./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1686772044
<...>
Warning: Permanently added '10.128.10.25' (ED25519) to the list of known hosts.
execve("./syz-executor1686772044", ["./syz-executor1686772044"], 0x7ffc3e829330 /* 10 vars */) = 0
brk(NULL) = 0x5555563fa000
brk(0x5555563fad00) = 0x5555563fad00
arch_prctl(ARCH_SET_FS, 0x5555563fa380) = 0
set_tid_address(0x5555563fa650) = 5057
set_robust_list(0x5555563fa660, 24) = 0
rseq(0x5555563faca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor1686772044", 4096) = 28
getrandom("\x37\x50\xae\x72\x76\x51\xe4\xf3", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x5555563fad00
brk(0x55555641bd00) = 0x55555641bd00
brk(0x55555641c000) = 0x55555641c000
mprotect(0x7f8c26422000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
mkdir("./syzkaller.4ElgD4", 0700) = 0
chmod("./syzkaller.4ElgD4", 0777) = 0
chdir("./syzkaller.4ElgD4") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5058 attached
, child_tidptr=0x5555563fa650) = 5058
[pid 5058] set_robust_list(0x5555563fa660, 24) = 0
[pid 5058] chdir("./0") = 0
[pid 5058] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5058] setpgid(0, 0) = 0
[pid 5058] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5058] write(3, "1000", 4) = 4
[pid 5058] close(3) = 0
[pid 5058] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5058] memfd_create("syzkaller", 0) = 3
[pid 5058] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8c1df6a000
[pid 5058] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5058] munmap(0x7f8c1df6a000, 138412032) = 0
[pid 5058] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5058] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5058] close(3) = 0
[pid 5058] mkdir("./bus", 0777) = 0
[ 55.410905][ T5058] loop0: detected capacity change from 0 to 32768
[ 55.437123][ T5058] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor168 (5058)
[ 55.455961][ T5058] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 55.464935][ T5058] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 55.475733][ T5058] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 55.486514][ T5058] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[ 55.497136][ T5058] BTRFS info (device loop0): trying to use backup root at mount time
[pid 5058] mount("/dev/loop0", "./bus", "btrfs", 0, "user_subvol_rm_allowed,noinode_cache,inode_cache,usebackuproot,compress,commit=0x0000000000000002,ss"...) = 0
[pid 5058] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5058] chdir("./bus") = 0
[pid 5058] ioctl(4, LOOP_CLR_FD) = 0
[pid 5058] close(4) = 0
[ 55.505239][ T5058] BTRFS info (device loop0): use zlib compression, level 3
[ 55.512483][ T5058] BTRFS info (device loop0): enabling ssd optimizations
[ 55.519574][ T5058] BTRFS info (device loop0): using spread ssd allocation scheme
[ 55.527268][ T5058] BTRFS info (device loop0): using free space tree
[ 55.548055][ T5058] BTRFS info (device loop0): auto enabling async discard
[pid 5058] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4
[pid 5058] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5058] write(5, "8", 1) = 1
[ 55.598427][ T28] audit: type=1800 audit(1700918464.930:2): pid=5058 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor168" name="bus" dev="loop0" ino=263 res=0 errno=0
[ 55.628200][ T5058] FAULT_INJECTION: forcing a failure.
[ 55.628200][ T5058] name failslab, interval 1, probability 0, space 0, times 1
[ 55.641359][ T5058] CPU: 1 PID: 5058 Comm: syz-executor168 Not tainted 6.7.0-rc2-syzkaller-00195-g0f5cc96c367f #0
[ 55.651872][ T5058] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 55.661940][ T5058] Call Trace:
[ 55.665231][ T5058]
[ 55.668174][ T5058] dump_stack_lvl+0x1e7/0x2d0
[ 55.672893][ T5058] ? nf_tcp_handle_invalid+0x650/0x650
[ 55.678371][ T5058] ? panic+0x850/0x850
[ 55.682464][ T5058] ? __might_sleep+0xe0/0xe0
[ 55.687083][ T5058] should_fail_ex+0x3aa/0x4e0
[ 55.691783][ T5058] ? start_transaction+0x923/0x1780
[ 55.696996][ T5058] should_failslab+0x9/0x20
[ 55.701520][ T5058] kmem_cache_alloc+0x6d/0x2b0
[ 55.706306][ T5058] start_transaction+0x923/0x1780
[ 55.711365][ T5058] find_free_extent+0x2dcc/0x5780
[ 55.716446][ T5058] ? __lock_acquire+0x1345/0x1fd0
[ 55.721495][ T5058] btrfs_reserve_extent+0x422/0x800
[ 55.726733][ T5058] ? btrfs_free_extent+0x450/0x450
[ 55.731885][ T5058] ? do_raw_read_unlock+0x3c/0x80
[ 55.736931][ T5058] btrfs_get_blocks_direct_write+0x7d0/0xf30
[ 55.742935][ T5058] ? btrfs_dio_iomap_end+0x260/0x260
[ 55.748219][ T5058] ? btrfs_cont_expand+0xce0/0xce0
[ 55.753334][ T5058] btrfs_dio_iomap_begin+0xaee/0x10b0
[ 55.758705][ T5058] ? csum_exist_in_range+0x300/0x300
[ 55.763988][ T5058] ? csum_exist_in_range+0x300/0x300
[ 55.769265][ T5058] iomap_iter+0x677/0xee0
[ 55.773593][ T5058] ? blk_start_plug+0x6f/0x1b0
[ 55.778350][ T5058] __iomap_dio_rw+0xdcf/0x2330
[ 55.783131][ T5058] ? lockdep_hardirqs_on_prepare+0x43c/0x780
[ 55.789105][ T5058] ? btrfs_getxattr+0x190/0x1b0
[ 55.793947][ T5058] ? iomap_dio_deferred_complete+0x20/0x20
[ 55.799764][ T5058] ? __file_remove_privs+0x460/0x650
[ 55.805051][ T5058] ? inode_maybe_inc_iversion+0x1a3/0x1f0
[ 55.810767][ T5058] btrfs_dio_write+0xb6/0x100
[ 55.815434][ T5058] ? btrfs_dio_read+0x100/0x100
[ 55.820286][ T5058] btrfs_do_write_iter+0x7ac/0x1190
[ 55.825490][ T5058] ? btrfs_check_nocow_unlock+0x40/0x40
[ 55.831039][ T5058] do_iter_readv_writev+0x330/0x4a0
[ 55.836239][ T5058] ? generic_file_rw_checks+0x260/0x260
[ 55.841786][ T5058] ? fsnotify_perm+0x67/0x5a0
[ 55.846452][ T5058] ? bpf_lsm_file_permission+0x9/0x10
[ 55.851822][ T5058] do_iter_write+0x1f6/0x8d0
[ 55.856418][ T5058] do_pwritev+0x21a/0x360
[ 55.860743][ T5058] ? do_preadv+0x350/0x350
[ 55.865165][ T5058] ? do_notify_parent+0x10c0/0x10c0
[ 55.870358][ T5058] ? lockdep_hardirqs_on_prepare+0x43c/0x780
[ 55.876334][ T5058] ? print_irqtrace_events+0x220/0x220
[ 55.881785][ T5058] ? syscall_enter_from_user_mode+0xa4/0x2d0
[ 55.887762][ T5058] ? syscall_enter_from_user_mode+0xf5/0x2d0
[ 55.893734][ T5058] ? __x64_sys_pwritev2+0xbd/0x100
[ 55.898842][ T5058] do_syscall_64+0x45/0x110
[ 55.903357][ T5058] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 55.909265][ T5058] RIP: 0033:0x7f8c263a9329
[ 55.913676][ T5058] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 55.933273][ T5058] RSP: 002b:00007ffe7f0fdae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[ 55.941683][ T5058] RAX: ffffffffffffffda RBX: 00007ffe7f0fdb20 RCX: 00007f8c263a9329
[pid 5058] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=8388608}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}], 13, 5120, RWF_APPEND) = -1 ENOMEM (Cannot allocate memory)
[pid 5058] exit_group(0) = ?
