./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4223744436
<...>
Warning: Permanently added '10.128.0.23' (ECDSA) to the list of known hosts.
execve("./syz-executor4223744436", ["./syz-executor4223744436"], 0x7ffe5e3af310 /* 10 vars */) = 0
brk(NULL) = 0x555556430000
brk(0x555556430c40) = 0x555556430c40
arch_prctl(ARCH_SET_FS, 0x555556430300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor4223744436", 4096) = 28
brk(0x555556451c40) = 0x555556451c40
brk(0x555556452000) = 0x555556452000
mprotect(0x7f42e5783000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
getpid() = 5001
mkdir("./syzkaller.cvtr1n", 0700) = 0
chmod("./syzkaller.cvtr1n", 0777) = 0
chdir("./syzkaller.cvtr1n") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564305d0) = 5003
./strace-static-x86_64: Process 5003 attached
[pid 5003] chdir("./0") = 0
[pid 5003] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5003] setpgid(0, 0) = 0
[pid 5003] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5003] write(3, "1000", 4) = 4
[pid 5003] close(3) = 0
[pid 5003] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5003] memfd_create("syzkaller", 0) = 3
[pid 5003] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f42dd2c2000
[ 57.057443][ T5003] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5003 'syz-executor422'
[pid 5003] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5003] munmap(0x7f42dd2c2000, 16777216) = 0
[pid 5003] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5003] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5003] close(3) = 0
[pid 5003] mkdir("./file0", 0777) = 0
[ 57.244651][ T5003] loop0: detected capacity change from 0 to 32768
[ 57.257529][ T5003] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz-executor422 (5003)
[ 57.277265][ T5003] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 57.286216][ T5003] BTRFS info (device loop0): setting nodatacow, compression disabled
[pid 5003] mount("/dev/loop0", "./file0", "btrfs", MS_NODEV, "enospc_debug,nodatacow,subvolid=0x0000000000000005,nodatacow,") = 0
[pid 5003] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5003] chdir("./file0") = 0
[pid 5003] ioctl(4, LOOP_CLR_FD) = 0
[pid 5003] close(4) = 0
[pid 5003] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 57.294453][ T5003] BTRFS info (device loop0): using free space tree
[ 57.317212][ T5003] BTRFS info (device loop0): enabling ssd optimizations
[ 57.324551][ T5003] BTRFS info (device loop0): auto enabling async discard
[pid 5003] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 5003] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[pid 5003] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 5003] write(6, "10", 2) = 2
[ 57.411748][ T3502] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 57.423024][ T5003] FAULT_INJECTION: forcing a failure.
[ 57.423024][ T5003] name failslab, interval 1, probability 0, space 0, times 1
[ 57.436442][ T5003] CPU: 1 PID: 5003 Comm: syz-executor422 Not tainted 6.4.0-rc1-next-20230512-syzkaller #0
[ 57.447235][ T5003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
[ 57.457323][ T5003] Call Trace:
[ 57.460623][ T5003]
[ 57.463577][ T5003] dump_stack_lvl+0x136/0x150
[ 57.468323][ T5003] should_fail_ex+0x4a3/0x5b0
[ 57.473049][ T5003] should_failslab+0x9/0x20
[ 57.477584][ T5003] kmem_cache_alloc+0x63/0x3b0
[ 57.482393][ T5003] ? lock_acquire+0x32/0xc0
[ 57.486941][ T5003] alloc_extent_map+0x1e/0x150
[ 57.491746][ T5003] btrfs_get_extent+0x20e/0x19c0
[ 57.496738][ T5003] ? _raw_spin_unlock_irq+0x23/0x50
[ 57.501988][ T5003] ? btrfs_wait_ordered_range+0xf0/0x5b0
[ 57.507685][ T5003] ? btrfs_rename2+0x130/0x130
[ 57.512597][ T5003] ? btrfs_run_ordered_extent_work+0x30/0x30
[ 57.518642][ T5003] ? find_held_lock+0x2d/0x110
[ 57.523493][ T5003] btrfs_fallocate+0x10e8/0x27f0
[ 57.528489][ T5003] ? btrfs_replace_file_extents+0x1aa0/0x1aa0
[ 57.534582][ T5003] ? debug_check_no_obj_freed+0x210/0x420
[ 57.540307][ T5003] ? lock_downgrade+0x690/0x690
[ 57.545211][ T5003] ? aa_path_link+0x2f0/0x2f0
[ 57.549897][ T5003] ? lock_sync+0x190/0x190
[ 57.554316][ T5003] ? rcu_is_watching+0x12/0xb0
[ 57.559089][ T5003] ? trace_lock_acquire+0x12d/0x180
[ 57.564315][ T5003] ? btrfs_replace_file_extents+0x1aa0/0x1aa0
[ 57.570393][ T5003] vfs_fallocate+0x48b/0xe40
[ 57.575020][ T5003] ioctl_preallocate+0x18e/0x200
[ 57.579957][ T5003] ? fiemap_prep+0x220/0x220
[ 57.584569][ T5003] do_vfs_ioctl+0x129a/0x1670
[ 57.589263][ T5003] ? vfs_fileattr_set+0xc40/0xc40
[ 57.594303][ T5003] ? find_held_lock+0x2d/0x110
[ 57.599094][ T5003] ? name_to_dev_t+0x1d3/0x9e0
[ 57.603863][ T5003] ? lock_downgrade+0x690/0x690
[ 57.608741][ T5003] ? bpf_lsm_file_ioctl+0x9/0x10
[ 57.613698][ T5003] __x64_sys_ioctl+0x10c/0x210
[ 57.618482][ T5003] do_syscall_64+0x39/0xb0
[ 57.622903][ T5003] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 57.628808][ T5003] RIP: 0033:0x7f42e570fb49
[ 57.633222][ T5003] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 57.652854][ T5003] RSP: 002b:00007ffc0165a458 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[pid 5003] ioctl(5, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOMEM (Cannot allocate memory)
[pid 5003] exit_group(0) = ?
