./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1582038594
<...>
Warning: Permanently added '10.128.15.197' (ECDSA) to the list of known hosts.
execve("./syz-executor1582038594", ["./syz-executor1582038594"], 0x7ffcfc1e8d00 /* 10 vars */) = 0
brk(NULL) = 0x555556520000
brk(0x555556520c40) = 0x555556520c40
arch_prctl(ARCH_SET_FS, 0x555556520300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor1582038594", 4096) = 28
brk(0x555556541c40) = 0x555556541c40
brk(0x555556542000) = 0x555556542000
mprotect(0x7f0f91c2d000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
getpid() = 4993
mkdir("./syzkaller.G05zKL", 0700) = 0
chmod("./syzkaller.G05zKL", 0777) = 0
chdir("./syzkaller.G05zKL") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555565205d0) = 4994
./strace-static-x86_64: Process 4994 attached
[pid 4994] chdir("./0") = 0
[pid 4994] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 4994] setpgid(0, 0) = 0
[pid 4994] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 4994] write(3, "1000", 4) = 4
[pid 4994] close(3) = 0
[pid 4994] symlink("/dev/binderfs", "./binderfs") = 0
[pid 4994] memfd_create("syzkaller", 0) = 3
[pid 4994] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f8976c000
[ 63.937444][ T4994] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=4994 'syz-executor158'
[pid 4994] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 4994] munmap(0x7f0f8976c000, 16777216) = 0
[pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 4994] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 4994] close(3) = 0
[pid 4994] mkdir("./file0", 0777) = 0
[ 64.149122][ T4994] loop0: detected capacity change from 0 to 32768
[ 64.161763][ T4994] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor158 (4994)
[ 64.184431][ T4994] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[pid 4994] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0
[pid 4994] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 4994] chdir("./file0") = 0
[pid 4994] ioctl(4, LOOP_CLR_FD) = 0
[pid 4994] close(4) = 0
[pid 4994] openat(AT_FDCWD, ".pending_reads", O_RDWR|O_CREAT|O_DSYNC, 000) = 4
[pid 4994] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[ 64.193402][ T4994] BTRFS info (device loop0): using free space tree
[ 64.217836][ T4994] BTRFS info (device loop0): enabling ssd optimizations
[ 64.225879][ T4994] BTRFS info (device loop0): auto enabling async discard
[pid 4994] ioctl(5, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 4994] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 4994] write(6, "15", 2) = 2
[ 64.332017][ T4994] FAULT_INJECTION: forcing a failure.
[ 64.332017][ T4994] name failslab, interval 1, probability 0, space 0, times 1
[ 64.345425][ T4994] CPU: 1 PID: 4994 Comm: syz-executor158 Not tainted 6.4.0-rc1-syzkaller-00177-gbb7c241fae62 #0
[ 64.348680][ T66] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 64.355864][ T4994] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
[ 64.355891][ T4994] Call Trace:
[ 64.355899][ T4994]
[ 64.355908][ T4994] dump_stack_lvl+0x1e7/0x2d0
