./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3657192278
<...>
Warning: Permanently added '10.128.1.157' (ECDSA) to the list of known hosts.
execve("./syz-executor3657192278", ["./syz-executor3657192278"], 0x7ffc11dc02a0 /* 10 vars */) = 0
brk(NULL) = 0x555556b8c000
brk(0x555556b8cc40) = 0x555556b8cc40
arch_prctl(ARCH_SET_FS, 0x555556b8c300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor3657192278", 4096) = 28
brk(0x555556badc40) = 0x555556badc40
brk(0x555556bae000) = 0x555556bae000
mprotect(0x7f7dbd4d6000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
getpid() = 5075
mkdir("./syzkaller.BgPnFY", 0700) = 0
chmod("./syzkaller.BgPnFY", 0777) = 0
chdir("./syzkaller.BgPnFY") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b8c5d0) = 5077
./strace-static-x86_64: Process 5077 attached
[pid 5077] chdir("./0") = 0
[pid 5077] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5077] setpgid(0, 0) = 0
[pid 5077] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5077] write(3, "1000", 4) = 4
[pid 5077] close(3) = 0
[pid 5077] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5077] memfd_create("syzkaller", 0) = 3
[pid 5077] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7db5015000
syzkaller login: [ 41.175537][ T5077] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5077 'syz-executor365'
[pid 5077] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5077] munmap(0x7f7db5015000, 16777216) = 0
[pid 5077] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5077] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5077] close(3) = 0
[pid 5077] mkdir("./file0", 0777) = 0
[ 41.273963][ T5077] loop0: detected capacity change from 0 to 32768
[ 41.284987][ T5077] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz-executor365 (5077)
[ 41.301934][ T5077] BTRFS info (device loop0): using sha256 (sha256-ni) checksum algorithm
[ 41.310453][ T5077] BTRFS info (device loop0): setting nodatacow, compression disabled
[pid 5077] mount("/dev/loop0", "./file0", "btrfs", MS_NODEV, "enospc_debug,nodatacow,subvolid=0x0000000000000005,nodatacow,") = 0
[pid 5077] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5077] chdir("./file0") = 0
[pid 5077] ioctl(4, LOOP_CLR_FD) = 0
[pid 5077] close(4) = 0
[pid 5077] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 5077] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[ 41.318548][ T5077] BTRFS info (device loop0): using free space tree
[ 41.335611][ T5077] BTRFS info (device loop0): enabling ssd optimizations
[ 41.342578][ T5077] BTRFS info (device loop0): auto enabling async discard
[pid 5077] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[pid 5077] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 5077] write(6, "10", 2) = 2
[ 41.408535][ T3585] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 41.421288][ T5077] FAULT_INJECTION: forcing a failure.
[ 41.421288][ T5077] name failslab, interval 1, probability 0, space 0, times 1
[ 41.434457][ T5077] CPU: 1 PID: 5077 Comm: syz-executor365 Not tainted 6.3.0-rc3-syzkaller-00016-g2faac9a98f01 #0
[ 41.444888][ T5077] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 41.454958][ T5077] Call Trace:
[ 41.458246][ T5077]
[ 41.461183][ T5077] dump_stack_lvl+0x136/0x150
[ 41.465905][ T5077] should_fail_ex+0x4a3/0x5b0
[ 41.470700][ T5077] should_failslab+0x9/0x20
[ 41.475205][ T5077] kmem_cache_alloc+0x63/0x3b0
[ 41.479968][ T5077] ? btrfs_lookup_first_ordered_extent+0x251/0x4e0
[ 41.486838][ T5077] alloc_extent_map+0x1e/0x150
[ 41.492757][ T5077] btrfs_get_extent+0x20e/0x19d0
[ 41.497743][ T5077] ? btrfs_rename2+0x130/0x130
[ 41.502513][ T5077] ? btrfs_wait_ordered_range+0x8b/0x290
[ 41.508168][ T5077] btrfs_fallocate+0x10e8/0x2820
[ 41.513128][ T5077] ? btrfs_replace_file_extents+0x1aa0/0x1aa0
[ 41.519201][ T5077] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 41.525262][ T5077] ? lock_downgrade+0x690/0x690
[ 41.530106][ T5077] ? aa_path_link+0x2f0/0x2f0
[ 41.534800][ T5077] ? tomoyo_supervisor+0x1c6/0xf10
[ 41.539929][ T5077] ? lock_release+0x670/0x670
