./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1765415167 <...> Warning: Permanently added '10.128.0.206' (ED25519) to the list of known hosts. execve("./syz-executor1765415167", ["./syz-executor1765415167"], 0x7fff0e456bd0 /* 10 vars */) = 0 brk(NULL) = 0x555556a2e000 brk(0x555556a2ed00) = 0x555556a2ed00 arch_prctl(ARCH_SET_FS, 0x555556a2e380) = 0 set_tid_address(0x555556a2e650) = 5058 set_robust_list(0x555556a2e660, 24) = 0 rseq(0x555556a2eca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1765415167", 4096) = 28 getrandom("\xfd\x15\xb6\xdd\x64\xe0\x8b\x0e", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555556a2ed00 brk(0x555556a4fd00) = 0x555556a4fd00 brk(0x555556a50000) = 0x555556a50000 mprotect(0x7f17385c4000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 mkdir("./syzkaller.9qAFwx", 0700) = 0 chmod("./syzkaller.9qAFwx", 0777) = 0 chdir("./syzkaller.9qAFwx") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5059 attached [pid 5059] set_robust_list(0x555556a2e660, 24) = 0 [pid 5059] chdir("./0" [pid 5058] <... clone resumed>, child_tidptr=0x555556a2e650) = 5059 [pid 5059] <... chdir resumed>) = 0 [pid 5059] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] setpgid(0, 0) = 0 [pid 5059] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5059] write(3, "1000", 4) = 4 [pid 5059] close(3) = 0 [pid 5059] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5059] memfd_create("syzkaller", 0) = 3 [pid 5059] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f173010c000 [pid 5059] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5059] munmap(0x7f173010c000, 138412032) = 0 [pid 5059] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5059] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5059] close(3) = 0 [pid 5059] mkdir("./bus", 0777) = 0 [ 70.022802][ T5059] loop0: detected capacity change from 0 to 32768 [ 70.042340][ T5059] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor176 (5059) [ 70.062398][ T5059] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [pid 5059] mount("/dev/loop0", "./bus", "btrfs", MS_NOEXEC|MS_SYNCHRONOUS, "") = 0 [pid 5059] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5059] chdir("./bus") = 0 [pid 5059] ioctl(4, LOOP_CLR_FD) = 0 [pid 5059] close(4) = 0 [ 70.072882][ T5059] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 70.082681][ T5059] BTRFS info (device loop0): using free space tree [ 70.108368][ T5059] BTRFS info (device loop0): enabling ssd optimizations [ 70.115459][ T5059] BTRFS info (device loop0): auto enabling async discard [pid 5059] openat(AT_FDCWD, "./file0", O_RDONLY) = 4 [pid 5059] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 5059] write(5, "23", 2) = 2 [ 70.186776][ T5059] FAULT_INJECTION: forcing a failure. [ 70.186776][ T5059] name failslab, interval 1, probability 0, space 0, times 1 [ 70.199809][ T5059] CPU: 1 PID: 5059 Comm: syz-executor176 Not tainted 6.7.0-rc3-syzkaller-00134-g994d5c58e50e #0 [ 70.210269][ T5059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 [ 70.220346][ T5059] Call Trace: [ 