./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor406461630

<...>
Warning: Permanently added '10.128.0.202' (ED25519) to the list of known hosts.
execve("./syz-executor406461630", ["./syz-executor406461630"], 0x7ffdd59380d0 /* 10 vars */) = 0
brk(NULL)                               = 0x55555710b000
brk(0x55555710bd00)                     = 0x55555710bd00
arch_prctl(ARCH_SET_FS, 0x55555710b380) = 0
set_tid_address(0x55555710b650)         = 5059
set_robust_list(0x55555710b660, 24)     = 0
rseq(0x55555710bca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor406461630", 4096) = 27
getrandom("\x5b\x83\x0d\x83\x43\xef\x05\xae", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x55555710bd00
brk(0x55555712cd00)                     = 0x55555712cd00
brk(0x55555712d000)                     = 0x55555712d000
mprotect(0x7f292347a000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
mkdir("./syzkaller.lBXJ3R", 0700)       = 0
chmod("./syzkaller.lBXJ3R", 0777)       = 0
chdir("./syzkaller.lBXJ3R")             = 0
mkdir("./0", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5060 attached
, child_tidptr=0x55555710b650) = 5060
[pid  5060] set_robust_list(0x55555710b660, 24) = 0
[pid  5060] chdir("./0")                = 0
[pid  5060] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5060] setpgid(0, 0)               = 0
[pid  5060] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5060] write(3, "1000", 4)         = 4
[pid  5060] close(3)                    = 0
[pid  5060] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5060] memfd_create("syzkaller", 0) = 3
[pid  5060] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f291afc2000
[pid  5060] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  5060] munmap(0x7f291afc2000, 138412032) = 0
[pid  5060] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5060] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5060] close(3)                    = 0
[pid  5060] mkdir("./file0", 0777)      = 0
[   70.856752][ T5060] loop0: detected capacity change from 0 to 32768
[   70.874370][ T5060] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor406 (5060)
[   70.897025][ T5060] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[   70.906013][ T5060] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[   70.916853][ T5060] BTRFS info (device loop0): doing ref verification
[   70.923551][ T5060] BTRFS info (device loop0): using free space tree
[pid  5060] mount("/dev/loop0", "./file0", "btrfs", 0, "noinode_cache,noautodefrag,ref_verify,") = 0
[pid  5060] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5060] chdir("./file0")            = 0
[pid  5060] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5060] close(4)                    = 0
[pid  5060] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[   70.951691][ T5060] BTRFS info (device loop0): enabling ssd optimizations
[   70.958799][ T5060] BTRFS info (device loop0): auto enabling async discard
[pid  5060] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid  5060] openat(AT_FDCWD, "blkio.bfq.time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[pid  5060] write(5, "\x63\x67\x72\x6f\x75\x70\x2e\x63\x6f\x6e\x74\x72\x6f\x6c\x6c\x65\x72\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191
[pid  5060] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid  5060] write(6, "5", 1)            = 1
[   71.067974][   T48] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[   71.136258][ T5060] FAULT_INJECTION: forcing a failure.
