113] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f422491c000
[pid 5113] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5113] munmap(0x7f422491c000, 16777216) = 0
[pid 5113] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5113] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5113] close(3) = 0
[pid 5113] mkdir("./file0", 0777) = 0
[ 81.786287][ T5113] loop0: detected capacity change from 0 to 32768
[ 81.796068][ T5113] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz-executor196 (5113)
[ 81.814322][ T5113] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 81.824025][ T5113] BTRFS info (device loop0): using free space tree
[pid 5113] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0
[pid 5113] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5113] chdir("./file0") = 0
[pid 5113] ioctl(4, LOOP_CLR_FD) = 0
[pid 5113] close(4) = 0
[pid 5113] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 5113] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5113] write(5, "7", 1) = 1
[ 81.843828][ T5113] BTRFS info (device loop0): enabling ssd optimizations
[ 81.850813][ T5113] BTRFS info (device loop0): auto enabling async discard
[ 81.872801][ T5113] FAULT_INJECTION: forcing a failure.
[ 81.872801][ T5113] name failslab, interval 1, probability 0, space 0, times 0
[ 81.894636][ T5113] CPU: 0 PID: 5113 Comm: syz-executor196 Not tainted 6.5.0-syzkaller-12821-g6099776f9f26 #0
[ 81.904739][ T5113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 81.914895][ T5113] Call Trace:
[ 81.918200][ T5113]
[ 81.921143][ T5113] dump_stack_lvl+0x125/0x1b0
[ 81.925866][ T5113] should_fail_ex+0x496/0x5b0
[ 81.930562][ T5113] should_failslab+0x9/0x20
[ 81.935092][ T5113] __kmem_cache_alloc_node+0x5f/0x470
[ 81.940491][ T5113] kmalloc_trace+0x25/0xe0
[ 81.944933][ T5113] btrfs_sysfs_add_qgroups+0x113/0x2a0
[ 81.950415][ T5113] btrfs_quota_enable+0x31d/0x1c60
[ 81.955568][ T5113] ? lock_acquire+0x464/0x510
[ 81.960278][ T5113] ? btrfs_free_qgroup_config+0xe0/0xe0
[ 81.965862][ T5113] ? lock_release+0x4bf/0x680
[ 81.970556][ T5113] ? __might_fault+0xe5/0x190
[ 81.975262][ T5113] ? preempt_count_sub+0x150/0x150
[ 81.980391][ T5113] ? down_write+0x14f/0x200
[ 81.984910][ T5113] ? down_write_killable_nested+0x250/0x250
[ 81.990818][ T5113] ? _copy_from_user+0x5d/0xf0
[ 81.995596][ T5113] btrfs_ioctl+0x4b27/0x5cf0
[ 82.000214][ T5113] ? btrfs_ioctl_get_supported_features+0x40/0x40
[ 82.006662][ T5113] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 82.012585][ T5113] ? do_vfs_ioctl+0x379/0x1920
[ 82.017363][ T5113] ? vfs_fileattr_set+0xbf0/0xbf0
[ 82.022396][ T5113] ? ioctl_has_perm.constprop.0.isra.0+0x2f0/0x460
[ 82.028910][ T5113] ? ioctl_has_perm.constprop.0.isra.0+0x2f9/0x460
[ 82.035424][ T5113] ? selinux_bprm_creds_for_exec+0xb30/0xb30
[ 82.041417][ T5113] ? lock_release+0x4bf/0x680
[ 82.046109][ T5113] ? selinux_file_ioctl+0x17d/0x270
[ 82.051319][ T5113] ? selinux_file_ioctl+0xb5/0x270
[ 82.056443][ T5113] ? btrfs_ioctl_get_supported_features+0x40/0x40
[ 82.062871][ T5113] __x64_sys_ioctl+0x18f/0x210
[ 82.067646][ T5113] do_syscall_64+0x38/0xb0
[ 82.072087][ T5113] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 82.077985][ T5113] RIP: 0033:0x7f422cd5b1e9
[ 82.082402][ T5113] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 82.102018][ T5113] RSP: 002b:00007ffcc91133f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 82.110439][ T5113] RAX: ffffffffffffffda RBX: 00007ffcc9113420 RCX: 00007f422cd5b1e9
[ 82.118416][ T5113] RDX: 0000000020000000 RSI: 00000000c0109428 RDI: 0000000000000004
[ 82.126391][ T5113] RBP: 0000000000000001 R08: 00007ffcc9113197 R09: 00007ffcc9113440
[ 82.134367][ T5113] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcc911341c
[pid 5113] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = -1 ENOMEM (Cannot allocate memory)
[pid 5113] exit_group(0) = ?
