./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1245949344
<...>
syzkaller
syzkaller login: [ 63.693970][ T26] kauditd_printk_skb: 42 callbacks suppressed
[ 63.693989][ T26] audit: type=1400 audit(1686768544.847:77): avc: denied { transition } for pid=4843 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 63.723147][ T26] audit: type=1400 audit(1686768544.847:78): avc: denied { noatsecure } for pid=4843 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 63.742755][ T26] audit: type=1400 audit(1686768544.867:79): avc: denied { write } for pid=4843 comm="sh" path="pipe:[29913]" dev="pipefs" ino=29913 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[ 63.766053][ T26] audit: type=1400 audit(1686768544.867:80): avc: denied { rlimitinh } for pid=4843 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 63.785517][ T26] audit: type=1400 audit(1686768544.867:81): avc: denied { siginh } for pid=4843 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 64.876020][ T26] audit: type=1400 audit(1686768546.027:82): avc: denied { read } for pid=4427 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
Warning: Permanently added '10.128.1.131' (ECDSA) to the list of known hosts.
execve("./syz-executor1245949344", ["./syz-executor1245949344"], 0x7ffd2b8ea530 /* 10 vars */) = 0
brk(NULL) = 0x555555d4f000
brk(0x555555d4fc40) = 0x555555d4fc40
arch_prctl(ARCH_SET_FS, 0x555555d4f300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor1245949344", 4096) = 28
brk(0x555555d70c40) = 0x555555d70c40
brk(0x555555d71000) = 0x555555d71000
mprotect(0x7fd3ee57a000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
[ 82.528844][ T26] audit: type=1400 audit(1686768563.687:83): avc: denied { write } for pid=4990 comm="strace-static-x" path="pipe:[29514]" dev="pipefs" ino=29514 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
getpid() = 4993
mkdir("./syzkaller.CebhBM", 0700) = 0
chmod("./syzkaller.CebhBM", 0777) = 0
chdir("./syzkaller.CebhBM") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d4f5d0) = 4994
./strace-static-x86_64: Process 4994 attached
[pid 4994] chdir("./0") = 0
[pid 4994] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 4994] setpgid(0, 0) = 0
[pid 4994] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 4994] write(3, "1000", 4) = 4
[pid 4994] close(3) = 0
[pid 4994] symlink("/dev/binderfs", "./binderfs") = 0
[pid 4994] memfd_create("syzkaller", 0) = 3
[pid 4994] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd3e60b9000
[ 82.576669][ T26] audit: type=1400 audit(1686768563.727:84): avc: denied { execmem } for pid=4993 comm="syz-executor124" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 82.604712][ T4994] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=4994 'syz-executor124'
[ 82.624763][ T26] audit: type=1400 audit(1686768563.747:85): avc: denied { read write } for pid=4993 comm="syz-executor124" name="loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 82.653786][ T26] audit: type=1400 audit(1686768563.747:86): avc: denied { open } for pid=4993 comm="syz-executor124" path="/dev/loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 82.679974][ T26] audit: type=1400 audit(1686768563.747:87): avc: denied { ioctl } for pid=4993 comm="syz-executor124" path="/dev/loop0" dev="devtmpfs" ino=648 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[pid 4994] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 4994] munmap(0x7fd3e60b9000, 16777216) = 0
[pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 4994] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 4994] close(3) = 0
[pid 4994] mkdir("./file0", 0777) = 0
[ 82.910310][ T4994] loop0: detected capacity change from 0 to 32768
[ 82.918789][ T26] audit: type=1400 audit(1686768564.077:88): avc: denied { append } for pid=4427 comm="syslogd" name="messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 82.925769][ T4994] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor124 (4994)
[ 82.941364][ T26] audit: type=1400 audit(1686768564.077:89): avc: denied { open } for pid=4427 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 82.977959][ T26] audit: type=1400 audit(1686768564.077:90): avc: denied { getattr } for pid=4427 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 83.000756][ T26] audit: type=1400 audit(1686768564.077:91): avc: denied { mounton } for pid=4994 comm="syz-executor124" path="/root/syzkaller.CebhBM/0/file0" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[ 83.034368][ T4994] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 83.043416][ T4994] BTRFS info (device loop0): enabling ssd optimizations
