./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3369944640 <...> Warning: Permanently added '10.128.1.3' (ECDSA) to the list of known hosts. execve("./syz-executor3369944640", ["./syz-executor3369944640"], 0x7ffc18904e70 /* 10 vars */) = 0 brk(NULL) = 0x555557300000 brk(0x555557300c40) = 0x555557300c40 arch_prctl(ARCH_SET_FS, 0x555557300300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor3369944640", 4096) = 28 brk(0x555557321c40) = 0x555557321c40 brk(0x555557322000) = 0x555557322000 mprotect(0x7f77f5fb9000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 getpid() = 5079 mkdir("./syzkaller.7jtDcf", 0700) = 0 chmod("./syzkaller.7jtDcf", 0777) = 0 chdir("./syzkaller.7jtDcf") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5080 attached [pid 5080] chdir("./0") = 0 [pid 5080] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5080] setpgid(0, 0) = 0 [pid 5080] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5079] <... clone resumed>, child_tidptr=0x5555573005d0) = 5080 [pid 5080] <... openat resumed>) = 3 [pid 5080] write(3, "1000", 4) = 4 [pid 5080] close(3) = 0 [pid 5080] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5080] memfd_create("syzkaller", 0) = 3 [pid 5080] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f77edaf8000 [ 60.348821][ T5080] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5080 'syz-executor336' [pid 5080] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5080] munmap(0x7f77edaf8000, 16777216) = 0 [pid 5080] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5080] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5080] close(3) = 0 [pid 5080] mkdir("./file0", 0777) = 0 [ 60.560960][ T5080] loop0: detected capacity change from 0 to 32768 [ 60.574310][ T5080] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor336 (5080) [ 60.596297][ T5080] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [pid 5080] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5080] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5080] chdir("./file0") = 0 [pid 5080] ioctl(4, LOOP_CLR_FD) = 0 [pid 5080] close(4) = 0 [pid 5080] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [ 60.605516][ T5080] BTRFS info (device loop0): using free space tree [ 60.630802][ T5080] BTRFS info (device loop0): enabling ssd optimizations [ 60.637845][ T5080] BTRFS info (device loop0): auto enabling async discard [pid 5080] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5080] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5080] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5080] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6 [pid 5080] write(6, "9", 1) = 1 [ 60.744689][ T42] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 60.748844][ T5080] FAULT_INJECTION: forcing a failure. [ 60.748844][ T5080] name failslab, interval 1, probability 0, space 0, times 1 [ 60.767531][ T5080] CPU: 0 PID: 5080 Comm: syz-executor336 Not tainted 6.3.0-rc2-syzkaller-00405-ga3671bd86a97 #0 [ 60.778006][ T5080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 60.788108][ T5080] Call Trace: [ 60.791422][ T5080] [ 60.794393][ T5080] dump_stack_lvl+0x1e7/0x2d0 [ 60.799150][ T5080] ? nf_tcp_handle_invalid+0x650/0x650 [ 60.804685][ T5080] ? panic+0x770/0x770 [ 60.808799][ T5080] ? __might_sleep+0xc0/0xc0 [ 60.813438][ T5080] should_fail_ex+0x3aa/0x4e0 [ 60.818167][ T5080] should_failslab+0x9/0x20 [ 60.822714][ T5080] slab_pre_alloc_hook+0x59/0x2b0 [ 60.827792][ T5080] kmem_cache_alloc+0x52/0x2e0 [ 60.832576][ T5080] ? alloc_extent_map+0x21/0x130 [ 60.837538][ T5080] alloc_extent_map+0x21/0x130 [ 60.842322][ T5080] cow_file_range+0x5cc/0xfe0 [ 60.847023][ T5080] ? run_delalloc_zoned+0x590/0x590 [ 60.852233][ T5080] ? find_lock_delalloc_range+0x7af/0x9a0 [ 60.857983][ T5080] btrfs_run_delalloc_range+0xe9b/0x11d0 [ 60.863637][ T5080] ? mark_lock+0x9a/0x340 [ 60.867986][ T5080] writepage_delalloc+0x261/0x590 [ 60.873060][ T5080] ? end_bio_extent_buffer_writepage+0x880/0x880 [ 60.879517][ T5080] ? rcu_lock_release+0x5/0x30 [ 60.884476][ T5080] ? __lock_acquire+0x1f80/0x1f80 [ 60.889613][ T5080] ? set_page_extent_mapped+0x154/0x1b0 [ 60.895202][ T5080] __extent_writepage+0x850/0x16d0 [ 60.900347][ T5080] ? extent_write_locked_range+0xdc0/0xdc0 [ 60.906186][ T5080] ? folio_wait_writeback+0x1b2/0x1f0 [ 60.911617][ T5080] extent_writepages+0xc31/0x1930 [ 60.916674][ T5080] ? __extent_writepage+0x16d0/0x16d0 [ 60.922088][ T5080] ? __lock_acquire+0x125b/0x1f80 [ 60.927132][ T5080] ? acls_after_inode_item+0x5f0/0x5f0 [ 60.932695][ T5080] do_writepages+0x3a6/0x670 [ 60.937314][ T5080] ? folio_nr_pages+0x1c0/0x1c0 [ 60.942185][ T5080] ? __lock_acquire+0x1f80/0x1f80 [ 60.947226][ T5080] ? do_raw_spin_lock+0x14d/0x3a0 [ 60.952268][ T5080] ? do_raw_spin_unlock+0x13b/0x8b0 [ 60.957492][ T5080] ? wbc_attach_and_unlock_inode+0x351/0x560 [ 60.963492][ T5080] filemap_fdatawrite_wbc+0x125/0x180 [ 60.968886][ T5080] filemap_fdatawrite_range+0x16e/0x1e0 [ 60.974747][ T5080] ? filemap_fdatawrite+0x1b0/0x1b0 [ 60.979984][ T5080] ? __might_sleep+0xc0/0xc0 [ 60.984594][ T5080] ? __down_write_common+0x161/0x200 [ 60.989897][ T5080] ? stack_trace_save+0x1c0/0x1c0 [ 60.994937][ T5080] btrfs_fdatawrite_range+0x4f/0x110 [ 61.000247][ T5080] btrfs_wait_ordered_range+0x59/0x260 [ 61.005733][ T5080] btrfs_fallocate+0x474/0x1fa0 [ 61.010624][ T5080] ? btrfs_file_open+0xf0/0xf0 [ 61.015410][ T5080] ? read_lock_is_recursive+0x20/0x20 [ 61.020815][ T5080] ? rcu_read_lock_any_held+0xb7/0x160 [ 61.026299][ T5080] ? rcu_read_lock_bh_held+0x120/0x120 [ 61.031774][ T5080] ? __lock_acquire+0x1f80/0x1f80 [ 61.036903][ T5080] vfs_fallocate+0x54b/0x6b0 [ 61.041516][ T5080] do_vfs_ioctl+0x22aa/0x2b10 [ 61.046221][ T5080] ? __x64_compat_sys_ioctl+0x90/0x90 [ 61.051618][ T5080] ? __lock_acquire+0x1f80/0x1f80 [ 61.056651][ T5080] ? lockdep_hardirqs_on+0x98/0x140 [ 61.061878][ T5080] ? tomoyo_path_number_perm+0x663/0x840 [ 61.067522][ T5080] ? tomoyo_path_number_perm+0x6e4/0x840 [ 61.073188][ T5080] ? smack_log+0x123/0x540 [ 61.077618][ T5080] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 61.083094][ T5080] ? smk_access+0x4b0/0x4b0 [ 61.087610][ T5080] ? _raw_spin_lock_irqsave+0x120/0x120 [ 61.093173][ T5080] ? smk_access+0x477/0x4b0 [ 61.097728][ T5080] ? smk_tskacc+0x2ff/0x360 [ 61.102247][ T5080] ? smack_file_ioctl+0x295/0x390 [ 61.107288][ T5080] ? smack_file_alloc_security+0xe0/0xe0 [ 61.112933][ T5080] ? do_notify_parent+0xf50/0xf50 [ 61.118162][ T5080] ? print_irqtrace_events+0x220/0x220 [ 61.123633][ T5080] ? bpf_lsm_file_ioctl+0x9/0x10 [ 61.128582][ T5080] ? security_file_ioctl+0x81/0xa0 [ 61.133713][ T5080] __se_sys_ioctl+0x81/0x160 [ 61.138326][ T5080] do_syscall_64+0x41/0xc0 [ 61.142759][ T5080] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 61.148668][ T5080] RIP: 0033:0x7f77f5f45ac9 [ 61.153098][ T5080] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 61.172732][ T5080] RSP: 002b:00007ffe41c06098 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 61.181160][ T5080] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f77f5f45ac9 [ 61.189166][ T5080] RDX: 0000000020000100 RSI: 0000000040305829 RDI: 0000000000000005 [ 61.197147][ T5080] RBP: 00007ffe41c060c0 R08: 0000000000000001 R09: 00007ffe41c060d0 [ 61.205124][ T5080] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 61.213100][ T5080] R13: 00007ffe41c06100 R14: 00007ffe41c060e0 R15: 0000000000000000 [ 61.221096][ T5080] [pid 5080] ioctl(5, _IOC(_IOC_WRITE, 0x58, 0x29, 0x30), 0x20000100) = -1 EIO (Input/output error) [pid 5080] exit_group(0) = ? [pid 5080] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5080, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=28 /* 0.28 s */} --- umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557301620 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./0/binderfs") = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557309660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557309660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x555557301620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573005d0) = 5107 ./strace-static-x86_64: Process 5107 attached [pid 5107] chdir("./1") = 0 [pid 5107] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5107] setpgid(0, 0) = 0 [pid 5107] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5107] write(3, "1000", 4) = 4 [pid 5107] close(3) = 0 [pid 5107] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5107] memfd_create("syzkaller", 0) = 3 [pid 5107] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f77edaf8000 [pid 5107] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5107] munmap(0x7f77edaf8000, 16777216) = 0 [pid 5107] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5107] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5107] close(3) = 0 [pid 5107] mkdir("./file0", 0777) = 0 [ 61.696674][ T5107] loop0: detected capacity change from 0 to 32768 [ 61.708041][ T5107] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor336 (5107) [ 61.724701][ T5107] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 61.733541][ T5107] BTRFS info (device loop0): using free space tree [pid 5107] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5107] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5107] chdir("./file0") = 0 [pid 5107] ioctl(4, LOOP_CLR_FD) = 0 [pid 5107] close(4) = 0 [pid 