[pid 5058] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5058, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=24 /* 0.24 s */} ---
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555563fb6f0 /* 4 entries */, 32768) = 104
[ 55.949659][ T5058] RDX: 000000000000000d RSI: 0000000020000240 RDI: 0000000000000004
[ 55.957646][ T5058] RBP: 0000000000000001 R08: 0000000000000408 R09: 0000000000000010
[ 55.965608][ T5058] R10: 0000000000001400 R11: 0000000000000246 R12: 0000000000000001
[ 55.973568][ T5058] R13: 0000000000000000 R14: 431bde82d7b634db R15: 00007ffe7f0fdb60
[ 55.981546][ T5058]
umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556403730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556403730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./0/bus") = 0
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/binderfs") = 0
getdents64(3, 0x5555563fb6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./0") = 0
mkdir("./1", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5077 attached
, child_tidptr=0x5555563fa650) = 5077
[pid 5077] set_robust_list(0x5555563fa660, 24) = 0
[pid 5077] chdir("./1") = 0
[pid 5077] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5077] setpgid(0, 0) = 0
[pid 5077] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5077] write(3, "1000", 4) = 4
[pid 5077] close(3) = 0
[pid 5077] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5077] memfd_create("syzkaller", 0) = 3
[pid 5077] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8c1df6a000
[pid 5077] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5077] munmap(0x7f8c1df6a000, 138412032) = 0
[pid 5077] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5077] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5077] close(3) = 0
[pid 5077] mkdir("./bus", 0777) = 0
[ 56.409452][ T5077] loop0: detected capacity change from 0 to 32768
[ 56.425891][ T5077] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor168 (5077)
[ 56.441916][ T5077] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 56.450696][ T5077] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 56.461484][ T5077] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 56.472294][ T5077] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[ 56.482915][ T5077] BTRFS info (device loop0): trying to use backup root at mount time
[ 56.491053][ T5077] BTRFS info (device loop0): use zlib compression, level 3
[ 56.498293][ T5077] BTRFS info (device loop0): enabling ssd optimizations
[pid 5077] mount("/dev/loop0", "./bus", "btrfs", 0, "user_subvol_rm_allowed,noinode_cache,inode_cache,usebackuproot,compress,commit=0x0000000000000002,ss"...) = 0
[pid 5077] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5077] chdir("./bus") = 0
[pid 5077] ioctl(4, LOOP_CLR_FD) = 0
[pid 5077] close(4) = 0
[pid 5077] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4
[ 56.505234][ T5077] BTRFS info (device loop0): using spread ssd allocation scheme
[ 56.512928][ T5077] BTRFS info (device loop0): using free space tree
[ 56.530912][ T5077] BTRFS info (device loop0): auto enabling async discard
[pid 5077] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5077] write(5, "8", 1) = 1
[ 56.557765][ T28] audit: type=1800 audit(1700918465.890:3): pid=5077 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor168" name="bus" dev="loop0" ino=263 res=0 errno=0
[ 56.581849][ T5077] FAULT_INJECTION: forcing a failure.
[ 56.581849][ T5077] name failslab, interval 1, probability 0, space 0, times 0
[ 56.594838][ T5077] CPU: 1 PID: 5077 Comm: syz-executor168 Not tainted 6.7.0-rc2-syzkaller-00195-g0f5cc96c367f #0
[ 56.605269][ T5077] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 56.615333][ T5077] Call Trace:
[ 56.618626][ T5077]
[ 56.621570][ T5077] dump_stack_lvl+0x1e7/0x2d0
[ 56.626275][ T5077] ? nf_tcp_handle_invalid+0x650/0x650
[ 56.631760][ T5077] ? panic+0x850/0x850
[ 56.635863][ T5077] ? __might_sleep+0xe0/0xe0
[ 56.640489][ T5077] should_fail_ex+0x3aa/0x4e0
[ 56.645194][ T5077] ? btrfs_create_chunk+0x8f9/0x2fb0
[ 56.650502][ T5077] should_failslab+0x9/0x20
[ 56.655029][ T5077] __kmem_cache_alloc_node+0x6d/0x300
[ 56.660432][ T5077] ? btrfs_create_chunk+0x8f9/0x2fb0
[ 56.665737][ T5077] __kmalloc+0xa2/0x1a0
[ 56.669921][ T5077] btrfs_create_chunk+0x8f9/0x2fb0
[ 56.675097][ T5077] ? __lock_acquire+0x1fd0/0x1fd0
[ 56.680153][ T5077] ? remove_chunk_item+0x4f0/0x4f0
[ 56.685291][ T5077] ? _raw_spin_unlock+0x28/0x40
[ 56.690163][ T5077] ? btrfs_block_rsv_add+0xd0/0xe0
[ 56.695296][ T5077] ? reserve_chunk_space+0x20a/0x2b0
[ 56.700604][ T5077] btrfs_chunk_alloc+0x78f/0xfb0
[ 56.705577][ T5077] find_free_extent+0x2e10/0x5780
[ 56.710669][ T5077] ? __lock_acquire+0x1345/0x1fd0
[ 56.715717][ T5077] btrfs_reserve_extent+0x422/0x800
[ 56.720958][ T5077] ? btrfs_free_extent+0x450/0x450
[ 56.726112][ T5077] ? do_raw_read_unlock+0x3c/0x80
[ 56.731159][ T5077] btrfs_get_blocks_direct_write+0x7d0/0xf30
[ 56.737153][ T5077] ? btrfs_dio_iomap_end+0x260/0x260
[ 56.742436][ T5077] ? btrfs_cont_expand+0xce0/0xce0
[ 56.747538][ T5077] ? _raw_spin_unlock_irq+0x23/0x50
[ 56.752747][ T5077] btrfs_dio_iomap_begin+0xaee/0x10b0
[ 56.758123][ T5077] ? csum_exist_in_range+0x300/0x300
[ 56.763413][ T5077] ? csum_exist_in_range+0x300/0x300
[ 56.768692][ T5077] iomap_iter+0x677/0xee0
[ 56.773022][ T5077] ? blk_start_plug+0x6f/0x1b0
[ 56.777782][ T5077] __iomap_dio_rw+0xdcf/0x2330
[ 56.782579][ T5077] ? lockdep_hardirqs_on_prepare+0x43c/0x780
[ 56.788562][ T5077] ? btrfs_getxattr+0x190/0x1b0