[pid 5113] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5113, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=28 /* 0.28 s */} ---
umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55555691b6f0 /* 4 entries */, 32768) = 112
umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./5/binderfs") = 0
[ 82.142340][ T5113] R13: 0000000000000005 R14: 431bde82d7b634db R15: 00007ffcc9113460
[ 82.150320][ T5113]
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556923730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556923730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./5/file0") = 0
getdents64(3, 0x55555691b6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./5") = 0
mkdir("./6", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5130 attached
, child_tidptr=0x55555691a650) = 5130
[pid 5130] set_robust_list(0x55555691a660, 24) = 0
[pid 5130] chdir("./6") = 0
[pid 5130] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5130] setpgid(0, 0) = 0
[pid 5130] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5130] write(3, "1000", 4) = 4
[pid 5130] close(3) = 0
[pid 5130] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5130] memfd_create("syzkaller", 0) = 3
[pid 5130] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f422491c000
[pid 5130] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5130] munmap(0x7f422491c000, 16777216) = 0
[pid 5130] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5130] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5130] close(3) = 0
[pid 5130] mkdir("./file0", 0777) = 0
[ 82.561332][ T5130] loop0: detected capacity change from 0 to 32768
[ 82.571421][ T5130] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz-executor196 (5130)
[ 82.588947][ T5130] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 82.597770][ T5130] BTRFS info (device loop0): using free space tree
[pid 5130] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0
[pid 5130] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5130] chdir("./file0") = 0
[pid 5130] ioctl(4, LOOP_CLR_FD) = 0
[pid 5130] close(4) = 0
[pid 5130] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 5130] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5130] write(5, "7", 1) = 1
[ 82.619447][ T5130] BTRFS info (device loop0): enabling ssd optimizations
[ 82.626529][ T5130] BTRFS info (device loop0): auto enabling async discard
[ 82.647328][ T5130] FAULT_INJECTION: forcing a failure.
[ 82.647328][ T5130] name failslab, interval 1, probability 0, space 0, times 0
[ 82.664671][ T5130] CPU: 1 PID: 5130 Comm: syz-executor196 Not tainted 6.5.0-syzkaller-12821-g6099776f9f26 #0
[ 82.674786][ T5130] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 82.684864][ T5130] Call Trace:
[ 82.688158][ T5130]
[ 82.691104][ T5130] dump_stack_lvl+0x125/0x1b0
[ 82.695830][ T5130] should_fail_ex+0x496/0x5b0
[ 82.700534][ T5130] should_failslab+0x9/0x20
[ 82.705078][ T5130] __kmem_cache_alloc_node+0x5f/0x470
[ 82.710481][ T5130] kmalloc_trace+0x25/0xe0
[ 82.714929][ T5130] btrfs_sysfs_add_qgroups+0x113/0x2a0
[ 82.720400][ T5130] btrfs_quota_enable+0x31d/0x1c60
[ 82.725532][ T5130] ? lock_acquire+0x464/0x510
[ 82.730222][ T5130] ? btrfs_free_qgroup_config+0xe0/0xe0
[ 82.735785][ T5130] ? lock_release+0x4bf/0x680
[ 82.740484][ T5130] ? __might_fault+0xe5/0x190
[ 82.745272][ T5130] ? preempt_count_sub+0x150/0x150
[ 82.750413][ T5130] ? down_write+0x14f/0x200
[ 82.754934][ T5130] ? down_write_killable_nested+0x250/0x250
[ 82.760847][ T5130] ? _copy_from_user+0x5d/0xf0
[ 82.765632][ T5130] btrfs_ioctl+0x4b27/0x5cf0
[ 82.770251][ T5130] ? btrfs_ioctl_get_supported_features+0x40/0x40
[ 82.776678][ T5130] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 82.782590][ T5130] ? do_vfs_ioctl+0x379/0x1920