[pid 5003] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5003, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=25 /* 0.25 s */} ---
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556431620 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./0/binderfs") = 0
[ 57.661286][ T5003] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f42e570fb49
[ 57.669297][ T5003] RDX: 0000000020000000 RSI: 0000000040305839 RDI: 0000000000000005
[ 57.677282][ T5003] RBP: 00007ffc0165a480 R08: 0000000000000002 R09: 00007ffc0165a490
[ 57.685261][ T5003] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[ 57.693249][ T5003] R13: 00007ffc0165a4c0 R14: 00007ffc0165a4a0 R15: 0000000000000000
[ 57.701241][ T5003]
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556439660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556439660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./0/file0") = 0
getdents64(3, 0x555556431620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./0") = 0
mkdir("./1", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564305d0) = 5029
./strace-static-x86_64: Process 5029 attached
[pid 5029] chdir("./1") = 0
[pid 5029] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5029] setpgid(0, 0) = 0
[pid 5029] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5029] write(3, "1000", 4) = 4
[pid 5029] close(3) = 0
[pid 5029] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5029] memfd_create("syzkaller", 0) = 3
[pid 5029] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f42dd2c2000
[pid 5029] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5029] munmap(0x7f42dd2c2000, 16777216) = 0
[pid 5029] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5029] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5029] close(3) = 0
[pid 5029] mkdir("./file0", 0777) = 0
[ 58.065528][ T5029] loop0: detected capacity change from 0 to 32768
[ 58.075339][ T5029] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz-executor422 (5029)
[ 58.090530][ T5029] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 58.099315][ T5029] BTRFS info (device loop0): setting nodatacow, compression disabled
[ 58.107423][ T5029] BTRFS info (device loop0): using free space tree
[pid 5029] mount("/dev/loop0", "./file0", "btrfs", MS_NODEV, "enospc_debug,nodatacow,subvolid=0x0000000000000005,nodatacow,") = 0
[pid 5029] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5029] chdir("./file0") = 0
[pid 5029] ioctl(4, LOOP_CLR_FD) = 0
[pid 5029] close(4) = 0
[pid 5029] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 5029] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 5029] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[pid 5029] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 5029] write(6, "10", 2) = 2
[ 58.124713][ T5029] BTRFS info (device loop0): enabling ssd optimizations
[ 58.131859][ T5029] BTRFS info (device loop0): auto enabling async discard
[ 58.178061][ T5029] FAULT_INJECTION: forcing a failure.
[ 58.178061][ T5029] name failslab, interval 1, probability 0, space 0, times 0
[ 58.192875][ T5029] CPU: 0 PID: 5029 Comm: syz-executor422 Not tainted 6.4.0-rc1-next-20230512-syzkaller #0
[ 58.202822][ T5029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
[ 58.212911][ T5029] Call Trace:
[ 58.216222][ T5029]
[ 58.219193][ T5029] dump_stack_lvl+0x136/0x150
[ 58.223926][ T5029] should_fail_ex+0x4a3/0x5b0
[ 58.228648][ T5029] should_failslab+0x9/0x20
[ 58.233190][ T5029] kmem_cache_alloc+0x63/0x3b0
[ 58.238000][ T5029] btrfs_get_extent+0x2c8/0x19c0
[ 58.242981][ T5029] ? _raw_spin_unlock_irq+0x23/0x50
[ 58.248220][ T5029] ? btrfs_wait_ordered_range+0xf0/0x5b0
[ 58.252257][ T3502] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 58.253873][ T5029] ? btrfs_rename2+0x130/0x130
[ 58.267753][ T5029] ? btrfs_run_ordered_extent_work+0x30/0x30
[ 58.273773][ T5029] ? find_held_lock+0x2d/0x110
[ 58.278581][ T5029] btrfs_fallocate+0x10e8/0x27f0
[ 58.283559][ T5029] ? btrfs_replace_file_extents+0x1aa0/0x1aa0
[ 58.289648][ T5029] ? debug_check_no_obj_freed+0x210/0x420
[ 58.295401][ T5029] ? lock_downgrade+0x690/0x690
[ 58.300289][ T5029] ? aa_path_link+0x2f0/0x2f0
[ 58.305020][ T5029] ? lock_sync+0x190/0x190
[ 58.309473][ T5029] ? rcu_is_watching+0x12/0xb0
[ 58.314263][ T5029] ? trace_lock_acquire+0x12d/0x180
[ 58.319508][ T5029] ? btrfs_replace_file_extents+0x1aa0/0x1aa0
[ 58.325615][ T5029] vfs_fallocate+0x48b/0xe40
[ 58.330237][ T5029] ioctl_preallocate+0x18e/0x200
[ 58.335176][ T5029] ? fiemap_prep+0x220/0x220
[ 58.339795][ T5029] do_vfs_ioctl+0x129a/0x1670
[ 58.344471][ T5029] ? vfs_fileattr_set+0xc40/0xc40
[ 58.349514][ T5029] ? find_held_lock+0x2d/0x110
[ 58.354301][ T5029] ? name_to_dev_t+0x1d3/0x9e0
[ 58.359067][ T5029] ? lock_downgrade+0x690/0x690
[ 58.363947][ T5029] ? bpf_lsm_file_ioctl+0x9/0x10
[ 58.368896][ T5029] __x64_sys_ioctl+0x10c/0x210
[ 58.373677][ T5029] do_syscall_64+0x39/0xb0
[ 58.378093][ T5029] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 58.383984][ T5029] RIP: 0033:0x7f42e570fb49
[ 58.388388][ T5029] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 58.408003][ T5029] RSP: 002b:00007ffc0165a458 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 58.416424][ T5029] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f42e570fb49
[pid 5029] ioctl(5, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOMEM (Cannot allocate memory)
[pid 5029] exit_group(0) = ?
[pid 5029] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5029, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=21 /* 0.21 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556431620 /* 4 entries */, 32768) = 112
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./1/binderfs") = 0
[ 58.424399][ T5029] RDX: 0000000020000000 RSI: 0000000040305839 RDI: 0000000000000005
[ 58.432383][ T5029] RBP: 00007ffc0165a480 R08: 0000000000000002 R09: 00007ffc0165a490
[ 58.440364][ T5029] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[ 58.448327][ T5029] R13: 00007ffc0165a4c0 R14: 00007ffc0165a4a0 R15: 0000000000000001
[ 58.456302][ T5029]
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556439660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556439660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./1/file0") = 0
getdents64(3, 0x555556431620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./1") = 0
mkdir("./2", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564305d0) = 5046
./strace-static-x86_64: Process 5046 attached
[pid 5046] chdir("./2") = 0
[pid 5046] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5046] setpgid(0, 0) = 0
[pid 5046] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5046] write(3, "1000", 4) = 4
[pid 5046] close(3) = 0
[pid 5046] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5046] memfd_create("syzkaller", 0) = 3
[pid 5046] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f42dd2c2000
[pid 5046] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5046] munmap(0x7f42dd2c2000, 16777216) = 0
[pid 5046] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5046] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5046] close(3) = 0
[pid 5046] mkdir("./file0", 0777) = 0
[ 58.789924][ T5046] loop0: detected capacity change from 0 to 32768
[ 58.801379][ T5046] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz-executor422 (5046)
[ 58.817874][ T5046] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 58.826680][ T5046] BTRFS info (device loop0): setting nodatacow, compression disabled
[pid 5046] mount("/dev/loop0", "./file0", "btrfs", MS_NODEV, "enospc_debug,nodatacow,subvolid=0x0000000000000005,nodatacow,") = 0
[pid 5046] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5046] chdir("./file0") = 0
[pid 5046] ioctl(4, LOOP_CLR_FD) = 0
[pid 5046] close(4) = 0
[pid 5046] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 5046] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[ 58.834833][ T5046] BTRFS info (device loop0): using free space tree
[ 58.852917][ T5046] BTRFS info (device loop0): enabling ssd optimizations
[ 58.860025][ T5046] BTRFS info (device loop0): auto enabling async discard
[pid 5046] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[pid 5046] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 5046] write(6, "10", 2) = 2
[ 58.915469][ T75] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 58.927890][ T5046] FAULT_INJECTION: forcing a failure.
