./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2964823825

<...>
DUID 00:04:7c:7c:42:18:3f:30:8d:b4:e2:57:c6:a5:0a:a4:65:8b
forked to background, child pid 3209
[   28.861670][ T3210] 8021q: adding VLAN 0 to HW filter on device bond0
[   28.871967][ T3210] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.1.42' (ECDSA) to the list of known hosts.
execve("./syz-executor2964823825", ["./syz-executor2964823825"], 0x7ffeebc11c20 /* 10 vars */) = 0
brk(NULL)                               = 0x5555557b7000
brk(0x5555557b7c40)                     = 0x5555557b7c40
arch_prctl(ARCH_SET_FS, 0x5555557b7300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor2964823825", 4096) = 28
brk(0x5555557d8c40)                     = 0x5555557d8c40
brk(0x5555557d9000)                     = 0x5555557d9000
mprotect(0x7fa4f417c000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
getpid()                                = 3630
mkdir("./syzkaller.dU1x1F", 0700)       = 0
chmod("./syzkaller.dU1x1F", 0777)       = 0
chdir("./syzkaller.dU1x1F")             = 0
mkdir("./0", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b75d0) = 3631
./strace-static-x86_64: Process 3631 attached
[pid  3631] chdir("./0")                = 0
[pid  3631] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3631] setpgid(0, 0)               = 0
[pid  3631] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3631] write(3, "1000", 4)         = 4
[pid  3631] close(3)                    = 0
[pid  3631] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3631] memfd_create("syzkaller", 0) = 3
[pid  3631] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa4ebc00000
[pid  3631] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3631] munmap(0x7fa4ebc00000, 16777216) = 0
[pid  3631] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3631] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3631] close(3)                    = 0
[pid  3631] mkdir("./file0", 0777)      = 0
syzkaller login: [   54.290072][ T3631] loop0: detected capacity change from 0 to 32768
[   54.302218][ T3631] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor296 (3631)
[   54.320548][ T3631] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[   54.329678][ T3631] BTRFS info (device loop0): enabling ssd optimizations
[pid  3631] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0
[pid  3631] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3631] chdir("./file0")            = 0
[pid  3631] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3631] close(4)                    = 0
[pid  3631] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[   54.336691][ T3631] BTRFS info (device loop0): using spread ssd allocation scheme
[   54.344370][ T3631] BTRFS info (device loop0): turning on sync discard
[   54.351117][ T3631] BTRFS info (device loop0): using free space tree
[pid  3631] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid  3631] creat("./file0/file0", 000) = 5
[pid  3631] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid  3631] write(6, "5", 1)            = 1
[   54.455062][   T33] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[   54.467062][ T3631] FAULT_INJECTION: forcing a failure.