[ 56.793409][ T5077] ? iomap_dio_deferred_complete+0x20/0x20
[ 56.799231][ T5077] ? __file_remove_privs+0x460/0x650
[ 56.804530][ T5077] ? inode_maybe_inc_iversion+0x1a3/0x1f0
[ 56.810253][ T5077] btrfs_dio_write+0xb6/0x100
[ 56.814926][ T5077] ? btrfs_dio_read+0x100/0x100
[ 56.819780][ T5077] btrfs_do_write_iter+0x7ac/0x1190
[ 56.824989][ T5077] ? btrfs_check_nocow_unlock+0x40/0x40
[ 56.830537][ T5077] do_iter_readv_writev+0x330/0x4a0
[ 56.835737][ T5077] ? generic_file_rw_checks+0x260/0x260
[ 56.841285][ T5077] ? fsnotify_perm+0x67/0x5a0
[ 56.845953][ T5077] ? bpf_lsm_file_permission+0x9/0x10
[ 56.851324][ T5077] do_iter_write+0x1f6/0x8d0
[ 56.855922][ T5077] do_pwritev+0x21a/0x360
[ 56.860255][ T5077] ? do_preadv+0x350/0x350
[ 56.864680][ T5077] ? do_notify_parent+0x10c0/0x10c0
[ 56.869873][ T5077] ? lockdep_hardirqs_on_prepare+0x43c/0x780
[ 56.875855][ T5077] ? print_irqtrace_events+0x220/0x220
[ 56.881309][ T5077] ? syscall_enter_from_user_mode+0xa4/0x2d0
[ 56.887294][ T5077] ? syscall_enter_from_user_mode+0xf5/0x2d0
[ 56.893270][ T5077] ? __x64_sys_pwritev2+0xbd/0x100
[ 56.898380][ T5077] do_syscall_64+0x45/0x110
[ 56.902898][ T5077] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 56.908814][ T5077] RIP: 0033:0x7f8c263a9329
[ 56.913226][ T5077] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 56.932822][ T5077] RSP: 002b:00007ffe7f0fdae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[ 56.941229][ T5077] RAX: ffffffffffffffda RBX: 00007ffe7f0fdb20 RCX: 00007f8c263a9329
[ 56.949194][ T5077] RDX: 000000000000000d RSI: 0000000020000240 RDI: 0000000000000004
[ 56.957155][ T5077] RBP: 0000000000000001 R08: 0000000000000408 R09: 0000000000000010
[ 56.965117][ T5077] R10: 0000000000001400 R11: 0000000000000246 R12: 00007ffe7f0fdb1c
[ 56.973080][ T5077] R13: 0000000000000001 R14: 431bde82d7b634db R15: 00007ffe7f0fdb60
[ 56.981071][ T5077]
[ 56.985031][ T5077] BTRFS error (device loop0: state A): Transaction aborted (error -12)
[ 56.997334][ T5077] BTRFS: error (device loop0: state A) in find_free_extent_update_loop:4188: errno=-12 Out of memory
[pid 5077] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=8388608}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}], 13, 5120, RWF_APPEND) = -1 ENOMEM (Cannot allocate memory)
[pid 5077] exit_group(0) = ?
[pid 5077] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5077, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=23 /* 0.23 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
[ 57.008544][ T5077] BTRFS info (device loop0: state EA): forced readonly
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555563fb6f0 /* 4 entries */, 32768) = 104
umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556403730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556403730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./1/bus") = 0
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/binderfs") = 0
getdents64(3, 0x5555563fb6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./1") = 0
mkdir("./2", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5094 attached
[pid 5094] set_robust_list(0x5555563fa660, 24) = 0
[pid 5094] chdir("./2"
[pid 5057] <... clone resumed>, child_tidptr=0x5555563fa650) = 5094
[pid 5094] <... chdir resumed>) = 0
[pid 5094] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5094] setpgid(0, 0) = 0
[pid 5094] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5094] write(3, "1000", 4) = 4
[pid 5094] close(3) = 0
[pid 5094] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5094] memfd_create("syzkaller", 0) = 3
[pid 5094] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8c1df6a000
[pid 5094] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5094] munmap(0x7f8c1df6a000, 138412032) = 0
[pid 5094] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5094] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5094] close(3) = 0
[pid 5094] mkdir("./bus", 0777) = 0
[ 57.466445][ T5094] loop0: detected capacity change from 0 to 32768
[ 57.490884][ T5094] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor168 (5094)
[ 57.506499][ T5094] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 57.515253][ T5094] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 57.526038][ T5094] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 57.536820][ T5094] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[ 57.547457][ T5094] BTRFS info (device loop0): trying to use backup root at mount time
[ 57.555529][ T5094] BTRFS info (device loop0): use zlib compression, level 3
[pid 5094] mount("/dev/loop0", "./bus", "btrfs", 0, "user_subvol_rm_allowed,noinode_cache,inode_cache,usebackuproot,compress,commit=0x0000000000000002,ss"...) = 0
[pid 5094] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5094] chdir("./bus") = 0
[pid 5094] ioctl(4, LOOP_CLR_FD) = 0
[pid 5094] close(4) = 0
[pid 5094] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4
[pid 5094] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5094] write(5, "8", 1) = 1
[ 57.563061][ T5094] BTRFS info (device loop0): enabling ssd optimizations
[ 57.570032][ T5094] BTRFS info (device loop0): using spread ssd allocation scheme
[ 57.577718][ T5094] BTRFS info (device loop0): using free space tree
[ 57.596005][ T5094] BTRFS info (device loop0): auto enabling async discard
[ 57.621188][ T28] audit: type=1800 audit(1700918466.960:4): pid=5094 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor168" name="bus" dev="loop0" ino=263 res=0 errno=0
[ 57.638829][ T5094] FAULT_INJECTION: forcing a failure.