[ 58.927890][ T5046] name failslab, interval 1, probability 0, space 0, times 0
[ 58.941081][ T5046] CPU: 1 PID: 5046 Comm: syz-executor422 Not tainted 6.4.0-rc1-next-20230512-syzkaller #0
[ 58.951015][ T5046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
[ 58.961092][ T5046] Call Trace:
[ 58.964400][ T5046]
[ 58.967351][ T5046] dump_stack_lvl+0x136/0x150
[ 58.972072][ T5046] should_fail_ex+0x4a3/0x5b0
[ 58.976794][ T5046] should_failslab+0x9/0x20
[ 58.981327][ T5046] __kmem_cache_alloc_node+0x5b/0x320
[ 58.986725][ T5046] ? qgroup_reserve_data+0x7e7/0xa80
[ 58.992051][ T5046] kmalloc_trace+0x26/0xe0
[ 58.996494][ T5046] qgroup_reserve_data+0x7e7/0xa80
[ 59.001659][ T5046] btrfs_qgroup_reserve_data+0x2f/0xd0
[ 59.007157][ T5046] btrfs_fallocate+0x1441/0x27f0
[ 59.012134][ T5046] ? btrfs_replace_file_extents+0x1aa0/0x1aa0
[ 59.018217][ T5046] ? debug_check_no_obj_freed+0x210/0x420
[ 59.023934][ T5046] ? lock_downgrade+0x690/0x690
[ 59.028782][ T5046] ? aa_path_link+0x2f0/0x2f0
[ 59.033461][ T5046] ? lock_sync+0x190/0x190
[ 59.037873][ T5046] ? rcu_is_watching+0x12/0xb0
[ 59.042713][ T5046] ? trace_lock_acquire+0x12d/0x180
[ 59.047916][ T5046] ? btrfs_replace_file_extents+0x1aa0/0x1aa0
[ 59.054001][ T5046] vfs_fallocate+0x48b/0xe40
[ 59.058593][ T5046] ioctl_preallocate+0x18e/0x200
[ 59.063530][ T5046] ? fiemap_prep+0x220/0x220
[ 59.068118][ T5046] do_vfs_ioctl+0x129a/0x1670
[ 59.072785][ T5046] ? vfs_fileattr_set+0xc40/0xc40
[ 59.077805][ T5046] ? find_held_lock+0x2d/0x110
[ 59.082565][ T5046] ? name_to_dev_t+0x1d3/0x9e0
[ 59.087326][ T5046] ? lock_downgrade+0x690/0x690
[ 59.092178][ T5046] ? bpf_lsm_file_ioctl+0x9/0x10
[ 59.097205][ T5046] __x64_sys_ioctl+0x10c/0x210
[ 59.101964][ T5046] do_syscall_64+0x39/0xb0
[ 59.106384][ T5046] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 59.112297][ T5046] RIP: 0033:0x7f42e570fb49
[ 59.116700][ T5046] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 59.136327][ T5046] RSP: 002b:00007ffc0165a458 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 59.144738][ T5046] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f42e570fb49
[ 59.152715][ T5046] RDX: 0000000020000000 RSI: 0000000040305839 RDI: 0000000000000005
[pid 5046] ioctl(5, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOMEM (Cannot allocate memory)
[pid 5046] exit_group(0) = ?
[pid 5046] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5046, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=24 /* 0.24 s */} ---
umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556431620 /* 4 entries */, 32768) = 112
umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./2/binderfs") = 0
[ 59.160678][ T5046] RBP: 00007ffc0165a480 R08: 0000000000000002 R09: 00007ffc0165a490
[ 59.168657][ T5046] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[ 59.176618][ T5046] R13: 00007ffc0165a4c0 R14: 00007ffc0165a4a0 R15: 0000000000000002
[ 59.184612][ T5046]
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556439660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556439660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./2/file0") = 0
getdents64(3, 0x555556431620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./2") = 0
mkdir("./3", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564305d0) = 5063
./strace-static-x86_64: Process 5063 attached
[pid 5063] chdir("./3") = 0
[pid 5063] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5063] setpgid(0, 0) = 0
[pid 5063] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5063] write(3, "1000", 4) = 4
[pid 5063] close(3) = 0
[pid 5063] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5063] memfd_create("syzkaller", 0) = 3
[pid 5063] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f42dd2c2000
[pid 5063] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5063] munmap(0x7f42dd2c2000, 16777216) = 0
[pid 5063] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5063] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5063] close(3) = 0
[pid 5063] mkdir("./file0", 0777) = 0
[ 59.486437][ T5063] loop0: detected capacity change from 0 to 32768
[ 59.497155][ T5063] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz-executor422 (5063)
[ 59.514351][ T5063] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 59.523181][ T5063] BTRFS info (device loop0): setting nodatacow, compression disabled
[pid 5063] mount("/dev/loop0", "./file0", "btrfs", MS_NODEV, "enospc_debug,nodatacow,subvolid=0x0000000000000005,nodatacow,") = 0
[pid 5063] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5063] chdir("./file0") = 0
[pid 5063] ioctl(4, LOOP_CLR_FD) = 0
[pid 5063] close(4) = 0
[pid 5063] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 5063] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 5063] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[pid 5063] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 5063] write(6, "10", 2) = 2
[pid 5063] ioctl(5, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = 0
[pid 5063] exit_group(0) = ?
[ 59.531390][ T5063] BTRFS info (device loop0): using free space tree
[ 59.549813][ T5063] BTRFS info (device loop0): enabling ssd optimizations
[ 59.556838][ T5063] BTRFS info (device loop0): auto enabling async discard
[pid 5063] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5063, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=21 /* 0.21 s */} ---
umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556431620 /* 4 entries */, 32768) = 112
umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./3/binderfs") = 0
[ 59.611661][ T3502] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556439660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556439660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./3/file0") = 0
getdents64(3, 0x555556431620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./3") = 0
mkdir("./4", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564305d0) = 5088
./strace-static-x86_64: Process 5088 attached
[pid 5088] chdir("./4") = 0
[pid 5088] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5088] setpgid(0, 0) = 0
[pid 5088] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5088] write(3, "1000", 4) = 4
[pid 5088] close(3) = 0
[pid 5088] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5088] memfd_create("syzkaller", 0) = 3
[pid 5088] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f42dd2c2000
[pid 5088] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5088] munmap(0x7f42dd2c2000, 16777216) = 0
[pid 5088] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5088] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5088] close(3) = 0
[pid 5088] mkdir("./file0", 0777) = 0
[ 59.961898][ T5088] loop0: detected capacity change from 0 to 32768
[ 59.972086][ T5088] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz-executor422 (5088)
[ 59.988599][ T5088] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 59.997410][ T5088] BTRFS info (device loop0): setting nodatacow, compression disabled
[ 60.005538][ T5088] BTRFS info (device loop0): using free space tree
[pid 5088] mount("/dev/loop0", "./file0", "btrfs", MS_NODEV, "enospc_debug,nodatacow,subvolid=0x0000000000000005,nodatacow,") = 0
[pid 5088] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5088] chdir("./file0") = 0
[pid 5088] ioctl(4, LOOP_CLR_FD) = 0
[pid 5088] close(4) = 0
[pid 5088] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 60.023095][ T5088] BTRFS info (device loop0): enabling ssd optimizations
[ 60.030164][ T5088] BTRFS info (device loop0): auto enabling async discard
[pid 5088] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 5088] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[pid 5088] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 5088] write(6, "10", 2) = 2
[ 60.094254][ T5088] FAULT_INJECTION: forcing a failure.
