./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1347225698
<...>
Warning: Permanently added '10.128.0.201' (ED25519) to the list of known hosts.
execve("./syz-executor1347225698", ["./syz-executor1347225698"], 0x7ffc47e8e760 /* 10 vars */) = 0
brk(NULL) = 0x55555571f000
brk(0x55555571fd00) = 0x55555571fd00
arch_prctl(ARCH_SET_FS, 0x55555571f380) = 0
set_tid_address(0x55555571f650) = 5040
set_robust_list(0x55555571f660, 24) = 0
rseq(0x55555571fca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor1347225698", 4096) = 28
getrandom("\x69\xc0\xff\xa5\xcf\xed\xc3\x94", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x55555571fd00
brk(0x555555740d00) = 0x555555740d00
brk(0x555555741000) = 0x555555741000
mprotect(0x7fbe40ec2000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
mkdir("./syzkaller.Nsl0To", 0700) = 0
chmod("./syzkaller.Nsl0To", 0777) = 0
chdir("./syzkaller.Nsl0To") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555571f650) = 5041
./strace-static-x86_64: Process 5041 attached
[pid 5041] set_robust_list(0x55555571f660, 24) = 0
[pid 5041] chdir("./0") = 0
[pid 5041] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5041] setpgid(0, 0) = 0
[pid 5041] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5041] write(3, "1000", 4) = 4
[pid 5041] close(3) = 0
[pid 5041] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5041] memfd_create("syzkaller", 0) = 3
[pid 5041] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbe38a0a000
[ 77.002273][ T5041] syz-executor134[5041]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
[pid 5041] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5041] munmap(0x7fbe38a0a000, 16777216) = 0
[pid 5041] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5041] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5041] close(3) = 0
[pid 5041] mkdir("./file0", 0777) = 0
[ 77.230084][ T5041] loop0: detected capacity change from 0 to 32768
[ 77.244126][ T5041] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor134 (5041)
[ 77.266785][ T5041] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 77.275802][ T5041] BTRFS info (device loop0): using free space tree
[pid 5041] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0
[pid 5041] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5041] chdir("./file0") = 0
[pid 5041] ioctl(4, LOOP_CLR_FD) = 0
[pid 5041] close(4) = 0
[pid 5041] openat(AT_FDCWD, ".pending_reads", O_RDWR|O_CREAT|O_DSYNC, 000) = 4
[pid 5041] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[ 77.306259][ T5041] BTRFS info (device loop0): enabling ssd optimizations
[ 77.313459][ T5041] BTRFS info (device loop0): auto enabling async discard
[pid 5041] ioctl(5, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 5041] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 5041] write(6, "15", 2) = 2
[ 77.422284][ T5041] FAULT_INJECTION: forcing a failure.
[ 77.422284][ T5041] name failslab, interval 1, probability 0, space 0, times 1
[ 77.435387][ T5041] CPU: 0 PID: 5041 Comm: syz-executor134 Not tainted 6.6.0-rc4-syzkaller #0
[ 77.444128][ T5041] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 77.454240][ T5041] Call Trace:
[ 77.457570][ T5041]