[ 41.544610][ T5077] ? btrfs_replace_file_extents+0x1aa0/0x1aa0
[ 41.550671][ T5077] vfs_fallocate+0x48b/0xe40
[ 41.555260][ T5077] ioctl_preallocate+0x18e/0x200
[ 41.560212][ T5077] ? fiemap_prep+0x220/0x220
[ 41.564897][ T5077] do_vfs_ioctl+0x129a/0x1670
[ 41.569571][ T5077] ? vfs_fileattr_set+0xc40/0xc40
[ 41.574722][ T5077] ? find_held_lock+0x2d/0x110
[ 41.579488][ T5077] ? name_to_dev_t+0x363/0x9d0
[ 41.584250][ T5077] ? lock_downgrade+0x690/0x690
[ 41.589157][ T5077] ? bpf_lsm_file_ioctl+0x9/0x10
[ 41.594095][ T5077] __x64_sys_ioctl+0x10c/0x210
[ 41.598882][ T5077] do_syscall_64+0x39/0xb0
[ 41.603317][ T5077] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 41.609230][ T5077] RIP: 0033:0x7f7dbd462b49
[ 41.613633][ T5077] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 41.633232][ T5077] RSP: 002b:00007fff6c381d78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 41.641636][ T5077] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f7dbd462b49
[ 41.649599][ T5077] RDX: 0000000020000000 RSI: 0000000040305839 RDI: 0000000000000005
[pid 5077] ioctl(5, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOMEM (Cannot allocate memory)
[pid 5077] exit_group(0) = ?
[pid 5077] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5077, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=20 /* 0.20 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556b8d620 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./0/binderfs") = 0
[ 41.657558][ T5077] RBP: 00007fff6c381da0 R08: 0000000000000002 R09: 00007fff6c381db0
[ 41.665522][ T5077] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[ 41.673658][ T5077] R13: 00007fff6c381de0 R14: 00007fff6c381dc0 R15: 0000000000000000
[ 41.681830][ T5077]
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556b95660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556b95660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./0/file0") = 0
getdents64(3, 0x555556b8d620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./0") = 0
mkdir("./1", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5097 attached
, child_tidptr=0x555556b8c5d0) = 5097
[pid 5097] chdir("./1") = 0
[pid 5097] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5097] setpgid(0, 0) = 0
[pid 5097] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5097] write(3, "1000", 4) = 4
[pid 5097] close(3) = 0
[pid 5097] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5097] memfd_create("syzkaller", 0) = 3
[pid 5097] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7db5015000
[pid 5097] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5097] munmap(0x7f7db5015000, 16777216) = 0
[pid 5097] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5097] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5097] close(3) = 0
[pid 5097] mkdir("./file0", 0777) = 0
[ 41.879592][ T5097] loop0: detected capacity change from 0 to 32768
[ 41.889119][ T5097] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz-executor365 (5097)
[ 41.904188][ T5097] BTRFS info (device loop0): using sha256 (sha256-ni) checksum algorithm
[ 41.912686][ T5097] BTRFS info (device loop0): setting nodatacow, compression disabled
[ 41.920923][ T5097] BTRFS info (device loop0): using free space tree
[pid 5097] mount("/dev/loop0", "./file0", "btrfs", MS_NODEV, "enospc_debug,nodatacow,subvolid=0x0000000000000005,nodatacow,") = 0
[pid 5097] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5097] chdir("./file0") = 0
[pid 5097] ioctl(4, LOOP_CLR_FD) = 0
[pid 5097] close(4) = 0
[pid 5097] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 5097] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 5097] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[pid 5097] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 5097] write(6, "10", 2) = 2
[ 41.936782][ T5097] BTRFS info (device loop0): enabling ssd optimizations
[ 41.943775][ T5097] BTRFS info (device loop0): auto enabling async discard
[ 41.984375][ T5097] FAULT_INJECTION: forcing a failure.