[ 60.094254][ T5088] name failslab, interval 1, probability 0, space 0, times 0
[ 60.112730][ T3502] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 60.122133][ T5088] CPU: 0 PID: 5088 Comm: syz-executor422 Not tainted 6.4.0-rc1-next-20230512-syzkaller #0
[ 60.132146][ T5088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
[ 60.142226][ T5088] Call Trace:
[ 60.145520][ T5088]
[ 60.148473][ T5088] dump_stack_lvl+0x136/0x150
[ 60.153198][ T5088] should_fail_ex+0x4a3/0x5b0
[ 60.158005][ T5088] should_failslab+0x9/0x20
[ 60.162538][ T5088] kmem_cache_alloc+0x63/0x3b0
[ 60.167352][ T5088] alloc_extent_state+0x23/0x2e0
[ 60.172323][ T5088] __set_extent_bit+0x5ab/0x15f0
[ 60.177310][ T5088] set_record_extent_bits+0x5c/0x90
[ 60.182550][ T5088] qgroup_reserve_data+0x233/0xa80
[ 60.187710][ T5088] btrfs_qgroup_reserve_data+0x2f/0xd0
[ 60.193219][ T5088] btrfs_fallocate+0x1441/0x27f0
[ 60.198210][ T5088] ? btrfs_replace_file_extents+0x1aa0/0x1aa0
[ 60.204293][ T5088] ? debug_check_no_obj_freed+0x210/0x420
[ 60.210030][ T5088] ? lock_downgrade+0x690/0x690
[ 60.214889][ T5088] ? aa_path_link+0x2f0/0x2f0
[ 60.219576][ T5088] ? lock_sync+0x190/0x190
[ 60.223995][ T5088] ? rcu_is_watching+0x12/0xb0
[ 60.228752][ T5088] ? trace_lock_acquire+0x12d/0x180
[ 60.233963][ T5088] ? btrfs_replace_file_extents+0x1aa0/0x1aa0
[ 60.240028][ T5088] vfs_fallocate+0x48b/0xe40
[ 60.244637][ T5088] ioctl_preallocate+0x18e/0x200
[ 60.249606][ T5088] ? fiemap_prep+0x220/0x220
[ 60.254190][ T5088] ? __schedule+0x1d1d/0x5790
[ 60.258880][ T5088] do_vfs_ioctl+0x129a/0x1670
[ 60.263624][ T5088] ? vfs_fileattr_set+0xc40/0xc40
[ 60.268658][ T5088] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 60.274837][ T5088] ? preempt_schedule_thunk+0x1a/0x20
[ 60.280240][ T5088] ? preempt_schedule_common+0x45/0xb0
[ 60.285717][ T5088] ? preempt_schedule_thunk+0x1a/0x20
[ 60.291094][ T5088] ? bpf_lsm_file_ioctl+0x9/0x10
[ 60.296051][ T5088] __x64_sys_ioctl+0x10c/0x210
[ 60.300840][ T5088] do_syscall_64+0x39/0xb0
[ 60.305261][ T5088] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 60.311167][ T5088] RIP: 0033:0x7f42e570fb49
[ 60.315597][ T5088] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 60.335219][ T5088] RSP: 002b:00007ffc0165a458 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[pid 5088] ioctl(5, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = 0
[pid 5088] exit_group(0) = ?
[pid 5088] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5088, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=24 /* 0.24 s */} ---
umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556431620 /* 4 entries */, 32768) = 112
umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./4/binderfs") = 0
[ 60.343633][ T5088] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f42e570fb49
[ 60.351603][ T5088] RDX: 0000000020000000 RSI: 0000000040305839 RDI: 0000000000000005
[ 60.359590][ T5088] RBP: 00007ffc0165a480 R08: 0000000000000002 R09: 00007ffc0165a490
[ 60.367550][ T5088] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[ 60.375520][ T5088] R13: 00007ffc0165a4c0 R14: 00007ffc0165a4a0 R15: 0000000000000004
[ 60.383529][ T5088]
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556439660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556439660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./4/file0") = 0
getdents64(3, 0x555556431620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./4") = 0
mkdir("./5", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564305d0) = 5105
./strace-static-x86_64: Process 5105 attached
[pid 5105] chdir("./5") = 0
[pid 5105] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5105] setpgid(0, 0) = 0
[pid 5105] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5105] write(3, "1000", 4) = 4
[pid 5105] close(3) = 0
[pid 5105] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5105] memfd_create("syzkaller", 0) = 3
[pid 5105] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f42dd2c2000
[pid 5105] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5105] munmap(0x7f42dd2c2000, 16777216) = 0
[pid 5105] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5105] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5105] close(3) = 0
[pid 5105] mkdir("./file0", 0777) = 0
[ 60.683541][ T5105] loop0: detected capacity change from 0 to 32768
[ 60.694412][ T5105] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz-executor422 (5105)
[ 60.711204][ T5105] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 60.719912][ T5105] BTRFS info (device loop0): setting nodatacow, compression disabled
[pid 5105] mount("/dev/loop0", "./file0", "btrfs", MS_NODEV, "enospc_debug,nodatacow,subvolid=0x0000000000000005,nodatacow,") = 0
[pid 5105] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5105] chdir("./file0") = 0
[pid 5105] ioctl(4, LOOP_CLR_FD) = 0
[pid 5105] close(4) = 0
[pid 5105] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 60.727982][ T5105] BTRFS info (device loop0): using free space tree
[ 60.743317][ T5105] BTRFS info (device loop0): enabling ssd optimizations
[ 60.750412][ T5105] BTRFS info (device loop0): auto enabling async discard
[pid 5105] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 5105] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[pid 5105] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 5105] write(6, "10", 2) = 2
[ 60.811793][ T5105] FAULT_INJECTION: forcing a failure.
