./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4221447940
<...>
Warning: Permanently added '10.128.0.246' (ECDSA) to the list of known hosts.
execve("./syz-executor4221447940", ["./syz-executor4221447940"], 0x7ffc96bea250 /* 10 vars */) = 0
brk(NULL) = 0x555556534000
brk(0x555556534c40) = 0x555556534c40
arch_prctl(ARCH_SET_FS, 0x555556534300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor4221447940", 4096) = 28
brk(0x555556555c40) = 0x555556555c40
brk(0x555556556000) = 0x555556556000
mprotect(0x7fc9d7944000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
getpid() = 5078
mkdir("./syzkaller.t4UzTa", 0700) = 0
chmod("./syzkaller.t4UzTa", 0777) = 0
chdir("./syzkaller.t4UzTa") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555565345d0) = 5079
./strace-static-x86_64: Process 5079 attached
[pid 5079] chdir("./0") = 0
[pid 5079] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5079] setpgid(0, 0) = 0
[pid 5079] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5079] write(3, "1000", 4) = 4
[pid 5079] close(3) = 0
[pid 5079] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5079] memfd_create("syzkaller", 0) = 3
[pid 5079] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc9cf483000
syzkaller login: [ 58.918450][ T5079] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5079 'syz-executor422'
[pid 5079] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5079] munmap(0x7fc9cf483000, 16777216) = 0
[pid 5079] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5079] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5079] close(3) = 0
[pid 5079] mkdir("./file0", 0777) = 0
[ 59.129804][ T5079] loop0: detected capacity change from 0 to 32768
[ 59.143213][ T5079] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor422 (5079)
[ 59.165104][ T5079] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm
[ 59.174580][ T5079] BTRFS info (device loop0): force clearing of disk cache
[ 59.181717][ T5079] BTRFS info (device loop0): setting nodatasum
[ 59.188483][ T5079] BTRFS info (device loop0): allowing degraded mounts
[ 59.195963][ T5079] BTRFS info (device loop0): enabling disk space caching
[ 59.203004][ T5079] BTRFS info (device loop0): disk space caching is enabled
[ 59.227863][ T5079] BTRFS info (device loop0): enabling ssd optimizations
[ 59.235009][ T5079] BTRFS info (device loop0): auto enabling async discard
[ 59.243801][ T5079] BTRFS info (device loop0): clearing free space tree
[ 59.251789][ T5079] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[ 59.261704][ T5079] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[pid 5079] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0
[pid 5079] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5079] chdir("./file0") = 0
[pid 5079] ioctl(4, LOOP_CLR_FD) = 0
[pid 5079] close(4) = 0
[pid 5079] open("./file0", O_RDONLY) = 4
[pid 5079] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[ 59.286731][ T5079] BTRFS info (device loop0): checking UUID tree
[pid 5079] creat("./bus", 000) = 5
[pid 5079] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 5079] write(6, "11", 2) = 2
[ 59.343169][ T56] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 59.355238][ T5079] FAULT_INJECTION: forcing a failure.
[ 59.355238][ T5079] name failslab, interval 1, probability 0, space 0, times 1
[ 59.368365][ T5079] CPU: 0 PID: 5079 Comm: syz-executor422 Not tainted 6.2.0-rc4-next-20230120-syzkaller #0
[ 59.378347][ T5079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[ 59.388482][ T5079] Call Trace:
[ 59.391753][ T5079]
[ 59.394687][ T5079] dump_stack_lvl+0xd1/0x138
[ 59.399307][ T5079] should_fail_ex.cold+0x5/0xa
[ 59.404172][ T5079] should_failslab+0x9/0x20
[ 59.408693][ T5079] __kmem_cache_alloc_node+0x5b/0x330
[ 59.414064][ T5079] ? ulist_add_merge.part.0+0x85/0x490
[ 59.419704][ T5079] kmalloc_trace+0x26/0x60
[ 59.424126][ T5079] ulist_add_merge.part.0+0x85/0x490