[   71.136258][ T5060] name failslab, interval 1, probability 0, space 0, times 1
[   71.151151][ T5060] CPU: 0 PID: 5060 Comm: syz-executor406 Not tainted 6.7.0-rc1-syzkaller-00213-g791c8ab095f7 #0
[   71.161643][ T5060] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[   71.171745][ T5060] Call Trace:
[   71.175065][ T5060]  <TASK>
[   71.178042][ T5060]  dump_stack_lvl+0x1e7/0x2d0
[   71.182797][ T5060]  ? nf_tcp_handle_invalid+0x650/0x650
[   71.188309][ T5060]  ? panic+0x850/0x850
[   71.192458][ T5060]  ? __might_sleep+0xe0/0xe0
[   71.197205][ T5060]  should_fail_ex+0x3aa/0x4e0
[   71.201963][ T5060]  ? tomoyo_supervisor+0xe06/0x11f0
[   71.207215][ T5060]  should_failslab+0x9/0x20
[   71.211729][ T5060]  __kmem_cache_alloc_node+0x6d/0x300
[   71.217121][ T5060]  ? common_lsm_audit+0x1ad0/0x1ad0
[   71.222338][ T5060]  ? tomoyo_supervisor+0xe06/0x11f0
[   71.227593][ T5060]  __kmalloc+0xa2/0x1a0
[   71.231794][ T5060]  tomoyo_supervisor+0xe06/0x11f0
[   71.236855][ T5060]  ? print_irqtrace_events+0x220/0x220
[   71.242323][ T5060]  ? tomoyo_path_permission+0x1cc/0x360
[   71.247884][ T5060]  ? tomoyo_profile+0x50/0x50
[   71.252589][ T5060]  ? kasan_quarantine_put+0xd8/0x230
[   71.257890][ T5060]  ? lockdep_hardirqs_on+0x98/0x140
[   71.263133][ T5060]  ? __kmem_cache_free+0x263/0x3a0
[   71.268255][ T5060]  ? tomoyo_check_path_acl+0xeb/0x1c0
[   71.273638][ T5060]  ? tomoyo_check_acl+0x378/0x3f0
[   71.278664][ T5060]  ? tomoyo_execute_permission+0x410/0x410
[   71.284520][ T5060]  tomoyo_path_permission+0x243/0x360
[   71.289957][ T5060]  tomoyo_path_perm+0x480/0x730
[   71.294853][ T5060]  ? tomoyo_path_perm+0x287/0x730
[   71.299887][ T5060]  ? tomoyo_path_permission+0x360/0x360
[   71.305472][ T5060]  ? rcu_read_lock_any_held+0xb7/0x160
[   71.310960][ T5060]  ? rcu_read_lock_bh_held+0x120/0x120
[   71.316440][ T5060]  ? print_irqtrace_events+0x220/0x220
[   71.321910][ T5060]  security_file_truncate+0x61/0x90
[   71.327112][ T5060]  do_sys_ftruncate+0x260/0x390
[   71.331991][ T5060]  do_syscall_64+0x45/0x110
[   71.336506][ T5060]  entry_SYSCALL_64_after_hwframe+0x63/0x6b
[   71.342407][ T5060] RIP: 0033:0x7f29234012e9
[   71.346824][ T5060] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   71.366432][ T5060] RSP: 002b:00007ffe1c6eba38 EFLAGS: 00000246 ORIG_RAX: 000000000000004d
[   71.374851][ T5060] RAX: ffffffffffffffda RBX: 00007ffe1c6eba60 RCX: 00007f29234012e9
[pid  5060] ftruncate(5, 0)             = 0
[pid  5060] exit_group(0)               = ?