[   54.467062][ T3631] name failslab, interval 1, probability 0, space 0, times 1
[   54.480159][ T3631] CPU: 1 PID: 3631 Comm: syz-executor296 Not tainted 6.1.0-rc6-syzkaller-00308-g644e9524388a #0
[   54.490587][ T3631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   54.500651][ T3631] Call Trace:
[   54.503945][ T3631]  <TASK>
[   54.506891][ T3631]  dump_stack_lvl+0x1b1/0x28e
[   54.511598][ T3631]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   54.517075][ T3631]  ? panic+0x710/0x710
[   54.521167][ T3631]  ? __might_sleep+0xc0/0xc0
[   54.525783][ T3631]  should_fail_ex+0x395/0x4c0
[   54.530488][ T3631]  ? tomoyo_init_log+0x1a16/0x1f80
[   54.535622][ T3631]  should_failslab+0x5/0x20
[   54.540144][ T3631]  __kmem_cache_alloc_node+0x69/0x310
[   54.545535][ T3631]  ? make_kgid+0x710/0x710
[   54.549968][ T3631]  ? tomoyo_init_log+0x1a16/0x1f80
[   54.555095][ T3631]  __kmalloc+0x9e/0x1a0
[   54.559258][ T3631]  tomoyo_init_log+0x1a16/0x1f80
[   54.564218][ T3631]  ? rcu_lock_release+0x20/0x20
[   54.569064][ T3631]  ? tomoyo_profile+0xd/0x50
[   54.573648][ T3631]  ? tomoyo_profile+0xd/0x50
[   54.578236][ T3631]  tomoyo_supervisor+0x38d/0x14f0
[   54.583259][ T3631]  ? print_irqtrace_events+0x220/0x220
[   54.588720][ T3631]  ? vsnprintf+0x1af/0x1ce0
[   54.593219][ T3631]  ? tomoyo_profile+0x50/0x50
[   54.597901][ T3631]  ? snprintf+0xc0/0x110
[   54.602143][ T3631]  ? tomoyo_print_ulong+0x23/0xa0
[   54.607163][ T3631]  ? vscnprintf+0x80/0x80
[   54.611492][ T3631]  ? tomoyo_check_acl+0x39d/0x410
[   54.616532][ T3631]  tomoyo_path_number_perm+0x510/0x760
[   54.622004][ T3631]  ? tomoyo_check_path_acl+0x1c0/0x1c0
[   54.627467][ T3631]  ? _raw_spin_lock_irqsave+0x100/0x100
[   54.633038][ T3631]  ? do_notify_parent+0xe00/0xe00
[   54.638071][ T3631]  security_file_ioctl+0x55/0xb0
[   54.643010][ T3631]  __se_sys_ioctl+0x48/0x170
[   54.647599][ T3631]  do_syscall_64+0x3d/0xb0
[   54.652008][ T3631]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   54.657898][ T3631] RIP: 0033:0x7fa4f4108b79
[   54.662312][ T3631] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   54.681910][ T3631] RSP: 002b:00007ffd8886e8d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   54.690340][ T3631] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fa4f4108b79
[   54.698320][ T3631] RDX: 00000000200001c0 RSI: 0000000041009432 RDI: 0000000000000005
[pid  3631] ioctl(5, FS_IOC_SETFSLABEL, "\x81\xb3\xde\x25\x34\x83\x1d\xeb\x49\x60\x7b\x06\x03\xf5\xb5\x27\x60\x4b\x34\xb8\xc5\x7a\xa0\x99\xf4\xe8\xaf\xa5\x56\xb5\x42\x72\x9f\xc5\x90\xb6\x82\x1c\x6d\x50\x58\xb4\xd8\xe3\x40\x22\xeb\xa5\x6a\x71\x18\x8f\xc9\x01\xa5\xb7\x80\xa0\xcb\xec\x86\xb5\x2e\xd2\xc4\xeb\x32\x88\x98\xbe\x74\xce\xed\x81\x6b\x79\x57\xd9\xc6\xd8\xb5\x9b\x97\x48\x60\x51\x39\x67\xae\xe2\xc9\xaa\x33\x9d\x8e\xde\x28\x96\x65\xd6\xe9\x4e\x20\x1c\xd2\x48\x05\xd2\x5c\xd0\xf6\x3e\x48\xb4\xdd\x5e\xa8\xf1\x01\x57\x35\x2f\x59\x48\xec\x81\x4a\xc7\xda\x25\x05\x4e\x12\x90\x69\x19\xe7\x14\x3e\x2a\x60\x3e\xc6\x49") = 0
[pid  3631] exit_group(0)               = ?