[ 77.460548][ T5041] dump_stack_lvl+0x1e7/0x2d0
[ 77.465302][ T5041] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 77.471452][ T5041] ? nf_tcp_handle_invalid+0x650/0x650
[ 77.476966][ T5041] ? panic+0x770/0x770
[ 77.481188][ T5041] ? mark_lock+0x9a/0x340
[ 77.485578][ T5041] should_fail_ex+0x3aa/0x4e0
[ 77.490325][ T5041] should_failslab+0x9/0x20
[ 77.494878][ T5041] slab_pre_alloc_hook+0x59/0x310
[ 77.499959][ T5041] ? ulist_add_merge+0x14c/0x480
[ 77.504962][ T5041] __kmem_cache_alloc_node+0x4b/0x270
[ 77.510396][ T5041] ? ulist_add_merge+0x14c/0x480
[ 77.515390][ T5041] kmalloc_trace+0x2a/0xe0
[ 77.519871][ T5041] ulist_add_merge+0x14c/0x480
[ 77.524699][ T5041] qgroup_reserve+0x3aa/0x8d0
[ 77.529454][ T5041] ? trace_qgroup_meta_reserve+0x200/0x200
[ 77.535323][ T5041] ? rcu_is_watching+0x15/0xb0
[ 77.540152][ T5041] btrfs_qgroup_reserve_meta+0x196/0x2b0
[ 77.545853][ T5041] btrfs_delayed_update_inode+0x280/0x4b0
[ 77.551651][ T5041] btrfs_update_inode+0x16a/0x360
[ 77.556745][ T5041] btrfs_dirty_inode+0xdb/0x1a0
[ 77.561662][ T5041] ? btrfs_fiemap+0x1e0/0x1e0
[ 77.566398][ T5041] file_modified_flags+0x1c6/0x2a0
[ 77.571573][ T5041] btrfs_fallocate+0x735/0x1fe0
[ 77.576520][ T5041] ? btrfs_file_open+0xf0/0xf0
[ 77.579609][ T39] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 77.581309][ T5041] ? read_lock_is_recursive+0x20/0x20
[ 77.581371][ T5041] ? rcu_read_lock_any_held+0xb7/0x160
[ 77.581397][ T5041] ? rcu_read_lock_bh_held+0x120/0x120
[ 77.581424][ T5041] ? __lock_acquire+0x7f70/0x7f70
[ 77.611918][ T5041] vfs_fallocate+0x551/0x6b0
[ 77.616574][ T5041] do_vfs_ioctl+0x22da/0x2b40
[ 77.621311][ T5041] ? __x64_compat_sys_ioctl+0x90/0x90
[ 77.626708][ T5041] ? __lock_acquire+0x7f70/0x7f70
[ 77.631764][ T5041] ? lockdep_hardirqs_on+0x98/0x140
[ 77.636985][ T5041] ? __kmem_cache_free+0x25f/0x3b0
[ 77.642125][ T5041] ? tomoyo_path_number_perm+0x71a/0x870
[ 77.647874][ T5041] ? tomoyo_path_number_perm+0x208/0x870
[ 77.653543][ T5041] ? smack_log+0x123/0x540
[ 77.658016][ T5041] ? tomoyo_check_path_acl+0x1c0/0x1c0
[ 77.663521][ T5041] ? smk_access+0x4e0/0x4e0
[ 77.668040][ T5041] ? smk_access+0x4ab/0x4e0
[ 77.672611][ T5041] ? smk_tskacc+0x2ff/0x360
[ 77.677175][ T5041] ? smack_file_ioctl+0x2a1/0x3a0
[ 77.682257][ T5041] ? smack_file_alloc_security+0xe0/0xe0
[ 77.687918][ T5041] ? do_notify_parent+0x1100/0x1100
[ 77.693669][ T5041] ? print_irqtrace_events+0x220/0x220
[ 77.699163][ T5041] ? bpf_lsm_file_ioctl+0x9/0x10
[ 77.704144][ T5041] ? security_file_ioctl+0x81/0xa0
[ 77.709277][ T5041] __se_sys_ioctl+0x81/0x170
[ 77.713956][ T5041] do_syscall_64+0x41/0xc0
[ 77.718425][ T5041] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 77.724342][ T5041] RIP: 0033:0x7fbe40e492a9
[ 77.728774][ T5041] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 77.748416][ T5041] RSP: 002b:00007ffdf425f768 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 77.757413][ T5041] RAX: ffffffffffffffda RBX: 00007ffdf425f790 RCX: 00007fbe40e492a9
[ 77.765421][ T5041] RDX: 0000000020000080 RSI: 0000000040305828 RDI: 0000000000000004
[pid 5041] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x20000080) = -1 ENOMEM (Cannot allocate memory)
[pid 5041] exit_group(0) = ?