70.223644][ T5059] [ 70.226603][ T5059] dump_stack_lvl+0x1e7/0x2d0 [ 70.231347][ T5059] ? nf_tcp_handle_invalid+0x650/0x650 [ 70.236834][ T5059] ? panic+0x850/0x850 [ 70.240932][ T5059] ? __might_sleep+0xe0/0xe0 [ 70.245564][ T5059] should_fail_ex+0x3aa/0x4e0 [ 70.250276][ T5059] ? join_transaction+0x144/0xcf0 [ 70.255336][ T5059] should_failslab+0x9/0x20 [ 70.259865][ T5059] __kmem_cache_alloc_node+0x6d/0x300 [ 70.265273][ T5059] ? do_raw_spin_unlock+0x13b/0x8b0 [ 70.270510][ T5059] ? join_transaction+0x144/0xcf0 [ 70.275570][ T5059] kmalloc_trace+0x2a/0x60 [ 70.280011][ T5059] join_transaction+0x144/0xcf0 [ 70.284891][ T5059] ? start_transaction+0x923/0x1780 [ 70.290114][ T5059] start_transaction+0xbd2/0x1780 [ 70.295159][ T5059] btrfs_unlink+0x12d/0x350 [ 70.299669][ T5059] ? btrfs_link+0x7a0/0x7a0 [ 70.304186][ T5059] ? __down_write_common+0x161/0x200 [ 70.309489][ T5059] ? bpf_lsm_inode_unlink+0x9/0x10 [ 70.314601][ T5059] ? security_inode_unlink+0xce/0x110 [ 70.319976][ T5059] vfs_unlink+0x35d/0x5f0 [ 70.324326][ T5059] do_unlinkat+0x4ae/0x830 [ 70.328784][ T5059] ? fsnotify_link_count+0xf0/0xf0 [ 70.333924][ T5059] ? strncpy_from_user+0x1a5/0x2e0 [ 70.339065][ T5059] __x64_sys_unlinkat+0xce/0xf0 [ 70.343942][ T5059] do_syscall_64+0x45/0x110 [ 70.348467][ T5059] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 70.354385][ T5059] RIP: 0033:0x7f173854b1a9 [ 70.358808][ T5059] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 70.378425][ T5059] RSP: 002b:00007ffc4af78038 EFLAGS: 00000246 ORIG_RAX: 0000000000000107 [pid 5059] unlinkat(4, "./file0", 0) = -1 ENOMEM (Cannot allocate memory) [pid 5059] exit_group(0) = ? [pid 5059] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5059, si_uid=0, si_status=0, si_utime=0, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a2f6f0 /* 4 entries */, 32768) = 104 [ 70.386854][ T5059] RAX: ffffffffffffffda RBX: 00007ffc4af78060 RCX: 00007f173854b1a9 [ 70.394835][ T5059] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 70.402812][ T5059] RBP: 0000000000000002 R08: 00007ffc4af77dd6 R09: 00007ffc4af78080 [ 70.410786][ T5059] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001 [ 70.418760][ T5059] R13: 0000000000000000 R14: 431bde82d7b634db R15: 00007ffc4af780a0 [ 70.426756][ T5059] [ 70.442594][ T5058] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a37730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a37730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/bus") = 0 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 getdents64(3, 0x555556a2f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5078 attached [pid 5078] set_robust_list(0x555556a2e660, 24) = 0 [pid 5078] chdir("./1") = 0 [pid 5078] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5058] <... clone resumed>, child_tidptr=0x555556a2e650) = 5078 [pid 5078] <... prctl resumed>) = 0 [pid 5078] setpgid(0, 0) = 0 [pid 5078] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5078] write(3, "1000", 4) = 4 [pid 5078] close(3) = 0 [pid 