[pid  3631] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3631, si_uid=0, si_status=0, si_utime=4, si_stime=25} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555557b8620 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./0/binderfs")                  = 0
[   54.706286][ T3631] RBP: 00007ffd8886e900 R08: 0000000000000001 R09: 00007ffd8886e910
[   54.714251][ T3631] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[   54.722216][ T3631] R13: 00007ffd8886e940 R14: 00007ffd8886e920 R15: 0000000000000000
[   54.730205][ T3631]  </TASK>
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555557c0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555557c0660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./0/file0")                      = 0
getdents64(3, 0x5555557b8620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./0")                            = 0
mkdir("./1", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b75d0) = 3660
./strace-static-x86_64: Process 3660 attached
[pid  3660] chdir("./1")                = 0
[pid  3660] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3660] setpgid(0, 0)               = 0
[pid  3660] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3660] write(3, "1000", 4)         = 4
[pid  3660] close(3)                    = 0
[pid  3660] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3660] memfd_create("syzkaller", 0) = 3
[pid  3660] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa4ebc00000
[pid  3660] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3660] munmap(0x7fa4ebc00000, 16777216) = 0
[pid  3660] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3660] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3660] close(3)                    = 0
[pid  3660] mkdir("./file0", 0777)      = 0
[   55.047088][ T3660] loop0: detected capacity change from 0 to 32768
[   55.061108][ T3660] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[   55.070012][ T3660] BTRFS info (device loop0): enabling ssd optimizations
[   55.077215][ T3660] BTRFS info (device loop0): using spread ssd allocation scheme
[   55.085000][ T3660] BTRFS info (device loop0): turning on sync discard
[pid  3660] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0
[pid  3660] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3660] chdir("./file0")            = 0
[pid  3660] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3660] close(4)                    = 0
[pid  3660] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[   55.091857][ T3660] BTRFS info (device loop0): using free space tree
[pid  3660] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid  3660] creat("./file0/file0", 000) = 5
[pid  3660] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid  3660] write(6, "5", 1)            = 1
[   55.165217][ T3660] FAULT_INJECTION: forcing a failure.
[   55.165217][ T3660] name failslab, interval 1, probability 0, space 0, times 0
[   55.169030][   T33] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[   55.178049][ T3660] CPU: 0 PID: 3660 Comm: syz-executor296 Not tainted 6.1.0-rc6-syzkaller-00308-g644e9524388a #0
[   55.197348][ T3660] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   55.207413][ T3660] Call Trace:
[   55.210701][ T3660]  <TASK>
[   55.213639][ T3660]  dump_stack_lvl+0x1b1/0x28e
[   55.218337][ T3660]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   55.223809][ T3660]  ? panic+0x710/0x710
[   55.227893][ T3660]  ? tomoyo_init_log+0x1be7/0x1f80
[   55.233016][ T3660]  ? __might_sleep+0xc0/0xc0
[   55.237614][ T3660]  should_fail_ex+0x395/0x4c0
[   55.242290][ T3660]  ? tomoyo_supervisor+0xf4d/0x14f0
[   55.247485][ T3660]  should_failslab+0x5/0x20
[   55.251984][ T3660]  __kmem_cache_alloc_node+0x69/0x310
[   55.257350][ T3660]  ? rcu_lock_release+0x20/0x20
[   55.262193][ T3660]  ? tomoyo_supervisor+0xf4d/0x14f0
[   55.267384][ T3660]  __kmalloc+0x9e/0x1a0
[   55.271540][ T3660]  tomoyo_supervisor+0xf4d/0x14f0
[   55.276557][ T3660]  ? print_irqtrace_events+0x220/0x220
[   55.282015][ T3660]  ? vsnprintf+0x1af/0x1ce0
[   55.286514][ T3660]  ? tomoyo_profile+0x50/0x50
[   55.291191][ T3660]  ? snprintf+0xc0/0x110
[   55.295429][ T3660]  ? tomoyo_print_ulong+0x23/0xa0
[   55.300446][ T3660]  ? vscnprintf+0x80/0x80
[   55.304773][ T3660]  ? tomoyo_check_acl+0x39d/0x410
[   55.309796][ T3660]  tomoyo_path_number_perm+0x510/0x760