[ 57.638829][ T5094] name failslab, interval 1, probability 0, space 0, times 0
[ 57.653844][ T5094] CPU: 1 PID: 5094 Comm: syz-executor168 Not tainted 6.7.0-rc2-syzkaller-00195-g0f5cc96c367f #0
[ 57.664276][ T5094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 57.674345][ T5094] Call Trace:
[ 57.677639][ T5094]
[ 57.680584][ T5094] dump_stack_lvl+0x1e7/0x2d0
[ 57.685288][ T5094] ? nf_tcp_handle_invalid+0x650/0x650
[ 57.690766][ T5094] ? panic+0x850/0x850
[ 57.694859][ T5094] ? __might_sleep+0xe0/0xe0
[ 57.699470][ T5094] should_fail_ex+0x3aa/0x4e0
[ 57.704160][ T5094] ? start_transaction+0x923/0x1780
[ 57.709360][ T5094] should_failslab+0x9/0x20
[ 57.713858][ T5094] kmem_cache_alloc+0x6d/0x2b0
[ 57.718638][ T5094] start_transaction+0x923/0x1780
[ 57.723680][ T5094] find_free_extent+0x2dcc/0x5780
[ 57.728734][ T5094] ? __lock_acquire+0x1345/0x1fd0
[ 57.733768][ T5094] btrfs_reserve_extent+0x422/0x800
[ 57.738978][ T5094] ? btrfs_free_extent+0x450/0x450
[ 57.744108][ T5094] ? do_raw_read_unlock+0x3c/0x80
[ 57.749148][ T5094] btrfs_get_blocks_direct_write+0x7d0/0xf30
[ 57.755148][ T5094] ? btrfs_dio_iomap_end+0x260/0x260
[ 57.760435][ T5094] ? btrfs_cont_expand+0xce0/0xce0
[ 57.765534][ T5094] ? _raw_spin_unlock_irq+0x23/0x50
[ 57.770740][ T5094] btrfs_dio_iomap_begin+0xaee/0x10b0
[ 57.776112][ T5094] ? csum_exist_in_range+0x300/0x300
[ 57.781398][ T5094] ? csum_exist_in_range+0x300/0x300
[ 57.786678][ T5094] iomap_iter+0x677/0xee0
[ 57.791005][ T5094] ? blk_start_plug+0x6f/0x1b0
[ 57.795760][ T5094] __iomap_dio_rw+0xdcf/0x2330
[ 57.800542][ T5094] ? lockdep_hardirqs_on_prepare+0x43c/0x780
[ 57.806518][ T5094] ? btrfs_getxattr+0x190/0x1b0
[ 57.811361][ T5094] ? iomap_dio_deferred_complete+0x20/0x20
[ 57.817177][ T5094] ? __file_remove_privs+0x460/0x650
[ 57.822470][ T5094] ? inode_maybe_inc_iversion+0x1a3/0x1f0
[ 57.828187][ T5094] btrfs_dio_write+0xb6/0x100
[ 57.832917][ T5094] ? btrfs_dio_read+0x100/0x100
[ 57.837787][ T5094] btrfs_do_write_iter+0x7ac/0x1190
[ 57.842995][ T5094] ? btrfs_check_nocow_unlock+0x40/0x40
[ 57.848541][ T5094] do_iter_readv_writev+0x330/0x4a0
[ 57.853739][ T5094] ? generic_file_rw_checks+0x260/0x260
[ 57.859286][ T5094] ? fsnotify_perm+0x67/0x5a0
[ 57.863958][ T5094] ? bpf_lsm_file_permission+0x9/0x10
[ 57.869333][ T5094] do_iter_write+0x1f6/0x8d0
[ 57.873940][ T5094] do_pwritev+0x21a/0x360
[ 57.878284][ T5094] ? do_preadv+0x350/0x350
[ 57.882707][ T5094] ? do_notify_parent+0x10c0/0x10c0
[ 57.887901][ T5094] ? lockdep_hardirqs_on_prepare+0x43c/0x780
[ 57.893881][ T5094] ? print_irqtrace_events+0x220/0x220
[ 57.899337][ T5094] ? syscall_enter_from_user_mode+0xa4/0x2d0
[ 57.905317][ T5094] ? syscall_enter_from_user_mode+0xf5/0x2d0
[ 57.911291][ T5094] ? __x64_sys_pwritev2+0xbd/0x100
[ 57.916397][ T5094] do_syscall_64+0x45/0x110
[ 57.920898][ T5094] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 57.926802][ T5094] RIP: 0033:0x7f8c263a9329
[ 57.931213][ T5094] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 57.950820][ T5094] RSP: 002b:00007ffe7f0fdae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[ 57.959237][ T5094] RAX: ffffffffffffffda RBX: 00007ffe7f0fdb20 RCX: 00007f8c263a9329
[pid 5094] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=8388608}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}], 13, 5120, RWF_APPEND) = -1 ENOMEM (Cannot allocate memory)
[pid 5094] exit_group(0) = ?
[pid 5094] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5094, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=23 /* 0.23 s */} ---
umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555563fb6f0 /* 4 entries */, 32768) = 104
[ 57.967202][ T5094] RDX: 000000000000000d RSI: 0000000020000240 RDI: 0000000000000004
[ 57.975169][ T5094] RBP: 0000000000000001 R08: 0000000000000408 R09: 0000000000000010
[ 57.983129][ T5094] R10: 0000000000001400 R11: 0000000000000246 R12: 00007ffe7f0fdb1c
[ 57.991089][ T5094] R13: 0000000000000002 R14: 431bde82d7b634db R15: 00007ffe7f0fdb60
[ 57.999066][ T5094]
umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556403730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556403730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./2/bus") = 0
umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./2/binderfs") = 0
getdents64(3, 0x5555563fb6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./2") = 0
mkdir("./3", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5111 attached
, child_tidptr=0x5555563fa650) = 5111
[pid 5111] set_robust_list(0x5555563fa660, 24) = 0
[pid 5111] chdir("./3") = 0
[pid 5111] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5111] setpgid(0, 0) = 0
[pid 5111] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5111] write(3, "1000", 4) = 4
[pid 5111] close(3) = 0
[pid 5111] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5111] memfd_create("syzkaller", 0) = 3
[pid 5111] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8c1df6a000
[pid 5111] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5111] munmap(0x7f8c1df6a000, 138412032) = 0
[pid 5111] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5111] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5111] close(3) = 0
[pid 5111] mkdir("./bus", 0777) = 0
[ 58.462052][ T5111] loop0: detected capacity change from 0 to 32768
[ 58.485437][ T5111] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor168 (5111)
[ 58.501903][ T5111] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 58.510683][ T5111] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 58.521504][ T5111] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 58.532316][ T5111] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[ 58.542976][ T5111] BTRFS info (device loop0): trying to use backup root at mount time
[ 58.551078][ T5111] BTRFS info (device loop0): use zlib compression, level 3
[pid 5111] mount("/dev/loop0", "./bus", "btrfs", 0, "user_subvol_rm_allowed,noinode_cache,inode_cache,usebackuproot,compress,commit=0x0000000000000002,ss"...) = 0
[pid 5111] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5111] chdir("./bus") = 0
[pid 5111] ioctl(4, LOOP_CLR_FD) = 0
[pid 5111] close(4) = 0
[ 58.558338][ T5111] BTRFS info (device loop0): enabling ssd optimizations
[ 58.565273][ T5111] BTRFS info (device loop0): using spread ssd allocation scheme
[ 58.572947][ T5111] BTRFS info (device loop0): using free space tree
[ 58.591241][ T5111] BTRFS info (device loop0): auto enabling async discard
[pid 5111] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4
[pid 5111] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5111] write(5, "8", 1) = 1
[ 58.625259][ T28] audit: type=1800 audit(1700918467.960:5): pid=5111 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor168" name="bus" dev="loop0" ino=263 res=0 errno=0
[ 58.652227][ T5111] FAULT_INJECTION: forcing a failure.