[ 83.050453][ T4994] BTRFS info (device loop0): using spread ssd allocation scheme
[pid 4994] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0
[pid 4994] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 4994] chdir("./file0") = 0
[pid 4994] ioctl(4, LOOP_CLR_FD) = 0
[ 83.058155][ T4994] BTRFS info (device loop0): turning on sync discard
[ 83.064883][ T4994] BTRFS info (device loop0): using free space tree
[pid 4994] close(4) = 0
[pid 4994] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 83.100893][ T26] audit: type=1400 audit(1686768564.257:92): avc: denied { mount } for pid=4994 comm="syz-executor124" name="/" dev="loop0" ino=256 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[pid 4994] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 4994] creat("./file0/file0", 000) = 5
[pid 4994] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 4994] write(6, "5", 1) = 1
[pid 4994] ioctl(5, FS_IOC_SETFSLABEL, "\x81\xb3\xde\x25\x34\x83\x1d\xeb\x49\x60\x7b\x06\x03\xf5\xb5\x27\x60\x4b\x34\xb8\xc5\x7a\xa0\x99\xf4\xe8\xaf\xa5\x56\xb5\x42\x72\x9f\xc5\x90\xb6\x82\x1c\x6d\x50\x58\xb4\xd8\xe3\x40\x22\xeb\xa5\x6a\x71\x18\x8f\xc9\x01\xa5\xb7\x80\xa0\xcb\xec\x86\xb5\x2e\xd2\xc4\xeb\x32\x88\x98\xbe\x74\xce\xed\x81\x6b\x79\x57\xd9\xc6\xd8\xb5\x9b\x97\x48\x60\x51\x39\x67\xae\xe2\xc9\xaa\x33\x9d\x8e\xde\x28\x96\x65\xd6\xe9\x4e\x20\x1c\xd2\x48\x05\xd2\x5c\xd0\xf6\x3e\x48\xb4\xdd\x5e\xa8\xf1\x01\x57\x35\x2f\x59\x48\xec\x81\x4a\xc7\xda\x25\x05\x4e\x12\x90\x69\x19\xe7\x14\x3e\x2a\x60\x3e\xc6\x49") = 0
[pid 4994] exit_group(0) = ?
[pid 4994] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4994, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=33 /* 0.33 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555d50620 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./0/binderfs") = 0
[ 83.223425][ T45] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555d58660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555d58660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./0/file0") = 0
getdents64(3, 0x555555d50620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./0") = 0
mkdir("./1", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d4f5d0) = 5022
./strace-static-x86_64: Process 5022 attached
[pid 5022] chdir("./1") = 0
[pid 5022] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5022] setpgid(0, 0) = 0
[pid 5022] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5022] write(3, "1000", 4) = 4
[pid 5022] close(3) = 0
[pid 5022] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5022] memfd_create("syzkaller", 0) = 3
[pid 5022] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd3e60b9000
[pid 5022] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5022] munmap(0x7fd3e60b9000, 16777216) = 0
[pid 5022] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5022] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5022] close(3) = 0
[pid 5022] mkdir("./file0", 0777) = 0
[ 83.718693][ T5022] loop0: detected capacity change from 0 to 32768
[ 83.729057][ T5022] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor124 (5022)
[ 83.746245][ T5022] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 83.755075][ T5022] BTRFS info (device loop0): enabling ssd optimizations
[pid 5022] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0
[pid 5022] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5022] chdir("./file0") = 0
[pid 5022] ioctl(4, LOOP_CLR_FD) = 0
[pid 5022] close(4) = 0
[pid 5022] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 83.762094][ T5022] BTRFS info (device loop0): using spread ssd allocation scheme
[ 83.769851][ T5022] BTRFS info (device loop0): turning on sync discard
[ 83.776599][ T5022] BTRFS info (device loop0): using free space tree
[pid 5022] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 5022] creat("./file0/file0", 000) = 5
[pid 5022] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 5022] write(6, "5", 1) = 1
[ 83.855148][ T5022] FAULT_INJECTION: forcing a failure.