[   55.315271][ T3660]  ? tomoyo_check_path_acl+0x1c0/0x1c0
[   55.320730][ T3660]  ? _raw_spin_lock_irqsave+0x100/0x100
[   55.326300][ T3660]  ? do_notify_parent+0xe00/0xe00
[   55.331330][ T3660]  security_file_ioctl+0x55/0xb0
[   55.336264][ T3660]  __se_sys_ioctl+0x48/0x170
[   55.340853][ T3660]  do_syscall_64+0x3d/0xb0
[   55.345265][ T3660]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   55.351147][ T3660] RIP: 0033:0x7fa4f4108b79
[   55.355554][ T3660] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   55.375154][ T3660] RSP: 002b:00007ffd8886e8d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   55.383559][ T3660] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fa4f4108b79
[   55.391521][ T3660] RDX: 00000000200001c0 RSI: 0000000041009432 RDI: 0000000000000005
[   55.399483][ T3660] RBP: 00007ffd8886e900 R08: 0000000000000001 R09: 00007ffd8886e910
[   55.407441][ T3660] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[pid  3660] ioctl(5, FS_IOC_SETFSLABEL, "\x81\xb3\xde\x25\x34\x83\x1d\xeb\x49\x60\x7b\x06\x03\xf5\xb5\x27\x60\x4b\x34\xb8\xc5\x7a\xa0\x99\xf4\xe8\xaf\xa5\x56\xb5\x42\x72\x9f\xc5\x90\xb6\x82\x1c\x6d\x50\x58\xb4\xd8\xe3\x40\x22\xeb\xa5\x6a\x71\x18\x8f\xc9\x01\xa5\xb7\x80\xa0\xcb\xec\x86\xb5\x2e\xd2\xc4\xeb\x32\x88\x98\xbe\x74\xce\xed\x81\x6b\x79\x57\xd9\xc6\xd8\xb5\x9b\x97\x48\x60\x51\x39\x67\xae\xe2\xc9\xaa\x33\x9d\x8e\xde\x28\x96\x65\xd6\xe9\x4e\x20\x1c\xd2\x48\x05\xd2\x5c\xd0\xf6\x3e\x48\xb4\xdd\x5e\xa8\xf1\x01\x57\x35\x2f\x59\x48\xec\x81\x4a\xc7\xda\x25\x05\x4e\x12\x90\x69\x19\xe7\x14\x3e\x2a\x60\x3e\xc6\x49") = 0
[pid  3660] exit_group(0)               = ?
[pid  3660] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3660, si_uid=0, si_status=0, si_utime=2, si_stime=23} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555557b8620 /* 4 entries */, 32768) = 112
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./1/binderfs")                  = 0
[   55.415399][ T3660] R13: 00007ffd8886e940 R14: 00007ffd8886e920 R15: 0000000000000001
[   55.423373][ T3660]  </TASK>
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555557c0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555557c0660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./1/file0")                      = 0
getdents64(3, 0x5555557b8620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./1")                            = 0
mkdir("./2", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b75d0) = 3689
./strace-static-x86_64: Process 3689 attached
[pid  3689] chdir("./2")                = 0
[pid  3689] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3689] setpgid(0, 0)               = 0
[pid  3689] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3689] write(3, "1000", 4)         = 4
[pid  3689] close(3)                    = 0
[pid  3689] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3689] memfd_create("syzkaller", 0) = 3
[pid  3689] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa4ebc00000
[pid  3689] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3689] munmap(0x7fa4ebc00000, 16777216) = 0
[pid  3689] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3689] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3689] close(3)                    = 0
[pid  3689] mkdir("./file0", 0777)      = 0
[   55.755469][ T3689] loop0: detected capacity change from 0 to 32768
[   55.769693][ T3689] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[   55.778504][ T3689] BTRFS info (device loop0): enabling ssd optimizations
[   55.785662][ T3689] BTRFS info (device loop0): using spread ssd allocation scheme
[   55.793382][ T3689] BTRFS info (device loop0): turning on sync discard
[pid  3689] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0
[pid  3689] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3689] chdir("./file0")            = 0
[pid  3689] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3689] close(4)                    = 0
[pid  3689] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[   55.800068][ T3689] BTRFS info (device loop0): using free space tree
[pid  3689] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid  3689] creat("./file0/file0", 000) = 5
[pid  3689] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid  3689] write(6, "5", 1)            = 1
[   55.868511][ T3689] FAULT_INJECTION: forcing a failure.