[ 58.652227][ T5111] name failslab, interval 1, probability 0, space 0, times 0
[ 58.665549][ T5111] CPU: 1 PID: 5111 Comm: syz-executor168 Not tainted 6.7.0-rc2-syzkaller-00195-g0f5cc96c367f #0
[ 58.675983][ T5111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 58.686052][ T5111] Call Trace:
[ 58.689344][ T5111]
[ 58.692289][ T5111] dump_stack_lvl+0x1e7/0x2d0
[ 58.696991][ T5111] ? nf_tcp_handle_invalid+0x650/0x650
[ 58.702474][ T5111] ? panic+0x850/0x850
[ 58.706570][ T5111] ? __might_sleep+0xe0/0xe0
[ 58.711194][ T5111] should_fail_ex+0x3aa/0x4e0
[ 58.715897][ T5111] ? btrfs_create_chunk+0x8f9/0x2fb0
[ 58.721203][ T5111] should_failslab+0x9/0x20
[ 58.725725][ T5111] __kmem_cache_alloc_node+0x6d/0x300
[ 58.731136][ T5111] ? btrfs_create_chunk+0x8f9/0x2fb0
[ 58.736440][ T5111] __kmalloc+0xa2/0x1a0
[ 58.740617][ T5111] btrfs_create_chunk+0x8f9/0x2fb0
[ 58.745804][ T5111] ? __lock_acquire+0x1fd0/0x1fd0
[ 58.750869][ T5111] ? remove_chunk_item+0x4f0/0x4f0
[ 58.756011][ T5111] ? _raw_spin_unlock+0x28/0x40
[ 58.760880][ T5111] ? btrfs_block_rsv_add+0xd0/0xe0
[ 58.766007][ T5111] ? reserve_chunk_space+0x20a/0x2b0
[ 58.771302][ T5111] btrfs_chunk_alloc+0x78f/0xfb0
[ 58.776246][ T5111] find_free_extent+0x2e10/0x5780
[ 58.781308][ T5111] ? __lock_acquire+0x1345/0x1fd0
[ 58.786330][ T5111] btrfs_reserve_extent+0x422/0x800
[ 58.791537][ T5111] ? btrfs_free_extent+0x450/0x450
[ 58.796660][ T5111] ? do_raw_read_unlock+0x3c/0x80
[ 58.801684][ T5111] btrfs_get_blocks_direct_write+0x7d0/0xf30
[ 58.807684][ T5111] ? btrfs_dio_iomap_end+0x260/0x260
[ 58.812976][ T5111] ? btrfs_cont_expand+0xce0/0xce0
[ 58.818078][ T5111] ? _raw_spin_unlock_irq+0x23/0x50
[ 58.823289][ T5111] btrfs_dio_iomap_begin+0xaee/0x10b0
[ 58.828667][ T5111] ? csum_exist_in_range+0x300/0x300
[ 58.833957][ T5111] ? csum_exist_in_range+0x300/0x300
[ 58.839234][ T5111] iomap_iter+0x677/0xee0
[ 58.843567][ T5111] ? blk_start_plug+0x6f/0x1b0
[ 58.848328][ T5111] __iomap_dio_rw+0xdcf/0x2330
[ 58.853114][ T5111] ? lockdep_hardirqs_on_prepare+0x43c/0x780
[ 58.859098][ T5111] ? btrfs_getxattr+0x190/0x1b0
[ 58.863941][ T5111] ? iomap_dio_deferred_complete+0x20/0x20
[ 58.869768][ T5111] ? __file_remove_privs+0x460/0x650
[ 58.875069][ T5111] ? inode_maybe_inc_iversion+0x1a3/0x1f0
[ 58.880792][ T5111] btrfs_dio_write+0xb6/0x100
[ 58.885464][ T5111] ? btrfs_dio_read+0x100/0x100
[ 58.890320][ T5111] btrfs_do_write_iter+0x7ac/0x1190
[ 58.895530][ T5111] ? btrfs_check_nocow_unlock+0x40/0x40
[ 58.901078][ T5111] do_iter_readv_writev+0x330/0x4a0
[ 58.906283][ T5111] ? generic_file_rw_checks+0x260/0x260
[ 58.911838][ T5111] ? fsnotify_perm+0x67/0x5a0
[ 58.916509][ T5111] ? bpf_lsm_file_permission+0x9/0x10
[ 58.921879][ T5111] do_iter_write+0x1f6/0x8d0
[ 58.926477][ T5111] do_pwritev+0x21a/0x360
[ 58.930811][ T5111] ? do_preadv+0x350/0x350
[ 58.935237][ T5111] ? do_notify_parent+0x10c0/0x10c0
[ 58.940430][ T5111] ? lockdep_hardirqs_on_prepare+0x43c/0x780
[ 58.946412][ T5111] ? print_irqtrace_events+0x220/0x220
[ 58.951867][ T5111] ? syscall_enter_from_user_mode+0xa4/0x2d0
[ 58.957860][ T5111] ? syscall_enter_from_user_mode+0xf5/0x2d0
[ 58.963843][ T5111] ? __x64_sys_pwritev2+0xbd/0x100
[ 58.968954][ T5111] do_syscall_64+0x45/0x110
[ 58.973453][ T5111] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 58.979344][ T5111] RIP: 0033:0x7f8c263a9329
[ 58.983755][ T5111] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 59.003351][ T5111] RSP: 002b:00007ffe7f0fdae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[ 59.011760][ T5111] RAX: ffffffffffffffda RBX: 00007ffe7f0fdb20 RCX: 00007f8c263a9329
[ 59.019724][ T5111] RDX: 000000000000000d RSI: 0000000020000240 RDI: 0000000000000004
[ 59.027692][ T5111] RBP: 0000000000000001 R08: 0000000000000408 R09: 0000000000000010
[ 59.035652][ T5111] R10: 0000000000001400 R11: 0000000000000246 R12: 00007ffe7f0fdb1c
[ 59.043616][ T5111] R13: 0000000000000003 R14: 431bde82d7b634db R15: 00007ffe7f0fdb60
[ 59.051591][ T5111]
[ 59.055212][ T5111] BTRFS error (device loop0: state A): Transaction aborted (error -12)
[ 59.063556][ T5111] BTRFS: error (device loop0: state A) in find_free_extent_update_loop:4188: errno=-12 Out of memory
[pid 5111] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=8388608}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}], 13, 5120, RWF_APPEND) = -1 ENOMEM (Cannot allocate memory)
[pid 5111] exit_group(0) = ?
