./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3334225880
<...>
Warning: Permanently added '10.128.1.35' (ED25519) to the list of known hosts.
execve("./syz-executor3334225880", ["./syz-executor3334225880"], 0x7ffc0912e810 /* 10 vars */) = 0
brk(NULL) = 0x5555562e7000
brk(0x5555562e7d00) = 0x5555562e7d00
arch_prctl(ARCH_SET_FS, 0x5555562e7380) = 0
set_tid_address(0x5555562e7650) = 5061
set_robust_list(0x5555562e7660, 24) = 0
rseq(0x5555562e7ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor3334225880", 4096) = 28
getrandom("\x27\x40\x7d\x19\x4d\x1d\x22\x76", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x5555562e7d00
brk(0x555556308d00) = 0x555556308d00
brk(0x555556309000) = 0x555556309000
mprotect(0x7fbb114a5000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
mkdir("./syzkaller.FLlCJY", 0700) = 0
chmod("./syzkaller.FLlCJY", 0777) = 0
chdir("./syzkaller.FLlCJY") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5062 attached
, child_tidptr=0x5555562e7650) = 5062
[pid 5062] set_robust_list(0x5555562e7660, 24) = 0
[pid 5062] chdir("./0") = 0
[pid 5062] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5062] setpgid(0, 0) = 0
[pid 5062] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5062] write(3, "1000", 4) = 4
[pid 5062] close(3) = 0
[pid 5062] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5062] memfd_create("syzkaller", 0) = 3
[pid 5062] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb08fed000
[pid 5062] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5062] munmap(0x7fbb08fed000, 138412032) = 0
[pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5062] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5062] close(3) = 0
[pid 5062] mkdir("./file0", 0777) = 0
[ 70.747845][ T5062] loop0: detected capacity change from 0 to 32768
[ 70.765515][ T5062] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor333 (5062)
[ 70.787752][ T5062] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 70.798179][ T5062] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 70.806951][ T5062] BTRFS info (device loop0): doing ref verification
[ 70.813648][ T5062] BTRFS info (device loop0): force zlib compression, level 3
[ 70.821132][ T5062] BTRFS info (device loop0): using free space tree
[pid 5062] mount("/dev/loop0", "./file0", "btrfs", 0, "commit=0x0000000000000022,noautodefrag,ref_verify,skip_balance,compress-force,") = 0
[pid 5062] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5062] chdir("./file0") = 0
[pid 5062] ioctl(4, LOOP_CLR_FD) = 0
[pid 5062] close(4) = 0
[ 70.847975][ T5062] BTRFS info (device loop0): enabling ssd optimizations
[ 70.855456][ T5062] BTRFS info (device loop0): auto enabling async discard
[pid 5062] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid 5062] fallocate(4, 0, 0, 1048820) = 0
[pid 5062] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5062] write(5, "56", 2) = 2
[ 70.908687][ T28] audit: type=1800 audit(1701700594.169:2): pid=5062 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor333" name="bus" dev="loop0" ino=263 res=0 errno=0
[ 70.986242][ T5062] FAULT_INJECTION: forcing a failure.
[ 70.986242][ T5062] name failslab, interval 1, probability 0, space 0, times 1
[ 71.000144][ T5062] CPU: 0 PID: 5062 Comm: syz-executor333 Not tainted 6.7.0-rc4-syzkaller #0
[ 71.008908][ T5062] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 71.019094][ T5062] Call Trace:
[ 71.022412][ T5062]
[ 71.025467][ T5062] dump_stack_lvl+0x1e7/0x2d0
[ 71.030277][ T5062] ? nf_tcp_handle_invalid+0x650/0x650
[ 71.035808][ T5062] ? panic+0x850/0x850
[ 71.040016][ T5062] ? __might_sleep+0xe0/0xe0
[ 71.044671][ T5062] should_fail_ex+0x3aa/0x4e0
[ 71.049665][ T5062] ? add_to_free_space_tree+0xc7/0x2e0
[ 71.055219][ T5062] should_failslab+0x9/0x20
[ 71.059803][ T5062] kmem_cache_alloc+0x6d/0x2b0
[ 71.064639][ T5062] ? btrfs_qgroup_destroy_extent_records+0xb0/0xb0
[ 71.071201][ T5062] add_to_free_space_tree+0xc7/0x2e0
[ 71.076544][ T5062] __btrfs_free_extent+0x1cc4/0x38e0
[ 71.081903][ T5062] ? __btrfs_inc_extent_ref+0x610/0x610
[ 71.087502][ T5062] ? lock_downgrade+0x840/0x8f0
[ 71.092374][ T5062] ? __btrfs_run_delayed_refs+0xa94/0x44d0
[ 71.098383][ T5062] ? __lock_acquire+0x1fd0/0x1fd0
[ 71.103452][ T5062] ? do_raw_spin_unlock+0x13b/0x8b0
[ 71.108726][ T5062] __btrfs_run_delayed_refs+0x13c8/0x44d0
[ 71.114555][ T5062] ? btrfs_run_delayed_refs+0x2c0/0x2c0
[ 71.120159][ T5062] ? __lock_acquire+0x1345/0x1fd0
[ 71.125256][ T5062] ? read_lock_is_recursive+0x20/0x20
[ 71.130772][ T5062] btrfs_run_delayed_refs+0xe3/0x2c0
[ 71.136105][ T5062] btrfs_commit_transaction+0x4ba/0x3740
[ 71.141799][ T5062] ? btrfs_commit_transaction+0x17b/0x3740
[ 71.147667][ T5062] ? btrfs_commit_transaction_async+0x480/0x480
[ 71.154027][ T5062] ? __up_read+0x6a0/0x6a0
[ 71.158473][ T5062] ? dput+0x52/0x470
[ 71.162438][ T5062] btrfs_sync_file+0xf50/0x1330
[ 71.167592][ T5062] ? btrfs_release_file+0x130/0x130
[ 71.172860][ T5062] ? __lock_acquire+0x1fd0/0x1fd0
[ 71.177901][ T5062] ? do_raw_spin_lock+0x14e/0x370
[ 71.183132][ T5062] ? do_raw_spin_unlock+0x13b/0x8b0
[ 71.188354][ T5062] btrfs_do_write_iter+0xbc5/0x1190
[ 71.193574][ T5062] ? mark_lock+0x9a/0x350
[ 71.198325][ T5062] ? btrfs_check_nocow_unlock+0x40/0x40
[ 71.203998][ T5062] do_iter_readv_writev+0x330/0x4a0
[ 71.209230][ T5062] ? generic_file_rw_checks+0x260/0x260
[ 71.214814][ T5062] ? fsnotify_perm+0x67/0x5a0
[ 71.219524][ T5062] ? bpf_lsm_file_permission+0x9/0x10
[ 71.224920][ T5062] do_iter_write+0x1f6/0x8d0
[ 71.229663][ T5062] do_pwritev+0x21a/0x360
[ 71.234023][ T5062] ? do_preadv+0x350/0x350
[ 71.238474][ T5062] ? do_notify_parent+0x10c0/0x10c0
[ 71.243695][ T5062] ? lockdep_hardirqs_on_prepare+0x43c/0x780
[ 71.249701][ T5062] ? print_irqtrace_events+0x220/0x220
[ 71.255180][ T5062] ? syscall_enter_from_user_mode+0xa4/0x2d0
[ 71.261197][ T5062] ? syscall_enter_from_user_mode+0xf5/0x2d0
[ 71.267240][ T5062] ? __x64_sys_pwritev2+0xbd/0x100
[ 71.272394][ T5062] do_syscall_64+0x45/0x110
[ 71.277015][ T5062] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 71.282940][ T5062] RIP: 0033:0x7fbb1142c2e9
[ 71.287367][ T5062] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 71.307176][ T5062] RSP: 002b:00007ffcc5e96ae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[ 71.315625][ T5062] RAX: ffffffffffffffda RBX: 00007ffcc5e96b20 RCX: 00007fbb1142c2e9
[ 71.323804][ T5062] RDX: 0000000000000001 RSI: 00000000200026c0 RDI: 0000000000000004
[ 71.331902][ T5062] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000010
[ 71.339901][ T5062] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 71.347891][ T5062] R13: 0000000000000000 R14: 431bde82d7b634db R15: 00007ffcc5e96b60
[ 71.355892][ T5062]
[ 71.363827][ T5062] BTRFS error (device loop0: state A): Transaction aborted (error -12)
[ 71.372896][ T5062] BTRFS: error (device loop0: state A) in add_to_free_space_tree:1057: errno=-12 Out of memory
[pid 5062] pwritev2(4, [{iov_base="\xc5", iov_len=1}], 1, 0, RWF_APPEND) = -1 ENOMEM (Cannot allocate memory)
[pid 5062] exit_group(0) = ?
[pid 5062] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5062, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=38 /* 0.38 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
[ 71.383413][ T5062] BTRFS info (device loop0: state EA): forced readonly
[ 71.390405][ T5062] BTRFS: error (device loop0: state EA) in do_free_extent_accounting:2989: errno=-12 Out of memory
[ 71.401244][ T5062] BTRFS error (device loop0: state EA): failed to run delayed ref for logical 5267456 num_bytes 4096 type 176 action 2 ref_mod 1: -12
[ 71.415115][ T5062] BTRFS: error (device loop0: state EA) in btrfs_run_delayed_refs:2226: errno=-12 Out of memory
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555562e86f0 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/binderfs") = 0
[ 71.513277][ T5061] BTRFS info (device loop0: state EA): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555562f0730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562f0730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./0/file0") = 0
getdents64(3, 0x5555562e86f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./0") = 0
mkdir("./1", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5081 attached
, child_tidptr=0x5555562e7650) = 5081
[pid 5081] set_robust_list(0x5555562e7660, 24) = 0
[pid 5081] chdir("./1") = 0
[pid 5081] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5081] setpgid(0, 0) = 0
[pid 5081] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5081] write(3, "1000", 4) = 4
[pid 5081] close(3) = 0
[pid 5081] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5081] memfd_create("syzkaller", 0) = 3
[pid 5081] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb08fed000
[pid 5081] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5081] munmap(0x7fbb08fed000, 138412032) = 0
[pid 5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5081] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5081] close(3) = 0
[pid 5081] mkdir("./file0", 0777) = 0
[ 72.054951][ T5081] loop0: detected capacity change from 0 to 32768
[ 72.073229][ T5081] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor333 (5081)
[ 72.091086][ T5081] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 72.102348][ T5081] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 72.111135][ T5081] BTRFS info (device loop0): doing ref verification
[ 72.117753][ T5081] BTRFS info (device loop0): force zlib compression, level 3
[ 72.125183][ T5081] BTRFS info (device loop0): using free space tree
[ 72.148625][ T5081] BTRFS info (device loop0): enabling ssd optimizations
[pid 5081] mount("/dev/loop0", "./file0", "btrfs", 0, "commit=0x0000000000000022,noautodefrag,ref_verify,skip_balance,compress-force,") = 0
[pid 5081] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5081] chdir("./file0") = 0
[pid 5081] ioctl(4, LOOP_CLR_FD) = 0
[pid 5081] close(4) = 0
[ 72.155968][ T5081] BTRFS info (device loop0): auto enabling async discard
[pid 5081] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid 5081] fallocate(4, 0, 0, 1048820) = 0
[pid 5081] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5081] write(5, "56", 2) = 2
[ 72.204946][ T28] audit: type=1800 audit(1701700595.469:3): pid=5081 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor333" name="bus" dev="loop0" ino=263 res=0 errno=0
[ 72.249327][ T5081] FAULT_INJECTION: forcing a failure.
[ 72.249327][ T5081] name failslab, interval 1, probability 0, space 0, times 0
[ 72.262667][ T5081] CPU: 0 PID: 5081 Comm: syz-executor333 Not tainted 6.7.0-rc4-syzkaller #0
[ 72.271432][ T5081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 72.281654][ T5081] Call Trace:
[ 72.284971][ T5081]
[ 72.287937][ T5081] dump_stack_lvl+0x1e7/0x2d0
[ 72.292671][ T5081] ? nf_tcp_handle_invalid+0x650/0x650
[ 72.298186][ T5081] ? panic+0x850/0x850
[ 72.302330][ T5081] ? __might_sleep+0xe0/0xe0
[ 72.306992][ T5081] should_fail_ex+0x3aa/0x4e0
[ 72.311724][ T5081] ? add_to_free_space_tree+0xc7/0x2e0
[ 72.317228][ T5081] should_failslab+0x9/0x20
[ 72.321986][ T5081] kmem_cache_alloc+0x6d/0x2b0
[ 72.326805][ T5081] ? btrfs_qgroup_destroy_extent_records+0xb0/0xb0
[ 72.333715][ T5081] add_to_free_space_tree+0xc7/0x2e0
[ 72.339069][ T5081] __btrfs_free_extent+0x1cc4/0x38e0
[ 72.344427][ T5081] ? __btrfs_inc_extent_ref+0x610/0x610
[ 72.350042][ T5081] ? lock_downgrade+0x840/0x8f0
[ 72.354950][ T5081] ? __btrfs_run_delayed_refs+0xa94/0x44d0
[ 72.360816][ T5081] ? __lock_acquire+0x1fd0/0x1fd0
[ 72.365906][ T5081] ? do_raw_spin_unlock+0x13b/0x8b0
[ 72.371169][ T5081] __btrfs_run_delayed_refs+0x13c8/0x44d0
[ 72.377020][ T5081] ? btrfs_run_delayed_refs+0x2c0/0x2c0
[ 72.382625][ T5081] ? __lock_acquire+0x1345/0x1fd0
[ 72.387736][ T5081] ? read_lock_is_recursive+0x20/0x20
[ 72.393159][ T5081] btrfs_run_delayed_refs+0xe3/0x2c0
[ 72.398565][ T5081] btrfs_commit_transaction+0x4ba/0x3740
[ 72.404230][ T5081] ? btrfs_commit_transaction+0x17b/0x3740
[ 72.410088][ T5081] ? btrfs_commit_transaction_async+0x480/0x480
[ 72.416422][ T5081] ? __up_read+0x6a0/0x6a0
[ 72.420867][ T5081] ? dput+0x52/0x470
[ 72.424787][ T5081] btrfs_sync_file+0xf50/0x1330
[ 72.429699][ T5081] ? btrfs_release_file+0x130/0x130
[ 72.434917][ T5081] ? __lock_acquire+0x1fd0/0x1fd0
[ 72.439945][ T5081] ? do_raw_spin_lock+0x14e/0x370
[ 72.445077][ T5081] ? do_raw_spin_unlock+0x13b/0x8b0
[ 72.450328][ T5081] btrfs_do_write_iter+0xbc5/0x1190
[ 72.455634][ T5081] ? mark_lock+0x9a/0x350
[ 72.459996][ T5081] ? btrfs_check_nocow_unlock+0x40/0x40
[ 72.465577][ T5081] do_iter_readv_writev+0x330/0x4a0
[ 72.470900][ T5081] ? generic_file_rw_checks+0x260/0x260
[ 72.476483][ T5081] ? fsnotify_perm+0x67/0x5a0
[ 72.481211][ T5081] ? bpf_lsm_file_permission+0x9/0x10
[ 72.486704][ T5081] do_iter_write+0x1f6/0x8d0
[ 72.491326][ T5081] do_pwritev+0x21a/0x360
[ 72.495673][ T5081] ? do_preadv+0x350/0x350
[ 72.500120][ T5081] ? do_notify_parent+0x10c0/0x10c0
[ 72.505442][ T5081] ? lockdep_hardirqs_on_prepare+0x43c/0x780
[ 72.511659][ T5081] ? print_irqtrace_events+0x220/0x220
[ 72.517272][ T5081] ? syscall_enter_from_user_mode+0xa4/0x2d0
[ 72.523452][ T5081] ? syscall_enter_from_user_mode+0xf5/0x2d0
[ 72.529715][ T5081] ? __x64_sys_pwritev2+0xbd/0x100
[ 72.534853][ T5081] do_syscall_64+0x45/0x110
[ 72.539400][ T5081] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 72.545336][ T5081] RIP: 0033:0x7fbb1142c2e9
[ 72.549763][ T5081] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 72.569467][ T5081] RSP: 002b:00007ffcc5e96ae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[ 72.577937][ T5081] RAX: ffffffffffffffda RBX: 00007ffcc5e96b20 RCX: 00007fbb1142c2e9
[ 72.586133][ T5081] RDX: 0000000000000001 RSI: 00000000200026c0 RDI: 0000000000000004
[ 72.594665][ T5081] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000010
[ 72.603102][ T5081] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcc5e96b1c
[ 72.611181][ T5081] R13: 0000000000000001 R14: 431bde82d7b634db R15: 00007ffcc5e96b60
[ 72.619269][ T5081]
[ 72.624419][ T5081] BTRFS error (device loop0: state A): Transaction aborted (error -12)
[ 72.635124][ T5081] BTRFS: error (device loop0: state A) in add_to_free_space_tree:1057: errno=-12 Out of memory
[pid 5081] pwritev2(4, [{iov_base="\xc5", iov_len=1}], 1, 0, RWF_APPEND) = -1 ENOMEM (Cannot allocate memory)
[pid 5081] exit_group(0) = ?
[pid 5081] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5081, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=36 /* 0.36 s */} ---
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555562e86f0 /* 4 entries */, 32768) = 112
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/binderfs") = 0
[ 72.646123][ T5081] BTRFS info (device loop0: state EA): forced readonly
[ 72.653517][ T5081] BTRFS: error (device loop0: state EA) in do_free_extent_accounting:2989: errno=-12 Out of memory
[ 72.664475][ T5081] BTRFS error (device loop0: state EA): failed to run delayed ref for logical 5267456 num_bytes 4096 type 176 action 2 ref_mod 1: -12
[ 72.679417][ T5081] BTRFS: error (device loop0: state EA) in btrfs_run_delayed_refs:2226: errno=-12 Out of memory
[ 72.712095][ T5061] BTRFS info (device loop0: state EA): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555562f0730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562f0730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./1/file0") = 0
getdents64(3, 0x5555562e86f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./1") = 0
mkdir("./2", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5098 attached
, child_tidptr=0x5555562e7650) = 5098
[pid 5098] set_robust_list(0x5555562e7660, 24) = 0
[pid 5098] chdir("./2") = 0
[pid 5098] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5098] setpgid(0, 0) = 0
[pid 5098] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5098] write(3, "1000", 4) = 4
[pid 5098] close(3) = 0
[pid 5098] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5098] memfd_create("syzkaller", 0) = 3
[pid 5098] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb08fed000
[pid 5098] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5098] munmap(0x7fbb08fed000, 138412032) = 0
[pid 5098] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5098] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5098] close(3) = 0
[pid 5098] mkdir("./file0", 0777) = 0
[ 73.213313][ T5098] loop0: detected capacity change from 0 to 32768
[ 73.239965][ T5098] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor333 (5098)
[ 73.258506][ T5098] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 73.268797][ T5098] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 73.277518][ T5098] BTRFS info (device loop0): doing ref verification
[ 73.284245][ T5098] BTRFS info (device loop0): force zlib compression, level 3
[ 73.291776][ T5098] BTRFS info (device loop0): using free space tree
[pid 5098] mount("/dev/loop0", "./file0", "btrfs", 0, "commit=0x0000000000000022,noautodefrag,ref_verify,skip_balance,compress-force,") = 0
[pid 5098] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5098] chdir("./file0") = 0
[pid 5098] ioctl(4, LOOP_CLR_FD) = 0
[pid 5098] close(4) = 0
[ 73.319243][ T5098] BTRFS info (device loop0): enabling ssd optimizations
[ 73.326235][ T5098] BTRFS info (device loop0): auto enabling async discard
[pid 5098] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid 5098] fallocate(4, 0, 0, 1048820) = 0
[pid 5098] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5098] write(5, "56", 2) = 2
[ 73.362422][ T28] audit: type=1800 audit(1701700596.629:4): pid=5098 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor333" name="bus" dev="loop0" ino=263 res=0 errno=0
[ 73.410432][ T5098] FAULT_INJECTION: forcing a failure.
[ 73.410432][ T5098] name failslab, interval 1, probability 0, space 0, times 0
[ 73.423265][ T5098] CPU: 1 PID: 5098 Comm: syz-executor333 Not tainted 6.7.0-rc4-syzkaller #0
[ 73.431979][ T5098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 73.442047][ T5098] Call Trace:
[ 73.445609][ T5098]
[ 73.448571][ T5098] dump_stack_lvl+0x1e7/0x2d0
[ 73.453275][ T5098] ? nf_tcp_handle_invalid+0x650/0x650
[ 73.458753][ T5098] ? panic+0x850/0x850
[ 73.462835][ T5098] ? _raw_read_unlock+0x28/0x40
[ 73.467789][ T5098] should_fail_ex+0x3aa/0x4e0
[ 73.472510][ T5098] ? __btrfs_free_extent+0x26f/0x38e0
[ 73.477894][ T5098] should_failslab+0x9/0x20
[ 73.482410][ T5098] kmem_cache_alloc+0x6d/0x2b0
[ 73.487254][ T5098] __btrfs_free_extent+0x26f/0x38e0
[ 73.492572][ T5098] ? __btrfs_inc_extent_ref+0x610/0x610
[ 73.498132][ T5098] ? lock_downgrade+0x840/0x8f0
[ 73.503002][ T5098] ? __btrfs_run_delayed_refs+0xa94/0x44d0
[ 73.508871][ T5098] ? __lock_acquire+0x1fd0/0x1fd0
[ 73.513933][ T5098] ? do_raw_read_unlock+0x3c/0x80
[ 73.518995][ T5098] ? _raw_read_unlock+0x28/0x40
[ 73.523891][ T5098] ? do_raw_spin_unlock+0x13b/0x8b0
[ 73.529128][ T5098] __btrfs_run_delayed_refs+0x13c8/0x44d0
[ 73.534938][ T5098] ? btrfs_run_delayed_refs+0x2c0/0x2c0
[ 73.540510][ T5098] ? __lock_acquire+0x1345/0x1fd0
[ 73.545586][ T5098] ? read_lock_is_recursive+0x20/0x20
[ 73.551184][ T5098] btrfs_run_delayed_refs+0xe3/0x2c0
[ 73.556568][ T5098] btrfs_commit_transaction+0x4ba/0x3740
[ 73.562414][ T5098] ? btrfs_commit_transaction+0x17b/0x3740
[ 73.568283][ T5098] ? btrfs_commit_transaction_async+0x480/0x480
[ 73.574587][ T5098] ? __up_read+0x6a0/0x6a0
[ 73.579020][ T5098] ? dput+0x52/0x470
[ 73.582950][ T5098] btrfs_sync_file+0xf50/0x1330
[ 73.587941][ T5098] ? btrfs_release_file+0x130/0x130
[ 73.593167][ T5098] ? __lock_acquire+0x1fd0/0x1fd0
[ 73.598497][ T5098] ? do_raw_spin_lock+0x14e/0x370
[ 73.603680][ T5098] ? do_raw_spin_unlock+0x13b/0x8b0
[ 73.608933][ T5098] btrfs_do_write_iter+0xbc5/0x1190
[ 73.614189][ T5098] ? mark_lock+0x9a/0x350
[ 73.618574][ T5098] ? btrfs_check_nocow_unlock+0x40/0x40
[ 73.624157][ T5098] do_iter_readv_writev+0x330/0x4a0
[ 73.629407][ T5098] ? generic_file_rw_checks+0x260/0x260
[ 73.635016][ T5098] ? fsnotify_perm+0x67/0x5a0
[ 73.639723][ T5098] ? bpf_lsm_file_permission+0x9/0x10
[ 73.645163][ T5098] do_iter_write+0x1f6/0x8d0
[ 73.649796][ T5098] do_pwritev+0x21a/0x360
[ 73.654152][ T5098] ? do_preadv+0x350/0x350
[ 73.658605][ T5098] ? do_notify_parent+0x10c0/0x10c0
[ 73.663927][ T5098] ? lockdep_hardirqs_on_prepare+0x43c/0x780
[ 73.670050][ T5098] ? print_irqtrace_events+0x220/0x220
[ 73.675570][ T5098] ? syscall_enter_from_user_mode+0xa4/0x2d0
[ 73.681580][ T5098] ? syscall_enter_from_user_mode+0xf5/0x2d0
[ 73.687663][ T5098] ? __x64_sys_pwritev2+0xbd/0x100
[ 73.694107][ T5098] do_syscall_64+0x45/0x110
[ 73.698638][ T5098] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 73.704746][ T5098] RIP: 0033:0x7fbb1142c2e9
[ 73.709195][ T5098] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 73.729201][ T5098] RSP: 002b:00007ffcc5e96ae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[ 73.737766][ T5098] RAX: ffffffffffffffda RBX: 00007ffcc5e96b20 RCX: 00007fbb1142c2e9
[ 73.745772][ T5098] RDX: 0000000000000001 RSI: 00000000200026c0 RDI: 0000000000000004
[ 73.753959][ T5098] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000010
[ 73.762116][ T5098] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcc5e96b1c
[ 73.770289][ T5098] R13: 0000000000000002 R14: 431bde82d7b634db R15: 00007ffcc5e96b60
[ 73.778481][ T5098]
[ 73.782094][ T5098] BTRFS error (device loop0): failed to run delayed ref for logical 5267456 num_bytes 4096 type 176 action 2 ref_mod 1: -12
[ 73.796186][ T5098] BTRFS error (device loop0: state A): Transaction aborted (error -12)
[pid 5098] pwritev2(4, [{iov_base="\xc5", iov_len=1}], 1, 0, RWF_APPEND) = -1 ENOMEM (Cannot allocate memory)
[pid 5098] exit_group(0) = ?
[pid 5098] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5098, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=32 /* 0.32 s */} ---
umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[ 73.806974][ T5098] BTRFS: error (device loop0: state A) in btrfs_run_delayed_refs:2226: errno=-12 Out of memory
[ 73.817817][ T5098] BTRFS info (device loop0: state EA): forced readonly
getdents64(3, 0x5555562e86f0 /* 4 entries */, 32768) = 112
umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./2/binderfs") = 0
[ 73.918486][ T5061] BTRFS info (device loop0: state EA): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555562f0730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562f0730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./2/file0") = 0
getdents64(3, 0x5555562e86f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./2") = 0
mkdir("./3", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5115 attached
, child_tidptr=0x5555562e7650) = 5115
[pid 5115] set_robust_list(0x5555562e7660, 24) = 0
[pid 5115] chdir("./3") = 0
[pid 5115] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5115] setpgid(0, 0) = 0
[pid 5115] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5115] write(3, "1000", 4) = 4
[pid 5115] close(3) = 0
[pid 5115] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5115] memfd_create("syzkaller", 0) = 3
[pid 5115] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb08fed000
[pid 5115] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5115] munmap(0x7fbb08fed000, 138412032) = 0
[pid 5115] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5115] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5115] close(3) = 0
[pid 5115] mkdir("./file0", 0777) = 0
[ 74.442645][ T5115] loop0: detected capacity change from 0 to 32768
[ 74.458150][ T5115] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor333 (5115)
[ 74.475997][ T5115] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 74.486348][ T5115] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 74.495231][ T5115] BTRFS info (device loop0): doing ref verification
[ 74.501918][ T5115] BTRFS info (device loop0): force zlib compression, level 3
[ 74.509511][ T5115] BTRFS info (device loop0): using free space tree
[ 74.532404][ T5115] BTRFS info (device loop0): enabling ssd optimizations
[pid 5115] mount("/dev/loop0", "./file0", "btrfs", 0, "commit=0x0000000000000022,noautodefrag,ref_verify,skip_balance,compress-force,") = 0
[pid 5115] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5115] chdir("./file0") = 0
[pid 5115] ioctl(4, LOOP_CLR_FD) = 0
[pid 5115] close(4) = 0
[ 74.539542][ T5115] BTRFS info (device loop0): auto enabling async discard
[pid 5115] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid 5115] fallocate(4, 0, 0, 1048820) = 0
[pid 5115] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5115] write(5, "56", 2) = 2
[ 74.577795][ T28] audit: type=1800 audit(1701700597.839:5): pid=5115 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor333" name="bus" dev="loop0" ino=263 res=0 errno=0
[ 74.608300][ T5115] FAULT_INJECTION: forcing a failure.
[ 74.608300][ T5115] name failslab, interval 1, probability 0, space 0, times 0
[ 74.621871][ T5115] CPU: 1 PID: 5115 Comm: syz-executor333 Not tainted 6.7.0-rc4-syzkaller #0
[ 74.630612][ T5115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 74.640884][ T5115] Call Trace:
[ 74.644224][ T5115]
[ 74.647243][ T5115] dump_stack_lvl+0x1e7/0x2d0
[ 74.651982][ T5115] ? nf_tcp_handle_invalid+0x650/0x650
[ 74.658108][ T5115] ? panic+0x850/0x850
[ 74.662228][ T5115] ? __might_sleep+0xe0/0xe0
[ 74.666879][ T5115] should_fail_ex+0x3aa/0x4e0
[ 74.671712][ T5115] ? add_to_free_space_tree+0xc7/0x2e0
[ 74.677228][ T5115] should_failslab+0x9/0x20
[ 74.681771][ T5115] kmem_cache_alloc+0x6d/0x2b0
[ 74.686826][ T5115] ? btrfs_qgroup_destroy_extent_records+0xb0/0xb0
[ 74.693464][ T5115] add_to_free_space_tree+0xc7/0x2e0
[ 74.699981][ T5115] __btrfs_free_extent+0x1cc4/0x38e0
[ 74.705435][ T5115] ? __btrfs_inc_extent_ref+0x610/0x610
[ 74.711038][ T5115] ? lock_downgrade+0x840/0x8f0
[ 74.715944][ T5115] ? __btrfs_run_delayed_refs+0xa94/0x44d0
[ 74.721811][ T5115] ? __lock_acquire+0x1fd0/0x1fd0
[ 74.727080][ T5115] ? do_raw_spin_unlock+0x13b/0x8b0
[ 74.732437][ T5115] __btrfs_run_delayed_refs+0x13c8/0x44d0
[ 74.738290][ T5115] ? btrfs_run_delayed_refs+0x2c0/0x2c0
[ 74.744178][ T5115] ? __lock_acquire+0x1345/0x1fd0
[ 74.749297][ T5115] ? read_lock_is_recursive+0x20/0x20
[ 74.754747][ T5115] btrfs_run_delayed_refs+0xe3/0x2c0
[ 74.760091][ T5115] btrfs_commit_transaction+0x4ba/0x3740
[ 74.766212][ T5115] ? btrfs_commit_transaction+0x17b/0x3740
[ 74.772876][ T5115] ? btrfs_commit_transaction_async+0x480/0x480
[ 74.779184][ T5115] ? __up_read+0x6a0/0x6a0
[ 74.783613][ T5115] ? dput+0x52/0x470
[ 74.787535][ T5115] btrfs_sync_file+0xf50/0x1330
[ 74.792480][ T5115] ? btrfs_release_file+0x130/0x130
[ 74.797729][ T5115] ? __lock_acquire+0x1fd0/0x1fd0
[ 74.803001][ T5115] ? do_raw_spin_lock+0x14e/0x370
[ 74.808064][ T5115] ? do_raw_spin_unlock+0x13b/0x8b0
[ 74.813409][ T5115] btrfs_do_write_iter+0xbc5/0x1190
[ 74.818656][ T5115] ? mark_lock+0x9a/0x350
[ 74.823134][ T5115] ? btrfs_check_nocow_unlock+0x40/0x40
[ 74.828746][ T5115] do_iter_readv_writev+0x330/0x4a0
[ 74.834061][ T5115] ? generic_file_rw_checks+0x260/0x260
[ 74.839630][ T5115] ? fsnotify_perm+0x67/0x5a0
[ 74.844335][ T5115] ? bpf_lsm_file_permission+0x9/0x10
[ 74.849947][ T5115] do_iter_write+0x1f6/0x8d0
[ 74.854592][ T5115] do_pwritev+0x21a/0x360
[ 74.858953][ T5115] ? do_preadv+0x350/0x350
[ 74.864392][ T5115] ? do_notify_parent+0x10c0/0x10c0
[ 74.870362][ T5115] ? lockdep_hardirqs_on_prepare+0x43c/0x780
[ 74.877706][ T5115] ? print_irqtrace_events+0x220/0x220
[ 74.883284][ T5115] ? syscall_enter_from_user_mode+0xa4/0x2d0
[ 74.889614][ T5115] ? syscall_enter_from_user_mode+0xf5/0x2d0
[ 74.895642][ T5115] ? __x64_sys_pwritev2+0xbd/0x100
[ 74.900791][ T5115] do_syscall_64+0x45/0x110
[ 74.905329][ T5115] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 74.911262][ T5115] RIP: 0033:0x7fbb1142c2e9
[ 74.915695][ T5115] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 74.935937][ T5115] RSP: 002b:00007ffcc5e96ae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[ 74.944452][ T5115] RAX: ffffffffffffffda RBX: 00007ffcc5e96b20 RCX: 00007fbb1142c2e9
[ 74.952631][ T5115] RDX: 0000000000000001 RSI: 00000000200026c0 RDI: 0000000000000004
[ 74.960827][ T5115] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000010
[ 74.969003][ T5115] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcc5e96b1c
[ 74.977195][ T5115] R13: 0000000000000003 R14: 431bde82d7b634db R15: 00007ffcc5e96b60
[ 74.985474][ T5115]
[ 74.989835][ T5115] BTRFS error (device loop0: state A): Transaction aborted (error -12)
[ 74.998356][ T5115] BTRFS: error (device loop0: state A) in add_to_free_space_tree:1057: errno=-12 Out of memory
[ 75.009325][ T5115] BTRFS info (device loop0: state EA): forced readonly
[ 75.016719][ T5115] BTRFS: error (device loop0: state EA) in do_free_extent_accounting:2989: errno=-12 Out of memory
[pid 5115] pwritev2(4, [{iov_base="\xc5", iov_len=1}], 1, 0, RWF_APPEND) = -1 ENOMEM (Cannot allocate memory)
[pid 5115] exit_group(0) = ?
[pid 5115] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5115, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=34 /* 0.34 s */} ---
umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[ 75.028000][ T5115] BTRFS error (device loop0: state EA): failed to run delayed ref for logical 5308416 num_bytes 4096 type 176 action 2 ref_mod 1: -12
[ 75.042179][ T5115] BTRFS: error (device loop0: state EA) in btrfs_run_delayed_refs:2226: errno=-12 Out of memory
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555562e86f0 /* 4 entries */, 32768) = 112
umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./3/binderfs") = 0
[ 75.134970][ T5061] BTRFS info (device loop0: state EA): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555562f0730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562f0730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./3/file0") = 0
getdents64(3, 0x5555562e86f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./3") = 0
mkdir("./4", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5132 attached
, child_tidptr=0x5555562e7650) = 5132
[pid 5132] set_robust_list(0x5555562e7660, 24) = 0
[pid 5132] chdir("./4") = 0
[pid 5132] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5132] setpgid(0, 0) = 0
[pid 5132] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5132] write(3, "1000", 4) = 4
[pid 5132] close(3) = 0
[pid 5132] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5132] memfd_create("syzkaller", 0) = 3
[pid 5132] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb08fed000
[pid 5132] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5132] munmap(0x7fbb08fed000, 138412032) = 0
[pid 5132] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5132] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5132] close(3) = 0
[pid 5132] mkdir("./file0", 0777) = 0
[ 75.698150][ T5132] loop0: detected capacity change from 0 to 32768
[ 75.724906][ T5132] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor333 (5132)
[ 75.741665][ T5132] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 75.753906][ T5132] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 75.762918][ T5132] BTRFS info (device loop0): doing ref verification
[ 75.769674][ T5132] BTRFS info (device loop0): force zlib compression, level 3
[ 75.777080][ T5132] BTRFS info (device loop0): using free space tree
[pid 5132] mount("/dev/loop0", "./file0", "btrfs", 0, "commit=0x0000000000000022,noautodefrag,ref_verify,skip_balance,compress-force,") = 0
[pid 5132] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5132] chdir("./file0") = 0
[pid 5132] ioctl(4, LOOP_CLR_FD) = 0
[pid 5132] close(4) = 0
[pid 5132] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid 5132] fallocate(4, 0, 0, 1048820) = 0
[pid 5132] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[ 75.800859][ T5132] BTRFS info (device loop0): enabling ssd optimizations
[ 75.807900][ T5132] BTRFS info (device loop0): auto enabling async discard
[ 75.828070][ T28] audit: type=1800 audit(1701700599.089:6): pid=5132 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor333" name="bus" dev="loop0" ino=263 res=0 errno=0
[pid 5132] write(5, "56", 2) = 2
[ 75.908067][ T5132] FAULT_INJECTION: forcing a failure.
[ 75.908067][ T5132] name failslab, interval 1, probability 0, space 0, times 0
[ 75.921679][ T5132] CPU: 0 PID: 5132 Comm: syz-executor333 Not tainted 6.7.0-rc4-syzkaller #0
[ 75.930599][ T5132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 75.940874][ T5132] Call Trace:
[ 75.944218][ T5132]
[ 75.947202][ T5132] dump_stack_lvl+0x1e7/0x2d0
[ 75.951954][ T5132] ? nf_tcp_handle_invalid+0x650/0x650
[ 75.957760][ T5132] ? panic+0x850/0x850
[ 75.961980][ T5132] ? _raw_read_unlock+0x28/0x40
[ 75.966892][ T5132] should_fail_ex+0x3aa/0x4e0
[ 75.971678][ T5132] ? __btrfs_free_extent+0x26f/0x38e0
[ 75.977154][ T5132] should_failslab+0x9/0x20
[ 75.981713][ T5132] kmem_cache_alloc+0x6d/0x2b0
[ 75.986715][ T5132] __btrfs_free_extent+0x26f/0x38e0
[ 75.992114][ T5132] ? __btrfs_inc_extent_ref+0x610/0x610
[ 75.997771][ T5132] ? lock_downgrade+0x840/0x8f0
[ 76.002878][ T5132] ? __btrfs_run_delayed_refs+0xa94/0x44d0
[ 76.008753][ T5132] ? __lock_acquire+0x1fd0/0x1fd0
[ 76.013836][ T5132] ? do_raw_read_unlock+0x3c/0x80
[ 76.018926][ T5132] ? _raw_read_unlock+0x28/0x40
[ 76.024045][ T5132] ? do_raw_spin_unlock+0x13b/0x8b0
[ 76.029317][ T5132] __btrfs_run_delayed_refs+0x13c8/0x44d0
[ 76.035205][ T5132] ? btrfs_run_delayed_refs+0x2c0/0x2c0
[ 76.040823][ T5132] ? __lock_acquire+0x1345/0x1fd0
[ 76.046033][ T5132] ? read_lock_is_recursive+0x20/0x20
[ 76.051774][ T5132] btrfs_run_delayed_refs+0xe3/0x2c0
[ 76.057382][ T5132] btrfs_commit_transaction+0x4ba/0x3740
[ 76.063373][ T5132] ? btrfs_commit_transaction+0x17b/0x3740
[ 76.069517][ T5132] ? btrfs_commit_transaction_async+0x480/0x480
[ 76.076026][ T5132] ? __up_read+0x6a0/0x6a0
[ 76.080500][ T5132] ? dput+0x52/0x470
[ 76.084445][ T5132] btrfs_sync_file+0xf50/0x1330
[ 76.089383][ T5132] ? btrfs_release_file+0x130/0x130
[ 76.094913][ T5132] ? __lock_acquire+0x1fd0/0x1fd0
[ 76.099962][ T5132] ? do_raw_spin_lock+0x14e/0x370
[ 76.105014][ T5132] ? do_raw_spin_unlock+0x13b/0x8b0
[ 76.110270][ T5132] btrfs_do_write_iter+0xbc5/0x1190
[ 76.115522][ T5132] ? mark_lock+0x9a/0x350
[ 76.120144][ T5132] ? btrfs_check_nocow_unlock+0x40/0x40
[ 76.125991][ T5132] do_iter_readv_writev+0x330/0x4a0
[ 76.131265][ T5132] ? generic_file_rw_checks+0x260/0x260
[ 76.136981][ T5132] ? fsnotify_perm+0x67/0x5a0
[ 76.141683][ T5132] ? bpf_lsm_file_permission+0x9/0x10
[ 76.147298][ T5132] do_iter_write+0x1f6/0x8d0
[ 76.151945][ T5132] do_pwritev+0x21a/0x360
[ 76.156497][ T5132] ? do_preadv+0x350/0x350
[ 76.161046][ T5132] ? do_notify_parent+0x10c0/0x10c0
[ 76.166268][ T5132] ? lockdep_hardirqs_on_prepare+0x43c/0x780
[ 76.172411][ T5132] ? print_irqtrace_events+0x220/0x220
[ 76.178095][ T5132] ? syscall_enter_from_user_mode+0xa4/0x2d0
[ 76.184160][ T5132] ? syscall_enter_from_user_mode+0xf5/0x2d0
[ 76.190206][ T5132] ? __x64_sys_pwritev2+0xbd/0x100
[ 76.195447][ T5132] do_syscall_64+0x45/0x110
[ 76.199995][ T5132] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 76.205934][ T5132] RIP: 0033:0x7fbb1142c2e9
[ 76.210363][ T5132] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 76.230098][ T5132] RSP: 002b:00007ffcc5e96ae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[ 76.238542][ T5132] RAX: ffffffffffffffda RBX: 00007ffcc5e96b20 RCX: 00007fbb1142c2e9
[ 76.246575][ T5132] RDX: 0000000000000001 RSI: 00000000200026c0 RDI: 0000000000000004
[ 76.254744][ T5132] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000010
[ 76.263041][ T5132] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcc5e96b1c
[ 76.271116][ T5132] R13: 0000000000000004 R14: 431bde82d7b634db R15: 00007ffcc5e96b60
[ 76.279215][ T5132]
[ 76.282779][ T5132] BTRFS error (device loop0): failed to run delayed ref for logical 5308416 num_bytes 4096 type 176 action 2 ref_mod 1: -12
[ 76.296063][ T5132] BTRFS error (device loop0: state A): Transaction aborted (error -12)
[pid 5132] pwritev2(4, [{iov_base="\xc5", iov_len=1}], 1, 0, RWF_APPEND) = -1 ENOMEM (Cannot allocate memory)
[pid 5132] exit_group(0) = ?
[pid 5132] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5132, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=30 /* 0.30 s */} ---
umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555562e86f0 /* 4 entries */, 32768) = 112
[ 76.306668][ T5132] BTRFS: error (device loop0: state A) in btrfs_run_delayed_refs:2226: errno=-12 Out of memory
[ 76.318662][ T5132] BTRFS info (device loop0: state EA): forced readonly
umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./4/binderfs") = 0
[ 76.402500][ T5061] BTRFS info (device loop0: state EA): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555562f0730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562f0730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./4/file0") = 0
getdents64(3, 0x5555562e86f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./4") = 0
mkdir("./5", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5149 attached
, child_tidptr=0x5555562e7650) = 5149
[pid 5149] set_robust_list(0x5555562e7660, 24) = 0
[pid 5149] chdir("./5") = 0
[pid 5149] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5149] setpgid(0, 0) = 0
[pid 5149] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5149] write(3, "1000", 4) = 4
[pid 5149] close(3) = 0
[pid 5149] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5149] memfd_create("syzkaller", 0) = 3
[pid 5149] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb08fed000
[pid 5149] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5149] munmap(0x7fbb08fed000, 138412032) = 0
[pid 5149] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5149] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5149] close(3) = 0
[pid 5149] mkdir("./file0", 0777) = 0
[ 76.886354][ T5149] loop0: detected capacity change from 0 to 32768
[ 76.896488][ T5149] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor333 (5149)
[ 76.915815][ T5149] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 76.926537][ T5149] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 76.935521][ T5149] BTRFS info (device loop0): doing ref verification
[ 76.942280][ T5149] BTRFS info (device loop0): force zlib compression, level 3
[ 76.949852][ T5149] BTRFS info (device loop0): using free space tree
[ 76.974059][ T5149] BTRFS info (device loop0): enabling ssd optimizations
[pid 5149] mount("/dev/loop0", "./file0", "btrfs", 0, "commit=0x0000000000000022,noautodefrag,ref_verify,skip_balance,compress-force,") = 0
[pid 5149] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5149] chdir("./file0") = 0
[pid 5149] ioctl(4, LOOP_CLR_FD) = 0
[pid 5149] close(4) = 0
[ 76.981154][ T5149] BTRFS info (device loop0): auto enabling async discard
[pid 5149] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid 5149] fallocate(4, 0, 0, 1048820) = 0
[pid 5149] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5149] write(5, "56", 2) = 2
[ 77.030478][ T28] audit: type=1800 audit(1701700600.299:7): pid=5149 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor333" name="bus" dev="loop0" ino=263 res=0 errno=0
[ 77.063477][ T5149] FAULT_INJECTION: forcing a failure.
[ 77.063477][ T5149] name failslab, interval 1, probability 0, space 0, times 0
[ 77.076936][ T5149] CPU: 0 PID: 5149 Comm: syz-executor333 Not tainted 6.7.0-rc4-syzkaller #0
[ 77.085685][ T5149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 77.095874][ T5149] Call Trace:
[ 77.099196][ T5149]
[ 77.102167][ T5149] dump_stack_lvl+0x1e7/0x2d0
[ 77.107085][ T5149] ? nf_tcp_handle_invalid+0x650/0x650
[ 77.112613][ T5149] ? panic+0x850/0x850
[ 77.117086][ T5149] ? __might_sleep+0xe0/0xe0
[ 77.121746][ T5149] should_fail_ex+0x3aa/0x4e0
[ 77.126490][ T5149] ? add_to_free_space_tree+0xc7/0x2e0
[ 77.132051][ T5149] should_failslab+0x9/0x20
[ 77.136604][ T5149] kmem_cache_alloc+0x6d/0x2b0
[ 77.141511][ T5149] ? btrfs_qgroup_destroy_extent_records+0xb0/0xb0
[ 77.148162][ T5149] add_to_free_space_tree+0xc7/0x2e0
[ 77.153515][ T5149] __btrfs_free_extent+0x1cc4/0x38e0
[ 77.158863][ T5149] ? __btrfs_inc_extent_ref+0x610/0x610
[ 77.164430][ T5149] ? lock_downgrade+0x840/0x8f0
[ 77.169300][ T5149] ? __btrfs_run_delayed_refs+0xa94/0x44d0
[ 77.175141][ T5149] ? __lock_acquire+0x1fd0/0x1fd0
[ 77.180207][ T5149] ? do_raw_spin_unlock+0x13b/0x8b0
[ 77.185436][ T5149] __btrfs_run_delayed_refs+0x13c8/0x44d0
[ 77.191231][ T5149] ? btrfs_run_delayed_refs+0x2c0/0x2c0
[ 77.196796][ T5149] ? __lock_acquire+0x1345/0x1fd0
[ 77.201885][ T5149] ? read_lock_is_recursive+0x20/0x20
[ 77.207314][ T5149] btrfs_run_delayed_refs+0xe3/0x2c0
[ 77.212652][ T5149] btrfs_commit_transaction+0x4ba/0x3740
[ 77.218848][ T5149] ? btrfs_commit_transaction+0x17b/0x3740
[ 77.224701][ T5149] ? btrfs_commit_transaction_async+0x480/0x480
[ 77.230999][ T5149] ? __up_read+0x6a0/0x6a0
[ 77.235425][ T5149] ? dput+0x52/0x470
[ 77.239354][ T5149] btrfs_sync_file+0xf50/0x1330
[ 77.244254][ T5149] ? btrfs_release_file+0x130/0x130
[ 77.249502][ T5149] ? __lock_acquire+0x1fd0/0x1fd0
[ 77.254885][ T5149] ? do_raw_spin_lock+0x14e/0x370
[ 77.259943][ T5149] ? do_raw_spin_unlock+0x13b/0x8b0
[ 77.265168][ T5149] btrfs_do_write_iter+0xbc5/0x1190
[ 77.270405][ T5149] ? mark_lock+0x9a/0x350
[ 77.274789][ T5149] ? btrfs_check_nocow_unlock+0x40/0x40
[ 77.280385][ T5149] do_iter_readv_writev+0x330/0x4a0
[ 77.285716][ T5149] ? generic_file_rw_checks+0x260/0x260
[ 77.291308][ T5149] ? fsnotify_perm+0x67/0x5a0
[ 77.296004][ T5149] ? bpf_lsm_file_permission+0x9/0x10
[ 77.301404][ T5149] do_iter_write+0x1f6/0x8d0
[ 77.306052][ T5149] do_pwritev+0x21a/0x360
[ 77.310435][ T5149] ? do_preadv+0x350/0x350
[ 77.314897][ T5149] ? do_notify_parent+0x10c0/0x10c0
[ 77.320222][ T5149] ? lockdep_hardirqs_on_prepare+0x43c/0x780
[ 77.326241][ T5149] ? print_irqtrace_events+0x220/0x220
[ 77.331741][ T5149] ? syscall_enter_from_user_mode+0xa4/0x2d0
[ 77.337741][ T5149] ? syscall_enter_from_user_mode+0xf5/0x2d0
[ 77.344000][ T5149] ? __x64_sys_pwritev2+0xbd/0x100
[ 77.349144][ T5149] do_syscall_64+0x45/0x110
[ 77.353670][ T5149] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 77.359586][ T5149] RIP: 0033:0x7fbb1142c2e9
[ 77.364016][ T5149] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 77.383748][ T5149] RSP: 002b:00007ffcc5e96ae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[ 77.392197][ T5149] RAX: ffffffffffffffda RBX: 00007ffcc5e96b20 RCX: 00007fbb1142c2e9
[ 77.400273][ T5149] RDX: 0000000000000001 RSI: 00000000200026c0 RDI: 0000000000000004
[ 77.408257][ T5149] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000010
[ 77.416250][ T5149] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcc5e96b1c
[ 77.424262][ T5149] R13: 0000000000000005 R14: 431bde82d7b634db R15: 00007ffcc5e96b60
[ 77.432267][ T5149]
[ 77.445192][ T5149] BTRFS error (device loop0: state A): Transaction aborted (error -12)
[ 77.454134][ T5149] BTRFS: error (device loop0: state A) in add_to_free_space_tree:1057: errno=-12 Out of memory
[ 77.467497][ T5149] BTRFS info (device loop0: state EA): forced readonly
[pid 5149] pwritev2(4, [{iov_base="\xc5", iov_len=1}], 1, 0, RWF_APPEND) = -1 ENOMEM (Cannot allocate memory)
[pid 5149] exit_group(0) = ?
[pid 5149] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5149, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=33 /* 0.33 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 77.475302][ T5149] BTRFS: error (device loop0: state EA) in do_free_extent_accounting:2989: errno=-12 Out of memory
[ 77.486866][ T5149] BTRFS error (device loop0: state EA): failed to run delayed ref for logical 5308416 num_bytes 4096 type 176 action 2 ref_mod 1: -12
[ 77.500805][ T5149] BTRFS: error (device loop0: state EA) in btrfs_run_delayed_refs:2226: errno=-12 Out of memory
openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555562e86f0 /* 4 entries */, 32768) = 112
umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./5/binderfs") = 0
[ 77.603060][ T5061] BTRFS info (device loop0: state EA): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555562f0730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562f0730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./5/file0") = 0
getdents64(3, 0x5555562e86f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./5") = 0
mkdir("./6", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5166 attached
, child_tidptr=0x5555562e7650) = 5166
[pid 5166] set_robust_list(0x5555562e7660, 24) = 0
[pid 5166] chdir("./6") = 0
[pid 5166] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5166] setpgid(0, 0) = 0
[pid 5166] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5166] write(3, "1000", 4) = 4
[pid 5166] close(3) = 0
[pid 5166] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5166] memfd_create("syzkaller", 0) = 3
[pid 5166] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb08fed000
[pid 5166] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5166] munmap(0x7fbb08fed000, 138412032) = 0
[pid 5166] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5166] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5166] close(3) = 0
[pid 5166] mkdir("./file0", 0777) = 0
[ 78.137071][ T5166] loop0: detected capacity change from 0 to 32768
[ 78.157794][ T5166] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor333 (5166)
[ 78.174983][ T5166] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 78.185499][ T5166] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 78.194300][ T5166] BTRFS info (device loop0): doing ref verification
[ 78.200973][ T5166] BTRFS info (device loop0): force zlib compression, level 3
[ 78.208378][ T5166] BTRFS info (device loop0): using free space tree
[ 78.230423][ T5166] BTRFS info (device loop0): enabling ssd optimizations
[pid 5166] mount("/dev/loop0", "./file0", "btrfs", 0, "commit=0x0000000000000022,noautodefrag,ref_verify,skip_balance,compress-force,") = 0
[pid 5166] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5166] chdir("./file0") = 0
[pid 5166] ioctl(4, LOOP_CLR_FD) = 0
[pid 5166] close(4) = 0
[pid 5166] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid 5166] fallocate(4, 0, 0, 1048820) = 0
[pid 5166] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5166] write(5, "56", 2) = 2
[ 78.237431][ T5166] BTRFS info (device loop0): auto enabling async discard
[ 78.261916][ T28] audit: type=1800 audit(1701700601.529:8): pid=5166 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor333" name="bus" dev="loop0" ino=263 res=0 errno=0
[ 78.329403][ T5166] FAULT_INJECTION: forcing a failure.