5078] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5078] memfd_create("syzkaller", 0) = 3 [pid 5078] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f173010c000 [pid 5078] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5078] munmap(0x7f173010c000, 138412032) = 0 [pid 5078] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5078] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5078] close(3) = 0 [pid 5078] mkdir("./bus", 0777) = 0 [ 70.968442][ T5078] loop0: detected capacity change from 0 to 32768 [ 70.985981][ T5078] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor176 (5078) [ 71.003235][ T5078] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [pid 5078] mount("/dev/loop0", "./bus", "btrfs", MS_NOEXEC|MS_SYNCHRONOUS, "") = 0 [pid 5078] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5078] chdir("./bus") = 0 [pid 5078] ioctl(4, LOOP_CLR_FD) = 0 [pid 5078] close(4) = 0 [pid 5078] openat(AT_FDCWD, "./file0", O_RDONLY) = 4 [ 71.013471][ T5078] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 71.022941][ T5078] BTRFS info (device loop0): using free space tree [ 71.044803][ T5078] BTRFS info (device loop0): enabling ssd optimizations [ 71.051766][ T5078] BTRFS info (device loop0): auto enabling async discard [pid 5078] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 5078] write(5, "23", 2) = 2 [ 71.117564][ T5078] FAULT_INJECTION: forcing a failure. [ 71.117564][ T5078] name failslab, interval 1, probability 0, space 0, times 0 [ 71.131115][ T5078] CPU: 1 PID: 5078 Comm: syz-executor176 Not tainted 6.7.0-rc3-syzkaller-00134-g994d5c58e50e #0 [ 71.141574][ T5078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 [ 71.151662][ T5078] Call Trace: [ 71.154990][ T5078] [ 71.157960][ T5078] dump_stack_lvl+0x1e7/0x2d0 [ 71.162705][ T5078] ? nf_tcp_handle_invalid+0x650/0x650 [ 71.168217][ T5078] ? panic+0x850/0x850 [ 71.172345][ T5078] should_fail_ex+0x3aa/0x4e0 [ 71.177076][ T5078] ? __btrfs_unlink_inode+0x140/0x900 [ 71.182507][ T5078] should_failslab+0x9/0x20 [ 71.187082][ T5078] kmem_cache_alloc+0x6d/0x2b0 [ 71.191908][ T5078] __btrfs_unlink_inode+0x140/0x900 [ 71.197162][ T5078] ? start_transaction+0x3dc/0x1780 [ 71.202408][ T5078] ? btrfs_unlink_inode+0x70/0x70 [ 71.207494][ T5078] ? btrfs_record_unlink_dir+0xc4/0x170 [ 71.213102][ T5078] btrfs_unlink+0x1bc/0x350 [ 71.217662][ T5078] ? btrfs_link+0x7a0/0x7a0 [ 71.222204][ T5078] ? __down_write_common+0x161/0x200 [ 71.227544][ T5078] ? bpf_lsm_inode_unlink+0x9/0x10 [ 71.232674][ T5078] ? security_inode_unlink+0xce/0x110 [ 71.238067][ T5078] vfs_unlink+0x35d/0x5f0 [ 71.242424][ T5078] do_unlinkat+0x4ae/0x830 [ 71.246858][ T5078] ? fsnotify_link_count+0xf0/0xf0 [ 71.251980][ T5078] ? strncpy_from_user+0x1a5/0x2e0 [ 71.257122][ T5078] __x64_sys_unlinkat+0xce/0xf0 [ 71.261983][ T5078] do_syscall_64+0x45/0x110 [ 71.266500][ T5078] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 71.272494][ T5078] RIP: 0033:0x7f173854b1a9 [ 71.276922][ T5078] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 71.296622][ T5078] RSP: 002b:00007ffc4af78038 EFLAGS: 00000246 ORIG_RAX: 