[pid  5060] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5060, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=33 /* 0.33 s */} ---
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55555710c6f0 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[   71.382828][ T5060] RDX: 00007f29234003b0 RSI: 0000000000000000 RDI: 0000000000000005
[   71.390799][ T5060] RBP: 0000000000000001 R08: 00007ffe1c6eb7d7 R09: 00007ffe1c6eba80
[   71.398770][ T5060] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001
[   71.406737][ T5060] R13: 0000000000000000 R14: 431bde82d7b634db R15: 00007ffe1c6ebaa0
[   71.414725][ T5060]  </TASK>
unlink("./0/binderfs")                  = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555557114730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555557114730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./0/file0")                      = 0
getdents64(3, 0x55555710c6f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./0")                            = 0
mkdir("./1", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5079 attached
, child_tidptr=0x55555710b650) = 5079
[pid  5079] set_robust_list(0x55555710b660, 24) = 0
[pid  5079] chdir("./1")                = 0
[pid  5079] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5079] setpgid(0, 0)               = 0
[pid  5079] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5079] write(3, "1000", 4)         = 4
[pid  5079] close(3)                    = 0
[pid  5079] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5079] memfd_create("syzkaller", 0) = 3
[pid  5079] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f291afc2000
[pid  5079] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  5079] munmap(0x7f291afc2000, 138412032) = 0
[pid  5079] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5079] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5079] close(3)                    = 0
[pid  5079] mkdir("./file0", 0777)      = 0
[   71.993215][ T5079] loop0: detected capacity change from 0 to 32768
[   72.009170][ T5079] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor406 (5079)
[   72.026473][ T5079] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[pid  5079] mount("/dev/loop0", "./file0", "btrfs", 0, "noinode_cache,noautodefrag,ref_verify,") = 0
[pid  5079] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5079] chdir("./file0")            = 0
[pid  5079] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5079] close(4)                    = 0
[   72.035270][ T5079] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[   72.046108][ T5079] BTRFS info (device loop0): doing ref verification
[   72.052775][ T5079] BTRFS info (device loop0): using free space tree
[   72.075282][ T5079] BTRFS info (device loop0): enabling ssd optimizations
[   72.082390][ T5079] BTRFS info (device loop0): auto enabling async discard
[pid  5079] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid  5079] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid  5079] openat(AT_FDCWD, "blkio.bfq.time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[pid  5079] write(5, "\x63\x67\x72\x6f\x75\x70\x2e\x63\x6f\x6e\x74\x72\x6f\x6c\x6c\x65\x72\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191