[ 78.329403][ T5166] name failslab, interval 1, probability 0, space 0, times 0
[ 78.342471][ T5166] CPU: 1 PID: 5166 Comm: syz-executor333 Not tainted 6.7.0-rc4-syzkaller #0
[ 78.352159][ T5166] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 78.363317][ T5166] Call Trace:
[ 78.366648][ T5166]
[ 78.369605][ T5166] dump_stack_lvl+0x1e7/0x2d0
[ 78.374435][ T5166] ? nf_tcp_handle_invalid+0x650/0x650
[ 78.380017][ T5166] ? panic+0x850/0x850
[ 78.384142][ T5166] ? __might_sleep+0xe0/0xe0
[ 78.388785][ T5166] should_fail_ex+0x3aa/0x4e0
[ 78.393497][ T5166] ? alloc_extent_state+0x25/0x2e0
[ 78.398637][ T5166] should_failslab+0x9/0x20
[ 78.403172][ T5166] kmem_cache_alloc+0x6d/0x2b0
[ 78.407986][ T5166] alloc_extent_state+0x25/0x2e0
[ 78.413001][ T5166] __set_extent_bit+0x1c8/0x1b00
[ 78.417983][ T5166] ? btrfs_update_block_group+0x62f/0xa90
[ 78.423739][ T5166] ? trace_btrfs_space_reservation+0x9a/0x220
[ 78.429832][ T5166] set_extent_bit+0x3b/0x50
[ 78.434366][ T5166] btrfs_update_block_group+0x66e/0xa90
[ 78.439990][ T5166] __btrfs_free_extent+0x1cec/0x38e0
[ 78.445375][ T5166] ? __btrfs_inc_extent_ref+0x610/0x610
[ 78.452259][ T5166] ? lock_downgrade+0x840/0x8f0
[ 78.457134][ T5166] ? __btrfs_run_delayed_refs+0xa94/0x44d0
[ 78.462968][ T5166] ? __lock_acquire+0x1fd0/0x1fd0
[ 78.468089][ T5166] ? do_raw_spin_unlock+0x13b/0x8b0
[ 78.473313][ T5166] __btrfs_run_delayed_refs+0x13c8/0x44d0
[ 78.479120][ T5166] ? btrfs_run_delayed_refs+0x2c0/0x2c0
[ 78.484813][ T5166] ? __lock_acquire+0x1345/0x1fd0
[ 78.489904][ T5166] ? read_lock_is_recursive+0x20/0x20
[ 78.495344][ T5166] btrfs_run_delayed_refs+0xe3/0x2c0
[ 78.500674][ T5166] btrfs_commit_transaction+0x4ba/0x3740
[ 78.506346][ T5166] ? btrfs_commit_transaction+0x17b/0x3740
[ 78.512289][ T5166] ? btrfs_commit_transaction_async+0x480/0x480
[ 78.518594][ T5166] ? __up_read+0x6a0/0x6a0
[ 78.523466][ T5166] ? dput+0x52/0x470
[ 78.527390][ T5166] btrfs_sync_file+0xf50/0x1330
[ 78.532366][ T5166] ? btrfs_release_file+0x130/0x130
[ 78.537599][ T5166] ? __lock_acquire+0x1fd0/0x1fd0
[ 78.542669][ T5166] ? do_raw_spin_lock+0x14e/0x370
[ 78.547834][ T5166] ? do_raw_spin_unlock+0x13b/0x8b0
[ 78.553124][ T5166] btrfs_do_write_iter+0xbc5/0x1190
[ 78.558358][ T5166] ? mark_lock+0x9a/0x350
[ 78.562727][ T5166] ? btrfs_check_nocow_unlock+0x40/0x40
[ 78.568324][ T5166] do_iter_readv_writev+0x330/0x4a0
[ 78.573580][ T5166] ? generic_file_rw_checks+0x260/0x260
[ 78.579175][ T5166] ? fsnotify_perm+0x67/0x5a0
[ 78.583895][ T5166] ? bpf_lsm_file_permission+0x9/0x10
[ 78.589301][ T5166] do_iter_write+0x1f6/0x8d0
[ 78.593951][ T5166] do_pwritev+0x21a/0x360
[ 78.598325][ T5166] ? do_preadv+0x350/0x350
[ 78.602788][ T5166] ? do_notify_parent+0x10c0/0x10c0
[ 78.608127][ T5166] ? lockdep_hardirqs_on_prepare+0x43c/0x780
[ 78.614133][ T5166] ? print_irqtrace_events+0x220/0x220
[ 78.619702][ T5166] ? syscall_enter_from_user_mode+0xa4/0x2d0
[ 78.625707][ T5166] ? syscall_enter_from_user_mode+0xf5/0x2d0
[ 78.631710][ T5166] ? __x64_sys_pwritev2+0xbd/0x100
[ 78.636848][ T5166] do_syscall_64+0x45/0x110
[ 78.641375][ T5166] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 78.647321][ T5166] RIP: 0033:0x7fbb1142c2e9
[ 78.651752][ T5166] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 78.671476][ T5166] RSP: 002b:00007ffcc5e96ae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[pid 5166] pwritev2(4, [{iov_base="\xc5", iov_len=1}], 1, 0, RWF_APPEND) = 1
[ 78.679923][ T5166] RAX: ffffffffffffffda RBX: 00007ffcc5e96b20 RCX: 00007fbb1142c2e9
[ 78.688033][ T5166] RDX: 0000000000000001 RSI: 00000000200026c0 RDI: 0000000000000004
[ 78.696029][ T5166] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000010
[ 78.704018][ T5166] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcc5e96b1c
[ 78.712008][ T5166] R13: 0000000000000006 R14: 431bde82d7b634db R15: 00007ffcc5e96b60
[ 78.720117][ T5166]
[pid 5166] exit_group(0) = ?
[pid 5166] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5166, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=30 /* 0.30 s */} ---
umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555562e86f0 /* 4 entries */, 32768) = 112
umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./6/binderfs") = 0
[ 78.816378][ T5061] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555562f0730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562f0730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./6/file0") = 0
getdents64(3, 0x5555562e86f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./6") = 0
mkdir("./7", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5183 attached
, child_tidptr=0x5555562e7650) = 5183
[pid 5183] set_robust_list(0x5555562e7660, 24) = 0
[pid 5183] chdir("./7") = 0
[pid 5183] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5183] setpgid(0, 0) = 0
[pid 5183] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5183] write(3, "1000", 4) = 4
[pid 5183] close(3) = 0
[pid 5183] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5183] memfd_create("syzkaller", 0) = 3
[pid 5183] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb08fed000
[pid 5183] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5183] munmap(0x7fbb08fed000, 138412032) = 0
[pid 5183] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5183] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5183] close(3) = 0
[pid 5183] mkdir("./file0", 0777) = 0
[ 79.313647][ T5183] loop0: detected capacity change from 0 to 32768
[ 79.337979][ T5183] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor333 (5183)
[ 79.353824][ T5183] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 79.364107][ T5183] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 79.372937][ T5183] BTRFS info (device loop0): doing ref verification
[ 79.379696][ T5183] BTRFS info (device loop0): force zlib compression, level 3
[ 79.387137][ T5183] BTRFS info (device loop0): using free space tree
[pid 5183] mount("/dev/loop0", "./file0", "btrfs", 0, "commit=0x0000000000000022,noautodefrag,ref_verify,skip_balance,compress-force,") = 0
[pid 5183] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5183] chdir("./file0") = 0
[pid 5183] ioctl(4, LOOP_CLR_FD) = 0
[pid 5183] close(4) = 0
[ 79.409581][ T5183] BTRFS info (device loop0): enabling ssd optimizations
[ 79.416601][ T5183] BTRFS info (device loop0): auto enabling async discard
[pid 5183] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid 5183] fallocate(4, 0, 0, 1048820) = 0
[pid 5183] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5183] write(5, "56", 2) = 2
[ 79.461765][ T28] audit: type=1800 audit(1701700602.729:9): pid=5183 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor333" name="bus" dev="loop0" ino=263 res=0 errno=0
[ 79.527706][ T5183] FAULT_INJECTION: forcing a failure.
[ 79.527706][ T5183] name failslab, interval 1, probability 0, space 0, times 0
[ 79.541148][ T5183] CPU: 1 PID: 5183 Comm: syz-executor333 Not tainted 6.7.0-rc4-syzkaller #0
[ 79.549880][ T5183] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 79.560112][ T5183] Call Trace:
[ 79.563461][ T5183]
[ 79.566426][ T5183] dump_stack_lvl+0x1e7/0x2d0
[ 79.571167][ T5183] ? nf_tcp_handle_invalid+0x650/0x650
[ 79.576864][ T5183] ? panic+0x850/0x850
[ 79.580988][ T5183] ? __might_sleep+0xe0/0xe0
[ 79.585734][ T5183] should_fail_ex+0x3aa/0x4e0
[ 79.590509][ T5183] ? add_to_free_space_tree+0xc7/0x2e0
[ 79.596021][ T5183] should_failslab+0x9/0x20
[ 79.600565][ T5183] kmem_cache_alloc+0x6d/0x2b0
[ 79.605380][ T5183] ? btrfs_qgroup_destroy_extent_records+0xb0/0xb0
[ 79.611942][ T5183] add_to_free_space_tree+0xc7/0x2e0
[ 79.617289][ T5183] __btrfs_free_extent+0x1cc4/0x38e0
[ 79.622648][ T5183] ? __btrfs_inc_extent_ref+0x610/0x610
[ 79.628236][ T5183] ? lock_downgrade+0x840/0x8f0
[ 79.633109][ T5183] ? __btrfs_run_delayed_refs+0xa94/0x44d0
[ 79.638964][ T5183] ? __lock_acquire+0x1fd0/0x1fd0
[ 79.644028][ T5183] ? do_raw_spin_unlock+0x13b/0x8b0
[ 79.649265][ T5183] __btrfs_run_delayed_refs+0x13c8/0x44d0
[ 79.655155][ T5183] ? btrfs_run_delayed_refs+0x2c0/0x2c0
[ 79.660816][ T5183] ? __lock_acquire+0x1345/0x1fd0
[ 79.666242][ T5183] ? read_lock_is_recursive+0x20/0x20
[ 79.671659][ T5183] btrfs_run_delayed_refs+0xe3/0x2c0
[ 79.677150][ T5183] btrfs_commit_transaction+0x4ba/0x3740
[ 79.682915][ T5183] ? btrfs_commit_transaction+0x17b/0x3740
[ 79.688765][ T5183] ? btrfs_commit_transaction_async+0x480/0x480
[ 79.695060][ T5183] ? __up_read+0x6a0/0x6a0
[ 79.699588][ T5183] ? dput+0x52/0x470
[ 79.703515][ T5183] btrfs_sync_file+0xf50/0x1330
[ 79.708413][ T5183] ? btrfs_release_file+0x130/0x130
[ 79.713932][ T5183] ? __lock_acquire+0x1fd0/0x1fd0
[ 79.718970][ T5183] ? do_raw_spin_lock+0x14e/0x370
[ 79.724029][ T5183] ? do_raw_spin_unlock+0x13b/0x8b0
[ 79.729249][ T5183] btrfs_do_write_iter+0xbc5/0x1190
[ 79.734481][ T5183] ? mark_lock+0x9a/0x350
[ 79.738842][ T5183] ? btrfs_check_nocow_unlock+0x40/0x40
[ 79.744451][ T5183] do_iter_readv_writev+0x330/0x4a0
[ 79.749683][ T5183] ? generic_file_rw_checks+0x260/0x260
[ 79.755261][ T5183] ? fsnotify_perm+0x67/0x5a0
[ 79.760056][ T5183] ? bpf_lsm_file_permission+0x9/0x10
[ 79.765453][ T5183] do_iter_write+0x1f6/0x8d0
[ 79.770089][ T5183] do_pwritev+0x21a/0x360
[ 79.774464][ T5183] ? do_preadv+0x350/0x350
[ 79.778911][ T5183] ? do_notify_parent+0x10c0/0x10c0
[ 79.784487][ T5183] ? lockdep_hardirqs_on_prepare+0x43c/0x780
[ 79.790574][ T5183] ? print_irqtrace_events+0x220/0x220
[ 79.796052][ T5183] ? syscall_enter_from_user_mode+0xa4/0x2d0
[ 79.802053][ T5183] ? syscall_enter_from_user_mode+0xf5/0x2d0
[ 79.808133][ T5183] ? __x64_sys_pwritev2+0xbd/0x100
[ 79.813276][ T5183] do_syscall_64+0x45/0x110
[ 79.817988][ T5183] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 79.823910][ T5183] RIP: 0033:0x7fbb1142c2e9
[ 79.828365][ T5183] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 79.847992][ T5183] RSP: 002b:00007ffcc5e96ae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[ 79.856510][ T5183] RAX: ffffffffffffffda RBX: 00007ffcc5e96b20 RCX: 00007fbb1142c2e9
[ 79.865302][ T5183] RDX: 0000000000000001 RSI: 00000000200026c0 RDI: 0000000000000004
[ 79.873298][ T5183] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000010
[ 79.881566][ T5183] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcc5e96b1c
[ 79.889912][ T5183] R13: 0000000000000007 R14: 431bde82d7b634db R15: 00007ffcc5e96b60
[ 79.897984][ T5183]
[ 79.901737][ T5183] BTRFS error (device loop0: state A): Transaction aborted (error -12)
[ 79.912701][ T5183] BTRFS: error (device loop0: state A) in add_to_free_space_tree:1057: errno=-12 Out of memory
[pid 5183] pwritev2(4, [{iov_base="\xc5", iov_len=1}], 1, 0, RWF_APPEND) = -1 ENOMEM (Cannot allocate memory)
[pid 5183] exit_group(0) = ?
[pid 5183] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5183, si_uid=0, si_status=0, si_utime=0, si_stime=35 /* 0.35 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
[ 79.923149][ T5183] BTRFS info (device loop0: state EA): forced readonly
[ 79.930359][ T5183] BTRFS: error (device loop0: state EA) in do_free_extent_accounting:2989: errno=-12 Out of memory
[ 79.941142][ T5183] BTRFS error (device loop0: state EA): failed to run delayed ref for logical 5267456 num_bytes 4096 type 176 action 2 ref_mod 1: -12
[ 79.955024][ T5183] BTRFS: error (device loop0: state EA) in btrfs_run_delayed_refs:2226: errno=-12 Out of memory
umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555562e86f0 /* 4 entries */, 32768) = 112
umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./7/binderfs") = 0
[ 80.043709][ T5061] BTRFS info (device loop0: state EA): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555562f0730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562f0730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./7/file0") = 0
getdents64(3, 0x5555562e86f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./7") = 0
mkdir("./8", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5200 attached
[pid 5200] set_robust_list(0x5555562e7660, 24) = 0
[pid 5200] chdir("./8") = 0
[pid 5200] prctl(PR_SET_PDEATHSIG, SIGKILL
[pid 5061] <... clone resumed>, child_tidptr=0x5555562e7650) = 5200
[pid 5200] <... prctl resumed>) = 0
[pid 5200] setpgid(0, 0) = 0
[pid 5200] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5200] write(3, "1000", 4) = 4
[pid 5200] close(3) = 0
[pid 5200] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5200] memfd_create("syzkaller", 0) = 3
[pid 5200] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb08fed000
[pid 5200] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5200] munmap(0x7fbb08fed000, 138412032) = 0
[pid 5200] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5200] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5200] close(3) = 0
[pid 5200] mkdir("./file0", 0777) = 0
[ 80.479346][ T5200] loop0: detected capacity change from 0 to 32768
[ 80.504605][ T5200] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor333 (5200)
[ 80.521534][ T5200] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 80.531753][ T5200] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 80.540530][ T5200] BTRFS info (device loop0): doing ref verification
[ 80.547179][ T5200] BTRFS info (device loop0): force zlib compression, level 3
[ 80.554830][ T5200] BTRFS info (device loop0): using free space tree
[pid 5200] mount("/dev/loop0", "./file0", "btrfs", 0, "commit=0x0000000000000022,noautodefrag,ref_verify,skip_balance,compress-force,") = 0
[pid 5200] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5200] chdir("./file0") = 0
[pid 5200] ioctl(4, LOOP_CLR_FD) = 0
[pid 5200] close(4) = 0
[ 80.577601][ T5200] BTRFS info (device loop0): enabling ssd optimizations
[ 80.584803][ T5200] BTRFS info (device loop0): auto enabling async discard
[pid 5200] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid 5200] fallocate(4, 0, 0, 1048820) = 0
[pid 5200] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5200] write(5, "56", 2) = 2
[ 80.619006][ T28] audit: type=1800 audit(1701700603.879:10): pid=5200 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor333" name="bus" dev="loop0" ino=263 res=0 errno=0
[ 80.654070][ T5200] FAULT_INJECTION: forcing a failure.
[ 80.654070][ T5200] name failslab, interval 1, probability 0, space 0, times 0
[ 80.667681][ T5200] CPU: 1 PID: 5200 Comm: syz-executor333 Not tainted 6.7.0-rc4-syzkaller #0
[ 80.676408][ T5200] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 80.686529][ T5200] Call Trace:
[ 80.689840][ T5200]
[ 80.692816][ T5200] dump_stack_lvl+0x1e7/0x2d0
[ 80.697560][ T5200] ? nf_tcp_handle_invalid+0x650/0x650
[ 80.703115][ T5200] ? panic+0x850/0x850
[ 80.707578][ T5200] ? __might_sleep+0xe0/0xe0
[ 80.712227][ T5200] should_fail_ex+0x3aa/0x4e0
[ 80.716961][ T5200] ? add_to_free_space_tree+0xc7/0x2e0
[ 80.722472][ T5200] should_failslab+0x9/0x20
[ 80.727017][ T5200] kmem_cache_alloc+0x6d/0x2b0
[ 80.731919][ T5200] ? btrfs_qgroup_destroy_extent_records+0xb0/0xb0
[ 80.738472][ T5200] add_to_free_space_tree+0xc7/0x2e0
[ 80.743822][ T5200] __btrfs_free_extent+0x1cc4/0x38e0
[ 80.749179][ T5200] ? __btrfs_inc_extent_ref+0x610/0x610
[ 80.754773][ T5200] ? lock_downgrade+0x840/0x8f0
[ 80.759668][ T5200] ? __btrfs_run_delayed_refs+0xa94/0x44d0
[ 80.765529][ T5200] ? __lock_acquire+0x1fd0/0x1fd0
[ 80.770603][ T5200] ? do_raw_spin_unlock+0x13b/0x8b0
[ 80.775833][ T5200] __btrfs_run_delayed_refs+0x13c8/0x44d0
[ 80.781632][ T5200] ? btrfs_run_delayed_refs+0x2c0/0x2c0
[ 80.787200][ T5200] ? __lock_acquire+0x1345/0x1fd0
[ 80.792299][ T5200] ? read_lock_is_recursive+0x20/0x20
[ 80.797704][ T5200] btrfs_run_delayed_refs+0xe3/0x2c0
[ 80.803198][ T5200] btrfs_commit_transaction+0x4ba/0x3740
[ 80.808858][ T5200] ? btrfs_commit_transaction+0x17b/0x3740
[ 80.814701][ T5200] ? btrfs_commit_transaction_async+0x480/0x480
[ 80.820999][ T5200] ? __up_read+0x6a0/0x6a0
[ 80.825427][ T5200] ? dput+0x52/0x470
[ 80.829350][ T5200] btrfs_sync_file+0xf50/0x1330
[ 80.834236][ T5200] ? btrfs_release_file+0x130/0x130
[ 80.839459][ T5200] ? __lock_acquire+0x1fd0/0x1fd0
[ 80.844533][ T5200] ? do_raw_spin_lock+0x14e/0x370
[ 80.849584][ T5200] ? do_raw_spin_unlock+0x13b/0x8b0
[ 80.854808][ T5200] btrfs_do_write_iter+0xbc5/0x1190
[ 80.860023][ T5200] ? mark_lock+0x9a/0x350
[ 80.864418][ T5200] ? btrfs_check_nocow_unlock+0x40/0x40
[ 80.870128][ T5200] do_iter_readv_writev+0x330/0x4a0
[ 80.875721][ T5200] ? generic_file_rw_checks+0x260/0x260
[ 80.881562][ T5200] ? fsnotify_perm+0x67/0x5a0
[ 80.886272][ T5200] ? bpf_lsm_file_permission+0x9/0x10
[ 80.891858][ T5200] do_iter_write+0x1f6/0x8d0
[ 80.896485][ T5200] do_pwritev+0x21a/0x360
[ 80.900860][ T5200] ? do_preadv+0x350/0x350
[ 80.905313][ T5200] ? do_notify_parent+0x10c0/0x10c0
[ 80.910528][ T5200] ? lockdep_hardirqs_on_prepare+0x43c/0x780
[ 80.916529][ T5200] ? print_irqtrace_events+0x220/0x220
[ 80.922034][ T5200] ? syscall_enter_from_user_mode+0xa4/0x2d0
[ 80.928042][ T5200] ? syscall_enter_from_user_mode+0xf5/0x2d0
[ 80.934038][ T5200] ? __x64_sys_pwritev2+0xbd/0x100
[ 80.939259][ T5200] do_syscall_64+0x45/0x110
[ 80.943782][ T5200] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 80.949699][ T5200] RIP: 0033:0x7fbb1142c2e9
[ 80.954130][ T5200] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 80.973750][ T5200] RSP: 002b:00007ffcc5e96ae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[ 80.982264][ T5200] RAX: ffffffffffffffda RBX: 00007ffcc5e96b20 RCX: 00007fbb1142c2e9
[ 80.990250][ T5200] RDX: 0000000000000001 RSI: 00000000200026c0 RDI: 0000000000000004
[ 80.998228][ T5200] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000010
[ 81.006209][ T5200] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcc5e96b1c
[ 81.014277][ T5200] R13: 0000000000000008 R14: 431bde82d7b634db R15: 00007ffcc5e96b60
[ 81.022282][ T5200]
[ 81.029282][ T5200] BTRFS error (device loop0: state A): Transaction aborted (error -12)
[ 81.046659][ T5200] BTRFS: error (device loop0: state A) in add_to_free_space_tree:1057: errno=-12 Out of memory
[ 81.059526][ T5200] BTRFS info (device loop0: state EA): forced readonly
[ 81.066931][ T5200] BTRFS: error (device loop0: state EA) in do_free_extent_accounting:2989: errno=-12 Out of memory
[pid 5200] pwritev2(4, [{iov_base="\xc5", iov_len=1}], 1, 0, RWF_APPEND) = -1 ENOMEM (Cannot allocate memory)
[pid 5200] exit_group(0) = ?
[pid 5200] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5200, si_uid=0, si_status=0, si_utime=0, si_stime=32 /* 0.32 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555562e86f0 /* 4 entries */, 32768) = 112
[ 81.078402][ T5200] BTRFS error (device loop0: state EA): failed to run delayed ref for logical 5308416 num_bytes 4096 type 176 action 2 ref_mod 1: -12
[ 81.092412][ T5200] BTRFS: error (device loop0: state EA) in btrfs_run_delayed_refs:2226: errno=-12 Out of memory
umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./8/binderfs") = 0
[ 81.166207][ T5061] BTRFS info (device loop0: state EA): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555562f0730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562f0730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./8/file0") = 0
getdents64(3, 0x5555562e86f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./8") = 0
mkdir("./9", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5217 attached
, child_tidptr=0x5555562e7650) = 5217
[pid 5217] set_robust_list(0x5555562e7660, 24) = 0
[pid 5217] chdir("./9") = 0
[pid 5217] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5217] setpgid(0, 0) = 0
[pid 5217] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5217] write(3, "1000", 4) = 4
[pid 5217] close(3) = 0
[pid 5217] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5217] memfd_create("syzkaller", 0) = 3
[pid 5217] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb08fed000
[pid 5217] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5217] munmap(0x7fbb08fed000, 138412032) = 0
[pid 5217] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5217] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5217] close(3) = 0
[pid 5217] mkdir("./file0", 0777) = 0
[ 81.621885][ T5217] loop0: detected capacity change from 0 to 32768
[ 81.641119][ T5217] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor333 (5217)
[ 81.657987][ T5217] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 81.668287][ T5217] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 81.677086][ T5217] BTRFS info (device loop0): doing ref verification
[ 81.683879][ T5217] BTRFS info (device loop0): force zlib compression, level 3
[ 81.691328][ T5217] BTRFS info (device loop0): using free space tree
[ 81.715450][ T5217] BTRFS info (device loop0): enabling ssd optimizations
[pid 5217] mount("/dev/loop0", "./file0", "btrfs", 0, "commit=0x0000000000000022,noautodefrag,ref_verify,skip_balance,compress-force,") = 0
[pid 5217] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5217] chdir("./file0") = 0
[pid 5217] ioctl(4, LOOP_CLR_FD) = 0
[pid 5217] close(4) = 0
[ 81.722574][ T5217] BTRFS info (device loop0): auto enabling async discard
[pid 5217] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid 5217] fallocate(4, 0, 0, 1048820) = 0
[pid 5217] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5217] write(5, "56", 2) = 2
[ 81.783417][ T28] audit: type=1800 audit(1701700605.049:11): pid=5217 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor333" name="bus" dev="loop0" ino=263 res=0 errno=0
[ 81.834025][ T5217] FAULT_INJECTION: forcing a failure.
[ 81.834025][ T5217] name failslab, interval 1, probability 0, space 0, times 0
[ 81.850761][ T5217] CPU: 0 PID: 5217 Comm: syz-executor333 Not tainted 6.7.0-rc4-syzkaller #0
[ 81.859500][ T5217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 81.869601][ T5217] Call Trace:
[ 81.872922][ T5217]
[ 81.875932][ T5217] dump_stack_lvl+0x1e7/0x2d0
[ 81.880674][ T5217] ? nf_tcp_handle_invalid+0x650/0x650
[ 81.886180][ T5217] ? panic+0x850/0x850
[ 81.890295][ T5217] ? __might_sleep+0xe0/0xe0
[ 81.894946][ T5217] should_fail_ex+0x3aa/0x4e0
[ 81.899680][ T5217] ? btrfs_ref_tree_mod+0x264/0x1590
[ 81.904999][ T5217] should_failslab+0x9/0x20
[ 81.909534][ T5217] __kmem_cache_alloc_node+0x6d/0x300
[ 81.914956][ T5217] ? btrfs_ref_tree_mod+0x264/0x1590
[ 81.920359][ T5217] kmalloc_trace+0x2a/0x60
[ 81.924900][ T5217] btrfs_ref_tree_mod+0x264/0x1590
[ 81.930056][ T5217] ? btrfs_alloc_tree_block+0x118a/0x1700
[ 81.935921][ T5217] btrfs_free_tree_block+0x3a7/0xd90
[ 81.941270][ T5217] ? unpin_extent_range+0xcc0/0xcc0
[ 81.946508][ T5217] ? btrfs_tree_mod_log_insert_root+0xa4/0xa10
[ 81.952700][ T5217] ? __write_extent_buffer+0x331/0x410
[ 81.958206][ T5217] btrfs_force_cow_block+0xf37/0x1b70
[ 81.963674][ T5217] ? btrfs_block_can_be_shared+0x360/0x360
[ 81.969505][ T5217] ? btrfs_qgroup_add_swapped_blocks+0x980/0x990
[ 81.975868][ T5217] ? clear_nonspinnable+0x60/0x60
[ 81.980919][ T5217] btrfs_cow_block+0x35e/0xa20
[ 81.985735][ T5217] btrfs_search_slot+0xbdd/0x30c0
[ 81.991144][ T5217] ? __stack_depot_save+0x20/0x650
[ 81.996285][ T5217] ? btrfs_find_item+0x5c0/0x5c0
[ 82.001421][ T5217] ? btrfs_extent_root+0x2a1/0x3b0
[ 82.006911][ T5217] ? btrfs_sync_file+0xf50/0x1330
[ 82.011962][ T5217] ? btrfs_do_write_iter+0xbc5/0x1190
[ 82.017356][ T5217] ? btrfs_csum_root+0x3b0/0x3b0
[ 82.022587][ T5217] lookup_inline_extent_backref+0x409/0x1650
[ 82.028643][ T5217] ? insert_extent_data_ref+0xa30/0xa30
[ 82.034218][ T5217] ? __kasan_slab_alloc+0x66/0x70
[ 82.039543][ T5217] ? __btrfs_free_extent+0x26f/0x38e0
[ 82.044935][ T5217] ? __btrfs_free_extent+0x26f/0x38e0
[ 82.050773][ T5217] ? trace_kmem_cache_alloc+0x1f/0x90
[ 82.056223][ T5217] __btrfs_free_extent+0x2fb/0x38e0
[ 82.061463][ T5217] ? __btrfs_inc_extent_ref+0x610/0x610
[ 82.067026][ T5217] ? lock_downgrade+0x840/0x8f0
[ 82.071913][ T5217] ? __btrfs_run_delayed_refs+0xa94/0x44d0
[ 82.077792][ T5217] ? __lock_acquire+0x1fd0/0x1fd0
[ 82.082836][ T5217] ? do_raw_read_unlock+0x3c/0x80
[ 82.087884][ T5217] ? _raw_read_unlock+0x28/0x40
[ 82.092797][ T5217] ? do_raw_spin_unlock+0x13b/0x8b0
[ 82.098022][ T5217] __btrfs_run_delayed_refs+0x13c8/0x44d0
[ 82.103801][ T5217] ? look_up_lock_class+0x77/0x160
[ 82.108958][ T5217] ? mark_lock+0x9a/0x350
[ 82.113324][ T5217] ? btrfs_run_delayed_refs+0x2c0/0x2c0
[ 82.118904][ T5217] ? __lock_acquire+0x1345/0x1fd0
[ 82.123981][ T5217] ? read_lock_is_recursive+0x20/0x20
[ 82.129424][ T5217] btrfs_run_delayed_refs+0xe3/0x2c0
[ 82.134764][ T5217] btrfs_commit_transaction+0x4ba/0x3740
[ 82.140689][ T5217] ? btrfs_commit_transaction+0x17b/0x3740
[ 82.146568][ T5217] ? btrfs_commit_transaction_async+0x480/0x480
[ 82.152872][ T5217] ? __up_read+0x6a0/0x6a0
[ 82.157314][ T5217] ? dput+0x52/0x470
[ 82.161242][ T5217] btrfs_sync_file+0xf50/0x1330
[ 82.166150][ T5217] ? btrfs_release_file+0x130/0x130
[ 82.171378][ T5217] ? __lock_acquire+0x1fd0/0x1fd0
[ 82.176419][ T5217] ? do_raw_spin_lock+0x14e/0x370
[ 82.181486][ T5217] ? do_raw_spin_unlock+0x13b/0x8b0
[ 82.186825][ T5217] btrfs_do_write_iter+0xbc5/0x1190
[ 82.192043][ T5217] ? mark_lock+0x9a/0x350
[ 82.196411][ T5217] ? btrfs_check_nocow_unlock+0x40/0x40
[ 82.202027][ T5217] do_iter_readv_writev+0x330/0x4a0
[ 82.207370][ T5217] ? generic_file_rw_checks+0x260/0x260
[ 82.212981][ T5217] ? fsnotify_perm+0x67/0x5a0
[ 82.217704][ T5217] ? bpf_lsm_file_permission+0x9/0x10
[ 82.223398][ T5217] do_iter_write+0x1f6/0x8d0
[ 82.228043][ T5217] do_pwritev+0x21a/0x360
[ 82.232486][ T5217] ? do_preadv+0x350/0x350
[ 82.236964][ T5217] ? do_notify_parent+0x10c0/0x10c0
[ 82.242185][ T5217] ? lockdep_hardirqs_on_prepare+0x43c/0x780
[ 82.248190][ T5217] ? print_irqtrace_events+0x220/0x220
[ 82.253698][ T5217] ? syscall_enter_from_user_mode+0xa4/0x2d0
[ 82.259701][ T5217] ? syscall_enter_from_user_mode+0xf5/0x2d0
[ 82.265699][ T5217] ? __x64_sys_pwritev2+0xbd/0x100
[ 82.270841][ T5217] do_syscall_64+0x45/0x110
[ 82.275541][ T5217] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 82.281726][ T5217] RIP: 0033:0x7fbb1142c2e9
[ 82.286243][ T5217] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 82.305951][ T5217] RSP: 002b:00007ffcc5e96ae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[ 82.314384][ T5217] RAX: ffffffffffffffda RBX: 00007ffcc5e96b20 RCX: 00007fbb1142c2e9
[ 82.322550][ T5217] RDX: 0000000000000001 RSI: 00000000200026c0 RDI: 0000000000000004
[pid 5217] pwritev2(4, [{iov_base="\xc5", iov_len=1}], 1, 0, RWF_APPEND) = 1
[pid 5217] exit_group(0) = ?
[pid 5217] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5217, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=29 /* 0.29 s */} ---
[ 82.330635][ T5217] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000010
[ 82.338627][ T5217] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcc5e96b1c
[ 82.346627][ T5217] R13: 0000000000000009 R14: 431bde82d7b634db R15: 00007ffcc5e96b60
[ 82.354627][ T5217]
umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555562e86f0 /* 4 entries */, 32768) = 112
umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./9/binderfs") = 0
[ 82.407480][ T5061] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555562f0730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562f0730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./9/file0") = 0
getdents64(3, 0x5555562e86f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./9") = 0
mkdir("./10", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5235 attached
, child_tidptr=0x5555562e7650) = 5235
[pid 5235] set_robust_list(0x5555562e7660, 24) = 0
[pid 5235] chdir("./10") = 0
[pid 5235] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5235] setpgid(0, 0) = 0
[pid 5235] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5235] write(3, "1000", 4) = 4
[pid 5235] close(3) = 0
[pid 5235] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5235] memfd_create("syzkaller", 0) = 3
[pid 5235] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb08fed000
[pid 5235] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5235] munmap(0x7fbb08fed000, 138412032) = 0
[pid 5235] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5235] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5235] close(3) = 0
[pid 5235] mkdir("./file0", 0777) = 0
[ 82.931982][ T5235] loop0: detected capacity change from 0 to 32768
[ 82.947866][ T5235] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor333 (5235)
[ 82.965420][ T5235] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 82.975692][ T5235] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 82.984511][ T5235] BTRFS info (device loop0): doing ref verification
[ 82.991195][ T5235] BTRFS info (device loop0): force zlib compression, level 3
[ 82.998748][ T5235] BTRFS info (device loop0): using free space tree
[pid 5235] mount("/dev/loop0", "./file0", "btrfs", 0, "commit=0x0000000000000022,noautodefrag,ref_verify,skip_balance,compress-force,") = 0
[pid 5235] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5235] chdir("./file0") = 0
[pid 5235] ioctl(4, LOOP_CLR_FD) = 0
[pid 5235] close(4) = 0
[pid 5235] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid 5235] fallocate(4, 0, 0, 1048820) = 0
[pid 5235] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5235] write(5, "56", 2) = 2
[ 83.022672][ T5235] BTRFS info (device loop0): enabling ssd optimizations
[ 83.029796][ T5235] BTRFS info (device loop0): auto enabling async discard
[ 83.050957][ T28] audit: type=1800 audit(1701700606.319:12): pid=5235 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor333" name="bus" dev="loop0" ino=263 res=0 errno=0
[ 83.085515][ T5235] FAULT_INJECTION: forcing a failure.
[ 83.085515][ T5235] name failslab, interval 1, probability 0, space 0, times 0
[ 83.098375][ T5235] CPU: 0 PID: 5235 Comm: syz-executor333 Not tainted 6.7.0-rc4-syzkaller #0
[ 83.107093][ T5235] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 83.117193][ T5235] Call Trace:
[ 83.120548][ T5235]
[ 83.123491][ T5235] dump_stack_lvl+0x1e7/0x2d0
[ 83.128195][ T5235] ? nf_tcp_handle_invalid+0x650/0x650
[ 83.134512][ T5235] ? panic+0x850/0x850
[ 83.138602][ T5235] ? _raw_read_unlock+0x28/0x40
[ 83.143494][ T5235] should_fail_ex+0x3aa/0x4e0
[ 83.148203][ T5235] ? __btrfs_free_extent+0x26f/0x38e0
[ 83.153598][ T5235] should_failslab+0x9/0x20
[ 83.158115][ T5235] kmem_cache_alloc+0x6d/0x2b0
[ 83.163022][ T5235] __btrfs_free_extent+0x26f/0x38e0
[ 83.168549][ T5235] ? __btrfs_inc_extent_ref+0x610/0x610
[ 83.174222][ T5235] ? lock_downgrade+0x840/0x8f0
[ 83.179206][ T5235] ? __btrfs_run_delayed_refs+0xa94/0x44d0
[ 83.185054][ T5235] ? __lock_acquire+0x1fd0/0x1fd0
[ 83.190097][ T5235] ? do_raw_read_unlock+0x3c/0x80
[ 83.195162][ T5235] ? _raw_read_unlock+0x28/0x40
[ 83.200035][ T5235] ? do_raw_spin_unlock+0x13b/0x8b0
[ 83.205447][ T5235] __btrfs_run_delayed_refs+0x13c8/0x44d0
[ 83.211250][ T5235] ? btrfs_run_delayed_refs+0x2c0/0x2c0
[ 83.217016][ T5235] ? __lock_acquire+0x1345/0x1fd0
[ 83.222105][ T5235] ? read_lock_is_recursive+0x20/0x20
[ 83.227511][ T5235] btrfs_run_delayed_refs+0xe3/0x2c0
[ 83.232914][ T5235] btrfs_commit_transaction+0x4ba/0x3740
[ 83.238582][ T5235] ? btrfs_commit_transaction+0x17b/0x3740
[ 83.244437][ T5235] ? btrfs_commit_transaction_async+0x480/0x480
[ 83.250854][ T5235] ? __up_read+0x6a0/0x6a0
[ 83.255368][ T5235] ? dput+0x52/0x470
[ 83.259318][ T5235] btrfs_sync_file+0xf50/0x1330
[ 83.264324][ T5235] ? btrfs_release_file+0x130/0x130
[ 83.269585][ T5235] ? __lock_acquire+0x1fd0/0x1fd0
[ 83.274712][ T5235] ? do_raw_spin_lock+0x14e/0x370
[ 83.279786][ T5235] ? do_raw_spin_unlock+0x13b/0x8b0
[ 83.285116][ T5235] btrfs_do_write_iter+0xbc5/0x1190
[ 83.290372][ T5235] ? mark_lock+0x9a/0x350
[ 83.294849][ T5235] ? btrfs_check_nocow_unlock+0x40/0x40
[ 83.300528][ T5235] do_iter_readv_writev+0x330/0x4a0
[ 83.305785][ T5235] ? generic_file_rw_checks+0x260/0x260
[ 83.311384][ T5235] ? fsnotify_perm+0x67/0x5a0
[ 83.316088][ T5235] ? bpf_lsm_file_permission+0x9/0x10
[ 83.321577][ T5235] do_iter_write+0x1f6/0x8d0
[ 83.326319][ T5235] do_pwritev+0x21a/0x360
[ 83.330680][ T5235] ? do_preadv+0x350/0x350
[ 83.336446][ T5235] ? do_notify_parent+0x10c0/0x10c0
[ 83.341664][ T5235] ? lockdep_hardirqs_on_prepare+0x43c/0x780
[ 83.347780][ T5235] ? print_irqtrace_events+0x220/0x220
[ 83.353300][ T5235] ? syscall_enter_from_user_mode+0xa4/0x2d0
[ 83.359322][ T5235] ? syscall_enter_from_user_mode+0xf5/0x2d0
[ 83.365329][ T5235] ? __x64_sys_pwritev2+0xbd/0x100
[ 83.370470][ T5235] do_syscall_64+0x45/0x110
[ 83.375172][ T5235] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 83.381112][ T5235] RIP: 0033:0x7fbb1142c2e9
[ 83.385563][ T5235] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 83.405211][ T5235] RSP: 002b:00007ffcc5e96ae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[ 83.413994][ T5235] RAX: ffffffffffffffda RBX: 00007ffcc5e96b20 RCX: 00007fbb1142c2e9
[ 83.421982][ T5235] RDX: 0000000000000001 RSI: 00000000200026c0 RDI: 0000000000000004
[ 83.429987][ T5235] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000010
[ 83.438056][ T5235] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcc5e96b1c
[ 83.446044][ T5235] R13: 000000000000000a R14: 431bde82d7b634db R15: 00007ffcc5e96b60
[ 83.454046][ T5235]
[ 83.468841][ T5235] BTRFS error (device loop0): failed to run delayed ref for logical 5308416 num_bytes 4096 type 176 action 2 ref_mod 1: -12
[pid 5235] pwritev2(4, [{iov_base="\xc5", iov_len=1}], 1, 0, RWF_APPEND) = -1 ENOMEM (Cannot allocate memory)
[pid 5235] exit_group(0) = ?
[pid 5235] +++ exited with 0 +++
[ 83.482369][ T5235] BTRFS error (device loop0: state A): Transaction aborted (error -12)
[ 83.491812][ T5235] BTRFS: error (device loop0: state A) in btrfs_run_delayed_refs:2226: errno=-12 Out of memory
[ 83.502914][ T5235] BTRFS info (device loop0: state EA): forced readonly
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5235, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=35 /* 0.35 s */} ---
umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555562e86f0 /* 4 entries */, 32768) = 112
umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./10/binderfs") = 0
[ 83.625648][ T5061] BTRFS info (device loop0: state EA): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555562f0730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562f0730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./10/file0") = 0
getdents64(3, 0x5555562e86f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./10") = 0
mkdir("./11", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5252 attached
, child_tidptr=0x5555562e7650) = 5252
[pid 5252] set_robust_list(0x5555562e7660, 24) = 0
[pid 5252] chdir("./11") = 0
[pid 5252] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5252] setpgid(0, 0) = 0
[pid 5252] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5252] write(3, "1000", 4) = 4
[pid 5252] close(3) = 0
[pid 5252] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5252] memfd_create("syzkaller", 0) = 3
[pid 5252] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb08fed000
[pid 5252] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5252] munmap(0x7fbb08fed000, 138412032) = 0
[pid 5252] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5252] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5252] close(3) = 0
[pid 5252] mkdir("./file0", 0777) = 0
[ 84.088095][ T5252] loop0: detected capacity change from 0 to 32768
[ 84.103125][ T5252] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor333 (5252)
[ 84.120554][ T5252] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 84.131252][ T5252] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 84.140173][ T5252] BTRFS info (device loop0): doing ref verification
[ 84.147086][ T5252] BTRFS info (device loop0): force zlib compression, level 3
[ 84.155018][ T5252] BTRFS info (device loop0): using free space tree
[ 84.177068][ T5252] BTRFS info (device loop0): enabling ssd optimizations
[pid 5252] mount("/dev/loop0", "./file0", "btrfs", 0, "commit=0x0000000000000022,noautodefrag,ref_verify,skip_balance,compress-force,") = 0
[pid 5252] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5252] chdir("./file0") = 0
[pid 5252] ioctl(4, LOOP_CLR_FD) = 0
[ 84.184410][ T5252] BTRFS info (device loop0): auto enabling async discard
[pid 5252] close(4) = 0
[pid 5252] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid 5252] fallocate(4, 0, 0, 1048820) = 0
[pid 5252] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5252] write(5, "56", 2) = 2
[ 84.237922][ T28] audit: type=1800 audit(1701700607.499:13): pid=5252 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor333" name="bus" dev="loop0" ino=263 res=0 errno=0
[ 84.299458][ T5252] FAULT_INJECTION: forcing a failure.
[ 84.299458][ T5252] name failslab, interval 1, probability 0, space 0, times 0
[ 84.330378][ T5252] CPU: 0 PID: 5252 Comm: syz-executor333 Not tainted 6.7.0-rc4-syzkaller #0
[ 84.339130][ T5252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 84.349331][ T5252] Call Trace:
[ 84.352652][ T5252]
[ 84.355648][ T5252] dump_stack_lvl+0x1e7/0x2d0
[ 84.360393][ T5252] ? nf_tcp_handle_invalid+0x650/0x650
[ 84.366002][ T5252] ? panic+0x850/0x850
[ 84.370122][ T5252] ? __might_sleep+0xe0/0xe0
[ 84.374782][ T5252] should_fail_ex+0x3aa/0x4e0
[ 84.379604][ T5252] ? alloc_extent_state+0x25/0x2e0
[ 84.384772][ T5252] should_failslab+0x9/0x20
[ 84.389366][ T5252] kmem_cache_alloc+0x6d/0x2b0
[ 84.394278][ T5252] alloc_extent_state+0x25/0x2e0
[ 84.399288][ T5252] __set_extent_bit+0x1c8/0x1b00
[ 84.404287][ T5252] ? btrfs_update_block_group+0x62f/0xa90
[ 84.410067][ T5252] ? trace_btrfs_space_reservation+0x9a/0x220
[ 84.416200][ T5252] set_extent_bit+0x3b/0x50
[ 84.420790][ T5252] btrfs_update_block_group+0x66e/0xa90
[ 84.426412][ T5252] __btrfs_free_extent+0x1cec/0x38e0
[ 84.431946][ T5252] ? __btrfs_inc_extent_ref+0x610/0x610
[ 84.437553][ T5252] ? lock_downgrade+0x840/0x8f0
[ 84.443075][ T5252] ? __btrfs_run_delayed_refs+0xa94/0x44d0
[ 84.449045][ T5252] ? __lock_acquire+0x1fd0/0x1fd0
[ 84.454230][ T5252] ? do_raw_spin_unlock+0x13b/0x8b0
[ 84.459740][ T5252] __btrfs_run_delayed_refs+0x13c8/0x44d0
[ 84.465545][ T5252] ? btrfs_run_delayed_refs+0x2c0/0x2c0
[ 84.471147][ T5252] ? __lock_acquire+0x1345/0x1fd0
[ 84.476393][ T5252] ? read_lock_is_recursive+0x20/0x20
[ 84.482167][ T5252] btrfs_run_delayed_refs+0xe3/0x2c0
[ 84.487853][ T5252] btrfs_commit_transaction+0x4ba/0x3740
[ 84.493516][ T5252] ? btrfs_commit_transaction+0x17b/0x3740
[ 84.499364][ T5252] ? btrfs_commit_transaction_async+0x480/0x480
[ 84.505790][ T5252] ? __up_read+0x6a0/0x6a0
[ 84.510416][ T5252] ? dput+0x52/0x470
[ 84.514400][ T5252] btrfs_sync_file+0xf50/0x1330
[ 84.519399][ T5252] ? btrfs_release_file+0x130/0x130
[ 84.524657][ T5252] ? __lock_acquire+0x1fd0/0x1fd0
[ 84.529727][ T5252] ? do_raw_spin_lock+0x14e/0x370
[ 84.534835][ T5252] ? do_raw_spin_unlock+0x13b/0x8b0
[ 84.540252][ T5252] btrfs_do_write_iter+0xbc5/0x1190
[ 84.545488][ T5252] ? mark_lock+0x9a/0x350
[ 84.550198][ T5252] ? btrfs_check_nocow_unlock+0x40/0x40
[ 84.555772][ T5252] do_iter_readv_writev+0x330/0x4a0
[ 84.561009][ T5252] ? generic_file_rw_checks+0x260/0x260
[ 84.566847][ T5252] ? fsnotify_perm+0x67/0x5a0
[ 84.571567][ T5252] ? bpf_lsm_file_permission+0x9/0x10
[ 84.576968][ T5252] do_iter_write+0x1f6/0x8d0
[ 84.581607][ T5252] do_pwritev+0x21a/0x360
[ 84.585965][ T5252] ? do_preadv+0x350/0x350
[ 84.590418][ T5252] ? do_notify_parent+0x10c0/0x10c0
[ 84.595987][ T5252] ? lockdep_hardirqs_on_prepare+0x43c/0x780
[ 84.602057][ T5252] ? print_irqtrace_events+0x220/0x220
[ 84.607634][ T5252] ? syscall_enter_from_user_mode+0xa4/0x2d0
[ 84.613631][ T5252] ? syscall_enter_from_user_mode+0xf5/0x2d0
[ 84.619658][ T5252] ? __x64_sys_pwritev2+0xbd/0x100
[ 84.624790][ T5252] do_syscall_64+0x45/0x110
[ 84.629582][ T5252] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 84.635578][ T5252] RIP: 0033:0x7fbb1142c2e9
[ 84.640006][ T5252] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 84.659829][ T5252] RSP: 002b:00007ffcc5e96ae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[ 84.668266][ T5252] RAX: ffffffffffffffda RBX: 00007ffcc5e96b20 RCX: 00007fbb1142c2e9
[ 84.676285][ T5252] RDX: 0000000000000001 RSI: 00000000200026c0 RDI: 0000000000000004
[ 84.684414][ T5252] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000010
[ 84.692518][ T5252] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcc5e96b1c
[pid 5252] pwritev2(4, [{iov_base="\xc5", iov_len=1}], 1, 0, RWF_APPEND) = 1
[pid 5252] exit_group(0) = ?
[pid 5252] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5252, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=29 /* 0.29 s */} ---
umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555562e86f0 /* 4 entries */, 32768) = 112
umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[ 84.700521][ T5252] R13: 000000000000000b R14: 431bde82d7b634db R15: 00007ffcc5e96b60
[ 84.708637][ T5252]
unlink("./11/binderfs") = 0
[ 84.774133][ T5061] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555562f0730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562f0730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./11/file0") = 0
getdents64(3, 0x5555562e86f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./11") = 0
mkdir("./12", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5269 attached
, child_tidptr=0x5555562e7650) = 5269
[pid 5269] set_robust_list(0x5555562e7660, 24) = 0
[pid 5269] chdir("./12") = 0
[pid 5269] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5269] setpgid(0, 0) = 0
[pid 5269] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5269] write(3, "1000", 4) = 4
[pid 5269] close(3) = 0
[pid 5269] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5269] memfd_create("syzkaller", 0) = 3
[pid 5269] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb08fed000
[pid 5269] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5269] munmap(0x7fbb08fed000, 138412032) = 0
[pid 5269] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5269] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5269] close(3) = 0
[pid 5269] mkdir("./file0", 0777) = 0
[ 85.252899][ T5269] loop0: detected capacity change from 0 to 32768
[ 85.279773][ T5269] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor333 (5269)
[ 85.297609][ T5269] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 85.307901][ T5269] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 85.316846][ T5269] BTRFS info (device loop0): doing ref verification
[ 85.323529][ T5269] BTRFS info (device loop0): force zlib compression, level 3
[ 85.331251][ T5269] BTRFS info (device loop0): using free space tree
[pid 5269] mount("/dev/loop0", "./file0", "btrfs", 0, "commit=0x0000000000000022,noautodefrag,ref_verify,skip_balance,compress-force,") = 0
[pid 5269] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5269] chdir("./file0") = 0
[pid 5269] ioctl(4, LOOP_CLR_FD) = 0
[pid 5269] close(4) = 0
[pid 5269] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[ 85.354772][ T5269] BTRFS info (device loop0): enabling ssd optimizations
[ 85.361838][ T5269] BTRFS info (device loop0): auto enabling async discard
[pid 5269] fallocate(4, 0, 0, 1048820) = 0
[pid 5269] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5269] write(5, "56", 2) = 2
[ 85.412780][ T28] audit: type=1800 audit(1701700608.679:14): pid=5269 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor333" name="bus" dev="loop0" ino=263 res=0 errno=0
[ 85.443938][ T5269] FAULT_INJECTION: forcing a failure.