0000000000000107 [ 71.305046][ T5078] RAX: ffffffffffffffda RBX: 00007ffc4af78060 RCX: 00007f173854b1a9 [pid 5078] unlinkat(4, "./file0", 0) = -1 ENOMEM (Cannot allocate memory) [pid 5078] exit_group(0) = ? [pid 5078] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5078, si_uid=0, si_status=0, si_utime=0, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 71.313018][ T5078] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 71.320996][ T5078] RBP: 0000000000000002 R08: 00007ffc4af77dd6 R09: 00007ffc4af78080 [ 71.328977][ T5078] R10: 0000000000000002 R11: 0000000000000246 R12: 00007ffc4af7805c [ 71.336962][ T5078] R13: 0000000000000001 R14: 431bde82d7b634db R15: 00007ffc4af780a0 [ 71.344956][ T5078] getdents64(3, 0x555556a2f6f0 /* 4 entries */, 32768) = 104 [ 71.413087][ T5058] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556a37730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556a37730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/bus") = 0 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 getdents64(3, 0x555556a2f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5095 attached , child_tidptr=0x555556a2e650) = 5095 [pid 5095] set_robust_list(0x555556a2e660, 24) = 0 [pid 5095] chdir("./2") = 0 [pid 5095] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5095] setpgid(0, 0) = 0 [pid 5095] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5095] write(3, "1000", 4) = 4 [pid 5095] close(3) = 0 [pid 5095] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5095] memfd_create("syzkaller", 0) = 3 [pid 5095] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f173010c000 [pid 5095] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5095] munmap(0x7f173010c000, 138412032) = 0 [pid 5095] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5095] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5095] close(3) = 0 [pid 5095] mkdir("./bus", 0777) = 0 [ 71.923723][ T5095] loop0: detected capacity change from 0 to 32768 [ 71.949239][ T5095] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz-executor176 (5095) [pid 5095] mount("/dev/loop0", "./bus", "btrfs", MS_NOEXEC|MS_SYNCHRONOUS, "") = 0 [pid 5095] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [ 71.965979][ T5095] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 71.976261][ T5095] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 71.985708][ T5095] BTRFS info (device loop0): using free space tree [ 72.007186][ T5095] BTRFS info (device loop0): enabling ssd optimizations [ 72.014175][ T5095] BTRFS info (device loop0): auto enabling async discard [pid 5095] chdir("./bus") = 0 [pid 5095] ioctl(4, LOOP_CLR_FD) = 0 [pid 5095] close(4) = 0 [pid 5095] openat(AT_FDCWD, "./file0", O_RDONLY) = 4 [pid 5095] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 5095] write(5, "23", 2) = 2 [ 72.087611][ T5095] FAULT_INJECTION: forcing a failure. [ 72.087611][ T5095] name failslab, interval 1, probability 0, space 0, times 0 [ 72.101013][ T5095] CPU: 0 PID: 5095 Comm: syz-executor176 Not tainted 6.7.0-rc3-syzkaller-00134-g994d5c58e50e #0 [ 72.111477][ T5095] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 [ 72.121654][ T5095] Call Trace: [ 72.124967][ T5095] [ 72.127935][ T5095] dump_stack_lvl+0x1e7/0x2d0 [ 72.132664][ T5095] ? nf_tcp_handle_invalid+0x650/0x650 [ 72.138171][ T5095] ? panic+0x850/0x850 [ 72.142300][ T5095] should_fail_ex+0x3aa/0x4e0 [ 72.147035][ T5095] ? btrfs_alloc_tree_block+0xbb1/0x1700 [ 72.152710][ T5095] should_failslab+0x9/0x20 [ 72.157242][ T5095] kmem_cache_alloc+0x6d/0x2b0 [ 72.162025][ T5095] ? set_extent_bit+0x3b/0x50 [ 72.166724][ T5095] btrfs_alloc_tree_block+0xbb1/0x1700 [ 72.172214][ T5095] ? alloc_reserved_file_extent+0x6d0/0x6d0 [ 72.178129][ T5095] ? read_extent_buffer+0x11f/0x2a0 [ 72.183352][ T5095] ? __asan_memcpy+0x40/0x70 [ 72.187966][ T5095] btrfs_force_cow_block+0x545/0x1b70 [ 72.193360][ T5095] ? btrfs_qgroup_trace_subtree_after_cow+0x1b3/0x1460 [ 72.200225][ T5095] ? btrfs_block_can_be_shared+0x360/0x360 [ 72.206049][ T5095] ? btrfs_qgroup_add_swapped_blocks+0x8f0/0x990 [ 72.212426][ T5095] ? clear_nonspinnable+0x60/0x60 [ 72.217501][ T5095] btrfs_cow_block+0x35e/0xa20 [ 72.222297][ T5095] btrfs_search_slot+0xbdd/0x30c0 [ 72.227374][ T5095] ? btrfs_find_item+0x5c0/0x5c0 [ 72.232345][ T5095] btrfs_lookup_dir_item+0x1c6/0x310 [ 72.237644][ T5095] ? btrfs_insert_dir_item+0x640/0x640 [ 72.243122][ T5095] ? __btrfs_unlink_inode+0x140/0x900 [ 72.248520][ T5095] ? rcu_is_watching+0x15/0xb0 [ 72.253303][ T5095] ? __btrfs_unlink_inode+0x140/0x900 [ 72.258700][ T5095] ? kmem_cache_alloc+0x8a/0x2b0 [ 72.263662][ T5095] __btrfs_unlink_inode+0x178/0x900 [ 72.268890][ T5095] ? btrfs_unlink_inode+0x70/0x70 [ 72.273940][ T5095] ? btrfs_record_unlink_dir+0xc4/0x170 [ 72.279502][ T5095] btrfs_unlink+0x1bc/0x350 [ 72.284020][ T5095] ? btrfs_link+0x7a0/0x7a0 [ 72.288536][ T5095] ? __down_write_common+0x161/0x200 [ 72.294000][ T5095] ? bpf_lsm_inode_unlink+0x9/0x10 [ 72.299126][ T5095] ? security_inode_unlink+0xce/0x110 [ 72.304507][ T5095] vfs_unlink+0x35d/0x5f0 [ 72.308875][ T5095] do_unlinkat+0x4ae/0x830 [ 72.313331][ T5095] ? fsnotify_link_count+0xf0/0xf0 [ 72.318463][ T5095] ? strncpy_from_user+0x1a5/0x2e0 [ 72.323630][ T5095] __x64_sys_unlinkat+0xce/0xf0 [ 72.328510][ T5095] do_syscall_64+0x45/0x110 [ 72.333032][ T5095] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 72.338956][ T5095] RIP: 0033:0x7f173854b1a9 [ 72.343382][ T5095] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 72.363029][ T5095] RSP: 002b:00007ffc4af78038 EFLAGS: 00000246 ORIG_RAX: 0000000000000107 [ 72.371456][ T5095] RAX: ffffffffffffffda RBX: 00007ffc4af78060 RCX: 00007f173854b1a9 [ 72.379438][ T5095] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [pid 5095] unlinkat(4, "./file0", 0) = -1 ENOMEM (Cannot allocate memory) [pid 5095] exit_group(0) = ? [ 72.387425][ T5095] RBP: 0000000000000002 R08: 00007ffc4af77dd6 R09: 00007ffc4af78080 [ 72.395404][ T5095] R10: 0000000000000002 R11: 0000000000000246 R12: 00007ffc4af7805c [ 72.403388][ T5095] R13: 0000000000000002 R14: 431bde82d7b634db R15: 00007ffc4af780a0 [ 72.411385][ T5095] [pid 5095] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5095, si_uid=0, si_status=0, si_utime=0, si_stime=23 /* 0.23 s */} --- umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556a2f6f0 /* 4 entries */, 32768) = 104 [ 72.510623][ T5058] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 72.546600][ T5058] ------------[ cut here ]------------ [ 72.552230][ T5058] WARNING: CPU: 1 PID: 5058 at fs/btrfs/space-info.h:199 btrfs_space_info_update_bytes_may_use+0x2a0/0x610 [ 72.563876][ T5058] Modules linked in: [ 72.567848][ T5058] CPU: 1 PID: 5058 Comm: syz-executor176 Not tainted 6.7.0-rc3-syzkaller-00134-g994d5c58e50e #0 [ 72.578327][ T5058] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 [ 72.588437][ T5058] RIP: 0010:btrfs_space_info_update_bytes_may_use+0x2a0/0x610 [ 72.595964][ T5058] Code: 00 00 74 08 4c 89 ff e8 5e 9c 32 fe 49 8b 1f 48 89 df 48 8b 6c 24 20 48 89 ee e8 7b 96 d6 fd 48 39 eb 73 16 e8 61 94 d6 fd 90 <0f> 0b 90 45 31 f6 43 80 7c 25 00 00 75 aa eb b0 e8 4b 94 d6 fd 43 [ 72.615649][ T5058] RSP: 0018:ffffc90003a2f920 EFLAGS: 00010293 [ 72.621770][ T5058] RAX: ffffffff83b7e5df RBX: 000000000015f000 RCX: ffff888025350000 [ 72.629804][ T5058] RDX: 0000000000000000 RSI: 0000000000160000 RDI: 000000000015f000 [ 72.637815][ T5058] RBP: 0000000000160000 R08: ffffffff83b7e5d5 R09: 1ffffffff1e01725 [ 72.645831][ T5058] R10: dffffc0000000000 R11: fffffbfff1e01726 R12: dffffc0000000000 [ 72.653818][ T5058] R13: 1ffff110296d140c R14: ffffffffffea0000 R15: ffff88814b68a060 [ 72.661846][ T5058] FS: 0000555556a2e380(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 72.670829][ T5058] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 72.677481][ T5058] CR2: 0000555556a376f8 CR3: 0000000074adf000 CR4: 00000000003506f0 [ 72.685505][ T5058] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 72.693474][ T5058] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 72.701480][ T5058] Call Trace: [ 72.704792][ T5058] [ 72.707743][ T5058] ? __warn+0x162/0x4b0 [ 72.711899][ T5058] ? btrfs_space_info_update_bytes_may_use+0x2a0/0x610 [ 72.718801][ T5058] ? report_bug+0x2b3/0x500 [ 72.723350][ T5058] ? btrfs_space_info_update_bytes_may_use+0x2a0/0x610 [ 72.730274][ T5058] ? handle_bug+0x3e/0x60 [ 72.734675][ T5058] ? exc_invalid_op+0x1a/0x50 [ 72.739359][ T5058] ? asm_exc_invalid_op+0x1a/0x20 [ 72.744455][ T5058] ? btrfs_space_info_update_bytes_may_use+0x295/0x610 [ 72.751324][ T5058] ? btrfs_space_info_update_bytes_may_use+0x29f/0x610 [ 72.758228][ T5058] ? btrfs_space_info_update_bytes_may_use+0x2a0/0x610 [ 72.765218][ T5058] btrfs_block_rsv_release+0x4fb/0x5f0 [ 72.770709][ T5058] ? do_raw_read_unlock+0x80/0x80 [ 72.775792][ T5058] btrfs_release_global_block_rsv+0x33/0x270 [ 72.781798][ T5058] btrfs_free_block_groups+0xc39/0x1070 [ 72.787429][ T5058] close_ctree+0x75a/0xd40 [ 72.791884][ T5058] ? hook_sb_delete+0x846/0xb80 [ 72.796811][ T5058] ? __btrfs_handle_fs_error+0x380/0x380 [ 72.802458][ T5058] ? init_tree_roots+0x1f10/0x1f10 [ 72.807637][ T5058] ? hook_sb_delete+0x1a3/0xb80 [ 72.812515][ T5058] ? hook_inode_free_security+0xb0/0xb0 [ 72.818131][ T5058] ? clear_inode+0x160/0x160 [ 72.822752][ T5058] ? btrfs_fill_super+0x2f0/0x2f0 [ 72.827828][ T5058] generic_shutdown_super+0x13a/0x2c0 [ 72.833242][ T5058] kill_anon_super+0x3b/0x70 [ 72.837907][ T5058] btrfs_kill_super+0x41/0x50 [ 72.842614][ T5058] deactivate_locked_super+0xc1/0x130 [ 72.848034][ T5058] cleanup_mnt+0x426/0x4c0 [ 72.852480][ T5058] ? _raw_spin_unlock_irq+0x23/0x50 [ 72.857729][ T5058] task_work_run+0x24a/0x300 [ 72.862351][ T5058] ? task_work_cancel+0x2b0/0x2b0 [ 72.867431][ T5058] ? lockdep_hardirqs_on+0x98/0x140 [ 72.872658][ T5058] ? __x64_sys_umount+0x126/0x170 [ 72.877742][ T5058] ptrace_notify+0x2cd/0x380 [ 72.882408][ T5058] ? do_notify_parent+0x10c0/0x10c0 [ 72.887681][ T5058] ? __x64_sys_umount+0x126/0x170 [ 72.892730][ T5058] ? path_umount+0xf40/0xf40 [ 72.897378][ T5058] ? syscall_enter_from_user_mode+0xa4/0x2d0 [ 72.903392][ T5058] syscall_exit_to_user_mode+0x168/0x2a0 [ 72.909083][ T5058] do_syscall_64+0x52/0x110 [ 72.913619][ T5058] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 72.919577][ T5058] RIP: 0033:0x7f173854c407 [ 72.924013][ T5058] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 [ 72.943773][ T5058] RSP: 002b:00007ffc4af76f48 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 [ 72.952852][ T5058] RAX: 0000000000000000 RBX: 00000000000117e1 RCX: 00007f173854c407 [ 72.960867][ T5058] RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffc4af77000 [ 72.968878][ T5058] RBP: 00007ffc4af77000 R08: 0000000000000000 R09: 0000000000000000 [ 72.976888][ T5058] R10: 00000000ffffffff R11: 0000000000000206 R12: 00007ffc4af78080 [ 72.984890][ T5058] R13: 0000555556a2f6c0 R14: 431bde82d7b634db R15: 00007ffc4af780a0 [ 72.992867][ T5058] [ 72.995930][ T5058] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 73.003217][ T5058] CPU: 1 PID: 5058 Comm: syz-executor176 Not tainted 6.7.0-rc3-syzkaller-00134-g994d5c58e50e #0 [ 73.013624][ T5058] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 [ 73.023682][ T5058] Call Trace: [ 73.026981][ T5058] [ 73.029913][ T5058] dump_stack_lvl+0x1e7/0x2d0 [ 73.034611][ T5058] ? nf_tcp_handle_invalid+0x650/0x650 [ 73.040080][ T5058] ? panic+0x850/0x850 [ 73.044162][ T5058] ? vscnprintf+0x5d/0x80 [ 73.048500][ T5058] panic+0x349/0x850 [ 73.052405][ T5058] ? __warn+0x171/0x4b0 [ 73.056568][ T5058] ? __memcpy_flushcache+0x2b0/0x2b0 [ 73.061878][ T5058] __warn+0x318/0x4b0 [ 73.065865][ T5058] ? btrfs_space_info_update_bytes_may_use+0x2a0/0x610 [ 73.072720][ T5058] report_bug+0x2b3/0x500 [ 73.077064][ T5058] ? btrfs_space_info_update_bytes_may_use+0x2a0/0x610 [ 73.086529][ T5058] handle_bug+0x3e/0x60 [ 73.090697][ T5058] exc_invalid_op+0x1a/0x50 [ 73.095216][ T5058] asm_exc_invalid_op+0x1a/0x20 [ 73.100084][ T5058] RIP: 0010:btrfs_space_info_update_bytes_may_use+0x2a0/0x610 [ 73.107549][ T5058] Code: 00 00 74 08 4c 89 ff e8 5e 9c 32 fe 49 8b 1f 48 89 df 48 8b 6c 24 20 48 89 ee e8 7b 96 d6 fd 48 39 eb 73 16 e8 61 94 d6 fd 90 <0f> 0b 90 45 31 f6 