[   55.868511][ T3689] name failslab, interval 1, probability 0, space 0, times 0
[   55.882518][ T3689] CPU: 0 PID: 3689 Comm: syz-executor296 Not tainted 6.1.0-rc6-syzkaller-00308-g644e9524388a #0
[   55.886560][   T33] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[   55.892941][ T3689] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   55.892966][ T3689] Call Trace:
[   55.892973][ T3689]  <TASK>
[   55.892982][ T3689]  dump_stack_lvl+0x1b1/0x28e
[   55.893010][ T3689]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   55.928381][ T3689]  ? panic+0x710/0x710
[   55.932450][ T3689]  ? process_measurement+0x793/0x1bd0
[   55.937823][ T3689]  ? __might_sleep+0xc0/0xc0
[   55.942412][ T3689]  ? _raw_read_unlock+0x24/0x40
[   55.947265][ T3689]  should_fail_ex+0x395/0x4c0
[   55.951946][ T3689]  ? __btrfs_free_extent+0x1a9/0x2870
[   55.957318][ T3689]  should_failslab+0x5/0x20
[   55.961816][ T3689]  kmem_cache_alloc+0x68/0x300
[   55.966582][ T3689]  __btrfs_free_extent+0x1a9/0x2870
[   55.971794][ T3689]  ? __btrfs_inc_extent_ref+0x5e0/0x5e0
[   55.977339][ T3689]  ? rcu_read_lock_sched_held+0x87/0x110
[   55.982967][ T3689]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[   55.988942][ T3689]  ? __lock_acquire+0x1292/0x1f60
[   55.993962][ T3689]  ? do_raw_spin_unlock+0x134/0x8a0
[   55.999163][ T3689]  btrfs_run_delayed_refs_for_head+0xe20/0x1df0
[   56.005409][ T3689]  ? __bpf_trace_rcu_utilization+0x10/0x10
[   56.011244][ T3689]  ? btrfs_issue_discard+0x700/0x700
[   56.016528][ T3689]  ? read_lock_is_recursive+0x10/0x10
[   56.021894][ T3689]  ? __btrfs_run_delayed_refs+0x1d5/0x490
[   56.027613][ T3689]  ? do_raw_read_unlock+0x37/0x70
[   56.032636][ T3689]  ? _raw_read_unlock+0x24/0x40
[   56.037491][ T3689]  ? btrfs_tree_mod_log_lowest_seq+0x92/0xa0
[   56.043468][ T3689]  ? btrfs_merge_delayed_refs+0x5db/0x650
[   56.049183][ T3689]  ? do_raw_spin_unlock+0x134/0x8a0
[   56.054390][ T3689]  __btrfs_run_delayed_refs+0x25f/0x490
[   56.059944][ T3689]  ? btrfs_run_delayed_refs+0x490/0x490
[   56.065492][ T3689]  ? mark_lock+0x9a/0x350
[   56.069822][ T3689]  btrfs_run_delayed_refs+0x13b/0x490
[   56.075206][ T3689]  btrfs_commit_transaction+0x3a9/0x3760
[   56.080854][ T3689]  ? rcu_read_lock_sched_held+0x87/0x110
[   56.086480][ T3689]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[   56.092464][ T3689]  ? btrfs_commit_transaction_async+0x440/0x440