[ 85.443938][ T5269] name failslab, interval 1, probability 0, space 0, times 0
[ 85.457363][ T5269] CPU: 0 PID: 5269 Comm: syz-executor333 Not tainted 6.7.0-rc4-syzkaller #0
[ 85.466093][ T5269] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 85.476217][ T5269] Call Trace:
[ 85.479561][ T5269]
[ 85.482536][ T5269] dump_stack_lvl+0x1e7/0x2d0
[ 85.487272][ T5269] ? nf_tcp_handle_invalid+0x650/0x650
[ 85.492795][ T5269] ? panic+0x850/0x850
[ 85.496916][ T5269] ? _raw_read_unlock+0x28/0x40
[ 85.502868][ T5269] should_fail_ex+0x3aa/0x4e0
[ 85.507618][ T5269] ? __btrfs_free_extent+0x26f/0x38e0
[ 85.513035][ T5269] should_failslab+0x9/0x20
[ 85.517583][ T5269] kmem_cache_alloc+0x6d/0x2b0
[ 85.522405][ T5269] __btrfs_free_extent+0x26f/0x38e0
[ 85.528034][ T5269] ? __btrfs_inc_extent_ref+0x610/0x610
[ 85.533632][ T5269] ? lock_downgrade+0x840/0x8f0
[ 85.538540][ T5269] ? __btrfs_run_delayed_refs+0xa94/0x44d0
[ 85.544409][ T5269] ? __lock_acquire+0x1fd0/0x1fd0
[ 85.549572][ T5269] ? do_raw_read_unlock+0x3c/0x80
[ 85.554748][ T5269] ? _raw_read_unlock+0x28/0x40
[ 85.559835][ T5269] ? do_raw_spin_unlock+0x13b/0x8b0
[ 85.565107][ T5269] __btrfs_run_delayed_refs+0x13c8/0x44d0
[ 85.571229][ T5269] ? btrfs_run_delayed_refs+0x2c0/0x2c0
[ 85.577632][ T5269] ? __lock_acquire+0x1345/0x1fd0
[ 85.584881][ T5269] ? read_lock_is_recursive+0x20/0x20
[ 85.590494][ T5269] btrfs_run_delayed_refs+0xe3/0x2c0
[ 85.596006][ T5269] btrfs_commit_transaction+0x4ba/0x3740
[ 85.602102][ T5269] ? btrfs_commit_transaction+0x17b/0x3740
[ 85.609698][ T5269] ? btrfs_commit_transaction_async+0x480/0x480
[ 85.615996][ T5269] ? __up_read+0x6a0/0x6a0
[ 85.620456][ T5269] ? dput+0x52/0x470
[ 85.624609][ T5269] btrfs_sync_file+0xf50/0x1330
[ 85.630484][ T5269] ? btrfs_release_file+0x130/0x130
[ 85.635742][ T5269] ? __lock_acquire+0x1fd0/0x1fd0
[ 85.640805][ T5269] ? do_raw_spin_lock+0x14e/0x370
[ 85.645902][ T5269] ? do_raw_spin_unlock+0x13b/0x8b0
[ 85.651152][ T5269] btrfs_do_write_iter+0xbc5/0x1190
[ 85.656385][ T5269] ? mark_lock+0x9a/0x350
[ 85.660851][ T5269] ? btrfs_check_nocow_unlock+0x40/0x40
[ 85.666423][ T5269] do_iter_readv_writev+0x330/0x4a0
[ 85.671655][ T5269] ? generic_file_rw_checks+0x260/0x260
[ 85.677240][ T5269] ? fsnotify_perm+0x67/0x5a0
[ 85.681925][ T5269] ? bpf_lsm_file_permission+0x9/0x10
[ 85.687323][ T5269] do_iter_write+0x1f6/0x8d0
[ 85.692650][ T5269] do_pwritev+0x21a/0x360
[ 85.697206][ T5269] ? do_preadv+0x350/0x350
[ 85.701688][ T5269] ? do_notify_parent+0x10c0/0x10c0
[ 85.707009][ T5269] ? lockdep_hardirqs_on_prepare+0x43c/0x780
[ 85.713028][ T5269] ? print_irqtrace_events+0x220/0x220
[ 85.718508][ T5269] ? syscall_enter_from_user_mode+0xa4/0x2d0
[ 85.724531][ T5269] ? syscall_enter_from_user_mode+0xf5/0x2d0
[ 85.730531][ T5269] ? __x64_sys_pwritev2+0xbd/0x100
[ 85.735663][ T5269] do_syscall_64+0x45/0x110
[ 85.740193][ T5269] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 85.746140][ T5269] RIP: 0033:0x7fbb1142c2e9
[ 85.750581][ T5269] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 85.770207][ T5269] RSP: 002b:00007ffcc5e96ae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[ 85.778898][ T5269] RAX: ffffffffffffffda RBX: 00007ffcc5e96b20 RCX: 00007fbb1142c2e9
[ 85.786984][ T5269] RDX: 0000000000000001 RSI: 00000000200026c0 RDI: 0000000000000004
[ 85.795064][ T5269] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000010
[ 85.803043][ T5269] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcc5e96b1c
[ 85.811018][ T5269] R13: 000000000000000c R14: 431bde82d7b634db R15: 00007ffcc5e96b60
[ 85.819359][ T5269]
[ 85.828758][ T5269] BTRFS error (device loop0): failed to run delayed ref for logical 5308416 num_bytes 4096 type 176 action 2 ref_mod 1: -12
[ 85.842929][ T5269] BTRFS error (device loop0: state A): Transaction aborted (error -12)
[ 85.854089][ T5269] BTRFS: error (device loop0: state A) in btrfs_run_delayed_refs:2226: errno=-12 Out of memory
[pid 5269] pwritev2(4, [{iov_base="\xc5", iov_len=1}], 1, 0, RWF_APPEND) = -1 ENOMEM (Cannot allocate memory)
[pid 5269] exit_group(0) = ?
[pid 5269] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5269, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=32 /* 0.32 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555562e86f0 /* 4 entries */, 32768) = 112
umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./12/binderfs") = 0
[ 85.865418][ T5269] BTRFS info (device loop0: state EA): forced readonly
[ 85.915761][ T5061] BTRFS info (device loop0: state EA): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555562f0730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562f0730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./12/file0") = 0
getdents64(3, 0x5555562e86f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./12") = 0
mkdir("./13", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5286 attached
[pid 5286] set_robust_list(0x5555562e7660, 24) = 0
[pid 5286] chdir("./13") = 0
[pid 5061] <... clone resumed>, child_tidptr=0x5555562e7650) = 5286
[pid 5286] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5286] setpgid(0, 0) = 0
[pid 5286] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5286] write(3, "1000", 4) = 4
[pid 5286] close(3) = 0
[pid 5286] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5286] memfd_create("syzkaller", 0) = 3
[pid 5286] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb08fed000
[pid 5286] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5286] munmap(0x7fbb08fed000, 138412032) = 0
[pid 5286] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5286] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5286] close(3) = 0
[pid 5286] mkdir("./file0", 0777) = 0
[ 86.382591][ T5286] loop0: detected capacity change from 0 to 32768
[ 86.409122][ T5286] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor333 (5286)
[ 86.425344][ T5286] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 86.435709][ T5286] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 86.444530][ T5286] BTRFS info (device loop0): doing ref verification
[ 86.451211][ T5286] BTRFS info (device loop0): force zlib compression, level 3
[ 86.458690][ T5286] BTRFS info (device loop0): using free space tree
[pid 5286] mount("/dev/loop0", "./file0", "btrfs", 0, "commit=0x0000000000000022,noautodefrag,ref_verify,skip_balance,compress-force,") = 0
[pid 5286] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5286] chdir("./file0") = 0
[pid 5286] ioctl(4, LOOP_CLR_FD) = 0
[pid 5286] close(4) = 0
[pid 5286] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[ 86.480735][ T5286] BTRFS info (device loop0): enabling ssd optimizations
[ 86.487910][ T5286] BTRFS info (device loop0): auto enabling async discard
[pid 5286] fallocate(4, 0, 0, 1048820) = 0
[pid 5286] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5286] write(5, "56", 2) = 2
[ 86.515720][ T28] audit: type=1800 audit(1701700609.779:15): pid=5286 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor333" name="bus" dev="loop0" ino=263 res=0 errno=0
[ 86.567076][ T5286] FAULT_INJECTION: forcing a failure.
[ 86.567076][ T5286] name failslab, interval 1, probability 0, space 0, times 0
[ 86.580627][ T5286] CPU: 0 PID: 5286 Comm: syz-executor333 Not tainted 6.7.0-rc4-syzkaller #0
[ 86.589361][ T5286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 86.599476][ T5286] Call Trace:
[ 86.602804][ T5286]
[ 86.605789][ T5286] dump_stack_lvl+0x1e7/0x2d0
[ 86.610618][ T5286] ? nf_tcp_handle_invalid+0x650/0x650
[ 86.616135][ T5286] ? panic+0x850/0x850
[ 86.620243][ T5286] ? __might_sleep+0xe0/0xe0
[ 86.624947][ T5286] should_fail_ex+0x3aa/0x4e0
[ 86.629821][ T5286] ? add_to_free_space_tree+0xc7/0x2e0
[ 86.635301][ T5286] should_failslab+0x9/0x20
[ 86.639903][ T5286] kmem_cache_alloc+0x6d/0x2b0
[ 86.644685][ T5286] ? btrfs_qgroup_destroy_extent_records+0xb0/0xb0
[ 86.651206][ T5286] add_to_free_space_tree+0xc7/0x2e0
[ 86.656535][ T5286] __btrfs_free_extent+0x1cc4/0x38e0
[ 86.661881][ T5286] ? __btrfs_inc_extent_ref+0x610/0x610
[ 86.667441][ T5286] ? lock_downgrade+0x840/0x8f0
[ 86.672394][ T5286] ? __btrfs_run_delayed_refs+0xa94/0x44d0
[ 86.678320][ T5286] ? __lock_acquire+0x1fd0/0x1fd0
[ 86.683458][ T5286] ? do_raw_spin_unlock+0x13b/0x8b0
[ 86.688704][ T5286] __btrfs_run_delayed_refs+0x13c8/0x44d0
[ 86.694501][ T5286] ? btrfs_run_delayed_refs+0x2c0/0x2c0
[ 86.700070][ T5286] ? __lock_acquire+0x1345/0x1fd0
[ 86.705136][ T5286] ? read_lock_is_recursive+0x20/0x20
[ 86.710540][ T5286] btrfs_run_delayed_refs+0xe3/0x2c0
[ 86.715857][ T5286] btrfs_commit_transaction+0x4ba/0x3740
[ 86.721516][ T5286] ? btrfs_commit_transaction+0x17b/0x3740
[ 86.727363][ T5286] ? btrfs_commit_transaction_async+0x480/0x480
[ 86.733656][ T5286] ? __up_read+0x6a0/0x6a0
[ 86.738081][ T5286] ? dput+0x52/0x470
[ 86.742013][ T5286] btrfs_sync_file+0xf50/0x1330
[ 86.746913][ T5286] ? btrfs_release_file+0x130/0x130
[ 86.752144][ T5286] ? __lock_acquire+0x1fd0/0x1fd0
[ 86.757268][ T5286] ? do_raw_spin_lock+0x14e/0x370
[ 86.762333][ T5286] ? do_raw_spin_unlock+0x13b/0x8b0
[ 86.767579][ T5286] btrfs_do_write_iter+0xbc5/0x1190
[ 86.772811][ T5286] ? mark_lock+0x9a/0x350
[ 86.777265][ T5286] ? btrfs_check_nocow_unlock+0x40/0x40
[ 86.782923][ T5286] do_iter_readv_writev+0x330/0x4a0
[ 86.788167][ T5286] ? generic_file_rw_checks+0x260/0x260
[ 86.793769][ T5286] ? fsnotify_perm+0x67/0x5a0
[ 86.798486][ T5286] ? bpf_lsm_file_permission+0x9/0x10
[ 86.803883][ T5286] do_iter_write+0x1f6/0x8d0
[ 86.808508][ T5286] do_pwritev+0x21a/0x360
[ 86.812872][ T5286] ? do_preadv+0x350/0x350
[ 86.817341][ T5286] ? do_notify_parent+0x10c0/0x10c0
[ 86.822564][ T5286] ? lockdep_hardirqs_on_prepare+0x43c/0x780
[ 86.828576][ T5286] ? print_irqtrace_events+0x220/0x220
[ 86.834105][ T5286] ? syscall_enter_from_user_mode+0xa4/0x2d0
[ 86.841062][ T5286] ? syscall_enter_from_user_mode+0xf5/0x2d0
[ 86.847141][ T5286] ? __x64_sys_pwritev2+0xbd/0x100
[ 86.852291][ T5286] do_syscall_64+0x45/0x110
[ 86.856825][ T5286] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 86.862835][ T5286] RIP: 0033:0x7fbb1142c2e9
[ 86.867268][ T5286] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 86.886892][ T5286] RSP: 002b:00007ffcc5e96ae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[ 86.895412][ T5286] RAX: ffffffffffffffda RBX: 00007ffcc5e96b20 RCX: 00007fbb1142c2e9
[ 86.903400][ T5286] RDX: 0000000000000001 RSI: 00000000200026c0 RDI: 0000000000000004
[ 86.911405][ T5286] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000010
[ 86.919410][ T5286] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcc5e96b1c
[ 86.927450][ T5286] R13: 000000000000000d R14: 431bde82d7b634db R15: 00007ffcc5e96b60
[ 86.935483][ T5286]
[ 86.940530][ T5286] BTRFS error (device loop0: state A): Transaction aborted (error -12)
[ 86.949526][ T5286] BTRFS: error (device loop0: state A) in add_to_free_space_tree:1057: errno=-12 Out of memory
[ 86.960564][ T5286] BTRFS info (device loop0: state EA): forced readonly
[ 86.967956][ T5286] BTRFS: error (device loop0: state EA) in do_free_extent_accounting:2989: errno=-12 Out of memory
[ 86.986669][ T5286] BTRFS error (device loop0: state EA): failed to run delayed ref for logical 5267456 num_bytes 4096 type 176 action 2 ref_mod 1: -12
[ 87.001296][ T5286] BTRFS: error (device loop0: state EA) in btrfs_run_delayed_refs:2226: errno=-12 Out of memory
[pid 5286] pwritev2(4, [{iov_base="\xc5", iov_len=1}], 1, 0, RWF_APPEND) = -1 ENOMEM (Cannot allocate memory)
[pid 5286] exit_group(0) = ?
[pid 5286] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5286, si_uid=0, si_status=0, si_utime=0, si_stime=32 /* 0.32 s */} ---
umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555562e86f0 /* 4 entries */, 32768) = 112
umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[ 87.016107][ T23] cfg80211: failed to load regulatory.db
unlink("./13/binderfs") = 0
[ 87.046618][ T5061] BTRFS info (device loop0: state EA): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555562f0730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562f0730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./13/file0") = 0
getdents64(3, 0x5555562e86f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./13") = 0
mkdir("./14", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5303 attached
, child_tidptr=0x5555562e7650) = 5303
[pid 5303] set_robust_list(0x5555562e7660, 24) = 0
[pid 5303] chdir("./14") = 0
[pid 5303] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5303] setpgid(0, 0) = 0
[pid 5303] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5303] write(3, "1000", 4) = 4
[pid 5303] close(3) = 0
[pid 5303] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5303] memfd_create("syzkaller", 0) = 3
[pid 5303] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb08fed000
[pid 5303] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5303] munmap(0x7fbb08fed000, 138412032) = 0
[pid 5303] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5303] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5303] close(3) = 0
[pid 5303] mkdir("./file0", 0777) = 0
[ 87.596686][ T5303] loop0: detected capacity change from 0 to 32768
[ 87.633266][ T5303] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor333 (5303)
[ 87.651054][ T5303] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 87.661279][ T5303] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 87.670034][ T5303] BTRFS info (device loop0): doing ref verification
[ 87.676651][ T5303] BTRFS info (device loop0): force zlib compression, level 3
[ 87.684208][ T5303] BTRFS info (device loop0): using free space tree
[pid 5303] mount("/dev/loop0", "./file0", "btrfs", 0, "commit=0x0000000000000022,noautodefrag,ref_verify,skip_balance,compress-force,") = 0
[pid 5303] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5303] chdir("./file0") = 0
[pid 5303] ioctl(4, LOOP_CLR_FD) = 0
[pid 5303] close(4) = 0
[pid 5303] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[ 87.706559][ T5303] BTRFS info (device loop0): enabling ssd optimizations
[ 87.713736][ T5303] BTRFS info (device loop0): auto enabling async discard
[pid 5303] fallocate(4, 0, 0, 1048820) = 0
[pid 5303] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5303] write(5, "56", 2) = 2
[ 87.742976][ T28] audit: type=1800 audit(1701700611.009:16): pid=5303 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor333" name="bus" dev="loop0" ino=263 res=0 errno=0
[ 87.777175][ T5303] FAULT_INJECTION: forcing a failure.
[ 87.777175][ T5303] name failslab, interval 1, probability 0, space 0, times 0
[ 87.790168][ T5303] CPU: 1 PID: 5303 Comm: syz-executor333 Not tainted 6.7.0-rc4-syzkaller #0
[ 87.798892][ T5303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 87.808997][ T5303] Call Trace:
[ 87.812325][ T5303]
[ 87.815369][ T5303] dump_stack_lvl+0x1e7/0x2d0
[ 87.820115][ T5303] ? nf_tcp_handle_invalid+0x650/0x650
[ 87.825648][ T5303] ? panic+0x850/0x850
[ 87.829863][ T5303] ? __might_sleep+0xe0/0xe0
[ 87.834522][ T5303] should_fail_ex+0x3aa/0x4e0
[ 87.839278][ T5303] ? alloc_extent_state+0x25/0x2e0
[ 87.844537][ T5303] should_failslab+0x9/0x20
[ 87.849091][ T5303] kmem_cache_alloc+0x6d/0x2b0
[ 87.853926][ T5303] alloc_extent_state+0x25/0x2e0
[ 87.858929][ T5303] __set_extent_bit+0x1c8/0x1b00
[ 87.863934][ T5303] ? btrfs_update_block_group+0x62f/0xa90
[ 87.869759][ T5303] ? trace_btrfs_space_reservation+0x9a/0x220
[ 87.876066][ T5303] set_extent_bit+0x3b/0x50
[ 87.880896][ T5303] btrfs_update_block_group+0x66e/0xa90
[ 87.886520][ T5303] __btrfs_free_extent+0x1cec/0x38e0
[ 87.891880][ T5303] ? __btrfs_inc_extent_ref+0x610/0x610
[ 87.897486][ T5303] ? lock_downgrade+0x840/0x8f0
[ 87.902390][ T5303] ? __btrfs_run_delayed_refs+0xa94/0x44d0
[ 87.908261][ T5303] ? __lock_acquire+0x1fd0/0x1fd0
[ 87.913345][ T5303] ? do_raw_spin_unlock+0x13b/0x8b0
[ 87.918692][ T5303] __btrfs_run_delayed_refs+0x13c8/0x44d0
[ 87.924545][ T5303] ? btrfs_run_delayed_refs+0x2c0/0x2c0
[ 87.930149][ T5303] ? __lock_acquire+0x1345/0x1fd0
[ 87.935296][ T5303] ? read_lock_is_recursive+0x20/0x20
[ 87.940752][ T5303] btrfs_run_delayed_refs+0xe3/0x2c0
[ 87.946146][ T5303] btrfs_commit_transaction+0x4ba/0x3740
[ 87.951850][ T5303] ? btrfs_commit_transaction+0x17b/0x3740
[ 87.957779][ T5303] ? btrfs_commit_transaction_async+0x480/0x480
[ 87.964152][ T5303] ? __up_read+0x6a0/0x6a0
[ 87.968612][ T5303] ? dput+0x52/0x470
[ 87.972546][ T5303] btrfs_sync_file+0xf50/0x1330
[ 87.977425][ T5303] ? btrfs_release_file+0x130/0x130
[ 87.982664][ T5303] ? __lock_acquire+0x1fd0/0x1fd0
[ 87.988243][ T5303] ? do_raw_spin_lock+0x14e/0x370
[ 87.993293][ T5303] ? do_raw_spin_unlock+0x13b/0x8b0
[ 87.998629][ T5303] btrfs_do_write_iter+0xbc5/0x1190
[ 88.003874][ T5303] ? mark_lock+0x9a/0x350
[ 88.008244][ T5303] ? btrfs_check_nocow_unlock+0x40/0x40
[ 88.013823][ T5303] do_iter_readv_writev+0x330/0x4a0
[ 88.019068][ T5303] ? generic_file_rw_checks+0x260/0x260
[ 88.024663][ T5303] ? fsnotify_perm+0x67/0x5a0
[ 88.029380][ T5303] ? bpf_lsm_file_permission+0x9/0x10
[ 88.034790][ T5303] do_iter_write+0x1f6/0x8d0
[ 88.039445][ T5303] do_pwritev+0x21a/0x360
[ 88.043818][ T5303] ? do_preadv+0x350/0x350
[ 88.048283][ T5303] ? do_notify_parent+0x10c0/0x10c0
[ 88.053497][ T5303] ? lockdep_hardirqs_on_prepare+0x43c/0x780
[ 88.059500][ T5303] ? print_irqtrace_events+0x220/0x220
[ 88.065057][ T5303] ? syscall_enter_from_user_mode+0xa4/0x2d0
[ 88.071052][ T5303] ? syscall_enter_from_user_mode+0xf5/0x2d0
[ 88.077046][ T5303] ? __x64_sys_pwritev2+0xbd/0x100
[ 88.082196][ T5303] do_syscall_64+0x45/0x110
[ 88.086751][ T5303] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 88.093432][ T5303] RIP: 0033:0x7fbb1142c2e9
[ 88.097860][ T5303] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 88.117498][ T5303] RSP: 002b:00007ffcc5e96ae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[ 88.125935][ T5303] RAX: ffffffffffffffda RBX: 00007ffcc5e96b20 RCX: 00007fbb1142c2e9
[ 88.133934][ T5303] RDX: 0000000000000001 RSI: 00000000200026c0 RDI: 0000000000000004
[ 88.141946][ T5303] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000010
[ 88.149929][ T5303] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcc5e96b1c
[pid 5303] pwritev2(4, [{iov_base="\xc5", iov_len=1}], 1, 0, RWF_APPEND) = 1
[pid 5303] exit_group(0) = ?
[pid 5303] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5303, si_uid=0, si_status=0, si_utime=0, si_stime=29 /* 0.29 s */} ---
umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 88.157911][ T5303] R13: 000000000000000e R14: 431bde82d7b634db R15: 00007ffcc5e96b60
[ 88.166000][ T5303]
openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555562e86f0 /* 4 entries */, 32768) = 112
umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./14/binderfs") = 0
[ 88.295190][ T5061] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555562f0730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562f0730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./14/file0") = 0
getdents64(3, 0x5555562e86f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./14") = 0
mkdir("./15", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5320 attached
, child_tidptr=0x5555562e7650) = 5320
[pid 5320] set_robust_list(0x5555562e7660, 24) = 0
[pid 5320] chdir("./15") = 0
[pid 5320] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5320] setpgid(0, 0) = 0
[pid 5320] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5320] write(3, "1000", 4) = 4
[pid 5320] close(3) = 0
[pid 5320] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5320] memfd_create("syzkaller", 0) = 3
[pid 5320] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb08fed000
[pid 5320] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5320] munmap(0x7fbb08fed000, 138412032) = 0
[pid 5320] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5320] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5320] close(3) = 0
[pid 5320] mkdir("./file0", 0777) = 0
[ 88.917081][ T5320] loop0: detected capacity change from 0 to 32768
[ 88.944261][ T5320] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor333 (5320)
[ 88.959773][ T5320] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 88.970004][ T5320] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 88.978824][ T5320] BTRFS info (device loop0): doing ref verification
[ 88.985450][ T5320] BTRFS info (device loop0): force zlib compression, level 3
[ 88.993033][ T5320] BTRFS info (device loop0): using free space tree
[pid 5320] mount("/dev/loop0", "./file0", "btrfs", 0, "commit=0x0000000000000022,noautodefrag,ref_verify,skip_balance,compress-force,") = 0
[pid 5320] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5320] chdir("./file0") = 0
[pid 5320] ioctl(4, LOOP_CLR_FD) = 0
[pid 5320] close(4) = 0
[pid 5320] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[ 89.015220][ T5320] BTRFS info (device loop0): enabling ssd optimizations
[ 89.022413][ T5320] BTRFS info (device loop0): auto enabling async discard
[pid 5320] fallocate(4, 0, 0, 1048820) = 0
[pid 5320] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5320] write(5, "56", 2) = 2
[ 89.049869][ T28] audit: type=1800 audit(1701700612.319:17): pid=5320 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor333" name="bus" dev="loop0" ino=263 res=0 errno=0
[ 89.098929][ T5320] FAULT_INJECTION: forcing a failure.
[ 89.098929][ T5320] name failslab, interval 1, probability 0, space 0, times 0
[ 89.111860][ T5320] CPU: 0 PID: 5320 Comm: syz-executor333 Not tainted 6.7.0-rc4-syzkaller #0
[ 89.120591][ T5320] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 89.130683][ T5320] Call Trace:
[ 89.133984][ T5320]
[ 89.136925][ T5320] dump_stack_lvl+0x1e7/0x2d0
[ 89.141639][ T5320] ? nf_tcp_handle_invalid+0x650/0x650
[ 89.147118][ T5320] ? panic+0x850/0x850
[ 89.151234][ T5320] ? __might_sleep+0xe0/0xe0
[ 89.155851][ T5320] should_fail_ex+0x3aa/0x4e0
[ 89.160585][ T5320] ? alloc_extent_state+0x25/0x2e0
[ 89.165731][ T5320] should_failslab+0x9/0x20
[ 89.170247][ T5320] kmem_cache_alloc+0x6d/0x2b0
[ 89.175052][ T5320] alloc_extent_state+0x25/0x2e0
[ 89.180139][ T5320] __set_extent_bit+0x1c8/0x1b00
[ 89.185137][ T5320] ? btrfs_update_block_group+0x62f/0xa90
[ 89.191067][ T5320] ? trace_btrfs_space_reservation+0x9a/0x220
[ 89.197170][ T5320] set_extent_bit+0x3b/0x50
[ 89.201736][ T5320] btrfs_update_block_group+0x66e/0xa90
[ 89.207324][ T5320] __btrfs_free_extent+0x1cec/0x38e0
[ 89.212664][ T5320] ? __btrfs_inc_extent_ref+0x610/0x610
[ 89.218247][ T5320] ? lock_downgrade+0x840/0x8f0
[ 89.223117][ T5320] ? __btrfs_run_delayed_refs+0xa94/0x44d0
[ 89.228950][ T5320] ? __lock_acquire+0x1fd0/0x1fd0
[ 89.233998][ T5320] ? do_raw_spin_unlock+0x13b/0x8b0
[ 89.239235][ T5320] __btrfs_run_delayed_refs+0x13c8/0x44d0
[ 89.245050][ T5320] ? btrfs_run_delayed_refs+0x2c0/0x2c0
[ 89.250624][ T5320] ? __lock_acquire+0x1345/0x1fd0
[ 89.255691][ T5320] ? read_lock_is_recursive+0x20/0x20
[ 89.261271][ T5320] btrfs_run_delayed_refs+0xe3/0x2c0
[ 89.266608][ T5320] btrfs_commit_transaction+0x4ba/0x3740
[ 89.272402][ T5320] ? btrfs_commit_transaction+0x17b/0x3740
[ 89.278353][ T5320] ? btrfs_commit_transaction_async+0x480/0x480
[ 89.284822][ T5320] ? __up_read+0x6a0/0x6a0
[ 89.289251][ T5320] ? dput+0x52/0x470
[ 89.293181][ T5320] btrfs_sync_file+0xf50/0x1330
[ 89.298120][ T5320] ? btrfs_release_file+0x130/0x130
[ 89.303381][ T5320] ? __lock_acquire+0x1fd0/0x1fd0
[ 89.308437][ T5320] ? do_raw_spin_lock+0x14e/0x370
[ 89.313501][ T5320] ? do_raw_spin_unlock+0x13b/0x8b0
[ 89.318814][ T5320] btrfs_do_write_iter+0xbc5/0x1190
[ 89.324058][ T5320] ? mark_lock+0x9a/0x350
[ 89.328441][ T5320] ? btrfs_check_nocow_unlock+0x40/0x40
[ 89.334013][ T5320] do_iter_readv_writev+0x330/0x4a0
[ 89.339332][ T5320] ? generic_file_rw_checks+0x260/0x260
[ 89.344907][ T5320] ? fsnotify_perm+0x67/0x5a0
[ 89.349683][ T5320] ? bpf_lsm_file_permission+0x9/0x10
[ 89.355088][ T5320] do_iter_write+0x1f6/0x8d0
[ 89.359802][ T5320] do_pwritev+0x21a/0x360
[ 89.364158][ T5320] ? do_preadv+0x350/0x350
[ 89.368635][ T5320] ? do_notify_parent+0x10c0/0x10c0
[ 89.373911][ T5320] ? lockdep_hardirqs_on_prepare+0x43c/0x780
[ 89.379965][ T5320] ? print_irqtrace_events+0x220/0x220
[ 89.385453][ T5320] ? syscall_enter_from_user_mode+0xa4/0x2d0
[ 89.391463][ T5320] ? syscall_enter_from_user_mode+0xf5/0x2d0
[ 89.397481][ T5320] ? __x64_sys_pwritev2+0xbd/0x100
[ 89.402636][ T5320] do_syscall_64+0x45/0x110
[ 89.407182][ T5320] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 89.413197][ T5320] RIP: 0033:0x7fbb1142c2e9
[ 89.417629][ T5320] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 89.437274][ T5320] RSP: 002b:00007ffcc5e96ae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[pid 5320] pwritev2(4, [{iov_base="\xc5", iov_len=1}], 1, 0, RWF_APPEND) = 1
[pid 5320] exit_group(0) = ?
[pid 5320] +++ exited with 0 +++
[ 89.445989][ T5320] RAX: ffffffffffffffda RBX: 00007ffcc5e96b20 RCX: 00007fbb1142c2e9
[ 89.453975][ T5320] RDX: 0000000000000001 RSI: 00000000200026c0 RDI: 0000000000000004
[ 89.461962][ T5320] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000010
[ 89.469945][ T5320] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcc5e96b1c
[ 89.477928][ T5320] R13: 000000000000000f R14: 431bde82d7b634db R15: 00007ffcc5e96b60
[ 89.485930][ T5320]
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5320, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=30 /* 0.30 s */} ---
umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555562e86f0 /* 4 entries */, 32768) = 112
umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./15/binderfs") = 0
[ 89.606944][ T5061] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555562f0730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562f0730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./15/file0") = 0
getdents64(3, 0x5555562e86f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./15") = 0
mkdir("./16", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5337 attached
, child_tidptr=0x5555562e7650) = 5337
[pid 5337] set_robust_list(0x5555562e7660, 24) = 0
[pid 5337] chdir("./16") = 0
[pid 5337] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5337] setpgid(0, 0) = 0
[pid 5337] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5337] write(3, "1000", 4) = 4
[pid 5337] close(3) = 0
[pid 5337] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5337] memfd_create("syzkaller", 0) = 3
[pid 5337] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb08fed000
[pid 5337] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5337] munmap(0x7fbb08fed000, 138412032) = 0
[pid 5337] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5337] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5337] close(3) = 0
[pid 5337] mkdir("./file0", 0777) = 0
[ 90.070483][ T5337] loop0: detected capacity change from 0 to 32768
[ 90.085132][ T5337] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor333 (5337)
[ 90.100558][ T5337] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 90.110830][ T5337] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[pid 5337] mount("/dev/loop0", "./file0", "btrfs", 0, "commit=0x0000000000000022,noautodefrag,ref_verify,skip_balance,compress-force,") = 0
[pid 5337] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5337] chdir("./file0") = 0
[pid 5337] ioctl(4, LOOP_CLR_FD) = 0
[ 90.119633][ T5337] BTRFS info (device loop0): doing ref verification
[ 90.126290][ T5337] BTRFS info (device loop0): force zlib compression, level 3
[ 90.133829][ T5337] BTRFS info (device loop0): using free space tree
[ 90.155617][ T5337] BTRFS info (device loop0): enabling ssd optimizations
[ 90.162728][ T5337] BTRFS info (device loop0): auto enabling async discard
[pid 5337] close(4) = 0
[pid 5337] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid 5337] fallocate(4, 0, 0, 1048820) = 0
[pid 5337] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5337] write(5, "56", 2) = 2
[ 90.220811][ T28] audit: type=1800 audit(1701700613.489:18): pid=5337 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor333" name="bus" dev="loop0" ino=263 res=0 errno=0
[ 90.273348][ T5337] FAULT_INJECTION: forcing a failure.
[ 90.273348][ T5337] name failslab, interval 1, probability 0, space 0, times 0
[ 90.287182][ T5337] CPU: 1 PID: 5337 Comm: syz-executor333 Not tainted 6.7.0-rc4-syzkaller #0
[ 90.295920][ T5337] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 90.306288][ T5337] Call Trace:
[ 90.309624][ T5337]
[ 90.312598][ T5337] dump_stack_lvl+0x1e7/0x2d0
[ 90.317346][ T5337] ? nf_tcp_handle_invalid+0x650/0x650
[ 90.322951][ T5337] ? panic+0x850/0x850
[ 90.327778][ T5337] ? __might_sleep+0xe0/0xe0
[ 90.332577][ T5337] should_fail_ex+0x3aa/0x4e0
[ 90.337316][ T5337] ? alloc_extent_state+0x25/0x2e0
[ 90.342645][ T5337] should_failslab+0x9/0x20
[ 90.347284][ T5337] kmem_cache_alloc+0x6d/0x2b0
[ 90.352113][ T5337] alloc_extent_state+0x25/0x2e0
[ 90.357112][ T5337] __set_extent_bit+0x1c8/0x1b00
[ 90.362120][ T5337] ? btrfs_update_block_group+0x62f/0xa90
[ 90.367899][ T5337] ? trace_btrfs_space_reservation+0x9a/0x220
[ 90.374034][ T5337] set_extent_bit+0x3b/0x50
[ 90.378610][ T5337] btrfs_update_block_group+0x66e/0xa90
[ 90.384224][ T5337] __btrfs_free_extent+0x1cec/0x38e0
[ 90.389566][ T5337] ? __btrfs_inc_extent_ref+0x610/0x610
[ 90.395223][ T5337] ? lock_downgrade+0x840/0x8f0
[ 90.400187][ T5337] ? __btrfs_run_delayed_refs+0xa94/0x44d0
[ 90.406008][ T5337] ? __lock_acquire+0x1fd0/0x1fd0
[ 90.411251][ T5337] ? do_raw_spin_unlock+0x13b/0x8b0
[ 90.416490][ T5337] __btrfs_run_delayed_refs+0x13c8/0x44d0
[ 90.422284][ T5337] ? btrfs_run_delayed_refs+0x2c0/0x2c0
[ 90.427840][ T5337] ? __lock_acquire+0x1345/0x1fd0
[ 90.432899][ T5337] ? read_lock_is_recursive+0x20/0x20
[ 90.438294][ T5337] btrfs_run_delayed_refs+0xe3/0x2c0
[ 90.443620][ T5337] btrfs_commit_transaction+0x4ba/0x3740
[ 90.449285][ T5337] ? btrfs_commit_transaction+0x17b/0x3740
[ 90.455175][ T5337] ? btrfs_commit_transaction_async+0x480/0x480
[ 90.461483][ T5337] ? __up_read+0x6a0/0x6a0
[ 90.465920][ T5337] ? dput+0x52/0x470
[ 90.469839][ T5337] btrfs_sync_file+0xf50/0x1330
[ 90.474754][ T5337] ? btrfs_release_file+0x130/0x130
[ 90.479976][ T5337] ? __lock_acquire+0x1fd0/0x1fd0
[ 90.485017][ T5337] ? do_raw_spin_lock+0x14e/0x370
[ 90.490083][ T5337] ? do_raw_spin_unlock+0x13b/0x8b0
[ 90.495304][ T5337] btrfs_do_write_iter+0xbc5/0x1190
[ 90.500535][ T5337] ? mark_lock+0x9a/0x350
[ 90.504910][ T5337] ? btrfs_check_nocow_unlock+0x40/0x40
[ 90.510475][ T5337] do_iter_readv_writev+0x330/0x4a0
[ 90.515695][ T5337] ? generic_file_rw_checks+0x260/0x260
[ 90.521281][ T5337] ? fsnotify_perm+0x67/0x5a0
[ 90.525972][ T5337] ? bpf_lsm_file_permission+0x9/0x10
[ 90.531421][ T5337] do_iter_write+0x1f6/0x8d0
[ 90.536064][ T5337] do_pwritev+0x21a/0x360
[ 90.540506][ T5337] ? do_preadv+0x350/0x350
[ 90.544967][ T5337] ? do_notify_parent+0x10c0/0x10c0
[ 90.550177][ T5337] ? lockdep_hardirqs_on_prepare+0x43c/0x780
[ 90.556171][ T5337] ? print_irqtrace_events+0x220/0x220
[ 90.561727][ T5337] ? syscall_enter_from_user_mode+0xa4/0x2d0
[ 90.567713][ T5337] ? syscall_enter_from_user_mode+0xf5/0x2d0
[ 90.573701][ T5337] ? __x64_sys_pwritev2+0xbd/0x100
[ 90.578950][ T5337] do_syscall_64+0x45/0x110
[ 90.583487][ T5337] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 90.589588][ T5337] RIP: 0033:0x7fbb1142c2e9
[ 90.594025][ T5337] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 90.613748][ T5337] RSP: 002b:00007ffcc5e96ae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[pid 5337] pwritev2(4, [{iov_base="\xc5", iov_len=1}], 1, 0, RWF_APPEND) = 1
[pid 5337] exit_group(0) = ?
[pid 5337] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5337, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=24 /* 0.24 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[ 90.622204][ T5337] RAX: ffffffffffffffda RBX: 00007ffcc5e96b20 RCX: 00007fbb1142c2e9
[ 90.630191][ T5337] RDX: 0000000000000001 RSI: 00000000200026c0 RDI: 0000000000000004
[ 90.638206][ T5337] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000010
[ 90.646185][ T5337] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcc5e96b1c
[ 90.654252][ T5337] R13: 0000000000000010 R14: 431bde82d7b634db R15: 00007ffcc5e96b60
[ 90.662244][ T5337]
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555562e86f0 /* 4 entries */, 32768) = 112
umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./16/binderfs") = 0
[ 90.771950][ T5061] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555562f0730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562f0730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./16/file0") = 0
getdents64(3, 0x5555562e86f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./16") = 0
mkdir("./17", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5354 attached
, child_tidptr=0x5555562e7650) = 5354
[pid 5354] set_robust_list(0x5555562e7660, 24) = 0
[pid 5354] chdir("./17") = 0
[pid 5354] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5354] setpgid(0, 0) = 0
[pid 5354] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5354] write(3, "1000", 4) = 4
[pid 5354] close(3) = 0
[pid 5354] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5354] memfd_create("syzkaller", 0) = 3
[pid 5354] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb08fed000
[pid 5354] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5354] munmap(0x7fbb08fed000, 138412032) = 0
[pid 5354] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5354] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5354] close(3) = 0
[pid 5354] mkdir("./file0", 0777) = 0
[ 91.245216][ T5354] loop0: detected capacity change from 0 to 32768
[ 91.256598][ T5354] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor333 (5354)
[ 91.275099][ T5354] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 91.285513][ T5354] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[pid 5354] mount("/dev/loop0", "./file0", "btrfs", 0, "commit=0x0000000000000022,noautodefrag,ref_verify,skip_balance,compress-force,") = 0
[pid 5354] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5354] chdir("./file0") = 0
[pid 5354] ioctl(4, LOOP_CLR_FD) = 0
[pid 5354] close(4) = 0
[ 91.294901][ T5354] BTRFS info (device loop0): doing ref verification
[ 91.301594][ T5354] BTRFS info (device loop0): force zlib compression, level 3
[ 91.309234][ T5354] BTRFS info (device loop0): using free space tree
[ 91.330914][ T5354] BTRFS info (device loop0): enabling ssd optimizations
[ 91.337902][ T5354] BTRFS info (device loop0): auto enabling async discard
[pid 5354] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid 5354] fallocate(4, 0, 0, 1048820) = 0
[pid 5354] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5354] write(5, "56", 2) = 2
[ 91.369048][ T28] audit: type=1800 audit(1701700614.629:19): pid=5354 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor333" name="bus" dev="loop0" ino=263 res=0 errno=0
[ 91.400874][ T5354] FAULT_INJECTION: forcing a failure.
[ 91.400874][ T5354] name failslab, interval 1, probability 0, space 0, times 0
[ 91.419760][ T5354] CPU: 0 PID: 5354 Comm: syz-executor333 Not tainted 6.7.0-rc4-syzkaller #0
[ 91.428509][ T5354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 91.438617][ T5354] Call Trace:
[ 91.441945][ T5354]
[ 91.444961][ T5354] dump_stack_lvl+0x1e7/0x2d0
[ 91.449704][ T5354] ? nf_tcp_handle_invalid+0x650/0x650
[ 91.455224][ T5354] ? panic+0x850/0x850
[ 91.459349][ T5354] ? _raw_read_unlock+0x28/0x40
[ 91.464270][ T5354] should_fail_ex+0x3aa/0x4e0
[ 91.469014][ T5354] ? __btrfs_free_extent+0x26f/0x38e0
[ 91.474448][ T5354] should_failslab+0x9/0x20
[ 91.479488][ T5354] kmem_cache_alloc+0x6d/0x2b0
[ 91.485038][ T5354] __btrfs_free_extent+0x26f/0x38e0
[ 91.491041][ T5354] ? __btrfs_inc_extent_ref+0x610/0x610
[ 91.496826][ T5354] ? lock_downgrade+0x840/0x8f0
[ 91.502877][ T5354] ? __btrfs_run_delayed_refs+0xa94/0x44d0
[ 91.508777][ T5354] ? __lock_acquire+0x1fd0/0x1fd0
[ 91.514031][ T5354] ? do_raw_read_unlock+0x3c/0x80
[ 91.519202][ T5354] ? _raw_read_unlock+0x28/0x40
[ 91.524182][ T5354] ? do_raw_spin_unlock+0x13b/0x8b0
[ 91.529598][ T5354] __btrfs_run_delayed_refs+0x13c8/0x44d0
[ 91.535403][ T5354] ? btrfs_run_delayed_refs+0x2c0/0x2c0
[ 91.540970][ T5354] ? __lock_acquire+0x1345/0x1fd0
[ 91.546052][ T5354] ? read_lock_is_recursive+0x20/0x20
[ 91.551627][ T5354] btrfs_run_delayed_refs+0xe3/0x2c0
[ 91.556939][ T5354] btrfs_commit_transaction+0x4ba/0x3740
[ 91.564598][ T5354] ? btrfs_commit_transaction+0x17b/0x3740
[ 91.570464][ T5354] ? btrfs_commit_transaction_async+0x480/0x480
[ 91.577145][ T5354] ? __up_read+0x6a0/0x6a0
[ 91.582223][ T5354] ? dput+0x52/0x470
[ 91.586279][ T5354] btrfs_sync_file+0xf50/0x1330
[ 91.591195][ T5354] ? btrfs_release_file+0x130/0x130
[ 91.596620][ T5354] ? __lock_acquire+0x1fd0/0x1fd0
[ 91.601679][ T5354] ? do_raw_spin_lock+0x14e/0x370
[ 91.606744][ T5354] ? do_raw_spin_unlock+0x13b/0x8b0
[ 91.611984][ T5354] btrfs_do_write_iter+0xbc5/0x1190
[ 91.617564][ T5354] ? mark_lock+0x9a/0x350
[ 91.622201][ T5354] ? btrfs_check_nocow_unlock+0x40/0x40
[ 91.628102][ T5354] do_iter_readv_writev+0x330/0x4a0
[ 91.633787][ T5354] ? generic_file_rw_checks+0x260/0x260
[ 91.639953][ T5354] ? fsnotify_perm+0x67/0x5a0
[ 91.645015][ T5354] ? bpf_lsm_file_permission+0x9/0x10
[ 91.650420][ T5354] do_iter_write+0x1f6/0x8d0
[ 91.655066][ T5354] do_pwritev+0x21a/0x360
[ 91.659611][ T5354] ? do_preadv+0x350/0x350
[ 91.664550][ T5354] ? do_notify_parent+0x10c0/0x10c0
[ 91.670143][ T5354] ? lockdep_hardirqs_on_prepare+0x43c/0x780
[ 91.676258][ T5354] ? print_irqtrace_events+0x220/0x220
[ 91.681765][ T5354] ? syscall_enter_from_user_mode+0xa4/0x2d0
[ 91.687935][ T5354] ? syscall_enter_from_user_mode+0xf5/0x2d0
[ 91.693937][ T5354] ? __x64_sys_pwritev2+0xbd/0x100
[ 91.699163][ T5354] do_syscall_64+0x45/0x110
[ 91.703702][ T5354] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 91.709618][ T5354] RIP: 0033:0x7fbb1142c2e9
[ 91.714045][ T5354] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 91.733661][ T5354] RSP: 002b:00007ffcc5e96ae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[ 91.742090][ T5354] RAX: ffffffffffffffda RBX: 00007ffcc5e96b20 RCX: 00007fbb1142c2e9
[ 91.750074][ T5354] RDX: 0000000000000001 RSI: 00000000200026c0 RDI: 0000000000000004
[ 91.758055][ T5354] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000010
[ 91.766034][ T5354] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcc5e96b1c
[ 91.774018][ T5354] R13: 0000000000000011 R14: 431bde82d7b634db R15: 00007ffcc5e96b60
[ 91.782137][ T5354]
[ 91.790257][ T5354] BTRFS error (device loop0): failed to run delayed ref for logical 5308416 num_bytes 4096 type 176 action 2 ref_mod 1: -12
[ 91.808974][ T5354] BTRFS error (device loop0: state A): Transaction aborted (error -12)
[pid 5354] pwritev2(4, [{iov_base="\xc5", iov_len=1}], 1, 0, RWF_APPEND) = -1 ENOMEM (Cannot allocate memory)
[pid 5354] exit_group(0) = ?
[pid 5354] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5354, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=28 /* 0.28 s */} ---
umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555562e86f0 /* 4 entries */, 32768) = 112
umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 91.817416][ T5354] BTRFS: error (device loop0: state A) in btrfs_run_delayed_refs:2226: errno=-12 Out of memory
[ 91.828476][ T5354] BTRFS info (device loop0: state EA): forced readonly
newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./17/binderfs") = 0
[ 91.899049][ T5061] BTRFS info (device loop0: state EA): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555562f0730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562f0730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./17/file0") = 0
getdents64(3, 0x5555562e86f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./17") = 0
mkdir("./18", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5371 attached
, child_tidptr=0x5555562e7650) = 5371
[pid 5371] set_robust_list(0x5555562e7660, 24) = 0
[pid 5371] chdir("./18") = 0
[pid 5371] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5371] setpgid(0, 0) = 0
[pid 5371] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5371] write(3, "1000", 4) = 4
[pid 5371] close(3) = 0
[pid 5371] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5371] memfd_create("syzkaller", 0) = 3
[pid 5371] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb08fed000
[pid 5371] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5371] munmap(0x7fbb08fed000, 138412032) = 0
[pid 5371] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5371] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5371] close(3) = 0
[pid 5371] mkdir("./file0", 0777) = 0
[ 92.383924][ T5371] loop0: detected capacity change from 0 to 32768
[ 92.408477][ T5371] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor333 (5371)
[ 92.424769][ T5371] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 92.435020][ T5371] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 92.443836][ T5371] BTRFS info (device loop0): doing ref verification
[ 92.450605][ T5371] BTRFS info (device loop0): force zlib compression, level 3
[ 92.457995][ T5371] BTRFS info (device loop0): using free space tree
[pid 5371] mount("/dev/loop0", "./file0", "btrfs", 0, "commit=0x0000000000000022,noautodefrag,ref_verify,skip_balance,compress-force,") = 0
[pid 5371] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5371] chdir("./file0") = 0
[pid 5371] ioctl(4, LOOP_CLR_FD) = 0
[pid 5371] close(4) = 0
[ 92.481306][ T5371] BTRFS info (device loop0): enabling ssd optimizations
[ 92.488406][ T5371] BTRFS info (device loop0): auto enabling async discard
[pid 5371] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid 5371] fallocate(4, 0, 0, 1048820) = 0
[pid 5371] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5371] write(5, "56", 2) = 2
[ 92.531177][ T28] audit: type=1800 audit(1701700615.799:20): pid=5371 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor333" name="bus" dev="loop0" ino=263 res=0 errno=0
[ 92.566215][ T5371] FAULT_INJECTION: forcing a failure.
[ 92.566215][ T5371] name failslab, interval 1, probability 0, space 0, times 0
[ 92.580008][ T5371] CPU: 0 PID: 5371 Comm: syz-executor333 Not tainted 6.7.0-rc4-syzkaller #0
[ 92.588773][ T5371] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 92.598917][ T5371] Call Trace:
[ 92.602236][ T5371]
[ 92.605203][ T5371] dump_stack_lvl+0x1e7/0x2d0
[ 92.609927][ T5371] ? nf_tcp_handle_invalid+0x650/0x650
[ 92.615453][ T5371] ? panic+0x850/0x850
[ 92.619537][ T5371] ? __might_sleep+0xe0/0xe0
[ 92.624155][ T5371] should_fail_ex+0x3aa/0x4e0
[ 92.628856][ T5371] ? add_to_free_space_tree+0xc7/0x2e0
[ 92.634335][ T5371] should_failslab+0x9/0x20
[ 92.638864][ T5371] kmem_cache_alloc+0x6d/0x2b0
[ 92.643646][ T5371] ? btrfs_qgroup_destroy_extent_records+0xb0/0xb0
[ 92.650167][ T5371] add_to_free_space_tree+0xc7/0x2e0
[ 92.655479][ T5371] __btrfs_free_extent+0x1cc4/0x38e0
[ 92.660801][ T5371] ? __btrfs_inc_extent_ref+0x610/0x610
[ 92.666365][ T5371] ? lock_downgrade+0x840/0x8f0
[ 92.671230][ T5371] ? __btrfs_run_delayed_refs+0xa94/0x44d0
[ 92.677075][ T5371] ? __lock_acquire+0x1fd0/0x1fd0
[ 92.682123][ T5371] ? do_raw_spin_unlock+0x13b/0x8b0
[ 92.687354][ T5371] __btrfs_run_delayed_refs+0x13c8/0x44d0
[ 92.693155][ T5371] ? btrfs_run_delayed_refs+0x2c0/0x2c0
[ 92.698811][ T5371] ? __lock_acquire+0x1345/0x1fd0
[ 92.703884][ T5371] ? read_lock_is_recursive+0x20/0x20
[ 92.709379][ T5371] btrfs_run_delayed_refs+0xe3/0x2c0
[ 92.714691][ T5371] btrfs_commit_transaction+0x4ba/0x3740
[ 92.720361][ T5371] ? btrfs_commit_transaction+0x17b/0x3740
[ 92.726218][ T5371] ? btrfs_commit_transaction_async+0x480/0x480
[ 92.732510][ T5371] ? __up_read+0x6a0/0x6a0
[ 92.736939][ T5371] ? dput+0x52/0x470
[ 92.740865][ T5371] btrfs_sync_file+0xf50/0x1330
[ 92.745750][ T5371] ? btrfs_release_file+0x130/0x130
[ 92.750977][ T5371] ? __lock_acquire+0x1fd0/0x1fd0
[ 92.756054][ T5371] ? do_raw_spin_lock+0x14e/0x370
[ 92.761206][ T5371] ? do_raw_spin_unlock+0x13b/0x8b0
[ 92.766430][ T5371] btrfs_do_write_iter+0xbc5/0x1190
[ 92.771649][ T5371] ? mark_lock+0x9a/0x350
[ 92.776124][ T5371] ? btrfs_check_nocow_unlock+0x40/0x40
[ 92.781698][ T5371] do_iter_readv_writev+0x330/0x4a0
[ 92.787187][ T5371] ? generic_file_rw_checks+0x260/0x260
[ 92.792760][ T5371] ? fsnotify_perm+0x67/0x5a0
[ 92.797453][ T5371] ? bpf_lsm_file_permission+0x9/0x10
[ 92.802853][ T5371] do_iter_write+0x1f6/0x8d0
[ 92.807475][ T5371] do_pwritev+0x21a/0x360
[ 92.811868][ T5371] ? do_preadv+0x350/0x350
[ 92.816317][ T5371] ? do_notify_parent+0x10c0/0x10c0
[ 92.821531][ T5371] ? lockdep_hardirqs_on_prepare+0x43c/0x780
[ 92.827540][ T5371] ? print_irqtrace_events+0x220/0x220
[ 92.833018][ T5371] ? syscall_enter_from_user_mode+0xa4/0x2d0
[ 92.839030][ T5371] ? syscall_enter_from_user_mode+0xf5/0x2d0
[ 92.845025][ T5371] ? __x64_sys_pwritev2+0xbd/0x100
[ 92.850161][ T5371] do_syscall_64+0x45/0x110
[ 92.854800][ T5371] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 92.860722][ T5371] RIP: 0033:0x7fbb1142c2e9
[ 92.865257][ T5371] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 92.884980][ T5371] RSP: 002b:00007ffcc5e96ae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[ 92.893414][ T5371] RAX: ffffffffffffffda RBX: 00007ffcc5e96b20 RCX: 00007fbb1142c2e9
[ 92.901428][ T5371] RDX: 0000000000000001 RSI: 00000000200026c0 RDI: 0000000000000004
[ 92.909427][ T5371] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000010
[ 92.917434][ T5371] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcc5e96b1c
[ 92.925431][ T5371] R13: 0000000000000012 R14: 431bde82d7b634db R15: 00007ffcc5e96b60
[ 92.933448][ T5371]
[ 92.939797][ T5371] BTRFS error (device loop0: state A): Transaction aborted (error -12)
[ 92.948921][ T5371] BTRFS: error (device loop0: state A) in add_to_free_space_tree:1057: errno=-12 Out of memory
[ 92.959856][ T5371] BTRFS info (device loop0: state EA): forced readonly
[ 92.967269][ T5371] BTRFS: error (device loop0: state EA) in do_free_extent_accounting:2989: errno=-12 Out of memory
[pid 5371] pwritev2(4, [{iov_base="\xc5", iov_len=1}], 1, 0, RWF_APPEND) = -1 ENOMEM (Cannot allocate memory)
[pid 5371] exit_group(0) = ?