[ 41.984375][ T5097] name failslab, interval 1, probability 0, space 0, times 0
[ 41.998043][ T3585] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 42.007417][ T5097] CPU: 1 PID: 5097 Comm: syz-executor365 Not tainted 6.3.0-rc3-syzkaller-00016-g2faac9a98f01 #0
[ 42.017835][ T5097] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 42.027920][ T5097] Call Trace:
[ 42.031206][ T5097]
[ 42.034146][ T5097] dump_stack_lvl+0x136/0x150
[ 42.038840][ T5097] should_fail_ex+0x4a3/0x5b0
[ 42.043620][ T5097] should_failslab+0x9/0x20
[ 42.048137][ T5097] kmem_cache_alloc+0x63/0x3b0
[ 42.053007][ T5097] btrfs_get_extent+0x2c8/0x19d0
[ 42.058015][ T5097] ? btrfs_rename2+0x130/0x130
[ 42.062805][ T5097] ? btrfs_wait_ordered_range+0x8b/0x290
[ 42.068455][ T5097] btrfs_fallocate+0x10e8/0x2820
[ 42.073386][ T5097] ? btrfs_replace_file_extents+0x1aa0/0x1aa0
[ 42.079440][ T5097] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 42.085417][ T5097] ? lock_downgrade+0x690/0x690
[ 42.090322][ T5097] ? aa_path_link+0x2f0/0x2f0
[ 42.094991][ T5097] ? tomoyo_supervisor+0x1c6/0xf10
[ 42.100371][ T5097] ? lock_release+0x670/0x670
[ 42.105069][ T5097] ? btrfs_replace_file_extents+0x1aa0/0x1aa0
[ 42.111129][ T5097] vfs_fallocate+0x48b/0xe40
[ 42.115716][ T5097] ioctl_preallocate+0x18e/0x200
[ 42.120654][ T5097] ? fiemap_prep+0x220/0x220
[ 42.125270][ T5097] do_vfs_ioctl+0x129a/0x1670
[ 42.129948][ T5097] ? vfs_fileattr_set+0xc40/0xc40
[ 42.134974][ T5097] ? find_held_lock+0x2d/0x110
[ 42.139742][ T5097] ? name_to_dev_t+0x363/0x9d0
[ 42.144500][ T5097] ? lock_downgrade+0x690/0x690
[ 42.149433][ T5097] ? bpf_lsm_file_ioctl+0x9/0x10
[ 42.154722][ T5097] __x64_sys_ioctl+0x10c/0x210
[ 42.159749][ T5097] do_syscall_64+0x39/0xb0
[ 42.164157][ T5097] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 42.170046][ T5097] RIP: 0033:0x7f7dbd462b49
[ 42.174453][ T5097] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 42.194052][ T5097] RSP: 002b:00007fff6c381d78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 42.202479][ T5097] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f7dbd462b49
[ 42.210458][ T5097] RDX: 0000000020000000 RSI: 0000000040305839 RDI: 0000000000000005
[ 42.218435][ T5097] RBP: 00007fff6c381da0 R08: 0000000000000002 R09: 00007fff6c381db0
[ 42.226424][ T5097] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[pid 5097] ioctl(5, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOMEM (Cannot allocate memory)
[pid 5097] exit_group(0) = ?