[ 60.811793][ T5105] name failslab, interval 1, probability 0, space 0, times 0
[ 60.825914][ T75] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 60.835557][ T5105] CPU: 0 PID: 5105 Comm: syz-executor422 Not tainted 6.4.0-rc1-next-20230512-syzkaller #0
[ 60.845749][ T5105] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
[ 60.855830][ T5105] Call Trace:
[ 60.859130][ T5105]
[ 60.862082][ T5105] dump_stack_lvl+0x136/0x150
[ 60.866797][ T5105] should_fail_ex+0x4a3/0x5b0
[ 60.871516][ T5105] should_failslab+0x9/0x20
[ 60.876052][ T5105] kmem_cache_alloc+0x63/0x3b0
[ 60.880863][ T5105] alloc_extent_state+0x23/0x2e0
[ 60.885870][ T5105] __set_extent_bit+0x5ab/0x15f0
[ 60.890868][ T5105] set_record_extent_bits+0x5c/0x90
[ 60.896270][ T5105] qgroup_reserve_data+0x233/0xa80
[ 60.901426][ T5105] btrfs_qgroup_reserve_data+0x2f/0xd0
[ 60.906938][ T5105] btrfs_fallocate+0x1441/0x27f0
[ 60.911931][ T5105] ? btrfs_replace_file_extents+0x1aa0/0x1aa0
[ 60.918034][ T5105] ? debug_check_no_obj_freed+0x210/0x420
[ 60.923791][ T5105] ? lock_downgrade+0x690/0x690
[ 60.928682][ T5105] ? aa_path_link+0x2f0/0x2f0
[ 60.933411][ T5105] ? lock_sync+0x190/0x190
[ 60.937863][ T5105] ? rcu_is_watching+0x12/0xb0
[ 60.942659][ T5105] ? trace_lock_acquire+0x12d/0x180
[ 60.947904][ T5105] ? btrfs_replace_file_extents+0x1aa0/0x1aa0
[ 60.954004][ T5105] vfs_fallocate+0x48b/0xe40
[ 60.958625][ T5105] ioctl_preallocate+0x18e/0x200
[ 60.963554][ T5105] ? fiemap_prep+0x220/0x220
[ 60.968147][ T5105] do_vfs_ioctl+0x129a/0x1670
[ 60.972826][ T5105] ? vfs_fileattr_set+0xc40/0xc40
[ 60.977871][ T5105] ? find_held_lock+0x2d/0x110
[ 60.982646][ T5105] ? name_to_dev_t+0x1d3/0x9e0
[ 60.987423][ T5105] ? lock_downgrade+0x690/0x690
[ 60.992293][ T5105] ? bpf_lsm_file_ioctl+0x9/0x10
[ 60.997247][ T5105] __x64_sys_ioctl+0x10c/0x210
[ 61.002018][ T5105] do_syscall_64+0x39/0xb0
[ 61.006467][ T5105] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 61.012369][ T5105] RIP: 0033:0x7f42e570fb49
[ 61.016788][ T5105] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 61.036397][ T5105] RSP: 002b:00007ffc0165a458 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 61.044813][ T5105] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f42e570fb49
[ 61.052786][ T5105] RDX: 0000000020000000 RSI: 0000000040305839 RDI: 0000000000000005
[pid 5105] ioctl(5, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = 0
[pid 5105] exit_group(0) = ?
[pid 5105] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5105, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=21 /* 0.21 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556431620 /* 4 entries */, 32768) = 112
umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./5/binderfs") = 0
[ 61.060756][ T5105] RBP: 00007ffc0165a480 R08: 0000000000000002 R09: 00007ffc0165a490
[ 61.068725][ T5105] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[ 61.076699][ T5105] R13: 00007ffc0165a4c0 R14: 00007ffc0165a4a0 R15: 0000000000000005
[ 61.084685][ T5105]
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556439660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556439660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./5/file0") = 0
getdents64(3, 0x555556431620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./5") = 0
mkdir("./6", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564305d0) = 5122
./strace-static-x86_64: Process 5122 attached
[pid 5122] chdir("./6") = 0
[pid 5122] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5122] setpgid(0, 0) = 0
[pid 5122] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5122] write(3, "1000", 4) = 4
[pid 5122] close(3) = 0
[pid 5122] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5122] memfd_create("syzkaller", 0) = 3
[pid 5122] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f42dd2c2000
[pid 5122] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5122] munmap(0x7f42dd2c2000, 16777216) = 0
[pid 5122] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5122] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5122] close(3) = 0
[pid 5122] mkdir("./file0", 0777) = 0
[ 61.418215][ T5122] loop0: detected capacity change from 0 to 32768
[ 61.428654][ T5122] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz-executor422 (5122)
[ 61.445815][ T5122] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 61.454758][ T5122] BTRFS info (device loop0): setting nodatacow, compression disabled
[pid 5122] mount("/dev/loop0", "./file0", "btrfs", MS_NODEV, "enospc_debug,nodatacow,subvolid=0x0000000000000005,nodatacow,") = 0
[pid 5122] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5122] chdir("./file0") = 0
[pid 5122] ioctl(4, LOOP_CLR_FD) = 0
[pid 5122] close(4) = 0
[pid 5122] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 5122] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 5122] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[pid 5122] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 5122] write(6, "10", 2) = 2
[ 61.463235][ T5122] BTRFS info (device loop0): using free space tree
[ 61.481679][ T5122] BTRFS info (device loop0): enabling ssd optimizations
[ 61.488742][ T5122] BTRFS info (device loop0): auto enabling async discard
[ 61.549716][ T5122] FAULT_INJECTION: forcing a failure.