[pid 5111] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5111, si_uid=0, si_status=0, si_utime=0, si_stime=27 /* 0.27 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[ 59.074464][ T5111] BTRFS info (device loop0: state EA): forced readonly
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555563fb6f0 /* 4 entries */, 32768) = 104
umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556403730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556403730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./3/bus") = 0
umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./3/binderfs") = 0
getdents64(3, 0x5555563fb6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./3") = 0
mkdir("./4", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5128 attached
, child_tidptr=0x5555563fa650) = 5128
[pid 5128] set_robust_list(0x5555563fa660, 24) = 0
[pid 5128] chdir("./4") = 0
[pid 5128] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5128] setpgid(0, 0) = 0
[pid 5128] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5128] write(3, "1000", 4) = 4
[pid 5128] close(3) = 0
[pid 5128] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5128] memfd_create("syzkaller", 0) = 3
[pid 5128] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8c1df6a000
[pid 5128] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5128] munmap(0x7f8c1df6a000, 138412032) = 0
[pid 5128] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5128] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5128] close(3) = 0
[pid 5128] mkdir("./bus", 0777) = 0
[ 59.556200][ T5128] loop0: detected capacity change from 0 to 32768
[ 59.570701][ T5128] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor168 (5128)
[ 59.585869][ T5128] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 59.594755][ T5128] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 59.605557][ T5128] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 59.616358][ T5128] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[ 59.626962][ T5128] BTRFS info (device loop0): trying to use backup root at mount time
[ 59.635074][ T5128] BTRFS info (device loop0): use zlib compression, level 3
[ 59.642302][ T5128] BTRFS info (device loop0): enabling ssd optimizations
[pid 5128] mount("/dev/loop0", "./bus", "btrfs", 0, "user_subvol_rm_allowed,noinode_cache,inode_cache,usebackuproot,compress,commit=0x0000000000000002,ss"...) = 0
[pid 5128] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5128] chdir("./bus") = 0
[pid 5128] ioctl(4, LOOP_CLR_FD) = 0
[pid 5128] close(4) = 0
[pid 5128] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4
[ 59.649253][ T5128] BTRFS info (device loop0): using spread ssd allocation scheme
[ 59.656881][ T5128] BTRFS info (device loop0): using free space tree
[ 59.685948][ T5128] BTRFS info (device loop0): auto enabling async discard
[pid 5128] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5128] write(5, "8", 1) = 1
[ 59.720705][ T28] audit: type=1800 audit(1700918469.060:6): pid=5128 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor168" name="bus" dev="loop0" ino=263 res=0 errno=0
[pid 5128] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=8388608}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}], 13, 5120, RWF_APPEND) = 8388608
[pid 5128] exit_group(0) = ?
[pid 5128] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5128, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=25 /* 0.25 s */} ---
umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555563fb6f0 /* 4 entries */, 32768) = 104
umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556403730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556403730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./4/bus") = 0
umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./4/binderfs") = 0
getdents64(3, 0x5555563fb6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./4") = 0
mkdir("./5", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5145 attached
, child_tidptr=0x5555563fa650) = 5145
[pid 5145] set_robust_list(0x5555563fa660, 24) = 0
[pid 5145] chdir("./5") = 0
[pid 5145] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5145] setpgid(0, 0) = 0
[pid 5145] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5145] write(3, "1000", 4) = 4
[pid 5145] close(3) = 0
[pid 5145] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5145] memfd_create("syzkaller", 0) = 3
[pid 5145] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8c1df6a000
[pid 5145] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5145] munmap(0x7f8c1df6a000, 138412032) = 0
[pid 5145] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5145] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5145] close(3) = 0
[pid 5145] mkdir("./bus", 0777) = 0
[ 60.298878][ T5145] loop0: detected capacity change from 0 to 32768
[ 60.322835][ T5145] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor168 (5145)
[ 60.338795][ T5145] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 60.347538][ T5145] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 60.358463][ T5145] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 60.369390][ T5145] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[ 60.380373][ T5145] BTRFS info (device loop0): trying to use backup root at mount time
[ 60.388570][ T5145] BTRFS info (device loop0): use zlib compression, level 3
[pid 5145] mount("/dev/loop0", "./bus", "btrfs", 0, "user_subvol_rm_allowed,noinode_cache,inode_cache,usebackuproot,compress,commit=0x0000000000000002,ss"...) = 0
[pid 5145] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5145] chdir("./bus") = 0
[pid 5145] ioctl(4, LOOP_CLR_FD) = 0
[pid 5145] close(4) = 0
[ 60.395766][ T5145] BTRFS info (device loop0): enabling ssd optimizations
[ 60.402745][ T5145] BTRFS info (device loop0): using spread ssd allocation scheme
[ 60.410396][ T5145] BTRFS info (device loop0): using free space tree
[ 60.429261][ T5145] BTRFS info (device loop0): auto enabling async discard
[pid 5145] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4
[pid 5145] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5145] write(5, "8", 1) = 1
[ 60.463368][ T28] audit: type=1800 audit(1700918469.800:7): pid=5145 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor168" name="bus" dev="loop0" ino=263 res=0 errno=0
[ 60.491695][ T5145] FAULT_INJECTION: forcing a failure.
[ 60.491695][ T5145] name failslab, interval 1, probability 0, space 0, times 0
[ 60.504483][ T5145] CPU: 1 PID: 5145 Comm: syz-executor168 Not tainted 6.7.0-rc2-syzkaller-00195-g0f5cc96c367f #0
[ 60.514910][ T5145] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 60.524976][ T5145] Call Trace:
[ 60.528267][ T5145]
[ 60.531211][ T5145] dump_stack_lvl+0x1e7/0x2d0
[ 60.535910][ T5145] ? nf_tcp_handle_invalid+0x650/0x650
[ 60.541386][ T5145] ? panic+0x850/0x850
[ 60.545474][ T5145] ? __might_sleep+0xe0/0xe0
[ 60.550087][ T5145] should_fail_ex+0x3aa/0x4e0
[ 60.554790][ T5145] ? start_transaction+0x923/0x1780
[ 60.560009][ T5145] should_failslab+0x9/0x20
[ 60.564524][ T5145] kmem_cache_alloc+0x6d/0x2b0
[ 60.569313][ T5145] start_transaction+0x923/0x1780
[ 60.574378][ T5145] find_free_extent+0x2dcc/0x5780
[ 60.579467][ T5145] ? __lock_acquire+0x1345/0x1fd0
[ 60.584515][ T5145] btrfs_reserve_extent+0x422/0x800
[ 60.589750][ T5145] ? btrfs_free_extent+0x450/0x450
[ 60.594900][ T5145] ? do_raw_read_unlock+0x3c/0x80
[ 60.599948][ T5145] btrfs_get_blocks_direct_write+0x7d0/0xf30
[ 60.605950][ T5145] ? btrfs_dio_iomap_end+0x260/0x260
[ 60.611227][ T5145] ? btrfs_cont_expand+0xce0/0xce0
[ 60.616321][ T5145] ? _raw_spin_unlock_irq+0x23/0x50
[ 60.621515][ T5145] btrfs_dio_iomap_begin+0xaee/0x10b0
[ 60.626884][ T5145] ? csum_exist_in_range+0x300/0x300
[ 60.632162][ T5145] ? csum_exist_in_range+0x300/0x300
[ 60.637438][ T5145] iomap_iter+0x677/0xee0
[ 60.641760][ T5145] ? blk_start_plug+0x6f/0x1b0
[ 60.646510][ T5145] __iomap_dio_rw+0xdcf/0x2330
[ 60.651297][ T5145] ? lockdep_hardirqs_on_prepare+0x43c/0x780
[ 60.657278][ T5145] ? btrfs_getxattr+0x190/0x1b0
[ 60.662126][ T5145] ? iomap_dio_deferred_complete+0x20/0x20
[ 60.667931][ T5145] ? __file_remove_privs+0x460/0x650
[ 60.673209][ T5145] ? inode_maybe_inc_iversion+0x1a3/0x1f0
[ 60.678917][ T5145] btrfs_dio_write+0xb6/0x100
[ 60.683582][ T5145] ? btrfs_dio_read+0x100/0x100
[ 60.688424][ T5145] btrfs_do_write_iter+0x7ac/0x1190
[ 60.693618][ T5145] ? btrfs_check_nocow_unlock+0x40/0x40
[ 60.699155][ T5145] do_iter_readv_writev+0x330/0x4a0
[ 60.704351][ T5145] ? generic_file_rw_checks+0x260/0x260
[ 60.709891][ T5145] ? fsnotify_perm+0x67/0x5a0
[ 60.714551][ T5145] ? bpf_lsm_file_permission+0x9/0x10
[ 60.719913][ T5145] do_iter_write+0x1f6/0x8d0
[ 60.724493][ T5145] do_pwritev+0x21a/0x360
[ 60.728813][ T5145] ? do_preadv+0x350/0x350
[ 60.733242][ T5145] ? do_notify_parent+0x10c0/0x10c0
[ 60.738430][ T5145] ? lockdep_hardirqs_on_prepare+0x43c/0x780
[ 60.744398][ T5145] ? print_irqtrace_events+0x220/0x220
[ 60.749856][ T5145] ? syscall_enter_from_user_mode+0xa4/0x2d0
[ 60.755840][ T5145] ? syscall_enter_from_user_mode+0xf5/0x2d0
[ 60.761812][ T5145] ? __x64_sys_pwritev2+0xbd/0x100
[ 60.766922][ T5145] do_syscall_64+0x45/0x110
[ 60.771419][ T5145] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 60.777306][ T5145] RIP: 0033:0x7f8c263a9329
[ 60.781713][ T5145] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 60.801305][ T5145] RSP: 002b:00007ffe7f0fdae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[pid 5145] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=8388608}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}], 13, 5120, RWF_APPEND) = -1 ENOMEM (Cannot allocate memory)
[pid 5145] exit_group(0) = ?