[ 83.855148][ T5022] name failslab, interval 1, probability 0, space 0, times 1
[ 83.855405][ T45] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 83.886393][ T5022] CPU: 1 PID: 5022 Comm: syz-executor124 Not tainted 6.4.0-rc6-syzkaller-00037-gb6dad5178cea #0
[ 83.896897][ T5022] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 83.907013][ T5022] Call Trace:
[ 83.910327][ T5022]
[ 83.913291][ T5022] dump_stack_lvl+0x136/0x150
[ 83.918062][ T5022] should_fail_ex+0x4a3/0x5b0
[ 83.922813][ T5022] should_failslab+0x9/0x20
[ 83.927376][ T5022] __kmem_cache_alloc_node+0x5b/0x3f0
[ 83.932864][ T5022] ? common_lsm_audit+0x1ed0/0x1ed0
[ 83.938119][ T5022] ? tomoyo_supervisor+0xccb/0xec0
[ 83.943290][ T5022] __kmalloc+0x4e/0x190
[ 83.947505][ T5022] ? strstr+0x109/0x160
[ 83.951747][ T5022] tomoyo_supervisor+0xccb/0xec0
[ 83.956751][ T5022] ? tomoyo_profile+0x60/0x60
[ 83.961493][ T5022] ? tomoyo_path_matches_pattern+0x114/0x290
[ 83.967551][ T5022] ? tomoyo_check_path_number_acl+0xa9/0x320
[ 83.973613][ T5022] tomoyo_path_number_perm+0x413/0x570
[ 83.979166][ T5022] ? tomoyo_execute_permission+0x4a0/0x4a0
[ 83.985059][ T5022] ? find_held_lock+0x2d/0x110
[ 83.989880][ T5022] ? do_one_initcall+0x373/0x540
[ 83.994883][ T5022] ? lock_downgrade+0x690/0x690
[ 83.999803][ T5022] security_file_ioctl+0x54/0xb0
[ 84.004885][ T5022] __x64_sys_ioctl+0xb7/0x210
[ 84.009625][ T5022] do_syscall_64+0x39/0xb0
[ 84.014102][ T5022] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 84.020069][ T5022] RIP: 0033:0x7fd3ee506b99
[ 84.024529][ T5022] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 84.044288][ T5022] RSP: 002b:00007ffd6d13fcd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[pid 5022] ioctl(5, FS_IOC_SETFSLABEL, "\x81\xb3\xde\x25\x34\x83\x1d\xeb\x49\x60\x7b\x06\x03\xf5\xb5\x27\x60\x4b\x34\xb8\xc5\x7a\xa0\x99\xf4\xe8\xaf\xa5\x56\xb5\x42\x72\x9f\xc5\x90\xb6\x82\x1c\x6d\x50\x58\xb4\xd8\xe3\x40\x22\xeb\xa5\x6a\x71\x18\x8f\xc9\x01\xa5\xb7\x80\xa0\xcb\xec\x86\xb5\x2e\xd2\xc4\xeb\x32\x88\x98\xbe\x74\xce\xed\x81\x6b\x79\x57\xd9\xc6\xd8\xb5\x9b\x97\x48\x60\x51\x39\x67\xae\xe2\xc9\xaa\x33\x9d\x8e\xde\x28\x96\x65\xd6\xe9\x4e\x20\x1c\xd2\x48\x05\xd2\x5c\xd0\xf6\x3e\x48\xb4\xdd\x5e\xa8\xf1\x01\x57\x35\x2f\x59\x48\xec\x81\x4a\xc7\xda\x25\x05\x4e\x12\x90\x69\x19\xe7\x14\x3e\x2a\x60\x3e\xc6\x49") = 0
[pid 5022] exit_group(0) = ?
[pid 5022] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5022, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=25 /* 0.25 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555d50620 /* 4 entries */, 32768) = 112
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./1/binderfs") = 0
[ 84.052770][ T5022] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fd3ee506b99
[ 84.060975][ T5022] RDX: 00000000200001c0 RSI: 0000000041009432 RDI: 0000000000000005
[ 84.068995][ T5022] RBP: 00007ffd6d13fd00 R08: 0000000000000001 R09: 00007ffd6d13fd10
[ 84.076984][ T5022] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[ 84.084969][ T5022] R13: 00007ffd6d13fd40 R14: 00007ffd6d13fd20 R15: 0000000000000001
[ 84.092957][ T5022]
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555d58660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555d58660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./1/file0") = 0
getdents64(3, 0x555555d50620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./1") = 0
mkdir("./2", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d4f5d0) = 5045
./strace-static-x86_64: Process 5045 attached
[pid 5045] chdir("./2") = 0
[pid 5045] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5045] setpgid(0, 0) = 0
[pid 5045] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5045] write(3, "1000", 4) = 4
[pid 5045] close(3) = 0
[pid 5045] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5045] memfd_create("syzkaller", 0) = 3
[pid 5045] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd3e60b9000
[pid 5045] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5045] munmap(0x7fd3e60b9000, 16777216) = 0
[pid 5045] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5045] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5045] close(3) = 0
[pid 5045] mkdir("./file0", 0777) = 0
[ 84.523857][ T5045] loop0: detected capacity change from 0 to 32768
[ 84.535555][ T5045] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor124 (5045)
[ 84.554497][ T5045] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 84.563584][ T5045] BTRFS info (device loop0): enabling ssd optimizations
[pid 5045] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0
[pid 5045] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5045] chdir("./file0") = 0
[pid 5045] ioctl(4, LOOP_CLR_FD) = 0
[pid 5045] close(4) = 0
[pid 5045] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 84.570837][ T5045] BTRFS info (device loop0): using spread ssd allocation scheme
[ 84.578731][ T5045] BTRFS info (device loop0): turning on sync discard
[ 84.585552][ T5045] BTRFS info (device loop0): using free space tree
[pid 5045] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 5045] creat("./file0/file0", 000) = 5
[pid 5045] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 5045] write(6, "5", 1) = 1
[ 84.660657][ T5045] FAULT_INJECTION: forcing a failure.