[ 82.787368][ T5130] ? vfs_fileattr_set+0xbf0/0xbf0
[ 82.792400][ T5130] ? ioctl_has_perm.constprop.0.isra.0+0x2f0/0x460
[ 82.798913][ T5130] ? ioctl_has_perm.constprop.0.isra.0+0x2f9/0x460
[ 82.805426][ T5130] ? selinux_bprm_creds_for_exec+0xb30/0xb30
[ 82.811419][ T5130] ? lock_release+0x4bf/0x680
[ 82.816109][ T5130] ? selinux_file_ioctl+0x17d/0x270
[ 82.821326][ T5130] ? selinux_file_ioctl+0xb5/0x270
[ 82.826632][ T5130] ? btrfs_ioctl_get_supported_features+0x40/0x40
[ 82.833073][ T5130] __x64_sys_ioctl+0x18f/0x210
[ 82.837872][ T5130] do_syscall_64+0x38/0xb0
[ 82.842321][ T5130] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 82.848244][ T5130] RIP: 0033:0x7f422cd5b1e9
[ 82.852665][ T5130] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 82.872369][ T5130] RSP: 002b:00007ffcc91133f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 82.880873][ T5130] RAX: ffffffffffffffda RBX: 00007ffcc9113420 RCX: 00007f422cd5b1e9
[ 82.888846][ T5130] RDX: 0000000020000000 RSI: 00000000c0109428 RDI: 0000000000000004
[ 82.896820][ T5130] RBP: 0000000000000001 R08: 00007ffcc9113197 R09: 00007ffcc9113440
[ 82.904794][ T5130] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcc911341c
[ 82.912769][ T5130] R13: 0000000000000006 R14: 431bde82d7b634db R15: 00007ffcc9113460
[pid 5130] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = -1 ENOMEM (Cannot allocate memory)
[pid 5130] exit_group(0) = ?
[pid 5130] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5130, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=25 /* 0.25 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55555691b6f0 /* 4 entries */, 32768) = 112
umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./6/binderfs") = 0
[ 82.920761][ T5130]
umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556923730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556923730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./6/file0") = 0
getdents64(3, 0x55555691b6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./6") = 0
mkdir("./7", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5147 attached
, child_tidptr=0x55555691a650) = 5147
[pid 5147] set_robust_list(0x55555691a660, 24) = 0
[pid 5147] chdir("./7") = 0
[pid 5147] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5147] setpgid(0, 0) = 0
[pid 5147] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5147] write(3, "1000", 4) = 4
[pid 5147] close(3) = 0
[pid 5147] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5147] memfd_create("syzkaller", 0) = 3
[pid 5147] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f422491c000
[pid 5147] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5147] munmap(0x7f422491c000, 16777216) = 0
[pid 5147] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5147] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5147] close(3) = 0
[pid 5147] mkdir("./file0", 0777) = 0
[ 83.268332][ T5147] loop0: detected capacity change from 0 to 32768
[ 83.279130][ T5147] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz-executor196 (5147)
[ 83.298972][ T5147] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 83.307829][ T5147] BTRFS info (device loop0): using free space tree
[pid 5147] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0
[pid 5147] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5147] chdir("./file0") = 0
[pid 5147] ioctl(4, LOOP_CLR_FD) = 0
[pid 5147] close(4) = 0
[pid 5147] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 5147] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5147] write(5, "7", 1) = 1
[ 83.327559][ T5147] BTRFS info (device loop0): enabling ssd optimizations
[ 83.334555][ T5147] BTRFS info (device loop0): auto enabling async discard
[ 83.364041][ T5147] FAULT_INJECTION: forcing a failure.