[ 61.549716][ T5122] name failslab, interval 1, probability 0, space 0, times 0
[ 61.568750][ T3502] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 61.578550][ T5122] CPU: 0 PID: 5122 Comm: syz-executor422 Not tainted 6.4.0-rc1-next-20230512-syzkaller #0
[ 61.588485][ T5122] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
[ 61.598567][ T5122] Call Trace:
[ 61.601889][ T5122]
[ 61.604846][ T5122] dump_stack_lvl+0x136/0x150
[ 61.609571][ T5122] should_fail_ex+0x4a3/0x5b0
[ 61.614351][ T5122] should_failslab+0x9/0x20
[ 61.618904][ T5122] kmem_cache_alloc+0x63/0x3b0
[ 61.623718][ T5122] alloc_extent_state+0x23/0x2e0
[ 61.628701][ T5122] __set_extent_bit+0x5ab/0x15f0
[ 61.633694][ T5122] set_record_extent_bits+0x5c/0x90
[ 61.638941][ T5122] qgroup_reserve_data+0x233/0xa80
[ 61.644089][ T5122] btrfs_qgroup_reserve_data+0x2f/0xd0
[ 61.649568][ T5122] btrfs_fallocate+0x1441/0x27f0
[ 61.654514][ T5122] ? btrfs_replace_file_extents+0x1aa0/0x1aa0
[ 61.660593][ T5122] ? debug_check_no_obj_freed+0x210/0x420
[ 61.666493][ T5122] ? lock_downgrade+0x690/0x690
[ 61.671353][ T5122] ? aa_path_link+0x2f0/0x2f0
[ 61.676035][ T5122] ? lock_sync+0x190/0x190
[ 61.680493][ T5122] ? rcu_is_watching+0x12/0xb0
[ 61.685268][ T5122] ? trace_lock_acquire+0x12d/0x180
[ 61.690513][ T5122] ? btrfs_replace_file_extents+0x1aa0/0x1aa0
[ 61.696636][ T5122] vfs_fallocate+0x48b/0xe40
[ 61.701230][ T5122] ioctl_preallocate+0x18e/0x200
[ 61.706161][ T5122] ? fiemap_prep+0x220/0x220
[ 61.710748][ T5122] do_vfs_ioctl+0x129a/0x1670
[ 61.715441][ T5122] ? vfs_fileattr_set+0xc40/0xc40
[ 61.720463][ T5122] ? find_held_lock+0x2d/0x110
[ 61.725224][ T5122] ? name_to_dev_t+0x1d3/0x9e0
[ 61.729982][ T5122] ? lock_downgrade+0x690/0x690
[ 61.734833][ T5122] ? bpf_lsm_file_ioctl+0x9/0x10
[ 61.739786][ T5122] __x64_sys_ioctl+0x10c/0x210
[ 61.744546][ T5122] do_syscall_64+0x39/0xb0
[ 61.748963][ T5122] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 61.754851][ T5122] RIP: 0033:0x7f42e570fb49
[ 61.759343][ T5122] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 61.778974][ T5122] RSP: 002b:00007ffc0165a458 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 61.787415][ T5122] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f42e570fb49
[pid 5122] ioctl(5, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = 0
[pid 5122] exit_group(0) = ?
[pid 5122] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5122, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=20 /* 0.20 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556431620 /* 4 entries */, 32768) = 112
umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./6/binderfs") = 0
[ 61.795374][ T5122] RDX: 0000000020000000 RSI: 0000000040305839 RDI: 0000000000000005
[ 61.803334][ T5122] RBP: 00007ffc0165a480 R08: 0000000000000002 R09: 00007ffc0165a490
[ 61.811293][ T5122] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[ 61.819261][ T5122] R13: 00007ffc0165a4c0 R14: 00007ffc0165a4a0 R15: 0000000000000006
[ 61.827245][ T5122]
umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556439660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556439660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./6/file0") = 0
getdents64(3, 0x555556431620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./6") = 0
mkdir("./7", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564305d0) = 5139
./strace-static-x86_64: Process 5139 attached
[pid 5139] chdir("./7") = 0
[pid 5139] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5139] setpgid(0, 0) = 0
[pid 5139] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5139] write(3, "1000", 4) = 4
[pid 5139] close(3) = 0
[pid 5139] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5139] memfd_create("syzkaller", 0) = 3
[pid 5139] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f42dd2c2000
[pid 5139] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5139] munmap(0x7f42dd2c2000, 16777216) = 0
[pid 5139] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5139] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5139] close(3) = 0
[pid 5139] mkdir("./file0", 0777) = 0
[ 62.139770][ T5139] loop0: detected capacity change from 0 to 32768
[ 62.151599][ T5139] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz-executor422 (5139)
[ 62.168254][ T5139] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 62.177262][ T5139] BTRFS info (device loop0): setting nodatacow, compression disabled
[pid 5139] mount("/dev/loop0", "./file0", "btrfs", MS_NODEV, "enospc_debug,nodatacow,subvolid=0x0000000000000005,nodatacow,") = 0
[pid 5139] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5139] chdir("./file0") = 0
[pid 5139] ioctl(4, LOOP_CLR_FD) = 0
[pid 5139] close(4) = 0
[pid 5139] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 62.185765][ T5139] BTRFS info (device loop0): using free space tree
[ 62.202928][ T5139] BTRFS info (device loop0): enabling ssd optimizations
[ 62.210144][ T5139] BTRFS info (device loop0): auto enabling async discard
[pid 5139] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 5139] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[pid 5139] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 5139] write(6, "10", 2) = 2
[ 62.257366][ T5139] FAULT_INJECTION: forcing a failure.
[ 62.257366][ T5139] name failslab, interval 1, probability 0, space 0, times 0
[ 62.270683][ T5139] CPU: 1 PID: 5139 Comm: syz-executor422 Not tainted 6.4.0-rc1-next-20230512-syzkaller #0
[ 62.279973][ T46] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 62.280588][ T5139] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
[ 62.280604][ T5139] Call Trace:
[ 62.280611][ T5139]
[ 62.306029][ T5139] dump_stack_lvl+0x136/0x150
[ 62.310761][ T5139] should_fail_ex+0x4a3/0x5b0
[ 62.315488][ T5139] should_failslab+0x9/0x20
[ 62.320028][ T5139] kmem_cache_alloc+0x63/0x3b0
[ 62.324849][ T5139] alloc_extent_state+0x23/0x2e0
[ 62.329832][ T5139] __set_extent_bit+0x5ab/0x15f0
[ 62.334822][ T5139] set_record_extent_bits+0x5c/0x90
[ 62.340065][ T5139] qgroup_reserve_data+0x233/0xa80
[ 62.345233][ T5139] btrfs_qgroup_reserve_data+0x2f/0xd0
[ 62.350744][ T5139] btrfs_fallocate+0x1441/0x27f0
[ 62.355744][ T5139] ? btrfs_replace_file_extents+0x1aa0/0x1aa0
[ 62.361852][ T5139] ? debug_check_no_obj_freed+0x210/0x420
[ 62.367632][ T5139] ? lock_downgrade+0x690/0x690
[ 62.372541][ T5139] ? aa_path_link+0x2f0/0x2f0
[ 62.377280][ T5139] ? lock_sync+0x190/0x190
[ 62.381737][ T5139] ? rcu_is_watching+0x12/0xb0
[ 62.386534][ T5139] ? trace_lock_acquire+0x12d/0x180
[ 62.391780][ T5139] ? btrfs_replace_file_extents+0x1aa0/0x1aa0
[ 62.397886][ T5139] vfs_fallocate+0x48b/0xe40
[ 62.402520][ T5139] ioctl_preallocate+0x18e/0x200
[ 62.407479][ T5139] ? fiemap_prep+0x220/0x220
[ 62.412076][ T5139] do_vfs_ioctl+0x129a/0x1670
[ 62.416753][ T5139] ? vfs_fileattr_set+0xc40/0xc40
[ 62.421798][ T5139] ? find_held_lock+0x2d/0x110
[ 62.426558][ T5139] ? name_to_dev_t+0x1d3/0x9e0
[ 62.431318][ T5139] ? lock_downgrade+0x690/0x690
[ 62.436174][ T5139] ? bpf_lsm_file_ioctl+0x9/0x10
[ 62.441113][ T5139] __x64_sys_ioctl+0x10c/0x210
[ 62.445868][ T5139] do_syscall_64+0x39/0xb0
[ 62.450288][ T5139] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 62.456177][ T5139] RIP: 0033:0x7f42e570fb49
[ 62.460583][ T5139] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 62.480186][ T5139] RSP: 002b:00007ffc0165a458 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 62.488698][ T5139] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f42e570fb49
[ 62.496688][ T5139] RDX: 0000000020000000 RSI: 0000000040305839 RDI: 0000000000000005
[pid 5139] ioctl(5, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = 0
[pid 5139] exit_group(0) = ?