[pid 5371] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5371, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=32 /* 0.32 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555562e86f0 /* 4 entries */, 32768) = 112
umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[ 92.978650][ T5371] BTRFS error (device loop0: state EA): failed to run delayed ref for logical 5267456 num_bytes 4096 type 176 action 2 ref_mod 1: -12
[ 92.993138][ T5371] BTRFS: error (device loop0: state EA) in btrfs_run_delayed_refs:2226: errno=-12 Out of memory
unlink("./18/binderfs") = 0
[ 93.027004][ T5061] BTRFS info (device loop0: state EA): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555562f0730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562f0730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./18/file0") = 0
getdents64(3, 0x5555562e86f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./18") = 0
mkdir("./19", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5388 attached
, child_tidptr=0x5555562e7650) = 5388
[pid 5388] set_robust_list(0x5555562e7660, 24) = 0
[pid 5388] chdir("./19") = 0
[pid 5388] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5388] setpgid(0, 0) = 0
[pid 5388] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5388] write(3, "1000", 4) = 4
[pid 5388] close(3) = 0
[pid 5388] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5388] memfd_create("syzkaller", 0) = 3
[pid 5388] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb08fed000
[pid 5388] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5388] munmap(0x7fbb08fed000, 138412032) = 0
[pid 5388] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5388] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5388] close(3) = 0
[pid 5388] mkdir("./file0", 0777) = 0
[ 93.459487][ T5388] loop0: detected capacity change from 0 to 32768
[ 93.474145][ T5388] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor333 (5388)
[ 93.490125][ T5388] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 93.500387][ T5388] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 93.509195][ T5388] BTRFS info (device loop0): doing ref verification
[ 93.515892][ T5388] BTRFS info (device loop0): force zlib compression, level 3
[ 93.523423][ T5388] BTRFS info (device loop0): using free space tree
[ 93.546455][ T5388] BTRFS info (device loop0): enabling ssd optimizations
[pid 5388] mount("/dev/loop0", "./file0", "btrfs", 0, "commit=0x0000000000000022,noautodefrag,ref_verify,skip_balance,compress-force,") = 0
[pid 5388] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5388] chdir("./file0") = 0
[pid 5388] ioctl(4, LOOP_CLR_FD) = 0
[pid 5388] close(4) = 0
[ 93.553692][ T5388] BTRFS info (device loop0): auto enabling async discard
[pid 5388] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid 5388] fallocate(4, 0, 0, 1048820) = 0
[pid 5388] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5388] write(5, "56", 2) = 2
[ 93.590896][ T28] audit: type=1800 audit(1701700616.859:21): pid=5388 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor333" name="bus" dev="loop0" ino=263 res=0 errno=0
[ 93.644462][ T5388] FAULT_INJECTION: forcing a failure.
[ 93.644462][ T5388] name failslab, interval 1, probability 0, space 0, times 0
[ 93.659780][ T5388] CPU: 0 PID: 5388 Comm: syz-executor333 Not tainted 6.7.0-rc4-syzkaller #0
[ 93.668528][ T5388] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 93.678659][ T5388] Call Trace:
[ 93.682016][ T5388]
[ 93.684980][ T5388] dump_stack_lvl+0x1e7/0x2d0
[ 93.689718][ T5388] ? nf_tcp_handle_invalid+0x650/0x650
[ 93.695237][ T5388] ? panic+0x850/0x850
[ 93.699389][ T5388] should_fail_ex+0x3aa/0x4e0
[ 93.704122][ T5388] ? remove_from_free_space_tree+0x15d/0x1120
[ 93.710332][ T5388] should_failslab+0x9/0x20
[ 93.714883][ T5388] kmem_cache_alloc+0x6d/0x2b0
[ 93.719743][ T5388] ? ____kasan_slab_free+0xd6/0x120
[ 93.724990][ T5388] ? kmem_cache_free+0x299/0x470
[ 93.729995][ T5388] remove_from_free_space_tree+0x15d/0x1120
[ 93.736031][ T5388] ? do_syscall_64+0x45/0x110
[ 93.740846][ T5388] ? entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 93.746994][ T5388] ? set_free_space_tree_thresholds+0x1d0/0x1d0
[ 93.753307][ T5388] ? mark_lock+0x9a/0x350
[ 93.757688][ T5388] ? lockdep_hardirqs_on_prepare+0x43c/0x780
[ 93.763711][ T5388] ? print_irqtrace_events+0x220/0x220
[ 93.769205][ T5388] ? kasan_quarantine_put+0xd8/0x230
[ 93.774510][ T5388] ? lockdep_hardirqs_on+0x98/0x140
[ 93.779727][ T5388] ? __btrfs_run_delayed_refs+0x1aff/0x44d0
[ 93.786695][ T5388] alloc_reserved_extent+0x4b/0x290
[ 93.791937][ T5388] __btrfs_run_delayed_refs+0x1b5d/0x44d0
[ 93.797749][ T5388] ? btrfs_run_delayed_refs+0x2c0/0x2c0
[ 93.803371][ T5388] ? __lock_acquire+0x1345/0x1fd0
[ 93.808443][ T5388] ? read_lock_is_recursive+0x20/0x20
[ 93.813854][ T5388] btrfs_run_delayed_refs+0xe3/0x2c0
[ 93.819178][ T5388] btrfs_commit_transaction+0x4ba/0x3740
[ 93.824835][ T5388] ? btrfs_commit_transaction+0x17b/0x3740
[ 93.830680][ T5388] ? btrfs_commit_transaction_async+0x480/0x480
[ 93.836974][ T5388] ? __up_read+0x6a0/0x6a0
[ 93.841400][ T5388] ? dput+0x52/0x470
[ 93.845669][ T5388] btrfs_sync_file+0xf50/0x1330
[ 93.850553][ T5388] ? btrfs_release_file+0x130/0x130
[ 93.855782][ T5388] ? __lock_acquire+0x1fd0/0x1fd0
[ 93.860820][ T5388] ? do_raw_spin_lock+0x14e/0x370
[ 93.865867][ T5388] ? do_raw_spin_unlock+0x13b/0x8b0
[ 93.871094][ T5388] btrfs_do_write_iter+0xbc5/0x1190
[ 93.876320][ T5388] ? mark_lock+0x9a/0x350
[ 93.880686][ T5388] ? btrfs_check_nocow_unlock+0x40/0x40
[ 93.886439][ T5388] do_iter_readv_writev+0x330/0x4a0
[ 93.891667][ T5388] ? generic_file_rw_checks+0x260/0x260
[ 93.897243][ T5388] ? fsnotify_perm+0x67/0x5a0
[ 93.901936][ T5388] ? bpf_lsm_file_permission+0x9/0x10
[ 93.907331][ T5388] do_iter_write+0x1f6/0x8d0
[ 93.911973][ T5388] do_pwritev+0x21a/0x360
[ 93.916335][ T5388] ? do_preadv+0x350/0x350
[ 93.920808][ T5388] ? do_notify_parent+0x10c0/0x10c0
[ 93.926310][ T5388] ? lockdep_hardirqs_on_prepare+0x43c/0x780
[ 93.932336][ T5388] ? print_irqtrace_events+0x220/0x220
[ 93.937827][ T5388] ? syscall_enter_from_user_mode+0xa4/0x2d0
[ 93.943834][ T5388] ? syscall_enter_from_user_mode+0xf5/0x2d0
[ 93.949826][ T5388] ? __x64_sys_pwritev2+0xbd/0x100
[ 93.954957][ T5388] do_syscall_64+0x45/0x110
[ 93.959483][ T5388] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 93.965397][ T5388] RIP: 0033:0x7fbb1142c2e9
[ 93.969827][ T5388] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 93.989470][ T5388] RSP: 002b:00007ffcc5e96ae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[ 93.997987][ T5388] RAX: ffffffffffffffda RBX: 00007ffcc5e96b20 RCX: 00007fbb1142c2e9
[ 94.006401][ T5388] RDX: 0000000000000001 RSI: 00000000200026c0 RDI: 0000000000000004
[ 94.014385][ T5388] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000010
[ 94.022366][ T5388] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcc5e96b1c
[ 94.030346][ T5388] R13: 0000000000000013 R14: 431bde82d7b634db R15: 00007ffcc5e96b60
[ 94.038346][ T5388]
[ 94.048747][ T5388] BTRFS error (device loop0: state A): Transaction aborted (error -12)
[ 94.057072][ T5388] BTRFS: error (device loop0: state A) in remove_from_free_space_tree:865: errno=-12 Out of memory
[ 94.069671][ T5388] BTRFS info (device loop0: state EA): forced readonly
[ 94.076708][ T5388] BTRFS error (device loop0: state EA): failed to run delayed ref for logical 1048576 num_bytes 4096 type 176 action 1 ref_mod 1: -12
[pid 5388] pwritev2(4, [{iov_base="\xc5", iov_len=1}], 1, 0, RWF_APPEND) = -1 ENOMEM (Cannot allocate memory)
[pid 5388] exit_group(0) = ?
[pid 5388] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5388, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=34 /* 0.34 s */} ---
umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555562e86f0 /* 4 entries */, 32768) = 112
umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 94.091254][ T5388] BTRFS: error (device loop0: state EA) in btrfs_run_delayed_refs:2226: errno=-12 Out of memory
newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./19/binderfs") = 0
[ 94.150491][ T5061] BTRFS info (device loop0: state EA): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555562f0730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562f0730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./19/file0") = 0
getdents64(3, 0x5555562e86f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./19") = 0
mkdir("./20", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5405 attached
[pid 5405] set_robust_list(0x5555562e7660, 24) = 0
[pid 5405] chdir("./20"
[pid 5061] <... clone resumed>, child_tidptr=0x5555562e7650) = 5405
[pid 5405] <... chdir resumed>) = 0
[pid 5405] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5405] setpgid(0, 0) = 0
[pid 5405] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5405] write(3, "1000", 4) = 4
[pid 5405] close(3) = 0
[pid 5405] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5405] memfd_create("syzkaller", 0) = 3
[pid 5405] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb08fed000
[pid 5405] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5405] munmap(0x7fbb08fed000, 138412032) = 0
[pid 5405] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5405] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5405] close(3) = 0
[pid 5405] mkdir("./file0", 0777) = 0
[ 94.628287][ T5405] loop0: detected capacity change from 0 to 32768
[ 94.639151][ T5405] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor333 (5405)
[ 94.654979][ T5405] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 94.665257][ T5405] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[pid 5405] mount("/dev/loop0", "./file0", "btrfs", 0, "commit=0x0000000000000022,noautodefrag,ref_verify,skip_balance,compress-force,") = 0
[pid 5405] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5405] chdir("./file0") = 0
[pid 5405] ioctl(4, LOOP_CLR_FD) = 0
[pid 5405] close(4) = 0
[ 94.674142][ T5405] BTRFS info (device loop0): doing ref verification
[ 94.680804][ T5405] BTRFS info (device loop0): force zlib compression, level 3
[ 94.688192][ T5405] BTRFS info (device loop0): using free space tree
[ 94.710583][ T5405] BTRFS info (device loop0): enabling ssd optimizations
[ 94.717571][ T5405] BTRFS info (device loop0): auto enabling async discard
[pid 5405] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid 5405] fallocate(4, 0, 0, 1048820) = 0
[pid 5405] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5405] write(5, "56", 2) = 2
[ 94.767986][ T28] audit: type=1800 audit(1701700618.029:22): pid=5405 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor333" name="bus" dev="loop0" ino=263 res=0 errno=0
[ 94.814686][ T5405] FAULT_INJECTION: forcing a failure.
[ 94.814686][ T5405] name failslab, interval 1, probability 0, space 0, times 0
[ 94.828425][ T5405] CPU: 1 PID: 5405 Comm: syz-executor333 Not tainted 6.7.0-rc4-syzkaller #0
[ 94.837155][ T5405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 94.847287][ T5405] Call Trace:
[ 94.850626][ T5405]
[ 94.853595][ T5405] dump_stack_lvl+0x1e7/0x2d0
[ 94.858326][ T5405] ? nf_tcp_handle_invalid+0x650/0x650
[ 94.863873][ T5405] ? panic+0x850/0x850
[ 94.867993][ T5405] ? __might_sleep+0xe0/0xe0
[ 94.874490][ T5405] should_fail_ex+0x3aa/0x4e0
[ 94.879325][ T5405] ? alloc_extent_state+0x25/0x2e0
[ 94.884493][ T5405] should_failslab+0x9/0x20
[ 94.889183][ T5405] kmem_cache_alloc+0x6d/0x2b0
[ 94.894014][ T5405] alloc_extent_state+0x25/0x2e0
[ 94.899115][ T5405] __set_extent_bit+0x1c8/0x1b00
[ 94.904122][ T5405] ? btrfs_update_block_group+0x62f/0xa90
[ 94.910006][ T5405] ? trace_btrfs_space_reservation+0x9a/0x220
[ 94.916404][ T5405] set_extent_bit+0x3b/0x50
[ 94.920972][ T5405] btrfs_update_block_group+0x66e/0xa90
[ 94.926675][ T5405] __btrfs_free_extent+0x1cec/0x38e0
[ 94.932162][ T5405] ? __btrfs_inc_extent_ref+0x610/0x610
[ 94.937836][ T5405] ? lock_downgrade+0x840/0x8f0
[ 94.942736][ T5405] ? __btrfs_run_delayed_refs+0xa94/0x44d0
[ 94.948579][ T5405] ? __lock_acquire+0x1fd0/0x1fd0
[ 94.953643][ T5405] ? do_raw_spin_unlock+0x13b/0x8b0
[ 94.958877][ T5405] __btrfs_run_delayed_refs+0x13c8/0x44d0
[ 94.964681][ T5405] ? btrfs_run_delayed_refs+0x2c0/0x2c0
[ 94.970250][ T5405] ? __lock_acquire+0x1345/0x1fd0
[ 94.975318][ T5405] ? read_lock_is_recursive+0x20/0x20
[ 94.980723][ T5405] btrfs_run_delayed_refs+0xe3/0x2c0
[ 94.986036][ T5405] btrfs_commit_transaction+0x4ba/0x3740
[ 94.991783][ T5405] ? btrfs_commit_transaction+0x17b/0x3740
[ 94.997630][ T5405] ? btrfs_commit_transaction_async+0x480/0x480
[ 95.003922][ T5405] ? __up_read+0x6a0/0x6a0
[ 95.008347][ T5405] ? dput+0x52/0x470
[ 95.012272][ T5405] btrfs_sync_file+0xf50/0x1330
[ 95.017347][ T5405] ? btrfs_release_file+0x130/0x130
[ 95.022588][ T5405] ? __lock_acquire+0x1fd0/0x1fd0
[ 95.027624][ T5405] ? do_raw_spin_lock+0x14e/0x370
[ 95.032691][ T5405] ? do_raw_spin_unlock+0x13b/0x8b0
[ 95.037920][ T5405] btrfs_do_write_iter+0xbc5/0x1190
[ 95.043130][ T5405] ? mark_lock+0x9a/0x350
[ 95.047493][ T5405] ? btrfs_check_nocow_unlock+0x40/0x40
[ 95.053063][ T5405] do_iter_readv_writev+0x330/0x4a0
[ 95.058375][ T5405] ? generic_file_rw_checks+0x260/0x260
[ 95.063963][ T5405] ? fsnotify_perm+0x67/0x5a0
[ 95.068651][ T5405] ? bpf_lsm_file_permission+0x9/0x10
[ 95.074049][ T5405] do_iter_write+0x1f6/0x8d0
[ 95.078674][ T5405] do_pwritev+0x21a/0x360
[ 95.083028][ T5405] ? do_preadv+0x350/0x350
[ 95.087476][ T5405] ? do_notify_parent+0x10c0/0x10c0
[ 95.092717][ T5405] ? lockdep_hardirqs_on_prepare+0x43c/0x780
[ 95.098808][ T5405] ? print_irqtrace_events+0x220/0x220
[ 95.104285][ T5405] ? syscall_enter_from_user_mode+0xa4/0x2d0
[ 95.110280][ T5405] ? syscall_enter_from_user_mode+0xf5/0x2d0
[ 95.116269][ T5405] ? __x64_sys_pwritev2+0xbd/0x100
[ 95.121403][ T5405] do_syscall_64+0x45/0x110
[ 95.126015][ T5405] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 95.132030][ T5405] RIP: 0033:0x7fbb1142c2e9
[ 95.136457][ T5405] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 95.156093][ T5405] RSP: 002b:00007ffcc5e96ae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[pid 5405] pwritev2(4, [{iov_base="\xc5", iov_len=1}], 1, 0, RWF_APPEND) = 1
[pid 5405] exit_group(0) = ?
[pid 5405] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5405, si_uid=0, si_status=0, si_utime=0, si_stime=31 /* 0.31 s */} ---
umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[ 95.164519][ T5405] RAX: ffffffffffffffda RBX: 00007ffcc5e96b20 RCX: 00007fbb1142c2e9
[ 95.172504][ T5405] RDX: 0000000000000001 RSI: 00000000200026c0 RDI: 0000000000000004
[ 95.180484][ T5405] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000010
[ 95.188475][ T5405] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcc5e96b1c
[ 95.196476][ T5405] R13: 0000000000000014 R14: 431bde82d7b634db R15: 00007ffcc5e96b60
[ 95.204491][ T5405]
getdents64(3, 0x5555562e86f0 /* 4 entries */, 32768) = 112
umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./20/binderfs") = 0
[ 95.262793][ T5061] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555562f0730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562f0730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./20/file0") = 0
getdents64(3, 0x5555562e86f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./20") = 0
mkdir("./21", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5422 attached
[pid 5422] set_robust_list(0x5555562e7660, 24) = 0
[pid 5422] chdir("./21"
[pid 5061] <... clone resumed>, child_tidptr=0x5555562e7650) = 5422
[pid 5422] <... chdir resumed>) = 0
[pid 5422] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5422] setpgid(0, 0) = 0
[pid 5422] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5422] write(3, "1000", 4) = 4
[pid 5422] close(3) = 0
[pid 5422] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5422] memfd_create("syzkaller", 0) = 3
[pid 5422] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb08fed000
[pid 5422] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5422] munmap(0x7fbb08fed000, 138412032) = 0
[pid 5422] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5422] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5422] close(3) = 0
[pid 5422] mkdir("./file0", 0777) = 0
[ 95.740847][ T5422] loop0: detected capacity change from 0 to 32768
[ 95.760853][ T5422] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor333 (5422)
[ 95.776402][ T5422] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 95.786690][ T5422] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 95.795502][ T5422] BTRFS info (device loop0): doing ref verification
[ 95.802191][ T5422] BTRFS info (device loop0): force zlib compression, level 3
[ 95.809673][ T5422] BTRFS info (device loop0): using free space tree
[pid 5422] mount("/dev/loop0", "./file0", "btrfs", 0, "commit=0x0000000000000022,noautodefrag,ref_verify,skip_balance,compress-force,") = 0
[pid 5422] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5422] chdir("./file0") = 0
[pid 5422] ioctl(4, LOOP_CLR_FD) = 0
[pid 5422] close(4) = 0
[ 95.832887][ T5422] BTRFS info (device loop0): enabling ssd optimizations
[ 95.840039][ T5422] BTRFS info (device loop0): auto enabling async discard
[pid 5422] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid 5422] fallocate(4, 0, 0, 1048820) = 0
[pid 5422] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5422] write(5, "56", 2) = 2
[ 95.878646][ T28] audit: type=1800 audit(1701700619.139:23): pid=5422 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor333" name="bus" dev="loop0" ino=263 res=0 errno=0
[ 95.934059][ T5422] FAULT_INJECTION: forcing a failure.
[ 95.934059][ T5422] name failslab, interval 1, probability 0, space 0, times 0
[ 95.947376][ T5422] CPU: 0 PID: 5422 Comm: syz-executor333 Not tainted 6.7.0-rc4-syzkaller #0
[ 95.956153][ T5422] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 95.966250][ T5422] Call Trace:
[ 95.969545][ T5422]
[ 95.972485][ T5422] dump_stack_lvl+0x1e7/0x2d0
[ 95.977195][ T5422] ? nf_tcp_handle_invalid+0x650/0x650
[ 95.982673][ T5422] ? panic+0x850/0x850
[ 95.986755][ T5422] ? _raw_read_unlock+0x28/0x40
[ 95.991624][ T5422] should_fail_ex+0x3aa/0x4e0
[ 95.996322][ T5422] ? __btrfs_free_extent+0x26f/0x38e0
[ 96.001710][ T5422] should_failslab+0x9/0x20
[ 96.006226][ T5422] kmem_cache_alloc+0x6d/0x2b0
[ 96.011099][ T5422] __btrfs_free_extent+0x26f/0x38e0
[ 96.016326][ T5422] ? __btrfs_inc_extent_ref+0x610/0x610
[ 96.021913][ T5422] ? lock_downgrade+0x840/0x8f0
[ 96.026839][ T5422] ? __btrfs_run_delayed_refs+0xa94/0x44d0
[ 96.032702][ T5422] ? __lock_acquire+0x1fd0/0x1fd0
[ 96.037756][ T5422] ? do_raw_read_unlock+0x3c/0x80
[ 96.042888][ T5422] ? _raw_read_unlock+0x28/0x40
[ 96.048455][ T5422] ? do_raw_spin_unlock+0x13b/0x8b0
[ 96.053674][ T5422] __btrfs_run_delayed_refs+0x13c8/0x44d0
[ 96.059471][ T5422] ? btrfs_run_delayed_refs+0x2c0/0x2c0
[ 96.065061][ T5422] ? __lock_acquire+0x1345/0x1fd0
[ 96.070230][ T5422] ? read_lock_is_recursive+0x20/0x20
[ 96.075634][ T5422] btrfs_run_delayed_refs+0xe3/0x2c0
[ 96.080947][ T5422] btrfs_commit_transaction+0x4ba/0x3740
[ 96.086637][ T5422] ? btrfs_commit_transaction+0x17b/0x3740
[ 96.092501][ T5422] ? btrfs_commit_transaction_async+0x480/0x480
[ 96.098970][ T5422] ? __up_read+0x6a0/0x6a0
[ 96.103485][ T5422] ? dput+0x52/0x470
[ 96.107412][ T5422] btrfs_sync_file+0xf50/0x1330
[ 96.112298][ T5422] ? btrfs_release_file+0x130/0x130
[ 96.117520][ T5422] ? __lock_acquire+0x1fd0/0x1fd0
[ 96.122644][ T5422] ? do_raw_spin_lock+0x14e/0x370
[ 96.127691][ T5422] ? do_raw_spin_unlock+0x13b/0x8b0
[ 96.132917][ T5422] btrfs_do_write_iter+0xbc5/0x1190
[ 96.138137][ T5422] ? mark_lock+0x9a/0x350
[ 96.142496][ T5422] ? btrfs_check_nocow_unlock+0x40/0x40
[ 96.148065][ T5422] do_iter_readv_writev+0x330/0x4a0
[ 96.153322][ T5422] ? generic_file_rw_checks+0x260/0x260
[ 96.158937][ T5422] ? fsnotify_perm+0x67/0x5a0
[ 96.163643][ T5422] ? bpf_lsm_file_permission+0x9/0x10
[ 96.169046][ T5422] do_iter_write+0x1f6/0x8d0
[ 96.173674][ T5422] do_pwritev+0x21a/0x360
[ 96.178031][ T5422] ? do_preadv+0x350/0x350
[ 96.182485][ T5422] ? do_notify_parent+0x10c0/0x10c0
[ 96.187703][ T5422] ? lockdep_hardirqs_on_prepare+0x43c/0x780
[ 96.193732][ T5422] ? print_irqtrace_events+0x220/0x220
[ 96.199260][ T5422] ? syscall_enter_from_user_mode+0xa4/0x2d0
[ 96.205270][ T5422] ? syscall_enter_from_user_mode+0xf5/0x2d0
[ 96.211266][ T5422] ? __x64_sys_pwritev2+0xbd/0x100
[ 96.216426][ T5422] do_syscall_64+0x45/0x110
[ 96.221039][ T5422] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 96.226981][ T5422] RIP: 0033:0x7fbb1142c2e9
[ 96.231497][ T5422] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 96.251203][ T5422] RSP: 002b:00007ffcc5e96ae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[ 96.259630][ T5422] RAX: ffffffffffffffda RBX: 00007ffcc5e96b20 RCX: 00007fbb1142c2e9
[ 96.267615][ T5422] RDX: 0000000000000001 RSI: 00000000200026c0 RDI: 0000000000000004
[ 96.275605][ T5422] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000010
[ 96.283586][ T5422] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcc5e96b1c
[ 96.291569][ T5422] R13: 0000000000000015 R14: 431bde82d7b634db R15: 00007ffcc5e96b60
[ 96.299572][ T5422]
[ 96.306126][ T5422] BTRFS error (device loop0): failed to run delayed ref for logical 5308416 num_bytes 4096 type 176 action 2 ref_mod 1: -12
[ 96.320040][ T5422] BTRFS error (device loop0: state A): Transaction aborted (error -12)
[pid 5422] pwritev2(4, [{iov_base="\xc5", iov_len=1}], 1, 0, RWF_APPEND) = -1 ENOMEM (Cannot allocate memory)
[pid 5422] exit_group(0) = ?
[pid 5422] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5422, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=26 /* 0.26 s */} ---
umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555562e86f0 /* 4 entries */, 32768) = 112
umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./21/binderfs") = 0
[ 96.328935][ T5422] BTRFS: error (device loop0: state A) in btrfs_run_delayed_refs:2226: errno=-12 Out of memory
[ 96.340959][ T5422] BTRFS info (device loop0: state EA): forced readonly
[ 96.383429][ T5061] BTRFS info (device loop0: state EA): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555562f0730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562f0730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./21/file0") = 0
getdents64(3, 0x5555562e86f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./21") = 0
mkdir("./22", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5439 attached
[pid 5439] set_robust_list(0x5555562e7660, 24) = 0
[pid 5439] chdir("./22") = 0
[pid 5061] <... clone resumed>, child_tidptr=0x5555562e7650) = 5439
[pid 5439] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5439] setpgid(0, 0) = 0
[pid 5439] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5439] write(3, "1000", 4) = 4
[pid 5439] close(3) = 0
[pid 5439] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5439] memfd_create("syzkaller", 0) = 3
[pid 5439] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb08fed000
[pid 5439] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5439] munmap(0x7fbb08fed000, 138412032) = 0
[pid 5439] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5439] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5439] close(3) = 0
[pid 5439] mkdir("./file0", 0777) = 0
[ 96.841938][ T5439] loop0: detected capacity change from 0 to 32768
[ 96.857701][ T5439] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor333 (5439)
[ 96.874086][ T5439] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 96.884394][ T5439] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 96.893308][ T5439] BTRFS info (device loop0): doing ref verification
[ 96.899994][ T5439] BTRFS info (device loop0): force zlib compression, level 3
[ 96.907419][ T5439] BTRFS info (device loop0): using free space tree
[ 96.929451][ T5439] BTRFS info (device loop0): enabling ssd optimizations
[pid 5439] mount("/dev/loop0", "./file0", "btrfs", 0, "commit=0x0000000000000022,noautodefrag,ref_verify,skip_balance,compress-force,") = 0
[pid 5439] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5439] chdir("./file0") = 0
[pid 5439] ioctl(4, LOOP_CLR_FD) = 0
[pid 5439] close(4) = 0
[ 96.936452][ T5439] BTRFS info (device loop0): auto enabling async discard
[pid 5439] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid 5439] fallocate(4, 0, 0, 1048820) = 0
[pid 5439] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5439] write(5, "56", 2) = 2
[ 96.978172][ T28] audit: type=1800 audit(1701700620.239:24): pid=5439 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor333" name="bus" dev="loop0" ino=263 res=0 errno=0
[ 97.006498][ T5439] FAULT_INJECTION: forcing a failure.
[ 97.006498][ T5439] name failslab, interval 1, probability 0, space 0, times 0
[ 97.019418][ T5439] CPU: 1 PID: 5439 Comm: syz-executor333 Not tainted 6.7.0-rc4-syzkaller #0
[ 97.028194][ T5439] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 97.038335][ T5439] Call Trace:
[ 97.041652][ T5439]
[ 97.044619][ T5439] dump_stack_lvl+0x1e7/0x2d0
[ 97.049355][ T5439] ? nf_tcp_handle_invalid+0x650/0x650
[ 97.055045][ T5439] ? panic+0x850/0x850
[ 97.059176][ T5439] ? __might_sleep+0xe0/0xe0
[ 97.063834][ T5439] should_fail_ex+0x3aa/0x4e0
[ 97.068624][ T5439] ? add_to_free_space_tree+0xc7/0x2e0
[ 97.074153][ T5439] should_failslab+0x9/0x20
[ 97.078723][ T5439] kmem_cache_alloc+0x6d/0x2b0
[ 97.083556][ T5439] ? btrfs_qgroup_destroy_extent_records+0xb0/0xb0
[ 97.090243][ T5439] add_to_free_space_tree+0xc7/0x2e0
[ 97.095595][ T5439] __btrfs_free_extent+0x1cc4/0x38e0
[ 97.100960][ T5439] ? __btrfs_inc_extent_ref+0x610/0x610
[ 97.106556][ T5439] ? lock_downgrade+0x840/0x8f0
[ 97.111466][ T5439] ? __btrfs_run_delayed_refs+0xa94/0x44d0
[ 97.117333][ T5439] ? __lock_acquire+0x1fd0/0x1fd0
[ 97.122435][ T5439] ? do_raw_spin_unlock+0x13b/0x8b0
[ 97.127878][ T5439] __btrfs_run_delayed_refs+0x13c8/0x44d0
[ 97.133698][ T5439] ? btrfs_run_delayed_refs+0x2c0/0x2c0
[ 97.139271][ T5439] ? __lock_acquire+0x1345/0x1fd0
[ 97.144391][ T5439] ? read_lock_is_recursive+0x20/0x20
[ 97.149971][ T5439] btrfs_run_delayed_refs+0xe3/0x2c0
[ 97.156336][ T5439] btrfs_commit_transaction+0x4ba/0x3740
[ 97.161994][ T5439] ? btrfs_commit_transaction+0x17b/0x3740
[ 97.167843][ T5439] ? btrfs_commit_transaction_async+0x480/0x480
[ 97.174145][ T5439] ? __up_read+0x6a0/0x6a0
[ 97.178588][ T5439] ? dput+0x52/0x470
[ 97.182608][ T5439] btrfs_sync_file+0xf50/0x1330
[ 97.188328][ T5439] ? btrfs_release_file+0x130/0x130
[ 97.193583][ T5439] ? __lock_acquire+0x1fd0/0x1fd0
[ 97.198624][ T5439] ? do_raw_spin_lock+0x14e/0x370
[ 97.203767][ T5439] ? do_raw_spin_unlock+0x13b/0x8b0
[ 97.209084][ T5439] btrfs_do_write_iter+0xbc5/0x1190
[ 97.214322][ T5439] ? mark_lock+0x9a/0x350
[ 97.218687][ T5439] ? btrfs_check_nocow_unlock+0x40/0x40
[ 97.224257][ T5439] do_iter_readv_writev+0x330/0x4a0
[ 97.229484][ T5439] ? generic_file_rw_checks+0x260/0x260
[ 97.235063][ T5439] ? fsnotify_perm+0x67/0x5a0
[ 97.239767][ T5439] ? bpf_lsm_file_permission+0x9/0x10
[ 97.245347][ T5439] do_iter_write+0x1f6/0x8d0
[ 97.249972][ T5439] do_pwritev+0x21a/0x360
[ 97.254323][ T5439] ? do_preadv+0x350/0x350
[ 97.258768][ T5439] ? do_notify_parent+0x10c0/0x10c0
[ 97.263994][ T5439] ? lockdep_hardirqs_on_prepare+0x43c/0x780
[ 97.270088][ T5439] ? print_irqtrace_events+0x220/0x220
[ 97.275574][ T5439] ? syscall_enter_from_user_mode+0xa4/0x2d0
[ 97.281583][ T5439] ? syscall_enter_from_user_mode+0xf5/0x2d0
[ 97.287594][ T5439] ? __x64_sys_pwritev2+0xbd/0x100
[ 97.292731][ T5439] do_syscall_64+0x45/0x110
[ 97.297255][ T5439] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 97.303658][ T5439] RIP: 0033:0x7fbb1142c2e9
[ 97.308202][ T5439] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 97.327877][ T5439] RSP: 002b:00007ffcc5e96ae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[ 97.336315][ T5439] RAX: ffffffffffffffda RBX: 00007ffcc5e96b20 RCX: 00007fbb1142c2e9
[ 97.347008][ T5439] RDX: 0000000000000001 RSI: 00000000200026c0 RDI: 0000000000000004
[ 97.355111][ T5439] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000010
[ 97.363131][ T5439] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcc5e96b1c
[ 97.371141][ T5439] R13: 0000000000000016 R14: 431bde82d7b634db R15: 00007ffcc5e96b60
[ 97.379241][ T5439]
[ 97.385098][ T5439] BTRFS error (device loop0: state A): Transaction aborted (error -12)
[ 97.393752][ T5439] BTRFS: error (device loop0: state A) in add_to_free_space_tree:1057: errno=-12 Out of memory
[ 97.404973][ T5439] BTRFS info (device loop0: state EA): forced readonly
[ 97.412656][ T5439] BTRFS: error (device loop0: state EA) in do_free_extent_accounting:2989: errno=-12 Out of memory
[pid 5439] pwritev2(4, [{iov_base="\xc5", iov_len=1}], 1, 0, RWF_APPEND) = -1 ENOMEM (Cannot allocate memory)
[pid 5439] exit_group(0) = ?
[pid 5439] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5439, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=32 /* 0.32 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555562e86f0 /* 4 entries */, 32768) = 112
umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[ 97.424317][ T5439] BTRFS error (device loop0: state EA): failed to run delayed ref for logical 5308416 num_bytes 4096 type 176 action 2 ref_mod 1: -12
[ 97.438502][ T5439] BTRFS: error (device loop0: state EA) in btrfs_run_delayed_refs:2226: errno=-12 Out of memory
unlink("./22/binderfs") = 0
[ 97.503857][ T5061] BTRFS info (device loop0: state EA): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555562f0730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562f0730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./22/file0") = 0
getdents64(3, 0x5555562e86f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./22") = 0
mkdir("./23", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5456 attached
[pid 5456] set_robust_list(0x5555562e7660, 24) = 0
[pid 5456] chdir("./23") = 0
[pid 5456] prctl(PR_SET_PDEATHSIG, SIGKILL
[pid 5061] <... clone resumed>, child_tidptr=0x5555562e7650) = 5456
[pid 5456] <... prctl resumed>) = 0
[pid 5456] setpgid(0, 0) = 0
[pid 5456] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5456] write(3, "1000", 4) = 4
[pid 5456] close(3) = 0
[pid 5456] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5456] memfd_create("syzkaller", 0) = 3
[pid 5456] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb08fed000
[pid 5456] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5456] munmap(0x7fbb08fed000, 138412032) = 0
[pid 5456] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5456] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5456] close(3) = 0
[pid 5456] mkdir("./file0", 0777) = 0
[ 97.979749][ T5456] loop0: detected capacity change from 0 to 32768
[ 98.010470][ T5456] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor333 (5456)
[ 98.027568][ T5456] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 98.038302][ T5456] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 98.047654][ T5456] BTRFS info (device loop0): doing ref verification
[ 98.054487][ T5456] BTRFS info (device loop0): force zlib compression, level 3
[ 98.062020][ T5456] BTRFS info (device loop0): using free space tree
[pid 5456] mount("/dev/loop0", "./file0", "btrfs", 0, "commit=0x0000000000000022,noautodefrag,ref_verify,skip_balance,compress-force,") = 0
[pid 5456] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5456] chdir("./file0") = 0
[pid 5456] ioctl(4, LOOP_CLR_FD) = 0
[pid 5456] close(4) = 0
[pid 5456] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid 5456] fallocate(4, 0, 0, 1048820) = 0
[pid 5456] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5456] write(5, "56", 2) = 2
[ 98.085498][ T5456] BTRFS info (device loop0): enabling ssd optimizations
[ 98.092697][ T5456] BTRFS info (device loop0): auto enabling async discard
[ 98.111468][ T28] audit: type=1800 audit(1701700621.379:25): pid=5456 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor333" name="bus" dev="loop0" ino=263 res=0 errno=0
[ 98.148114][ T5456] FAULT_INJECTION: forcing a failure.
[ 98.148114][ T5456] name failslab, interval 1, probability 0, space 0, times 0
[ 98.162516][ T5456] CPU: 1 PID: 5456 Comm: syz-executor333 Not tainted 6.7.0-rc4-syzkaller #0
[ 98.171271][ T5456] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 98.181369][ T5456] Call Trace:
[ 98.184783][ T5456]
[ 98.187760][ T5456] dump_stack_lvl+0x1e7/0x2d0
[ 98.192500][ T5456] ? nf_tcp_handle_invalid+0x650/0x650
[ 98.198019][ T5456] ? panic+0x850/0x850
[ 98.202143][ T5456] ? __might_sleep+0xe0/0xe0
[ 98.206804][ T5456] should_fail_ex+0x3aa/0x4e0
[ 98.211540][ T5456] ? alloc_extent_state+0x25/0x2e0
[ 98.216711][ T5456] should_failslab+0x9/0x20
[ 98.221257][ T5456] kmem_cache_alloc+0x6d/0x2b0
[ 98.226070][ T5456] alloc_extent_state+0x25/0x2e0
[ 98.231057][ T5456] __set_extent_bit+0x1c8/0x1b00
[ 98.236997][ T5456] ? btrfs_update_block_group+0x62f/0xa90
[ 98.242834][ T5456] ? trace_btrfs_space_reservation+0x9a/0x220
[ 98.248947][ T5456] set_extent_bit+0x3b/0x50
[ 98.253509][ T5456] btrfs_update_block_group+0x66e/0xa90
[ 98.259186][ T5456] __btrfs_free_extent+0x1cec/0x38e0
[ 98.264687][ T5456] ? __btrfs_inc_extent_ref+0x610/0x610
[ 98.270267][ T5456] ? lock_downgrade+0x840/0x8f0
[ 98.275371][ T5456] ? __btrfs_run_delayed_refs+0xa94/0x44d0
[ 98.281391][ T5456] ? __lock_acquire+0x1fd0/0x1fd0
[ 98.286531][ T5456] ? do_raw_spin_unlock+0x13b/0x8b0
[ 98.291759][ T5456] __btrfs_run_delayed_refs+0x13c8/0x44d0
[ 98.297560][ T5456] ? btrfs_run_delayed_refs+0x2c0/0x2c0
[ 98.303139][ T5456] ? __lock_acquire+0x1345/0x1fd0
[ 98.308212][ T5456] ? read_lock_is_recursive+0x20/0x20
[ 98.313802][ T5456] btrfs_run_delayed_refs+0xe3/0x2c0
[ 98.319118][ T5456] btrfs_commit_transaction+0x4ba/0x3740
[ 98.324810][ T5456] ? btrfs_commit_transaction+0x17b/0x3740
[ 98.330692][ T5456] ? btrfs_commit_transaction_async+0x480/0x480
[ 98.337708][ T5456] ? __up_read+0x6a0/0x6a0
[ 98.342156][ T5456] ? dput+0x52/0x470
[ 98.346113][ T5456] btrfs_sync_file+0xf50/0x1330
[ 98.351007][ T5456] ? btrfs_release_file+0x130/0x130
[ 98.356260][ T5456] ? __lock_acquire+0x1fd0/0x1fd0
[ 98.361299][ T5456] ? do_raw_spin_lock+0x14e/0x370
[ 98.366373][ T5456] ? do_raw_spin_unlock+0x13b/0x8b0
[ 98.371712][ T5456] btrfs_do_write_iter+0xbc5/0x1190
[ 98.377030][ T5456] ? mark_lock+0x9a/0x350
[ 98.381404][ T5456] ? btrfs_check_nocow_unlock+0x40/0x40
[ 98.386981][ T5456] do_iter_readv_writev+0x330/0x4a0
[ 98.392304][ T5456] ? generic_file_rw_checks+0x260/0x260
[ 98.397893][ T5456] ? fsnotify_perm+0x67/0x5a0
[ 98.402591][ T5456] ? bpf_lsm_file_permission+0x9/0x10
[ 98.407994][ T5456] do_iter_write+0x1f6/0x8d0
[ 98.412708][ T5456] do_pwritev+0x21a/0x360
[ 98.417070][ T5456] ? do_preadv+0x350/0x350
[ 98.421521][ T5456] ? do_notify_parent+0x10c0/0x10c0
[ 98.426824][ T5456] ? lockdep_hardirqs_on_prepare+0x43c/0x780
[ 98.432828][ T5456] ? print_irqtrace_events+0x220/0x220
[ 98.438454][ T5456] ? syscall_enter_from_user_mode+0xa4/0x2d0
[ 98.444487][ T5456] ? syscall_enter_from_user_mode+0xf5/0x2d0
[ 98.450513][ T5456] ? __x64_sys_pwritev2+0xbd/0x100
[ 98.455645][ T5456] do_syscall_64+0x45/0x110
[ 98.460201][ T5456] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 98.466234][ T5456] RIP: 0033:0x7fbb1142c2e9
[ 98.470695][ T5456] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 98.490612][ T5456] RSP: 002b:00007ffcc5e96ae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[pid 5456] pwritev2(4, [{iov_base="\xc5", iov_len=1}], 1, 0, RWF_APPEND) = 1
[pid 5456] exit_group(0) = ?
[pid 5456] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5456, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=26 /* 0.26 s */} ---
umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555562e86f0 /* 4 entries */, 32768) = 112
umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./23/binderfs") = 0
[ 98.499578][ T5456] RAX: ffffffffffffffda RBX: 00007ffcc5e96b20 RCX: 00007fbb1142c2e9
[ 98.507679][ T5456] RDX: 0000000000000001 RSI: 00000000200026c0 RDI: 0000000000000004
[ 98.515660][ T5456] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000010
[ 98.523908][ T5456] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcc5e96b1c
[ 98.531902][ T5456] R13: 0000000000000017 R14: 431bde82d7b634db R15: 00007ffcc5e96b60
[ 98.539995][ T5456]
[ 98.580562][ T5061] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555562f0730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562f0730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./23/file0") = 0
getdents64(3, 0x5555562e86f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./23") = 0
mkdir("./24", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5473 attached
, child_tidptr=0x5555562e7650) = 5473
[pid 5473] set_robust_list(0x5555562e7660, 24) = 0
[pid 5473] chdir("./24") = 0
[pid 5473] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5473] setpgid(0, 0) = 0
[pid 5473] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5473] write(3, "1000", 4) = 4
[pid 5473] close(3) = 0
[pid 5473] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5473] memfd_create("syzkaller", 0) = 3
[pid 5473] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb08fed000
[pid 5473] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5473] munmap(0x7fbb08fed000, 138412032) = 0
[pid 5473] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5473] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5473] close(3) = 0
[pid 5473] mkdir("./file0", 0777) = 0
[ 99.077108][ T5473] loop0: detected capacity change from 0 to 32768
[ 99.092721][ T5473] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor333 (5473)
[ 99.112500][ T5473] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 99.122825][ T5473] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 99.131797][ T5473] BTRFS info (device loop0): doing ref verification
[ 99.138458][ T5473] BTRFS info (device loop0): force zlib compression, level 3
[ 99.145992][ T5473] BTRFS info (device loop0): using free space tree
[pid 5473] mount("/dev/loop0", "./file0", "btrfs", 0, "commit=0x0000000000000022,noautodefrag,ref_verify,skip_balance,compress-force,") = 0
[pid 5473] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5473] chdir("./file0") = 0
[pid 5473] ioctl(4, LOOP_CLR_FD) = 0
[pid 5473] close(4) = 0
[pid 5473] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[ 99.168172][ T5473] BTRFS info (device loop0): enabling ssd optimizations
[ 99.175330][ T5473] BTRFS info (device loop0): auto enabling async discard
[pid 5473] fallocate(4, 0, 0, 1048820) = 0
[pid 5473] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5473] write(5, "56", 2) = 2
[ 99.204767][ T28] audit: type=1800 audit(1701700622.469:26): pid=5473 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor333" name="bus" dev="loop0" ino=263 res=0 errno=0
[ 99.245117][ T5473] FAULT_INJECTION: forcing a failure.
[ 99.245117][ T5473] name failslab, interval 1, probability 0, space 0, times 0
[ 99.258590][ T5473] CPU: 0 PID: 5473 Comm: syz-executor333 Not tainted 6.7.0-rc4-syzkaller #0
[ 99.267510][ T5473] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 99.277611][ T5473] Call Trace:
[ 99.280978][ T5473]
[ 99.284046][ T5473] dump_stack_lvl+0x1e7/0x2d0
[ 99.288876][ T5473] ? nf_tcp_handle_invalid+0x650/0x650
[ 99.294531][ T5473] ? panic+0x850/0x850
[ 99.298662][ T5473] ? _raw_read_unlock+0x28/0x40
[ 99.303585][ T5473] should_fail_ex+0x3aa/0x4e0
[ 99.308429][ T5473] ? __btrfs_free_extent+0x26f/0x38e0
[ 99.313969][ T5473] should_failslab+0x9/0x20
[ 99.318494][ T5473] kmem_cache_alloc+0x6d/0x2b0
[ 99.323297][ T5473] __btrfs_free_extent+0x26f/0x38e0
[ 99.328539][ T5473] ? __btrfs_inc_extent_ref+0x610/0x610
[ 99.334112][ T5473] ? lock_downgrade+0x840/0x8f0
[ 99.338980][ T5473] ? __btrfs_run_delayed_refs+0xa94/0x44d0
[ 99.344818][ T5473] ? __lock_acquire+0x1fd0/0x1fd0
[ 99.349869][ T5473] ? do_raw_read_unlock+0x3c/0x80
[ 99.354917][ T5473] ? _raw_read_unlock+0x28/0x40
[ 99.359788][ T5473] ? do_raw_spin_unlock+0x13b/0x8b0
[ 99.365100][ T5473] __btrfs_run_delayed_refs+0x13c8/0x44d0
[ 99.371017][ T5473] ? btrfs_run_delayed_refs+0x2c0/0x2c0
[ 99.376586][ T5473] ? __lock_acquire+0x1345/0x1fd0
[ 99.381691][ T5473] ? read_lock_is_recursive+0x20/0x20
[ 99.387092][ T5473] btrfs_run_delayed_refs+0xe3/0x2c0
[ 99.392406][ T5473] btrfs_commit_transaction+0x4ba/0x3740
[ 99.398067][ T5473] ? btrfs_commit_transaction+0x17b/0x3740
[ 99.403917][ T5473] ? btrfs_commit_transaction_async+0x480/0x480
[ 99.410383][ T5473] ? __up_read+0x6a0/0x6a0
[ 99.414900][ T5473] ? dput+0x52/0x470
[ 99.418827][ T5473] btrfs_sync_file+0xf50/0x1330
[ 99.423715][ T5473] ? btrfs_release_file+0x130/0x130
[ 99.428962][ T5473] ? __lock_acquire+0x1fd0/0x1fd0
[ 99.434024][ T5473] ? do_raw_spin_lock+0x14e/0x370
[ 99.439098][ T5473] ? do_raw_spin_unlock+0x13b/0x8b0
[ 99.444322][ T5473] btrfs_do_write_iter+0xbc5/0x1190
[ 99.449555][ T5473] ? mark_lock+0x9a/0x350
[ 99.453933][ T5473] ? btrfs_check_nocow_unlock+0x40/0x40
[ 99.459738][ T5473] do_iter_readv_writev+0x330/0x4a0
[ 99.466043][ T5473] ? generic_file_rw_checks+0x260/0x260
[ 99.471888][ T5473] ? fsnotify_perm+0x67/0x5a0
[ 99.477470][ T5473] ? bpf_lsm_file_permission+0x9/0x10
[ 99.483326][ T5473] do_iter_write+0x1f6/0x8d0
[ 99.488076][ T5473] do_pwritev+0x21a/0x360
[ 99.492447][ T5473] ? do_preadv+0x350/0x350
[ 99.496902][ T5473] ? do_notify_parent+0x10c0/0x10c0
[ 99.502214][ T5473] ? lockdep_hardirqs_on_prepare+0x43c/0x780
[ 99.508310][ T5473] ? print_irqtrace_events+0x220/0x220
[ 99.513827][ T5473] ? syscall_enter_from_user_mode+0xa4/0x2d0
[ 99.520017][ T5473] ? syscall_enter_from_user_mode+0xf5/0x2d0
[ 99.526211][ T5473] ? __x64_sys_pwritev2+0xbd/0x100
[ 99.531436][ T5473] do_syscall_64+0x45/0x110
[ 99.536083][ T5473] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 99.542000][ T5473] RIP: 0033:0x7fbb1142c2e9
[ 99.546434][ T5473] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 99.566342][ T5473] RSP: 002b:00007ffcc5e96ae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[ 99.575042][ T5473] RAX: ffffffffffffffda RBX: 00007ffcc5e96b20 RCX: 00007fbb1142c2e9
[ 99.583028][ T5473] RDX: 0000000000000001 RSI: 00000000200026c0 RDI: 0000000000000004
[ 99.591029][ T5473] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000010
[ 99.599288][ T5473] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcc5e96b1c
[ 99.607287][ T5473] R13: 0000000000000018 R14: 431bde82d7b634db R15: 00007ffcc5e96b60
[ 99.615298][ T5473]
[pid 5473] pwritev2(4, [{iov_base="\xc5", iov_len=1}], 1, 0, RWF_APPEND) = -1 ENOMEM (Cannot allocate memory)
[pid 5473] exit_group(0) = ?
[pid 5473] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5473, si_uid=0, si_status=0, si_utime=0, si_stime=34 /* 0.34 s */} ---
umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[ 99.619486][ T5473] BTRFS error (device loop0): failed to run delayed ref for logical 5312512 num_bytes 4096 type 176 action 2 ref_mod 1: -12
[ 99.639377][ T5473] BTRFS error (device loop0: state A): Transaction aborted (error -12)
[ 99.648253][ T5473] BTRFS: error (device loop0: state A) in btrfs_run_delayed_refs:2226: errno=-12 Out of memory
[ 99.659121][ T5473] BTRFS info (device loop0: state EA): forced readonly
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555562e86f0 /* 4 entries */, 32768) = 112
umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./24/binderfs") = 0
[ 99.738042][ T5061] BTRFS info (device loop0: state EA): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555562f0730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562f0730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./24/file0") = 0
getdents64(3, 0x5555562e86f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./24") = 0
mkdir("./25", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5490 attached
, child_tidptr=0x5555562e7650) = 5490
[pid 5490] set_robust_list(0x5555562e7660, 24) = 0
[pid 5490] chdir("./25") = 0
[pid 5490] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5490] setpgid(0, 0) = 0
[pid 5490] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5490] write(3, "1000", 4) = 4
[pid 5490] close(3) = 0
[pid 5490] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5490] memfd_create("syzkaller", 0) = 3
[pid 5490] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb08fed000
[pid 5490] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5490] munmap(0x7fbb08fed000, 138412032) = 0
[pid 5490] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5490] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5490] close(3) = 0
[pid 5490] mkdir("./file0", 0777) = 0
[ 100.196385][ T5490] loop0: detected capacity change from 0 to 32768
[ 100.207056][ T5490] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor333 (5490)
[ 100.224447][ T5490] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 100.234712][ T5490] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[pid 5490] mount("/dev/loop0", "./file0", "btrfs", 0, "commit=0x0000000000000022,noautodefrag,ref_verify,skip_balance,compress-force,") = 0
[pid 5490] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5490] chdir("./file0") = 0
[pid 5490] ioctl(4, LOOP_CLR_FD) = 0
[pid 5490] close(4) = 0
[ 100.243510][ T5490] BTRFS info (device loop0): doing ref verification
[ 100.250171][ T5490] BTRFS info (device loop0): force zlib compression, level 3
[ 100.257575][ T5490] BTRFS info (device loop0): using free space tree
[ 100.280856][ T5490] BTRFS info (device loop0): enabling ssd optimizations
[ 100.288697][ T5490] BTRFS info (device loop0): auto enabling async discard
[pid 5490] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid 5490] fallocate(4, 0, 0, 1048820) = 0
[pid 5490] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5490] write(5, "56", 2) = 2
[ 100.327886][ T28] audit: type=1800 audit(1701700623.589:27): pid=5490 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor333" name="bus" dev="loop0" ino=263 res=0 errno=0
[ 100.380013][ T5490] FAULT_INJECTION: forcing a failure.