[   56.098705][ T3689]  ? btrfs_ioctl_set_fslabel+0x2bc/0x340
[   56.104333][ T3689]  ? trace_lock_release+0x95/0x220
[   56.109445][ T3689]  ? read_lock_is_recursive+0x10/0x10
[   56.114813][ T3689]  ? btrfs_ioctl_set_fslabel+0x2bc/0x340
[   56.120439][ T3689]  ? __lock_acquire+0x1f60/0x1f60
[   56.125456][ T3689]  ? do_raw_spin_lock+0x148/0x360
[   56.130485][ T3689]  ? do_raw_spin_unlock+0x134/0x8a0
[   56.135683][ T3689]  ? btrfs_ioctl_set_fslabel+0x2b4/0x340
[   56.141316][ T3689]  btrfs_ioctl_set_fslabel+0x2c4/0x340
[   56.146771][ T3689]  ? btrfs_ioctl_get_fslabel+0x210/0x210
[   56.152426][ T3689]  ? do_notify_parent+0xe00/0xe00
[   56.157459][ T3689]  btrfs_ioctl+0x9de/0xc10
[   56.161965][ T3689]  ? btrfs_ioctl_get_supported_features+0x40/0x40
[   56.168371][ T3689]  __se_sys_ioctl+0xfb/0x170
[   56.172960][ T3689]  do_syscall_64+0x3d/0xb0
[   56.177370][ T3689]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   56.183255][ T3689] RIP: 0033:0x7fa4f4108b79
[   56.187663][ T3689] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   56.207265][ T3689] RSP: 002b:00007ffd8886e8d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   56.215672][ T3689] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fa4f4108b79
[   56.223638][ T3689] RDX: 00000000200001c0 RSI: 0000000041009432 RDI: 0000000000000005
[   56.231599][ T3689] RBP: 00007ffd8886e900 R08: 0000000000000001 R09: 00007ffd8886e910
[   56.239563][ T3689] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[   56.247526][ T3689] R13: 00007ffd8886e940 R14: 00007ffd8886e920 R15: 0000000000000002
[   56.255507][ T3689]  </TASK>
[   56.260038][ T3689] BTRFS: error (device loop0: state A) in btrfs_run_delayed_refs:2141: errno=-12 Out of memory
[pid  3689] ioctl(5, FS_IOC_SETFSLABEL, "\x81\xb3\xde\x25\x34\x83\x1d\xeb\x49\x60\x7b\x06\x03\xf5\xb5\x27\x60\x4b\x34\xb8\xc5\x7a\xa0\x99\xf4\xe8\xaf\xa5\x56\xb5\x42\x72\x9f\xc5\x90\xb6\x82\x1c\x6d\x50\x58\xb4\xd8\xe3\x40\x22\xeb\xa5\x6a\x71\x18\x8f\xc9\x01\xa5\xb7\x80\xa0\xcb\xec\x86\xb5\x2e\xd2\xc4\xeb\x32\x88\x98\xbe\x74\xce\xed\x81\x6b\x79\x57\xd9\xc6\xd8\xb5\x9b\x97\x48\x60\x51\x39\x67\xae\xe2\xc9\xaa\x33\x9d\x8e\xde\x28\x96\x65\xd6\xe9\x4e\x20\x1c\xd2\x48\x05\xd2\x5c\xd0\xf6\x3e\x48\xb4\xdd\x5e\xa8\xf1\x01\x57\x35\x2f\x59\x48\xec\x81\x4a\xc7\xda\x25\x05\x4e\x12\x90\x69\x19\xe7\x14\x3e\x2a\x60\x3e\xc6\x49") = -1 ENOMEM (Cannot allocate memory)
[pid  3689] exit_group(0)               = ?