[pid 5139] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5139, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=24 /* 0.24 s */} ---
umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556431620 /* 4 entries */, 32768) = 112
umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./7/binderfs") = 0
[ 62.504672][ T5139] RBP: 00007ffc0165a480 R08: 0000000000000002 R09: 00007ffc0165a490
[ 62.512645][ T5139] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[ 62.520613][ T5139] R13: 00007ffc0165a4c0 R14: 00007ffc0165a4a0 R15: 0000000000000007
[ 62.528592][ T5139]
umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556439660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556439660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./7/file0") = 0
getdents64(3, 0x555556431620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./7") = 0
mkdir("./8", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564305d0) = 5156
./strace-static-x86_64: Process 5156 attached
[pid 5156] chdir("./8") = 0
[pid 5156] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5156] setpgid(0, 0) = 0
[pid 5156] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5156] write(3, "1000", 4) = 4
[pid 5156] close(3) = 0
[pid 5156] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5156] memfd_create("syzkaller", 0) = 3
[pid 5156] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f42dd2c2000
[pid 5156] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5156] munmap(0x7f42dd2c2000, 16777216) = 0
[pid 5156] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5156] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5156] close(3) = 0
[pid 5156] mkdir("./file0", 0777) = 0
[ 62.832590][ T5156] loop0: detected capacity change from 0 to 32768
[ 62.842292][ T5156] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz-executor422 (5156)
[ 62.859021][ T5156] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 62.867736][ T5156] BTRFS info (device loop0): setting nodatacow, compression disabled
[ 62.876109][ T5156] BTRFS info (device loop0): using free space tree
[pid 5156] mount("/dev/loop0", "./file0", "btrfs", MS_NODEV, "enospc_debug,nodatacow,subvolid=0x0000000000000005,nodatacow,") = 0
[pid 5156] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5156] chdir("./file0") = 0
[pid 5156] ioctl(4, LOOP_CLR_FD) = 0
[pid 5156] close(4) = 0
[pid 5156] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 62.894076][ T5156] BTRFS info (device loop0): enabling ssd optimizations
[ 62.901135][ T5156] BTRFS info (device loop0): auto enabling async discard
[pid 5156] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 5156] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[pid 5156] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 5156] write(6, "10", 2) = 2
[ 62.966577][ T5156] FAULT_INJECTION: forcing a failure.
[ 62.966577][ T5156] name failslab, interval 1, probability 0, space 0, times 0
[ 62.979787][ T5156] CPU: 1 PID: 5156 Comm: syz-executor422 Not tainted 6.4.0-rc1-next-20230512-syzkaller #0
[ 62.989709][ T5156] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
[ 62.999800][ T5156] Call Trace:
[ 63.003081][ T5156]
[ 63.006029][ T5156] dump_stack_lvl+0x136/0x150
[ 63.010759][ T5156] should_fail_ex+0x4a3/0x5b0
[ 63.015459][ T5156] ? find_held_lock+0x2d/0x110
[ 63.020253][ T5156] should_failslab+0x9/0x20
[ 63.024766][ T5156] __kmem_cache_alloc_node+0x5b/0x320
[ 63.030146][ T5156] ? ulist_add_merge.part.0+0x85/0x4b0
[ 63.035622][ T5156] kmalloc_trace+0x26/0xe0
[ 63.040079][ T5156] ulist_add_merge.part.0+0x85/0x4b0
[ 63.045376][ T5156] ? rcu_is_watching+0x12/0xb0
[ 63.050164][ T5156] ulist_add+0x106/0x160
[ 63.054421][ T5156] set_state_bits.isra.0+0x11f/0x1c0
[ 63.059717][ T5156] __set_extent_bit+0xb81/0x15f0
[ 63.064677][ T5156] set_record_extent_bits+0x5c/0x90
[ 63.069896][ T5156] qgroup_reserve_data+0x233/0xa80
[ 63.075034][ T5156] btrfs_qgroup_reserve_data+0x2f/0xd0
[ 63.080530][ T5156] btrfs_fallocate+0x1441/0x27f0
[ 63.085525][ T5156] ? btrfs_replace_file_extents+0x1aa0/0x1aa0
[ 63.091612][ T5156] ? debug_check_no_obj_freed+0x210/0x420
[ 63.097345][ T5156] ? lock_downgrade+0x690/0x690
[ 63.102209][ T5156] ? aa_path_link+0x2f0/0x2f0
[ 63.106906][ T5156] ? lock_sync+0x190/0x190
[ 63.111335][ T5156] ? rcu_is_watching+0x12/0xb0
[ 63.116105][ T5156] ? trace_lock_acquire+0x12d/0x180
[ 63.121590][ T5156] ? btrfs_replace_file_extents+0x1aa0/0x1aa0
[ 63.127662][ T5156] vfs_fallocate+0x48b/0xe40
[ 63.132276][ T5156] ioctl_preallocate+0x18e/0x200
[ 63.137223][ T5156] ? fiemap_prep+0x220/0x220
[ 63.141836][ T5156] do_vfs_ioctl+0x129a/0x1670
[ 63.146607][ T5156] ? vfs_fileattr_set+0xc40/0xc40
[ 63.151645][ T5156] ? find_held_lock+0x2d/0x110
[ 63.156422][ T5156] ? name_to_dev_t+0x1d3/0x9e0
[ 63.161199][ T5156] ? lock_downgrade+0x690/0x690
[ 63.166075][ T5156] ? bpf_lsm_file_ioctl+0x9/0x10
[ 63.171039][ T5156] __x64_sys_ioctl+0x10c/0x210
[ 63.175811][ T5156] do_syscall_64+0x39/0xb0
[ 63.180251][ T5156] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 63.186174][ T5156] RIP: 0033:0x7f42e570fb49
[ 63.190591][ T5156] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 63.210302][ T5156] RSP: 002b:00007ffc0165a458 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 63.218730][ T5156] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f42e570fb49
[ 63.226712][ T5156] RDX: 0000000020000000 RSI: 0000000040305839 RDI: 0000000000000005
[ 63.234776][ T5156] RBP: 00007ffc0165a480 R08: 0000000000000002 R09: 00007ffc0165a490
[ 63.242751][ T5156] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[ 63.250726][ T5156] R13: 00007ffc0165a4c0 R14: 00007ffc0165a4a0 R15: 0000000000000008
[ 63.258732][ T5156]
[ 63.262234][ T5156] ------------[ cut here ]------------
[ 63.267739][ T5156] kernel BUG at fs/btrfs/extent-io-tree.c:379!