[ 64.355970][ T4994] ? nf_tcp_handle_invalid+0x650/0x650
[ 64.356004][ T4994] ? panic+0x770/0x770
[ 64.356032][ T4994] ? __might_sleep+0xc0/0xc0
[ 64.356070][ T4994] should_fail_ex+0x3aa/0x4e0
[ 64.356103][ T4994] should_failslab+0x9/0x20
[ 64.409589][ T4994] slab_pre_alloc_hook+0x59/0x2b0
[ 64.414713][ T4994] kmem_cache_alloc+0x52/0x2e0
[ 64.419520][ T4994] ? alloc_extent_map+0x21/0x130
[ 64.424607][ T4994] alloc_extent_map+0x21/0x130
[ 64.429422][ T4994] btrfs_get_extent+0x2a4/0x15d0
[ 64.434430][ T4994] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0
[ 64.440466][ T4994] ? print_irqtrace_events+0x220/0x220
[ 64.445992][ T4994] ? _raw_spin_unlock_irq+0x23/0x50
[ 64.451328][ T4994] ? btrfs_cont_expand+0xcd0/0xcd0
[ 64.456493][ T4994] ? btrfs_lookup_first_ordered_range+0x380/0x550
[ 64.462964][ T4994] ? btrfs_assert_inode_range_clean+0x62/0x1d0
[ 64.469164][ T4994] btrfs_fallocate+0xb64/0x1fa0
[ 64.474047][ T4994] ? btrfs_file_open+0xf0/0xf0
[ 64.478827][ T4994] ? read_lock_is_recursive+0x20/0x20
[ 64.484219][ T4994] ? rcu_read_lock_any_held+0xb7/0x160
[ 64.489698][ T4994] ? rcu_read_lock_bh_held+0x120/0x120
[ 64.495190][ T4994] ? __lock_acquire+0x2000/0x2000
[ 64.500244][ T4994] vfs_fallocate+0x54b/0x6b0
[ 64.504854][ T4994] do_vfs_ioctl+0x22aa/0x2b10
[ 64.509547][ T4994] ? __x64_compat_sys_ioctl+0x90/0x90
[ 64.514936][ T4994] ? __lock_acquire+0x2000/0x2000
[ 64.519978][ T4994] ? lockdep_hardirqs_on+0x98/0x140
[ 64.525369][ T4994] ? __kmem_cache_free+0x264/0x3c0
[ 64.530496][ T4994] ? tomoyo_path_number_perm+0x6e4/0x840
[ 64.536146][ T4994] ? smack_log+0x123/0x540
[ 64.540576][ T4994] ? tomoyo_check_path_acl+0x1c0/0x1c0
[ 64.546048][ T4994] ? smk_access+0x4b0/0x4b0
[ 64.550581][ T4994] ? _raw_spin_lock_irqsave+0x120/0x120
[ 64.556133][ T4994] ? smk_access+0x477/0x4b0
[ 64.560683][ T4994] ? smk_tskacc+0x2ff/0x360
[ 64.565210][ T4994] ? smack_file_ioctl+0x295/0x390
[ 64.570243][ T4994] ? smack_file_alloc_security+0xe0/0xe0
[ 64.575888][ T4994] ? do_notify_parent+0xf50/0xf50
[ 64.580933][ T4994] ? print_irqtrace_events+0x220/0x220
[ 64.586405][ T4994] ? bpf_lsm_file_ioctl+0x9/0x10
[ 64.591354][ T4994] ? security_file_ioctl+0x81/0xa0
[ 64.596691][ T4994] __se_sys_ioctl+0x81/0x160
[ 64.601348][ T4994] do_syscall_64+0x41/0xc0
[ 64.605788][ T4994] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 64.611714][ T4994] RIP: 0033:0x7f0f91bb9ab9
[ 64.616160][ T4994] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 64.636072][ T4994] RSP: 002b:00007ffe189fa328 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 64.644844][ T4994] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0f91bb9ab9
[ 64.652994][ T4994] RDX: 0000000020000080 RSI: 0000000040305828 RDI: 0000000000000004
[ 64.661086][ T4994] RBP: 00007ffe189fa350 R08: 0000000000000002 R09: 00007ffe189fa360
[ 64.669074][ T4994] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[pid 4994] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x20000080) = -1 ENOMEM (Cannot allocate memory)
[pid 4994] exit_group(0) = ?