43 80 7c 25 00 00 75 aa eb b0 e8 4b 94 d6 fd 43 [ 73.127159][ T5058] RSP: 0018:ffffc90003a2f920 EFLAGS: 00010293 [ 73.133230][ T5058] RAX: ffffffff83b7e5df RBX: 000000000015f000 RCX: ffff888025350000 [ 73.141214][ T5058] RDX: 0000000000000000 RSI: 0000000000160000 RDI: 000000000015f000 [ 73.149191][ T5058] RBP: 0000000000160000 R08: ffffffff83b7e5d5 R09: 1ffffffff1e01725 [ 73.157168][ T5058] R10: dffffc0000000000 R11: fffffbfff1e01726 R12: dffffc0000000000 [ 73.165165][ T5058] R13: 1ffff110296d140c R14: ffffffffffea0000 R15: ffff88814b68a060 [ 73.173153][ T5058] ? btrfs_space_info_update_bytes_may_use+0x295/0x610 [ 73.180030][ T5058] ? btrfs_space_info_update_bytes_may_use+0x29f/0x610 [ 73.186912][ T5058] btrfs_block_rsv_release+0x4fb/0x5f0 [ 73.192379][ T5058] ? do_raw_read_unlock+0x80/0x80 [ 73.197421][ T5058] btrfs_release_global_block_rsv+0x33/0x270 [ 73.203497][ T5058] btrfs_free_block_groups+0xc39/0x1070 [ 73.209060][ T5058] close_ctree+0x75a/0xd40 [ 73.213503][ T5058] ? hook_sb_delete+0x846/0xb80 [ 73.218368][ T5058] ? __btrfs_handle_fs_error+0x380/0x380 [ 73.224009][ T5058] ? init_tree_roots+0x1f10/0x1f10 [ 73.229128][ T5058] ? hook_sb_delete+0x1a3/0xb80 [ 73.233994][ T5058] ? hook_inode_free_security+0xb0/0xb0 [ 73.239562][ T5058] ? clear_inode+0x160/0x160 [ 73.244163][ T5058] ? btrfs_fill_super+0x2f0/0x2f0 [ 73.249191][ T5058] generic_shutdown_super+0x13a/0x2c0 [ 73.254567][ T5058] kill_anon_super+0x3b/0x70 [ 73.259159][ T5058] btrfs_kill_super+0x41/0x50 [ 73.263838][ T5058] deactivate_locked_super+0xc1/0x130 [ 73.269211][ T5058] cleanup_mnt+0x426/0x4c0 [ 73.273723][ T5058] ? _raw_spin_unlock_irq+0x23/0x50 [ 73.278933][ T5058] task_work_run+0x24a/0x300 [ 73.283546][ T5058] ? task_work_cancel+0x2b0/0x2b0 [ 73.288587][ T5058] ? lockdep_hardirqs_on+0x98/0x140 [ 73.293791][ T5058] ? __x64_sys_umount+0x126/0x170 [ 73.298827][ T5058] ptrace_notify+0x2cd/0x380 [ 73.303438][ T5058] ? do_notify_parent+0x10c0/0x10c0 [ 73.308657][ T5058] ? __x64_sys_umount+0x126/0x170 [ 73.313683][ T5058] ? path_umount+0xf40/0xf40 [ 73.318276][ T5058] ? syscall_enter_from_user_mode+0xa4/0x2d0 [ 73.324267][ T5058] syscall_exit_to_user_mode+0x168/0x2a0 [ 73.329914][ T5058] do_syscall_64+0x52/0x110 [ 73.334515][ T5058] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 73.340421][ T5058] RIP: 0033:0x7f173854c407 [ 73.344836][ T5058] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 [ 73.364441][ T5058] RSP: 002b:00007ffc4af76f48 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 [ 73.372855][ T5058] RAX: 0000000000000000 RBX: 00000000000117e1 RCX: 00007f173854c407 [ 73.380922][ T5058] RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffc4af77000 [ 73.388899][ T5058] RBP: 00007ffc4af77000 R08: 0000000000000000 R09: 0000000000000000 [ 73.396885][ T5058] R10: 00000000ffffffff R11: 0000000000000206 R12: 00007ffc4af78080 [ 73.404882][ T5058] R13: 0000555556a2f6c0 R14: 431bde82d7b634db R15: 00007ffc4af780a0 [ 73.412867][ T5058] [ 73.416320][ T5058] Kernel Offset: disabled [ 73.420749][ T5058] Rebooting in 86400 seconds..