[ 84.660657][ T5045] name failslab, interval 1, probability 0, space 0, times 0
[ 84.662213][ T9] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 84.678484][ T5045] CPU: 0 PID: 5045 Comm: syz-executor124 Not tainted 6.4.0-rc6-syzkaller-00037-gb6dad5178cea #0
[ 84.693228][ T5045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 84.703304][ T5045] Call Trace:
[ 84.706596][ T5045]
[ 84.709544][ T5045] dump_stack_lvl+0x136/0x150
[ 84.714383][ T5045] should_fail_ex+0x4a3/0x5b0
[ 84.719111][ T5045] should_failslab+0x9/0x20
[ 84.723656][ T5045] kmem_cache_alloc+0x5d/0x3f0
[ 84.728495][ T5045] ? btrfs_delayed_refs_rsv_refill+0x124/0x200
[ 84.734678][ T5045] start_transaction+0x345/0x14c0
[ 84.739736][ T5045] btrfs_ioctl_set_fslabel+0x265/0x3b0
[ 84.745224][ T5045] ? btrfs_flush_workqueue+0x40/0x40
[ 84.750534][ T5045] ? tomoyo_path_number_perm+0x245/0x570
[ 84.756200][ T5045] ? lock_downgrade+0x690/0x690
[ 84.761092][ T5045] ? __kmem_cache_free+0x182/0x2c0
[ 84.766229][ T5045] ? tomoyo_path_number_perm+0x43b/0x570
[ 84.771902][ T5045] btrfs_ioctl+0x3815/0x5b30
[ 84.776537][ T5045] ? tomoyo_path_number_perm+0x166/0x570
[ 84.782210][ T5045] ? tomoyo_execute_permission+0x4a0/0x4a0
[ 84.788055][ T5045] ? btrfs_ioctl_get_supported_features+0x50/0x50
[ 84.794499][ T5045] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 84.800477][ T5045] ? do_vfs_ioctl+0x132/0x1670
[ 84.805268][ T5045] ? vfs_fileattr_set+0xc40/0xc40
[ 84.810318][ T5045] ? ioctl_has_perm.constprop.0.isra.0+0x28c/0x420
[ 84.816840][ T5045] ? ioctl_has_perm.constprop.0.isra.0+0x295/0x420
[ 84.823375][ T5045] ? selinux_bprm_creds_for_exec+0xb20/0xb20
[ 84.829380][ T5045] ? find_held_lock+0x2d/0x110
[ 84.834167][ T5045] ? do_one_initcall+0x373/0x540
[ 84.839142][ T5045] ? lock_downgrade+0x690/0x690
[ 84.844015][ T5045] ? selinux_file_ioctl+0xba/0x280
[ 84.849146][ T5045] ? btrfs_ioctl_get_supported_features+0x50/0x50
[ 84.855616][ T5045] __x64_sys_ioctl+0x197/0x210
[ 84.860409][ T5045] do_syscall_64+0x39/0xb0
[ 84.864845][ T5045] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 84.870796][ T5045] RIP: 0033:0x7fd3ee506b99
[ 84.875246][ T5045] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 84.894984][ T5045] RSP: 002b:00007ffd6d13fcd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 84.903443][ T5045] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fd3ee506b99
[pid 5045] ioctl(5, FS_IOC_SETFSLABEL, "\x81\xb3\xde\x25\x34\x83\x1d\xeb\x49\x60\x7b\x06\x03\xf5\xb5\x27\x60\x4b\x34\xb8\xc5\x7a\xa0\x99\xf4\xe8\xaf\xa5\x56\xb5\x42\x72\x9f\xc5\x90\xb6\x82\x1c\x6d\x50\x58\xb4\xd8\xe3\x40\x22\xeb\xa5\x6a\x71\x18\x8f\xc9\x01\xa5\xb7\x80\xa0\xcb\xec\x86\xb5\x2e\xd2\xc4\xeb\x32\x88\x98\xbe\x74\xce\xed\x81\x6b\x79\x57\xd9\xc6\xd8\xb5\x9b\x97\x48\x60\x51\x39\x67\xae\xe2\xc9\xaa\x33\x9d\x8e\xde\x28\x96\x65\xd6\xe9\x4e\x20\x1c\xd2\x48\x05\xd2\x5c\xd0\xf6\x3e\x48\xb4\xdd\x5e\xa8\xf1\x01\x57\x35\x2f\x59\x48\xec\x81\x4a\xc7\xda\x25\x05\x4e\x12\x90\x69\x19\xe7\x14\x3e\x2a\x60\x3e\xc6\x49") = -1 ENOMEM (Cannot allocate memory)
[pid 5045] exit_group(0) = ?