[pid 5145] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5145, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=24 /* 0.24 s */} ---
umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[ 60.809702][ T5145] RAX: ffffffffffffffda RBX: 00007ffe7f0fdb20 RCX: 00007f8c263a9329
[ 60.817657][ T5145] RDX: 000000000000000d RSI: 0000000020000240 RDI: 0000000000000004
[ 60.825615][ T5145] RBP: 0000000000000001 R08: 0000000000000408 R09: 0000000000000010
[ 60.833575][ T5145] R10: 0000000000001400 R11: 0000000000000246 R12: 00007ffe7f0fdb1c
[ 60.841530][ T5145] R13: 0000000000000005 R14: 431bde82d7b634db R15: 00007ffe7f0fdb60
[ 60.849512][ T5145]
getdents64(3, 0x5555563fb6f0 /* 4 entries */, 32768) = 104
umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556403730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556403730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./5/bus") = 0
umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./5/binderfs") = 0
getdents64(3, 0x5555563fb6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./5") = 0
mkdir("./6", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5162 attached
[pid 5162] set_robust_list(0x5555563fa660, 24) = 0
[pid 5162] chdir("./6") = 0
[pid 5057] <... clone resumed>, child_tidptr=0x5555563fa650) = 5162
[pid 5162] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5162] setpgid(0, 0) = 0
[pid 5162] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5162] write(3, "1000", 4) = 4
[pid 5162] close(3) = 0
[pid 5162] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5162] memfd_create("syzkaller", 0) = 3
[pid 5162] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8c1df6a000
[pid 5162] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5162] munmap(0x7f8c1df6a000, 138412032) = 0
[pid 5162] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5162] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5162] close(3) = 0
[pid 5162] mkdir("./bus", 0777) = 0
[ 61.339071][ T5162] loop0: detected capacity change from 0 to 32768
[ 61.353510][ T5162] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor168 (5162)
[ 61.368373][ T5162] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 61.377077][ T5162] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 61.387941][ T5162] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 61.398753][ T5162] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[ 61.409405][ T5162] BTRFS info (device loop0): trying to use backup root at mount time
[ 61.417562][ T5162] BTRFS info (device loop0): use zlib compression, level 3
[ 61.424748][ T5162] BTRFS info (device loop0): enabling ssd optimizations
[ 61.431752][ T5162] BTRFS info (device loop0): using spread ssd allocation scheme
[pid 5162] mount("/dev/loop0", "./bus", "btrfs", 0, "user_subvol_rm_allowed,noinode_cache,inode_cache,usebackuproot,compress,commit=0x0000000000000002,ss"...) = 0
[pid 5162] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5162] chdir("./bus") = 0
[pid 5162] ioctl(4, LOOP_CLR_FD) = 0
[pid 5162] close(4) = 0
[ 61.439426][ T5162] BTRFS info (device loop0): using free space tree
[ 61.457633][ T5162] BTRFS info (device loop0): auto enabling async discard
[pid 5162] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4
[pid 5162] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5162] write(5, "8", 1) = 1
[ 61.503777][ T28] audit: type=1800 audit(1700918470.840:8): pid=5162 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor168" name="bus" dev="loop0" ino=263 res=0 errno=0
[ 61.526483][ T5162] FAULT_INJECTION: forcing a failure.