[pid  5079] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid  5079] write(6, "5", 1)            = 1
[   72.179342][ T5079] FAULT_INJECTION: forcing a failure.
[   72.179342][ T5079] name failslab, interval 1, probability 0, space 0, times 0
[   72.208867][ T5079] CPU: 0 PID: 5079 Comm: syz-executor406 Not tainted 6.7.0-rc1-syzkaller-00213-g791c8ab095f7 #0
[   72.219355][ T5079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[   72.229447][ T5079] Call Trace:
[   72.232735][ T5079]  <TASK>
[   72.235670][ T5079]  dump_stack_lvl+0x1e7/0x2d0
[   72.240368][ T5079]  ? nf_tcp_handle_invalid+0x650/0x650
[   72.245844][ T5079]  ? panic+0x850/0x850
[   72.249950][ T5079]  ? __might_sleep+0xe0/0xe0
[   72.254564][ T5079]  should_fail_ex+0x3aa/0x4e0
[   72.259269][ T5079]  ? tomoyo_init_log+0x1b3d/0x2040
[   72.264396][ T5079]  should_failslab+0x9/0x20
[   72.268910][ T5079]  __kmem_cache_alloc_node+0x6d/0x300
[   72.274305][ T5079]  ? make_kgid+0x6f0/0x6f0
[   72.278743][ T5079]  ? tomoyo_init_log+0x1b3d/0x2040
[   72.283875][ T5079]  __kmalloc+0xa2/0x1a0
[   72.288130][ T5079]  tomoyo_init_log+0x1b3d/0x2040
[   72.293102][ T5079]  ? common_lsm_audit+0x1ad0/0x1ad0
[   72.298335][ T5079]  ? tomoyo_profile+0x11/0x50
[   72.303033][ T5079]  ? tomoyo_profile+0x11/0x50
[   72.307734][ T5079]  tomoyo_supervisor+0x386/0x11f0
[   72.312781][ T5079]  ? print_irqtrace_events+0x220/0x220
[   72.318273][ T5079]  ? tomoyo_path_permission+0x1cc/0x360
[   72.323830][ T5079]  ? tomoyo_profile+0x50/0x50
[   72.328522][ T5079]  ? kasan_quarantine_put+0xd8/0x230
[   72.333823][ T5079]  ? lockdep_hardirqs_on+0x98/0x140
[   72.339040][ T5079]  ? __kmem_cache_free+0x263/0x3a0
[   72.344163][ T5079]  ? tomoyo_check_path_acl+0xeb/0x1c0
[   72.349543][ T5079]  ? tomoyo_check_acl+0x378/0x3f0
[   72.354576][ T5079]  ? tomoyo_execute_permission+0x410/0x410
[   72.360508][ T5079]  tomoyo_path_permission+0x243/0x360
[   72.365895][ T5079]  tomoyo_path_perm+0x480/0x730
[   72.370774][ T5079]  ? tomoyo_path_perm+0x287/0x730
[   72.375808][ T5079]  ? tomoyo_path_permission+0x360/0x360
[   72.381386][ T5079]  ? rcu_read_lock_any_held+0xb7/0x160
[   72.386861][ T5079]  ? rcu_read_lock_bh_held+0x120/0x120
[   72.392335][ T5079]  ? print_irqtrace_events+0x220/0x220
[   72.397809][ T5079]  security_file_truncate+0x61/0x90
[   72.403026][ T5079]  do_sys_ftruncate+0x260/0x390
[   72.407893][ T5079]  do_syscall_64+0x45/0x110
[   72.412434][ T5079]  entry_SYSCALL_64_after_hwframe+0x63/0x6b
[   72.418357][ T5079] RIP: 0033:0x7f29234012e9
[   72.422783][ T5079] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   72.442407][ T5079] RSP: 002b:00007ffe1c6eba38 EFLAGS: 00000246 ORIG_RAX: 000000000000004d
[   72.450855][ T5079] RAX: ffffffffffffffda RBX: 00007ffe1c6eba60 RCX: 00007f29234012e9
[   72.458840][ T5079] RDX: 00007f29234003b0 RSI: 0000000000000000 RDI: 0000000000000005
[   72.466814][ T5079] RBP: 0000000000000001 R08: 00007ffe1c6eb7d7 R09: 00007ffe1c6eba80
[pid  5079] ftruncate(5, 0)             = 0
[pid  5079] exit_group(0)               = ?
[pid  5079] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5079, si_uid=0, si_status=0, si_utime=0, si_stime=30 /* 0.30 s */} ---
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[   72.474789][ T5079] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffe1c6eba5c