[ 100.380013][ T5490] name failslab, interval 1, probability 0, space 0, times 0
[ 100.393036][ T5490] CPU: 1 PID: 5490 Comm: syz-executor333 Not tainted 6.7.0-rc4-syzkaller #0
[ 100.402058][ T5490] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 100.413115][ T5490] Call Trace:
[ 100.416435][ T5490]
[ 100.419398][ T5490] dump_stack_lvl+0x1e7/0x2d0
[ 100.424132][ T5490] ? nf_tcp_handle_invalid+0x650/0x650
[ 100.429642][ T5490] ? panic+0x850/0x850
[ 100.433858][ T5490] ? __might_sleep+0xe0/0xe0
[ 100.438523][ T5490] should_fail_ex+0x3aa/0x4e0
[ 100.443267][ T5490] ? alloc_extent_state+0x25/0x2e0
[ 100.448437][ T5490] should_failslab+0x9/0x20
[ 100.453005][ T5490] kmem_cache_alloc+0x6d/0x2b0
[ 100.457839][ T5490] alloc_extent_state+0x25/0x2e0
[ 100.462859][ T5490] __set_extent_bit+0x1c8/0x1b00
[ 100.467861][ T5490] ? btrfs_update_block_group+0x62f/0xa90
[ 100.473745][ T5490] ? trace_btrfs_space_reservation+0x9a/0x220
[ 100.479888][ T5490] set_extent_bit+0x3b/0x50
[ 100.484476][ T5490] btrfs_update_block_group+0x66e/0xa90
[ 100.490198][ T5490] __btrfs_free_extent+0x1cec/0x38e0
[ 100.495571][ T5490] ? __btrfs_inc_extent_ref+0x610/0x610
[ 100.501169][ T5490] ? lock_downgrade+0x840/0x8f0
[ 100.506067][ T5490] ? __btrfs_run_delayed_refs+0xa94/0x44d0
[ 100.511916][ T5490] ? __lock_acquire+0x1fd0/0x1fd0
[ 100.516970][ T5490] ? do_raw_spin_unlock+0x13b/0x8b0
[ 100.522223][ T5490] __btrfs_run_delayed_refs+0x13c8/0x44d0
[ 100.528022][ T5490] ? btrfs_run_delayed_refs+0x2c0/0x2c0
[ 100.533592][ T5490] ? __lock_acquire+0x1345/0x1fd0
[ 100.538659][ T5490] ? read_lock_is_recursive+0x20/0x20
[ 100.544170][ T5490] btrfs_run_delayed_refs+0xe3/0x2c0
[ 100.549677][ T5490] btrfs_commit_transaction+0x4ba/0x3740
[ 100.555342][ T5490] ? btrfs_commit_transaction+0x17b/0x3740
[ 100.561190][ T5490] ? btrfs_commit_transaction_async+0x480/0x480
[ 100.567491][ T5490] ? __up_read+0x6a0/0x6a0
[ 100.572099][ T5490] ? dput+0x52/0x470
[ 100.576023][ T5490] btrfs_sync_file+0xf50/0x1330
[ 100.580909][ T5490] ? btrfs_release_file+0x130/0x130
[ 100.586132][ T5490] ? __lock_acquire+0x1fd0/0x1fd0
[ 100.591332][ T5490] ? do_raw_spin_lock+0x14e/0x370
[ 100.596383][ T5490] ? do_raw_spin_unlock+0x13b/0x8b0
[ 100.601642][ T5490] btrfs_do_write_iter+0xbc5/0x1190
[ 100.607089][ T5490] ? mark_lock+0x9a/0x350
[ 100.611456][ T5490] ? btrfs_check_nocow_unlock+0x40/0x40
[ 100.617026][ T5490] do_iter_readv_writev+0x330/0x4a0
[ 100.622252][ T5490] ? generic_file_rw_checks+0x260/0x260
[ 100.627838][ T5490] ? fsnotify_perm+0x67/0x5a0
[ 100.632541][ T5490] ? bpf_lsm_file_permission+0x9/0x10
[ 100.637935][ T5490] do_iter_write+0x1f6/0x8d0
[ 100.642568][ T5490] do_pwritev+0x21a/0x360
[ 100.646919][ T5490] ? do_preadv+0x350/0x350
[ 100.651376][ T5490] ? do_notify_parent+0x10c0/0x10c0
[ 100.656684][ T5490] ? lockdep_hardirqs_on_prepare+0x43c/0x780
[ 100.662693][ T5490] ? print_irqtrace_events+0x220/0x220
[ 100.668176][ T5490] ? syscall_enter_from_user_mode+0xa4/0x2d0
[ 100.674182][ T5490] ? syscall_enter_from_user_mode+0xf5/0x2d0
[ 100.680174][ T5490] ? __x64_sys_pwritev2+0xbd/0x100
[ 100.685315][ T5490] do_syscall_64+0x45/0x110
[ 100.689863][ T5490] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 100.695879][ T5490] RIP: 0033:0x7fbb1142c2e9
[ 100.700352][ T5490] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 100.719991][ T5490] RSP: 002b:00007ffcc5e96ae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[pid 5490] pwritev2(4, [{iov_base="\xc5", iov_len=1}], 1, 0, RWF_APPEND) = 1
[pid 5490] exit_group(0) = ?
[pid 5490] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5490, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=27 /* 0.27 s */} ---
umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555562e86f0 /* 4 entries */, 32768) = 112
[ 100.728540][ T5490] RAX: ffffffffffffffda RBX: 00007ffcc5e96b20 RCX: 00007fbb1142c2e9
[ 100.736529][ T5490] RDX: 0000000000000001 RSI: 00000000200026c0 RDI: 0000000000000004
[ 100.744509][ T5490] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000010
[ 100.752491][ T5490] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcc5e96b1c
[ 100.760477][ T5490] R13: 0000000000000019 R14: 431bde82d7b634db R15: 00007ffcc5e96b60
[ 100.768495][ T5490]
umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./25/binderfs") = 0
[ 100.831651][ T5061] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555562f0730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562f0730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./25/file0") = 0
getdents64(3, 0x5555562e86f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./25") = 0
mkdir("./26", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5507 attached
[pid 5507] set_robust_list(0x5555562e7660, 24) = 0
[pid 5061] <... clone resumed>, child_tidptr=0x5555562e7650) = 5507
[pid 5507] chdir("./26") = 0
[pid 5507] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5507] setpgid(0, 0) = 0
[pid 5507] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5507] write(3, "1000", 4) = 4
[pid 5507] close(3) = 0
[pid 5507] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5507] memfd_create("syzkaller", 0) = 3
[pid 5507] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb08fed000
[pid 5507] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5507] munmap(0x7fbb08fed000, 138412032) = 0
[pid 5507] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5507] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5507] close(3) = 0
[pid 5507] mkdir("./file0", 0777) = 0
[ 101.311639][ T5507] loop0: detected capacity change from 0 to 32768
[ 101.326896][ T5507] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor333 (5507)
[ 101.345502][ T5507] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 101.356036][ T5507] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 101.364892][ T5507] BTRFS info (device loop0): doing ref verification
[ 101.371574][ T5507] BTRFS info (device loop0): force zlib compression, level 3
[ 101.379091][ T5507] BTRFS info (device loop0): using free space tree
[ 101.400626][ T5507] BTRFS info (device loop0): enabling ssd optimizations
[pid 5507] mount("/dev/loop0", "./file0", "btrfs", 0, "commit=0x0000000000000022,noautodefrag,ref_verify,skip_balance,compress-force,") = 0
[pid 5507] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5507] chdir("./file0") = 0
[pid 5507] ioctl(4, LOOP_CLR_FD) = 0
[pid 5507] close(4) = 0
[ 101.407656][ T5507] BTRFS info (device loop0): auto enabling async discard
[pid 5507] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid 5507] fallocate(4, 0, 0, 1048820) = 0
[pid 5507] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5507] write(5, "56", 2) = 2
[ 101.466328][ T28] audit: type=1800 audit(1701700624.729:28): pid=5507 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor333" name="bus" dev="loop0" ino=263 res=0 errno=0
[ 101.529451][ T5507] FAULT_INJECTION: forcing a failure.
[ 101.529451][ T5507] name failslab, interval 1, probability 0, space 0, times 0
[ 101.542389][ T5507] CPU: 0 PID: 5507 Comm: syz-executor333 Not tainted 6.7.0-rc4-syzkaller #0
[ 101.551110][ T5507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 101.561206][ T5507] Call Trace:
[ 101.564519][ T5507]
[ 101.567483][ T5507] dump_stack_lvl+0x1e7/0x2d0
[ 101.572213][ T5507] ? nf_tcp_handle_invalid+0x650/0x650
[ 101.577727][ T5507] ? panic+0x850/0x850
[ 101.581844][ T5507] ? __might_sleep+0xe0/0xe0
[ 101.586498][ T5507] should_fail_ex+0x3aa/0x4e0
[ 101.591234][ T5507] ? add_to_free_space_tree+0xc7/0x2e0
[ 101.596751][ T5507] should_failslab+0x9/0x20
[ 101.601302][ T5507] kmem_cache_alloc+0x6d/0x2b0
[ 101.606646][ T5507] ? btrfs_qgroup_destroy_extent_records+0xb0/0xb0
[ 101.613203][ T5507] add_to_free_space_tree+0xc7/0x2e0
[ 101.618548][ T5507] __btrfs_free_extent+0x1cc4/0x38e0
[ 101.623883][ T5507] ? __btrfs_inc_extent_ref+0x610/0x610
[ 101.629448][ T5507] ? lock_downgrade+0x840/0x8f0
[ 101.634315][ T5507] ? __btrfs_run_delayed_refs+0xa94/0x44d0
[ 101.640142][ T5507] ? __lock_acquire+0x1fd0/0x1fd0
[ 101.645197][ T5507] ? do_raw_spin_unlock+0x13b/0x8b0
[ 101.650683][ T5507] __btrfs_run_delayed_refs+0x13c8/0x44d0
[ 101.656491][ T5507] ? btrfs_run_delayed_refs+0x2c0/0x2c0
[ 101.662079][ T5507] ? __lock_acquire+0x1345/0x1fd0
[ 101.667148][ T5507] ? read_lock_is_recursive+0x20/0x20
[ 101.672552][ T5507] btrfs_run_delayed_refs+0xe3/0x2c0
[ 101.677909][ T5507] btrfs_commit_transaction+0x4ba/0x3740
[ 101.683570][ T5507] ? btrfs_commit_transaction+0x17b/0x3740
[ 101.689442][ T5507] ? btrfs_commit_transaction_async+0x480/0x480
[ 101.695742][ T5507] ? __up_read+0x6a0/0x6a0
[ 101.700169][ T5507] ? dput+0x52/0x470
[ 101.704094][ T5507] btrfs_sync_file+0xf50/0x1330
[ 101.708981][ T5507] ? btrfs_release_file+0x130/0x130
[ 101.714210][ T5507] ? __lock_acquire+0x1fd0/0x1fd0
[ 101.719248][ T5507] ? do_raw_spin_lock+0x14e/0x370
[ 101.724303][ T5507] ? do_raw_spin_unlock+0x13b/0x8b0
[ 101.729545][ T5507] btrfs_do_write_iter+0xbc5/0x1190
[ 101.734754][ T5507] ? mark_lock+0x9a/0x350
[ 101.739116][ T5507] ? btrfs_check_nocow_unlock+0x40/0x40
[ 101.744685][ T5507] do_iter_readv_writev+0x330/0x4a0
[ 101.749920][ T5507] ? generic_file_rw_checks+0x260/0x260
[ 101.755493][ T5507] ? fsnotify_perm+0x67/0x5a0
[ 101.760179][ T5507] ? bpf_lsm_file_permission+0x9/0x10
[ 101.765572][ T5507] do_iter_write+0x1f6/0x8d0
[ 101.770205][ T5507] do_pwritev+0x21a/0x360
[ 101.774556][ T5507] ? do_preadv+0x350/0x350
[ 101.779006][ T5507] ? do_notify_parent+0x10c0/0x10c0
[ 101.784223][ T5507] ? lockdep_hardirqs_on_prepare+0x43c/0x780
[ 101.790251][ T5507] ? print_irqtrace_events+0x220/0x220
[ 101.795731][ T5507] ? syscall_enter_from_user_mode+0xa4/0x2d0
[ 101.801729][ T5507] ? syscall_enter_from_user_mode+0xf5/0x2d0
[ 101.807717][ T5507] ? __x64_sys_pwritev2+0xbd/0x100
[ 101.812936][ T5507] do_syscall_64+0x45/0x110
[ 101.817477][ T5507] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 101.823391][ T5507] RIP: 0033:0x7fbb1142c2e9
[ 101.827830][ T5507] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 101.847451][ T5507] RSP: 002b:00007ffcc5e96ae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[ 101.855887][ T5507] RAX: ffffffffffffffda RBX: 00007ffcc5e96b20 RCX: 00007fbb1142c2e9
[ 101.863869][ T5507] RDX: 0000000000000001 RSI: 00000000200026c0 RDI: 0000000000000004
[ 101.871851][ T5507] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000010
[ 101.879917][ T5507] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcc5e96b1c
[ 101.887896][ T5507] R13: 000000000000001a R14: 431bde82d7b634db R15: 00007ffcc5e96b60
[ 101.895896][ T5507]
[ 101.908711][ T5507] BTRFS error (device loop0: state A): Transaction aborted (error -12)
[ 101.917370][ T5507] BTRFS: error (device loop0: state A) in add_to_free_space_tree:1057: errno=-12 Out of memory
[pid 5507] pwritev2(4, [{iov_base="\xc5", iov_len=1}], 1, 0, RWF_APPEND) = -1 ENOMEM (Cannot allocate memory)
[pid 5507] exit_group(0) = ?
[pid 5507] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5507, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=30 /* 0.30 s */} ---
umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555562e86f0 /* 4 entries */, 32768) = 112
[ 101.928167][ T5507] BTRFS info (device loop0: state EA): forced readonly
[ 101.935446][ T5507] BTRFS: error (device loop0: state EA) in do_free_extent_accounting:2989: errno=-12 Out of memory
[ 101.946686][ T5507] BTRFS error (device loop0: state EA): failed to run delayed ref for logical 5308416 num_bytes 4096 type 176 action 2 ref_mod 1: -12
[ 101.960804][ T5507] BTRFS: error (device loop0: state EA) in btrfs_run_delayed_refs:2226: errno=-12 Out of memory
umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./26/binderfs") = 0
[ 102.044623][ T5061] BTRFS info (device loop0: state EA): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555562f0730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562f0730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./26/file0") = 0
getdents64(3, 0x5555562e86f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./26") = 0
mkdir("./27", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5524 attached
, child_tidptr=0x5555562e7650) = 5524
[pid 5524] set_robust_list(0x5555562e7660, 24) = 0
[pid 5524] chdir("./27") = 0
[pid 5524] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5524] setpgid(0, 0) = 0
[pid 5524] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5524] write(3, "1000", 4) = 4
[pid 5524] close(3) = 0
[pid 5524] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5524] memfd_create("syzkaller", 0) = 3
[pid 5524] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb08fed000
[pid 5524] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5524] munmap(0x7fbb08fed000, 138412032) = 0
[pid 5524] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5524] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5524] close(3) = 0
[pid 5524] mkdir("./file0", 0777) = 0
[ 102.534521][ T5524] loop0: detected capacity change from 0 to 32768
[ 102.555705][ T5524] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor333 (5524)
[ 102.573844][ T5524] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 102.584216][ T5524] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 102.593284][ T5524] BTRFS info (device loop0): doing ref verification
[ 102.600539][ T5524] BTRFS info (device loop0): force zlib compression, level 3
[ 102.607927][ T5524] BTRFS info (device loop0): using free space tree
[pid 5524] mount("/dev/loop0", "./file0", "btrfs", 0, "commit=0x0000000000000022,noautodefrag,ref_verify,skip_balance,compress-force,") = 0
[pid 5524] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5524] chdir("./file0") = 0
[pid 5524] ioctl(4, LOOP_CLR_FD) = 0
[pid 5524] close(4) = 0
[ 102.630404][ T5524] BTRFS info (device loop0): enabling ssd optimizations
[ 102.637496][ T5524] BTRFS info (device loop0): auto enabling async discard
[pid 5524] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid 5524] fallocate(4, 0, 0, 1048820) = 0
[pid 5524] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5524] write(5, "56", 2) = 2
[ 102.682255][ T28] audit: type=1800 audit(1701700625.949:29): pid=5524 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor333" name="bus" dev="loop0" ino=263 res=0 errno=0
[ 102.713764][ T5524] FAULT_INJECTION: forcing a failure.
[ 102.713764][ T5524] name failslab, interval 1, probability 0, space 0, times 0
[ 102.726720][ T5524] CPU: 1 PID: 5524 Comm: syz-executor333 Not tainted 6.7.0-rc4-syzkaller #0
[ 102.735446][ T5524] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 102.745638][ T5524] Call Trace:
[ 102.749052][ T5524]
[ 102.752082][ T5524] dump_stack_lvl+0x1e7/0x2d0
[ 102.756825][ T5524] ? nf_tcp_handle_invalid+0x650/0x650
[ 102.762348][ T5524] ? panic+0x850/0x850
[ 102.766469][ T5524] ? __might_sleep+0xe0/0xe0
[ 102.771193][ T5524] should_fail_ex+0x3aa/0x4e0
[ 102.775930][ T5524] ? alloc_extent_state+0x25/0x2e0
[ 102.781270][ T5524] should_failslab+0x9/0x20
[ 102.785826][ T5524] kmem_cache_alloc+0x6d/0x2b0
[ 102.791006][ T5524] alloc_extent_state+0x25/0x2e0
[ 102.796262][ T5524] __set_extent_bit+0x1c8/0x1b00
[ 102.801287][ T5524] ? btrfs_update_block_group+0x62f/0xa90
[ 102.807093][ T5524] ? trace_btrfs_space_reservation+0x9a/0x220
[ 102.813227][ T5524] set_extent_bit+0x3b/0x50
[ 102.817918][ T5524] btrfs_update_block_group+0x66e/0xa90
[ 102.823578][ T5524] __btrfs_free_extent+0x1cec/0x38e0
[ 102.828934][ T5524] ? __btrfs_inc_extent_ref+0x610/0x610
[ 102.834616][ T5524] ? lock_downgrade+0x840/0x8f0
[ 102.839604][ T5524] ? __btrfs_run_delayed_refs+0xa94/0x44d0
[ 102.845513][ T5524] ? __lock_acquire+0x1fd0/0x1fd0
[ 102.850606][ T5524] ? do_raw_spin_unlock+0x13b/0x8b0
[ 102.855908][ T5524] __btrfs_run_delayed_refs+0x13c8/0x44d0
[ 102.861757][ T5524] ? btrfs_run_delayed_refs+0x2c0/0x2c0
[ 102.867361][ T5524] ? __lock_acquire+0x1345/0x1fd0
[ 102.872471][ T5524] ? read_lock_is_recursive+0x20/0x20
[ 102.877917][ T5524] btrfs_run_delayed_refs+0xe3/0x2c0
[ 102.883289][ T5524] btrfs_commit_transaction+0x4ba/0x3740
[ 102.889016][ T5524] ? btrfs_commit_transaction+0x17b/0x3740
[ 102.894903][ T5524] ? btrfs_commit_transaction_async+0x480/0x480
[ 102.901218][ T5524] ? __up_read+0x6a0/0x6a0
[ 102.905814][ T5524] ? dput+0x52/0x470
[ 102.909789][ T5524] btrfs_sync_file+0xf50/0x1330
[ 102.914694][ T5524] ? btrfs_release_file+0x130/0x130
[ 102.919939][ T5524] ? __lock_acquire+0x1fd0/0x1fd0
[ 102.924975][ T5524] ? do_raw_spin_lock+0x14e/0x370
[ 102.930021][ T5524] ? do_raw_spin_unlock+0x13b/0x8b0
[ 102.935246][ T5524] btrfs_do_write_iter+0xbc5/0x1190
[ 102.940455][ T5524] ? mark_lock+0x9a/0x350
[ 102.944839][ T5524] ? btrfs_check_nocow_unlock+0x40/0x40
[ 102.950403][ T5524] do_iter_readv_writev+0x330/0x4a0
[ 102.955620][ T5524] ? generic_file_rw_checks+0x260/0x260
[ 102.961191][ T5524] ? fsnotify_perm+0x67/0x5a0
[ 102.965888][ T5524] ? bpf_lsm_file_permission+0x9/0x10
[ 102.971278][ T5524] do_iter_write+0x1f6/0x8d0
[ 102.975912][ T5524] do_pwritev+0x21a/0x360
[ 102.980257][ T5524] ? do_preadv+0x350/0x350
[ 102.984789][ T5524] ? do_notify_parent+0x10c0/0x10c0
[ 102.990033][ T5524] ? lockdep_hardirqs_on_prepare+0x43c/0x780
[ 102.996131][ T5524] ? print_irqtrace_events+0x220/0x220
[ 103.001636][ T5524] ? syscall_enter_from_user_mode+0xa4/0x2d0
[ 103.008008][ T5524] ? syscall_enter_from_user_mode+0xf5/0x2d0
[ 103.014019][ T5524] ? __x64_sys_pwritev2+0xbd/0x100
[ 103.019151][ T5524] do_syscall_64+0x45/0x110
[ 103.023671][ T5524] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 103.029580][ T5524] RIP: 0033:0x7fbb1142c2e9
[ 103.034004][ T5524] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 103.053643][ T5524] RSP: 002b:00007ffcc5e96ae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[ 103.062477][ T5524] RAX: ffffffffffffffda RBX: 00007ffcc5e96b20 RCX: 00007fbb1142c2e9
[ 103.070577][ T5524] RDX: 0000000000000001 RSI: 00000000200026c0 RDI: 0000000000000004
[pid 5524] pwritev2(4, [{iov_base="\xc5", iov_len=1}], 1, 0, RWF_APPEND) = 1
[pid 5524] exit_group(0) = ?
[pid 5524] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5524, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=26 /* 0.26 s */} ---
[ 103.078678][ T5524] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000010
[ 103.086783][ T5524] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcc5e96b1c
[ 103.094861][ T5524] R13: 000000000000001b R14: 431bde82d7b634db R15: 00007ffcc5e96b60
[ 103.103319][ T5524]
umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555562e86f0 /* 4 entries */, 32768) = 112
umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./27/binderfs") = 0
[ 103.188196][ T5061] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555562f0730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562f0730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./27/file0") = 0
getdents64(3, 0x5555562e86f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./27") = 0
mkdir("./28", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5541 attached
[pid 5541] set_robust_list(0x5555562e7660, 24) = 0
[pid 5541] chdir("./28"
[pid 5061] <... clone resumed>, child_tidptr=0x5555562e7650) = 5541
[pid 5541] <... chdir resumed>) = 0
[pid 5541] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5541] setpgid(0, 0) = 0
[pid 5541] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5541] write(3, "1000", 4) = 4
[pid 5541] close(3) = 0
[pid 5541] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5541] memfd_create("syzkaller", 0) = 3
[pid 5541] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb08fed000
[pid 5541] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5541] munmap(0x7fbb08fed000, 138412032) = 0
[pid 5541] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5541] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5541] close(3) = 0
[pid 5541] mkdir("./file0", 0777) = 0
[ 103.674847][ T5541] loop0: detected capacity change from 0 to 32768
[ 103.696029][ T5541] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor333 (5541)
[ 103.712901][ T5541] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 103.723161][ T5541] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 103.731925][ T5541] BTRFS info (device loop0): doing ref verification
[ 103.738638][ T5541] BTRFS info (device loop0): force zlib compression, level 3
[ 103.746137][ T5541] BTRFS info (device loop0): using free space tree
[ 103.767651][ T5541] BTRFS info (device loop0): enabling ssd optimizations
[pid 5541] mount("/dev/loop0", "./file0", "btrfs", 0, "commit=0x0000000000000022,noautodefrag,ref_verify,skip_balance,compress-force,") = 0
[pid 5541] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5541] chdir("./file0") = 0
[pid 5541] ioctl(4, LOOP_CLR_FD) = 0
[pid 5541] close(4) = 0
[ 103.774760][ T5541] BTRFS info (device loop0): auto enabling async discard
[pid 5541] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid 5541] fallocate(4, 0, 0, 1048820) = 0
[pid 5541] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5541] write(5, "56", 2) = 2
[ 103.814056][ T28] audit: type=1800 audit(1701700627.079:30): pid=5541 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor333" name="bus" dev="loop0" ino=263 res=0 errno=0
[ 103.876587][ T5541] FAULT_INJECTION: forcing a failure.
[ 103.876587][ T5541] name failslab, interval 1, probability 0, space 0, times 0
[ 103.889714][ T5541] CPU: 0 PID: 5541 Comm: syz-executor333 Not tainted 6.7.0-rc4-syzkaller #0
[ 103.898797][ T5541] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 103.909043][ T5541] Call Trace:
[ 103.912447][ T5541]
[ 103.915417][ T5541] dump_stack_lvl+0x1e7/0x2d0
[ 103.920154][ T5541] ? nf_tcp_handle_invalid+0x650/0x650
[ 103.925792][ T5541] ? panic+0x850/0x850
[ 103.929909][ T5541] ? __might_sleep+0xe0/0xe0
[ 103.934567][ T5541] should_fail_ex+0x3aa/0x4e0
[ 103.939304][ T5541] ? add_to_free_space_tree+0xc7/0x2e0
[ 103.944816][ T5541] should_failslab+0x9/0x20
[ 103.949379][ T5541] kmem_cache_alloc+0x6d/0x2b0
[ 103.954285][ T5541] ? btrfs_qgroup_destroy_extent_records+0xb0/0xb0
[ 103.960833][ T5541] add_to_free_space_tree+0xc7/0x2e0
[ 103.966187][ T5541] __btrfs_free_extent+0x1cc4/0x38e0
[ 103.971610][ T5541] ? __btrfs_inc_extent_ref+0x610/0x610
[ 103.977173][ T5541] ? lock_downgrade+0x840/0x8f0
[ 103.982044][ T5541] ? __btrfs_run_delayed_refs+0xa94/0x44d0
[ 103.987885][ T5541] ? __lock_acquire+0x1fd0/0x1fd0
[ 103.992971][ T5541] ? do_raw_spin_unlock+0x13b/0x8b0
[ 103.998311][ T5541] __btrfs_run_delayed_refs+0x13c8/0x44d0
[ 104.004105][ T5541] ? btrfs_run_delayed_refs+0x2c0/0x2c0
[ 104.009680][ T5541] ? __lock_acquire+0x1345/0x1fd0
[ 104.014789][ T5541] ? read_lock_is_recursive+0x20/0x20
[ 104.020727][ T5541] btrfs_run_delayed_refs+0xe3/0x2c0
[ 104.026151][ T5541] btrfs_commit_transaction+0x4ba/0x3740
[ 104.031945][ T5541] ? btrfs_commit_transaction+0x17b/0x3740
[ 104.037883][ T5541] ? btrfs_commit_transaction_async+0x480/0x480
[ 104.044276][ T5541] ? __up_read+0x6a0/0x6a0
[ 104.048696][ T5541] ? dput+0x52/0x470
[ 104.052628][ T5541] btrfs_sync_file+0xf50/0x1330
[ 104.057506][ T5541] ? btrfs_release_file+0x130/0x130
[ 104.062750][ T5541] ? __lock_acquire+0x1fd0/0x1fd0
[ 104.067782][ T5541] ? do_raw_spin_lock+0x14e/0x370
[ 104.072827][ T5541] ? do_raw_spin_unlock+0x13b/0x8b0
[ 104.078044][ T5541] btrfs_do_write_iter+0xbc5/0x1190
[ 104.083301][ T5541] ? mark_lock+0x9a/0x350
[ 104.087701][ T5541] ? btrfs_check_nocow_unlock+0x40/0x40
[ 104.093292][ T5541] do_iter_readv_writev+0x330/0x4a0
[ 104.098533][ T5541] ? generic_file_rw_checks+0x260/0x260
[ 104.104669][ T5541] ? fsnotify_perm+0x67/0x5a0
[ 104.109367][ T5541] ? bpf_lsm_file_permission+0x9/0x10
[ 104.114766][ T5541] do_iter_write+0x1f6/0x8d0
[ 104.119407][ T5541] do_pwritev+0x21a/0x360
[ 104.123763][ T5541] ? do_preadv+0x350/0x350
[ 104.128210][ T5541] ? do_notify_parent+0x10c0/0x10c0
[ 104.133426][ T5541] ? lockdep_hardirqs_on_prepare+0x43c/0x780
[ 104.139721][ T5541] ? print_irqtrace_events+0x220/0x220
[ 104.145195][ T5541] ? syscall_enter_from_user_mode+0xa4/0x2d0
[ 104.151210][ T5541] ? syscall_enter_from_user_mode+0xf5/0x2d0
[ 104.157210][ T5541] ? __x64_sys_pwritev2+0xbd/0x100
[ 104.162375][ T5541] do_syscall_64+0x45/0x110
[ 104.166993][ T5541] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 104.172925][ T5541] RIP: 0033:0x7fbb1142c2e9
[ 104.177351][ T5541] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 104.196989][ T5541] RSP: 002b:00007ffcc5e96ae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[ 104.205419][ T5541] RAX: ffffffffffffffda RBX: 00007ffcc5e96b20 RCX: 00007fbb1142c2e9
[ 104.213486][ T5541] RDX: 0000000000000001 RSI: 00000000200026c0 RDI: 0000000000000004
[ 104.221733][ T5541] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000010
[ 104.229902][ T5541] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcc5e96b1c
[ 104.238004][ T5541] R13: 000000000000001c R14: 431bde82d7b634db R15: 00007ffcc5e96b60
[ 104.246022][ T5541]
[ 104.249992][ T5541] BTRFS error (device loop0: state A): Transaction aborted (error -12)
[ 104.258290][ T5541] BTRFS: error (device loop0: state A) in add_to_free_space_tree:1057: errno=-12 Out of memory
[ 104.268738][ T5541] BTRFS info (device loop0: state EA): forced readonly
[pid 5541] pwritev2(4, [{iov_base="\xc5", iov_len=1}], 1, 0, RWF_APPEND) = -1 ENOMEM (Cannot allocate memory)
[pid 5541] exit_group(0) = ?
[pid 5541] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5541, si_uid=0, si_status=0, si_utime=0, si_stime=29 /* 0.29 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[ 104.275822][ T5541] BTRFS: error (device loop0: state EA) in do_free_extent_accounting:2989: errno=-12 Out of memory
[ 104.286673][ T5541] BTRFS error (device loop0: state EA): failed to run delayed ref for logical 5308416 num_bytes 4096 type 176 action 2 ref_mod 1: -12
[ 104.300756][ T5541] BTRFS: error (device loop0: state EA) in btrfs_run_delayed_refs:2226: errno=-12 Out of memory
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555562e86f0 /* 4 entries */, 32768) = 112
umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./28/binderfs") = 0
[ 104.386226][ T5061] BTRFS info (device loop0: state EA): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555562f0730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562f0730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./28/file0") = 0
getdents64(3, 0x5555562e86f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./28") = 0
mkdir("./29", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5558 attached
[pid 5558] set_robust_list(0x5555562e7660, 24) = 0
[pid 5558] chdir("./29"
[pid 5061] <... clone resumed>, child_tidptr=0x5555562e7650) = 5558
[pid 5558] <... chdir resumed>) = 0
[pid 5558] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5558] setpgid(0, 0) = 0
[pid 5558] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5558] write(3, "1000", 4) = 4
[pid 5558] close(3) = 0
[pid 5558] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5558] memfd_create("syzkaller", 0) = 3
[pid 5558] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb08fed000
[pid 5558] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5558] munmap(0x7fbb08fed000, 138412032) = 0
[pid 5558] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5558] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5558] close(3) = 0
[pid 5558] mkdir("./file0", 0777) = 0
[ 104.892694][ T5558] loop0: detected capacity change from 0 to 32768
[ 104.908807][ T5558] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor333 (5558)
[ 104.926888][ T5558] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 104.937219][ T5558] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 104.945993][ T5558] BTRFS info (device loop0): doing ref verification
[ 104.952657][ T5558] BTRFS info (device loop0): force zlib compression, level 3
[ 104.960160][ T5558] BTRFS info (device loop0): using free space tree
[ 104.982239][ T5558] BTRFS info (device loop0): enabling ssd optimizations
[pid 5558] mount("/dev/loop0", "./file0", "btrfs", 0, "commit=0x0000000000000022,noautodefrag,ref_verify,skip_balance,compress-force,") = 0
[pid 5558] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5558] chdir("./file0") = 0
[pid 5558] ioctl(4, LOOP_CLR_FD) = 0
[pid 5558] close(4) = 0
[ 104.989347][ T5558] BTRFS info (device loop0): auto enabling async discard
[pid 5558] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid 5558] fallocate(4, 0, 0, 1048820) = 0
[pid 5558] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[ 105.013480][ T28] audit: type=1800 audit(1701700628.279:31): pid=5558 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor333" name="bus" dev="loop0" ino=263 res=0 errno=0
[pid 5558] write(5, "56", 2) = 2
[ 105.054614][ T5558] FAULT_INJECTION: forcing a failure.
[ 105.054614][ T5558] name failslab, interval 1, probability 0, space 0, times 0
[ 105.067675][ T5558] CPU: 1 PID: 5558 Comm: syz-executor333 Not tainted 6.7.0-rc4-syzkaller #0
[ 105.076403][ T5558] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 105.086512][ T5558] Call Trace:
[ 105.089829][ T5558]
[ 105.092808][ T5558] dump_stack_lvl+0x1e7/0x2d0
[ 105.097548][ T5558] ? nf_tcp_handle_invalid+0x650/0x650
[ 105.103079][ T5558] ? panic+0x850/0x850
[ 105.107202][ T5558] ? __might_sleep+0xe0/0xe0
[ 105.111882][ T5558] should_fail_ex+0x3aa/0x4e0
[ 105.116651][ T5558] ? alloc_extent_state+0x25/0x2e0
[ 105.122014][ T5558] should_failslab+0x9/0x20
[ 105.126569][ T5558] kmem_cache_alloc+0x6d/0x2b0
[ 105.131419][ T5558] alloc_extent_state+0x25/0x2e0
[ 105.136422][ T5558] __set_extent_bit+0x1c8/0x1b00
[ 105.141430][ T5558] ? btrfs_update_block_group+0x62f/0xa90
[ 105.147213][ T5558] ? trace_btrfs_space_reservation+0x9a/0x220
[ 105.154221][ T5558] set_extent_bit+0x3b/0x50
[ 105.159254][ T5558] btrfs_update_block_group+0x66e/0xa90
[ 105.164908][ T5558] __btrfs_free_extent+0x1cec/0x38e0
[ 105.170304][ T5558] ? __btrfs_inc_extent_ref+0x610/0x610
[ 105.175952][ T5558] ? lock_downgrade+0x840/0x8f0
[ 105.180944][ T5558] ? __btrfs_run_delayed_refs+0xa94/0x44d0
[ 105.187079][ T5558] ? __lock_acquire+0x1fd0/0x1fd0
[ 105.192167][ T5558] ? do_raw_spin_unlock+0x13b/0x8b0
[ 105.197438][ T5558] __btrfs_run_delayed_refs+0x13c8/0x44d0
[ 105.203301][ T5558] ? btrfs_run_delayed_refs+0x2c0/0x2c0
[ 105.208913][ T5558] ? __lock_acquire+0x1345/0x1fd0
[ 105.214144][ T5558] ? read_lock_is_recursive+0x20/0x20
[ 105.219590][ T5558] btrfs_run_delayed_refs+0xe3/0x2c0
[ 105.225041][ T5558] btrfs_commit_transaction+0x4ba/0x3740
[ 105.230724][ T5558] ? btrfs_commit_transaction+0x17b/0x3740
[ 105.236579][ T5558] ? btrfs_commit_transaction_async+0x480/0x480
[ 105.242915][ T5558] ? __up_read+0x6a0/0x6a0
[ 105.247347][ T5558] ? dput+0x52/0x470
[ 105.251457][ T5558] btrfs_sync_file+0xf50/0x1330
[ 105.256397][ T5558] ? btrfs_release_file+0x130/0x130
[ 105.261650][ T5558] ? __lock_acquire+0x1fd0/0x1fd0
[ 105.266699][ T5558] ? do_raw_spin_lock+0x14e/0x370
[ 105.271755][ T5558] ? do_raw_spin_unlock+0x13b/0x8b0
[ 105.276986][ T5558] btrfs_do_write_iter+0xbc5/0x1190
[ 105.282293][ T5558] ? mark_lock+0x9a/0x350
[ 105.286671][ T5558] ? btrfs_check_nocow_unlock+0x40/0x40
[ 105.292248][ T5558] do_iter_readv_writev+0x330/0x4a0
[ 105.297921][ T5558] ? generic_file_rw_checks+0x260/0x260
[ 105.303503][ T5558] ? fsnotify_perm+0x67/0x5a0
[ 105.308200][ T5558] ? bpf_lsm_file_permission+0x9/0x10
[ 105.313696][ T5558] do_iter_write+0x1f6/0x8d0
[ 105.318337][ T5558] do_pwritev+0x21a/0x360
[ 105.322703][ T5558] ? do_preadv+0x350/0x350
[ 105.327156][ T5558] ? do_notify_parent+0x10c0/0x10c0
[ 105.332385][ T5558] ? lockdep_hardirqs_on_prepare+0x43c/0x780
[ 105.338917][ T5558] ? print_irqtrace_events+0x220/0x220
[ 105.344417][ T5558] ? syscall_enter_from_user_mode+0xa4/0x2d0
[ 105.350423][ T5558] ? syscall_enter_from_user_mode+0xf5/0x2d0
[ 105.356422][ T5558] ? __x64_sys_pwritev2+0xbd/0x100
[ 105.361569][ T5558] do_syscall_64+0x45/0x110
[ 105.366142][ T5558] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 105.372056][ T5558] RIP: 0033:0x7fbb1142c2e9
[ 105.376488][ T5558] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 105.396302][ T5558] RSP: 002b:00007ffcc5e96ae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[pid 5558] pwritev2(4, [{iov_base="\xc5", iov_len=1}], 1, 0, RWF_APPEND) = 1
[pid 5558] exit_group(0) = ?
[pid 5558] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5558, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=27 /* 0.27 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
[ 105.404751][ T5558] RAX: ffffffffffffffda RBX: 00007ffcc5e96b20 RCX: 00007fbb1142c2e9
[ 105.412739][ T5558] RDX: 0000000000000001 RSI: 00000000200026c0 RDI: 0000000000000004
[ 105.420718][ T5558] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000010
[ 105.428704][ T5558] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcc5e96b1c
[ 105.436715][ T5558] R13: 000000000000001d R14: 431bde82d7b634db R15: 00007ffcc5e96b60
[ 105.445246][ T5558]
umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555562e86f0 /* 4 entries */, 32768) = 112
umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./29/binderfs") = 0
[ 105.580912][ T5061] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555562f0730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562f0730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./29/file0") = 0
getdents64(3, 0x5555562e86f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./29") = 0
mkdir("./30", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5575 attached
, child_tidptr=0x5555562e7650) = 5575
[pid 5575] set_robust_list(0x5555562e7660, 24) = 0
[pid 5575] chdir("./30") = 0
[pid 5575] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5575] setpgid(0, 0) = 0
[pid 5575] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5575] write(3, "1000", 4) = 4
[pid 5575] close(3) = 0
[pid 5575] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5575] memfd_create("syzkaller", 0) = 3
[pid 5575] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb08fed000
[pid 5575] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5575] munmap(0x7fbb08fed000, 138412032) = 0
[pid 5575] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5575] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5575] close(3) = 0
[pid 5575] mkdir("./file0", 0777) = 0
[ 106.039514][ T5575] loop0: detected capacity change from 0 to 32768
[ 106.049909][ T5575] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor333 (5575)
[ 106.067070][ T5575] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 106.077913][ T5575] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[pid 5575] mount("/dev/loop0", "./file0", "btrfs", 0, "commit=0x0000000000000022,noautodefrag,ref_verify,skip_balance,compress-force,") = 0
[pid 5575] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5575] chdir("./file0") = 0
[pid 5575] ioctl(4, LOOP_CLR_FD) = 0
[ 106.086890][ T5575] BTRFS info (device loop0): doing ref verification
[ 106.093586][ T5575] BTRFS info (device loop0): force zlib compression, level 3
[ 106.101135][ T5575] BTRFS info (device loop0): using free space tree
[ 106.123860][ T5575] BTRFS info (device loop0): enabling ssd optimizations
[ 106.130927][ T5575] BTRFS info (device loop0): auto enabling async discard
[pid 5575] close(4) = 0
[pid 5575] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid 5575] fallocate(4, 0, 0, 1048820) = 0
[pid 5575] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5575] write(5, "56", 2) = 2
[ 106.188253][ T28] audit: type=1800 audit(1701700629.439:32): pid=5575 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor333" name="bus" dev="loop0" ino=263 res=0 errno=0
[ 106.200567][ T5575] FAULT_INJECTION: forcing a failure.
[ 106.200567][ T5575] name failslab, interval 1, probability 0, space 0, times 0
[ 106.221708][ T5575] CPU: 1 PID: 5575 Comm: syz-executor333 Not tainted 6.7.0-rc4-syzkaller #0
[ 106.230455][ T5575] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 106.240736][ T5575] Call Trace:
[ 106.244056][ T5575]
[ 106.247027][ T5575] dump_stack_lvl+0x1e7/0x2d0
[ 106.251778][ T5575] ? nf_tcp_handle_invalid+0x650/0x650
[ 106.257291][ T5575] ? panic+0x850/0x850
[ 106.261404][ T5575] ? __might_sleep+0xe0/0xe0
[ 106.266061][ T5575] should_fail_ex+0x3aa/0x4e0
[ 106.270796][ T5575] ? alloc_extent_state+0x25/0x2e0
[ 106.275963][ T5575] should_failslab+0x9/0x20
[ 106.280513][ T5575] kmem_cache_alloc+0x6d/0x2b0
[ 106.285347][ T5575] alloc_extent_state+0x25/0x2e0
[ 106.290523][ T5575] __set_extent_bit+0x1c8/0x1b00
[ 106.295548][ T5575] ? btrfs_update_block_group+0x62f/0xa90
[ 106.301331][ T5575] ? trace_btrfs_space_reservation+0x9a/0x220
[ 106.307504][ T5575] set_extent_bit+0x3b/0x50
[ 106.312121][ T5575] btrfs_update_block_group+0x66e/0xa90
[ 106.317750][ T5575] __btrfs_free_extent+0x1cec/0x38e0
[ 106.323197][ T5575] ? __btrfs_inc_extent_ref+0x610/0x610
[ 106.328799][ T5575] ? lock_downgrade+0x840/0x8f0
[ 106.333711][ T5575] ? __btrfs_run_delayed_refs+0xa94/0x44d0
[ 106.339577][ T5575] ? __lock_acquire+0x1fd0/0x1fd0
[ 106.344720][ T5575] ? do_raw_spin_unlock+0x13b/0x8b0
[ 106.349984][ T5575] __btrfs_run_delayed_refs+0x13c8/0x44d0
[ 106.355836][ T5575] ? btrfs_run_delayed_refs+0x2c0/0x2c0
[ 106.361457][ T5575] ? __lock_acquire+0x1345/0x1fd0
[ 106.366572][ T5575] ? read_lock_is_recursive+0x20/0x20
[ 106.372025][ T5575] btrfs_run_delayed_refs+0xe3/0x2c0
[ 106.377388][ T5575] btrfs_commit_transaction+0x4ba/0x3740
[ 106.383103][ T5575] ? btrfs_commit_transaction+0x17b/0x3740
[ 106.389089][ T5575] ? btrfs_commit_transaction_async+0x480/0x480
[ 106.395448][ T5575] ? __up_read+0x6a0/0x6a0
[ 106.399928][ T5575] ? dput+0x52/0x470
[ 106.403902][ T5575] btrfs_sync_file+0xf50/0x1330
[ 106.408828][ T5575] ? btrfs_release_file+0x130/0x130
[ 106.414107][ T5575] ? __lock_acquire+0x1fd0/0x1fd0
[ 106.419164][ T5575] ? do_raw_spin_lock+0x14e/0x370
[ 106.424211][ T5575] ? do_raw_spin_unlock+0x13b/0x8b0
[ 106.429435][ T5575] btrfs_do_write_iter+0xbc5/0x1190
[ 106.434644][ T5575] ? mark_lock+0x9a/0x350
[ 106.440154][ T5575] ? btrfs_check_nocow_unlock+0x40/0x40
[ 106.445727][ T5575] do_iter_readv_writev+0x330/0x4a0
[ 106.450950][ T5575] ? generic_file_rw_checks+0x260/0x260
[ 106.456534][ T5575] ? fsnotify_perm+0x67/0x5a0
[ 106.461233][ T5575] ? bpf_lsm_file_permission+0x9/0x10
[ 106.466749][ T5575] do_iter_write+0x1f6/0x8d0
[ 106.471429][ T5575] do_pwritev+0x21a/0x360
[ 106.475824][ T5575] ? do_preadv+0x350/0x350
[ 106.480295][ T5575] ? do_notify_parent+0x10c0/0x10c0
[ 106.485516][ T5575] ? lockdep_hardirqs_on_prepare+0x43c/0x780
[ 106.491524][ T5575] ? print_irqtrace_events+0x220/0x220
[ 106.497001][ T5575] ? syscall_enter_from_user_mode+0xa4/0x2d0
[ 106.503094][ T5575] ? syscall_enter_from_user_mode+0xf5/0x2d0
[ 106.509093][ T5575] ? __x64_sys_pwritev2+0xbd/0x100
[ 106.514247][ T5575] do_syscall_64+0x45/0x110
[ 106.518769][ T5575] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 106.524770][ T5575] RIP: 0033:0x7fbb1142c2e9
[ 106.529203][ T5575] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 106.548843][ T5575] RSP: 002b:00007ffcc5e96ae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[ 106.557307][ T5575] RAX: ffffffffffffffda RBX: 00007ffcc5e96b20 RCX: 00007fbb1142c2e9
[ 106.565314][ T5575] RDX: 0000000000000001 RSI: 00000000200026c0 RDI: 0000000000000004
[ 106.573384][ T5575] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000010
[ 106.581366][ T5575] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcc5e96b1c
[pid 5575] pwritev2(4, [{iov_base="\xc5", iov_len=1}], 1, 0, RWF_APPEND) = 1
[pid 5575] exit_group(0) = ?
[pid 5575] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5575, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=27 /* 0.27 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555562e86f0 /* 4 entries */, 32768) = 112
umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 106.589359][ T5575] R13: 000000000000001e R14: 431bde82d7b634db R15: 00007ffcc5e96b60
[ 106.597360][ T5575]
newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./30/binderfs") = 0
[ 106.673223][ T5061] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555562f0730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562f0730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./30/file0") = 0
getdents64(3, 0x5555562e86f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./30") = 0
mkdir("./31", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5592 attached
, child_tidptr=0x5555562e7650) = 5592
[pid 5592] set_robust_list(0x5555562e7660, 24) = 0
[pid 5592] chdir("./31") = 0
[pid 5592] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5592] setpgid(0, 0) = 0
[pid 5592] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5592] write(3, "1000", 4) = 4
[pid 5592] close(3) = 0
[pid 5592] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5592] memfd_create("syzkaller", 0) = 3
[pid 5592] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb08fed000
[pid 5592] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5592] munmap(0x7fbb08fed000, 138412032) = 0
[pid 5592] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5592] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5592] close(3) = 0
[pid 5592] mkdir("./file0", 0777) = 0
[ 107.154533][ T5592] loop0: detected capacity change from 0 to 32768
[ 107.173101][ T5592] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor333 (5592)
[ 107.190181][ T5592] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 107.200452][ T5592] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 107.209362][ T5592] BTRFS info (device loop0): doing ref verification
[ 107.215987][ T5592] BTRFS info (device loop0): force zlib compression, level 3
[ 107.223503][ T5592] BTRFS info (device loop0): using free space tree
[pid 5592] mount("/dev/loop0", "./file0", "btrfs", 0, "commit=0x0000000000000022,noautodefrag,ref_verify,skip_balance,compress-force,") = 0
[pid 5592] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5592] chdir("./file0") = 0
[pid 5592] ioctl(4, LOOP_CLR_FD) = 0
[pid 5592] close(4) = 0
[pid 5592] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[ 107.247044][ T5592] BTRFS info (device loop0): enabling ssd optimizations
[ 107.254142][ T5592] BTRFS info (device loop0): auto enabling async discard
[pid 5592] fallocate(4, 0, 0, 1048820) = 0
[pid 5592] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5592] write(5, "56", 2) = 2
[ 107.301994][ T28] audit: type=1800 audit(1701700630.569:33): pid=5592 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor333" name="bus" dev="loop0" ino=263 res=0 errno=0
[ 107.339627][ T5592] FAULT_INJECTION: forcing a failure.
[ 107.339627][ T5592] name failslab, interval 1, probability 0, space 0, times 0
[ 107.352911][ T5592] CPU: 1 PID: 5592 Comm: syz-executor333 Not tainted 6.7.0-rc4-syzkaller #0
[ 107.361641][ T5592] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 107.371780][ T5592] Call Trace:
[ 107.375096][ T5592]
[ 107.378061][ T5592] dump_stack_lvl+0x1e7/0x2d0
[ 107.382804][ T5592] ? nf_tcp_handle_invalid+0x650/0x650
[ 107.388318][ T5592] ? panic+0x850/0x850
[ 107.392437][ T5592] ? __might_sleep+0xe0/0xe0
[ 107.397115][ T5592] should_fail_ex+0x3aa/0x4e0
[ 107.401839][ T5592] ? alloc_extent_state+0x25/0x2e0
[ 107.406973][ T5592] should_failslab+0x9/0x20
[ 107.411488][ T5592] kmem_cache_alloc+0x6d/0x2b0
[ 107.416323][ T5592] alloc_extent_state+0x25/0x2e0
[ 107.421297][ T5592] __set_extent_bit+0x1c8/0x1b00
[ 107.426301][ T5592] ? btrfs_update_block_group+0x62f/0xa90
[ 107.432053][ T5592] ? trace_btrfs_space_reservation+0x9a/0x220
[ 107.438151][ T5592] set_extent_bit+0x3b/0x50
[ 107.442701][ T5592] btrfs_update_block_group+0x66e/0xa90
[ 107.448328][ T5592] __btrfs_free_extent+0x1cec/0x38e0
[ 107.453649][ T5592] ? __btrfs_inc_extent_ref+0x610/0x610
[ 107.459211][ T5592] ? lock_downgrade+0x840/0x8f0
[ 107.464073][ T5592] ? __btrfs_run_delayed_refs+0xa94/0x44d0
[ 107.469990][ T5592] ? __lock_acquire+0x1fd0/0x1fd0
[ 107.475090][ T5592] ? do_raw_spin_unlock+0x13b/0x8b0
[ 107.480328][ T5592] __btrfs_run_delayed_refs+0x13c8/0x44d0
[ 107.486133][ T5592] ? btrfs_run_delayed_refs+0x2c0/0x2c0
[ 107.491814][ T5592] ? __lock_acquire+0x1345/0x1fd0
[ 107.497165][ T5592] ? read_lock_is_recursive+0x20/0x20
[ 107.502593][ T5592] btrfs_run_delayed_refs+0xe3/0x2c0
[ 107.507913][ T5592] btrfs_commit_transaction+0x4ba/0x3740
[ 107.513570][ T5592] ? btrfs_commit_transaction+0x17b/0x3740
[ 107.519418][ T5592] ? btrfs_commit_transaction_async+0x480/0x480
[ 107.525718][ T5592] ? __up_read+0x6a0/0x6a0
[ 107.530152][ T5592] ? dput+0x52/0x470
[ 107.534079][ T5592] btrfs_sync_file+0xf50/0x1330
[ 107.538966][ T5592] ? btrfs_release_file+0x130/0x130
[ 107.544210][ T5592] ? __lock_acquire+0x1fd0/0x1fd0
[ 107.549248][ T5592] ? do_raw_spin_lock+0x14e/0x370
[ 107.554296][ T5592] ? do_raw_spin_unlock+0x13b/0x8b0
[ 107.559521][ T5592] btrfs_do_write_iter+0xbc5/0x1190
[ 107.564821][ T5592] ? mark_lock+0x9a/0x350
[ 107.569195][ T5592] ? btrfs_check_nocow_unlock+0x40/0x40
[ 107.574766][ T5592] do_iter_readv_writev+0x330/0x4a0
[ 107.579992][ T5592] ? generic_file_rw_checks+0x260/0x260
[ 107.585681][ T5592] ? fsnotify_perm+0x67/0x5a0
[ 107.590392][ T5592] ? bpf_lsm_file_permission+0x9/0x10
[ 107.595976][ T5592] do_iter_write+0x1f6/0x8d0
[ 107.600609][ T5592] do_pwritev+0x21a/0x360
[ 107.604966][ T5592] ? do_preadv+0x350/0x350
[ 107.609416][ T5592] ? do_notify_parent+0x10c0/0x10c0
[ 107.614630][ T5592] ? lockdep_hardirqs_on_prepare+0x43c/0x780
[ 107.620632][ T5592] ? print_irqtrace_events+0x220/0x220
[ 107.626110][ T5592] ? syscall_enter_from_user_mode+0xa4/0x2d0
[ 107.632108][ T5592] ? syscall_enter_from_user_mode+0xf5/0x2d0
[ 107.638099][ T5592] ? __x64_sys_pwritev2+0xbd/0x100
[ 107.643233][ T5592] do_syscall_64+0x45/0x110
[ 107.647779][ T5592] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 107.653698][ T5592] RIP: 0033:0x7fbb1142c2e9
[ 107.658125][ T5592] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 107.677862][ T5592] RSP: 002b:00007ffcc5e96ae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[ 107.686291][ T5592] RAX: ffffffffffffffda RBX: 00007ffcc5e96b20 RCX: 00007fbb1142c2e9
[ 107.694275][ T5592] RDX: 0000000000000001 RSI: 00000000200026c0 RDI: 0000000000000004
[pid 5592] pwritev2(4, [{iov_base="\xc5", iov_len=1}], 1, 0, RWF_APPEND) = 1
[pid 5592] exit_group(0) = ?