[pid 5041] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5041, si_uid=0, si_status=0, si_utime=0, si_stime=34 /* 0.34 s */} ---
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555557206f0 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/binderfs") = 0
[ 77.773405][ T5041] RBP: 0000000000000002 R08: 00007ffdf425f506 R09: 00007ffdf425f7b0
[ 77.781491][ T5041] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001
[ 77.789478][ T5041] R13: 0000000000000000 R14: 431bde82d7b634db R15: 00007ffdf425f7d0
[ 77.797505][ T5041]
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555728730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555728730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./0/file0") = 0
getdents64(3, 0x5555557206f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./0") = 0
mkdir("./1", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5060 attached
, child_tidptr=0x55555571f650) = 5060
[pid 5060] set_robust_list(0x55555571f660, 24) = 0
[pid 5060] chdir("./1") = 0
[pid 5060] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5060] setpgid(0, 0) = 0
[pid 5060] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5060] write(3, "1000", 4) = 4
[pid 5060] close(3) = 0
[pid 5060] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5060] memfd_create("syzkaller", 0) = 3
[pid 5060] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbe38a0a000
[pid 5060] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5060] munmap(0x7fbe38a0a000, 16777216) = 0
[pid 5060] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5060] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5060] close(3) = 0
[pid 5060] mkdir("./file0", 0777) = 0
[ 78.231079][ T5060] loop0: detected capacity change from 0 to 32768
[ 78.242316][ T5060] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor134 (5060)
[ 78.261720][ T5060] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 78.270496][ T5060] BTRFS info (device loop0): using free space tree
[pid 5060] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0
[pid 5060] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5060] chdir("./file0") = 0
[pid 5060] ioctl(4, LOOP_CLR_FD) = 0
[pid 5060] close(4) = 0
[pid 5060] openat(AT_FDCWD, ".pending_reads", O_RDWR|O_CREAT|O_DSYNC, 000) = 4
[pid 5060] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[pid 5060] ioctl(5, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 5060] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 5060] write(6, "15", 2) = 2
[ 78.295257][ T5060] BTRFS info (device loop0): enabling ssd optimizations
[ 78.302320][ T5060] BTRFS info (device loop0): auto enabling async discard
[ 78.352811][ T5060] FAULT_INJECTION: forcing a failure.
[ 78.352811][ T5060] name failslab, interval 1, probability 0, space 0, times 0
[ 78.366455][ T5060] CPU: 1 PID: 5060 Comm: syz-executor134 Not tainted 6.6.0-rc4-syzkaller #0
[ 78.375270][ T5060] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 78.385367][ T5060] Call Trace:
[ 78.386579][ T2931] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 78.388664][ T5060]
[ 78.388686][ T5060] dump_stack_lvl+0x1e7/0x2d0
[ 78.405507][ T5060] ? nf_tcp_handle_invalid+0x650/0x650
[ 78.411021][ T5060] ? panic+0x770/0x770
[ 78.415152][ T5060] ? __might_sleep+0xc0/0xc0
[ 78.419813][ T5060] should_fail_ex+0x3aa/0x4e0
[ 78.424550][ T5060] should_failslab+0x9/0x20
[ 78.429102][ T5060] slab_pre_alloc_hook+0x59/0x310
[ 78.434173][ T5060] ? btrfs_cont_expand+0xcd0/0xcd0
[ 78.439346][ T5060] ? btrfs_fallocate+0x11a0/0x1fe0
[ 78.444499][ T5060] __kmem_cache_alloc_node+0x4b/0x270
[ 78.449929][ T5060] ? btrfs_fallocate+0x11a0/0x1fe0
[ 78.455085][ T5060] kmalloc_trace+0x2a/0xe0
[ 78.459558][ T5060] btrfs_fallocate+0x11a0/0x1fe0
[ 78.464569][ T5060] ? btrfs_file_open+0xf0/0xf0
[ 78.469400][ T5060] ? read_lock_is_recursive+0x20/0x20
[ 78.474850][ T5060] ? rcu_read_lock_any_held+0xb7/0x160
[ 78.480363][ T5060] ? rcu_read_lock_bh_held+0x120/0x120
[ 78.485882][ T5060] ? __lock_acquire+0x7f70/0x7f70
[ 78.490971][ T5060] vfs_fallocate+0x551/0x6b0
[ 78.495629][ T5060] do_vfs_ioctl+0x22da/0x2b40
[ 78.500375][ T5060] ? __x64_compat_sys_ioctl+0x90/0x90
[ 78.505803][ T5060] ? __lock_acquire+0x7f70/0x7f70