[pid  3689] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3689, si_uid=0, si_status=0, si_utime=0, si_stime=23} ---
[   56.282652][ T3689] BTRFS info (device loop0: state EA): forced readonly
[   56.290822][ T3706] ------------[ cut here ]------------
[   56.296745][ T3706] WARNING: CPU: 0 PID: 3706 at fs/btrfs/transaction.c:132 btrfs_put_transaction+0x377/0x3d0
[   56.307508][ T3706] Modules linked in:
[   56.312072][ T3706] CPU: 0 PID: 3706 Comm: btrfs-transacti Not tainted 6.1.0-rc6-syzkaller-00308-g644e9524388a #0
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555557b8620 /* 4 entries */, 32768) = 112
umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
[   56.323071][ T3706] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   56.334341][ T3706] RIP: 0010:btrfs_put_transaction+0x377/0x3d0
[   56.340554][ T3706] Code: da 31 c0 e8 bd 56 09 07 e9 e5 fd ff ff e8 a1 a1 03 fe 0f 0b e9 f7 fc ff ff e8 95 a1 03 fe 0f 0b e9 69 fd ff ff e8 89 a1 03 fe <0f> 0b e9 89 fd ff ff e8 7d a1 03 fe 4c 89 ff be 03 00 00 00 48 83
[   56.360757][ T3706] RSP: 0018:ffffc90003fefbf8 EFLAGS: 00010293
[   56.371334][ T3706] RAX: ffffffff8386f627 RBX: ffff8880188b3330 RCX: ffff8880799eba80
unlink("./2/binderfs")                  = 0
[   56.379435][ T3706] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001
[   56.387850][ T3706] RBP: ffff8880188b3000 R08: ffffffff8386f330 R09: ffffed1003116603
[   56.398274][ T3706] R10: ffffed1003116603 R11: 1ffff11003116602 R12: ffff8880188b3028
[   56.406304][ T3706] R13: dffffc0000000000 R14: ffff888027cecce8 R15: ffff8880188b3010
[   56.414337][ T3706] FS:  0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[   56.423289][ T3706] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   56.429871][ T3706] CR2: 000055b2eb954e90 CR3: 0000000027fcd000 CR4: 00000000003506f0
[   56.437889][ T3706] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   56.445878][ T3706] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   56.453881][ T3706] Call Trace:
[   56.457162][ T3706]  <TASK>
[   56.460083][ T3706]  btrfs_cleanup_transaction+0x55b/0x1b60
[   56.465833][ T3706]  ? __lock_acquire+0x1f60/0x1f60
[   56.470856][ T3706]  ? do_raw_spin_unlock+0x134/0x8a0
[   56.476104][ T3706]  ? btrfs_check_uuid_tree+0x80/0x80
[   56.481418][ T3706]  ? _raw_spin_unlock_irqrestore+0xc1/0x120
[   56.487304][ T3706]  ? _raw_spin_unlock+0x40/0x40
[   56.492239][ T3706]  ? __mutex_unlock_slowpath+0x222/0x770
[   56.497886][ T3706]  ? is_cpu_allowed+0x1f5/0x330
[   56.502874][ T3706]  ? mutex_unlock+0x10/0x10
[   56.507384][ T3706]  ? cpu_curr_snapshot+0xc0/0xc0
[   56.512390][ T3706]  transaction_kthread+0x3f5/0x490
[   56.517514][ T3706]  kthread+0x266/0x300
[   56.521840][ T3706]  ? cleaner_kthread+0x390/0x390
[   56.526765][ T3706]  ? kthread_blkcg+0xd0/0xd0
[   56.531395][ T3706]  ret_from_fork+0x1f/0x30
[   56.535833][ T3706]  </TASK>
[   56.538838][ T3706] Kernel panic - not syncing: panic_on_warn set ...