[pid 5592] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5592, si_uid=0, si_status=0, si_utime=0, si_stime=27 /* 0.27 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555562e86f0 /* 4 entries */, 32768) = 112
umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./31/binderfs") = 0
[ 107.702340][ T5592] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000010
[ 107.710404][ T5592] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcc5e96b1c
[ 107.718474][ T5592] R13: 000000000000001f R14: 431bde82d7b634db R15: 00007ffcc5e96b60
[ 107.726476][ T5592]
umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
[ 107.753333][ T5061] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555562f0730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562f0730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./31/file0") = 0
getdents64(3, 0x5555562e86f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./31") = 0
mkdir("./32", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5610 attached
, child_tidptr=0x5555562e7650) = 5610
[pid 5610] set_robust_list(0x5555562e7660, 24) = 0
[pid 5610] chdir("./32") = 0
[pid 5610] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5610] setpgid(0, 0) = 0
[pid 5610] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5610] write(3, "1000", 4) = 4
[pid 5610] close(3) = 0
[pid 5610] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5610] memfd_create("syzkaller", 0) = 3
[pid 5610] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb08fed000
[pid 5610] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5610] munmap(0x7fbb08fed000, 138412032) = 0
[pid 5610] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5610] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5610] close(3) = 0
[pid 5610] mkdir("./file0", 0777) = 0
[ 108.150006][ T5610] loop0: detected capacity change from 0 to 32768
[ 108.174740][ T5610] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor333 (5610)
[ 108.192888][ T5610] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 108.203239][ T5610] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 108.212082][ T5610] BTRFS info (device loop0): doing ref verification
[ 108.218828][ T5610] BTRFS info (device loop0): force zlib compression, level 3
[ 108.226255][ T5610] BTRFS info (device loop0): using free space tree
[pid 5610] mount("/dev/loop0", "./file0", "btrfs", 0, "commit=0x0000000000000022,noautodefrag,ref_verify,skip_balance,compress-force,") = 0
[pid 5610] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5610] chdir("./file0") = 0
[pid 5610] ioctl(4, LOOP_CLR_FD) = 0
[pid 5610] close(4) = 0
[ 108.248335][ T5610] BTRFS info (device loop0): enabling ssd optimizations
[ 108.255443][ T5610] BTRFS info (device loop0): auto enabling async discard
[pid 5610] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid 5610] fallocate(4, 0, 0, 1048820) = 0
[pid 5610] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5610] write(5, "56", 2) = 2
[ 108.308320][ T28] audit: type=1800 audit(1701700631.569:34): pid=5610 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor333" name="bus" dev="loop0" ino=263 res=0 errno=0
[ 108.364733][ T5610] FAULT_INJECTION: forcing a failure.
[ 108.364733][ T5610] name failslab, interval 1, probability 0, space 0, times 0
[ 108.378099][ T5610] CPU: 0 PID: 5610 Comm: syz-executor333 Not tainted 6.7.0-rc4-syzkaller #0
[ 108.386828][ T5610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 108.397013][ T5610] Call Trace:
[ 108.400328][ T5610]
[ 108.403326][ T5610] dump_stack_lvl+0x1e7/0x2d0
[ 108.408061][ T5610] ? nf_tcp_handle_invalid+0x650/0x650
[ 108.413586][ T5610] ? panic+0x850/0x850
[ 108.417739][ T5610] ? __might_sleep+0xe0/0xe0
[ 108.422384][ T5610] should_fail_ex+0x3aa/0x4e0
[ 108.427290][ T5610] ? alloc_extent_state+0x25/0x2e0
[ 108.432447][ T5610] should_failslab+0x9/0x20
[ 108.436984][ T5610] kmem_cache_alloc+0x6d/0x2b0
[ 108.441806][ T5610] alloc_extent_state+0x25/0x2e0
[ 108.446797][ T5610] __set_extent_bit+0x1c8/0x1b00
[ 108.451793][ T5610] ? btrfs_update_block_group+0x62f/0xa90
[ 108.457564][ T5610] ? trace_btrfs_space_reservation+0x9a/0x220
[ 108.463677][ T5610] set_extent_bit+0x3b/0x50
[ 108.468209][ T5610] btrfs_update_block_group+0x66e/0xa90
[ 108.473788][ T5610] __btrfs_free_extent+0x1cec/0x38e0
[ 108.479094][ T5610] ? __btrfs_inc_extent_ref+0x610/0x610
[ 108.484642][ T5610] ? lock_downgrade+0x840/0x8f0
[ 108.489513][ T5610] ? __btrfs_run_delayed_refs+0xa94/0x44d0
[ 108.495331][ T5610] ? __lock_acquire+0x1fd0/0x1fd0
[ 108.500370][ T5610] ? do_raw_spin_unlock+0x13b/0x8b0
[ 108.505588][ T5610] __btrfs_run_delayed_refs+0x13c8/0x44d0
[ 108.511393][ T5610] ? btrfs_run_delayed_refs+0x2c0/0x2c0
[ 108.516961][ T5610] ? __lock_acquire+0x1345/0x1fd0
[ 108.522028][ T5610] ? read_lock_is_recursive+0x20/0x20
[ 108.527430][ T5610] btrfs_run_delayed_refs+0xe3/0x2c0
[ 108.532739][ T5610] btrfs_commit_transaction+0x4ba/0x3740
[ 108.538479][ T5610] ? btrfs_commit_transaction+0x17b/0x3740
[ 108.544358][ T5610] ? btrfs_commit_transaction_async+0x480/0x480
[ 108.550669][ T5610] ? __up_read+0x6a0/0x6a0
[ 108.555174][ T5610] ? dput+0x52/0x470
[ 108.559190][ T5610] btrfs_sync_file+0xf50/0x1330
[ 108.564177][ T5610] ? btrfs_release_file+0x130/0x130
[ 108.569555][ T5610] ? __lock_acquire+0x1fd0/0x1fd0
[ 108.574689][ T5610] ? do_raw_spin_lock+0x14e/0x370
[ 108.579747][ T5610] ? do_raw_spin_unlock+0x13b/0x8b0
[ 108.584973][ T5610] btrfs_do_write_iter+0xbc5/0x1190
[ 108.590388][ T5610] ? mark_lock+0x9a/0x350
[ 108.594865][ T5610] ? btrfs_check_nocow_unlock+0x40/0x40
[ 108.600442][ T5610] do_iter_readv_writev+0x330/0x4a0
[ 108.605696][ T5610] ? generic_file_rw_checks+0x260/0x260
[ 108.611268][ T5610] ? fsnotify_perm+0x67/0x5a0
[ 108.615957][ T5610] ? bpf_lsm_file_permission+0x9/0x10
[ 108.621347][ T5610] do_iter_write+0x1f6/0x8d0
[ 108.626064][ T5610] do_pwritev+0x21a/0x360
[ 108.630567][ T5610] ? do_preadv+0x350/0x350
[ 108.635035][ T5610] ? do_notify_parent+0x10c0/0x10c0
[ 108.640260][ T5610] ? lockdep_hardirqs_on_prepare+0x43c/0x780
[ 108.646252][ T5610] ? print_irqtrace_events+0x220/0x220
[ 108.651735][ T5610] ? syscall_enter_from_user_mode+0xa4/0x2d0
[ 108.657721][ T5610] ? syscall_enter_from_user_mode+0xf5/0x2d0
[ 108.663703][ T5610] ? __x64_sys_pwritev2+0xbd/0x100
[ 108.668831][ T5610] do_syscall_64+0x45/0x110
[ 108.673345][ T5610] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 108.679259][ T5610] RIP: 0033:0x7fbb1142c2e9
[ 108.683706][ T5610] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 108.703333][ T5610] RSP: 002b:00007ffcc5e96ae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[pid 5610] pwritev2(4, [{iov_base="\xc5", iov_len=1}], 1, 0, RWF_APPEND) = 1
[pid 5610] exit_group(0) = ?
[pid 5610] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5610, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=30 /* 0.30 s */} ---
umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555562e86f0 /* 4 entries */, 32768) = 112
umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 108.711760][ T5610] RAX: ffffffffffffffda RBX: 00007ffcc5e96b20 RCX: 00007fbb1142c2e9
[ 108.719741][ T5610] RDX: 0000000000000001 RSI: 00000000200026c0 RDI: 0000000000000004
[ 108.727711][ T5610] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000010
[ 108.735696][ T5610] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcc5e96b1c
[ 108.743694][ T5610] R13: 0000000000000020 R14: 431bde82d7b634db R15: 00007ffcc5e96b60
[ 108.751700][ T5610]
newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./32/binderfs") = 0
[ 108.829100][ T5061] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555562f0730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562f0730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./32/file0") = 0
getdents64(3, 0x5555562e86f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./32") = 0
mkdir("./33", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5628 attached
, child_tidptr=0x5555562e7650) = 5628
[pid 5628] set_robust_list(0x5555562e7660, 24) = 0
[pid 5628] chdir("./33") = 0
[pid 5628] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5628] setpgid(0, 0) = 0
[pid 5628] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5628] write(3, "1000", 4) = 4
[pid 5628] close(3) = 0
[pid 5628] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5628] memfd_create("syzkaller", 0) = 3
[pid 5628] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb08fed000
[pid 5628] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5628] munmap(0x7fbb08fed000, 138412032) = 0
[pid 5628] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5628] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5628] close(3) = 0
[pid 5628] mkdir("./file0", 0777) = 0
[ 109.352835][ T5628] loop0: detected capacity change from 0 to 32768
[ 109.369771][ T5628] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor333 (5628)
[ 109.389378][ T5628] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 109.400205][ T5628] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 109.409126][ T5628] BTRFS info (device loop0): doing ref verification
[ 109.415764][ T5628] BTRFS info (device loop0): force zlib compression, level 3
[ 109.423190][ T5628] BTRFS info (device loop0): using free space tree
[ 109.446484][ T5628] BTRFS info (device loop0): enabling ssd optimizations
[pid 5628] mount("/dev/loop0", "./file0", "btrfs", 0, "commit=0x0000000000000022,noautodefrag,ref_verify,skip_balance,compress-force,") = 0
[pid 5628] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5628] chdir("./file0") = 0
[pid 5628] ioctl(4, LOOP_CLR_FD) = 0
[pid 5628] close(4) = 0
[ 109.453573][ T5628] BTRFS info (device loop0): auto enabling async discard
[pid 5628] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid 5628] fallocate(4, 0, 0, 1048820) = 0
[pid 5628] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5628] write(5, "56", 2) = 2
[ 109.487541][ T28] audit: type=1800 audit(1701700632.749:35): pid=5628 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor333" name="bus" dev="loop0" ino=263 res=0 errno=0
[ 109.519869][ T5628] FAULT_INJECTION: forcing a failure.
[ 109.519869][ T5628] name failslab, interval 1, probability 0, space 0, times 0
[ 109.532786][ T5628] CPU: 0 PID: 5628 Comm: syz-executor333 Not tainted 6.7.0-rc4-syzkaller #0
[ 109.541520][ T5628] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 109.551682][ T5628] Call Trace:
[ 109.555007][ T5628]
[ 109.557986][ T5628] dump_stack_lvl+0x1e7/0x2d0
[ 109.562766][ T5628] ? nf_tcp_handle_invalid+0x650/0x650
[ 109.568285][ T5628] ? panic+0x850/0x850
[ 109.572406][ T5628] ? __might_sleep+0xe0/0xe0
[ 109.577060][ T5628] should_fail_ex+0x3aa/0x4e0
[ 109.581986][ T5628] ? alloc_extent_state+0x25/0x2e0
[ 109.587152][ T5628] should_failslab+0x9/0x20
[ 109.591695][ T5628] kmem_cache_alloc+0x6d/0x2b0
[ 109.596499][ T5628] alloc_extent_state+0x25/0x2e0
[ 109.601473][ T5628] __set_extent_bit+0x1c8/0x1b00
[ 109.606449][ T5628] ? btrfs_update_block_group+0x62f/0xa90
[ 109.612216][ T5628] ? trace_btrfs_space_reservation+0x9a/0x220
[ 109.618323][ T5628] set_extent_bit+0x3b/0x50
[ 109.622857][ T5628] btrfs_update_block_group+0x66e/0xa90
[ 109.628434][ T5628] __btrfs_free_extent+0x1cec/0x38e0
[ 109.633751][ T5628] ? __btrfs_inc_extent_ref+0x610/0x610
[ 109.639310][ T5628] ? lock_downgrade+0x840/0x8f0
[ 109.644173][ T5628] ? __btrfs_run_delayed_refs+0xa94/0x44d0
[ 109.650000][ T5628] ? __lock_acquire+0x1fd0/0x1fd0
[ 109.655047][ T5628] ? do_raw_spin_unlock+0x13b/0x8b0
[ 109.660269][ T5628] __btrfs_run_delayed_refs+0x13c8/0x44d0
[ 109.666066][ T5628] ? btrfs_run_delayed_refs+0x2c0/0x2c0
[ 109.671635][ T5628] ? __lock_acquire+0x1345/0x1fd0
[ 109.676706][ T5628] ? read_lock_is_recursive+0x20/0x20
[ 109.682195][ T5628] btrfs_run_delayed_refs+0xe3/0x2c0
[ 109.687529][ T5628] btrfs_commit_transaction+0x4ba/0x3740
[ 109.693189][ T5628] ? btrfs_commit_transaction+0x17b/0x3740
[ 109.699040][ T5628] ? btrfs_commit_transaction_async+0x480/0x480
[ 109.705685][ T5628] ? __up_read+0x6a0/0x6a0
[ 109.710114][ T5628] ? dput+0x52/0x470
[ 109.714125][ T5628] btrfs_sync_file+0xf50/0x1330
[ 109.719015][ T5628] ? btrfs_release_file+0x130/0x130
[ 109.724264][ T5628] ? __lock_acquire+0x1fd0/0x1fd0
[ 109.729389][ T5628] ? do_raw_spin_lock+0x14e/0x370
[ 109.734441][ T5628] ? do_raw_spin_unlock+0x13b/0x8b0
[ 109.739670][ T5628] btrfs_do_write_iter+0xbc5/0x1190
[ 109.744883][ T5628] ? mark_lock+0x9a/0x350
[ 109.749284][ T5628] ? btrfs_check_nocow_unlock+0x40/0x40
[ 109.754857][ T5628] do_iter_readv_writev+0x330/0x4a0
[ 109.760086][ T5628] ? generic_file_rw_checks+0x260/0x260
[ 109.765663][ T5628] ? fsnotify_perm+0x67/0x5a0
[ 109.770379][ T5628] ? bpf_lsm_file_permission+0x9/0x10
[ 109.776035][ T5628] do_iter_write+0x1f6/0x8d0
[ 109.780763][ T5628] do_pwritev+0x21a/0x360
[ 109.785655][ T5628] ? do_preadv+0x350/0x350
[ 109.790280][ T5628] ? do_notify_parent+0x10c0/0x10c0
[ 109.795504][ T5628] ? lockdep_hardirqs_on_prepare+0x43c/0x780
[ 109.801594][ T5628] ? print_irqtrace_events+0x220/0x220
[ 109.807071][ T5628] ? syscall_enter_from_user_mode+0xa4/0x2d0
[ 109.813071][ T5628] ? syscall_enter_from_user_mode+0xf5/0x2d0
[ 109.819072][ T5628] ? __x64_sys_pwritev2+0xbd/0x100
[ 109.824211][ T5628] do_syscall_64+0x45/0x110
[ 109.828743][ T5628] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 109.834673][ T5628] RIP: 0033:0x7fbb1142c2e9
[ 109.839100][ T5628] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 109.858739][ T5628] RSP: 002b:00007ffcc5e96ae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[ 109.867688][ T5628] RAX: ffffffffffffffda RBX: 00007ffcc5e96b20 RCX: 00007fbb1142c2e9
[ 109.875688][ T5628] RDX: 0000000000000001 RSI: 00000000200026c0 RDI: 0000000000000004
[ 109.883667][ T5628] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000010
[ 109.891654][ T5628] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcc5e96b1c
[pid 5628] pwritev2(4, [{iov_base="\xc5", iov_len=1}], 1, 0, RWF_APPEND) = 1
[pid 5628] exit_group(0) = ?
[pid 5628] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5628, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=28 /* 0.28 s */} ---
umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 109.899635][ T5628] R13: 0000000000000021 R14: 431bde82d7b634db R15: 00007ffcc5e96b60
[ 109.907636][ T5628]
openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555562e86f0 /* 4 entries */, 32768) = 112
umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./33/binderfs") = 0
[ 110.014107][ T5061] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./33/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555562f0730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562f0730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./33/file0") = 0
getdents64(3, 0x5555562e86f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./33") = 0
mkdir("./34", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5646 attached
, child_tidptr=0x5555562e7650) = 5646
[pid 5646] set_robust_list(0x5555562e7660, 24) = 0
[pid 5646] chdir("./34") = 0
[pid 5646] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5646] setpgid(0, 0) = 0
[pid 5646] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5646] write(3, "1000", 4) = 4
[pid 5646] close(3) = 0
[pid 5646] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5646] memfd_create("syzkaller", 0) = 3
[pid 5646] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb08fed000
[pid 5646] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5646] munmap(0x7fbb08fed000, 138412032) = 0
[pid 5646] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5646] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5646] close(3) = 0
[pid 5646] mkdir("./file0", 0777) = 0
[ 110.538648][ T5646] loop0: detected capacity change from 0 to 32768
[ 110.564731][ T5646] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor333 (5646)
[ 110.581312][ T5646] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 110.592642][ T5646] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 110.601527][ T5646] BTRFS info (device loop0): doing ref verification
[ 110.608181][ T5646] BTRFS info (device loop0): force zlib compression, level 3
[ 110.615688][ T5646] BTRFS info (device loop0): using free space tree
[pid 5646] mount("/dev/loop0", "./file0", "btrfs", 0, "commit=0x0000000000000022,noautodefrag,ref_verify,skip_balance,compress-force,") = 0
[pid 5646] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5646] chdir("./file0") = 0
[pid 5646] ioctl(4, LOOP_CLR_FD) = 0
[ 110.637770][ T5646] BTRFS info (device loop0): enabling ssd optimizations
[ 110.645254][ T5646] BTRFS info (device loop0): auto enabling async discard
[pid 5646] close(4) = 0
[pid 5646] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid 5646] fallocate(4, 0, 0, 1048820) = 0
[pid 5646] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5646] write(5, "56", 2) = 2
[ 110.714493][ T28] audit: type=1800 audit(1701700633.979:36): pid=5646 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor333" name="bus" dev="loop0" ino=263 res=0 errno=0
[ 110.751326][ T5646] FAULT_INJECTION: forcing a failure.
[ 110.751326][ T5646] name failslab, interval 1, probability 0, space 0, times 0
[ 110.764519][ T5646] CPU: 1 PID: 5646 Comm: syz-executor333 Not tainted 6.7.0-rc4-syzkaller #0
[ 110.773253][ T5646] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 110.783628][ T5646] Call Trace:
[ 110.786950][ T5646]
[ 110.790182][ T5646] dump_stack_lvl+0x1e7/0x2d0
[ 110.795014][ T5646] ? nf_tcp_handle_invalid+0x650/0x650
[ 110.800532][ T5646] ? panic+0x850/0x850
[ 110.804650][ T5646] ? __might_sleep+0xe0/0xe0
[ 110.809319][ T5646] should_fail_ex+0x3aa/0x4e0
[ 110.814058][ T5646] ? add_to_free_space_tree+0xc7/0x2e0
[ 110.819595][ T5646] should_failslab+0x9/0x20
[ 110.824143][ T5646] kmem_cache_alloc+0x6d/0x2b0
[ 110.829055][ T5646] ? btrfs_qgroup_destroy_extent_records+0xb0/0xb0
[ 110.835789][ T5646] add_to_free_space_tree+0xc7/0x2e0
[ 110.841147][ T5646] __btrfs_free_extent+0x1cc4/0x38e0
[ 110.846510][ T5646] ? __btrfs_inc_extent_ref+0x610/0x610
[ 110.852107][ T5646] ? lock_downgrade+0x840/0x8f0
[ 110.857026][ T5646] ? __btrfs_run_delayed_refs+0xa94/0x44d0
[ 110.862921][ T5646] ? __lock_acquire+0x1fd0/0x1fd0
[ 110.867978][ T5646] ? do_raw_spin_unlock+0x13b/0x8b0
[ 110.873205][ T5646] __btrfs_run_delayed_refs+0x13c8/0x44d0
[ 110.879103][ T5646] ? btrfs_run_delayed_refs+0x2c0/0x2c0
[ 110.884671][ T5646] ? __lock_acquire+0x1345/0x1fd0
[ 110.889741][ T5646] ? read_lock_is_recursive+0x20/0x20
[ 110.895146][ T5646] btrfs_run_delayed_refs+0xe3/0x2c0
[ 110.900466][ T5646] btrfs_commit_transaction+0x4ba/0x3740
[ 110.906126][ T5646] ? btrfs_commit_transaction+0x17b/0x3740
[ 110.911980][ T5646] ? btrfs_commit_transaction_async+0x480/0x480
[ 110.918273][ T5646] ? __up_read+0x6a0/0x6a0
[ 110.922699][ T5646] ? dput+0x52/0x470
[ 110.926623][ T5646] btrfs_sync_file+0xf50/0x1330
[ 110.931513][ T5646] ? btrfs_release_file+0x130/0x130
[ 110.936840][ T5646] ? __lock_acquire+0x1fd0/0x1fd0
[ 110.941968][ T5646] ? do_raw_spin_lock+0x14e/0x370
[ 110.947031][ T5646] ? do_raw_spin_unlock+0x13b/0x8b0
[ 110.952257][ T5646] btrfs_do_write_iter+0xbc5/0x1190
[ 110.957481][ T5646] ? mark_lock+0x9a/0x350
[ 110.961870][ T5646] ? btrfs_check_nocow_unlock+0x40/0x40
[ 110.967446][ T5646] do_iter_readv_writev+0x330/0x4a0
[ 110.972678][ T5646] ? generic_file_rw_checks+0x260/0x260
[ 110.978255][ T5646] ? fsnotify_perm+0x67/0x5a0
[ 110.982967][ T5646] ? bpf_lsm_file_permission+0x9/0x10
[ 110.988542][ T5646] do_iter_write+0x1f6/0x8d0
[ 110.993171][ T5646] do_pwritev+0x21a/0x360
[ 110.997547][ T5646] ? do_preadv+0x350/0x350
[ 111.002000][ T5646] ? do_notify_parent+0x10c0/0x10c0
[ 111.007232][ T5646] ? lockdep_hardirqs_on_prepare+0x43c/0x780
[ 111.013239][ T5646] ? print_irqtrace_events+0x220/0x220
[ 111.018729][ T5646] ? syscall_enter_from_user_mode+0xa4/0x2d0
[ 111.024732][ T5646] ? syscall_enter_from_user_mode+0xf5/0x2d0
[ 111.030738][ T5646] ? __x64_sys_pwritev2+0xbd/0x100
[ 111.035875][ T5646] do_syscall_64+0x45/0x110
[ 111.040426][ T5646] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 111.046364][ T5646] RIP: 0033:0x7fbb1142c2e9
[ 111.050795][ T5646] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 111.070436][ T5646] RSP: 002b:00007ffcc5e96ae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[ 111.078882][ T5646] RAX: ffffffffffffffda RBX: 00007ffcc5e96b20 RCX: 00007fbb1142c2e9
[ 111.086878][ T5646] RDX: 0000000000000001 RSI: 00000000200026c0 RDI: 0000000000000004
[ 111.094867][ T5646] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000010
[ 111.102852][ T5646] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcc5e96b1c
[ 111.110922][ T5646] R13: 0000000000000022 R14: 431bde82d7b634db R15: 00007ffcc5e96b60
[ 111.119194][ T5646]
[ 111.122596][ T5646] BTRFS error (device loop0: state A): Transaction aborted (error -12)
[ 111.131632][ T5646] BTRFS: error (device loop0: state A) in add_to_free_space_tree:1057: errno=-12 Out of memory
[ 111.148362][ T5646] BTRFS info (device loop0: state EA): forced readonly
[ 111.155861][ T5646] BTRFS: error (device loop0: state EA) in do_free_extent_accounting:2989: errno=-12 Out of memory
[pid 5646] pwritev2(4, [{iov_base="\xc5", iov_len=1}], 1, 0, RWF_APPEND) = -1 ENOMEM (Cannot allocate memory)
[pid 5646] exit_group(0) = ?
[pid 5646] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5646, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=32 /* 0.32 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555562e86f0 /* 4 entries */, 32768) = 112
[ 111.166968][ T5646] BTRFS error (device loop0: state EA): failed to run delayed ref for logical 5308416 num_bytes 4096 type 176 action 2 ref_mod 1: -12
[ 111.180932][ T5646] BTRFS: error (device loop0: state EA) in btrfs_run_delayed_refs:2226: errno=-12 Out of memory
umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./34/binderfs") = 0
[ 111.255343][ T5061] BTRFS info (device loop0: state EA): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./34/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555562f0730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562f0730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./34/file0") = 0
getdents64(3, 0x5555562e86f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./34") = 0
mkdir("./35", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5665 attached
[pid 5665] set_robust_list(0x5555562e7660, 24) = 0
[pid 5665] chdir("./35") = 0
[pid 5061] <... clone resumed>, child_tidptr=0x5555562e7650) = 5665
[pid 5665] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5665] setpgid(0, 0) = 0
[pid 5665] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5665] write(3, "1000", 4) = 4
[pid 5665] close(3) = 0
[pid 5665] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5665] memfd_create("syzkaller", 0) = 3
[pid 5665] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb08fed000
[pid 5665] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5665] munmap(0x7fbb08fed000, 138412032) = 0
[pid 5665] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5665] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5665] close(3) = 0
[pid 5665] mkdir("./file0", 0777) = 0
[ 111.730408][ T5665] loop0: detected capacity change from 0 to 32768
[ 111.751068][ T5665] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor333 (5665)
[ 111.768061][ T5665] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 111.778354][ T5665] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 111.787186][ T5665] BTRFS info (device loop0): doing ref verification
[ 111.793878][ T5665] BTRFS info (device loop0): force zlib compression, level 3
[ 111.801548][ T5665] BTRFS info (device loop0): using free space tree
[pid 5665] mount("/dev/loop0", "./file0", "btrfs", 0, "commit=0x0000000000000022,noautodefrag,ref_verify,skip_balance,compress-force,") = 0
[pid 5665] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5665] chdir("./file0") = 0
[pid 5665] ioctl(4, LOOP_CLR_FD) = 0
[pid 5665] close(4) = 0
[pid 5665] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[ 111.825049][ T5665] BTRFS info (device loop0): enabling ssd optimizations
[ 111.832250][ T5665] BTRFS info (device loop0): auto enabling async discard
[pid 5665] fallocate(4, 0, 0, 1048820) = 0
[pid 5665] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5665] write(5, "56", 2) = 2
[ 111.888175][ T28] audit: type=1800 audit(1701700635.149:37): pid=5665 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor333" name="bus" dev="loop0" ino=263 res=0 errno=0
[ 111.919796][ T5665] FAULT_INJECTION: forcing a failure.
[ 111.919796][ T5665] name failslab, interval 1, probability 0, space 0, times 0
[ 111.933045][ T5665] CPU: 1 PID: 5665 Comm: syz-executor333 Not tainted 6.7.0-rc4-syzkaller #0
[ 111.941774][ T5665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 111.951875][ T5665] Call Trace:
[ 111.955189][ T5665]
[ 111.958158][ T5665] dump_stack_lvl+0x1e7/0x2d0
[ 111.962899][ T5665] ? nf_tcp_handle_invalid+0x650/0x650
[ 111.968407][ T5665] ? panic+0x850/0x850
[ 111.972519][ T5665] ? __might_sleep+0xe0/0xe0
[ 111.977165][ T5665] should_fail_ex+0x3aa/0x4e0
[ 111.981900][ T5665] ? alloc_extent_state+0x25/0x2e0
[ 111.987066][ T5665] should_failslab+0x9/0x20
[ 111.991609][ T5665] kmem_cache_alloc+0x6d/0x2b0
[ 111.996427][ T5665] alloc_extent_state+0x25/0x2e0
[ 112.001448][ T5665] __set_extent_bit+0x1c8/0x1b00
[ 112.006443][ T5665] ? btrfs_update_block_group+0x62f/0xa90
[ 112.012212][ T5665] ? trace_btrfs_space_reservation+0x9a/0x220
[ 112.018340][ T5665] set_extent_bit+0x3b/0x50
[ 112.022905][ T5665] btrfs_update_block_group+0x66e/0xa90
[ 112.028537][ T5665] __btrfs_free_extent+0x1cec/0x38e0
[ 112.033892][ T5665] ? __btrfs_inc_extent_ref+0x610/0x610
[ 112.039483][ T5665] ? lock_downgrade+0x840/0x8f0
[ 112.044379][ T5665] ? __btrfs_run_delayed_refs+0xa94/0x44d0
[ 112.050233][ T5665] ? __lock_acquire+0x1fd0/0x1fd0
[ 112.055302][ T5665] ? do_raw_spin_unlock+0x13b/0x8b0
[ 112.060525][ T5665] __btrfs_run_delayed_refs+0x13c8/0x44d0
[ 112.066350][ T5665] ? btrfs_run_delayed_refs+0x2c0/0x2c0
[ 112.072016][ T5665] ? __lock_acquire+0x1345/0x1fd0
[ 112.077085][ T5665] ? read_lock_is_recursive+0x20/0x20
[ 112.082488][ T5665] btrfs_run_delayed_refs+0xe3/0x2c0
[ 112.087798][ T5665] btrfs_commit_transaction+0x4ba/0x3740
[ 112.093462][ T5665] ? btrfs_commit_transaction+0x17b/0x3740
[ 112.099308][ T5665] ? btrfs_commit_transaction_async+0x480/0x480
[ 112.105600][ T5665] ? __up_read+0x6a0/0x6a0
[ 112.110028][ T5665] ? dput+0x52/0x470
[ 112.113963][ T5665] btrfs_sync_file+0xf50/0x1330
[ 112.118889][ T5665] ? btrfs_release_file+0x130/0x130
[ 112.124114][ T5665] ? __lock_acquire+0x1fd0/0x1fd0
[ 112.129152][ T5665] ? do_raw_spin_lock+0x14e/0x370
[ 112.134203][ T5665] ? do_raw_spin_unlock+0x13b/0x8b0
[ 112.139432][ T5665] btrfs_do_write_iter+0xbc5/0x1190
[ 112.144650][ T5665] ? mark_lock+0x9a/0x350
[ 112.149020][ T5665] ? btrfs_check_nocow_unlock+0x40/0x40
[ 112.154616][ T5665] do_iter_readv_writev+0x330/0x4a0
[ 112.159865][ T5665] ? generic_file_rw_checks+0x260/0x260
[ 112.165541][ T5665] ? fsnotify_perm+0x67/0x5a0
[ 112.170237][ T5665] ? bpf_lsm_file_permission+0x9/0x10
[ 112.175666][ T5665] do_iter_write+0x1f6/0x8d0
[ 112.180290][ T5665] do_pwritev+0x21a/0x360
[ 112.184646][ T5665] ? do_preadv+0x350/0x350
[ 112.189097][ T5665] ? do_notify_parent+0x10c0/0x10c0
[ 112.194315][ T5665] ? lockdep_hardirqs_on_prepare+0x43c/0x780
[ 112.200314][ T5665] ? print_irqtrace_events+0x220/0x220
[ 112.205800][ T5665] ? syscall_enter_from_user_mode+0xa4/0x2d0
[ 112.211815][ T5665] ? syscall_enter_from_user_mode+0xf5/0x2d0
[ 112.217804][ T5665] ? __x64_sys_pwritev2+0xbd/0x100
[ 112.222941][ T5665] do_syscall_64+0x45/0x110
[ 112.227466][ T5665] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 112.233381][ T5665] RIP: 0033:0x7fbb1142c2e9
[ 112.237806][ T5665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 112.257462][ T5665] RSP: 002b:00007ffcc5e96ae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[ 112.265891][ T5665] RAX: ffffffffffffffda RBX: 00007ffcc5e96b20 RCX: 00007fbb1142c2e9
[ 112.273886][ T5665] RDX: 0000000000000001 RSI: 00000000200026c0 RDI: 0000000000000004
[ 112.281869][ T5665] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000010
[pid 5665] pwritev2(4, [{iov_base="\xc5", iov_len=1}], 1, 0, RWF_APPEND) = 1
[pid 5665] exit_group(0) = ?
[pid 5665] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5665, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=27 /* 0.27 s */} ---
[ 112.289863][ T5665] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcc5e96b1c
[ 112.297844][ T5665] R13: 0000000000000023 R14: 431bde82d7b634db R15: 00007ffcc5e96b60
[ 112.305842][ T5665]
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555562e86f0 /* 4 entries */, 32768) = 112
umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./35/binderfs") = 0
[ 112.441047][ T5061] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./35/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555562f0730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562f0730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./35/file0") = 0
getdents64(3, 0x5555562e86f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./35") = 0
mkdir("./36", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5682 attached
, child_tidptr=0x5555562e7650) = 5682
[pid 5682] set_robust_list(0x5555562e7660, 24) = 0
[pid 5682] chdir("./36") = 0
[pid 5682] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5682] setpgid(0, 0) = 0
[pid 5682] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5682] write(3, "1000", 4) = 4
[pid 5682] close(3) = 0
[pid 5682] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5682] memfd_create("syzkaller", 0) = 3
[pid 5682] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb08fed000
[pid 5682] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5682] munmap(0x7fbb08fed000, 138412032) = 0
[pid 5682] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5682] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5682] close(3) = 0
[pid 5682] mkdir("./file0", 0777) = 0
[ 112.906452][ T5682] loop0: detected capacity change from 0 to 32768
[ 112.921683][ T5682] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor333 (5682)
[ 112.937672][ T5682] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 112.948349][ T5682] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 112.957132][ T5682] BTRFS info (device loop0): doing ref verification
[ 112.963842][ T5682] BTRFS info (device loop0): force zlib compression, level 3
[ 112.971287][ T5682] BTRFS info (device loop0): using free space tree
[ 112.992967][ T5682] BTRFS info (device loop0): enabling ssd optimizations
[ 113.000011][ T5682] BTRFS info (device loop0): auto enabling async discard
[pid 5682] mount("/dev/loop0", "./file0", "btrfs", 0, "commit=0x0000000000000022,noautodefrag,ref_verify,skip_balance,compress-force,") = 0
[pid 5682] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5682] chdir("./file0") = 0
[pid 5682] ioctl(4, LOOP_CLR_FD) = 0
[pid 5682] close(4) = 0
[pid 5682] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid 5682] fallocate(4, 0, 0, 1048820) = 0
[pid 5682] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5682] write(5, "56", 2) = 2
[ 113.039550][ T28] audit: type=1800 audit(1701700636.309:38): pid=5682 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor333" name="bus" dev="loop0" ino=263 res=0 errno=0
[ 113.075777][ T5682] FAULT_INJECTION: forcing a failure.
[ 113.075777][ T5682] name failslab, interval 1, probability 0, space 0, times 0
[ 113.090338][ T5682] CPU: 1 PID: 5682 Comm: syz-executor333 Not tainted 6.7.0-rc4-syzkaller #0
[ 113.099166][ T5682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 113.109286][ T5682] Call Trace:
[ 113.112603][ T5682]
[ 113.115578][ T5682] dump_stack_lvl+0x1e7/0x2d0
[ 113.120314][ T5682] ? nf_tcp_handle_invalid+0x650/0x650
[ 113.125928][ T5682] ? panic+0x850/0x850
[ 113.130046][ T5682] ? __might_sleep+0xe0/0xe0
[ 113.134702][ T5682] should_fail_ex+0x3aa/0x4e0
[ 113.139965][ T5682] ? add_to_free_space_tree+0xc7/0x2e0
[ 113.145539][ T5682] should_failslab+0x9/0x20
[ 113.150201][ T5682] kmem_cache_alloc+0x6d/0x2b0
[ 113.155031][ T5682] ? btrfs_qgroup_destroy_extent_records+0xb0/0xb0
[ 113.161593][ T5682] add_to_free_space_tree+0xc7/0x2e0
[ 113.166944][ T5682] __btrfs_free_extent+0x1cc4/0x38e0
[ 113.172480][ T5682] ? __btrfs_inc_extent_ref+0x610/0x610
[ 113.178604][ T5682] ? lock_downgrade+0x840/0x8f0
[ 113.183509][ T5682] ? __btrfs_run_delayed_refs+0xa94/0x44d0
[ 113.189465][ T5682] ? __lock_acquire+0x1fd0/0x1fd0
[ 113.194552][ T5682] ? do_raw_spin_unlock+0x13b/0x8b0
[ 113.199812][ T5682] __btrfs_run_delayed_refs+0x13c8/0x44d0
[ 113.205660][ T5682] ? btrfs_run_delayed_refs+0x2c0/0x2c0
[ 113.211275][ T5682] ? __lock_acquire+0x1345/0x1fd0
[ 113.216420][ T5682] ? read_lock_is_recursive+0x20/0x20
[ 113.221872][ T5682] btrfs_run_delayed_refs+0xe3/0x2c0
[ 113.227227][ T5682] btrfs_commit_transaction+0x4ba/0x3740
[ 113.232939][ T5682] ? btrfs_commit_transaction+0x17b/0x3740
[ 113.238810][ T5682] ? btrfs_commit_transaction_async+0x480/0x480
[ 113.245093][ T5682] ? __up_read+0x6a0/0x6a0
[ 113.249612][ T5682] ? dput+0x52/0x470
[ 113.253541][ T5682] btrfs_sync_file+0xf50/0x1330
[ 113.258472][ T5682] ? btrfs_release_file+0x130/0x130
[ 113.263732][ T5682] ? __lock_acquire+0x1fd0/0x1fd0
[ 113.268789][ T5682] ? do_raw_spin_lock+0x14e/0x370
[ 113.273884][ T5682] ? do_raw_spin_unlock+0x13b/0x8b0
[ 113.279136][ T5682] btrfs_do_write_iter+0xbc5/0x1190
[ 113.284632][ T5682] ? mark_lock+0x9a/0x350
[ 113.289021][ T5682] ? btrfs_check_nocow_unlock+0x40/0x40
[ 113.294599][ T5682] do_iter_readv_writev+0x330/0x4a0
[ 113.300618][ T5682] ? generic_file_rw_checks+0x260/0x260
[ 113.306302][ T5682] ? fsnotify_perm+0x67/0x5a0
[ 113.311018][ T5682] ? bpf_lsm_file_permission+0x9/0x10
[ 113.316474][ T5682] do_iter_write+0x1f6/0x8d0
[ 113.321130][ T5682] do_pwritev+0x21a/0x360
[ 113.325507][ T5682] ? do_preadv+0x350/0x350
[ 113.329969][ T5682] ? do_notify_parent+0x10c0/0x10c0
[ 113.335207][ T5682] ? lockdep_hardirqs_on_prepare+0x43c/0x780
[ 113.341247][ T5682] ? print_irqtrace_events+0x220/0x220
[ 113.347019][ T5682] ? syscall_enter_from_user_mode+0xa4/0x2d0
[ 113.353026][ T5682] ? syscall_enter_from_user_mode+0xf5/0x2d0
[ 113.359018][ T5682] ? __x64_sys_pwritev2+0xbd/0x100
[ 113.364146][ T5682] do_syscall_64+0x45/0x110
[ 113.368673][ T5682] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 113.374601][ T5682] RIP: 0033:0x7fbb1142c2e9
[ 113.379043][ T5682] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 113.398766][ T5682] RSP: 002b:00007ffcc5e96ae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[ 113.407332][ T5682] RAX: ffffffffffffffda RBX: 00007ffcc5e96b20 RCX: 00007fbb1142c2e9
[ 113.415353][ T5682] RDX: 0000000000000001 RSI: 00000000200026c0 RDI: 0000000000000004
[ 113.423440][ T5682] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000010
[ 113.432392][ T5682] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcc5e96b1c
[ 113.440392][ T5682] R13: 0000000000000024 R14: 431bde82d7b634db R15: 00007ffcc5e96b60
[ 113.448410][ T5682]
[ 113.452987][ T5682] BTRFS error (device loop0: state A): Transaction aborted (error -12)
[ 113.461904][ T5682] BTRFS: error (device loop0: state A) in add_to_free_space_tree:1057: errno=-12 Out of memory
[ 113.472436][ T5682] BTRFS info (device loop0: state EA): forced readonly
[ 113.481651][ T5682] BTRFS: error (device loop0: state EA) in do_free_extent_accounting:2989: errno=-12 Out of memory
[pid 5682] pwritev2(4, [{iov_base="\xc5", iov_len=1}], 1, 0, RWF_APPEND) = -1 ENOMEM (Cannot allocate memory)
[pid 5682] exit_group(0) = ?
[pid 5682] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5682, si_uid=0, si_status=0, si_utime=0, si_stime=37 /* 0.37 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[ 113.492626][ T5682] BTRFS error (device loop0: state EA): failed to run delayed ref for logical 5308416 num_bytes 4096 type 176 action 2 ref_mod 1: -12
[ 113.506664][ T5682] BTRFS: error (device loop0: state EA) in btrfs_run_delayed_refs:2226: errno=-12 Out of memory
getdents64(3, 0x5555562e86f0 /* 4 entries */, 32768) = 112
umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./36/binderfs") = 0
[ 113.581129][ T5061] BTRFS info (device loop0: state EA): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./36/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555562f0730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562f0730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./36/file0") = 0
getdents64(3, 0x5555562e86f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./36") = 0
mkdir("./37", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5700 attached
[pid 5700] set_robust_list(0x5555562e7660, 24) = 0
[pid 5700] chdir("./37") = 0
[pid 5700] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5061] <... clone resumed>, child_tidptr=0x5555562e7650) = 5700
[pid 5700] setpgid(0, 0) = 0
[pid 5700] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5700] write(3, "1000", 4) = 4
[pid 5700] close(3) = 0
[pid 5700] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5700] memfd_create("syzkaller", 0) = 3
[pid 5700] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb08fed000
[pid 5700] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5700] munmap(0x7fbb08fed000, 138412032) = 0
[pid 5700] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5700] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5700] close(3) = 0
[pid 5700] mkdir("./file0", 0777) = 0
[ 114.060740][ T5700] loop0: detected capacity change from 0 to 32768
[ 114.085873][ T5700] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor333 (5700)
[ 114.103142][ T5700] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 114.113557][ T5700] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 114.122333][ T5700] BTRFS info (device loop0): doing ref verification
[ 114.128998][ T5700] BTRFS info (device loop0): force zlib compression, level 3
[ 114.136406][ T5700] BTRFS info (device loop0): using free space tree
[pid 5700] mount("/dev/loop0", "./file0", "btrfs", 0, "commit=0x0000000000000022,noautodefrag,ref_verify,skip_balance,compress-force,") = 0
[pid 5700] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5700] chdir("./file0") = 0
[pid 5700] ioctl(4, LOOP_CLR_FD) = 0
[pid 5700] close(4) = 0
[pid 5700] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid 5700] fallocate(4, 0, 0, 1048820) = 0
[pid 5700] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5700] write(5, "56", 2) = 2
[ 114.173205][ T5700] BTRFS info (device loop0): enabling ssd optimizations
[ 114.180450][ T5700] BTRFS info (device loop0): auto enabling async discard
[ 114.202872][ T28] audit: type=1800 audit(1701700637.469:39): pid=5700 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor333" name="bus" dev="loop0" ino=263 res=0 errno=0
[ 114.237297][ T5700] FAULT_INJECTION: forcing a failure.
[ 114.237297][ T5700] name failslab, interval 1, probability 0, space 0, times 0
[ 114.250289][ T5700] CPU: 0 PID: 5700 Comm: syz-executor333 Not tainted 6.7.0-rc4-syzkaller #0
[ 114.259014][ T5700] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 114.269159][ T5700] Call Trace:
[ 114.272580][ T5700]
[ 114.275544][ T5700] dump_stack_lvl+0x1e7/0x2d0
[ 114.280655][ T5700] ? nf_tcp_handle_invalid+0x650/0x650
[ 114.286213][ T5700] ? panic+0x850/0x850
[ 114.290339][ T5700] ? __might_sleep+0xe0/0xe0
[ 114.294994][ T5700] should_fail_ex+0x3aa/0x4e0
[ 114.299730][ T5700] ? alloc_extent_state+0x25/0x2e0
[ 114.304900][ T5700] should_failslab+0x9/0x20
[ 114.309450][ T5700] kmem_cache_alloc+0x6d/0x2b0
[ 114.314277][ T5700] alloc_extent_state+0x25/0x2e0
[ 114.319324][ T5700] __set_extent_bit+0x1c8/0x1b00
[ 114.324323][ T5700] ? btrfs_update_block_group+0x62f/0xa90
[ 114.330975][ T5700] ? trace_btrfs_space_reservation+0x9a/0x220
[ 114.337106][ T5700] set_extent_bit+0x3b/0x50
[ 114.341676][ T5700] btrfs_update_block_group+0x66e/0xa90
[ 114.347299][ T5700] __btrfs_free_extent+0x1cec/0x38e0
[ 114.352667][ T5700] ? __btrfs_inc_extent_ref+0x610/0x610
[ 114.358264][ T5700] ? lock_downgrade+0x840/0x8f0
[ 114.363194][ T5700] ? __btrfs_run_delayed_refs+0xa94/0x44d0
[ 114.369060][ T5700] ? __lock_acquire+0x1fd0/0x1fd0
[ 114.374166][ T5700] ? do_raw_spin_unlock+0x13b/0x8b0
[ 114.379434][ T5700] __btrfs_run_delayed_refs+0x13c8/0x44d0
[ 114.385292][ T5700] ? btrfs_run_delayed_refs+0x2c0/0x2c0
[ 114.390986][ T5700] ? __lock_acquire+0x1345/0x1fd0
[ 114.396114][ T5700] ? read_lock_is_recursive+0x20/0x20
[ 114.401686][ T5700] btrfs_run_delayed_refs+0xe3/0x2c0
[ 114.407044][ T5700] btrfs_commit_transaction+0x4ba/0x3740
[ 114.412745][ T5700] ? btrfs_commit_transaction+0x17b/0x3740
[ 114.418642][ T5700] ? btrfs_commit_transaction_async+0x480/0x480
[ 114.424987][ T5700] ? __up_read+0x6a0/0x6a0
[ 114.429448][ T5700] ? dput+0x52/0x470
[ 114.433411][ T5700] btrfs_sync_file+0xf50/0x1330
[ 114.438420][ T5700] ? btrfs_release_file+0x130/0x130
[ 114.443668][ T5700] ? __lock_acquire+0x1fd0/0x1fd0
[ 114.448706][ T5700] ? do_raw_spin_lock+0x14e/0x370
[ 114.453756][ T5700] ? do_raw_spin_unlock+0x13b/0x8b0
[ 114.458990][ T5700] btrfs_do_write_iter+0xbc5/0x1190
[ 114.464198][ T5700] ? mark_lock+0x9a/0x350
[ 114.468576][ T5700] ? btrfs_check_nocow_unlock+0x40/0x40
[ 114.474257][ T5700] do_iter_readv_writev+0x330/0x4a0
[ 114.479493][ T5700] ? generic_file_rw_checks+0x260/0x260
[ 114.485851][ T5700] ? fsnotify_perm+0x67/0x5a0
[ 114.490722][ T5700] ? bpf_lsm_file_permission+0x9/0x10
[ 114.496144][ T5700] do_iter_write+0x1f6/0x8d0
[ 114.500812][ T5700] do_pwritev+0x21a/0x360
[ 114.505189][ T5700] ? do_preadv+0x350/0x350
[ 114.509643][ T5700] ? do_notify_parent+0x10c0/0x10c0
[ 114.514861][ T5700] ? lockdep_hardirqs_on_prepare+0x43c/0x780
[ 114.520865][ T5700] ? print_irqtrace_events+0x220/0x220
[ 114.526365][ T5700] ? syscall_enter_from_user_mode+0xa4/0x2d0
[ 114.532358][ T5700] ? syscall_enter_from_user_mode+0xf5/0x2d0
[ 114.538379][ T5700] ? __x64_sys_pwritev2+0xbd/0x100
[ 114.543506][ T5700] do_syscall_64+0x45/0x110
[ 114.548025][ T5700] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 114.553967][ T5700] RIP: 0033:0x7fbb1142c2e9
[ 114.558406][ T5700] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 114.578033][ T5700] RSP: 002b:00007ffcc5e96ae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[pid 5700] pwritev2(4, [{iov_base="\xc5", iov_len=1}], 1, 0, RWF_APPEND) = 1
[pid 5700] exit_group(0) = ?
[pid 5700] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5700, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=25 /* 0.25 s */} ---
umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[ 114.586482][ T5700] RAX: ffffffffffffffda RBX: 00007ffcc5e96b20 RCX: 00007fbb1142c2e9
[ 114.594476][ T5700] RDX: 0000000000000001 RSI: 00000000200026c0 RDI: 0000000000000004
[ 114.602457][ T5700] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000010
[ 114.610453][ T5700] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcc5e96b1c
[ 114.618432][ T5700] R13: 0000000000000025 R14: 431bde82d7b634db R15: 00007ffcc5e96b60
[ 114.626427][ T5700]
getdents64(3, 0x5555562e86f0 /* 4 entries */, 32768) = 112
umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./37/binderfs") = 0
[ 114.700320][ T5061] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555562f0730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562f0730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./37/file0") = 0
getdents64(3, 0x5555562e86f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./37") = 0
mkdir("./38", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5717 attached
, child_tidptr=0x5555562e7650) = 5717
[pid 5717] set_robust_list(0x5555562e7660, 24) = 0
[pid 5717] chdir("./38") = 0
[pid 5717] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5717] setpgid(0, 0) = 0
[pid 5717] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5717] write(3, "1000", 4) = 4
[pid 5717] close(3) = 0
[pid 5717] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5717] memfd_create("syzkaller", 0) = 3
[pid 5717] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb08fed000
[pid 5717] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5717] munmap(0x7fbb08fed000, 138412032) = 0
[pid 5717] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5717] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5717] close(3) = 0
[pid 5717] mkdir("./file0", 0777) = 0
[ 115.220058][ T5717] loop0: detected capacity change from 0 to 32768
[ 115.233903][ T5717] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor333 (5717)
[ 115.250017][ T5717] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 115.260584][ T5717] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 115.269797][ T5717] BTRFS info (device loop0): doing ref verification
[ 115.276441][ T5717] BTRFS info (device loop0): force zlib compression, level 3
[ 115.283888][ T5717] BTRFS info (device loop0): using free space tree
[ 115.307115][ T5717] BTRFS info (device loop0): enabling ssd optimizations
[pid 5717] mount("/dev/loop0", "./file0", "btrfs", 0, "commit=0x0000000000000022,noautodefrag,ref_verify,skip_balance,compress-force,") = 0
[pid 5717] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5717] chdir("./file0") = 0
[pid 5717] ioctl(4, LOOP_CLR_FD) = 0
[pid 5717] close(4) = 0
[ 115.314234][ T5717] BTRFS info (device loop0): auto enabling async discard
[pid 5717] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid 5717] fallocate(4, 0, 0, 1048820) = 0
[pid 5717] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5717] write(5, "56", 2) = 2
[ 115.351686][ T28] audit: type=1800 audit(1701700638.619:40): pid=5717 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor333" name="bus" dev="loop0" ino=263 res=0 errno=0
[ 115.386984][ T5717] FAULT_INJECTION: forcing a failure.