[pid 4994] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4994, si_uid=0, si_status=0, si_utime=0, si_stime=28 /* 0.28 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556521620 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./0/binderfs") = 0
[ 64.677068][ T4994] R13: 00007ffe189fa390 R14: 00007ffe189fa370 R15: 0000000000000000
[ 64.685077][ T4994]
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556529660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556529660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./0/file0") = 0
getdents64(3, 0x555556521620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./0") = 0
mkdir("./1", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555565205d0) = 5018
./strace-static-x86_64: Process 5018 attached
[pid 5018] chdir("./1") = 0
[pid 5018] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5018] setpgid(0, 0) = 0
[pid 5018] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5018] write(3, "1000", 4) = 4
[pid 5018] close(3) = 0
[pid 5018] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5018] memfd_create("syzkaller", 0) = 3
[pid 5018] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f8976c000
[pid 5018] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5018] munmap(0x7f0f8976c000, 16777216) = 0
[pid 5018] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5018] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5018] close(3) = 0
[pid 5018] mkdir("./file0", 0777) = 0
[ 65.075434][ T5018] loop0: detected capacity change from 0 to 32768
[ 65.087368][ T5018] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor158 (5018)
[ 65.104793][ T5018] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 65.113761][ T5018] BTRFS info (device loop0): using free space tree
[pid 5018] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0
[pid 5018] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5018] chdir("./file0") = 0
[pid 5018] ioctl(4, LOOP_CLR_FD) = 0
[pid 5018] close(4) = 0
[pid 5018] openat(AT_FDCWD, ".pending_reads", O_RDWR|O_CREAT|O_DSYNC, 000) = 4
[pid 5018] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[pid 5018] ioctl(5, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[ 65.131300][ T5018] BTRFS info (device loop0): enabling ssd optimizations
[ 65.138728][ T5018] BTRFS info (device loop0): auto enabling async discard
[pid 5018] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 5018] write(6, "15", 2) = 2
[ 65.196649][ T5018] FAULT_INJECTION: forcing a failure.
[ 65.196649][ T5018] name failslab, interval 1, probability 0, space 0, times 0
[ 65.210318][ T10] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 65.219846][ T5018] CPU: 0 PID: 5018 Comm: syz-executor158 Not tainted 6.4.0-rc1-syzkaller-00177-gbb7c241fae62 #0
[ 65.230315][ T5018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
[ 65.240410][ T5018] Call Trace:
[ 65.243727][ T5018]
[ 65.246700][ T5018] dump_stack_lvl+0x1e7/0x2d0
[ 65.251439][ T5018] ? nf_tcp_handle_invalid+0x650/0x650
[ 65.256988][ T5018] ? panic+0x770/0x770
[ 65.261110][ T5018] ? __might_sleep+0xc0/0xc0
[ 65.265768][ T5018] should_fail_ex+0x3aa/0x4e0
[ 65.270510][ T5018] should_failslab+0x9/0x20
[ 65.275061][ T5018] slab_pre_alloc_hook+0x59/0x2b0
[ 65.280135][ T5018] kmem_cache_alloc+0x52/0x2e0
[ 65.284941][ T5018] ? alloc_extent_map+0x21/0x130
[ 65.289933][ T5018] alloc_extent_map+0x21/0x130
[ 65.294746][ T5018] btrfs_get_extent+0x2a4/0x15d0
[ 65.299754][ T5018] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0
[ 65.305881][ T5018] ? print_irqtrace_events+0x220/0x220
[ 65.311395][ T5018] ? _raw_spin_unlock_irq+0x23/0x50
[ 65.316645][ T5018] ? btrfs_cont_expand+0xcd0/0xcd0
[ 65.321818][ T5018] ? btrfs_lookup_first_ordered_range+0x380/0x550
[ 65.328285][ T5018] ? btrfs_assert_inode_range_clean+0x62/0x1d0
[ 65.334487][ T5018] btrfs_fallocate+0xb64/0x1fa0
[ 65.339408][ T5018] ? btrfs_file_open+0xf0/0xf0
[ 65.344250][ T5018] ? read_lock_is_recursive+0x20/0x20
[ 65.349689][ T5018] ? rcu_read_lock_any_held+0xb7/0x160
[ 65.355196][ T5018] ? rcu_read_lock_bh_held+0x120/0x120
[ 65.360701][ T5018] ? __lock_acquire+0x2000/0x2000
[ 65.365796][ T5018] vfs_fallocate+0x54b/0x6b0
[ 65.370443][ T5018] do_vfs_ioctl+0x22aa/0x2b10
[ 65.375180][ T5018] ? __x64_compat_sys_ioctl+0x90/0x90