[ 59.429430][ T5079] ? btrfs_clear_delalloc_extent+0x1b7/0xaa0
[ 59.435683][ T5079] ulist_add+0x106/0x160
[ 59.439984][ T5079] clear_state_bit+0x151/0x3a0
[ 59.444803][ T5079] __clear_extent_bit+0x593/0xc80
[ 59.450064][ T5079] clear_record_extent_bits+0x5c/0x70
[ 59.455681][ T5079] __btrfs_qgroup_release_data+0x1a2/0xa60
[ 59.461552][ T5079] ? btrfs_qgroup_account_extents+0xb90/0xb90
[ 59.467841][ T5079] ? _raw_spin_unlock+0x28/0x40
[ 59.472917][ T5079] ? btrfs_get_alloc_profile+0x2f4/0x7c0
[ 59.478738][ T5079] ? btrfs_reserve_extent+0x4d7/0x680
[ 59.484172][ T5079] insert_prealloc_file_extent+0x182/0x420
[ 59.490115][ T5079] ? walk_down_tree+0x490/0x490
[ 59.495102][ T5079] ? insert_reserved_file_extent+0x910/0x910
[ 59.501355][ T5079] __btrfs_prealloc_file_range+0x298/0x940
[ 59.507232][ T5079] ? async_cow_start+0xa0/0xa0
[ 59.512050][ T5079] ? __xfs_ag_resv_free+0x990/0xb20
[ 59.517398][ T5079] btrfs_prealloc_file_range+0x42/0x50
[ 59.523004][ T5079] btrfs_fallocate+0x191e/0x27b0
[ 59.528022][ T5079] ? btrfs_replace_file_extents+0x14e0/0x14e0
[ 59.534145][ T5079] ? rcu_read_lock_sched_held+0x3e/0x70
[ 59.539765][ T5079] ? do_raw_spin_lock+0x124/0x2b0
[ 59.544927][ T5079] ? aa_path_link+0x2f0/0x2f0
[ 59.549641][ T5079] ? rwlock_bug.part.0+0x90/0x90
[ 59.554649][ T5079] ? lock_sync+0x190/0x190
[ 59.559114][ T5079] ? __x64_sys_fallocate+0xd3/0x140
[ 59.564352][ T5079] ? rcu_read_lock_sched_held+0x3e/0x70
[ 59.569942][ T5079] ? trace_lock_acquire+0x1f1/0x290
[ 59.575197][ T5079] ? btrfs_replace_file_extents+0x14e0/0x14e0
[ 59.581326][ T5079] vfs_fallocate+0x48b/0xe40
[ 59.586490][ T5079] __x64_sys_fallocate+0xd3/0x140
[ 59.591565][ T5079] do_syscall_64+0x39/0xb0
[ 59.596037][ T5079] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 59.601980][ T5079] RIP: 0033:0x7fc9d78d0ad9
[ 59.606431][ T5079] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 59.626170][ T5079] RSP: 002b:00007ffd955c3e38 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
[ 59.634630][ T5079] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fc9d78d0ad9
[ 59.642640][ T5079] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005
[ 59.650654][ T5079] RBP: 00007ffd955c3e60 R08: 0000000000000002 R09: 00007ffd955c3e70
[ 59.658693][ T5079] R10: 0000000000280404 R11: 0000000000000246 R12: 0000000000000006
[ 59.666800][ T5079] R13: 00007ffd955c3ea0 R14: 00007ffd955c3e80 R15: 0000000000000000
[ 59.674872][ T5079]
[ 59.678775][ T5079] ------------[ cut here ]------------
[ 59.684266][ T5079] kernel BUG at fs/btrfs/extent-io-tree.c:515!
[ 59.690730][ T5079] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[ 59.697087][ T5079] CPU: 0 PID: 5079 Comm: syz-executor422 Not tainted 6.2.0-rc4-next-20230120-syzkaller #0
[ 59.707084][ T5079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[ 59.717140][ T5079] RIP: 0010:clear_state_bit+0x31b/0x3a0
[ 59.722724][ T5079] Code: 14 02 4c 89 f0 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 33 44 8b 7d 7c e9 af fe ff ff e8 5e 0c fc fd 0f 0b eb 97 e8 55 0c fc fd <0f> 0b 4c 89 f7 e8 9b ce 49 fe e9 72 fd ff ff 4c 89 f7 e8 8e ce 49
[ 59.742513][ T5079] RSP: 0018:ffffc90003bbf708 EFLAGS: 00010293
[ 59.748588][ T5079] RAX: 0000000000000000 RBX: 00000000fffffff4 RCX: 0000000000000000
[ 59.756562][ T5079] RDX: ffff888026b19d40 RSI: ffffffff8385ed8b RDI: 0000000000000005
[ 59.764559][ T5079] RBP: ffff88807e08f180 R08: 0000000000000005 R09: 0000000000000000
[ 59.772631][ T5079] R10: 00000000fffffff4 R11: 0000000000000000 R12: ffff888074289cc8
[ 59.780789][ T5079] R13: 0000000000000000 R14: ffff88807e08f1fc R15: 0000000000280fff
[ 59.789285][ T5079] FS: 0000555556534300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[ 59.798311][ T5079] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 59.804986][ T5079] CR2: 0000559be0aec000 CR3: 00000000291ae000 CR4: 00000000003506f0