[ 115.386984][ T5717] name failslab, interval 1, probability 0, space 0, times 0
[ 115.399812][ T5717] CPU: 1 PID: 5717 Comm: syz-executor333 Not tainted 6.7.0-rc4-syzkaller #0
[ 115.408578][ T5717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 115.418769][ T5717] Call Trace:
[ 115.422088][ T5717]
[ 115.425074][ T5717] dump_stack_lvl+0x1e7/0x2d0
[ 115.429811][ T5717] ? nf_tcp_handle_invalid+0x650/0x650
[ 115.435367][ T5717] ? panic+0x850/0x850
[ 115.439490][ T5717] ? __might_sleep+0xe0/0xe0
[ 115.444174][ T5717] should_fail_ex+0x3aa/0x4e0
[ 115.448912][ T5717] ? add_to_free_space_tree+0xc7/0x2e0
[ 115.454425][ T5717] should_failslab+0x9/0x20
[ 115.458985][ T5717] kmem_cache_alloc+0x6d/0x2b0
[ 115.463810][ T5717] ? btrfs_qgroup_destroy_extent_records+0xb0/0xb0
[ 115.470365][ T5717] add_to_free_space_tree+0xc7/0x2e0
[ 115.475724][ T5717] __btrfs_free_extent+0x1cc4/0x38e0
[ 115.481101][ T5717] ? __btrfs_inc_extent_ref+0x610/0x610
[ 115.486722][ T5717] ? lock_downgrade+0x840/0x8f0
[ 115.491625][ T5717] ? __btrfs_run_delayed_refs+0xa94/0x44d0
[ 115.497529][ T5717] ? __lock_acquire+0x1fd0/0x1fd0
[ 115.502725][ T5717] ? do_raw_spin_unlock+0x13b/0x8b0
[ 115.508007][ T5717] __btrfs_run_delayed_refs+0x13c8/0x44d0
[ 115.513867][ T5717] ? btrfs_run_delayed_refs+0x2c0/0x2c0
[ 115.519749][ T5717] ? __lock_acquire+0x1345/0x1fd0
[ 115.524867][ T5717] ? read_lock_is_recursive+0x20/0x20
[ 115.530329][ T5717] btrfs_run_delayed_refs+0xe3/0x2c0
[ 115.535779][ T5717] btrfs_commit_transaction+0x4ba/0x3740
[ 115.541586][ T5717] ? btrfs_commit_transaction+0x17b/0x3740
[ 115.547633][ T5717] ? btrfs_commit_transaction_async+0x480/0x480
[ 115.554084][ T5717] ? __up_read+0x6a0/0x6a0
[ 115.558573][ T5717] ? dput+0x52/0x470
[ 115.562904][ T5717] btrfs_sync_file+0xf50/0x1330
[ 115.568171][ T5717] ? btrfs_release_file+0x130/0x130
[ 115.573735][ T5717] ? __lock_acquire+0x1fd0/0x1fd0
[ 115.578900][ T5717] ? do_raw_spin_lock+0x14e/0x370
[ 115.584423][ T5717] ? do_raw_spin_unlock+0x13b/0x8b0
[ 115.589756][ T5717] btrfs_do_write_iter+0xbc5/0x1190
[ 115.595161][ T5717] ? mark_lock+0x9a/0x350
[ 115.599533][ T5717] ? btrfs_check_nocow_unlock+0x40/0x40
[ 115.605725][ T5717] do_iter_readv_writev+0x330/0x4a0
[ 115.610979][ T5717] ? generic_file_rw_checks+0x260/0x260
[ 115.616559][ T5717] ? fsnotify_perm+0x67/0x5a0
[ 115.621304][ T5717] ? bpf_lsm_file_permission+0x9/0x10
[ 115.626718][ T5717] do_iter_write+0x1f6/0x8d0
[ 115.631437][ T5717] do_pwritev+0x21a/0x360
[ 115.635794][ T5717] ? do_preadv+0x350/0x350
[ 115.640250][ T5717] ? do_notify_parent+0x10c0/0x10c0
[ 115.645495][ T5717] ? lockdep_hardirqs_on_prepare+0x43c/0x780
[ 115.651518][ T5717] ? print_irqtrace_events+0x220/0x220
[ 115.657007][ T5717] ? syscall_enter_from_user_mode+0xa4/0x2d0
[ 115.663040][ T5717] ? syscall_enter_from_user_mode+0xf5/0x2d0
[ 115.669092][ T5717] ? __x64_sys_pwritev2+0xbd/0x100
[ 115.674236][ T5717] do_syscall_64+0x45/0x110
[ 115.678760][ T5717] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 115.684777][ T5717] RIP: 0033:0x7fbb1142c2e9
[ 115.689218][ T5717] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 115.708846][ T5717] RSP: 002b:00007ffcc5e96ae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[ 115.717286][ T5717] RAX: ffffffffffffffda RBX: 00007ffcc5e96b20 RCX: 00007fbb1142c2e9
[ 115.725294][ T5717] RDX: 0000000000000001 RSI: 00000000200026c0 RDI: 0000000000000004
[ 115.733286][ T5717] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000010
[ 115.741283][ T5717] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcc5e96b1c
[ 115.749275][ T5717] R13: 0000000000000026 R14: 431bde82d7b634db R15: 00007ffcc5e96b60
[ 115.757367][ T5717]
[ 115.762178][ T5717] BTRFS error (device loop0: state A): Transaction aborted (error -12)
[ 115.771031][ T5717] BTRFS: error (device loop0: state A) in add_to_free_space_tree:1057: errno=-12 Out of memory
[ 115.781588][ T5717] BTRFS info (device loop0: state EA): forced readonly
[ 115.788509][ T5717] BTRFS: error (device loop0: state EA) in do_free_extent_accounting:2989: errno=-12 Out of memory
[pid 5717] pwritev2(4, [{iov_base="\xc5", iov_len=1}], 1, 0, RWF_APPEND) = -1 ENOMEM (Cannot allocate memory)
[pid 5717] exit_group(0) = ?
[pid 5717] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5717, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=32 /* 0.32 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
[ 115.800594][ T5717] BTRFS error (device loop0: state EA): failed to run delayed ref for logical 5308416 num_bytes 4096 type 176 action 2 ref_mod 1: -12
[ 115.814725][ T5717] BTRFS: error (device loop0: state EA) in btrfs_run_delayed_refs:2226: errno=-12 Out of memory
umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555562e86f0 /* 4 entries */, 32768) = 112
umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./38/binderfs") = 0
[ 115.903883][ T5061] BTRFS info (device loop0: state EA): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./38/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555562f0730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562f0730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./38/file0") = 0
getdents64(3, 0x5555562e86f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./38") = 0
mkdir("./39", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5734 attached
, child_tidptr=0x5555562e7650) = 5734
[pid 5734] set_robust_list(0x5555562e7660, 24) = 0
[pid 5734] chdir("./39") = 0
[pid 5734] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5734] setpgid(0, 0) = 0
[pid 5734] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5734] write(3, "1000", 4) = 4
[pid 5734] close(3) = 0
[pid 5734] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5734] memfd_create("syzkaller", 0) = 3
[pid 5734] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb08fed000
[pid 5734] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5734] munmap(0x7fbb08fed000, 138412032) = 0
[pid 5734] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5734] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5734] close(3) = 0
[pid 5734] mkdir("./file0", 0777) = 0
[ 116.369480][ T5734] loop0: detected capacity change from 0 to 32768
[ 116.383734][ T5734] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor333 (5734)
[ 116.399965][ T5734] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 116.410215][ T5734] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 116.419053][ T5734] BTRFS info (device loop0): doing ref verification
[ 116.425681][ T5734] BTRFS info (device loop0): force zlib compression, level 3
[ 116.433133][ T5734] BTRFS info (device loop0): using free space tree
[ 116.456087][ T5734] BTRFS info (device loop0): enabling ssd optimizations
[pid 5734] mount("/dev/loop0", "./file0", "btrfs", 0, "commit=0x0000000000000022,noautodefrag,ref_verify,skip_balance,compress-force,") = 0
[pid 5734] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5734] chdir("./file0") = 0
[pid 5734] ioctl(4, LOOP_CLR_FD) = 0
[pid 5734] close(4) = 0
[ 116.463195][ T5734] BTRFS info (device loop0): auto enabling async discard
[pid 5734] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid 5734] fallocate(4, 0, 0, 1048820) = 0
[pid 5734] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5734] write(5, "56", 2) = 2
[pid 5734] pwritev2(4, [{iov_base="\xc5", iov_len=1}], 1, 0, RWF_APPEND) = 1
[pid 5734] exit_group(0) = ?
[pid 5734] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5734, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=25 /* 0.25 s */} ---
[ 116.511796][ T28] audit: type=1800 audit(1701700639.779:41): pid=5734 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor333" name="bus" dev="loop0" ino=263 res=0 errno=0
umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555562e86f0 /* 4 entries */, 32768) = 112
umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./39/binderfs") = 0
[ 116.639233][ T5061] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555562f0730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562f0730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./39/file0") = 0
getdents64(3, 0x5555562e86f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./39") = 0
mkdir("./40", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5751 attached
[pid 5751] set_robust_list(0x5555562e7660, 24
[pid 5061] <... clone resumed>, child_tidptr=0x5555562e7650) = 5751
[pid 5751] <... set_robust_list resumed>) = 0
[pid 5751] chdir("./40") = 0
[pid 5751] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5751] setpgid(0, 0) = 0
[pid 5751] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5751] write(3, "1000", 4) = 4
[pid 5751] close(3) = 0
[pid 5751] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5751] memfd_create("syzkaller", 0) = 3
[pid 5751] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb08fed000
[pid 5751] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5751] munmap(0x7fbb08fed000, 138412032) = 0
[pid 5751] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5751] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5751] close(3) = 0
[pid 5751] mkdir("./file0", 0777) = 0
[ 117.132110][ T5751] loop0: detected capacity change from 0 to 32768
[ 117.146517][ T5751] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor333 (5751)
[ 117.164731][ T5751] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 117.174982][ T5751] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 117.183868][ T5751] BTRFS info (device loop0): doing ref verification
[ 117.190546][ T5751] BTRFS info (device loop0): force zlib compression, level 3
[ 117.197986][ T5751] BTRFS info (device loop0): using free space tree
[ 117.221337][ T5751] BTRFS info (device loop0): enabling ssd optimizations
[pid 5751] mount("/dev/loop0", "./file0", "btrfs", 0, "commit=0x0000000000000022,noautodefrag,ref_verify,skip_balance,compress-force,") = 0
[pid 5751] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5751] chdir("./file0") = 0
[pid 5751] ioctl(4, LOOP_CLR_FD) = 0
[pid 5751] close(4) = 0
[pid 5751] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[ 117.228345][ T5751] BTRFS info (device loop0): auto enabling async discard
[pid 5751] fallocate(4, 0, 0, 1048820) = 0
[pid 5751] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5751] write(5, "56", 2) = 2
[ 117.264359][ T28] audit: type=1800 audit(1701700640.529:42): pid=5751 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor333" name="bus" dev="loop0" ino=263 res=0 errno=0
[ 117.316730][ T5751] FAULT_INJECTION: forcing a failure.
[ 117.316730][ T5751] name failslab, interval 1, probability 0, space 0, times 0
[ 117.329754][ T5751] CPU: 0 PID: 5751 Comm: syz-executor333 Not tainted 6.7.0-rc4-syzkaller #0
[ 117.338580][ T5751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 117.348682][ T5751] Call Trace:
[ 117.352005][ T5751]
[ 117.354973][ T5751] dump_stack_lvl+0x1e7/0x2d0
[ 117.359780][ T5751] ? nf_tcp_handle_invalid+0x650/0x650
[ 117.365297][ T5751] ? panic+0x850/0x850
[ 117.370115][ T5751] ? __might_sleep+0xe0/0xe0
[ 117.374772][ T5751] should_fail_ex+0x3aa/0x4e0
[ 117.379511][ T5751] ? add_to_free_space_tree+0xc7/0x2e0
[ 117.385024][ T5751] should_failslab+0x9/0x20
[ 117.389571][ T5751] kmem_cache_alloc+0x6d/0x2b0
[ 117.394639][ T5751] ? btrfs_qgroup_destroy_extent_records+0xb0/0xb0
[ 117.401181][ T5751] add_to_free_space_tree+0xc7/0x2e0
[ 117.406516][ T5751] __btrfs_free_extent+0x1cc4/0x38e0
[ 117.411873][ T5751] ? __btrfs_inc_extent_ref+0x610/0x610
[ 117.417465][ T5751] ? lock_downgrade+0x840/0x8f0
[ 117.422376][ T5751] ? __btrfs_run_delayed_refs+0xa94/0x44d0
[ 117.428320][ T5751] ? __lock_acquire+0x1fd0/0x1fd0
[ 117.433372][ T5751] ? do_raw_spin_unlock+0x13b/0x8b0
[ 117.438601][ T5751] __btrfs_run_delayed_refs+0x13c8/0x44d0
[ 117.444398][ T5751] ? btrfs_run_delayed_refs+0x2c0/0x2c0
[ 117.449967][ T5751] ? __lock_acquire+0x1345/0x1fd0
[ 117.455033][ T5751] ? read_lock_is_recursive+0x20/0x20
[ 117.460448][ T5751] btrfs_run_delayed_refs+0xe3/0x2c0
[ 117.465806][ T5751] btrfs_commit_transaction+0x4ba/0x3740
[ 117.471482][ T5751] ? btrfs_commit_transaction+0x17b/0x3740
[ 117.477349][ T5751] ? btrfs_commit_transaction_async+0x480/0x480
[ 117.483658][ T5751] ? __up_read+0x6a0/0x6a0
[ 117.488088][ T5751] ? dput+0x52/0x470
[ 117.492016][ T5751] btrfs_sync_file+0xf50/0x1330
[ 117.496932][ T5751] ? btrfs_release_file+0x130/0x130
[ 117.502328][ T5751] ? __lock_acquire+0x1fd0/0x1fd0
[ 117.507398][ T5751] ? do_raw_spin_lock+0x14e/0x370
[ 117.512478][ T5751] ? do_raw_spin_unlock+0x13b/0x8b0
[ 117.517739][ T5751] btrfs_do_write_iter+0xbc5/0x1190
[ 117.522970][ T5751] ? mark_lock+0x9a/0x350
[ 117.527349][ T5751] ? btrfs_check_nocow_unlock+0x40/0x40
[ 117.532932][ T5751] do_iter_readv_writev+0x330/0x4a0
[ 117.538185][ T5751] ? generic_file_rw_checks+0x260/0x260
[ 117.543764][ T5751] ? fsnotify_perm+0x67/0x5a0
[ 117.548552][ T5751] ? bpf_lsm_file_permission+0x9/0x10
[ 117.553951][ T5751] do_iter_write+0x1f6/0x8d0
[ 117.558585][ T5751] do_pwritev+0x21a/0x360
[ 117.562968][ T5751] ? do_preadv+0x350/0x350
[ 117.567429][ T5751] ? do_notify_parent+0x10c0/0x10c0
[ 117.572717][ T5751] ? lockdep_hardirqs_on_prepare+0x43c/0x780
[ 117.578725][ T5751] ? print_irqtrace_events+0x220/0x220
[ 117.584769][ T5751] ? syscall_enter_from_user_mode+0xa4/0x2d0
[ 117.590769][ T5751] ? syscall_enter_from_user_mode+0xf5/0x2d0
[ 117.596981][ T5751] ? __x64_sys_pwritev2+0xbd/0x100
[ 117.602145][ T5751] do_syscall_64+0x45/0x110
[ 117.606680][ T5751] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 117.612711][ T5751] RIP: 0033:0x7fbb1142c2e9
[ 117.617157][ T5751] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 117.636867][ T5751] RSP: 002b:00007ffcc5e96ae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[ 117.645389][ T5751] RAX: ffffffffffffffda RBX: 00007ffcc5e96b20 RCX: 00007fbb1142c2e9
[ 117.653378][ T5751] RDX: 0000000000000001 RSI: 00000000200026c0 RDI: 0000000000000004
[ 117.661795][ T5751] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000010
[ 117.669785][ T5751] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcc5e96b1c
[ 117.677790][ T5751] R13: 0000000000000028 R14: 431bde82d7b634db R15: 00007ffcc5e96b60
[ 117.685814][ T5751]
[ 117.692810][ T5751] BTRFS error (device loop0: state A): Transaction aborted (error -12)
[ 117.708331][ T5751] BTRFS: error (device loop0: state A) in add_to_free_space_tree:1057: errno=-12 Out of memory
[pid 5751] pwritev2(4, [{iov_base="\xc5", iov_len=1}], 1, 0, RWF_APPEND) = -1 ENOMEM (Cannot allocate memory)
[pid 5751] exit_group(0) = ?
[pid 5751] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5751, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=30 /* 0.30 s */} ---
umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 117.719497][ T5751] BTRFS info (device loop0: state EA): forced readonly
[ 117.726565][ T5751] BTRFS: error (device loop0: state EA) in do_free_extent_accounting:2989: errno=-12 Out of memory
[ 117.738003][ T5751] BTRFS error (device loop0: state EA): failed to run delayed ref for logical 5308416 num_bytes 4096 type 176 action 2 ref_mod 1: -12
[ 117.752792][ T5751] BTRFS: error (device loop0: state EA) in btrfs_run_delayed_refs:2226: errno=-12 Out of memory
openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555562e86f0 /* 4 entries */, 32768) = 112
umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./40/binderfs") = 0
[ 117.841458][ T5061] BTRFS info (device loop0: state EA): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./40/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555562f0730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562f0730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./40/file0") = 0
getdents64(3, 0x5555562e86f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./40") = 0
mkdir("./41", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5768 attached
, child_tidptr=0x5555562e7650) = 5768
[pid 5768] set_robust_list(0x5555562e7660, 24) = 0
[pid 5768] chdir("./41") = 0
[pid 5768] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5768] setpgid(0, 0) = 0
[pid 5768] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5768] write(3, "1000", 4) = 4
[pid 5768] close(3) = 0
[pid 5768] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5768] memfd_create("syzkaller", 0) = 3
[pid 5768] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb08fed000
[pid 5768] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5768] munmap(0x7fbb08fed000, 138412032) = 0
[pid 5768] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5768] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5768] close(3) = 0
[pid 5768] mkdir("./file0", 0777) = 0
[ 118.381929][ T5768] loop0: detected capacity change from 0 to 32768
[ 118.397693][ T5768] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor333 (5768)
[ 118.413518][ T5768] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 118.423878][ T5768] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 118.433090][ T5768] BTRFS info (device loop0): doing ref verification
[ 118.439830][ T5768] BTRFS info (device loop0): force zlib compression, level 3
[ 118.447419][ T5768] BTRFS info (device loop0): using free space tree
[pid 5768] mount("/dev/loop0", "./file0", "btrfs", 0, "commit=0x0000000000000022,noautodefrag,ref_verify,skip_balance,compress-force,") = 0
[pid 5768] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5768] chdir("./file0") = 0
[pid 5768] ioctl(4, LOOP_CLR_FD) = 0
[pid 5768] close(4) = 0
[pid 5768] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[ 118.481591][ T5768] BTRFS info (device loop0): enabling ssd optimizations
[ 118.488752][ T5768] BTRFS info (device loop0): auto enabling async discard
[pid 5768] fallocate(4, 0, 0, 1048820) = 0
[pid 5768] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5768] write(5, "56", 2) = 2
[ 118.530588][ T28] audit: type=1800 audit(1701700641.799:43): pid=5768 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor333" name="bus" dev="loop0" ino=263 res=0 errno=0
[ 118.557925][ T5768] FAULT_INJECTION: forcing a failure.
[ 118.557925][ T5768] name failslab, interval 1, probability 0, space 0, times 0
[ 118.572860][ T5768] CPU: 1 PID: 5768 Comm: syz-executor333 Not tainted 6.7.0-rc4-syzkaller #0
[ 118.581625][ T5768] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 118.591718][ T5768] Call Trace:
[ 118.595226][ T5768]
[ 118.598185][ T5768] dump_stack_lvl+0x1e7/0x2d0
[ 118.602932][ T5768] ? nf_tcp_handle_invalid+0x650/0x650
[ 118.608440][ T5768] ? panic+0x850/0x850
[ 118.612540][ T5768] ? __might_sleep+0xe0/0xe0
[ 118.617171][ T5768] should_fail_ex+0x3aa/0x4e0
[ 118.621884][ T5768] ? alloc_extent_state+0x25/0x2e0
[ 118.627214][ T5768] should_failslab+0x9/0x20
[ 118.631742][ T5768] kmem_cache_alloc+0x6d/0x2b0
[ 118.636632][ T5768] alloc_extent_state+0x25/0x2e0
[ 118.641613][ T5768] __set_extent_bit+0x1c8/0x1b00
[ 118.646692][ T5768] ? btrfs_update_block_group+0x62f/0xa90
[ 118.652632][ T5768] ? trace_btrfs_space_reservation+0x9a/0x220
[ 118.659219][ T5768] set_extent_bit+0x3b/0x50
[ 118.663817][ T5768] btrfs_update_block_group+0x66e/0xa90
[ 118.669443][ T5768] __btrfs_free_extent+0x1cec/0x38e0
[ 118.674926][ T5768] ? __btrfs_inc_extent_ref+0x610/0x610
[ 118.680614][ T5768] ? lock_downgrade+0x840/0x8f0
[ 118.685542][ T5768] ? __btrfs_run_delayed_refs+0xa94/0x44d0
[ 118.691381][ T5768] ? __lock_acquire+0x1fd0/0x1fd0
[ 118.696441][ T5768] ? do_raw_spin_unlock+0x13b/0x8b0
[ 118.701844][ T5768] __btrfs_run_delayed_refs+0x13c8/0x44d0
[ 118.707731][ T5768] ? btrfs_run_delayed_refs+0x2c0/0x2c0
[ 118.713310][ T5768] ? __lock_acquire+0x1345/0x1fd0
[ 118.718378][ T5768] ? read_lock_is_recursive+0x20/0x20
[ 118.723823][ T5768] btrfs_run_delayed_refs+0xe3/0x2c0
[ 118.729158][ T5768] btrfs_commit_transaction+0x4ba/0x3740
[ 118.734996][ T5768] ? btrfs_commit_transaction+0x17b/0x3740
[ 118.740858][ T5768] ? btrfs_commit_transaction_async+0x480/0x480
[ 118.747363][ T5768] ? __up_read+0x6a0/0x6a0
[ 118.751805][ T5768] ? dput+0x52/0x470
[ 118.755731][ T5768] btrfs_sync_file+0xf50/0x1330
[ 118.760617][ T5768] ? btrfs_release_file+0x130/0x130
[ 118.765933][ T5768] ? __lock_acquire+0x1fd0/0x1fd0
[ 118.770972][ T5768] ? do_raw_spin_lock+0x14e/0x370
[ 118.776026][ T5768] ? do_raw_spin_unlock+0x13b/0x8b0
[ 118.781360][ T5768] btrfs_do_write_iter+0xbc5/0x1190
[ 118.786666][ T5768] ? mark_lock+0x9a/0x350
[ 118.791038][ T5768] ? btrfs_check_nocow_unlock+0x40/0x40
[ 118.796799][ T5768] do_iter_readv_writev+0x330/0x4a0
[ 118.802307][ T5768] ? generic_file_rw_checks+0x260/0x260
[ 118.807889][ T5768] ? fsnotify_perm+0x67/0x5a0
[ 118.812718][ T5768] ? bpf_lsm_file_permission+0x9/0x10
[ 118.818385][ T5768] do_iter_write+0x1f6/0x8d0
[ 118.823043][ T5768] do_pwritev+0x21a/0x360
[ 118.827424][ T5768] ? do_preadv+0x350/0x350
[ 118.831885][ T5768] ? do_notify_parent+0x10c0/0x10c0
[ 118.837192][ T5768] ? lockdep_hardirqs_on_prepare+0x43c/0x780
[ 118.843193][ T5768] ? print_irqtrace_events+0x220/0x220
[ 118.848777][ T5768] ? syscall_enter_from_user_mode+0xa4/0x2d0
[ 118.854779][ T5768] ? syscall_enter_from_user_mode+0xf5/0x2d0
[ 118.860791][ T5768] ? __x64_sys_pwritev2+0xbd/0x100
[ 118.865925][ T5768] do_syscall_64+0x45/0x110
[ 118.870452][ T5768] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 118.876389][ T5768] RIP: 0033:0x7fbb1142c2e9
[ 118.880842][ T5768] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 118.900722][ T5768] RSP: 002b:00007ffcc5e96ae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[ 118.909242][ T5768] RAX: ffffffffffffffda RBX: 00007ffcc5e96b20 RCX: 00007fbb1142c2e9
[ 118.917415][ T5768] RDX: 0000000000000001 RSI: 00000000200026c0 RDI: 0000000000000004
[pid 5768] pwritev2(4, [{iov_base="\xc5", iov_len=1}], 1, 0, RWF_APPEND) = 1
[pid 5768] exit_group(0) = ?
[pid 5768] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5768, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=24 /* 0.24 s */} ---
[ 118.925436][ T5768] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000010
[ 118.933424][ T5768] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcc5e96b1c
[ 118.941598][ T5768] R13: 0000000000000029 R14: 431bde82d7b634db R15: 00007ffcc5e96b60
[ 118.949686][ T5768]
umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555562e86f0 /* 4 entries */, 32768) = 112
umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./41/binderfs") = 0
[ 119.037112][ T5061] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./41/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555562f0730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562f0730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./41/file0") = 0
getdents64(3, 0x5555562e86f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./41") = 0
mkdir("./42", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5785 attached
, child_tidptr=0x5555562e7650) = 5785
[pid 5785] set_robust_list(0x5555562e7660, 24) = 0
[pid 5785] chdir("./42") = 0
[pid 5785] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5785] setpgid(0, 0) = 0
[pid 5785] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5785] write(3, "1000", 4) = 4
[pid 5785] close(3) = 0
[pid 5785] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5785] memfd_create("syzkaller", 0) = 3
[pid 5785] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb08fed000
[pid 5785] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5785] munmap(0x7fbb08fed000, 138412032) = 0
[pid 5785] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5785] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5785] close(3) = 0
[pid 5785] mkdir("./file0", 0777) = 0
[ 119.512000][ T5785] loop0: detected capacity change from 0 to 32768
[ 119.538903][ T5785] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor333 (5785)
[ 119.557777][ T5785] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 119.568236][ T5785] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 119.577115][ T5785] BTRFS info (device loop0): doing ref verification
[ 119.583805][ T5785] BTRFS info (device loop0): force zlib compression, level 3
[ 119.591282][ T5785] BTRFS info (device loop0): using free space tree
[pid 5785] mount("/dev/loop0", "./file0", "btrfs", 0, "commit=0x0000000000000022,noautodefrag,ref_verify,skip_balance,compress-force,") = 0
[pid 5785] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5785] chdir("./file0") = 0
[pid 5785] ioctl(4, LOOP_CLR_FD) = 0
[pid 5785] close(4) = 0
[ 119.613607][ T5785] BTRFS info (device loop0): enabling ssd optimizations
[ 119.620959][ T5785] BTRFS info (device loop0): auto enabling async discard
[pid 5785] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid 5785] fallocate(4, 0, 0, 1048820) = 0
[pid 5785] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5785] write(5, "56", 2) = 2
[ 119.660575][ T28] audit: type=1800 audit(1701700642.929:44): pid=5785 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor333" name="bus" dev="loop0" ino=263 res=0 errno=0
[ 119.697025][ T5785] FAULT_INJECTION: forcing a failure.
[ 119.697025][ T5785] name failslab, interval 1, probability 0, space 0, times 0
[ 119.710435][ T5785] CPU: 0 PID: 5785 Comm: syz-executor333 Not tainted 6.7.0-rc4-syzkaller #0
[ 119.719160][ T5785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 119.729270][ T5785] Call Trace:
[ 119.732596][ T5785]
[ 119.735706][ T5785] dump_stack_lvl+0x1e7/0x2d0
[ 119.740490][ T5785] ? nf_tcp_handle_invalid+0x650/0x650
[ 119.746012][ T5785] ? panic+0x850/0x850
[ 119.750137][ T5785] ? __might_sleep+0xe0/0xe0
[ 119.754797][ T5785] should_fail_ex+0x3aa/0x4e0
[ 119.759542][ T5785] ? alloc_extent_state+0x25/0x2e0
[ 119.764744][ T5785] should_failslab+0x9/0x20
[ 119.769327][ T5785] kmem_cache_alloc+0x6d/0x2b0
[ 119.774164][ T5785] alloc_extent_state+0x25/0x2e0
[ 119.779170][ T5785] __set_extent_bit+0x1c8/0x1b00
[ 119.784174][ T5785] ? btrfs_update_block_group+0x62f/0xa90
[ 119.789963][ T5785] ? trace_btrfs_space_reservation+0x9a/0x220
[ 119.796092][ T5785] set_extent_bit+0x3b/0x50
[ 119.800663][ T5785] btrfs_update_block_group+0x66e/0xa90
[ 119.806443][ T5785] __btrfs_free_extent+0x1cec/0x38e0
[ 119.811780][ T5785] ? __btrfs_inc_extent_ref+0x610/0x610
[ 119.817599][ T5785] ? lock_downgrade+0x840/0x8f0
[ 119.822467][ T5785] ? __btrfs_run_delayed_refs+0xa94/0x44d0
[ 119.828326][ T5785] ? __lock_acquire+0x1fd0/0x1fd0
[ 119.833395][ T5785] ? do_raw_spin_unlock+0x13b/0x8b0
[ 119.838620][ T5785] __btrfs_run_delayed_refs+0x13c8/0x44d0
[ 119.844419][ T5785] ? btrfs_run_delayed_refs+0x2c0/0x2c0
[ 119.850159][ T5785] ? __lock_acquire+0x1345/0x1fd0
[ 119.855265][ T5785] ? read_lock_is_recursive+0x20/0x20
[ 119.860692][ T5785] btrfs_run_delayed_refs+0xe3/0x2c0
[ 119.866204][ T5785] btrfs_commit_transaction+0x4ba/0x3740
[ 119.872046][ T5785] ? btrfs_commit_transaction+0x17b/0x3740
[ 119.878030][ T5785] ? btrfs_commit_transaction_async+0x480/0x480
[ 119.884430][ T5785] ? __up_read+0x6a0/0x6a0
[ 119.888866][ T5785] ? dput+0x52/0x470
[ 119.892968][ T5785] btrfs_sync_file+0xf50/0x1330
[ 119.897857][ T5785] ? btrfs_release_file+0x130/0x130
[ 119.903120][ T5785] ? __lock_acquire+0x1fd0/0x1fd0
[ 119.908162][ T5785] ? do_raw_spin_lock+0x14e/0x370
[ 119.913215][ T5785] ? do_raw_spin_unlock+0x13b/0x8b0
[ 119.918487][ T5785] btrfs_do_write_iter+0xbc5/0x1190
[ 119.923744][ T5785] ? mark_lock+0x9a/0x350
[ 119.928285][ T5785] ? btrfs_check_nocow_unlock+0x40/0x40
[ 119.934216][ T5785] do_iter_readv_writev+0x330/0x4a0
[ 119.939469][ T5785] ? generic_file_rw_checks+0x260/0x260
[ 119.945156][ T5785] ? fsnotify_perm+0x67/0x5a0
[ 119.949901][ T5785] ? bpf_lsm_file_permission+0x9/0x10
[ 119.955302][ T5785] do_iter_write+0x1f6/0x8d0
[ 119.960103][ T5785] do_pwritev+0x21a/0x360
[ 119.964458][ T5785] ? do_preadv+0x350/0x350
[ 119.968907][ T5785] ? do_notify_parent+0x10c0/0x10c0
[ 119.974133][ T5785] ? lockdep_hardirqs_on_prepare+0x43c/0x780
[ 119.980140][ T5785] ? print_irqtrace_events+0x220/0x220
[ 119.985626][ T5785] ? syscall_enter_from_user_mode+0xa4/0x2d0
[ 119.991644][ T5785] ? syscall_enter_from_user_mode+0xf5/0x2d0
[ 119.997659][ T5785] ? __x64_sys_pwritev2+0xbd/0x100
[ 120.002826][ T5785] do_syscall_64+0x45/0x110
[ 120.007368][ T5785] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 120.013311][ T5785] RIP: 0033:0x7fbb1142c2e9
[ 120.017788][ T5785] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 120.037792][ T5785] RSP: 002b:00007ffcc5e96ae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[ 120.046339][ T5785] RAX: ffffffffffffffda RBX: 00007ffcc5e96b20 RCX: 00007fbb1142c2e9
[ 120.054454][ T5785] RDX: 0000000000000001 RSI: 00000000200026c0 RDI: 0000000000000004
[pid 5785] pwritev2(4, [{iov_base="\xc5", iov_len=1}], 1, 0, RWF_APPEND) = 1
[pid 5785] exit_group(0) = ?
[pid 5785] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5785, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=28 /* 0.28 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 120.062466][ T5785] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000010
[ 120.071026][ T5785] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcc5e96b1c
[ 120.079031][ T5785] R13: 000000000000002a R14: 431bde82d7b634db R15: 00007ffcc5e96b60
[ 120.087822][ T5785]
openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555562e86f0 /* 4 entries */, 32768) = 112
umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./42/binderfs") = 0
[ 120.218815][ T5061] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./42/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555562f0730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562f0730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./42/file0") = 0
getdents64(3, 0x5555562e86f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./42") = 0
mkdir("./43", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5802 attached
, child_tidptr=0x5555562e7650) = 5802
[pid 5802] set_robust_list(0x5555562e7660, 24) = 0
[pid 5802] chdir("./43") = 0
[pid 5802] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5802] setpgid(0, 0) = 0
[pid 5802] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5802] write(3, "1000", 4) = 4
[pid 5802] close(3) = 0
[pid 5802] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5802] memfd_create("syzkaller", 0) = 3
[pid 5802] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb08fed000
[pid 5802] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5802] munmap(0x7fbb08fed000, 138412032) = 0
[pid 5802] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5802] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5802] close(3) = 0
[pid 5802] mkdir("./file0", 0777) = 0
[ 120.760820][ T5802] loop0: detected capacity change from 0 to 32768
[ 120.786674][ T5802] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor333 (5802)
[ 120.803488][ T5802] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 120.813782][ T5802] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 120.822834][ T5802] BTRFS info (device loop0): doing ref verification
[ 120.829653][ T5802] BTRFS info (device loop0): force zlib compression, level 3
[ 120.837090][ T5802] BTRFS info (device loop0): using free space tree
[pid 5802] mount("/dev/loop0", "./file0", "btrfs", 0, "commit=0x0000000000000022,noautodefrag,ref_verify,skip_balance,compress-force,") = 0
[pid 5802] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5802] chdir("./file0") = 0
[pid 5802] ioctl(4, LOOP_CLR_FD) = 0
[pid 5802] close(4) = 0
[pid 5802] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[ 120.859493][ T5802] BTRFS info (device loop0): enabling ssd optimizations
[ 120.866508][ T5802] BTRFS info (device loop0): auto enabling async discard
[pid 5802] fallocate(4, 0, 0, 1048820) = 0
[pid 5802] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5802] write(5, "56", 2) = 2
[ 120.895799][ T28] audit: type=1800 audit(1701700644.159:45): pid=5802 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor333" name="bus" dev="loop0" ino=263 res=0 errno=0
[ 120.939866][ T5802] FAULT_INJECTION: forcing a failure.
[ 120.939866][ T5802] name failslab, interval 1, probability 0, space 0, times 0
[ 120.952707][ T5802] CPU: 0 PID: 5802 Comm: syz-executor333 Not tainted 6.7.0-rc4-syzkaller #0
[ 120.961435][ T5802] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 120.972752][ T5802] Call Trace:
[ 120.976111][ T5802]
[ 120.979086][ T5802] dump_stack_lvl+0x1e7/0x2d0
[ 120.983814][ T5802] ? nf_tcp_handle_invalid+0x650/0x650
[ 120.989344][ T5802] ? panic+0x850/0x850
[ 120.993458][ T5802] ? __might_sleep+0xe0/0xe0
[ 120.998095][ T5802] should_fail_ex+0x3aa/0x4e0
[ 121.002841][ T5802] ? add_to_free_space_tree+0xc7/0x2e0
[ 121.008329][ T5802] should_failslab+0x9/0x20
[ 121.012866][ T5802] kmem_cache_alloc+0x6d/0x2b0
[ 121.017760][ T5802] ? btrfs_qgroup_destroy_extent_records+0xb0/0xb0
[ 121.024325][ T5802] add_to_free_space_tree+0xc7/0x2e0
[ 121.029683][ T5802] __btrfs_free_extent+0x1cc4/0x38e0
[ 121.035014][ T5802] ? __btrfs_inc_extent_ref+0x610/0x610
[ 121.040579][ T5802] ? lock_downgrade+0x840/0x8f0
[ 121.045453][ T5802] ? __btrfs_run_delayed_refs+0xa94/0x44d0
[ 121.051375][ T5802] ? __lock_acquire+0x1fd0/0x1fd0
[ 121.056425][ T5802] ? do_raw_spin_unlock+0x13b/0x8b0
[ 121.061662][ T5802] __btrfs_run_delayed_refs+0x13c8/0x44d0
[ 121.067513][ T5802] ? btrfs_run_delayed_refs+0x2c0/0x2c0
[ 121.073105][ T5802] ? __lock_acquire+0x1345/0x1fd0
[ 121.078199][ T5802] ? read_lock_is_recursive+0x20/0x20
[ 121.083830][ T5802] btrfs_run_delayed_refs+0xe3/0x2c0
[ 121.089205][ T5802] btrfs_commit_transaction+0x4ba/0x3740
[ 121.094889][ T5802] ? btrfs_commit_transaction+0x17b/0x3740
[ 121.100759][ T5802] ? btrfs_commit_transaction_async+0x480/0x480
[ 121.107065][ T5802] ? __up_read+0x6a0/0x6a0
[ 121.111856][ T5802] ? dput+0x52/0x470
[ 121.115885][ T5802] btrfs_sync_file+0xf50/0x1330
[ 121.120875][ T5802] ? btrfs_release_file+0x130/0x130
[ 121.126134][ T5802] ? __lock_acquire+0x1fd0/0x1fd0
[ 121.131181][ T5802] ? do_raw_spin_lock+0x14e/0x370
[ 121.136258][ T5802] ? do_raw_spin_unlock+0x13b/0x8b0
[ 121.141499][ T5802] btrfs_do_write_iter+0xbc5/0x1190
[ 121.146824][ T5802] ? mark_lock+0x9a/0x350
[ 121.151308][ T5802] ? btrfs_check_nocow_unlock+0x40/0x40
[ 121.156904][ T5802] do_iter_readv_writev+0x330/0x4a0
[ 121.162159][ T5802] ? generic_file_rw_checks+0x260/0x260
[ 121.167823][ T5802] ? fsnotify_perm+0x67/0x5a0
[ 121.172559][ T5802] ? bpf_lsm_file_permission+0x9/0x10
[ 121.177974][ T5802] do_iter_write+0x1f6/0x8d0
[ 121.182635][ T5802] do_pwritev+0x21a/0x360
[ 121.187288][ T5802] ? do_preadv+0x350/0x350
[ 121.191832][ T5802] ? do_notify_parent+0x10c0/0x10c0
[ 121.197177][ T5802] ? lockdep_hardirqs_on_prepare+0x43c/0x780
[ 121.203324][ T5802] ? print_irqtrace_events+0x220/0x220
[ 121.209100][ T5802] ? syscall_enter_from_user_mode+0xa4/0x2d0
[ 121.215109][ T5802] ? syscall_enter_from_user_mode+0xf5/0x2d0
[ 121.221106][ T5802] ? __x64_sys_pwritev2+0xbd/0x100
[ 121.226333][ T5802] do_syscall_64+0x45/0x110
[ 121.230874][ T5802] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 121.237084][ T5802] RIP: 0033:0x7fbb1142c2e9
[ 121.241553][ T5802] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 121.261208][ T5802] RSP: 002b:00007ffcc5e96ae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[ 121.269818][ T5802] RAX: ffffffffffffffda RBX: 00007ffcc5e96b20 RCX: 00007fbb1142c2e9
[ 121.277804][ T5802] RDX: 0000000000000001 RSI: 00000000200026c0 RDI: 0000000000000004
[ 121.285890][ T5802] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000010
[ 121.294046][ T5802] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcc5e96b1c
[ 121.302378][ T5802] R13: 000000000000002b R14: 431bde82d7b634db R15: 00007ffcc5e96b60
[ 121.310479][ T5802]
[ 121.314144][ T5802] BTRFS error (device loop0: state A): Transaction aborted (error -12)
[ 121.338698][ T5802] BTRFS: error (device loop0: state A) in add_to_free_space_tree:1057: errno=-12 Out of memory
[ 121.349768][ T5802] BTRFS info (device loop0: state EA): forced readonly
[ 121.356761][ T5802] BTRFS: error (device loop0: state EA) in do_free_extent_accounting:2989: errno=-12 Out of memory
[ 121.368773][ T5802] BTRFS error (device loop0: state EA): failed to run delayed ref for logical 5308416 num_bytes 4096 type 176 action 2 ref_mod 1: -12
[pid 5802] pwritev2(4, [{iov_base="\xc5", iov_len=1}], 1, 0, RWF_APPEND) = -1 ENOMEM (Cannot allocate memory)
[pid 5802] exit_group(0) = ?
[pid 5802] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5802, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=29 /* 0.29 s */} ---
umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555562e86f0 /* 4 entries */, 32768) = 112
umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 121.383068][ T5802] BTRFS: error (device loop0: state EA) in btrfs_run_delayed_refs:2226: errno=-12 Out of memory
newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./43/binderfs") = 0
[ 121.449483][ T5061] BTRFS info (device loop0: state EA): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./43/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555562f0730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562f0730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./43/file0") = 0
getdents64(3, 0x5555562e86f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./43") = 0
mkdir("./44", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5819 attached
, child_tidptr=0x5555562e7650) = 5819
[pid 5819] set_robust_list(0x5555562e7660, 24) = 0
[pid 5819] chdir("./44") = 0
[pid 5819] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5819] setpgid(0, 0) = 0
[pid 5819] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5819] write(3, "1000", 4) = 4
[pid 5819] close(3) = 0
[pid 5819] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5819] memfd_create("syzkaller", 0) = 3
[pid 5819] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb08fed000
[pid 5819] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5819] munmap(0x7fbb08fed000, 138412032) = 0
[pid 5819] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5819] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5819] close(3) = 0
[pid 5819] mkdir("./file0", 0777) = 0
[ 121.961832][ T5819] loop0: detected capacity change from 0 to 32768
[ 121.986429][ T5819] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor333 (5819)
[ 122.001977][ T5819] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 122.012258][ T5819] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 122.021232][ T5819] BTRFS info (device loop0): doing ref verification
[ 122.027855][ T5819] BTRFS info (device loop0): force zlib compression, level 3
[ 122.035613][ T5819] BTRFS info (device loop0): using free space tree
[pid 5819] mount("/dev/loop0", "./file0", "btrfs", 0, "commit=0x0000000000000022,noautodefrag,ref_verify,skip_balance,compress-force,") = 0
[pid 5819] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5819] chdir("./file0") = 0
[pid 5819] ioctl(4, LOOP_CLR_FD) = 0
[pid 5819] close(4) = 0
[pid 5819] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[ 122.065837][ T5819] BTRFS info (device loop0): enabling ssd optimizations
[ 122.073119][ T5819] BTRFS info (device loop0): auto enabling async discard
[pid 5819] fallocate(4, 0, 0, 1048820) = 0
[pid 5819] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5819] write(5, "56", 2) = 2
[ 122.112752][ T28] audit: type=1800 audit(1701700645.379:46): pid=5819 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor333" name="bus" dev="loop0" ino=263 res=0 errno=0
[ 122.176556][ T5819] FAULT_INJECTION: forcing a failure.
[ 122.176556][ T5819] name failslab, interval 1, probability 0, space 0, times 0
[ 122.189651][ T5819] CPU: 1 PID: 5819 Comm: syz-executor333 Not tainted 6.7.0-rc4-syzkaller #0
[ 122.198380][ T5819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 122.208565][ T5819] Call Trace:
[ 122.211890][ T5819]
[ 122.214863][ T5819] dump_stack_lvl+0x1e7/0x2d0
[ 122.219597][ T5819] ? nf_tcp_handle_invalid+0x650/0x650
[ 122.225111][ T5819] ? panic+0x850/0x850
[ 122.229243][ T5819] ? __might_sleep+0xe0/0xe0
[ 122.233900][ T5819] should_fail_ex+0x3aa/0x4e0
[ 122.239091][ T5819] ? alloc_extent_state+0x25/0x2e0
[ 122.244353][ T5819] should_failslab+0x9/0x20
[ 122.248914][ T5819] kmem_cache_alloc+0x6d/0x2b0
[ 122.253744][ T5819] alloc_extent_state+0x25/0x2e0
[ 122.258748][ T5819] __set_extent_bit+0x1c8/0x1b00
[ 122.263803][ T5819] ? btrfs_update_block_group+0x62f/0xa90
[ 122.270112][ T5819] ? trace_btrfs_space_reservation+0x9a/0x220
[ 122.276274][ T5819] set_extent_bit+0x3b/0x50
[ 122.280848][ T5819] btrfs_update_block_group+0x66e/0xa90
[ 122.286509][ T5819] __btrfs_free_extent+0x1cec/0x38e0
[ 122.291906][ T5819] ? __btrfs_inc_extent_ref+0x610/0x610
[ 122.297568][ T5819] ? lock_downgrade+0x840/0x8f0
[ 122.302518][ T5819] ? __btrfs_run_delayed_refs+0xa94/0x44d0
[ 122.308404][ T5819] ? __lock_acquire+0x1fd0/0x1fd0
[ 122.313499][ T5819] ? do_raw_spin_unlock+0x13b/0x8b0
[ 122.318754][ T5819] __btrfs_run_delayed_refs+0x13c8/0x44d0
[ 122.324545][ T5819] ? btrfs_run_delayed_refs+0x2c0/0x2c0
[ 122.330557][ T5819] ? __lock_acquire+0x1345/0x1fd0
[ 122.335624][ T5819] ? read_lock_is_recursive+0x20/0x20
[ 122.341029][ T5819] btrfs_run_delayed_refs+0xe3/0x2c0
[ 122.346359][ T5819] btrfs_commit_transaction+0x4ba/0x3740
[ 122.352027][ T5819] ? btrfs_commit_transaction+0x17b/0x3740
[ 122.357873][ T5819] ? btrfs_commit_transaction_async+0x480/0x480
[ 122.364170][ T5819] ? __up_read+0x6a0/0x6a0
[ 122.368945][ T5819] ? dput+0x52/0x470
[ 122.372878][ T5819] btrfs_sync_file+0xf50/0x1330
[ 122.377772][ T5819] ? btrfs_release_file+0x130/0x130
[ 122.383002][ T5819] ? __lock_acquire+0x1fd0/0x1fd0
[ 122.388054][ T5819] ? do_raw_spin_lock+0x14e/0x370
[ 122.393209][ T5819] ? do_raw_spin_unlock+0x13b/0x8b0
[ 122.398462][ T5819] btrfs_do_write_iter+0xbc5/0x1190
[ 122.403713][ T5819] ? mark_lock+0x9a/0x350
[ 122.408358][ T5819] ? btrfs_check_nocow_unlock+0x40/0x40
[ 122.413966][ T5819] do_iter_readv_writev+0x330/0x4a0
[ 122.419314][ T5819] ? generic_file_rw_checks+0x260/0x260
[ 122.424902][ T5819] ? fsnotify_perm+0x67/0x5a0
[ 122.429607][ T5819] ? bpf_lsm_file_permission+0x9/0x10
[ 122.435029][ T5819] do_iter_write+0x1f6/0x8d0
[ 122.439647][ T5819] do_pwritev+0x21a/0x360
[ 122.444023][ T5819] ? do_preadv+0x350/0x350
[ 122.448466][ T5819] ? do_notify_parent+0x10c0/0x10c0
[ 122.453711][ T5819] ? lockdep_hardirqs_on_prepare+0x43c/0x780
[ 122.459725][ T5819] ? print_irqtrace_events+0x220/0x220
[ 122.465211][ T5819] ? syscall_enter_from_user_mode+0xa4/0x2d0
[ 122.471220][ T5819] ? syscall_enter_from_user_mode+0xf5/0x2d0
[ 122.477410][ T5819] ? __x64_sys_pwritev2+0xbd/0x100
[ 122.482614][ T5819] do_syscall_64+0x45/0x110
[ 122.487170][ T5819] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 122.493215][ T5819] RIP: 0033:0x7fbb1142c2e9
[ 122.497679][ T5819] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 122.517791][ T5819] RSP: 002b:00007ffcc5e96ae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[pid 5819] pwritev2(4, [{iov_base="\xc5", iov_len=1}], 1, 0, RWF_APPEND) = 1
[pid 5819] exit_group(0) = ?
[pid 5819] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5819, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=25 /* 0.25 s */} ---
umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555562e86f0 /* 4 entries */, 32768) = 112
umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./44/binderfs") = 0
[ 122.526456][ T5819] RAX: ffffffffffffffda RBX: 00007ffcc5e96b20 RCX: 00007fbb1142c2e9
[ 122.534525][ T5819] RDX: 0000000000000001 RSI: 00000000200026c0 RDI: 0000000000000004
[ 122.542524][ T5819] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000010
[ 122.550509][ T5819] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcc5e96b1c
[ 122.558537][ T5819] R13: 000000000000002c R14: 431bde82d7b634db R15: 00007ffcc5e96b60
[ 122.566683][ T5819]
[ 122.594227][ T5061] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./44/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555562f0730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562f0730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./44/file0") = 0
getdents64(3, 0x5555562e86f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./44") = 0
mkdir("./45", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5836 attached
[pid 5836] set_robust_list(0x5555562e7660, 24) = 0
[pid 5836] chdir("./45"
[pid 5061] <... clone resumed>, child_tidptr=0x5555562e7650) = 5836
[pid 5836] <... chdir resumed>) = 0
[pid 5836] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5836] setpgid(0, 0) = 0
[pid 5836] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5836] write(3, "1000", 4) = 4
[pid 5836] close(3) = 0
[pid 5836] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5836] memfd_create("syzkaller", 0) = 3
[pid 5836] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb08fed000
[pid 5836] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5836] munmap(0x7fbb08fed000, 138412032) = 0
[pid 5836] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5836] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5836] close(3) = 0
[pid 5836] mkdir("./file0", 0777) = 0
[ 123.080943][ T5836] loop0: detected capacity change from 0 to 32768
[ 123.097134][ T5836] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor333 (5836)
[ 123.113716][ T5836] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 123.124023][ T5836] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 123.132988][ T5836] BTRFS info (device loop0): doing ref verification
[ 123.139712][ T5836] BTRFS info (device loop0): force zlib compression, level 3
[ 123.147155][ T5836] BTRFS info (device loop0): using free space tree
[ 123.169142][ T5836] BTRFS info (device loop0): enabling ssd optimizations
[pid 5836] mount("/dev/loop0", "./file0", "btrfs", 0, "commit=0x0000000000000022,noautodefrag,ref_verify,skip_balance,compress-force,") = 0
[pid 5836] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5836] chdir("./file0") = 0
[pid 5836] ioctl(4, LOOP_CLR_FD) = 0
[pid 5836] close(4) = 0
[pid 5836] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[ 123.176161][ T5836] BTRFS info (device loop0): auto enabling async discard
[pid 5836] fallocate(4, 0, 0, 1048820) = 0
[pid 5836] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5836] write(5, "56", 2) = 2
[ 123.211277][ T28] audit: type=1800 audit(1701700646.479:47): pid=5836 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor333" name="bus" dev="loop0" ino=263 res=0 errno=0
[ 123.266469][ T5836] FAULT_INJECTION: forcing a failure.