[ 63.272286][ T46] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 63.274105][ T5156] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[ 63.289196][ T5156] CPU: 1 PID: 5156 Comm: syz-executor422 Not tainted 6.4.0-rc1-next-20230512-syzkaller #0
[ 63.299112][ T5156] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
[ 63.309188][ T5156] RIP: 0010:set_state_bits.isra.0+0x17b/0x1c0
[ 63.315299][ T5156] Code: 38 d0 7c 04 84 d2 75 31 44 8b 73 7c e8 fe aa f7 fd 44 89 e0 44 09 f0 89 43 7c 5b 5d 41 5c 41 5d 41 5e 41 5f c3 e8 e5 aa f7 fd <0f> 0b 4c 89 ef e8 3b a7 4a fe e9 e6 fe ff ff 4c 89 ef e8 2e a7 4a
[ 63.334959][ T5156] RSP: 0018:ffffc9000418f7c8 EFLAGS: 00010293
[ 63.341057][ T5156] RAX: 0000000000000000 RBX: ffff888022a45d80 RCX: 0000000000000000
[ 63.349088][ T5156] RDX: ffff88807a5f5940 RSI: ffffffff838c6b4b RDI: 0000000000000005
[ 63.357085][ T5156] RBP: 00000000fffffff4 R08: 0000000000000005 R09: 0000000000000000
[ 63.365105][ T5156] R10: 00000000fffffff4 R11: 0000000000000001 R12: 0000000000000800
[ 63.373076][ T5156] R13: ffff888022a45dfc R14: 000000000000ffff R15: 0000000000000000
[ 63.381045][ T5156] FS: 0000555556430300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[ 63.389975][ T5156] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 63.396555][ T5156] CR2: 00007ffcccf3cdf8 CR3: 0000000076c37000 CR4: 00000000003506e0
[ 63.404523][ T5156] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 63.412489][ T5156] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 63.420457][ T5156] Call Trace:
[ 63.423731][ T5156]
[ 63.426657][ T5156] __set_extent_bit+0xb81/0x15f0
[ 63.431611][ T5156] set_record_extent_bits+0x5c/0x90
[ 63.436815][ T5156] qgroup_reserve_data+0x233/0xa80
[ 63.441934][ T5156] btrfs_qgroup_reserve_data+0x2f/0xd0
[ 63.447401][ T5156] btrfs_fallocate+0x1441/0x27f0
[ 63.452343][ T5156] ? btrfs_replace_file_extents+0x1aa0/0x1aa0
[ 63.458411][ T5156] ? debug_check_no_obj_freed+0x210/0x420
[ 63.464135][ T5156] ? lock_downgrade+0x690/0x690
[ 63.468994][ T5156] ? aa_path_link+0x2f0/0x2f0
[ 63.473685][ T5156] ? lock_sync+0x190/0x190
[ 63.478111][ T5156] ? rcu_is_watching+0x12/0xb0
[ 63.482875][ T5156] ? trace_lock_acquire+0x12d/0x180
[ 63.488081][ T5156] ? btrfs_replace_file_extents+0x1aa0/0x1aa0
[ 63.494167][ T5156] vfs_fallocate+0x48b/0xe40
[ 63.498771][ T5156] ioctl_preallocate+0x18e/0x200
[ 63.503712][ T5156] ? fiemap_prep+0x220/0x220
[ 63.508307][ T5156] do_vfs_ioctl+0x129a/0x1670
[ 63.512986][ T5156] ? vfs_fileattr_set+0xc40/0xc40
[ 63.518015][ T5156] ? find_held_lock+0x2d/0x110
[ 63.522782][ T5156] ? name_to_dev_t+0x1d3/0x9e0
[ 63.527554][ T5156] ? lock_downgrade+0x690/0x690
[ 63.532412][ T5156] ? bpf_lsm_file_ioctl+0x9/0x10
[ 63.537359][ T5156] __x64_sys_ioctl+0x10c/0x210
[ 63.542122][ T5156] do_syscall_64+0x39/0xb0
[ 63.546547][ T5156] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 63.552446][ T5156] RIP: 0033:0x7f42e570fb49
[ 63.556856][ T5156] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 63.576461][ T5156] RSP: 002b:00007ffc0165a458 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 63.584870][ T5156] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f42e570fb49
[ 63.592835][ T5156] RDX: 0000000020000000 RSI: 0000000040305839 RDI: 0000000000000005
[ 63.600799][ T5156] RBP: 00007ffc0165a480 R08: 0000000000000002 R09: 00007ffc0165a490
[ 63.608764][ T5156] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[ 63.616731][ T5156] R13: 00007ffc0165a4c0 R14: 00007ffc0165a4a0 R15: 0000000000000008
[ 63.624706][ T5156]
[ 63.627718][ T5156] Modules linked in:
[ 63.631636][ T5156] ---[ end trace 0000000000000000 ]---
[ 63.637101][ T5156] RIP: 0010:set_state_bits.isra.0+0x17b/0x1c0
[ 63.643241][ T5156] Code: 38 d0 7c 04 84 d2 75 31 44 8b 73 7c e8 fe aa f7 fd 44 89 e0 44 09 f0 89 43 7c 5b 5d 41 5c 41 5d 41 5e 41 5f c3 e8 e5 aa f7 fd <0f> 0b 4c 89 ef e8 3b a7 4a fe e9 e6 fe ff ff 4c 89 ef e8 2e a7 4a
[ 63.662892][ T5156] RSP: 0018:ffffc9000418f7c8 EFLAGS: 00010293
[ 63.668988][ T5156] RAX: 0000000000000000 RBX: ffff888022a45d80 RCX: 0000000000000000
[ 63.676970][ T5156] RDX: ffff88807a5f5940 RSI: ffffffff838c6b4b RDI: 0000000000000005
[ 63.685006][ T5156] RBP: 00000000fffffff4 R08: 0000000000000005 R09: 0000000000000000
[ 63.693028][ T5156] R10: 00000000fffffff4 R11: 0000000000000001 R12: 0000000000000800
[ 63.701059][ T5156] R13: ffff888022a45dfc R14: 000000000000ffff R15: 0000000000000000
[ 63.709078][ T5156] FS: 0000555556430300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[ 63.718023][ T5156] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 63.724629][ T5156] CR2: 00007ffcccf3cdf8 CR3: 0000000076c37000 CR4: 00000000003506e0
[ 63.732655][ T5156] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 63.740679][ T5156] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 63.748671][ T5156] Kernel panic - not syncing: Fatal exception
[ 63.754886][ T5156] Kernel Offset: disabled
[ 63.759206][ T5156] Rebooting in 86400 seconds..