[ 65.380608][ T5018] ? __lock_acquire+0x2000/0x2000
[ 65.385669][ T5018] ? lockdep_hardirqs_on+0x98/0x140
[ 65.390904][ T5018] ? __kmem_cache_free+0x264/0x3c0
[ 65.396036][ T5018] ? tomoyo_path_number_perm+0x6e4/0x840
[ 65.401698][ T5018] ? smack_log+0x123/0x540
[ 65.406132][ T5018] ? tomoyo_check_path_acl+0x1c0/0x1c0
[ 65.411606][ T5018] ? smk_access+0x4b0/0x4b0
[ 65.416121][ T5018] ? _raw_spin_lock_irqsave+0x120/0x120
[ 65.421700][ T5018] ? smk_access+0x477/0x4b0
[ 65.426230][ T5018] ? smk_tskacc+0x2ff/0x360
[ 65.430765][ T5018] ? smack_file_ioctl+0x295/0x390
[ 65.435822][ T5018] ? smack_file_alloc_security+0xe0/0xe0
[ 65.441506][ T5018] ? do_notify_parent+0xf50/0xf50
[ 65.446563][ T5018] ? print_irqtrace_events+0x220/0x220
[ 65.452043][ T5018] ? bpf_lsm_file_ioctl+0x9/0x10
[ 65.457006][ T5018] ? security_file_ioctl+0x81/0xa0
[ 65.462503][ T5018] __se_sys_ioctl+0x81/0x160
[ 65.467143][ T5018] do_syscall_64+0x41/0xc0
[ 65.471608][ T5018] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 65.477538][ T5018] RIP: 0033:0x7f0f91bb9ab9
[ 65.481978][ T5018] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 65.501606][ T5018] RSP: 002b:00007ffe189fa328 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 65.510049][ T5018] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0f91bb9ab9
[ 65.518051][ T5018] RDX: 0000000020000080 RSI: 0000000040305828 RDI: 0000000000000004
[ 65.526158][ T5018] RBP: 00007ffe189fa350 R08: 0000000000000002 R09: 00007ffe189fa360
[ 65.534173][ T5018] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[pid 5018] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x20000080) = -1 ENOMEM (Cannot allocate memory)
[pid 5018] exit_group(0) = ?
[pid 5018] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5018, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=23 /* 0.23 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556521620 /* 4 entries */, 32768) = 112
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./1/binderfs") = 0
[ 65.542344][ T5018] R13: 00007ffe189fa390 R14: 00007ffe189fa370 R15: 0000000000000001
[ 65.550361][ T5018]
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556529660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556529660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./1/file0") = 0
getdents64(3, 0x555556521620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./1") = 0
mkdir("./2", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555565205d0) = 5038
./strace-static-x86_64: Process 5038 attached
[pid 5038] chdir("./2") = 0
[pid 5038] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5038] setpgid(0, 0) = 0
[pid 5038] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5038] write(3, "1000", 4) = 4
[pid 5038] close(3) = 0
[pid 5038] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5038] memfd_create("syzkaller", 0) = 3
[pid 5038] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f8976c000
[pid 5038] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5038] munmap(0x7f0f8976c000, 16777216) = 0
[pid 5038] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5038] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5038] close(3) = 0
[pid 5038] mkdir("./file0", 0777) = 0
[ 65.938784][ T5038] loop0: detected capacity change from 0 to 32768
[ 65.950683][ T5038] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor158 (5038)
[ 65.967442][ T5038] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 65.976262][ T5038] BTRFS info (device loop0): using free space tree
[pid 5038] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0
[pid 5038] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5038] chdir("./file0") = 0
[pid 5038] ioctl(4, LOOP_CLR_FD) = 0
[pid 5038] close(4) = 0
[pid 5038] openat(AT_FDCWD, ".pending_reads", O_RDWR|O_CREAT|O_DSYNC, 000) = 4
[pid 5038] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[ 65.995176][ T5038] BTRFS info (device loop0): enabling ssd optimizations
[ 66.002222][ T5038] BTRFS info (device loop0): auto enabling async discard
[pid 5038] ioctl(5, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 5038] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 5038] write(6, "15", 2) = 2
[ 66.052047][ T5038] FAULT_INJECTION: forcing a failure.