[pid 5097] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5097, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=14 /* 0.14 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556b8d620 /* 4 entries */, 32768) = 112
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./1/binderfs") = 0
[ 42.234386][ T5097] R13: 00007fff6c381de0 R14: 00007fff6c381dc0 R15: 0000000000000001
[ 42.242362][ T5097]
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556b95660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556b95660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./1/file0") = 0
getdents64(3, 0x555556b8d620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./1") = 0
mkdir("./2", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b8c5d0) = 5116
./strace-static-x86_64: Process 5116 attached
[pid 5116] chdir("./2") = 0
[pid 5116] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5116] setpgid(0, 0) = 0
[pid 5116] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5116] write(3, "1000", 4) = 4
[pid 5116] close(3) = 0
[pid 5116] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5116] memfd_create("syzkaller", 0) = 3
[pid 5116] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7db5015000
[pid 5116] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5116] munmap(0x7f7db5015000, 16777216) = 0
[pid 5116] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5116] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5116] close(3) = 0
[pid 5116] mkdir("./file0", 0777) = 0
[ 42.425302][ T5116] loop0: detected capacity change from 0 to 32768
[ 42.434584][ T5116] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz-executor365 (5116)
[ 42.448746][ T5116] BTRFS info (device loop0): using sha256 (sha256-ni) checksum algorithm
[ 42.457221][ T5116] BTRFS info (device loop0): setting nodatacow, compression disabled
[ 42.465362][ T5116] BTRFS info (device loop0): using free space tree
[pid 5116] mount("/dev/loop0", "./file0", "btrfs", MS_NODEV, "enospc_debug,nodatacow,subvolid=0x0000000000000005,nodatacow,") = 0
[pid 5116] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5116] chdir("./file0") = 0
[pid 5116] ioctl(4, LOOP_CLR_FD) = 0
[pid 5116] close(4) = 0
[pid 5116] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 5116] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 5116] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[pid 5116] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 5116] write(6, "10", 2) = 2
[ 42.480843][ T5116] BTRFS info (device loop0): enabling ssd optimizations
[ 42.487934][ T5116] BTRFS info (device loop0): auto enabling async discard
[ 42.518086][ T5116] FAULT_INJECTION: forcing a failure.
[ 42.518086][ T5116] name failslab, interval 1, probability 0, space 0, times 0
[ 42.530873][ T5116] CPU: 1 PID: 5116 Comm: syz-executor365 Not tainted 6.3.0-rc3-syzkaller-00016-g2faac9a98f01 #0
[ 42.541375][ T5116] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 42.551436][ T5116] Call Trace:
[ 42.554719][ T5116]
[ 42.557655][ T5116] dump_stack_lvl+0x136/0x150
[ 42.562351][ T5116] should_fail_ex+0x4a3/0x5b0
[ 42.567043][ T5116] ? find_held_lock+0x2d/0x110
[ 42.571831][ T5116] should_failslab+0x9/0x20
[ 42.576374][ T5116] __kmem_cache_alloc_node+0x5b/0x320
[ 42.581748][ T5116] ? ulist_add_merge.part.0+0x85/0x4b0
[ 42.587210][ T5116] kmalloc_trace+0x26/0xe0
[ 42.591618][ T5116] ulist_add_merge.part.0+0x85/0x4b0