[ 78.510922][ T5060] ? lockdep_hardirqs_on+0x98/0x140
[ 78.516289][ T5060] ? __kmem_cache_free+0x25f/0x3b0
[ 78.521479][ T5060] ? tomoyo_path_number_perm+0x71a/0x870
[ 78.527176][ T5060] ? tomoyo_path_number_perm+0x208/0x870
[ 78.532863][ T5060] ? smack_log+0x123/0x540
[ 78.537342][ T5060] ? tomoyo_check_path_acl+0x1c0/0x1c0
[ 78.542857][ T5060] ? smk_access+0x4e0/0x4e0
[ 78.547416][ T5060] ? smk_access+0x4ab/0x4e0
[ 78.551984][ T5060] ? smk_tskacc+0x2ff/0x360
[ 78.556546][ T5060] ? smack_file_ioctl+0x2a1/0x3a0
[ 78.561631][ T5060] ? smack_file_alloc_security+0xe0/0xe0
[ 78.567336][ T5060] ? do_notify_parent+0x1100/0x1100
[ 78.572610][ T5060] ? print_irqtrace_events+0x220/0x220
[ 78.578113][ T5060] ? bpf_lsm_file_ioctl+0x9/0x10
[ 78.583089][ T5060] ? security_file_ioctl+0x81/0xa0
[ 78.588349][ T5060] __se_sys_ioctl+0x81/0x170
[ 78.592968][ T5060] do_syscall_64+0x41/0xc0
[ 78.597489][ T5060] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 78.603422][ T5060] RIP: 0033:0x7fbe40e492a9
[ 78.607848][ T5060] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 78.627491][ T5060] RSP: 002b:00007ffdf425f768 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 78.635961][ T5060] RAX: ffffffffffffffda RBX: 00007ffdf425f790 RCX: 00007fbe40e492a9
[ 78.644055][ T5060] RDX: 0000000020000080 RSI: 0000000040305828 RDI: 0000000000000004
[pid 5060] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x20000080) = -1 ENOMEM (Cannot allocate memory)
[pid 5060] exit_group(0) = ?
[pid 5060] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5060, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=28 /* 0.28 s */} ---
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555557206f0 /* 4 entries */, 32768) = 112
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/binderfs") = 0
[ 78.652057][ T5060] RBP: 0000000000000002 R08: 00007ffdf425f506 R09: 00007ffdf425f7b0
[ 78.660059][ T5060] R10: 0000000000000002 R11: 0000000000000246 R12: 00007ffdf425f78c
[ 78.668065][ T5060] R13: 0000000000000001 R14: 431bde82d7b634db R15: 00007ffdf425f7d0
[ 78.676166][ T5060]
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555728730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555728730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./1/file0") = 0
getdents64(3, 0x5555557206f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./1") = 0
mkdir("./2", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555571f650) = 5077
./strace-static-x86_64: Process 5077 attached
[pid 5077] set_robust_list(0x55555571f660, 24) = 0
[pid 5077] chdir("./2") = 0
[pid 5077] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5077] setpgid(0, 0) = 0
[pid 5077] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5077] write(3, "1000", 4) = 4
[pid 5077] close(3) = 0
[pid 5077] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5077] memfd_create("syzkaller", 0) = 3
[pid 5077] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbe38a0a000
[pid 5077] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5077] munmap(0x7fbe38a0a000, 16777216) = 0
[pid 5077] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5077] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5077] close(3) = 0
[pid 5077] mkdir("./file0", 0777) = 0
[ 79.087985][ T5077] loop0: detected capacity change from 0 to 32768
[ 79.098606][ T5077] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor134 (5077)
[ 79.115454][ T5077] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 79.124405][ T5077] BTRFS info (device loop0): using free space tree
[pid 5077] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0
[pid 5077] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5077] chdir("./file0") = 0
[pid 5077] ioctl(4, LOOP_CLR_FD) = 0
[pid 5077] close(4) = 0
[pid 5077] openat(AT_FDCWD, ".pending_reads", O_RDWR|O_CREAT|O_DSYNC, 000) = 4
[pid 5077] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[pid 5077] ioctl(5, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 5077] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 5077] write(6, "15", 2) = 2
[ 79.147852][ T5077] BTRFS info (device loop0): enabling ssd optimizations
[ 79.155122][ T5077] BTRFS info (device loop0): auto enabling async discard
[ 79.208419][ T5077] FAULT_INJECTION: forcing a failure.