[   56.545403][ T3706] CPU: 0 PID: 3706 Comm: btrfs-transacti Not tainted 6.1.0-rc6-syzkaller-00308-g644e9524388a #0
[   56.555791][ T3706] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   56.565828][ T3706] Call Trace:
[   56.569090][ T3706]  <TASK>
[   56.572006][ T3706]  dump_stack_lvl+0x1b1/0x28e
[   56.576669][ T3706]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   56.582117][ T3706]  ? panic+0x710/0x710
[   56.586176][ T3706]  ? vscnprintf+0x59/0x80
[   56.590488][ T3706]  ? btrfs_put_transaction+0x350/0x3d0
[   56.595931][ T3706]  panic+0x2d6/0x710
[   56.599811][ T3706]  ? __warn+0x131/0x220
[   56.603948][ T3706]  ? memcpy_page_flushcache+0xfc/0xfc
[   56.609306][ T3706]  ? ret_from_fork+0x1f/0x30
[   56.613904][ T3706]  ? btrfs_put_transaction+0x377/0x3d0
[   56.619365][ T3706]  __warn+0x1fa/0x220
[   56.623348][ T3706]  ? btrfs_put_transaction+0x377/0x3d0
[   56.628820][ T3706]  report_bug+0x1b3/0x2d0
[   56.633156][ T3706]  handle_bug+0x3d/0x70
[   56.637303][ T3706]  exc_invalid_op+0x16/0x40
[   56.641807][ T3706]  asm_exc_invalid_op+0x16/0x20
[   56.646650][ T3706] RIP: 0010:btrfs_put_transaction+0x377/0x3d0
[   56.652710][ T3706] Code: da 31 c0 e8 bd 56 09 07 e9 e5 fd ff ff e8 a1 a1 03 fe 0f 0b e9 f7 fc ff ff e8 95 a1 03 fe 0f 0b e9 69 fd ff ff e8 89 a1 03 fe <0f> 0b e9 89 fd ff ff e8 7d a1 03 fe 4c 89 ff be 03 00 00 00 48 83
[   56.672326][ T3706] RSP: 0018:ffffc90003fefbf8 EFLAGS: 00010293
[   56.678388][ T3706] RAX: ffffffff8386f627 RBX: ffff8880188b3330 RCX: ffff8880799eba80
[   56.686356][ T3706] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001
[   56.694335][ T3706] RBP: ffff8880188b3000 R08: ffffffff8386f330 R09: ffffed1003116603
[   56.702314][ T3706] R10: ffffed1003116603 R11: 1ffff11003116602 R12: ffff8880188b3028
[   56.710282][ T3706] R13: dffffc0000000000 R14: ffff888027cecce8 R15: ffff8880188b3010
[   56.718265][ T3706]  ? btrfs_put_transaction+0x80/0x3d0
[   56.723683][ T3706]  ? btrfs_put_transaction+0x377/0x3d0
[   56.729146][ T3706]  ? btrfs_put_transaction+0x377/0x3d0
[   56.734606][ T3706]  btrfs_cleanup_transaction+0x55b/0x1b60
[   56.740342][ T3706]  ? __lock_acquire+0x1f60/0x1f60
[   56.745372][ T3706]  ? do_raw_spin_unlock+0x134/0x8a0
[   56.750570][ T3706]  ? btrfs_check_uuid_tree+0x80/0x80
[   56.755851][ T3706]  ? _raw_spin_unlock_irqrestore+0xc1/0x120
[   56.761740][ T3706]  ? _raw_spin_unlock+0x40/0x40
[   56.766593][ T3706]  ? __mutex_unlock_slowpath+0x222/0x770
[   56.772222][ T3706]  ? is_cpu_allowed+0x1f5/0x330
[   56.777078][ T3706]  ? mutex_unlock+0x10/0x10
[   56.781585][ T3706]  ? cpu_curr_snapshot+0xc0/0xc0
[   56.786534][ T3706]  transaction_kthread+0x3f5/0x490
[   56.791650][ T3706]  kthread+0x266/0x300
[   56.795717][ T3706]  ? cleaner_kthread+0x390/0x390
[   56.800650][ T3706]  ? kthread_blkcg+0xd0/0xd0
[   56.805248][ T3706]  ret_from_fork+0x1f/0x30
[   56.809680][ T3706]  </TASK>
[   56.812833][ T3706] Kernel Offset: disabled
[   56.817226][ T3706] Rebooting in 86400 seconds..