[   72.482767][ T5079] R13: 0000000000000001 R14: 431bde82d7b634db R15: 00007ffe1c6ebaa0
[   72.490761][ T5079]  </TASK>
[   72.510424][   T48] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
getdents64(3, 0x55555710c6f0 /* 4 entries */, 32768) = 112
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/binderfs")                  = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555557114730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555557114730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./1/file0")                      = 0
getdents64(3, 0x55555710c6f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./1")                            = 0
mkdir("./2", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5096 attached
 <unfinished ...>
[pid  5096] set_robust_list(0x55555710b660, 24) = 0
[pid  5096] chdir("./2" <unfinished ...>
[pid  5059] <... clone resumed>, child_tidptr=0x55555710b650) = 5096
[pid  5096] <... chdir resumed>)        = 0
[pid  5096] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5096] setpgid(0, 0)               = 0
[pid  5096] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5096] write(3, "1000", 4)         = 4
[pid  5096] close(3)                    = 0
[pid  5096] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5096] memfd_create("syzkaller", 0) = 3
[pid  5096] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f291afc2000
[pid  5096] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  5096] munmap(0x7f291afc2000, 138412032) = 0
[pid  5096] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5096] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5096] close(3)                    = 0
[pid  5096] mkdir("./file0", 0777)      = 0
[   73.116441][ T5096] loop0: detected capacity change from 0 to 32768
[   73.141883][ T5096] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor406 (5096)
[   73.159094][ T5096] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[   73.167973][ T5096] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[   73.179232][ T5096] BTRFS info (device loop0): doing ref verification
[   73.185888][ T5096] BTRFS info (device loop0): using free space tree
[   73.208811][ T5096] BTRFS info (device loop0): enabling ssd optimizations
[pid  5096] mount("/dev/loop0", "./file0", "btrfs", 0, "noinode_cache,noautodefrag,ref_verify,") = 0
[pid  5096] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5096] chdir("./file0")            = 0
[pid  5096] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5096] close(4)                    = 0
[   73.215845][ T5096] BTRFS info (device loop0): auto enabling async discard
[pid  5096] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid  5096] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid  5096] openat(AT_FDCWD, "blkio.bfq.time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[pid  5096] write(5, "\x63\x67\x72\x6f\x75\x70\x2e\x63\x6f\x6e\x74\x72\x6f\x6c\x6c\x65\x72\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191
[pid  5096] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid  5096] write(6, "5", 1)            = 1
[   73.334203][   T48] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[   73.371383][ T5096] FAULT_INJECTION: forcing a failure.