[ 83.364041][ T5147] name failslab, interval 1, probability 0, space 0, times 0
[ 83.385935][ T5147] CPU: 0 PID: 5147 Comm: syz-executor196 Not tainted 6.5.0-syzkaller-12821-g6099776f9f26 #0
[ 83.396027][ T5147] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 83.406064][ T5147] Call Trace:
[ 83.409330][ T5147]
[ 83.412247][ T5147] dump_stack_lvl+0x125/0x1b0
[ 83.416943][ T5147] should_fail_ex+0x496/0x5b0
[ 83.421612][ T5147] should_failslab+0x9/0x20
[ 83.426109][ T5147] __kmem_cache_alloc_node+0x5f/0x470
[ 83.431470][ T5147] kmalloc_trace+0x25/0xe0
[ 83.435889][ T5147] btrfs_sysfs_add_qgroups+0x113/0x2a0
[ 83.441373][ T5147] btrfs_quota_enable+0x31d/0x1c60
[ 83.446629][ T5147] ? lock_acquire+0x464/0x510
[ 83.451345][ T5147] ? btrfs_free_qgroup_config+0xe0/0xe0
[ 83.456935][ T5147] ? lock_release+0x4bf/0x680
[ 83.461645][ T5147] ? __might_fault+0xe5/0x190
[ 83.466372][ T5147] ? preempt_count_sub+0x150/0x150
[ 83.471528][ T5147] ? down_write+0x14f/0x200
[ 83.476070][ T5147] ? down_write_killable_nested+0x250/0x250
[ 83.482000][ T5147] ? _copy_from_user+0x5d/0xf0
[ 83.486794][ T5147] btrfs_ioctl+0x4b27/0x5cf0
[ 83.491421][ T5147] ? btrfs_ioctl_get_supported_features+0x40/0x40
[ 83.497874][ T5147] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 83.503804][ T5147] ? do_vfs_ioctl+0x379/0x1920
[ 83.508606][ T5147] ? vfs_fileattr_set+0xbf0/0xbf0
[ 83.513659][ T5147] ? ioctl_has_perm.constprop.0.isra.0+0x2f0/0x460
[ 83.520196][ T5147] ? ioctl_has_perm.constprop.0.isra.0+0x2f9/0x460
[ 83.526747][ T5147] ? selinux_bprm_creds_for_exec+0xb30/0xb30
[ 83.532760][ T5147] ? lock_release+0x4bf/0x680
[ 83.537477][ T5147] ? selinux_file_ioctl+0x17d/0x270
[ 83.542737][ T5147] ? selinux_file_ioctl+0xb5/0x270
[ 83.547892][ T5147] ? btrfs_ioctl_get_supported_features+0x40/0x40
[ 83.554452][ T5147] __x64_sys_ioctl+0x18f/0x210
[ 83.559250][ T5147] do_syscall_64+0x38/0xb0
[ 83.563711][ T5147] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 83.569634][ T5147] RIP: 0033:0x7f422cd5b1e9
[ 83.574068][ T5147] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 83.593699][ T5147] RSP: 002b:00007ffcc91133f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 83.602144][ T5147] RAX: ffffffffffffffda RBX: 00007ffcc9113420 RCX: 00007f422cd5b1e9
[ 83.610143][ T5147] RDX: 0000000020000000 RSI: 00000000c0109428 RDI: 0000000000000004
[ 83.618138][ T5147] RBP: 0000000000000001 R08: 00007ffcc9113197 R09: 00007ffcc9113440
[ 83.626123][ T5147] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcc911341c
[pid 5147] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = -1 ENOMEM (Cannot allocate memory)
[pid 5147] exit_group(0) = ?
[pid 5147] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5147, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=24 /* 0.24 s */} ---
umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55555691b6f0 /* 4 entries */, 32768) = 112
umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./7/binderfs") = 0
[ 83.634084][ T5147] R13: 0000000000000007 R14: 431bde82d7b634db R15: 00007ffcc9113460
[ 83.642057][ T5147]
umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556923730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556923730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./7/file0") = 0
getdents64(3, 0x55555691b6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./7") = 0
mkdir("./8", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555691a650) = 5164
./strace-static-x86_64: Process 5164 attached
[pid 5164] set_robust_list(0x55555691a660, 24) = 0
[pid 5164] chdir("./8") = 0
[pid 5164] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5164] setpgid(0, 0) = 0
[pid 5164] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5164] write(3, "1000", 4) = 4
[pid 5164] close(3) = 0
[pid 5164] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5164] memfd_create("syzkaller", 0) = 3
[pid 5164] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f422491c000
[pid 5164] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5164] munmap(0x7f422491c000, 16777216) = 0
[pid 5164] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5164] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5164] close(3) = 0
[pid 5164] mkdir("./file0", 0777) = 0
[ 83.931415][ T5164] loop0: detected capacity change from 0 to 32768
[ 83.940632][ T5164] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz-executor196 (5164)
[ 83.956238][ T5164] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 83.965070][ T5164] BTRFS info (device loop0): using free space tree
[pid 5164] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0
[pid 5164] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5164] chdir("./file0") = 0
[pid 5164] ioctl(4, LOOP_CLR_FD) = 0
[pid 5164] close(4) = 0
[pid 5164] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 5164] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5164] write(5, "7", 1) = 1
[ 83.985725][ T5164] BTRFS info (device loop0): enabling ssd optimizations
[ 83.992971][ T5164] BTRFS info (device loop0): auto enabling async discard
[ 84.011134][ T5164] FAULT_INJECTION: forcing a failure.