5107] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [ 61.753841][ T5107] BTRFS info (device loop0): enabling ssd optimizations [ 61.761127][ T5107] BTRFS info (device loop0): auto enabling async discard [pid 5107] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5107] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5107] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5107] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6 [pid 5107] write(6, "9", 1) = 1 [ 61.835589][ T5107] FAULT_INJECTION: forcing a failure. [ 61.835589][ T5107] name failslab, interval 1, probability 0, space 0, times 0 [ 61.855336][ T9] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 61.865466][ T5107] CPU: 0 PID: 5107 Comm: syz-executor336 Not tainted 6.3.0-rc2-syzkaller-00405-ga3671bd86a97 #0 [ 61.876106][ T5107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 61.886233][ T5107] Call Trace: [ 61.889547][ T5107] [ 61.892507][ T5107] dump_stack_lvl+0x1e7/0x2d0 [ 61.897242][ T5107] ? nf_tcp_handle_invalid+0x650/0x650 [ 61.902757][ T5107] ? panic+0x770/0x770 [ 61.906874][ T5107] ? __might_sleep+0xc0/0xc0 [ 61.911551][ T5107] should_fail_ex+0x3aa/0x4e0 [ 61.916297][ T5107] should_failslab+0x9/0x20 [ 61.920847][ T5107] slab_pre_alloc_hook+0x59/0x2b0 [ 61.925924][ T5107] kmem_cache_alloc+0x52/0x2e0 [ 61.930740][ T5107] ? alloc_extent_map+0x21/0x130 [ 61.935743][ T5107] alloc_extent_map+0x21/0x130 [ 61.940644][ T5107] cow_file_range+0x5cc/0xfe0 [ 61.945385][ T5107] ? run_delalloc_zoned+0x590/0x590 [ 61.950769][ T5107] ? find_lock_delalloc_range+0x7af/0x9a0 [ 61.956552][ T5107] btrfs_run_delalloc_range+0xe9b/0x11d0 [ 61.962235][ T5107] ? mark_lock+0x9a/0x340 [ 61.966612][ T5107] writepage_delalloc+0x261/0x590 [ 61.971685][ T5107] ? end_bio_extent_buffer_writepage+0x880/0x880 [ 61.978042][ T5107] ? rcu_lock_release+0x5/0x30 [ 61.982808][ T5107] ? __lock_acquire+0x1f80/0x1f80 [ 61.987839][ T5107] ? set_page_extent_mapped+0x154/0x1b0 [ 61.993394][ T5107] __extent_writepage+0x850/0x16d0 [ 61.998533][ T5107] ? extent_write_locked_range+0xdc0/0xdc0 [ 62.004354][ T5107] ? folio_wait_writeback+0x1b2/0x1f0 [ 62.009737][ T5107] extent_writepages+0xc31/0x1930 [ 62.014783][ T5107] ? __extent_writepage+0x16d0/0x16d0 [ 62.020160][ T5107] ? validate_chain+0x119/0x58e0 [ 62.025116][ T5107] ? __lock_acquire+0x125b/0x1f80 [ 62.030153][ T5107] ? acls_after_inode_item+0x5f0/0x5f0 [ 62.035621][ T5107] do_writepages+0x3a6/0x670 [ 62.040225][ T5107] ? folio_nr_pages+0x1c0/0x1c0 [ 62.045179][ T5107] ? __lock_acquire+0x1f80/0x1f80 [ 62.050207][ T5107] ? do_raw_spin_lock+0x14d/0x3a0 [ 62.055246][ T5107] ? do_raw_spin_unlock+0x13b/0x8b0 [ 62.060462][ T5107] ? wbc_attach_and_unlock_inode+0x351/0x560 [ 62.066496][ T5107] filemap_fdatawrite_wbc+0x125/0x180 [ 62.071872][ T5107] filemap_fdatawrite_range+0x16e/0x1e0 [ 62.077423][ T5107] ? filemap_fdatawrite+0x1b0/0x1b0 [ 62.082636][ T5107] ? __might_sleep+0xc0/0xc0 [ 62.087232][ T5107] ? __down_write_common+0x161/0x200 [ 62.092530][ T5107] ? stack_trace_save+0x1c0/0x1c0 [ 62.097560][ T5107] btrfs_fdatawrite_range+0x4f/0x110 [ 62.102858][ T5107] btrfs_wait_ordered_range+0x59/0x260 [ 62.108328][ T5107] btrfs_fallocate+0x474/0x1fa0 [ 62.113215][ T5107] ? btrfs_file_open+0xf0/0xf0 [ 62.117991][ T5107] ? read_lock_is_recursive+0x20/0x20 [ 62.123403][ T5107] ? rcu_read_lock_any_held+0xb7/0x160 [ 62.128868][ T5107] ? rcu_read_lock_bh_held+0x120/0x120 [ 62.134337][ T5107] ? __lock_acquire+0x1f80/0x1f80 [ 62.139367][ T5107] vfs_fallocate+0x54b/0x6b0 [ 62.143966][ T5107] do_vfs_ioctl+0x22aa/0x2b10 [ 62.148660][ T5107] ? __x64_compat_sys_ioctl+0x90/0x90 [ 62.154127][ T5107] ? __lock_acquire+0x1f80/0x1f80 [ 62.159169][ T5107] ? lockdep_hardirqs_on+0x98/0x140 [ 62.164396][ T5107] ? tomoyo_path_number_perm+0x663/0x840 [ 62.170045][ T5107] ? tomoyo_path_number_perm+0x6e4/0x840 [ 62.175687][ T5107] ? smack_log+0x123/0x540 [ 62.180126][ T5107] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 62.185610][ T5107] ? smk_access+0x4b0/0x4b0 [ 62.190144][ T5107] ? _raw_spin_lock_irqsave+0x120/0x120 [ 62.195735][ T5107] ? smk_access+0x477/0x4b0 [ 62.200257][ T5107] ? smk_tskacc+0x2ff/0x360 [ 62.204869][ T5107] ? smack_file_ioctl+0x295/0x390 [ 62.209918][ T5107] ? smack_file_alloc_security+0xe0/0xe0 [ 62.215569][ T5107] ? do_notify_parent+0xf50/0xf50 [ 62.220630][ T5107] ? print_irqtrace_events+0x220/0x220 [ 62.226147][ T5107] ? bpf_lsm_file_ioctl+0x9/0x10 [ 62.231099][ T5107] ? security_file_ioctl+0x81/0xa0 [ 62.236231][ T5107] __se_sys_ioctl+0x81/0x160 [ 62.240839][ T5107] do_syscall_64+0x41/0xc0 [ 62.245271][ T5107] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 62.251183][ T5107] RIP: 0033:0x7f77f5f45ac9 [ 62.255639][ T5107] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 62.275387][ T5107] RSP: 002b:00007ffe41c06098 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 62.283823][ T5107] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f77f5f45ac9 [ 62.291812][ T5107] RDX: 0000000020000100 RSI: 0000000040305829 RDI: 0000000000000005 [ 62.299820][ T5107] RBP: 00007ffe41c060c0 R08: 0000000000000001 R09: 00007ffe41c060d0 [ 62.307796][ T5107] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 62.315770][ T5107] R13: 00007ffe41c06100 R14: 00007ffe41c060e0 R15: 0000000000000001 [ 62.323868][ T5107] [pid 5107] ioctl(5, _IOC(_IOC_WRITE, 0x58, 0x29, 0x30), 0x20000100) = -1 EIO (Input/output error) [pid 5107] exit_group(0) = ? [pid 5107] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5107, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=23 /* 0.23 s */} --- umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557301620 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./1/binderfs") = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557309660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557309660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 getdents64(3, 0x555557301620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573005d0) = 5126 ./strace-static-x86_64: Process 5126 attached [pid 5126] chdir("./2") = 0 [pid 5126] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5126] setpgid(0, 0) = 0 [pid 5126] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5126] write(3, "1000", 4) = 4 [pid 5126] close(3) = 0 [pid 5126] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5126] memfd_create("syzkaller", 0) = 3 [pid 5126] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f77edaf8000 [pid 5126] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5126] munmap(0x7f77edaf8000, 16777216) = 0 [pid 5126] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5126] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5126] close(3) = 0 [pid 5126] mkdir("./file0", 0777) = 0 [ 62.785617][ T5126] loop0: detected capacity change from 0 to 32768 [ 62.795520][ T5126] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor336 (5126) [ 62.811745][ T5126] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 62.820646][ T5126] BTRFS info (device loop0): using free space tree [pid 5126] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5126] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5126] chdir("./file0") = 0 [pid 5126] ioctl(4, LOOP_CLR_FD) = 0 [pid 5126] close(4) = 0 [pid 5126] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5126] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5126] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5126] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5126] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6 [pid 5126] write(6, "9", 1) = 1 [ 62.839064][ T5126] BTRFS info (device loop0): enabling ssd optimizations [ 62.846550][ T5126] BTRFS info (device loop0): auto enabling async discard [ 62.878284][ T5126] FAULT_INJECTION: forcing a failure. [ 62.878284][ T5126] name failslab, interval 1, probability 0, space 0, times 0 [ 62.891299][ T5126] CPU: 0 PID: 5126 Comm: syz-executor336 Not tainted 6.3.0-rc2-syzkaller-00405-ga3671bd86a97 #0 [ 62.901764][ T5126] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 62.911834][ T5126] Call Trace: [ 62.915121][ T5126] [ 62.918063][ T5126] dump_stack_lvl+0x1e7/0x2d0 [ 62.922768][ T5126] ? nf_tcp_handle_invalid+0x650/0x650 [ 62.928273][ T5126] ? panic+0x770/0x770 [ 62.932370][ T5126] ? __might_sleep+0xc0/0xc0 [ 62.936984][ T5126] ? btrfs_run_delalloc_range+0xe9b/0x11d0 [ 62.942800][ T5126] ? __extent_writepage+0x850/0x16d0 [ 62.948110][ T5126] ? do_writepages+0x3a6/0x670 [ 62.952901][ T5126] should_fail_ex+0x3aa/0x4e0 [ 62.957606][ T5126] should_failslab+0x9/0x20 [ 62.962151][ T5126] slab_pre_alloc_hook+0x59/0x2b0 [ 62.967198][ T5126] kmem_cache_alloc+0x52/0x2e0 [ 62.971976][ T5126] ? alloc_extent_state+0x25/0x2e0 [ 62.977191][ T5126] alloc_extent_state+0x25/0x2e0 [ 62.982162][ T5126] __clear_extent_bit+0x18d/0xb20 [ 62.987209][ T5126] clear_record_extent_bits+0x52/0x80 [ 62.992601][ T5126] __btrfs_qgroup_release_data+0x4a4/0xa60 [ 62.998519][ T5126] ? btrfs_qgroup_free_data+0x40/0x40 [ 63.003931][ T5126] btrfs_add_ordered_extent+0xe2/0xc20 [ 63.009406][ T5126] ? btrfs_replace_extent_map_range+0x134/0x170 [ 63.015658][ T5126] cow_file_range+0x764/0xfe0 [ 63.020363][ T5126] ? run_delalloc_zoned+0x590/0x590 [ 63.025574][ T5126] ? find_lock_delalloc_range+0x7af/0x9a0 [ 63.031321][ T5126] btrfs_run_delalloc_range+0xe9b/0x11d0 [ 63.036986][ T5126] ? mark_lock+0x9a/0x340 [ 63.041332][ T5126] writepage_delalloc+0x261/0x590 [ 63.046393][ T5126] ? end_bio_extent_buffer_writepage+0x880/0x880 [ 63.052744][ T5126] ? rcu_lock_release+0x5/0x30 [ 63.057620][ T5126] ? __lock_acquire+0x1f80/0x1f80 [ 63.062662][ T5126] ? set_page_extent_mapped+0x154/0x1b0 [ 63.068253][ T5126] __extent_writepage+0x850/0x16d0 [ 63.073415][ T5126] ? extent_write_locked_range+0xdc0/0xdc0 [ 63.079272][ T5126] ? folio_wait_writeback+0x1b2/0x1f0 [ 63.084681][ T5126] extent_writepages+0xc31/0x1930 [ 63.089746][ T5126] ? __extent_writepage+0x16d0/0x16d0 [ 63.095139][ T5126] ? validate_chain+0x119/0x58e0 [ 63.100110][ T5126] ? __lock_acquire+0x125b/0x1f80 [ 63.105162][ T5126] ? acls_after_inode_item+0x5f0/0x5f0 [ 63.110640][ T5126] do_writepages+0x3a6/0x670 [ 63.115257][ T5126] ? folio_nr_pages+0x1c0/0x1c0 [ 63.120130][ T5126] ? __lock_acquire+0x1f80/0x1f80 [ 63.125173][ T5126] ? do_raw_spin_lock+0x14d/0x3a0 [ 63.130211][ T5126] ? do_raw_spin_unlock+0x13b/0x8b0 [ 63.135431][ T5126] ? wbc_attach_and_unlock_inode+0x351/0x560 [ 63.141435][ T5126] filemap_fdatawrite_wbc+0x125/0x180 [ 63.146822][ T5126] filemap_fdatawrite_range+0x16e/0x1e0 [ 63.152384][ T5126] ? filemap_fdatawrite+0x1b0/0x1b0 [ 63.157614][ T5126] ? __might_sleep+0xc0/0xc0 [ 63.162224][ T5126] ? __down_write_common+0x161/0x200 [ 63.167617][ T5126] ? stack_trace_save+0x1c0/0x1c0 [ 63.172676][ T5126] btrfs_fdatawrite_range+0x4f/0x110 [ 63.177986][ T5126] btrfs_wait_ordered_range+0x59/0x260 [ 63.183468][ T5126] btrfs_fallocate+0x474/0x1fa0 [ 63.188357][ T5126] ? btrfs_file_open+0xf0/0xf0 [ 63.193153][ T5126] ? read_lock_is_recursive+0x20/0x20 [ 63.198553][ T5126] ? rcu_read_lock_any_held+0xb7/0x160 [ 63.204139][ T5126] ? rcu_read_lock_bh_held+0x120/0x120 [ 63.209628][ T5126] ? __lock_acquire+0x1f80/0x1f80 [ 63.214673][ T5126] vfs_fallocate+0x54b/0x6b0 [ 63.219290][ T5126] do_vfs_ioctl+0x22aa/0x2b10 [ 63.223999][ T5126] ? __x64_compat_sys_ioctl+0x90/0x90 [ 63.229388][ T5126] ? __lock_acquire+0x1f80/0x1f80 [ 63.234421][ T5126] ? lockdep_hardirqs_on+0x98/0x140 [ 63.240083][ T5126] ? tomoyo_path_number_perm+0x663/0x840 [ 63.245817][ T5126] ? tomoyo_path_number_perm+0x6e4/0x840 [ 63.251464][ T5126] ? smack_log+0x123/0x540 [ 63.258680][ T5126] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 63.264260][ T5126] ? smk_access+0x4b0/0x4b0 [ 63.268803][ T5126] ? _raw_spin_lock_irqsave+0x120/0x120 [ 63.274368][ T5126] ? smk_access+0x477/0x4b0 [ 63.293058][ T5126] ? smk_tskacc+0x2ff/0x360 [ 63.297615][ T5126] ? smack_file_ioctl+0x295/0x390 [ 63.302651][ T5126] ? smack_file_alloc_security+0xe0/0xe0 [ 63.308409][ T5126] ? do_notify_parent+0xf50/0xf50 [ 63.313457][ T5126] ? print_irqtrace_events+0x220/0x220 [ 63.319015][ T5126] ? bpf_lsm_file_ioctl+0x9/0x10 [ 63.324061][ T5126] ? security_file_ioctl+0x81/0xa0 [ 63.329300][ T5126] __se_sys_ioctl+0x81/0x160 [ 63.333914][ T5126] do_syscall_64+0x41/0xc0 [ 63.338359][ T5126] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 63.344704][ T5126] RIP: 0033:0x7f77f5f45ac9 [ 63.349132][ T5126] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 63.368842][ T5126] RSP: 002b:00007ffe41c06098 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 63.377380][ T5126] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f77f5f45ac9 [pid 5126] ioctl(5, _IOC(_IOC_WRITE, 0x58, 0x29, 0x30), 0x20000100) = 0 [pid 5126] exit_group(0) = ? [pid 5126] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5126, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=21 /* 0.21 s */} --- umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557301620 /* 4 entries */, 32768) = 112 [ 63.385449][ T5126] RDX: 0000000020000100 RSI: 0000000040305829 RDI: 0000000000000005 [ 63.393445][ T5126] RBP: 00007ffe41c060c0 R08: 0000000000000001 R09: 00007ffe41c060d0 [ 63.401449][ T5126] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 63.409564][ T5126] R13: 00007ffe41c06100 R14: 00007ffe41c060e0 R15: 0000000000000002 [ 63.417676][ T5126] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./2/binderfs") = 0 [ 63.461395][ T9] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557309660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557309660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 getdents64(3, 0x555557301620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5149 attached , child_tidptr=0x5555573005d0) = 5149 [pid 5149] chdir("./3") = 0 [pid 5149] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5149] setpgid(0, 0) = 0 [pid 5149] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5149] write(3, "1000", 4) = 4 [pid 5149] close(3) = 0 [pid 5149] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5149] memfd_create("syzkaller", 0) = 3 [pid 