[   73.371383][ T5096] name failslab, interval 1, probability 0, space 0, times 0
[   73.384741][ T5096] CPU: 0 PID: 5096 Comm: syz-executor406 Not tainted 6.7.0-rc1-syzkaller-00213-g791c8ab095f7 #0
[   73.395203][ T5096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[   73.405321][ T5096] Call Trace:
[   73.408626][ T5096]  <TASK>
[   73.411630][ T5096]  dump_stack_lvl+0x1e7/0x2d0
[   73.416348][ T5096]  ? nf_tcp_handle_invalid+0x650/0x650
[   73.421827][ T5096]  ? panic+0x850/0x850
[   73.425937][ T5096]  should_fail_ex+0x3aa/0x4e0
[   73.430648][ T5096]  ? ulist_add_merge+0x14c/0x480
[   73.435594][ T5096]  should_failslab+0x9/0x20
[   73.440106][ T5096]  __kmem_cache_alloc_node+0x6d/0x300
[   73.445489][ T5096]  ? read_lock_is_recursive+0x20/0x20
[   73.450866][ T5096]  ? __kasan_slab_alloc+0x66/0x70
[   73.455899][ T5096]  ? ulist_add_merge+0x14c/0x480
[   73.460853][ T5096]  kmalloc_trace+0x2a/0x60
[   73.465309][ T5096]  ulist_add_merge+0x14c/0x480
[   73.470084][ T5096]  clear_state_bit+0x148/0x330
[   73.474860][ T5096]  __clear_extent_bit+0x52b/0xb10
[   73.479902][ T5096]  clear_record_extent_bits+0x4d/0x80
[   73.485293][ T5096]  __btrfs_qgroup_release_data+0x5cc/0xaa0
[   73.491118][ T5096]  ? mark_lock+0x9a/0x350
[   73.495453][ T5096]  ? lockdep_hardirqs_on_prepare+0x43c/0x780
[   73.501462][ T5096]  ? btrfs_qgroup_free_data+0x40/0x40
[   73.506925][ T5096]  ? print_irqtrace_events+0x220/0x220
[   73.512393][ T5096]  ? _raw_spin_lock_irq+0xdf/0x120
[   73.517606][ T5096]  ? _raw_spin_unlock_irq+0x2e/0x50
[   73.522820][ T5096]  btrfs_invalidate_folio+0x7cf/0xad0
[   73.528206][ T5096]  ? btrfs_readahead+0x20/0x20
[   73.532981][ T5096]  ? truncate_inode_pages_range+0xf70/0xf70
[   73.538924][ T5096]  ? btrfs_readahead+0x20/0x20
[   73.543733][ T5096]  truncate_cleanup_folio+0x106/0x3d0
[   73.549136][ T5096]  truncate_inode_pages_range+0x2b6/0xf70
[   73.554878][ T5096]  ? mapping_evict_folio+0x530/0x530
[   73.560208][ T5096]  ? unmap_mapping_pages+0x180/0x180
[   73.565501][ T5096]  ? inode_maybe_inc_iversion+0x1a3/0x1f0
[   73.571247][ T5096]  ? generic_set_encrypted_ci_d_ops+0x100/0x100
[   73.577531][ T5096]  truncate_setsize+0xcf/0xf0
[   73.582225][ T5096]  btrfs_setattr+0x605/0x11a0
[   73.586918][ T5096]  ? smack_inode_setattr+0x1cd/0x260
[   73.592214][ T5096]  ? smack_inode_permission+0x380/0x380
[   73.597763][ T5096]  ? btrfs_permission+0x1b0/0x1b0
[   73.602893][ T5096]  ? current_time+0x1be/0x2b0
[   73.607577][ T5096]  ? inode_set_ctime_current+0x80/0x80
[   73.613056][ T5096]  ? evm_inode_setattr+0x100/0x740
[   73.618178][ T5096]  ? bpf_lsm_inode_setattr+0x9/0x10
[   73.623384][ T5096]  ? security_inode_setattr+0xd7/0x130
[   73.628846][ T5096]  ? btrfs_permission+0x1b0/0x1b0
[   73.633876][ T5096]  notify_change+0xb99/0xe60
[   73.638492][ T5096]  do_truncate+0x220/0x300
[   73.642947][ T5096]  ? put_page_bootmem+0x2e0/0x2e0
[   73.648040][ T5096]  ? print_irqtrace_events+0x220/0x220
[   73.653526][ T5096]  do_sys_ftruncate+0x2f3/0x390
[   73.658394][ T5096]  do_syscall_64+0x45/0x110
[   73.662907][ T5096]  entry_SYSCALL_64_after_hwframe+0x63/0x6b
[   73.668823][ T5096] RIP: 0033:0x7f29234012e9
[   73.673256][ T5096] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   73.692877][ T5096] RSP: 002b:00007ffe1c6eba38 EFLAGS: 00000246 ORIG_RAX: 000000000000004d
[   73.701406][ T5096] RAX: ffffffffffffffda RBX: 00007ffe1c6eba60 RCX: 00007f29234012e9
[   73.709384][ T5096] RDX: 00007f29234003b0 RSI: 0000000000000000 RDI: 0000000000000005
[   73.717377][ T5096] RBP: 0000000000000001 R08: 00007ffe1c6eb7d7 R09: 00007ffe1c6eba80
[   73.725357][ T5096] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffe1c6eba5c
[   73.733333][ T5096] R13: 0000000000000002 R14: 431bde82d7b634db R15: 00007ffe1c6ebaa0
[   73.741329][ T5096]  </TASK>
[   73.744889][ T5096] ------------[ cut here ]------------
[   73.750407][ T5096] kernel BUG at fs/btrfs/extent-io-tree.c:560!