[ 66.052047][ T5038] name failslab, interval 1, probability 0, space 0, times 0
[ 66.064995][ T5038] CPU: 1 PID: 5038 Comm: syz-executor158 Not tainted 6.4.0-rc1-syzkaller-00177-gbb7c241fae62 #0
[ 66.075455][ T5038] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
[ 66.085551][ T5038] Call Trace:
[ 66.088867][ T5038]
[ 66.091838][ T5038] dump_stack_lvl+0x1e7/0x2d0
[ 66.096572][ T5038] ? nf_tcp_handle_invalid+0x650/0x650
[ 66.099334][ T66] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 66.102071][ T5038] ? panic+0x770/0x770
[ 66.115407][ T5038] should_fail_ex+0x3aa/0x4e0
[ 66.120139][ T5038] should_failslab+0x9/0x20
[ 66.124697][ T5038] slab_pre_alloc_hook+0x59/0x2b0
[ 66.129816][ T5038] ? ulist_add_merge+0x14c/0x470
[ 66.134806][ T5038] __kmem_cache_alloc_node+0x4b/0x290
[ 66.140240][ T5038] ? ulist_add_merge+0x14c/0x470
[ 66.145266][ T5038] kmalloc_trace+0x2a/0xe0
[ 66.149755][ T5038] ulist_add_merge+0x14c/0x470
[ 66.154583][ T5038] __set_extent_bit+0x6d6/0x1ac0
[ 66.159593][ T5038] set_record_extent_bits+0x56/0x90
[ 66.164849][ T5038] qgroup_reserve_data+0x26e/0x8f0
[ 66.170028][ T5038] btrfs_qgroup_reserve_data+0x2e/0xc0
[ 66.175632][ T5038] btrfs_fallocate+0x11a9/0x1fa0
[ 66.180641][ T5038] ? btrfs_file_open+0xf0/0xf0
[ 66.185457][ T5038] ? read_lock_is_recursive+0x20/0x20
[ 66.190893][ T5038] ? rcu_read_lock_any_held+0xb7/0x160
[ 66.196404][ T5038] ? rcu_read_lock_bh_held+0x120/0x120
[ 66.201924][ T5038] ? __lock_acquire+0x2000/0x2000
[ 66.207013][ T5038] vfs_fallocate+0x54b/0x6b0
[ 66.211666][ T5038] do_vfs_ioctl+0x22aa/0x2b10
[ 66.216407][ T5038] ? __x64_compat_sys_ioctl+0x90/0x90
[ 66.221837][ T5038] ? __lock_acquire+0x2000/0x2000
[ 66.226921][ T5038] ? lockdep_hardirqs_on+0x98/0x140
[ 66.232184][ T5038] ? __kmem_cache_free+0x264/0x3c0
[ 66.237349][ T5038] ? tomoyo_path_number_perm+0x6e4/0x840
[ 66.243042][ T5038] ? smack_log+0x123/0x540
[ 66.247506][ T5038] ? tomoyo_check_path_acl+0x1c0/0x1c0
[ 66.253046][ T5038] ? smk_access+0x4b0/0x4b0
[ 66.257619][ T5038] ? _raw_spin_lock_irqsave+0x120/0x120
[ 66.263205][ T5038] ? smk_access+0x477/0x4b0
[ 66.267734][ T5038] ? smk_tskacc+0x2ff/0x360
[ 66.272275][ T5038] ? smack_file_ioctl+0x295/0x390
[ 66.277327][ T5038] ? smack_file_alloc_security+0xe0/0xe0
[ 66.283000][ T5038] ? do_notify_parent+0xf50/0xf50
[ 66.288063][ T5038] ? print_irqtrace_events+0x220/0x220
[ 66.293545][ T5038] ? bpf_lsm_file_ioctl+0x9/0x10
[ 66.298526][ T5038] ? security_file_ioctl+0x81/0xa0
[ 66.303673][ T5038] __se_sys_ioctl+0x81/0x160
[ 66.308280][ T5038] do_syscall_64+0x41/0xc0
[ 66.312732][ T5038] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 66.318637][ T5038] RIP: 0033:0x7f0f91bb9ab9
[ 66.323242][ T5038] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 66.342877][ T5038] RSP: 002b:00007ffe189fa328 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 66.351425][ T5038] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0f91bb9ab9
[ 66.359430][ T5038] RDX: 0000000020000080 RSI: 0000000040305828 RDI: 0000000000000004
[ 66.367473][ T5038] RBP: 00007ffe189fa350 R08: 0000000000000002 R09: 00007ffe189fa360
[ 66.375469][ T5038] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[ 66.383475][ T5038] R13: 00007ffe189fa390 R14: 00007ffe189fa370 R15: 0000000000000002
[ 66.391492][ T5038]
[ 66.395199][ T5038] ------------[ cut here ]------------
[ 66.400734][ T5038] kernel BUG at fs/btrfs/extent-io-tree.c:379!