5149] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f77edaf8000 [pid 5149] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5149] munmap(0x7f77edaf8000, 16777216) = 0 [pid 5149] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5149] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5149] close(3) = 0 [pid 5149] mkdir("./file0", 0777) = 0 [ 63.849156][ T5149] loop0: detected capacity change from 0 to 32768 [ 63.860732][ T5149] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor336 (5149) [ 63.877981][ T5149] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 63.886701][ T5149] BTRFS info (device loop0): using free space tree [pid 5149] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5149] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5149] chdir("./file0") = 0 [pid 5149] ioctl(4, LOOP_CLR_FD) = 0 [pid 5149] close(4) = 0 [pid 5149] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5149] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5149] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5149] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5149] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6 [pid 5149] write(6, "9", 1) = 1 [ 63.908108][ T5149] BTRFS info (device loop0): enabling ssd optimizations [ 63.915465][ T5149] BTRFS info (device loop0): auto enabling async discard [ 63.965888][ T5149] FAULT_INJECTION: forcing a failure. [ 63.965888][ T5149] name failslab, interval 1, probability 0, space 0, times 0 [ 63.979103][ T5149] CPU: 0 PID: 5149 Comm: syz-executor336 Not tainted 6.3.0-rc2-syzkaller-00405-ga3671bd86a97 #0 [ 63.989571][ T5149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 63.997130][ T9] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 63.999643][ T5149] Call Trace: [ 63.999669][ T5149] [ 63.999680][ T5149] dump_stack_lvl+0x1e7/0x2d0 [ 64.019911][ T5149] ? filemap_fdatawrite_range+0x16e/0x1e0 [ 64.026113][ T5149] ? nf_tcp_handle_invalid+0x650/0x650 [ 64.031642][ T5149] ? panic+0x770/0x770 [ 64.035731][ T5149] ? __lock_acquire+0x125b/0x1f80 [ 64.040783][ T5149] should_fail_ex+0x3aa/0x4e0 [ 64.045509][ T5149] should_failslab+0x9/0x20 [ 64.050038][ T5149] slab_pre_alloc_hook+0x59/0x2b0 [ 64.055113][ T5149] ? ulist_add_merge+0x14c/0x470 [ 64.060067][ T5149] __kmem_cache_alloc_node+0x4b/0x290 [ 64.065468][ T5149] ? ulist_add_merge+0x14c/0x470 [ 64.070415][ T5149] kmalloc_trace+0x2a/0xe0 [ 64.074851][ T5149] ulist_add_merge+0x14c/0x470 [ 64.079638][ T5149] clear_state_bit+0x148/0x330 [ 64.084436][ T5149] __clear_extent_bit+0x523/0xb20 [ 64.089485][ T5149] clear_record_extent_bits+0x52/0x80 [ 64.094878][ T5149] __btrfs_qgroup_release_data+0x4a4/0xa60 [ 64.100709][ T5149] ? btrfs_qgroup_free_data+0x40/0x40 [ 64.106123][ T5149] btrfs_add_ordered_extent+0xe2/0xc20 [ 64.111603][ T5149] ? btrfs_replace_extent_map_range+0x134/0x170 [ 64.117862][ T5149] cow_file_range+0x764/0xfe0 [ 64.122572][ T5149] ? run_delalloc_zoned+0x590/0x590 [ 64.127788][ T5149] ? find_lock_delalloc_range+0x7af/0x9a0 [ 64.133637][ T5149] btrfs_run_delalloc_range+0xe9b/0x11d0 [ 64.139309][ T5149] ? mark_lock+0x9a/0x340 [ 64.143663][ T5149] writepage_delalloc+0x261/0x590 [ 64.148807][ T5149] ? end_bio_extent_buffer_writepage+0x880/0x880 [ 64.155156][ T5149] ? rcu_lock_release+0x5/0x30 [ 64.159931][ T5149] ? __lock_acquire+0x1f80/0x1f80 [ 64.165021][ T5149] ? set_page_extent_mapped+0x154/0x1b0 [ 64.170614][ T5149] __extent_writepage+0x850/0x16d0 [ 64.175853][ T5149] ? extent_write_locked_range+0xdc0/0xdc0 [ 64.181690][ T5149] ? folio_wait_writeback+0x1b2/0x1f0 [ 64.187092][ T5149] extent_writepages+0xc31/0x1930 [ 64.192163][ T5149] ? __extent_writepage+0x16d0/0x16d0 [ 64.197552][ T5149] ? validate_chain+0x119/0x58e0 [ 64.202539][ T5149] ? __lock_acquire+0x125b/0x1f80 [ 64.207605][ T5149] ? acls_after_inode_item+0x5f0/0x5f0 [ 64.213185][ T5149] do_writepages+0x3a6/0x670 [ 64.217820][ T5149] ? folio_nr_pages+0x1c0/0x1c0 [ 64.222802][ T5149] ? __lock_acquire+0x1f80/0x1f80 [ 64.227869][ T5149] ? do_raw_spin_lock+0x14d/0x3a0 [ 64.232931][ T5149] ? do_raw_spin_unlock+0x13b/0x8b0 [ 64.238162][ T5149] ? wbc_attach_and_unlock_inode+0x351/0x560 [ 64.244196][ T5149] filemap_fdatawrite_wbc+0x125/0x180 [ 64.249589][ T5149] filemap_fdatawrite_range+0x16e/0x1e0 [ 64.255163][ T5149] ? filemap_fdatawrite+0x1b0/0x1b0 [ 64.260404][ T5149] ? __might_sleep+0xc0/0xc0 [ 64.265050][ T5149] ? __down_write_common+0x161/0x200 [ 64.270376][ T5149] ? stack_trace_save+0x1c0/0x1c0 [ 64.275425][ T5149] btrfs_fdatawrite_range+0x4f/0x110 [ 64.280749][ T5149] btrfs_wait_ordered_range+0x59/0x260 [ 64.286234][ T5149] btrfs_fallocate+0x474/0x1fa0 [ 64.291125][ T5149] ? btrfs_file_open+0xf0/0xf0 [ 64.295921][ T5149] ? read_lock_is_recursive+0x20/0x20 [ 64.301580][ T5149] ? rcu_read_lock_any_held+0xb7/0x160 [ 64.307074][ T5149] ? rcu_read_lock_bh_held+0x120/0x120 [ 64.312559][ T5149] ? __lock_acquire+0x1f80/0x1f80 [ 64.317616][ T5149] vfs_fallocate+0x54b/0x6b0 [ 64.322230][ T5149] do_vfs_ioctl+0x22aa/0x2b10 [ 64.326929][ T5149] ? __x64_compat_sys_ioctl+0x90/0x90 [ 64.332406][ T5149] ? __lock_acquire+0x1f80/0x1f80 [ 64.337440][ T5149] ? lockdep_hardirqs_on+0x98/0x140 [ 64.342660][ T5149] ? tomoyo_path_number_perm+0x663/0x840 [ 64.348309][ T5149] ? tomoyo_path_number_perm+0x6e4/0x840 [ 64.353983][ T5149] ? smack_log+0x123/0x540 [ 64.358520][ T5149] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 64.364044][ T5149] ? smk_access+0x4b0/0x4b0 [ 64.368573][ T5149] ? _raw_spin_lock_irqsave+0x120/0x120 [ 64.374150][ T5149] ? smk_access+0x477/0x4b0 [ 64.378711][ T5149] ? smk_tskacc+0x2ff/0x360 [ 64.383234][ T5149] ? smack_file_ioctl+0x295/0x390 [ 64.388274][ T5149] ? smack_file_alloc_security+0xe0/0xe0 [ 64.393933][ T5149] ? do_notify_parent+0xf50/0xf50 [ 64.398984][ T5149] ? print_irqtrace_events+0x220/0x220 [ 64.404465][ T5149] ? bpf_lsm_file_ioctl+0x9/0x10 [ 64.409418][ T5149] ? security_file_ioctl+0x81/0xa0 [ 64.414555][ T5149] __se_sys_ioctl+0x81/0x160 [ 64.419208][ T5149] do_syscall_64+0x41/0xc0 [ 64.423697][ T5149] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 64.429636][ T5149] RIP: 0033:0x7f77f5f45ac9 [ 64.434256][ T5149] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 64.454053][ T5149] RSP: 002b:00007ffe41c06098 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 64.462574][ T5149] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f77f5f45ac9 [ 64.470557][ T5149] RDX: 0000000020000100 RSI: 0000000040305829 RDI: 0000000000000005 [ 64.478542][ T5149] RBP: 00007ffe41c060c0 R08: 0000000000000001 R09: 00007ffe41c060d0 [ 64.486531][ T5149] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 64.494538][ T5149] R13: 00007ffe41c06100 R14: 00007ffe41c060e0 R15: 0000000000000003 [ 64.502540][ T5149] [ 64.506138][ T5149] ------------[ cut here ]------------ [ 64.511645][ T5149] kernel BUG at fs/btrfs/extent-io-tree.c:515! [ 64.517910][ T5149] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 64.524021][ T5149] CPU: 0 PID: 5149 Comm: syz-executor336 Not tainted 6.3.0-rc2-syzkaller-00405-ga3671bd86a97 #0 [ 64.534467][ T5149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 64.544558][ T5149] RIP: 0010:clear_state_bit+0x328/0x330 [ 64.550155][ T5149] Code: 34 fe e9 9a fd ff ff 44 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c c7 fe ff ff 4c 89 ef e8 a2 bc 34 fe e9 ba fe ff ff e8 d8 0b df fd <0f> 0b 66 0f 1f 44 00 00 f3 0f 1e fa 55 48 89 e5 41 57 41 56 41 55 [ 64.569797][ T5149] RSP: 0018:ffffc900040ae970 EFLAGS: 00010293 [ 64.575903][ T5149] RAX: ffffffff83ab6148 RBX: 00000000fffffff4 RCX: ffff88802bf68000 [ 64.583910][ T5149] RDX: 0000000000000000 RSI: 00000000fffffff4 RDI: 0000000000000000 [ 64.591963][ T5149] RBP: 0000000000000000 R08: ffffffff83ab5f73 R09: fffffbfff1a02ba3 [ 64.600150][ T5149] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff88801dcdf000 [ 64.608158][ T5149] R13: ffffc900040aeb78 R14: 0000000000000800 R15: dffffc0000000000 [ 64.616192][ T5149] FS: 0000555557300300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 64.625145][ T5149] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 64.631823][ T5149] CR2: 0000000020010000 CR3: 000000001e73e000 CR4: 00000000003506f0 [ 64.639806][ T5149] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 64.647791][ T5149] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 64.655853][ T5149] Call Trace: [ 64.659277][ T5149] [ 64.662218][ T5149] __clear_extent_bit+0x523/0xb20 [ 64.667274][ T5149] clear_record_extent_bits+0x52/0x80 [ 64.672743][ T5149] __btrfs_qgroup_release_data+0x4a4/0xa60 [ 64.678567][ T5149] ? btrfs_qgroup_free_data+0x40/0x40 [ 64.684053][ T5149] btrfs_add_ordered_extent+0xe2/0xc20 [ 64.689526][ T5149] ? btrfs_replace_extent_map_range+0x134/0x170 [ 64.695863][ T5149] cow_file_range+0x764/0xfe0 [ 64.700559][ T5149] ? run_delalloc_zoned+0x590/0x590 [ 64.705768][ T5149] ? find_lock_delalloc_range+0x7af/0x9a0 [ 64.711598][ T5149] btrfs_run_delalloc_range+0xe9b/0x11d0 [ 64.717418][ T5149] ? mark_lock+0x9a/0x340 [ 64.721758][ T5149] writepage_delalloc+0x261/0x590 [ 64.726810][ T5149] ? end_bio_extent_buffer_writepage+0x880/0x880 [ 64.733158][ T5149] ? rcu_lock_release+0x5/0x30 [ 64.737939][ T5149] ? __lock_acquire+0x1f80/0x1f80 [ 64.742973][ T5149] ? set_page_extent_mapped+0x154/0x1b0 [ 64.748529][ T5149] __extent_writepage+0x850/0x16d0 [ 64.753657][ T5149] ? extent_write_locked_range+0xdc0/0xdc0 [ 