[ 84.011134][ T5164] name failslab, interval 1, probability 0, space 0, times 0
[ 84.024052][ T5164] CPU: 0 PID: 5164 Comm: syz-executor196 Not tainted 6.5.0-syzkaller-12821-g6099776f9f26 #0
[ 84.034146][ T5164] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 84.044223][ T5164] Call Trace:
[ 84.047517][ T5164]
[ 84.050461][ T5164] dump_stack_lvl+0x125/0x1b0
[ 84.055187][ T5164] should_fail_ex+0x496/0x5b0
[ 84.059889][ T5164] should_failslab+0x9/0x20
[ 84.064431][ T5164] kmem_cache_alloc+0x61/0x400
[ 84.069225][ T5164] ? __kernel_text_address+0xd/0x30
[ 84.074470][ T5164] __kernfs_new_node+0xd3/0x8a0
[ 84.079355][ T5164] ? kernfs_path_from_node+0x60/0x60
[ 84.084671][ T5164] ? stack_trace_save+0x96/0xd0
[ 84.089562][ T5164] ? filter_irq_stacks+0x90/0x90
[ 84.094540][ T5164] ? __stack_depot_save+0x39/0x510
[ 84.099678][ T5164] kernfs_create_dir_ns+0x9a/0x210
[ 84.104825][ T5164] sysfs_create_dir_ns+0x13b/0x2a0
[ 84.109974][ T5164] ? sysfs_create_mount_point+0xb0/0xb0
[ 84.115650][ T5164] kobject_add_internal+0x2c8/0x960
[ 84.120877][ T5164] ? kfree+0x108/0x140
[ 84.124985][ T5164] kobject_init_and_add+0x11c/0x190
[ 84.130214][ T5164] ? kobject_create_and_add+0xf0/0xf0
[ 84.135628][ T5164] btrfs_sysfs_add_qgroups+0x15f/0x2a0
[ 84.141150][ T5164] btrfs_quota_enable+0x31d/0x1c60
[ 84.146309][ T5164] ? lock_acquire+0x464/0x510
[ 84.151022][ T5164] ? btrfs_free_qgroup_config+0xe0/0xe0
[ 84.156608][ T5164] ? lock_release+0x4bf/0x680
[ 84.161316][ T5164] ? __might_fault+0xe5/0x190
[ 84.166023][ T5164] ? preempt_count_sub+0x150/0x150
[ 84.171174][ T5164] ? down_write+0x14f/0x200
[ 84.175709][ T5164] ? down_write_killable_nested+0x250/0x250
[ 84.181639][ T5164] ? _copy_from_user+0x5d/0xf0
[ 84.186435][ T5164] btrfs_ioctl+0x4b27/0x5cf0
[ 84.191056][ T5164] ? btrfs_ioctl_get_supported_features+0x40/0x40
[ 84.197506][ T5164] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 84.203442][ T5164] ? do_vfs_ioctl+0x379/0x1920
[ 84.208224][ T5164] ? vfs_fileattr_set+0xbf0/0xbf0
[ 84.213241][ T5164] ? ioctl_has_perm.constprop.0.isra.0+0x2f0/0x460
[ 84.219908][ T5164] ? ioctl_has_perm.constprop.0.isra.0+0x2f9/0x460
[ 84.226412][ T5164] ? selinux_bprm_creds_for_exec+0xb30/0xb30
[ 84.232576][ T5164] ? lock_release+0x4bf/0x680
[ 84.237266][ T5164] ? selinux_file_ioctl+0x17d/0x270
[ 84.242454][ T5164] ? selinux_file_ioctl+0xb5/0x270
[ 84.247553][ T5164] ? btrfs_ioctl_get_supported_features+0x40/0x40
[ 84.253955][ T5164] __x64_sys_ioctl+0x18f/0x210
[ 84.258711][ T5164] do_syscall_64+0x38/0xb0
[ 84.263124][ T5164] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 84.269007][ T5164] RIP: 0033:0x7f422cd5b1e9
[ 84.273408][ T5164] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 84.293002][ T5164] RSP: 002b:00007ffcc91133f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 84.301414][ T5164] RAX: ffffffffffffffda RBX: 00007ffcc9113420 RCX: 00007f422cd5b1e9
[ 84.309371][ T5164] RDX: 0000000020000000 RSI: 00000000c0109428 RDI: 0000000000000004