[ 66.406970][ T5038] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[ 66.413063][ T5038] CPU: 1 PID: 5038 Comm: syz-executor158 Not tainted 6.4.0-rc1-syzkaller-00177-gbb7c241fae62 #0
[ 66.423478][ T5038] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
[ 66.433624][ T5038] RIP: 0010:__set_extent_bit+0x18ab/0x1ac0
[ 66.439446][ T5038] Code: 34 fe e9 8a fc ff ff 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c b7 fd ff ff 4c 89 ff e8 7f 96 34 fe e9 aa fd ff ff e8 b5 c8 dc fd <0f> 0b e8 ae c8 dc fd 48 8b 44 24 10 48 83 c0 08 48 89 c3 48 c1 e8
[ 66.459054][ T5038] RSP: 0018:ffffc90003bbf5d8 EFLAGS: 00010293
[ 66.465130][ T5038] RAX: ffffffff83ae9e8b RBX: 00000000fffffff4 RCX: ffff8880223f1dc0
[ 66.473111][ T5038] RDX: 0000000000000000 RSI: 00000000fffffff4 RDI: 0000000000000000
[ 66.481091][ T5038] RBP: 1ffff11003e8c15f R08: ffffffff83ae8cc1 R09: fffffbfff1a03943
[ 66.489068][ T5038] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff88801f460afc
[ 66.497047][ T5038] R13: ffff88801f460a80 R14: 0000000000000000 R15: 0000000000000fff
[ 66.505021][ T5038] FS: 0000555556520300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[ 66.513959][ T5038] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 66.520548][ T5038] CR2: 00007f0f91c31140 CR3: 000000007c2f6000 CR4: 00000000003506e0
[ 66.528530][ T5038] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 66.536503][ T5038] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 66.544483][ T5038] Call Trace:
[ 66.547769][ T5038]
[ 66.550710][ T5038] set_record_extent_bits+0x56/0x90
[ 66.555922][ T5038] qgroup_reserve_data+0x26e/0x8f0
[ 66.561053][ T5038] btrfs_qgroup_reserve_data+0x2e/0xc0
[ 66.566532][ T5038] btrfs_fallocate+0x11a9/0x1fa0
[ 66.571487][ T5038] ? btrfs_file_open+0xf0/0xf0
[ 66.576260][ T5038] ? read_lock_is_recursive+0x20/0x20
[ 66.581736][ T5038] ? rcu_read_lock_any_held+0xb7/0x160
[ 66.587204][ T5038] ? rcu_read_lock_bh_held+0x120/0x120
[ 66.592674][ T5038] ? __lock_acquire+0x2000/0x2000
[ 66.597733][ T5038] vfs_fallocate+0x54b/0x6b0
[ 66.602358][ T5038] do_vfs_ioctl+0x22aa/0x2b10
[ 66.607073][ T5038] ? __x64_compat_sys_ioctl+0x90/0x90
[ 66.612473][ T5038] ? __lock_acquire+0x2000/0x2000
[ 66.617534][ T5038] ? lockdep_hardirqs_on+0x98/0x140
[ 66.622750][ T5038] ? __kmem_cache_free+0x264/0x3c0
[ 66.627898][ T5038] ? tomoyo_path_number_perm+0x6e4/0x840
[ 66.633632][ T5038] ? smack_log+0x123/0x540
[ 66.638060][ T5038] ? tomoyo_check_path_acl+0x1c0/0x1c0
[ 66.643537][ T5038] ? smk_access+0x4b0/0x4b0
[ 66.648057][ T5038] ? _raw_spin_lock_irqsave+0x120/0x120
[ 66.653611][ T5038] ? smk_access+0x477/0x4b0