[   73.756601][ T5096] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[   73.762694][ T5096] CPU: 0 PID: 5096 Comm: syz-executor406 Not tainted 6.7.0-rc1-syzkaller-00213-g791c8ab095f7 #0
[   73.773111][ T5096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[   73.783162][ T5096] RIP: 0010:clear_state_bit+0x32b/0x330
[   73.788726][ T5096] Code: fe e9 98 fd ff ff 44 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c c5 fe ff ff 4c 89 ef e8 e0 39 2f fe e9 b8 fe ff ff e8 76 5b d3 fd 90 <0f> 0b 0f 1f 00 66 0f 1f 00 55 41 57 41 56 41 55 41 54 53 48 83 ec
[   73.808331][ T5096] RSP: 0018:ffffc900041d7470 EFLAGS: 00010293
[   73.814419][ T5096] RAX: ffffffff83bb233a RBX: 00000000fffffff4 RCX: ffff88801ab55940
[   73.822391][ T5096] RDX: 0000000000000000 RSI: 00000000fffffff4 RDI: 0000000000000000
[   73.830367][ T5096] RBP: 0000000000000000 R08: ffffffff83bb2163 R09: 00000000ffffffff
[   73.838338][ T5096] R10: dffffc0000000000 R11: fffffbfff1b4556b R12: ffff88801f20d480
[   73.846485][ T5096] R13: ffffc900041d7678 R14: 0000000000000800 R15: dffffc0000000000
[   73.854460][ T5096] FS:  000055555710b380(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[   73.863389][ T5096] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   73.869989][ T5096] CR2: 0000000020009000 CR3: 0000000078928000 CR4: 00000000003506f0
[   73.877989][ T5096] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   73.885961][ T5096] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   73.893947][ T5096] Call Trace:
[   73.897243][ T5096]  <TASK>
[   73.900182][ T5096]  ? __die_body+0x8b/0xe0
[   73.904528][ T5096]  ? die+0xa1/0xd0
[   73.908264][ T5096]  ? do_trap+0x153/0x380
[   73.912539][ T5096]  ? clear_state_bit+0x32b/0x330
[   73.917509][ T5096]  ? do_error_trap+0x1dc/0x2c0
[   73.922301][ T5096]  ? clear_state_bit+0x32b/0x330
[   73.927257][ T5096]  ? do_int3+0x50/0x50
[   73.931339][ T5096]  ? handle_invalid_op+0x34/0x40
[   73.936287][ T5096]  ? clear_state_bit+0x32b/0x330
[   73.941231][ T5096]  ? exc_invalid_op+0x34/0x50
[   73.945916][ T5096]  ? asm_exc_invalid_op+0x1a/0x20
[   73.950951][ T5096]  ? clear_state_bit+0x153/0x330
[   73.956066][ T5096]  ? clear_state_bit+0x32a/0x330
[   73.961012][ T5096]  ? clear_state_bit+0x32b/0x330
[   73.965960][ T5096]  __clear_extent_bit+0x52b/0xb10
[   73.970998][ T5096]  clear_record_extent_bits+0x4d/0x80
[   73.976382][ T5096]  __btrfs_qgroup_release_data+0x5cc/0xaa0
[   73.982394][ T5096]  ? mark_lock+0x9a/0x350
[   73.986733][ T5096]  ? lockdep_hardirqs_on_prepare+0x43c/0x780
[   73.992809][ T5096]  ? btrfs_qgroup_free_data+0x40/0x40
[   73.998187][ T5096]  ? print_irqtrace_events+0x220/0x220
[   74.003678][ T5096]  ? _raw_spin_lock_irq+0xdf/0x120
[   74.008811][ T5096]  ? _raw_spin_unlock_irq+0x2e/0x50
[   74.014028][ T5096]  btrfs_invalidate_folio+0x7cf/0xad0
[   74.019417][ T5096]  ? btrfs_readahead+0x20/0x20
[   74.024188][ T5096]  ? truncate_inode_pages_range+0xf70/0xf70
[   74.030101][ T5096]  ? btrfs_readahead+0x20/0x20
[   74.034877][ T5096]  truncate_cleanup_folio+0x106/0x3d0
[   74.040267][ T5096]  truncate_inode_pages_range+0x2b6/0xf70
[   74.046006][ T5096]  ? mapping_evict_folio+0x530/0x530
[   74.051318][ T5096]  ? unmap_mapping_pages+0x180/0x180