[ 84.317415][ T5164] RBP: 0000000000000001 R08: 00007ffcc9113197 R09: 00007ffcc9113440
[ 84.325373][ T5164] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcc911341c
[ 84.333332][ T5164] R13: 0000000000000008 R14: 431bde82d7b634db R15: 00007ffcc9113460
[ 84.341292][ T5164]
[ 84.344680][ T5164] kobject: kobject_add_internal failed for qgroups (error: -12 parent: 395ef67a-297e-477c-816d-cd80a5b93e5d)
[ 84.356820][ T5164] ------------[ cut here ]------------
[ 84.362289][ T5164] kernfs: can not remove 'enabled', no directory
[ 84.370268][ T5164] WARNING: CPU: 0 PID: 5164 at fs/kernfs/dir.c:1662 kernfs_remove_by_name_ns+0x106/0x120
[ 84.380178][ T5164] Modules linked in:
[ 84.384168][ T5164] CPU: 0 PID: 5164 Comm: syz-executor196 Not tainted 6.5.0-syzkaller-12821-g6099776f9f26 #0
[ 84.394404][ T5164] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 84.404522][ T5164] RIP: 0010:kernfs_remove_by_name_ns+0x106/0x120
[ 84.410919][ T5164] Code: f5 51 ff e8 8c b7 72 ff bb fe ff ff ff 89 d8 5b 5d 41 5c 41 5d c3 e8 79 b7 72 ff 4c 89 e6 48 c7 c7 a0 0f a0 8a e8 8a d6 38 ff <0f> 0b eb d5 e8 51 b4 c7 ff e9 60 ff ff ff e8 47 b4 c7 ff e9 27 ff
[ 84.430590][ T5164] RSP: 0018:ffffc90003abf910 EFLAGS: 00010286
[ 84.436687][ T5164] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 84.444698][ T5164] RDX: ffff88807761c140 RSI: ffffffff814cf106 RDI: 0000000000000001
[ 84.452673][ T5164] RBP: ffffffff8d3236c0 R08: 0000000000000001 R09: 0000000000000000
[ 84.460676][ T5164] R10: 0000000000000001 R11: 0000000000000001 R12: ffffffff8ad6d560
[ 84.468720][ T5164] R13: 0000000000000000 R14: ffffffff8ad6d480 R15: ffff888078680038
[ 84.476743][ T5164] FS: 000055555691a380(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[ 84.485744][ T5164] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 84.492352][ T5164] CR2: 00007f422cdd80f8 CR3: 0000000028035000 CR4: 00000000003506f0
[ 84.500363][ T5164] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 84.508380][ T5164] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 84.516410][ T5164] Call Trace:
[ 84.519703][ T5164]
[ 84.522635][ T5164] ? show_regs+0x8f/0xa0
[ 84.526953][ T5164] ? __warn+0xe6/0x380
[ 84.531038][ T5164] ? kernfs_remove_by_name_ns+0x106/0x120
[ 84.536791][ T5164] ? report_bug+0x3bc/0x580
[ 84.541321][ T5164] ? handle_bug+0x3c/0x70
[ 84.545689][ T5164] ? exc_invalid_op+0x17/0x40
[ 84.550387][ T5164] ? asm_exc_invalid_op+0x1a/0x20
[ 84.555452][ T5164] ? __warn_printk+0x1a6/0x350
[ 84.560235][ T5164] ? kernfs_remove_by_name_ns+0x106/0x120
[ 84.565994][ T5164] remove_files+0x96/0x1c0
[ 84.570437][ T5164] sysfs_remove_group+0x8b/0x170
[ 84.575411][ T5164] sysfs_remove_groups+0x60/0xa0
[ 84.580375][ T5164] __kobject_del+0x83/0x1e0
[ 84.584915][ T5164] kobject_del+0x3f/0x60
[ 84.589186][ T5164] btrfs_sysfs_del_qgroups+0x119/0x1a0
[ 84.594695][ T5164] btrfs_sysfs_add_qgroups+0x218/0x2a0
[ 84.600166][ T5164] btrfs_quota_enable+0x31d/0x1c60
[ 84.605351][ T5164] ? lock_acquire+0x464/0x510
[ 84.610070][ T5164] ? btrfs_free_qgroup_config+0xe0/0xe0