[ 42.596902][ T5116] ulist_add+0x106/0x160
[ 42.601162][ T5116] set_state_bits.isra.0+0x11f/0x1c0
[ 42.606445][ T5116] __set_extent_bit+0xb6d/0x15e0
[ 42.611381][ T5116] set_record_extent_bits+0x5c/0x90
[ 42.616582][ T5116] qgroup_reserve_data+0x233/0xa80
[ 42.621692][ T5116] btrfs_qgroup_reserve_data+0x2f/0xd0
[ 42.627152][ T5116] btrfs_fallocate+0x1441/0x2820
[ 42.632090][ T5116] ? btrfs_replace_file_extents+0x1aa0/0x1aa0
[ 42.638151][ T5116] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 42.644125][ T5116] ? lock_downgrade+0x690/0x690
[ 42.649488][ T5116] ? aa_path_link+0x2f0/0x2f0
[ 42.654160][ T5116] ? tomoyo_supervisor+0x1c6/0xf10
[ 42.659273][ T5116] ? lock_release+0x670/0x670
[ 42.663944][ T5116] ? btrfs_replace_file_extents+0x1aa0/0x1aa0
[ 42.670009][ T5116] vfs_fallocate+0x48b/0xe40
[ 42.674601][ T5116] ioctl_preallocate+0x18e/0x200
[ 42.679534][ T5116] ? fiemap_prep+0x220/0x220
[ 42.684301][ T5116] do_vfs_ioctl+0x129a/0x1670
[ 42.689078][ T5116] ? vfs_fileattr_set+0xc40/0xc40
[ 42.694118][ T5116] ? find_held_lock+0x2d/0x110
[ 42.698884][ T5116] ? name_to_dev_t+0x363/0x9d0
[ 42.703730][ T5116] ? lock_downgrade+0x690/0x690
[ 42.708575][ T5116] ? bpf_lsm_file_ioctl+0x9/0x10
[ 42.713892][ T5116] __x64_sys_ioctl+0x10c/0x210
[ 42.718678][ T5116] do_syscall_64+0x39/0xb0
[ 42.723086][ T5116] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 42.728980][ T5116] RIP: 0033:0x7f7dbd462b49
[ 42.733390][ T5116] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 42.752986][ T5116] RSP: 002b:00007fff6c381d78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 42.761392][ T5116] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f7dbd462b49
[ 42.769353][ T5116] RDX: 0000000020000000 RSI: 0000000040305839 RDI: 0000000000000005
[ 42.777310][ T5116] RBP: 00007fff6c381da0 R08: 0000000000000002 R09: 00007fff6c381db0
[ 42.785292][ T5116] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[ 42.793253][ T5116] R13: 00007fff6c381de0 R14: 00007fff6c381dc0 R15: 0000000000000002
[ 42.801244][ T5116]
[ 42.804863][ T5116] ------------[ cut here ]------------
[ 42.810322][ T5116] kernel BUG at fs/btrfs/extent-io-tree.c:379!
[ 42.816557][ T5116] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[ 42.822624][ T5116] CPU: 1 PID: 5116 Comm: syz-executor365 Not tainted 6.3.0-rc3-syzkaller-00016-g2faac9a98f01 #0
[ 42.833027][ T5116] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 42.841238][ T3585] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 42.843055][ T5116] RIP: 0010:set_state_bits.isra.0+0x17b/0x1c0
[ 42.858126][ T5116] Code: 38 d0 7c 04 84 d2 75 31 44 8b 73 7c e8 fe 22 f9 fd 44 89 e0 44 09 f0 89 43 7c 5b 5d 41 5c 41 5d 41 5e 41 5f c3 e8 e5 22 f9 fd <0f> 0b 4c 89 ef e8 ab 2b 4a fe e9 e6 fe ff ff 4c 89 ef e8 9e 2b 4a
[ 42.877741][ T5116] RSP: 0018:ffffc90003f8f7c8 EFLAGS: 00010293
[ 42.883795][ T5116] RAX: 0000000000000000 RBX: ffff8880210ad240 RCX: 0000000000000000
[ 42.891751][ T5116] RDX: ffff8880783d9d40 RSI: ffffffff8389c21b RDI: 0000000000000005
[ 42.899707][ T5116] RBP: 00000000fffffff4 R08: 0000000000000005 R09: 0000000000000000
[ 42.907667][ T5116] R10: 00000000fffffff4 R11: 0000000000000000 R12: 0000000000000800
[ 42.915624][ T5116] R13: ffff8880210ad2bc R14: 000000000000ffff R15: 0000000000000000
[ 42.923579][ T5116] FS: 0000555556b8c300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[ 42.932503][ T5116] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 42.939072][ T5116] CR2: 00007f7dbd4da140 CR3: 000000002b1b3000 CR4: 0000000000350ee0