[pid 5045] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5045, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=26 /* 0.26 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555d50620 /* 4 entries */, 32768) = 112
umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./2/binderfs") = 0
[ 84.911436][ T5045] RDX: 00000000200001c0 RSI: 0000000041009432 RDI: 0000000000000005
[ 84.919426][ T5045] RBP: 00007ffd6d13fd00 R08: 0000000000000001 R09: 00007ffd6d13fd10
[ 84.927414][ T5045] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[ 84.935402][ T5045] R13: 00007ffd6d13fd40 R14: 00007ffd6d13fd20 R15: 0000000000000002
[ 84.943396][ T5045]
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555d58660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555d58660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./2/file0") = 0
getdents64(3, 0x555555d50620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./2") = 0
mkdir("./3", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5063 attached
, child_tidptr=0x555555d4f5d0) = 5063
[pid 5063] chdir("./3") = 0
[pid 5063] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5063] setpgid(0, 0) = 0
[pid 5063] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5063] write(3, "1000", 4) = 4
[pid 5063] close(3) = 0
[pid 5063] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5063] memfd_create("syzkaller", 0) = 3
[pid 5063] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd3e60b9000
[pid 5063] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5063] munmap(0x7fd3e60b9000, 16777216) = 0
[pid 5063] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5063] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5063] close(3) = 0
[pid 5063] mkdir("./file0", 0777) = 0
[ 85.418540][ T5063] loop0: detected capacity change from 0 to 32768
[ 85.429955][ T5063] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor124 (5063)
[ 85.449218][ T5063] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 85.457933][ T5063] BTRFS info (device loop0): enabling ssd optimizations
[pid 5063] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0
[pid 5063] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5063] chdir("./file0") = 0
[pid 5063] ioctl(4, LOOP_CLR_FD) = 0
[pid 5063] close(4) = 0
[pid 5063] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 85.464906][ T5063] BTRFS info (device loop0): using spread ssd allocation scheme
[ 85.472636][ T5063] BTRFS info (device loop0): turning on sync discard
[ 85.479410][ T5063] BTRFS info (device loop0): using free space tree
[pid 5063] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 5063] creat("./file0/file0", 000) = 5
[pid 5063] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 5063] write(6, "5", 1) = 1
[ 85.533881][ T5063] FAULT_INJECTION: forcing a failure.
[ 85.533881][ T5063] name failslab, interval 1, probability 0, space 0, times 0
[ 85.547156][ T5063] CPU: 0 PID: 5063 Comm: syz-executor124 Not tainted 6.4.0-rc6-syzkaller-00037-gb6dad5178cea #0
[ 85.557734][ T5063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 85.567933][ T5063] Call Trace:
[ 85.571250][ T5063]
[ 85.574222][ T5063] dump_stack_lvl+0x136/0x150
[ 85.578951][ T5063] should_fail_ex+0x4a3/0x5b0
[ 85.583700][ T5063] should_failslab+0x9/0x20
[ 85.588267][ T5063] kmem_cache_alloc+0x5d/0x3f0
[ 85.593134][ T5063] ? mark_held_locks+0x9f/0xe0
[ 85.597975][ T5063] __btrfs_run_delayed_items+0x88/0x660
[ 85.603594][ T5063] ? ktime_get+0x38e/0x470
[ 85.608079][ T5063] ? ktime_get+0x30f/0x470
[ 85.612561][ T5063] btrfs_commit_transaction+0xabb/0x3fa0
[ 85.618256][ T5063] ? create_pending_snapshots+0x2c0/0x2c0
[ 85.624040][ T5063] ? lock_downgrade+0x690/0x690