[ 84.615713][ T5164] ? lock_release+0x4bf/0x680
[ 84.620410][ T5164] ? __might_fault+0xe5/0x190
[ 84.625131][ T5164] ? preempt_count_sub+0x150/0x150
[ 84.630269][ T5164] ? down_write+0x14f/0x200
[ 84.634814][ T5164] ? down_write_killable_nested+0x250/0x250
[ 84.640728][ T5164] ? _copy_from_user+0x5d/0xf0
[ 84.645530][ T5164] btrfs_ioctl+0x4b27/0x5cf0
[ 84.650150][ T5164] ? btrfs_ioctl_get_supported_features+0x40/0x40
[ 84.656677][ T5164] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 84.662608][ T5164] ? do_vfs_ioctl+0x379/0x1920
[ 84.667439][ T5164] ? vfs_fileattr_set+0xbf0/0xbf0
[ 84.672478][ T5164] ? ioctl_has_perm.constprop.0.isra.0+0x2f0/0x460
[ 84.679007][ T5164] ? ioctl_has_perm.constprop.0.isra.0+0x2f9/0x460
[ 84.685580][ T5164] ? selinux_bprm_creds_for_exec+0xb30/0xb30
[ 84.691585][ T5164] ? lock_release+0x4bf/0x680
[ 84.696384][ T5164] ? selinux_file_ioctl+0x17d/0x270
[ 84.701599][ T5164] ? selinux_file_ioctl+0xb5/0x270
[ 84.706845][ T5164] ? btrfs_ioctl_get_supported_features+0x40/0x40
[ 84.713301][ T5164] __x64_sys_ioctl+0x18f/0x210
[ 84.718107][ T5164] do_syscall_64+0x38/0xb0
[ 84.722742][ T5164] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 84.728772][ T5164] RIP: 0033:0x7f422cd5b1e9
[ 84.733204][ T5164] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 84.752933][ T5164] RSP: 002b:00007ffcc91133f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 84.761400][ T5164] RAX: ffffffffffffffda RBX: 00007ffcc9113420 RCX: 00007f422cd5b1e9
[ 84.769426][ T5164] RDX: 0000000020000000 RSI: 00000000c0109428 RDI: 0000000000000004
[ 84.777443][ T5164] RBP: 0000000000000001 R08: 00007ffcc9113197 R09: 00007ffcc9113440
[ 84.785542][ T5164] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcc911341c
[ 84.793542][ T5164] R13: 0000000000000008 R14: 431bde82d7b634db R15: 00007ffcc9113460
[ 84.801628][ T5164]
[ 84.804705][ T5164] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 84.811994][ T5164] CPU: 0 PID: 5164 Comm: syz-executor196 Not tainted 6.5.0-syzkaller-12821-g6099776f9f26 #0
[ 84.822309][ T5164] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 84.832374][ T5164] Call Trace:
[ 84.835664][ T5164]
[ 84.838584][ T5164] dump_stack_lvl+0xd9/0x1b0
[ 84.843267][ T5164] panic+0x6a6/0x750
[ 84.847168][ T5164] ? panic_smp_self_stop+0xa0/0xa0
[ 84.852296][ T5164] ? kernfs_remove_by_name_ns+0x106/0x120
[ 84.858012][ T5164] check_panic_on_warn+0xab/0xb0
[ 84.862946][ T5164] __warn+0xf2/0x380
[ 84.866839][ T5164] ? kernfs_remove_by_name_ns+0x106/0x120
[ 84.872672][ T5164] report_bug+0x3bc/0x580
[ 84.877033][ T5164] handle_bug+0x3c/0x70
[ 84.881199][ T5164] exc_invalid_op+0x17/0x40
[ 84.885713][ T5164] asm_exc_invalid_op+0x1a/0x20
[ 84.890581][ T5164] RIP: 0010:kernfs_remove_by_name_ns+0x106/0x120
[ 84.896928][ T5164] Code: f5 51 ff e8 8c b7 72 ff bb fe ff ff ff 89 d8 5b 5d 41 5c 41 5d c3 e8 79 b7 72 ff 4c 89 e6 48 c7 c7 a0 0f a0 8a e8 8a d6 38 ff <0f> 0b eb d5 e8 51 b4 c7 ff e9 60 ff ff ff e8 47 b4 c7 ff e9 27 ff