[   74.056609][ T5096]  ? inode_maybe_inc_iversion+0x1a3/0x1f0
[   74.062337][ T5096]  ? generic_set_encrypted_ci_d_ops+0x100/0x100
[   74.068601][ T5096]  truncate_setsize+0xcf/0xf0
[   74.073294][ T5096]  btrfs_setattr+0x605/0x11a0
[   74.077981][ T5096]  ? smack_inode_setattr+0x1cd/0x260
[   74.083271][ T5096]  ? smack_inode_permission+0x380/0x380
[   74.088823][ T5096]  ? btrfs_permission+0x1b0/0x1b0
[   74.093867][ T5096]  ? current_time+0x1be/0x2b0
[   74.098558][ T5096]  ? inode_set_ctime_current+0x80/0x80
[   74.104035][ T5096]  ? evm_inode_setattr+0x100/0x740
[   74.109157][ T5096]  ? bpf_lsm_inode_setattr+0x9/0x10
[   74.114369][ T5096]  ? security_inode_setattr+0xd7/0x130
[   74.119852][ T5096]  ? btrfs_permission+0x1b0/0x1b0
[   74.124930][ T5096]  notify_change+0xb99/0xe60
[   74.129627][ T5096]  do_truncate+0x220/0x300
[   74.134140][ T5096]  ? put_page_bootmem+0x2e0/0x2e0
[   74.139182][ T5096]  ? print_irqtrace_events+0x220/0x220
[   74.144739][ T5096]  do_sys_ftruncate+0x2f3/0x390
[   74.149598][ T5096]  do_syscall_64+0x45/0x110
[   74.154109][ T5096]  entry_SYSCALL_64_after_hwframe+0x63/0x6b
[   74.160021][ T5096] RIP: 0033:0x7f29234012e9
[   74.164441][ T5096] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   74.184137][ T5096] RSP: 002b:00007ffe1c6eba38 EFLAGS: 00000246 ORIG_RAX: 000000000000004d
[   74.192555][ T5096] RAX: ffffffffffffffda RBX: 00007ffe1c6eba60 RCX: 00007f29234012e9
[   74.200530][ T5096] RDX: 00007f29234003b0 RSI: 0000000000000000 RDI: 0000000000000005
[   74.208508][ T5096] RBP: 0000000000000001 R08: 00007ffe1c6eb7d7 R09: 00007ffe1c6eba80
[   74.216479][ T5096] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffe1c6eba5c
[   74.224471][ T5096] R13: 0000000000000002 R14: 431bde82d7b634db R15: 00007ffe1c6ebaa0
[   74.232451][ T5096]  </TASK>
[   74.235472][ T5096] Modules linked in:
[   74.239539][ T5096] ---[ end trace 0000000000000000 ]---
[   74.245013][ T5096] RIP: 0010:clear_state_bit+0x32b/0x330
[   74.250625][ T5096] Code: fe e9 98 fd ff ff 44 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c c5 fe ff ff 4c 89 ef e8 e0 39 2f fe e9 b8 fe ff ff e8 76 5b d3 fd 90 <0f> 0b 0f 1f 00 66 0f 1f 00 55 41 57 41 56 41 55 41 54 53 48 83 ec
[   74.270338][ T5096] RSP: 0018:ffffc900041d7470 EFLAGS: 00010293
[   74.276442][ T5096] RAX: ffffffff83bb233a RBX: 00000000fffffff4 RCX: ffff88801ab55940
[   74.284467][ T5096] RDX: 0000000000000000 RSI: 00000000fffffff4 RDI: 0000000000000000
[   74.292474][ T5096] RBP: 0000000000000000 R08: ffffffff83bb2163 R09: 00000000ffffffff
[   74.300490][ T5096] R10: dffffc0000000000 R11: fffffbfff1b4556b R12: ffff88801f20d480
[   74.308491][ T5096] R13: ffffc900041d7678 R14: 0000000000000800 R15: dffffc0000000000
[   74.316463][ T5096] FS:  000055555710b380(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[   74.325442][ T5096] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   74.332061][ T5096] CR2: 0000000020009000 CR3: 0000000078928000 CR4: 00000000003506f0
[   74.340085][ T5096] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   74.348128][ T5096] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   74.356118][ T5096] Kernel panic - not syncing: Fatal exception
[   74.362481][ T5096] Kernel Offset: disabled
[   74.366805][ T5096] Rebooting in 86400 seconds..