[ 85.628955][ T5063] ? do_raw_spin_lock+0x124/0x2b0
[ 85.634021][ T5063] ? spin_bug+0x1c0/0x1c0
[ 85.638391][ T5063] btrfs_ioctl_set_fslabel+0x322/0x3b0
[ 85.643882][ T5063] ? btrfs_flush_workqueue+0x40/0x40
[ 85.649204][ T5063] ? tomoyo_path_number_perm+0x245/0x570
[ 85.654878][ T5063] ? lock_downgrade+0x690/0x690
[ 85.659764][ T5063] ? __kmem_cache_free+0x182/0x2c0
[ 85.664900][ T5063] ? tomoyo_path_number_perm+0x43b/0x570
[ 85.670579][ T5063] btrfs_ioctl+0x3815/0x5b30
[ 85.675204][ T5063] ? tomoyo_path_number_perm+0x166/0x570
[ 85.680878][ T5063] ? tomoyo_execute_permission+0x4a0/0x4a0
[ 85.686722][ T5063] ? btrfs_ioctl_get_supported_features+0x50/0x50
[ 85.693170][ T5063] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 85.699098][ T5063] ? do_vfs_ioctl+0x132/0x1670
[ 85.703883][ T5063] ? vfs_fileattr_set+0xc40/0xc40
[ 85.708928][ T5063] ? ioctl_has_perm.constprop.0.isra.0+0x28c/0x420
[ 85.715458][ T5063] ? ioctl_has_perm.constprop.0.isra.0+0x295/0x420
[ 85.721992][ T5063] ? selinux_bprm_creds_for_exec+0xb20/0xb20
[ 85.728085][ T5063] ? find_held_lock+0x2d/0x110
[ 85.732879][ T5063] ? do_one_initcall+0x373/0x540
[ 85.737851][ T5063] ? lock_downgrade+0x690/0x690
[ 85.742730][ T5063] ? selinux_file_ioctl+0xba/0x280
[ 85.747871][ T5063] ? btrfs_ioctl_get_supported_features+0x50/0x50
[ 85.754329][ T5063] __x64_sys_ioctl+0x197/0x210
[ 85.759122][ T5063] do_syscall_64+0x39/0xb0
[ 85.763561][ T5063] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 85.769497][ T5063] RIP: 0033:0x7fd3ee506b99
[ 85.773929][ T5063] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 85.793560][ T5063] RSP: 002b:00007ffd6d13fcd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 85.802000][ T5063] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fd3ee506b99
[ 85.810092][ T5063] RDX: 00000000200001c0 RSI: 0000000041009432 RDI: 0000000000000005
[ 85.818084][ T5063] RBP: 00007ffd6d13fd00 R08: 0000000000000001 R09: 00007ffd6d13fd10
[ 85.826248][ T5063] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[ 85.834287][ T5063] R13: 00007ffd6d13fd40 R14: 00007ffd6d13fd20 R15: 0000000000000003
[ 85.842291][ T5063]
[ 85.867813][ T5063] BTRFS warning (device loop0): Skipping commit of aborted transaction.
[ 85.877044][ T5063] BTRFS: error (device loop0: state A) in cleanup_transaction:1978: errno=-12 Out of memory
[ 85.888012][ T5063] BTRFS info (device loop0: state EA): forced readonly
[ 85.900797][ T45] BTRFS error (device loop0: state EA): fail to start transaction for status update: -30
[ 85.901544][ T5063] ------------[ cut here ]------------
[ 85.916359][ T5063] WARNING: CPU: 1 PID: 5063 at fs/btrfs/transaction.c:144 btrfs_put_transaction+0x3d1/0x4c0
[ 85.926671][ T5063] Modules linked in:
[ 85.930686][ T5063] CPU: 1 PID: 5063 Comm: syz-executor124 Not tainted 6.4.0-rc6-syzkaller-00037-gb6dad5178cea #0
[ 85.941229][ T5063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 85.951495][ T5063] RIP: 0010:btrfs_put_transaction+0x3d1/0x4c0
[ 85.957777][ T5063] Code: 65 d9 1c fe 0f 0b e9 b7 fc ff ff 4c 89 e7 e8 36 ad 6e fe e9 96 fc ff ff 48 89 df e8 49 ad 6e fe e9 2d fd ff ff e8 3f d9 1c fe <0f> 0b e9 9c fd ff ff e8 33 d9 1c fe 0f 0b e9 50 ff ff ff e8 27 d9
[ 85.977616][ T5063] RSP: 0018:ffffc90003547898 EFLAGS: 00010293
[ 85.983741][ T5063] RAX: 0000000000000000 RBX: ffff888079f96028 RCX: 0000000000000000
[ 85.991934][ T5063] RDX: ffff888077cbe040 RSI: ffffffff83668e71 RDI: ffff888079f96330
[ 86.000017][ T5063] RBP: ffff888079f96000 R08: 0000000000000005 R09: 0000000000000001
[ 86.008055][ T5063] R10: 0000000000000001 R11: 0000000000000000 R12: ffff888079f96010
[ 86.016071][ T5063] R13: 0000000000000000 R14: ffff8880723399d8 R15: ffff88807d050cd8