[ 84.916631][ T5164] RSP: 0018:ffffc90003abf910 EFLAGS: 00010286
[ 84.922698][ T5164] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 84.930666][ T5164] RDX: ffff88807761c140 RSI: ffffffff814cf106 RDI: 0000000000000001
[ 84.938638][ T5164] RBP: ffffffff8d3236c0 R08: 0000000000000001 R09: 0000000000000000
[ 84.946619][ T5164] R10: 0000000000000001 R11: 0000000000000001 R12: ffffffff8ad6d560
[ 84.954610][ T5164] R13: 0000000000000000 R14: ffffffff8ad6d480 R15: ffff888078680038
[ 84.962595][ T5164] ? __warn_printk+0x1a6/0x350
[ 84.967376][ T5164] remove_files+0x96/0x1c0
[ 84.971807][ T5164] sysfs_remove_group+0x8b/0x170
[ 84.976765][ T5164] sysfs_remove_groups+0x60/0xa0
[ 84.981719][ T5164] __kobject_del+0x83/0x1e0
[ 84.986232][ T5164] kobject_del+0x3f/0x60
[ 84.990504][ T5164] btrfs_sysfs_del_qgroups+0x119/0x1a0
[ 84.996077][ T5164] btrfs_sysfs_add_qgroups+0x218/0x2a0
[ 85.001575][ T5164] btrfs_quota_enable+0x31d/0x1c60
[ 85.006714][ T5164] ? lock_acquire+0x464/0x510
[ 85.011512][ T5164] ? btrfs_free_qgroup_config+0xe0/0xe0
[ 85.017091][ T5164] ? lock_release+0x4bf/0x680
[ 85.021785][ T5164] ? __might_fault+0xe5/0x190
[ 85.026480][ T5164] ? preempt_count_sub+0x150/0x150
[ 85.031611][ T5164] ? down_write+0x14f/0x200
[ 85.036127][ T5164] ? down_write_killable_nested+0x250/0x250
[ 85.042126][ T5164] ? _copy_from_user+0x5d/0xf0
[ 85.046909][ T5164] btrfs_ioctl+0x4b27/0x5cf0
[ 85.051514][ T5164] ? btrfs_ioctl_get_supported_features+0x40/0x40
[ 85.057937][ T5164] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 85.063851][ T5164] ? do_vfs_ioctl+0x379/0x1920
[ 85.068628][ T5164] ? vfs_fileattr_set+0xbf0/0xbf0
[ 85.073659][ T5164] ? ioctl_has_perm.constprop.0.isra.0+0x2f0/0x460
[ 85.080172][ T5164] ? ioctl_has_perm.constprop.0.isra.0+0x2f9/0x460
[ 85.086697][ T5164] ? selinux_bprm_creds_for_exec+0xb30/0xb30
[ 85.092698][ T5164] ? lock_release+0x4bf/0x680
[ 85.097392][ T5164] ? selinux_file_ioctl+0x17d/0x270
[ 85.102600][ T5164] ? selinux_file_ioctl+0xb5/0x270
[ 85.107721][ T5164] ? btrfs_ioctl_get_supported_features+0x40/0x40
[ 85.114149][ T5164] __x64_sys_ioctl+0x18f/0x210
[ 85.118926][ T5164] do_syscall_64+0x38/0xb0
[ 85.123361][ T5164] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 85.129373][ T5164] RIP: 0033:0x7f422cd5b1e9
[ 85.133814][ T5164] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 85.153551][ T5164] RSP: 002b:00007ffcc91133f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 85.161976][ T5164] RAX: ffffffffffffffda RBX: 00007ffcc9113420 RCX: 00007f422cd5b1e9
[ 85.169961][ T5164] RDX: 0000000020000000 RSI: 00000000c0109428 RDI: 0000000000000004
[ 85.178020][ T5164] RBP: 0000000000000001 R08: 00007ffcc9113197 R09: 00007ffcc9113440
[ 85.185996][ T5164] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcc911341c
[ 85.194403][ T5164] R13: 0000000000000008 R14: 431bde82d7b634db R15: 00007ffcc9113460
[ 85.202485][ T5164]
[ 85.205796][ T5164] Kernel Offset: disabled
[ 85.210122][ T5164] Rebooting in 86400 seconds..