64.759476][ T5149] ? folio_wait_writeback+0x1b2/0x1f0 [ 64.764955][ T5149] extent_writepages+0xc31/0x1930 [ 64.769997][ T5149] ? __extent_writepage+0x16d0/0x16d0 [ 64.775398][ T5149] ? validate_chain+0x119/0x58e0 [ 64.780352][ T5149] ? __lock_acquire+0x125b/0x1f80 [ 64.785393][ T5149] ? acls_after_inode_item+0x5f0/0x5f0 [ 64.790868][ T5149] do_writepages+0x3a6/0x670 [ 64.795476][ T5149] ? folio_nr_pages+0x1c0/0x1c0 [ 64.800346][ T5149] ? __lock_acquire+0x1f80/0x1f80 [ 64.805389][ T5149] ? do_raw_spin_lock+0x14d/0x3a0 [ 64.810422][ T5149] ? do_raw_spin_unlock+0x13b/0x8b0 [ 64.815649][ T5149] ? wbc_attach_and_unlock_inode+0x351/0x560 [ 64.821989][ T5149] filemap_fdatawrite_wbc+0x125/0x180 [ 64.827368][ T5149] filemap_fdatawrite_range+0x16e/0x1e0 [ 64.832923][ T5149] ? filemap_fdatawrite+0x1b0/0x1b0 [ 64.838132][ T5149] ? __might_sleep+0xc0/0xc0 [ 64.842741][ T5149] ? __down_write_common+0x161/0x200 [ 64.848043][ T5149] ? stack_trace_save+0x1c0/0x1c0 [ 64.853076][ T5149] btrfs_fdatawrite_range+0x4f/0x110 [ 64.858396][ T5149] btrfs_wait_ordered_range+0x59/0x260 [ 64.864310][ T5149] btrfs_fallocate+0x474/0x1fa0 [ 64.869188][ T5149] ? btrfs_file_open+0xf0/0xf0 [ 64.874055][ T5149] ? read_lock_is_recursive+0x20/0x20 [ 64.879626][ T5149] ? rcu_read_lock_any_held+0xb7/0x160 [ 64.885119][ T5149] ? rcu_read_lock_bh_held+0x120/0x120 [ 64.890696][ T5149] ? __lock_acquire+0x1f80/0x1f80 [ 64.895732][ T5149] vfs_fallocate+0x54b/0x6b0 [ 64.900336][ T5149] do_vfs_ioctl+0x22aa/0x2b10 [ 64.905044][ T5149] ? __x64_compat_sys_ioctl+0x90/0x90 [ 64.910428][ T5149] ? __lock_acquire+0x1f80/0x1f80 [ 64.915453][ T5149] ? lockdep_hardirqs_on+0x98/0x140 [ 64.920658][ T5149] ? tomoyo_path_number_perm+0x663/0x840 [ 64.926300][ T5149] ? tomoyo_path_number_perm+0x6e4/0x840 [ 64.931940][ T5149] ? smack_log+0x123/0x540 [ 64.936369][ T5149] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 64.941835][ T5149] ? smk_access+0x4b0/0x4b0 [ 64.946344][ T5149] ? _raw_spin_lock_irqsave+0x120/0x120 [ 64.951925][ T5149] ? smk_access+0x477/0x4b0 [ 64.956441][ T5149] ? smk_tskacc+0x2ff/0x360 [ 64.961043][ T5149] ? smack_file_ioctl+0x295/0x390 [ 64.966078][ T5149] ? smack_file_alloc_security+0xe0/0xe0 [ 64.971717][ T5149] ? do_notify_parent+0xf50/0xf50 [ 64.976759][ T5149] ? print_irqtrace_events+0x220/0x220 [ 64.982223][ T5149] ? bpf_lsm_file_ioctl+0x9/0x10 [ 64.987169][ T5149] ? security_file_ioctl+0x81/0xa0 [ 64.992287][ T5149] __se_sys_ioctl+0x81/0x160 [ 64.996892][ T5149] do_syscall_64+0x41/0xc0 [ 65.001321][ T5149] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 65.007241][ T5149] RIP: 0033:0x7f77f5f45ac9 [ 65.011659][ T5149] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 65.031273][ T5149] RSP: 002b:00007ffe41c06098 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 65.039783][ T5149] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f77f5f45ac9 [ 65.047775][ T5149] RDX: 0000000020000100 RSI: 0000000040305829 RDI: 0000000000000005 [ 65.055767][ T5149] RBP: 00007ffe41c060c0 R08: 0000000000000001 R09: 00007ffe41c060d0 [ 65.063760][ T5149] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 65.071733][ T5149] R13: 00007ffe41c06100 R14: 00007ffe41c060e0 R15: 0000000000000003 [ 65.079741][ T5149] [ 65.082759][ T5149] Modules linked in: [ 65.086765][ T5149] ---[ end trace 0000000000000000 ]--- [ 65.092245][ T5149] RIP: 0010:clear_state_bit+0x328/0x330 [ 65.097858][ T5149] Code: 34 fe e9 9a fd ff ff 44 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c c7 fe ff ff 4c 89 ef e8 a2 bc 34 fe e9 ba fe ff ff e8 d8 0b df fd <0f> 0b 66 0f 1f 44 00 00 f3 0f 1e fa 55 48 89 e5 41 57 41 56 41 55 [ 65.117528][ T5149] RSP: 0018:ffffc900040ae970 EFLAGS: 00010293 [ 65.123648][ T5149] RAX: ffffffff83ab6148 RBX: 00000000fffffff4 RCX: ffff88802bf68000 [ 65.131660][ T5149] RDX: 0000000000000000 RSI: 00000000fffffff4 RDI: 0000000000000000 [ 65.139686][ T5149] RBP: 0000000000000000 R08: ffffffff83ab5f73 R09: fffffbfff1a02ba3 [ 65.147892][ T5149] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff88801dcdf000 [ 65.155905][ T5149] R13: ffffc900040aeb78 R14: 0000000000000800 R15: dffffc0000000000 [ 65.163967][ T5149] FS: 0000555557300300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 65.172927][ T5149] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 65.179575][ T5149] CR2: 0000000020010000 CR3: 000000001e73e000 CR4: 00000000003506f0 [ 65.187635][ T5149] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 65.195702][ T5149] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 65.203745][ T5149] Kernel panic - not syncing: Fatal exception [ 65.210005][ T5149] Kernel Offset: disabled [ 65.214351][ T5149] Rebooting in 86400 seconds..