[ 86.024204][ T5063] FS: 0000555555d4f300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[ 86.033232][ T5063] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 86.039914][ T5063] CR2: 00007fa2b60a3028 CR3: 000000007ca7b000 CR4: 00000000003506e0
[ 86.048089][ T5063] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 86.056082][ T5063] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 86.064159][ T5063] Call Trace:
[ 86.067472][ T5063]
[ 86.070504][ T5063] ? __warn+0xe6/0x390
[ 86.074640][ T5063] ? btrfs_put_transaction+0x3d1/0x4c0
[ 86.080225][ T5063] ? report_bug+0x2da/0x500
[ 86.084802][ T5063] ? handle_bug+0x3c/0x70
[ 86.089249][ T5063] ? exc_invalid_op+0x18/0x50
[ 86.093986][ T5063] ? asm_exc_invalid_op+0x1a/0x20
[ 86.099145][ T5063] ? btrfs_put_transaction+0x3d1/0x4c0
[ 86.104662][ T5063] ? btrfs_put_transaction+0x3d1/0x4c0
[ 86.110212][ T5063] ? btrfs_put_transaction+0x3d1/0x4c0
[ 86.115734][ T5063] btrfs_commit_transaction+0x147f/0x3fa0
[ 86.121589][ T5063] ? create_pending_snapshots+0x2c0/0x2c0
[ 86.127347][ T5063] ? lock_downgrade+0x690/0x690
[ 86.132326][ T5063] ? do_raw_spin_lock+0x124/0x2b0
[ 86.137403][ T5063] ? spin_bug+0x1c0/0x1c0
[ 86.141888][ T5063] btrfs_ioctl_set_fslabel+0x322/0x3b0
[ 86.147407][ T5063] ? btrfs_flush_workqueue+0x40/0x40
[ 86.152786][ T5063] ? tomoyo_path_number_perm+0x245/0x570
[ 86.158494][ T5063] ? lock_downgrade+0x690/0x690
[ 86.163376][ T5063] ? __kmem_cache_free+0x182/0x2c0
[ 86.168589][ T5063] ? tomoyo_path_number_perm+0x43b/0x570
[ 86.174281][ T5063] btrfs_ioctl+0x3815/0x5b30
[ 86.179044][ T5063] ? tomoyo_path_number_perm+0x166/0x570
[ 86.184741][ T5063] ? tomoyo_execute_permission+0x4a0/0x4a0
[ 86.190722][ T5063] ? btrfs_ioctl_get_supported_features+0x50/0x50
[ 86.197188][ T5063] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 86.203293][ T5063] ? do_vfs_ioctl+0x132/0x1670
[ 86.208133][ T5063] ? vfs_fileattr_set+0xc40/0xc40
[ 86.213199][ T5063] ? ioctl_has_perm.constprop.0.isra.0+0x28c/0x420
[ 86.219815][ T5063] ? ioctl_has_perm.constprop.0.isra.0+0x295/0x420
[ 86.226370][ T5063] ? selinux_bprm_creds_for_exec+0xb20/0xb20
[ 86.232693][ T5063] ? find_held_lock+0x2d/0x110
[ 86.237588][ T5063] ? do_one_initcall+0x373/0x540
[ 86.242578][ T5063] ? lock_downgrade+0x690/0x690
[ 86.247454][ T5063] ? selinux_file_ioctl+0xba/0x280
[ 86.252651][ T5063] ? btrfs_ioctl_get_supported_features+0x50/0x50
[ 86.259200][ T5063] __x64_sys_ioctl+0x197/0x210
[ 86.264009][ T5063] do_syscall_64+0x39/0xb0
[ 86.268489][ T5063] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 86.274461][ T5063] RIP: 0033:0x7fd3ee506b99
[ 86.279020][ T5063] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 86.298747][ T5063] RSP: 002b:00007ffd6d13fcd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 86.307200][ T5063] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fd3ee506b99
[ 86.315247][ T5063] RDX: 00000000200001c0 RSI: 0000000041009432 RDI: 0000000000000005
[ 86.323336][ T5063] RBP: 00007ffd6d13fd00 R08: 0000000000000001 R09: 00007ffd6d13fd10
[ 86.331395][ T5063] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[ 86.339542][ T5063] R13: 00007ffd6d13fd40 R14: 00007ffd6d13fd20 R15: 0000000000000003
[ 86.347598][ T5063]
[ 86.350661][ T5063] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 86.357953][ T5063] CPU: 1 PID: 5063 Comm: syz-executor124 Not tainted 6.4.0-rc6-syzkaller-00037-gb6dad5178cea #0
[ 86.368483][ T5063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 86.378579][ T5063] Call Trace:
[ 86.381868][ T5063]
[ 86.384808][ T5063] dump_stack_lvl+0xd9/0x150
[ 86.389414][ T5063] panic+0x686/0x730
[ 86.393334][ T5063] ? panic_smp_self_stop+0xa0/0xa0
[ 86.398476][ T5063] ? show_trace_log_lvl+0x284/0x390