[ 79.208419][ T5077] name failslab, interval 1, probability 0, space 0, times 0
[ 79.212298][ T2891] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 79.222040][ T5077] CPU: 1 PID: 5077 Comm: syz-executor134 Not tainted 6.6.0-rc4-syzkaller #0
[ 79.239654][ T5077] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 79.249743][ T5077] Call Trace:
[ 79.253068][ T5077]
[ 79.256034][ T5077] dump_stack_lvl+0x1e7/0x2d0
[ 79.260775][ T5077] ? nf_tcp_handle_invalid+0x650/0x650
[ 79.266283][ T5077] ? panic+0x770/0x770
[ 79.270412][ T5077] should_fail_ex+0x3aa/0x4e0
[ 79.275175][ T5077] should_failslab+0x9/0x20
[ 79.279727][ T5077] slab_pre_alloc_hook+0x59/0x310
[ 79.284924][ T5077] ? ulist_add_merge+0x14c/0x480
[ 79.289907][ T5077] __kmem_cache_alloc_node+0x4b/0x270
[ 79.295353][ T5077] ? ulist_add_merge+0x14c/0x480
[ 79.300346][ T5077] kmalloc_trace+0x2a/0xe0
[ 79.304815][ T5077] ulist_add_merge+0x14c/0x480
[ 79.309647][ T5077] __set_extent_bit+0x69e/0x1b00
[ 79.314672][ T5077] set_record_extent_bits+0x51/0x90
[ 79.320014][ T5077] qgroup_reserve_data+0x260/0x8e0
[ 79.325211][ T5077] btrfs_qgroup_reserve_data+0x2e/0xc0
[ 79.330734][ T5077] btrfs_fallocate+0x12f8/0x1fe0
[ 79.335752][ T5077] ? btrfs_file_open+0xf0/0xf0
[ 79.340670][ T5077] ? read_lock_is_recursive+0x20/0x20
[ 79.346149][ T5077] ? rcu_read_lock_any_held+0xb7/0x160
[ 79.351677][ T5077] ? rcu_read_lock_bh_held+0x120/0x120
[ 79.357196][ T5077] ? __lock_acquire+0x7f70/0x7f70
[ 79.362294][ T5077] vfs_fallocate+0x551/0x6b0
[ 79.366971][ T5077] do_vfs_ioctl+0x22da/0x2b40
[ 79.371729][ T5077] ? __x64_compat_sys_ioctl+0x90/0x90
[ 79.377160][ T5077] ? __lock_acquire+0x7f70/0x7f70
[ 79.382236][ T5077] ? lockdep_hardirqs_on+0x98/0x140
[ 79.387496][ T5077] ? __kmem_cache_free+0x25f/0x3b0
[ 79.392675][ T5077] ? tomoyo_path_number_perm+0x71a/0x870
[ 79.398371][ T5077] ? tomoyo_path_number_perm+0x208/0x870
[ 79.404069][ T5077] ? smack_log+0x123/0x540
[ 79.408592][ T5077] ? tomoyo_check_path_acl+0x1c0/0x1c0
[ 79.414204][ T5077] ? smk_access+0x4e0/0x4e0
[ 79.418866][ T5077] ? smk_access+0x4ab/0x4e0
[ 79.423444][ T5077] ? smk_tskacc+0x2ff/0x360
[ 79.428033][ T5077] ? smack_file_ioctl+0x2a1/0x3a0
[ 79.433126][ T5077] ? smack_file_alloc_security+0xe0/0xe0
[ 79.438833][ T5077] ? do_notify_parent+0x1100/0x1100
[ 79.444118][ T5077] ? print_irqtrace_events+0x220/0x220
[ 79.449643][ T5077] ? bpf_lsm_file_ioctl+0x9/0x10
[ 79.454631][ T5077] ? security_file_ioctl+0x81/0xa0
[ 79.460081][ T5077] __se_sys_ioctl+0x81/0x170
[ 79.464729][ T5077] do_syscall_64+0x41/0xc0
[ 79.469163][ T5077] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 79.475076][ T5077] RIP: 0033:0x7fbe40e492a9
[ 79.479511][ T5077] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 79.499250][ T5077] RSP: 002b:00007ffdf425f768 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 79.507731][ T5077] RAX: ffffffffffffffda RBX: 00007ffdf425f790 RCX: 00007fbe40e492a9
[ 79.515737][ T5077] RDX: 0000000020000080 RSI: 0000000040305828 RDI: 0000000000000004
[ 79.523754][ T5077] RBP: 0000000000000002 R08: 00007ffdf425f506 R09: 00007ffdf425f7b0
[ 79.531749][ T5077] R10: 0000000000000002 R11: 0000000000000246 R12: 00007ffdf425f78c
[ 79.539749][ T5077] R13: 0000000000000002 R14: 431bde82d7b634db R15: 00007ffdf425f7d0
[ 79.547773][ T5077]
[ 79.551520][ T5077] ------------[ cut here ]------------
[ 79.557027][ T5077] kernel BUG at fs/btrfs/extent-io-tree.c:379!