[ 123.266469][ T5836] name failslab, interval 1, probability 0, space 0, times 0
[ 123.280136][ T5836] CPU: 1 PID: 5836 Comm: syz-executor333 Not tainted 6.7.0-rc4-syzkaller #0
[ 123.288893][ T5836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 123.299215][ T5836] Call Trace:
[ 123.302541][ T5836]
[ 123.305515][ T5836] dump_stack_lvl+0x1e7/0x2d0
[ 123.310260][ T5836] ? nf_tcp_handle_invalid+0x650/0x650
[ 123.315786][ T5836] ? panic+0x850/0x850
[ 123.319914][ T5836] ? _raw_read_unlock+0x28/0x40
[ 123.324822][ T5836] should_fail_ex+0x3aa/0x4e0
[ 123.329564][ T5836] ? __btrfs_free_extent+0x26f/0x38e0
[ 123.335018][ T5836] should_failslab+0x9/0x20
[ 123.339576][ T5836] kmem_cache_alloc+0x6d/0x2b0
[ 123.344434][ T5836] __btrfs_free_extent+0x26f/0x38e0
[ 123.349810][ T5836] ? __btrfs_inc_extent_ref+0x610/0x610
[ 123.355449][ T5836] ? lock_downgrade+0x840/0x8f0
[ 123.360617][ T5836] ? __btrfs_run_delayed_refs+0xa94/0x44d0
[ 123.366487][ T5836] ? __lock_acquire+0x1fd0/0x1fd0
[ 123.371737][ T5836] ? do_raw_read_unlock+0x3c/0x80
[ 123.376816][ T5836] ? _raw_read_unlock+0x28/0x40
[ 123.381751][ T5836] ? do_raw_spin_unlock+0x13b/0x8b0
[ 123.387014][ T5836] __btrfs_run_delayed_refs+0x13c8/0x44d0
[ 123.392897][ T5836] ? btrfs_run_delayed_refs+0x2c0/0x2c0
[ 123.398605][ T5836] ? __lock_acquire+0x1345/0x1fd0
[ 123.403701][ T5836] ? read_lock_is_recursive+0x20/0x20
[ 123.409206][ T5836] btrfs_run_delayed_refs+0xe3/0x2c0
[ 123.414538][ T5836] btrfs_commit_transaction+0x4ba/0x3740
[ 123.420218][ T5836] ? btrfs_commit_transaction+0x17b/0x3740
[ 123.426274][ T5836] ? btrfs_commit_transaction_async+0x480/0x480
[ 123.432632][ T5836] ? __up_read+0x6a0/0x6a0
[ 123.437082][ T5836] ? dput+0x52/0x470
[ 123.441037][ T5836] btrfs_sync_file+0xf50/0x1330
[ 123.446012][ T5836] ? btrfs_release_file+0x130/0x130
[ 123.451262][ T5836] ? __lock_acquire+0x1fd0/0x1fd0
[ 123.456300][ T5836] ? do_raw_spin_lock+0x14e/0x370
[ 123.461363][ T5836] ? do_raw_spin_unlock+0x13b/0x8b0
[ 123.466621][ T5836] btrfs_do_write_iter+0xbc5/0x1190
[ 123.471870][ T5836] ? mark_lock+0x9a/0x350
[ 123.476512][ T5836] ? btrfs_check_nocow_unlock+0x40/0x40
[ 123.482122][ T5836] do_iter_readv_writev+0x330/0x4a0
[ 123.487376][ T5836] ? generic_file_rw_checks+0x260/0x260
[ 123.492956][ T5836] ? fsnotify_perm+0x67/0x5a0
[ 123.497651][ T5836] ? bpf_lsm_file_permission+0x9/0x10
[ 123.503050][ T5836] do_iter_write+0x1f6/0x8d0
[ 123.507677][ T5836] do_pwritev+0x21a/0x360
[ 123.512121][ T5836] ? do_preadv+0x350/0x350
[ 123.516561][ T5836] ? do_notify_parent+0x10c0/0x10c0
[ 123.521769][ T5836] ? lockdep_hardirqs_on_prepare+0x43c/0x780
[ 123.527804][ T5836] ? print_irqtrace_events+0x220/0x220
[ 123.533383][ T5836] ? syscall_enter_from_user_mode+0xa4/0x2d0
[ 123.539411][ T5836] ? syscall_enter_from_user_mode+0xf5/0x2d0
[ 123.545535][ T5836] ? __x64_sys_pwritev2+0xbd/0x100
[ 123.550699][ T5836] do_syscall_64+0x45/0x110
[ 123.555244][ T5836] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 123.561205][ T5836] RIP: 0033:0x7fbb1142c2e9
[ 123.565676][ T5836] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 123.585307][ T5836] RSP: 002b:00007ffcc5e96ae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[ 123.593838][ T5836] RAX: ffffffffffffffda RBX: 00007ffcc5e96b20 RCX: 00007fbb1142c2e9
[ 123.601824][ T5836] RDX: 0000000000000001 RSI: 00000000200026c0 RDI: 0000000000000004
[ 123.609846][ T5836] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000010
[ 123.617842][ T5836] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcc5e96b1c
[ 123.625849][ T5836] R13: 000000000000002d R14: 431bde82d7b634db R15: 00007ffcc5e96b60
[ 123.633879][ T5836]
[ 123.637659][ T5836] BTRFS error (device loop0): failed to run delayed ref for logical 5308416 num_bytes 4096 type 176 action 2 ref_mod 1: -12
[ 123.650742][ T5836] BTRFS error (device loop0: state A): Transaction aborted (error -12)
[pid 5836] pwritev2(4, [{iov_base="\xc5", iov_len=1}], 1, 0, RWF_APPEND) = -1 ENOMEM (Cannot allocate memory)
[pid 5836] exit_group(0) = ?
[pid 5836] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5836, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=29 /* 0.29 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555562e86f0 /* 4 entries */, 32768) = 112
umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./45/binderfs") = 0
[ 123.661483][ T5836] BTRFS: error (device loop0: state A) in btrfs_run_delayed_refs:2226: errno=-12 Out of memory
[ 123.672511][ T5836] BTRFS info (device loop0: state EA): forced readonly
[ 123.720676][ T5061] BTRFS info (device loop0: state EA): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./45/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555562f0730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562f0730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./45/file0") = 0
getdents64(3, 0x5555562e86f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./45") = 0
mkdir("./46", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5853 attached
, child_tidptr=0x5555562e7650) = 5853
[pid 5853] set_robust_list(0x5555562e7660, 24) = 0
[pid 5853] chdir("./46") = 0
[pid 5853] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5853] setpgid(0, 0) = 0
[pid 5853] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5853] write(3, "1000", 4) = 4
[pid 5853] close(3) = 0
[pid 5853] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5853] memfd_create("syzkaller", 0) = 3
[pid 5853] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb08fed000
[pid 5853] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5853] munmap(0x7fbb08fed000, 138412032) = 0
[pid 5853] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5853] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5853] close(3) = 0
[pid 5853] mkdir("./file0", 0777) = 0
[ 124.220250][ T5853] loop0: detected capacity change from 0 to 32768
[ 124.251640][ T5853] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor333 (5853)
[ 124.269528][ T5853] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 124.280207][ T5853] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 124.289271][ T5853] BTRFS info (device loop0): doing ref verification
[ 124.295916][ T5853] BTRFS info (device loop0): force zlib compression, level 3
[ 124.303501][ T5853] BTRFS info (device loop0): using free space tree
[pid 5853] mount("/dev/loop0", "./file0", "btrfs", 0, "commit=0x0000000000000022,noautodefrag,ref_verify,skip_balance,compress-force,") = 0
[pid 5853] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5853] chdir("./file0") = 0
[pid 5853] ioctl(4, LOOP_CLR_FD) = 0
[pid 5853] close(4) = 0
[ 124.326389][ T5853] BTRFS info (device loop0): enabling ssd optimizations
[ 124.333537][ T5853] BTRFS info (device loop0): auto enabling async discard
[pid 5853] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid 5853] fallocate(4, 0, 0, 1048820) = 0
[pid 5853] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5853] write(5, "56", 2) = 2
[ 124.383881][ T28] audit: type=1800 audit(1701700647.649:48): pid=5853 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor333" name="bus" dev="loop0" ino=263 res=0 errno=0
[ 124.413373][ T5853] FAULT_INJECTION: forcing a failure.
[ 124.413373][ T5853] name failslab, interval 1, probability 0, space 0, times 0
[ 124.426693][ T5853] CPU: 1 PID: 5853 Comm: syz-executor333 Not tainted 6.7.0-rc4-syzkaller #0
[ 124.435425][ T5853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 124.445786][ T5853] Call Trace:
[ 124.449103][ T5853]
[ 124.452090][ T5853] dump_stack_lvl+0x1e7/0x2d0
[ 124.456827][ T5853] ? nf_tcp_handle_invalid+0x650/0x650
[ 124.462347][ T5853] ? panic+0x850/0x850
[ 124.466487][ T5853] ? __might_sleep+0xe0/0xe0
[ 124.471153][ T5853] should_fail_ex+0x3aa/0x4e0
[ 124.475897][ T5853] ? add_to_free_space_tree+0xc7/0x2e0
[ 124.481425][ T5853] should_failslab+0x9/0x20
[ 124.485976][ T5853] kmem_cache_alloc+0x6d/0x2b0
[ 124.491252][ T5853] ? btrfs_qgroup_destroy_extent_records+0xb0/0xb0
[ 124.497902][ T5853] add_to_free_space_tree+0xc7/0x2e0
[ 124.503263][ T5853] __btrfs_free_extent+0x1cc4/0x38e0
[ 124.508712][ T5853] ? __btrfs_inc_extent_ref+0x610/0x610
[ 124.514316][ T5853] ? lock_downgrade+0x840/0x8f0
[ 124.519219][ T5853] ? __btrfs_run_delayed_refs+0xa94/0x44d0
[ 124.525093][ T5853] ? __lock_acquire+0x1fd0/0x1fd0
[ 124.530185][ T5853] ? do_raw_spin_unlock+0x13b/0x8b0
[ 124.535452][ T5853] __btrfs_run_delayed_refs+0x13c8/0x44d0
[ 124.541489][ T5853] ? btrfs_run_delayed_refs+0x2c0/0x2c0
[ 124.547093][ T5853] ? __lock_acquire+0x1345/0x1fd0
[ 124.552243][ T5853] ? read_lock_is_recursive+0x20/0x20
[ 124.557693][ T5853] btrfs_run_delayed_refs+0xe3/0x2c0
[ 124.563054][ T5853] btrfs_commit_transaction+0x4ba/0x3740
[ 124.569105][ T5853] ? btrfs_commit_transaction+0x17b/0x3740
[ 124.575018][ T5853] ? btrfs_commit_transaction_async+0x480/0x480
[ 124.581457][ T5853] ? __up_read+0x6a0/0x6a0
[ 124.586014][ T5853] ? dput+0x52/0x470
[ 124.590679][ T5853] btrfs_sync_file+0xf50/0x1330
[ 124.595773][ T5853] ? btrfs_release_file+0x130/0x130
[ 124.601035][ T5853] ? __lock_acquire+0x1fd0/0x1fd0
[ 124.606347][ T5853] ? do_raw_spin_lock+0x14e/0x370
[ 124.611415][ T5853] ? do_raw_spin_unlock+0x13b/0x8b0
[ 124.616709][ T5853] btrfs_do_write_iter+0xbc5/0x1190
[ 124.622469][ T5853] ? mark_lock+0x9a/0x350
[ 124.626851][ T5853] ? btrfs_check_nocow_unlock+0x40/0x40
[ 124.632446][ T5853] do_iter_readv_writev+0x330/0x4a0
[ 124.637690][ T5853] ? generic_file_rw_checks+0x260/0x260
[ 124.643636][ T5853] ? fsnotify_perm+0x67/0x5a0
[ 124.648379][ T5853] ? bpf_lsm_file_permission+0x9/0x10
[ 124.653775][ T5853] do_iter_write+0x1f6/0x8d0
[ 124.658400][ T5853] do_pwritev+0x21a/0x360
[ 124.662772][ T5853] ? do_preadv+0x350/0x350
[ 124.667213][ T5853] ? do_notify_parent+0x10c0/0x10c0
[ 124.672516][ T5853] ? lockdep_hardirqs_on_prepare+0x43c/0x780
[ 124.678513][ T5853] ? print_irqtrace_events+0x220/0x220
[ 124.684005][ T5853] ? syscall_enter_from_user_mode+0xa4/0x2d0
[ 124.690168][ T5853] ? syscall_enter_from_user_mode+0xf5/0x2d0
[ 124.696212][ T5853] ? __x64_sys_pwritev2+0xbd/0x100
[ 124.701460][ T5853] do_syscall_64+0x45/0x110
[ 124.706103][ T5853] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 124.712052][ T5853] RIP: 0033:0x7fbb1142c2e9
[ 124.716495][ T5853] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 124.736138][ T5853] RSP: 002b:00007ffcc5e96ae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[ 124.744588][ T5853] RAX: ffffffffffffffda RBX: 00007ffcc5e96b20 RCX: 00007fbb1142c2e9
[ 124.752667][ T5853] RDX: 0000000000000001 RSI: 00000000200026c0 RDI: 0000000000000004
[ 124.760654][ T5853] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000010
[ 124.768733][ T5853] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcc5e96b1c
[ 124.776813][ T5853] R13: 000000000000002e R14: 431bde82d7b634db R15: 00007ffcc5e96b60
[ 124.784823][ T5853]
[ 124.788599][ T5853] BTRFS error (device loop0: state A): Transaction aborted (error -12)
[ 124.797085][ T5853] BTRFS: error (device loop0: state A) in add_to_free_space_tree:1057: errno=-12 Out of memory
[ 124.807660][ T5853] BTRFS info (device loop0: state EA): forced readonly
[ 124.814617][ T5853] BTRFS: error (device loop0: state EA) in do_free_extent_accounting:2989: errno=-12 Out of memory
[pid 5853] pwritev2(4, [{iov_base="\xc5", iov_len=1}], 1, 0, RWF_APPEND) = -1 ENOMEM (Cannot allocate memory)
[pid 5853] exit_group(0) = ?
[pid 5853] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5853, si_uid=0, si_status=0, si_utime=0, si_stime=32 /* 0.32 s */} ---
umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[ 124.825447][ T5853] BTRFS error (device loop0: state EA): failed to run delayed ref for logical 5308416 num_bytes 4096 type 176 action 2 ref_mod 1: -12
[ 124.839318][ T5853] BTRFS: error (device loop0: state EA) in btrfs_run_delayed_refs:2226: errno=-12 Out of memory
getdents64(3, 0x5555562e86f0 /* 4 entries */, 32768) = 112
umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./46/binderfs") = 0
[ 124.920803][ T5061] BTRFS info (device loop0: state EA): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./46/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555562f0730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562f0730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./46/file0") = 0
getdents64(3, 0x5555562e86f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./46") = 0
mkdir("./47", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5870 attached
[pid 5870] set_robust_list(0x5555562e7660, 24) = 0
[pid 5870] chdir("./47"
[pid 5061] <... clone resumed>, child_tidptr=0x5555562e7650) = 5870
[pid 5870] <... chdir resumed>) = 0
[pid 5870] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5870] setpgid(0, 0) = 0
[pid 5870] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5870] write(3, "1000", 4) = 4
[pid 5870] close(3) = 0
[pid 5870] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5870] memfd_create("syzkaller", 0) = 3
[pid 5870] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb08fed000
[pid 5870] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5870] munmap(0x7fbb08fed000, 138412032) = 0
[pid 5870] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5870] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5870] close(3) = 0
[pid 5870] mkdir("./file0", 0777) = 0
[ 125.414851][ T5870] loop0: detected capacity change from 0 to 32768
[ 125.435491][ T5870] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor333 (5870)
[ 125.452336][ T5870] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 125.462759][ T5870] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 125.471814][ T5870] BTRFS info (device loop0): doing ref verification
[ 125.478668][ T5870] BTRFS info (device loop0): force zlib compression, level 3
[ 125.486179][ T5870] BTRFS info (device loop0): using free space tree
[pid 5870] mount("/dev/loop0", "./file0", "btrfs", 0, "commit=0x0000000000000022,noautodefrag,ref_verify,skip_balance,compress-force,") = 0
[pid 5870] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5870] chdir("./file0") = 0
[pid 5870] ioctl(4, LOOP_CLR_FD) = 0
[pid 5870] close(4) = 0
[ 125.510204][ T5870] BTRFS info (device loop0): enabling ssd optimizations
[ 125.517205][ T5870] BTRFS info (device loop0): auto enabling async discard
[pid 5870] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid 5870] fallocate(4, 0, 0, 1048820) = 0
[pid 5870] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5870] write(5, "56", 2) = 2
[ 125.556260][ T28] audit: type=1800 audit(1701700648.819:49): pid=5870 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor333" name="bus" dev="loop0" ino=263 res=0 errno=0
[ 125.590887][ T5870] FAULT_INJECTION: forcing a failure.
[ 125.590887][ T5870] name failslab, interval 1, probability 0, space 0, times 0
[ 125.604134][ T5870] CPU: 0 PID: 5870 Comm: syz-executor333 Not tainted 6.7.0-rc4-syzkaller #0
[ 125.612956][ T5870] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 125.624758][ T5870] Call Trace:
[ 125.628081][ T5870]
[ 125.631060][ T5870] dump_stack_lvl+0x1e7/0x2d0
[ 125.635803][ T5870] ? nf_tcp_handle_invalid+0x650/0x650
[ 125.641353][ T5870] ? panic+0x850/0x850
[ 125.645482][ T5870] ? _raw_read_unlock+0x28/0x40
[ 125.650389][ T5870] should_fail_ex+0x3aa/0x4e0
[ 125.655126][ T5870] ? __btrfs_free_extent+0x26f/0x38e0
[ 125.660547][ T5870] should_failslab+0x9/0x20
[ 125.665093][ T5870] kmem_cache_alloc+0x6d/0x2b0
[ 125.670095][ T5870] __btrfs_free_extent+0x26f/0x38e0
[ 125.675364][ T5870] ? __btrfs_inc_extent_ref+0x610/0x610
[ 125.680961][ T5870] ? lock_downgrade+0x840/0x8f0
[ 125.685868][ T5870] ? __btrfs_run_delayed_refs+0xa94/0x44d0
[ 125.691737][ T5870] ? __lock_acquire+0x1fd0/0x1fd0
[ 125.697595][ T5870] ? do_raw_read_unlock+0x3c/0x80
[ 125.702676][ T5870] ? _raw_read_unlock+0x28/0x40
[ 125.707589][ T5870] ? do_raw_spin_unlock+0x13b/0x8b0
[ 125.712849][ T5870] __btrfs_run_delayed_refs+0x13c8/0x44d0
[ 125.718726][ T5870] ? btrfs_run_delayed_refs+0x2c0/0x2c0
[ 125.724329][ T5870] ? __lock_acquire+0x1345/0x1fd0
[ 125.729673][ T5870] ? read_lock_is_recursive+0x20/0x20
[ 125.735131][ T5870] btrfs_run_delayed_refs+0xe3/0x2c0
[ 125.740661][ T5870] btrfs_commit_transaction+0x4ba/0x3740
[ 125.746373][ T5870] ? btrfs_commit_transaction+0x17b/0x3740
[ 125.752279][ T5870] ? btrfs_commit_transaction_async+0x480/0x480
[ 125.758617][ T5870] ? __up_read+0x6a0/0x6a0
[ 125.763085][ T5870] ? dput+0x52/0x470
[ 125.767062][ T5870] btrfs_sync_file+0xf50/0x1330
[ 125.772076][ T5870] ? btrfs_release_file+0x130/0x130
[ 125.777336][ T5870] ? __lock_acquire+0x1fd0/0x1fd0
[ 125.782421][ T5870] ? do_raw_spin_lock+0x14e/0x370
[ 125.787502][ T5870] ? do_raw_spin_unlock+0x13b/0x8b0
[ 125.792932][ T5870] btrfs_do_write_iter+0xbc5/0x1190
[ 125.798325][ T5870] ? mark_lock+0x9a/0x350
[ 125.802697][ T5870] ? btrfs_check_nocow_unlock+0x40/0x40
[ 125.808283][ T5870] do_iter_readv_writev+0x330/0x4a0
[ 125.813545][ T5870] ? generic_file_rw_checks+0x260/0x260
[ 125.819320][ T5870] ? fsnotify_perm+0x67/0x5a0
[ 125.824015][ T5870] ? bpf_lsm_file_permission+0x9/0x10
[ 125.829433][ T5870] do_iter_write+0x1f6/0x8d0
[ 125.834060][ T5870] do_pwritev+0x21a/0x360
[ 125.838411][ T5870] ? do_preadv+0x350/0x350
[ 125.842881][ T5870] ? do_notify_parent+0x10c0/0x10c0
[ 125.848273][ T5870] ? lockdep_hardirqs_on_prepare+0x43c/0x780
[ 125.854294][ T5870] ? print_irqtrace_events+0x220/0x220
[ 125.859802][ T5870] ? syscall_enter_from_user_mode+0xa4/0x2d0
[ 125.865819][ T5870] ? syscall_enter_from_user_mode+0xf5/0x2d0
[ 125.872343][ T5870] ? __x64_sys_pwritev2+0xbd/0x100
[ 125.878358][ T5870] do_syscall_64+0x45/0x110
[ 125.882891][ T5870] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 125.888897][ T5870] RIP: 0033:0x7fbb1142c2e9
[ 125.893325][ T5870] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 125.913048][ T5870] RSP: 002b:00007ffcc5e96ae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[ 125.921495][ T5870] RAX: ffffffffffffffda RBX: 00007ffcc5e96b20 RCX: 00007fbb1142c2e9
[ 125.929484][ T5870] RDX: 0000000000000001 RSI: 00000000200026c0 RDI: 0000000000000004
[ 125.937482][ T5870] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000010
[ 125.945471][ T5870] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcc5e96b1c
[pid 5870] pwritev2(4, [{iov_base="\xc5", iov_len=1}], 1, 0, RWF_APPEND) = -1 ENOMEM (Cannot allocate memory)
[pid 5870] exit_group(0) = ?
[pid 5870] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5870, si_uid=0, si_status=0, si_utime=0, si_stime=31 /* 0.31 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[ 125.953456][ T5870] R13: 000000000000002f R14: 431bde82d7b634db R15: 00007ffcc5e96b60
[ 125.961473][ T5870]
[ 125.965371][ T5870] BTRFS error (device loop0): failed to run delayed ref for logical 5308416 num_bytes 4096 type 176 action 2 ref_mod 1: -12
[ 125.978914][ T5870] BTRFS error (device loop0: state A): Transaction aborted (error -12)
[ 125.987431][ T5870] BTRFS: error (device loop0: state A) in btrfs_run_delayed_refs:2226: errno=-12 Out of memory
[ 125.998186][ T5870] BTRFS info (device loop0: state EA): forced readonly
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555562e86f0 /* 4 entries */, 32768) = 112
umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./47/binderfs") = 0
[ 126.054769][ T5061] BTRFS info (device loop0: state EA): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./47/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555562f0730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562f0730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./47/file0") = 0
getdents64(3, 0x5555562e86f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./47") = 0
mkdir("./48", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5887 attached
[pid 5887] set_robust_list(0x5555562e7660, 24) = 0
[pid 5887] chdir("./48"
[pid 5061] <... clone resumed>, child_tidptr=0x5555562e7650) = 5887
[pid 5887] <... chdir resumed>) = 0
[pid 5887] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5887] setpgid(0, 0) = 0
[pid 5887] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5887] write(3, "1000", 4) = 4
[pid 5887] close(3) = 0
[pid 5887] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5887] memfd_create("syzkaller", 0) = 3
[pid 5887] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb08fed000
[pid 5887] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5887] munmap(0x7fbb08fed000, 138412032) = 0
[pid 5887] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5887] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5887] close(3) = 0
[pid 5887] mkdir("./file0", 0777) = 0
[ 126.536540][ T5887] loop0: detected capacity change from 0 to 32768
[ 126.556911][ T5887] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor333 (5887)
[ 126.574242][ T5887] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 126.584522][ T5887] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 126.593382][ T5887] BTRFS info (device loop0): doing ref verification
[ 126.600981][ T5887] BTRFS info (device loop0): force zlib compression, level 3
[ 126.609726][ T5887] BTRFS info (device loop0): using free space tree
[pid 5887] mount("/dev/loop0", "./file0", "btrfs", 0, "commit=0x0000000000000022,noautodefrag,ref_verify,skip_balance,compress-force,") = 0
[pid 5887] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5887] chdir("./file0") = 0
[pid 5887] ioctl(4, LOOP_CLR_FD) = 0
[pid 5887] close(4) = 0
[ 126.632561][ T5887] BTRFS info (device loop0): enabling ssd optimizations
[ 126.639606][ T5887] BTRFS info (device loop0): auto enabling async discard
[pid 5887] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid 5887] fallocate(4, 0, 0, 1048820) = 0
[pid 5887] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5887] write(5, "56", 2) = 2
[ 126.688904][ T28] audit: type=1800 audit(1701700649.959:50): pid=5887 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor333" name="bus" dev="loop0" ino=263 res=0 errno=0
[ 126.723700][ T5887] FAULT_INJECTION: forcing a failure.
[ 126.723700][ T5887] name failslab, interval 1, probability 0, space 0, times 0
[ 126.736662][ T5887] CPU: 0 PID: 5887 Comm: syz-executor333 Not tainted 6.7.0-rc4-syzkaller #0
[ 126.745390][ T5887] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 126.755667][ T5887] Call Trace:
[ 126.758997][ T5887]
[ 126.762052][ T5887] dump_stack_lvl+0x1e7/0x2d0
[ 126.766794][ T5887] ? nf_tcp_handle_invalid+0x650/0x650
[ 126.772354][ T5887] ? panic+0x850/0x850
[ 126.776477][ T5887] ? __might_sleep+0xe0/0xe0
[ 126.781136][ T5887] should_fail_ex+0x3aa/0x4e0
[ 126.785881][ T5887] ? add_to_free_space_tree+0xc7/0x2e0
[ 126.791588][ T5887] should_failslab+0x9/0x20
[ 126.796249][ T5887] kmem_cache_alloc+0x6d/0x2b0
[ 126.802148][ T5887] ? btrfs_qgroup_destroy_extent_records+0xb0/0xb0
[ 126.809323][ T5887] add_to_free_space_tree+0xc7/0x2e0
[ 126.814681][ T5887] __btrfs_free_extent+0x1cc4/0x38e0
[ 126.820042][ T5887] ? __btrfs_inc_extent_ref+0x610/0x610
[ 126.825640][ T5887] ? lock_downgrade+0x840/0x8f0
[ 126.831011][ T5887] ? __btrfs_run_delayed_refs+0xa94/0x44d0
[ 126.836909][ T5887] ? __lock_acquire+0x1fd0/0x1fd0
[ 126.842003][ T5887] ? do_raw_spin_unlock+0x13b/0x8b0
[ 126.847270][ T5887] __btrfs_run_delayed_refs+0x13c8/0x44d0
[ 126.853132][ T5887] ? btrfs_run_delayed_refs+0x2c0/0x2c0
[ 126.858739][ T5887] ? __lock_acquire+0x1345/0x1fd0
[ 126.863952][ T5887] ? read_lock_is_recursive+0x20/0x20
[ 126.869397][ T5887] btrfs_run_delayed_refs+0xe3/0x2c0
[ 126.874928][ T5887] btrfs_commit_transaction+0x4ba/0x3740
[ 126.880650][ T5887] ? btrfs_commit_transaction+0x17b/0x3740
[ 126.886547][ T5887] ? btrfs_commit_transaction_async+0x480/0x480
[ 126.892892][ T5887] ? __up_read+0x6a0/0x6a0
[ 126.897520][ T5887] ? dput+0x52/0x470
[ 126.901473][ T5887] btrfs_sync_file+0xf50/0x1330
[ 126.906418][ T5887] ? btrfs_release_file+0x130/0x130
[ 126.911652][ T5887] ? __lock_acquire+0x1fd0/0x1fd0
[ 126.916715][ T5887] ? do_raw_spin_lock+0x14e/0x370
[ 126.921762][ T5887] ? do_raw_spin_unlock+0x13b/0x8b0
[ 126.927006][ T5887] btrfs_do_write_iter+0xbc5/0x1190
[ 126.932238][ T5887] ? mark_lock+0x9a/0x350
[ 126.936625][ T5887] ? btrfs_check_nocow_unlock+0x40/0x40
[ 126.942232][ T5887] do_iter_readv_writev+0x330/0x4a0
[ 126.947516][ T5887] ? generic_file_rw_checks+0x260/0x260
[ 126.953137][ T5887] ? fsnotify_perm+0x67/0x5a0
[ 126.957834][ T5887] ? bpf_lsm_file_permission+0x9/0x10
[ 126.963229][ T5887] do_iter_write+0x1f6/0x8d0
[ 126.967849][ T5887] do_pwritev+0x21a/0x360
[ 126.972216][ T5887] ? do_preadv+0x350/0x350
[ 126.976669][ T5887] ? do_notify_parent+0x10c0/0x10c0
[ 126.981989][ T5887] ? lockdep_hardirqs_on_prepare+0x43c/0x780
[ 126.988016][ T5887] ? print_irqtrace_events+0x220/0x220
[ 126.993912][ T5887] ? syscall_enter_from_user_mode+0xa4/0x2d0
[ 126.999953][ T5887] ? syscall_enter_from_user_mode+0xf5/0x2d0
[ 127.006489][ T5887] ? __x64_sys_pwritev2+0xbd/0x100
[ 127.011714][ T5887] do_syscall_64+0x45/0x110
[ 127.016687][ T5887] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 127.022602][ T5887] RIP: 0033:0x7fbb1142c2e9
[ 127.027034][ T5887] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 127.046857][ T5887] RSP: 002b:00007ffcc5e96ae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[ 127.055391][ T5887] RAX: ffffffffffffffda RBX: 00007ffcc5e96b20 RCX: 00007fbb1142c2e9
[ 127.063647][ T5887] RDX: 0000000000000001 RSI: 00000000200026c0 RDI: 0000000000000004
[ 127.071650][ T5887] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000010
[ 127.079700][ T5887] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcc5e96b1c
[ 127.088083][ T5887] R13: 0000000000000030 R14: 431bde82d7b634db R15: 00007ffcc5e96b60
[ 127.096144][ T5887]
[ 127.099586][ T5887] BTRFS error (device loop0: state A): Transaction aborted (error -12)
[ 127.108062][ T5887] BTRFS: error (device loop0: state A) in add_to_free_space_tree:1057: errno=-12 Out of memory
[ 127.118752][ T5887] BTRFS info (device loop0: state EA): forced readonly
[ 127.125672][ T5887] BTRFS: error (device loop0: state EA) in do_free_extent_accounting:2989: errno=-12 Out of memory
[pid 5887] pwritev2(4, [{iov_base="\xc5", iov_len=1}], 1, 0, RWF_APPEND) = -1 ENOMEM (Cannot allocate memory)
[pid 5887] exit_group(0) = ?
[pid 5887] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5887, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=31 /* 0.31 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555562e86f0 /* 4 entries */, 32768) = 112
umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./48/binderfs") = 0
[ 127.136478][ T5887] BTRFS error (device loop0: state EA): failed to run delayed ref for logical 5308416 num_bytes 4096 type 176 action 2 ref_mod 1: -12
[ 127.150435][ T5887] BTRFS: error (device loop0: state EA) in btrfs_run_delayed_refs:2226: errno=-12 Out of memory
[ 127.195898][ T5061] BTRFS info (device loop0: state EA): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./48/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555562f0730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555562f0730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./48/file0") = 0
getdents64(3, 0x5555562e86f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./48") = 0
mkdir("./49", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5904 attached
, child_tidptr=0x5555562e7650) = 5904
[pid 5904] set_robust_list(0x5555562e7660, 24) = 0
[pid 5904] chdir("./49") = 0
[pid 5904] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5904] setpgid(0, 0) = 0
[pid 5904] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5904] write(3, "1000", 4) = 4
[pid 5904] close(3) = 0
[pid 5904] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5904] memfd_create("syzkaller", 0) = 3
[pid 5904] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb08fed000
[pid 5904] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5904] munmap(0x7fbb08fed000, 138412032) = 0
[pid 5904] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5904] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5904] close(3) = 0
[pid 5904] mkdir("./file0", 0777) = 0
[ 127.626832][ T5904] loop0: detected capacity change from 0 to 32768
[ 127.652316][ T5904] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor333 (5904)
[ 127.669313][ T5904] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 127.679568][ T5904] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 127.688387][ T5904] BTRFS info (device loop0): doing ref verification
[ 127.695158][ T5904] BTRFS info (device loop0): force zlib compression, level 3
[ 127.702733][ T5904] BTRFS info (device loop0): using free space tree
[pid 5904] mount("/dev/loop0", "./file0", "btrfs", 0, "commit=0x0000000000000022,noautodefrag,ref_verify,skip_balance,compress-force,") = 0
[pid 5904] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5904] chdir("./file0") = 0
[pid 5904] ioctl(4, LOOP_CLR_FD) = 0
[pid 5904] close(4) = 0
[pid 5904] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[ 127.727024][ T5904] BTRFS info (device loop0): enabling ssd optimizations
[ 127.734603][ T5904] BTRFS info (device loop0): auto enabling async discard
[pid 5904] fallocate(4, 0, 0, 1048820) = 0
[pid 5904] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5904] write(5, "56", 2) = 2
[ 127.762291][ T28] audit: type=1800 audit(1701700651.029:51): pid=5904 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor333" name="bus" dev="loop0" ino=263 res=0 errno=0
[ 127.793363][ T5904] FAULT_INJECTION: forcing a failure.
[ 127.793363][ T5904] name failslab, interval 1, probability 0, space 0, times 0
[ 127.807296][ T5904] CPU: 0 PID: 5904 Comm: syz-executor333 Not tainted 6.7.0-rc4-syzkaller #0
[ 127.816055][ T5904] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 127.826202][ T5904] Call Trace:
[ 127.829532][ T5904]
[ 127.832506][ T5904] dump_stack_lvl+0x1e7/0x2d0
[ 127.837280][ T5904] ? nf_tcp_handle_invalid+0x650/0x650
[ 127.842802][ T5904] ? panic+0x850/0x850
[ 127.846928][ T5904] ? __kasan_slab_alloc+0x66/0x70
[ 127.852064][ T5904] should_fail_ex+0x3aa/0x4e0
[ 127.856897][ T5904] ? btrfs_add_delayed_tree_ref+0x241/0xfa0
[ 127.863094][ T5904] should_failslab+0x9/0x20
[ 127.867680][ T5904] kmem_cache_alloc+0x6d/0x2b0
[ 127.872690][ T5904] btrfs_add_delayed_tree_ref+0x241/0xfa0
[ 127.878504][ T5904] ? btrfs_delete_ref_head+0x270/0x270
[ 127.884129][ T5904] btrfs_free_tree_block+0x3b4/0xd90
[ 127.889504][ T5904] ? unpin_extent_range+0xcc0/0xcc0
[ 127.894858][ T5904] ? btrfs_tree_mod_log_insert_root+0xa4/0xa10
[ 127.901086][ T5904] ? __write_extent_buffer+0x331/0x410
[ 127.906615][ T5904] btrfs_force_cow_block+0xf37/0x1b70
[ 127.912088][ T5904] ? btrfs_block_can_be_shared+0x360/0x360
[ 127.918006][ T5904] ? btrfs_qgroup_add_swapped_blocks+0x980/0x990
[ 127.924399][ T5904] ? clear_nonspinnable+0x60/0x60
[ 127.929513][ T5904] btrfs_cow_block+0x35e/0xa20
[ 127.934431][ T5904] btrfs_search_slot+0xbdd/0x30c0
[ 127.939551][ T5904] ? __stack_depot_save+0x20/0x650
[ 127.944789][ T5904] ? btrfs_find_item+0x5c0/0x5c0
[ 127.949790][ T5904] ? btrfs_extent_root+0x2a1/0x3b0
[ 127.954954][ T5904] ? btrfs_sync_file+0xf50/0x1330
[ 127.960030][ T5904] ? btrfs_do_write_iter+0xbc5/0x1190
[ 127.965456][ T5904] ? btrfs_csum_root+0x3b0/0x3b0
[ 127.970608][ T5904] lookup_inline_extent_backref+0x409/0x1650
[ 127.976682][ T5904] ? insert_extent_data_ref+0xa30/0xa30
[ 127.982276][ T5904] ? __kasan_slab_alloc+0x66/0x70
[ 127.987343][ T5904] ? __btrfs_free_extent+0x26f/0x38e0
[ 127.992749][ T5904] ? __btrfs_free_extent+0x26f/0x38e0
[ 127.998233][ T5904] ? trace_kmem_cache_alloc+0x1f/0x90
[ 128.003660][ T5904] __btrfs_free_extent+0x2fb/0x38e0
[ 128.008964][ T5904] ? __btrfs_inc_extent_ref+0x610/0x610
[ 128.015200][ T5904] ? lock_downgrade+0x840/0x8f0
[ 128.020242][ T5904] ? __btrfs_run_delayed_refs+0xa94/0x44d0
[ 128.026456][ T5904] ? __lock_acquire+0x1fd0/0x1fd0
[ 128.031515][ T5904] ? do_raw_read_unlock+0x3c/0x80
[ 128.036562][ T5904] ? _raw_read_unlock+0x28/0x40
[ 128.041438][ T5904] ? do_raw_spin_unlock+0x13b/0x8b0
[ 128.046673][ T5904] __btrfs_run_delayed_refs+0x13c8/0x44d0
[ 128.052529][ T5904] ? look_up_lock_class+0x77/0x160
[ 128.057762][ T5904] ? mark_lock+0x9a/0x350
[ 128.062224][ T5904] ? btrfs_run_delayed_refs+0x2c0/0x2c0
[ 128.068806][ T5904] ? __lock_acquire+0x1345/0x1fd0
[ 128.073942][ T5904] ? read_lock_is_recursive+0x20/0x20
[ 128.079385][ T5904] btrfs_run_delayed_refs+0xe3/0x2c0
[ 128.084743][ T5904] btrfs_commit_transaction+0x4ba/0x3740
[ 128.090591][ T5904] ? btrfs_commit_transaction+0x17b/0x3740
[ 128.096509][ T5904] ? btrfs_commit_transaction_async+0x480/0x480
[ 128.102905][ T5904] ? __up_read+0x6a0/0x6a0
[ 128.107347][ T5904] ? dput+0x52/0x470
[ 128.111415][ T5904] btrfs_sync_file+0xf50/0x1330
[ 128.116317][ T5904] ? btrfs_release_file+0x130/0x130
[ 128.121652][ T5904] ? __lock_acquire+0x1fd0/0x1fd0
[ 128.126694][ T5904] ? do_raw_spin_lock+0x14e/0x370
[ 128.131806][ T5904] ? do_raw_spin_unlock+0x13b/0x8b0
[ 128.137058][ T5904] btrfs_do_write_iter+0xbc5/0x1190
[ 128.142297][ T5904] ? mark_lock+0x9a/0x350
[ 128.146655][ T5904] ? btrfs_check_nocow_unlock+0x40/0x40
[ 128.152227][ T5904] do_iter_readv_writev+0x330/0x4a0
[ 128.157463][ T5904] ? generic_file_rw_checks+0x260/0x260
[ 128.163061][ T5904] ? fsnotify_perm+0x67/0x5a0
[ 128.167760][ T5904] ? bpf_lsm_file_permission+0x9/0x10
[ 128.173160][ T5904] do_iter_write+0x1f6/0x8d0
[ 128.177804][ T5904] do_pwritev+0x21a/0x360
[ 128.182179][ T5904] ? do_preadv+0x350/0x350
[ 128.186653][ T5904] ? do_notify_parent+0x10c0/0x10c0
[ 128.192011][ T5904] ? lockdep_hardirqs_on_prepare+0x43c/0x780
[ 128.198020][ T5904] ? print_irqtrace_events+0x220/0x220
[ 128.203592][ T5904] ? syscall_enter_from_user_mode+0xa4/0x2d0
[ 128.209776][ T5904] ? syscall_enter_from_user_mode+0xf5/0x2d0
[ 128.215773][ T5904] ? __x64_sys_pwritev2+0xbd/0x100
[ 128.220925][ T5904] do_syscall_64+0x45/0x110
[ 128.225550][ T5904] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 128.231482][ T5904] RIP: 0033:0x7fbb1142c2e9
[ 128.236000][ T5904] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 128.255734][ T5904] RSP: 002b:00007ffcc5e96ae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[ 128.264260][ T5904] RAX: ffffffffffffffda RBX: 00007ffcc5e96b20 RCX: 00007fbb1142c2e9
[ 128.272247][ T5904] RDX: 0000000000000001 RSI: 00000000200026c0 RDI: 0000000000000004
[ 128.280267][ T5904] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000010
[ 128.288278][ T5904] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcc5e96b1c
[ 128.296288][ T5904] R13: 0000000000000031 R14: 431bde82d7b634db R15: 00007ffcc5e96b60
[ 128.304316][ T5904]
[ 128.309945][ T5904] ------------[ cut here ]------------
[ 128.315463][ T5904] kernel BUG at fs/btrfs/extent-tree.c:3439!
[ 128.321558][ T5904] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[ 128.327667][ T5904] CPU: 0 PID: 5904 Comm: syz-executor333 Not tainted 6.7.0-rc4-syzkaller #0
[ 128.336345][ T5904] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 128.346412][ T5904] RIP: 0010:btrfs_free_tree_block+0xd83/0xd90
[ 128.352510][ T5904] Code: 89 f1 80 e1 07 38 c1 0f 8c 61 f8 ff ff be 08 00 00 00 4c 89 f7 e8 3d 2b 5b fe e9 4f f8 ff ff e8 b3 de 87 07 e8 6e 22 ff fd 90 <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 90 55 41 57 41 56 41 55 41 54
[ 128.372224][ T5904] RSP: 0018:ffffc9000b116600 EFLAGS: 00010293
[ 128.378325][ T5904] RAX: ffffffff838f57d2 RBX: 00000000fffffff4 RCX: ffff888016375940
[ 128.386305][ T5904] RDX: 0000000000000000 RSI: 00000000fffffff4 RDI: 0000000000000000
[ 128.394281][ T5904] RBP: ffffc9000b116770 R08: ffffffff838f4e0f R09: 1ffffffff21bae86
[ 128.402355][ T5904] R10: dffffc0000000000 R11: fffffbfff21bae87 R12: ffff000000000100
[ 128.410350][ T5904] R13: dffffc0000000000 R14: 0000000000000002 R15: ffffc9000b1166a0
[ 128.418352][ T5904] FS: 00005555562e7380(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[ 128.427343][ T5904] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 128.433944][ T5904] CR2: 00007fbb114a90f8 CR3: 00000000288e1000 CR4: 00000000003506f0
[ 128.441940][ T5904] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 128.450457][ T5904] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 128.458456][ T5904] Call Trace:
[ 128.461750][ T5904]
[ 128.464692][ T5904] ? __die_body+0x8b/0xe0
[ 128.469038][ T5904] ? die+0xa1/0xd0
[ 128.472856][ T5904] ? do_trap+0x153/0x380
[ 128.477120][ T5904] ? btrfs_free_tree_block+0xd83/0xd90
[ 128.482606][ T5904] ? do_error_trap+0x1dc/0x2c0
[ 128.487406][ T5904] ? btrfs_free_tree_block+0xd83/0xd90
[ 128.492917][ T5904] ? btrfs_add_delayed_tree_ref+0x2bb/0xfa0
[ 128.498822][ T5904] ? do_int3+0x50/0x50
[ 128.502926][ T5904] ? handle_invalid_op+0x34/0x40
[ 128.507893][ T5904] ? btrfs_free_tree_block+0xd83/0xd90
[ 128.513389][ T5904] ? exc_invalid_op+0x34/0x50
[ 128.518116][ T5904] ? asm_exc_invalid_op+0x1a/0x20
[ 128.523251][ T5904] ? btrfs_free_tree_block+0x3bf/0xd90
[ 128.528730][ T5904] ? btrfs_free_tree_block+0xd82/0xd90
[ 128.534232][ T5904] ? btrfs_free_tree_block+0xd83/0xd90
[ 128.539726][ T5904] ? unpin_extent_range+0xcc0/0xcc0
[ 128.544971][ T5904] ? btrfs_tree_mod_log_insert_root+0xa4/0xa10
[ 128.551153][ T5904] ? __write_extent_buffer+0x331/0x410
[ 128.556656][ T5904] btrfs_force_cow_block+0xf37/0x1b70
[ 128.562073][ T5904] ? btrfs_block_can_be_shared+0x360/0x360
[ 128.567926][ T5904] ? btrfs_qgroup_add_swapped_blocks+0x980/0x990
[ 128.574268][ T5904] ? clear_nonspinnable+0x60/0x60
[ 128.579400][ T5904] btrfs_cow_block+0x35e/0xa20
[ 128.584184][ T5904] btrfs_search_slot+0xbdd/0x30c0
[ 128.589334][ T5904] ? __stack_depot_save+0x20/0x650
[ 128.594653][ T5904] ? btrfs_find_item+0x5c0/0x5c0
[ 128.599714][ T5904] ? btrfs_extent_root+0x2a1/0x3b0
[ 128.604851][ T5904] ? btrfs_sync_file+0xf50/0x1330
[ 128.609894][ T5904] ? btrfs_do_write_iter+0xbc5/0x1190
[ 128.615290][ T5904] ? btrfs_csum_root+0x3b0/0x3b0
[ 128.620248][ T5904] lookup_inline_extent_backref+0x409/0x1650
[ 128.626249][ T5904] ? insert_extent_data_ref+0xa30/0xa30
[ 128.631806][ T5904] ? __kasan_slab_alloc+0x66/0x70
[ 128.637380][ T5904] ? __btrfs_free_extent+0x26f/0x38e0
[ 128.642763][ T5904] ? __btrfs_free_extent+0x26f/0x38e0
[ 128.648142][ T5904] ? trace_kmem_cache_alloc+0x1f/0x90
[ 128.653531][ T5904] __btrfs_free_extent+0x2fb/0x38e0
[ 128.658748][ T5904] ? __btrfs_inc_extent_ref+0x610/0x610
[ 128.664299][ T5904] ? lock_downgrade+0x840/0x8f0
[ 128.669162][ T5904] ? __btrfs_run_delayed_refs+0xa94/0x44d0
[ 128.674984][ T5904] ? __lock_acquire+0x1fd0/0x1fd0
[ 128.680016][ T5904] ? do_raw_read_unlock+0x3c/0x80
[ 128.685060][ T5904] ? _raw_read_unlock+0x28/0x40
[ 128.690023][ T5904] ? do_raw_spin_unlock+0x13b/0x8b0
[ 128.695341][ T5904] __btrfs_run_delayed_refs+0x13c8/0x44d0
[ 128.701831][ T5904] ? look_up_lock_class+0x77/0x160
[ 128.706977][ T5904] ? mark_lock+0x9a/0x350
[ 128.711324][ T5904] ? btrfs_run_delayed_refs+0x2c0/0x2c0
[ 128.716889][ T5904] ? __lock_acquire+0x1345/0x1fd0
[ 128.721947][ T5904] ? read_lock_is_recursive+0x20/0x20
[ 128.727422][ T5904] btrfs_run_delayed_refs+0xe3/0x2c0
[ 128.732756][ T5904] btrfs_commit_transaction+0x4ba/0x3740
[ 128.738421][ T5904] ? btrfs_commit_transaction+0x17b/0x3740
[ 128.744255][ T5904] ? btrfs_commit_transaction_async+0x480/0x480
[ 128.750620][ T5904] ? __up_read+0x6a0/0x6a0
[ 128.755043][ T5904] ? dput+0x52/0x470
[ 128.758986][ T5904] btrfs_sync_file+0xf50/0x1330
[ 128.763858][ T5904] ? btrfs_release_file+0x130/0x130
[ 128.769084][ T5904] ? __lock_acquire+0x1fd0/0x1fd0
[ 128.774119][ T5904] ? do_raw_spin_lock+0x14e/0x370
[ 128.779206][ T5904] ? do_raw_spin_unlock+0x13b/0x8b0
[ 128.784629][ T5904] btrfs_do_write_iter+0xbc5/0x1190
[ 128.790366][ T5904] ? mark_lock+0x9a/0x350
[ 128.794725][ T5904] ? btrfs_check_nocow_unlock+0x40/0x40
[ 128.800286][ T5904] do_iter_readv_writev+0x330/0x4a0
[ 128.805528][ T5904] ? generic_file_rw_checks+0x260/0x260
[ 128.811269][ T5904] ? fsnotify_perm+0x67/0x5a0
[ 128.815986][ T5904] ? bpf_lsm_file_permission+0x9/0x10
[ 128.821392][ T5904] do_iter_write+0x1f6/0x8d0
[ 128.826102][ T5904] do_pwritev+0x21a/0x360
[ 128.830453][ T5904] ? do_preadv+0x350/0x350
[ 128.834893][ T5904] ? do_notify_parent+0x10c0/0x10c0
[ 128.840109][ T5904] ? lockdep_hardirqs_on_prepare+0x43c/0x780
[ 128.846100][ T5904] ? print_irqtrace_events+0x220/0x220
[ 128.851575][ T5904] ? syscall_enter_from_user_mode+0xa4/0x2d0
[ 128.857576][ T5904] ? syscall_enter_from_user_mode+0xf5/0x2d0
[ 128.863569][ T5904] ? __x64_sys_pwritev2+0xbd/0x100
[ 128.868698][ T5904] do_syscall_64+0x45/0x110
[ 128.873227][ T5904] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 128.879141][ T5904] RIP: 0033:0x7fbb1142c2e9
[ 128.883564][ T5904] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 128.903179][ T5904] RSP: 002b:00007ffcc5e96ae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[ 128.911606][ T5904] RAX: ffffffffffffffda RBX: 00007ffcc5e96b20 RCX: 00007fbb1142c2e9
[ 128.919592][ T5904] RDX: 0000000000000001 RSI: 00000000200026c0 RDI: 0000000000000004
[ 128.927565][ T5904] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000010
[ 128.935541][ T5904] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcc5e96b1c
[ 128.943524][ T5904] R13: 0000000000000031 R14: 431bde82d7b634db R15: 00007ffcc5e96b60
[ 128.951513][ T5904]
[ 128.954533][ T5904] Modules linked in:
[ 128.958813][ T5904] ---[ end trace 0000000000000000 ]---
[ 128.964296][ T5904] RIP: 0010:btrfs_free_tree_block+0xd83/0xd90
[ 128.970463][ T5904] Code: 89 f1 80 e1 07 38 c1 0f 8c 61 f8 ff ff be 08 00 00 00 4c 89 f7 e8 3d 2b 5b fe e9 4f f8 ff ff e8 b3 de 87 07 e8 6e 22 ff fd 90 <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 90 55 41 57 41 56 41 55 41 54
[ 128.990292][ T5904] RSP: 0018:ffffc9000b116600 EFLAGS: 00010293
[ 128.996392][ T5904] RAX: ffffffff838f57d2 RBX: 00000000fffffff4 RCX: ffff888016375940
[ 129.004643][ T5904] RDX: 0000000000000000 RSI: 00000000fffffff4 RDI: 0000000000000000
[ 129.012820][ T5904] RBP: ffffc9000b116770 R08: ffffffff838f4e0f R09: 1ffffffff21bae86
[ 129.020861][ T5904] R10: dffffc0000000000 R11: fffffbfff21bae87 R12: ffff000000000100
[ 129.028888][ T5904] R13: dffffc0000000000 R14: 0000000000000002 R15: ffffc9000b1166a0
[ 129.037079][ T5904] FS: 00005555562e7380(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[ 129.046083][ T5904] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 129.052724][ T5904] CR2: 00007fbb114a90f8 CR3: 00000000288e1000 CR4: 00000000003506f0
[ 129.060755][ T5904] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 129.068807][ T5904] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 129.076816][ T5904] Kernel panic - not syncing: Fatal exception
[ 129.083660][ T5904] Kernel Offset: disabled
[ 129.088006][ T5904] Rebooting in 86400 seconds..