[ 59.813241][ T5079] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 59.821233][ T5079] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 59.829216][ T5079] Call Trace:
[ 59.832523][ T5079]
[ 59.835548][ T5079] __clear_extent_bit+0x593/0xc80
[ 59.840599][ T5079] clear_record_extent_bits+0x5c/0x70
[ 59.846071][ T5079] __btrfs_qgroup_release_data+0x1a2/0xa60
[ 59.852083][ T5079] ? btrfs_qgroup_account_extents+0xb90/0xb90
[ 59.858164][ T5079] ? _raw_spin_unlock+0x28/0x40
[ 59.863155][ T5079] ? btrfs_get_alloc_profile+0x2f4/0x7c0
[ 59.868895][ T5079] ? btrfs_reserve_extent+0x4d7/0x680
[ 59.874646][ T5079] insert_prealloc_file_extent+0x182/0x420
[ 59.880465][ T5079] ? walk_down_tree+0x490/0x490
[ 59.885501][ T5079] ? insert_reserved_file_extent+0x910/0x910
[ 59.891503][ T5079] __btrfs_prealloc_file_range+0x298/0x940
[ 59.897327][ T5079] ? async_cow_start+0xa0/0xa0
[ 59.902287][ T5079] ? __xfs_ag_resv_free+0x990/0xb20
[ 59.907509][ T5079] btrfs_prealloc_file_range+0x42/0x50
[ 59.913078][ T5079] btrfs_fallocate+0x191e/0x27b0
[ 59.918075][ T5079] ? btrfs_replace_file_extents+0x14e0/0x14e0
[ 59.924160][ T5079] ? rcu_read_lock_sched_held+0x3e/0x70
[ 59.929779][ T5079] ? do_raw_spin_lock+0x124/0x2b0
[ 59.934817][ T5079] ? aa_path_link+0x2f0/0x2f0
[ 59.939501][ T5079] ? rwlock_bug.part.0+0x90/0x90
[ 59.944579][ T5079] ? lock_sync+0x190/0x190
[ 59.949022][ T5079] ? __x64_sys_fallocate+0xd3/0x140
[ 59.954503][ T5079] ? rcu_read_lock_sched_held+0x3e/0x70
[ 59.960086][ T5079] ? trace_lock_acquire+0x1f1/0x290
[ 59.965308][ T5079] ? btrfs_replace_file_extents+0x14e0/0x14e0
[ 59.971407][ T5079] vfs_fallocate+0x48b/0xe40
[ 59.976007][ T5079] __x64_sys_fallocate+0xd3/0x140
[ 59.981049][ T5079] do_syscall_64+0x39/0xb0
[ 59.985573][ T5079] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 59.991563][ T5079] RIP: 0033:0x7fc9d78d0ad9
[ 59.995982][ T5079] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 60.015597][ T5079] RSP: 002b:00007ffd955c3e38 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
[ 60.024044][ T5079] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fc9d78d0ad9
[ 60.032025][ T5079] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005
[ 60.040016][ T5079] RBP: 00007ffd955c3e60 R08: 0000000000000002 R09: 00007ffd955c3e70
[ 60.048177][ T5079] R10: 0000000000280404 R11: 0000000000000246 R12: 0000000000000006
[ 60.056240][ T5079] R13: 00007ffd955c3ea0 R14: 00007ffd955c3e80 R15: 0000000000000000
[ 60.064501][ T5079]
[ 60.067520][ T5079] Modules linked in:
[ 60.071755][ T5079] ---[ end trace 0000000000000000 ]---
[ 60.077268][ T5079] RIP: 0010:clear_state_bit+0x31b/0x3a0
[ 60.082847][ T5079] Code: 14 02 4c 89 f0 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 33 44 8b 7d 7c e9 af fe ff ff e8 5e 0c fc fd 0f 0b eb 97 e8 55 0c fc fd <0f> 0b 4c 89 f7 e8 9b ce 49 fe e9 72 fd ff ff 4c 89 f7 e8 8e ce 49
[ 60.102543][ T5079] RSP: 0018:ffffc90003bbf708 EFLAGS: 00010293
[ 60.108763][ T5079] RAX: 0000000000000000 RBX: 00000000fffffff4 RCX: 0000000000000000
[ 60.116806][ T5079] RDX: ffff888026b19d40 RSI: ffffffff8385ed8b RDI: 0000000000000005
[ 60.124940][ T5079] RBP: ffff88807e08f180 R08: 0000000000000005 R09: 0000000000000000
[ 60.133018][ T5079] R10: 00000000fffffff4 R11: 0000000000000000 R12: ffff888074289cc8
[ 60.141338][ T5079] R13: 0000000000000000 R14: ffff88807e08f1fc R15: 0000000000280fff
[ 60.149779][ T5079] FS: 0000555556534300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[ 60.158770][ T5079] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 60.165495][ T5079] CR2: 0000559be0aec000 CR3: 00000000291ae000 CR4: 00000000003506f0
[ 60.173484][ T5079] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 60.181513][ T5079] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 60.189531][ T5079] Kernel panic - not syncing: Fatal exception
[ 60.195664][ T5079] Kernel Offset: disabled
[ 60.199983][ T5079] Rebooting in 86400 seconds..