[ 66.658142][ T5038] ? smk_tskacc+0x2ff/0x360
[ 66.662771][ T5038] ? smack_file_ioctl+0x295/0x390
[ 66.667811][ T5038] ? smack_file_alloc_security+0xe0/0xe0
[ 66.673635][ T5038] ? do_notify_parent+0xf50/0xf50
[ 66.678699][ T5038] ? print_irqtrace_events+0x220/0x220
[ 66.684194][ T5038] ? bpf_lsm_file_ioctl+0x9/0x10
[ 66.689146][ T5038] ? security_file_ioctl+0x81/0xa0
[ 66.694291][ T5038] __se_sys_ioctl+0x81/0x160
[ 66.698919][ T5038] do_syscall_64+0x41/0xc0
[ 66.703369][ T5038] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 66.709275][ T5038] RIP: 0033:0x7f0f91bb9ab9
[ 66.713698][ T5038] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 66.733310][ T5038] RSP: 002b:00007ffe189fa328 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 66.741740][ T5038] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0f91bb9ab9
[ 66.749719][ T5038] RDX: 0000000020000080 RSI: 0000000040305828 RDI: 0000000000000004
[ 66.757698][ T5038] RBP: 00007ffe189fa350 R08: 0000000000000002 R09: 00007ffe189fa360
[ 66.765675][ T5038] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[ 66.773653][ T5038] R13: 00007ffe189fa390 R14: 00007ffe189fa370 R15: 0000000000000002
[ 66.781654][ T5038]
[ 66.784683][ T5038] Modules linked in:
[ 66.788692][ T5038] ---[ end trace 0000000000000000 ]---
[ 66.794178][ T5038] RIP: 0010:__set_extent_bit+0x18ab/0x1ac0
[ 66.800105][ T5038] Code: 34 fe e9 8a fc ff ff 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c b7 fd ff ff 4c 89 ff e8 7f 96 34 fe e9 aa fd ff ff e8 b5 c8 dc fd <0f> 0b e8 ae c8 dc fd 48 8b 44 24 10 48 83 c0 08 48 89 c3 48 c1 e8
[ 66.819791][ T5038] RSP: 0018:ffffc90003bbf5d8 EFLAGS: 00010293
[ 66.825921][ T5038] RAX: ffffffff83ae9e8b RBX: 00000000fffffff4 RCX: ffff8880223f1dc0
[ 66.833925][ T5038] RDX: 0000000000000000 RSI: 00000000fffffff4 RDI: 0000000000000000
[ 66.841963][ T5038] RBP: 1ffff11003e8c15f R08: ffffffff83ae8cc1 R09: fffffbfff1a03943
[ 66.850075][ T5038] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff88801f460afc
[ 66.858093][ T5038] R13: ffff88801f460a80 R14: 0000000000000000 R15: 0000000000000fff
[ 66.866123][ T5038] FS: 0000555556520300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[ 66.875145][ T5038] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 66.881764][ T5038] CR2: 00007f0f91c31140 CR3: 000000007c2f6000 CR4: 00000000003506e0
[ 66.889831][ T5038] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 66.897865][ T5038] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 66.905920][ T5038] Kernel panic - not syncing: Fatal exception
[ 66.912217][ T5038] Kernel Offset: disabled
[ 66.916551][ T5038] Rebooting in 86400 seconds..