[ 79.563265][ T5077] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[ 79.569352][ T5077] CPU: 1 PID: 5077 Comm: syz-executor134 Not tainted 6.6.0-rc4-syzkaller #0
[ 79.578222][ T5077] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 79.588284][ T5077] RIP: 0010:__set_extent_bit+0x188d/0x1b00
[ 79.594138][ T5077] Code: 30 fe e9 db fc ff ff 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c ff fd ff ff 4c 89 e7 e8 8d 9b 30 fe e9 f2 fd ff ff e8 93 1f d6 fd <0f> 0b e8 8c 1f d6 fd 48 8b 44 24 18 48 83 c0 08 48 89 c3 48 c1 e8
[ 79.613749][ T5077] RSP: 0018:ffffc900043cf5d8 EFLAGS: 00010293
[ 79.619831][ T5077] RAX: ffffffff83b7ec1d RBX: 00000000fffffff4 RCX: ffff88802520bb80
[ 79.627835][ T5077] RDX: 0000000000000000 RSI: 00000000fffffff4 RDI: 0000000000000000
[ 79.635817][ T5077] RBP: ffff88807eb5a7fc R08: ffffffff83b7da39 R09: 1ffffffff1a84df6
[ 79.643795][ T5077] R10: dffffc0000000000 R11: fffffbfff1a84df7 R12: ffff88807eb5a7fc
[ 79.651771][ T5077] R13: ffff88807eb5a780 R14: 0000000000000000 R15: 1ffff1100fd6b4ff
[ 79.659746][ T5077] FS: 000055555571f380(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[ 79.668682][ T5077] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 79.675297][ T5077] CR2: 00007fffc35ccb58 CR3: 000000007718e000 CR4: 00000000003506e0
[ 79.683293][ T5077] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 79.691272][ T5077] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 79.699292][ T5077] Call Trace:
[ 79.702578][ T5077]
[ 79.705512][ T5077] ? __die_body+0x8b/0xe0
[ 79.709859][ T5077] ? die+0xa1/0xd0
[ 79.713586][ T5077] ? do_trap+0x153/0x380
[ 79.717841][ T5077] ? __set_extent_bit+0x188d/0x1b00
[ 79.723060][ T5077] ? do_error_trap+0x1dc/0x2c0
[ 79.727887][ T5077] ? __set_extent_bit+0x188d/0x1b00
[ 79.733115][ T5077] ? do_int3+0x50/0x50
[ 79.737216][ T5077] ? handle_invalid_op+0x34/0x40
[ 79.742175][ T5077] ? __set_extent_bit+0x188d/0x1b00
[ 79.747389][ T5077] ? exc_invalid_op+0x33/0x50
[ 79.752077][ T5077] ? asm_exc_invalid_op+0x1a/0x20
[ 79.757134][ T5077] ? __set_extent_bit+0x6a9/0x1b00
[ 79.762255][ T5077] ? __set_extent_bit+0x188d/0x1b00
[ 79.767459][ T5077] ? __set_extent_bit+0x188d/0x1b00
[ 79.772685][ T5077] ? __set_extent_bit+0x188d/0x1b00
[ 79.777898][ T5077] set_record_extent_bits+0x51/0x90
[ 79.783112][ T5077] qgroup_reserve_data+0x260/0x8e0
[ 79.788269][ T5077] btrfs_qgroup_reserve_data+0x2e/0xc0
[ 79.793742][ T5077] btrfs_fallocate+0x12f8/0x1fe0
[ 79.798699][ T5077] ? btrfs_file_open+0xf0/0xf0
[ 79.803470][ T5077] ? read_lock_is_recursive+0x20/0x20
[ 79.808854][ T5077] ? rcu_read_lock_any_held+0xb7/0x160
[ 79.814315][ T5077] ? rcu_read_lock_bh_held+0x120/0x120
[ 79.819778][ T5077] ? __lock_acquire+0x7f70/0x7f70
[ 79.824813][ T5077] vfs_fallocate+0x551/0x6b0
[ 79.829420][ T5077] do_vfs_ioctl+0x22da/0x2b40
[ 79.834115][ T5077] ? __x64_compat_sys_ioctl+0x90/0x90
[ 79.839503][ T5077] ? __lock_acquire+0x7f70/0x7f70
[ 79.844531][ T5077] ? lockdep_hardirqs_on+0x98/0x140