[ 86.403725][ T5063] ? btrfs_put_transaction+0x3d1/0x4c0
[ 86.409224][ T5063] check_panic_on_warn+0xb1/0xc0
[ 86.414197][ T5063] __warn+0xf2/0x390
[ 86.418123][ T5063] ? btrfs_put_transaction+0x3d1/0x4c0
[ 86.423619][ T5063] report_bug+0x2da/0x500
[ 86.427993][ T5063] handle_bug+0x3c/0x70
[ 86.432185][ T5063] exc_invalid_op+0x18/0x50
[ 86.436705][ T5063] asm_exc_invalid_op+0x1a/0x20
[ 86.441608][ T5063] RIP: 0010:btrfs_put_transaction+0x3d1/0x4c0
[ 86.447800][ T5063] Code: 65 d9 1c fe 0f 0b e9 b7 fc ff ff 4c 89 e7 e8 36 ad 6e fe e9 96 fc ff ff 48 89 df e8 49 ad 6e fe e9 2d fd ff ff e8 3f d9 1c fe <0f> 0b e9 9c fd ff ff e8 33 d9 1c fe 0f 0b e9 50 ff ff ff e8 27 d9
[ 86.467519][ T5063] RSP: 0018:ffffc90003547898 EFLAGS: 00010293
[ 86.473612][ T5063] RAX: 0000000000000000 RBX: ffff888079f96028 RCX: 0000000000000000
[ 86.481604][ T5063] RDX: ffff888077cbe040 RSI: ffffffff83668e71 RDI: ffff888079f96330
[ 86.489596][ T5063] RBP: ffff888079f96000 R08: 0000000000000005 R09: 0000000000000001
[ 86.497590][ T5063] R10: 0000000000000001 R11: 0000000000000000 R12: ffff888079f96010
[ 86.505582][ T5063] R13: 0000000000000000 R14: ffff8880723399d8 R15: ffff88807d050cd8
[ 86.513576][ T5063] ? btrfs_put_transaction+0x3d1/0x4c0
[ 86.519081][ T5063] ? btrfs_put_transaction+0x3d1/0x4c0
[ 86.524580][ T5063] btrfs_commit_transaction+0x147f/0x3fa0
[ 86.530325][ T5063] ? create_pending_snapshots+0x2c0/0x2c0
[ 86.536065][ T5063] ? lock_downgrade+0x690/0x690
[ 86.540947][ T5063] ? do_raw_spin_lock+0x124/0x2b0
[ 86.546005][ T5063] ? spin_bug+0x1c0/0x1c0
[ 86.550369][ T5063] btrfs_ioctl_set_fslabel+0x322/0x3b0
[ 86.555856][ T5063] ? btrfs_flush_workqueue+0x40/0x40
[ 86.561261][ T5063] ? tomoyo_path_number_perm+0x245/0x570
[ 86.566940][ T5063] ? lock_downgrade+0x690/0x690
[ 86.571820][ T5063] ? __kmem_cache_free+0x182/0x2c0
[ 86.576949][ T5063] ? tomoyo_path_number_perm+0x43b/0x570
[ 86.582621][ T5063] btrfs_ioctl+0x3815/0x5b30
[ 86.587243][ T5063] ? tomoyo_path_number_perm+0x166/0x570
[ 86.592925][ T5063] ? tomoyo_execute_permission+0x4a0/0x4a0
[ 86.598769][ T5063] ? btrfs_ioctl_get_supported_features+0x50/0x50
[ 86.605222][ T5063] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 86.611147][ T5063] ? do_vfs_ioctl+0x132/0x1670
[ 86.615930][ T5063] ? vfs_fileattr_set+0xc40/0xc40
[ 86.620976][ T5063] ? ioctl_has_perm.constprop.0.isra.0+0x28c/0x420
[ 86.627505][ T5063] ? ioctl_has_perm.constprop.0.isra.0+0x295/0x420
[ 86.634035][ T5063] ? selinux_bprm_creds_for_exec+0xb20/0xb20
[ 86.640054][ T5063] ? find_held_lock+0x2d/0x110
[ 86.644847][ T5063] ? do_one_initcall+0x373/0x540
[ 86.649819][ T5063] ? lock_downgrade+0x690/0x690
[ 86.654699][ T5063] ? selinux_file_ioctl+0xba/0x280
[ 86.659833][ T5063] ? btrfs_ioctl_get_supported_features+0x50/0x50
[ 86.666279][ T5063] __x64_sys_ioctl+0x197/0x210
[ 86.671067][ T5063] do_syscall_64+0x39/0xb0
[ 86.675506][ T5063] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 86.681442][ T5063] RIP: 0033:0x7fd3ee506b99
[ 86.685878][ T5063] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 86.705505][ T5063] RSP: 002b:00007ffd6d13fcd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 86.713959][ T5063] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fd3ee506b99
[ 86.721949][ T5063] RDX: 00000000200001c0 RSI: 0000000041009432 RDI: 0000000000000005
[ 86.729936][ T5063] RBP: 00007ffd6d13fd00 R08: 0000000000000001 R09: 00007ffd6d13fd10
[ 86.737926][ T5063] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[ 86.745913][ T5063] R13: 00007ffd6d13fd40 R14: 00007ffd6d13fd20 R15: 0000000000000003
[ 86.753914][ T5063]
[ 86.757194][ T5063] Kernel Offset: disabled
[ 86.761634][ T5063] Rebooting in 86400 seconds..