[ 42.947029][ T5116] Call Trace:
[ 42.950296][ T5116]
[ 42.953217][ T5116] __set_extent_bit+0xb6d/0x15e0
[ 42.958154][ T5116] set_record_extent_bits+0x5c/0x90
[ 42.963345][ T5116] qgroup_reserve_data+0x233/0xa80
[ 42.968479][ T5116] btrfs_qgroup_reserve_data+0x2f/0xd0
[ 42.973952][ T5116] btrfs_fallocate+0x1441/0x2820
[ 42.978882][ T5116] ? btrfs_replace_file_extents+0x1aa0/0x1aa0
[ 42.984932][ T5116] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 42.990902][ T5116] ? lock_downgrade+0x690/0x690
[ 42.995913][ T5116] ? aa_path_link+0x2f0/0x2f0
[ 43.000581][ T5116] ? tomoyo_supervisor+0x1c6/0xf10
[ 43.005686][ T5116] ? lock_release+0x670/0x670
[ 43.010353][ T5116] ? btrfs_replace_file_extents+0x1aa0/0x1aa0
[ 43.016408][ T5116] vfs_fallocate+0x48b/0xe40
[ 43.020987][ T5116] ioctl_preallocate+0x18e/0x200
[ 43.025924][ T5116] ? fiemap_prep+0x220/0x220
[ 43.030512][ T5116] do_vfs_ioctl+0x129a/0x1670
[ 43.035180][ T5116] ? vfs_fileattr_set+0xc40/0xc40
[ 43.040198][ T5116] ? find_held_lock+0x2d/0x110
[ 43.044955][ T5116] ? name_to_dev_t+0x363/0x9d0
[ 43.049715][ T5116] ? lock_downgrade+0x690/0x690
[ 43.054557][ T5116] ? bpf_lsm_file_ioctl+0x9/0x10
[ 43.059491][ T5116] __x64_sys_ioctl+0x10c/0x210
[ 43.064252][ T5116] do_syscall_64+0x39/0xb0
[ 43.068655][ T5116] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 43.074537][ T5116] RIP: 0033:0x7f7dbd462b49
[ 43.078941][ T5116] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 43.098549][ T5116] RSP: 002b:00007fff6c381d78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 43.106966][ T5116] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f7dbd462b49
[ 43.114920][ T5116] RDX: 0000000020000000 RSI: 0000000040305839 RDI: 0000000000000005
[ 43.122874][ T5116] RBP: 00007fff6c381da0 R08: 0000000000000002 R09: 00007fff6c381db0
[ 43.130846][ T5116] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[ 43.138802][ T5116] R13: 00007fff6c381de0 R14: 00007fff6c381dc0 R15: 0000000000000002
[ 43.146762][ T5116]
[ 43.149795][ T5116] Modules linked in:
[ 43.153753][ T5116] ---[ end trace 0000000000000000 ]---
[ 43.159223][ T5116] RIP: 0010:set_state_bits.isra.0+0x17b/0x1c0
[ 43.165398][ T5116] Code: 38 d0 7c 04 84 d2 75 31 44 8b 73 7c e8 fe 22 f9 fd 44 89 e0 44 09 f0 89 43 7c 5b 5d 41 5c 41 5d 41 5e 41 5f c3 e8 e5 22 f9 fd <0f> 0b 4c 89 ef e8 ab 2b 4a fe e9 e6 fe ff ff 4c 89 ef e8 9e 2b 4a
[ 43.185148][ T5116] RSP: 0018:ffffc90003f8f7c8 EFLAGS: 00010293
[ 43.191221][ T5116] RAX: 0000000000000000 RBX: ffff8880210ad240 RCX: 0000000000000000
[ 43.199215][ T5116] RDX: ffff8880783d9d40 RSI: ffffffff8389c21b RDI: 0000000000000005
[ 43.207192][ T5116] RBP: 00000000fffffff4 R08: 0000000000000005 R09: 0000000000000000
[ 43.215175][ T5116] R10: 00000000fffffff4 R11: 0000000000000000 R12: 0000000000000800
[ 43.223146][ T5116] R13: ffff8880210ad2bc R14: 000000000000ffff R15: 0000000000000000
[ 43.231231][ T5116] FS: 0000555556b8c300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[ 43.240182][ T5116] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 43.246775][ T5116] CR2: 00007f7dbd4da140 CR3: 000000002b1b3000 CR4: 0000000000350ee0
[ 43.254763][ T5116] Kernel panic - not syncing: Fatal exception
[ 43.261558][ T5116] Kernel Offset: disabled
[ 43.265868][ T5116] Rebooting in 86400 seconds..