[ 79.849748][ T5077] ? __kmem_cache_free+0x25f/0x3b0
[ 79.854870][ T5077] ? tomoyo_path_number_perm+0x71a/0x870
[ 79.860530][ T5077] ? tomoyo_path_number_perm+0x208/0x870
[ 79.866172][ T5077] ? smack_log+0x123/0x540
[ 79.870603][ T5077] ? tomoyo_check_path_acl+0x1c0/0x1c0
[ 79.876084][ T5077] ? smk_access+0x4e0/0x4e0
[ 79.880711][ T5077] ? smk_access+0x4ab/0x4e0
[ 79.885234][ T5077] ? smk_tskacc+0x2ff/0x360
[ 79.889755][ T5077] ? smack_file_ioctl+0x2a1/0x3a0
[ 79.894793][ T5077] ? smack_file_alloc_security+0xe0/0xe0
[ 79.900439][ T5077] ? do_notify_parent+0x1100/0x1100
[ 79.905651][ T5077] ? print_irqtrace_events+0x220/0x220
[ 79.911121][ T5077] ? bpf_lsm_file_ioctl+0x9/0x10
[ 79.916065][ T5077] ? security_file_ioctl+0x81/0xa0
[ 79.921208][ T5077] __se_sys_ioctl+0x81/0x170
[ 79.925816][ T5077] do_syscall_64+0x41/0xc0
[ 79.930240][ T5077] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 79.936143][ T5077] RIP: 0033:0x7fbe40e492a9
[ 79.940567][ T5077] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 79.960276][ T5077] RSP: 002b:00007ffdf425f768 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 79.968786][ T5077] RAX: ffffffffffffffda RBX: 00007ffdf425f790 RCX: 00007fbe40e492a9
[ 79.976764][ T5077] RDX: 0000000020000080 RSI: 0000000040305828 RDI: 0000000000000004
[ 79.984754][ T5077] RBP: 0000000000000002 R08: 00007ffdf425f506 R09: 00007ffdf425f7b0
[ 79.992729][ T5077] R10: 0000000000000002 R11: 0000000000000246 R12: 00007ffdf425f78c
[ 80.000704][ T5077] R13: 0000000000000002 R14: 431bde82d7b634db R15: 00007ffdf425f7d0
[ 80.008688][ T5077]
[ 80.011711][ T5077] Modules linked in:
[ 80.015786][ T5077] ---[ end trace 0000000000000000 ]---
[ 80.021315][ T5077] RIP: 0010:__set_extent_bit+0x188d/0x1b00
[ 80.027163][ T5077] Code: 30 fe e9 db fc ff ff 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c ff fd ff ff 4c 89 e7 e8 8d 9b 30 fe e9 f2 fd ff ff e8 93 1f d6 fd <0f> 0b e8 8c 1f d6 fd 48 8b 44 24 18 48 83 c0 08 48 89 c3 48 c1 e8
[ 80.046887][ T5077] RSP: 0018:ffffc900043cf5d8 EFLAGS: 00010293
[ 80.053053][ T5077] RAX: ffffffff83b7ec1d RBX: 00000000fffffff4 RCX: ffff88802520bb80
[ 80.061114][ T5077] RDX: 0000000000000000 RSI: 00000000fffffff4 RDI: 0000000000000000
[ 80.069189][ T5077] RBP: ffff88807eb5a7fc R08: ffffffff83b7da39 R09: 1ffffffff1a84df6
[ 80.077237][ T5077] R10: dffffc0000000000 R11: fffffbfff1a84df7 R12: ffff88807eb5a7fc
[ 80.085451][ T5077] R13: ffff88807eb5a780 R14: 0000000000000000 R15: 1ffff1100fd6b4ff
[ 80.093535][ T5077] FS: 000055555571f380(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[ 80.102670][ T5077] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 80.109289][ T5077] CR2: 00007fffc35ccb58 CR3: 000000007718e000 CR4: 00000000003506e0
[ 80.117325][ T5077] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 80.125363][ T5077] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 80.133486][ T5077] Kernel panic - not syncing: Fatal exception
[ 80.139799][ T5077] Kernel Offset: disabled
[ 80.144129][ T5077] Rebooting in 86400 seconds..