[ 61.526483][ T5162] name failslab, interval 1, probability 0, space 0, times 0
[ 61.539800][ T5162] CPU: 0 PID: 5162 Comm: syz-executor168 Not tainted 6.7.0-rc2-syzkaller-00195-g0f5cc96c367f #0
[ 61.550233][ T5162] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 61.560300][ T5162] Call Trace:
[ 61.563590][ T5162]
[ 61.566534][ T5162] dump_stack_lvl+0x1e7/0x2d0
[ 61.571234][ T5162] ? nf_tcp_handle_invalid+0x650/0x650
[ 61.576711][ T5162] ? panic+0x850/0x850
[ 61.580814][ T5162] should_fail_ex+0x3aa/0x4e0
[ 61.585515][ T5162] ? alloc_extent_map+0x21/0x130
[ 61.590465][ T5162] should_failslab+0x9/0x20
[ 61.594980][ T5162] kmem_cache_alloc+0x6d/0x2b0
[ 61.599762][ T5162] alloc_extent_map+0x21/0x130
[ 61.604526][ T5162] create_io_em+0x45/0x280
[ 61.608953][ T5162] btrfs_create_dio_extent+0x7a/0x180
[ 61.614320][ T5162] btrfs_get_blocks_direct_write+0x961/0xf30
[ 61.620305][ T5162] ? btrfs_dio_iomap_end+0x260/0x260
[ 61.625587][ T5162] ? btrfs_cont_expand+0xce0/0xce0
[ 61.630684][ T5162] ? _raw_spin_unlock_irq+0x23/0x50
[ 61.635888][ T5162] btrfs_dio_iomap_begin+0xaee/0x10b0
[ 61.641260][ T5162] ? csum_exist_in_range+0x300/0x300
[ 61.646549][ T5162] ? csum_exist_in_range+0x300/0x300
[ 61.651828][ T5162] iomap_iter+0x677/0xee0
[ 61.656158][ T5162] ? blk_start_plug+0x6f/0x1b0
[ 61.660913][ T5162] __iomap_dio_rw+0xdcf/0x2330
[ 61.665691][ T5162] ? lockdep_hardirqs_on_prepare+0x43c/0x780
[ 61.671668][ T5162] ? btrfs_getxattr+0x190/0x1b0
[ 61.676508][ T5162] ? iomap_dio_deferred_complete+0x20/0x20
[ 61.682324][ T5162] ? __file_remove_privs+0x460/0x650
[ 61.687609][ T5162] ? inode_maybe_inc_iversion+0x1a3/0x1f0
[ 61.693324][ T5162] btrfs_dio_write+0xb6/0x100
[ 61.697994][ T5162] ? btrfs_dio_read+0x100/0x100
[ 61.702841][ T5162] btrfs_do_write_iter+0x7ac/0x1190
[ 61.708220][ T5162] ? btrfs_check_nocow_unlock+0x40/0x40
[ 61.713765][ T5162] do_iter_readv_writev+0x330/0x4a0
[ 61.718963][ T5162] ? generic_file_rw_checks+0x260/0x260
[ 61.724515][ T5162] ? fsnotify_perm+0x67/0x5a0
[ 61.729195][ T5162] ? bpf_lsm_file_permission+0x9/0x10
[ 61.734565][ T5162] do_iter_write+0x1f6/0x8d0
[ 61.739161][ T5162] do_pwritev+0x21a/0x360
[ 61.743487][ T5162] ? do_preadv+0x350/0x350
[ 61.747907][ T5162] ? do_notify_parent+0x10c0/0x10c0
[ 61.753097][ T5162] ? lockdep_hardirqs_on_prepare+0x43c/0x780
[ 61.759079][ T5162] ? print_irqtrace_events+0x220/0x220
[ 61.764530][ T5162] ? syscall_enter_from_user_mode+0xa4/0x2d0
[ 61.770520][ T5162] ? syscall_enter_from_user_mode+0xf5/0x2d0
[ 61.776493][ T5162] ? __x64_sys_pwritev2+0xbd/0x100
[ 61.781606][ T5162] do_syscall_64+0x45/0x110
[ 61.786103][ T5162] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 61.791993][ T5162] RIP: 0033:0x7f8c263a9329
[ 61.796398][ T5162] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 61.815990][ T5162] RSP: 002b:00007ffe7f0fdae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[ 61.824394][ T5162] RAX: ffffffffffffffda RBX: 00007ffe7f0fdb20 RCX: 00007f8c263a9329
[ 61.832361][ T5162] RDX: 000000000000000d RSI: 0000000020000240 RDI: 0000000000000004
[ 61.840320][ T5162] RBP: 0000000000000001 R08: 0000000000000408 R09: 0000000000000010
[ 61.848282][ T5162] R10: 0000000000001400 R11: 0000000000000246 R12: 00007ffe7f0fdb1c
[ 61.856242][ T5162] R13: 0000000000000006 R14: 431bde82d7b634db R15: 00007ffe7f0fdb60
[ 61.864216][ T5162]
[ 61.869879][ T5162] ------------[ cut here ]------------
[ 61.875564][ T5162] WARNING: CPU: 0 PID: 5162 at fs/btrfs/space-info.h:199 btrfs_free_reserved_data_space_noquota+0x2c1/0x4d0
[ 61.887126][ T5162] Modules linked in:
[ 61.891091][ T5162] CPU: 0 PID: 5162 Comm: syz-executor168 Not tainted 6.7.0-rc2-syzkaller-00195-g0f5cc96c367f #0
[ 61.901584][ T5162] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 61.911707][ T5162] RIP: 0010:btrfs_free_reserved_data_space_noquota+0x2c1/0x4d0
[ 61.919472][ T5162] Code: 00 00 74 08 4c 89 ff e8 ad 92 32 fe 4d 8b 27 4c 89 e7 48 8b 5c 24 18 48 89 de e8 0a 8d d6 fd 49 39 dc 73 15 e8 f0 8a d6 fd 90 <0f> 0b 90 31 db 41 80 7c 2d 00 00 75 89 eb 8f e8 db 8a d6 fd 41 80
[ 61.939141][ T5162] RSP: 0018:ffffc90004377368 EFLAGS: 00010293
[ 61.945217][ T5162] RAX: ffffffff83b7ee90 RBX: 0000000000800000 RCX: ffff88807e91bb80
[ 61.953220][ T5162] RDX: 0000000000000000 RSI: 0000000000800000 RDI: 000000000067d000
[ 61.961255][ T5162] RBP: dffffc0000000000 R08: ffffffff83b7ee86 R09: 1ffffffff1e0186d
[ 61.969271][ T5162] R10: dffffc0000000000 R11: fffffbfff1e0186e R12: 000000000067d000
[ 61.977295][ T5162] R13: 1ffff11004132c0c R14: ffff88807f0e8000 R15: ffff888020996060
[ 61.985257][ T5162] FS: 00005555563fa380(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[ 61.994214][ T5162] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 62.000863][ T5162] CR2: 00007f8c264260f8 CR3: 00000000270db000 CR4: 00000000003506f0
[ 62.008872][ T5162] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 62.016858][ T5162] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 62.024910][ T5162] Call Trace:
[ 62.028244][ T5162]
[ 62.031180][ T5162] ? __warn+0x162/0x4b0
[ 62.035337][ T5162] ? btrfs_free_reserved_data_space_noquota+0x2c1/0x4d0
[ 62.042353][ T5162] ? report_bug+0x2b3/0x500
[ 62.046877][ T5162] ? btrfs_free_reserved_data_space_noquota+0x2c1/0x4d0
[ 62.053865][ T5162] ? handle_bug+0x3e/0x60
[ 62.058232][ T5162] ? exc_invalid_op+0x1a/0x50
[ 62.062893][ T5162] ? asm_exc_invalid_op+0x1a/0x20
[ 62.067952][ T5162] ? btrfs_free_reserved_data_space_noquota+0x2b6/0x4d0
[ 62.074892][ T5162] ? btrfs_free_reserved_data_space_noquota+0x2c0/0x4d0
[ 62.081910][ T5162] ? btrfs_free_reserved_data_space_noquota+0x2c1/0x4d0
[ 62.088914][ T5162] ? btrfs_free_reserved_data_space_noquota+0x2c0/0x4d0
[ 62.095846][ T5162] btrfs_free_reserved_data_space+0xa2/0xe0
[ 62.101791][ T5162] btrfs_dio_iomap_begin+0x908/0x10b0
[ 62.107178][ T5162] ? csum_exist_in_range+0x300/0x300
[ 62.112518][ T5162] ? csum_exist_in_range+0x300/0x300
[ 62.117848][ T5162] iomap_iter+0x677/0xee0
[ 62.122189][ T5162] ? blk_start_plug+0x6f/0x1b0
[ 62.126942][ T5162] __iomap_dio_rw+0xdcf/0x2330
[ 62.131768][ T5162] ? lockdep_hardirqs_on_prepare+0x43c/0x780
[ 62.137829][ T5162] ? btrfs_getxattr+0x190/0x1b0
[ 62.142673][ T5162] ? iomap_dio_deferred_complete+0x20/0x20
[ 62.148526][ T5162] ? __file_remove_privs+0x460/0x650
[ 62.153829][ T5162] ? inode_maybe_inc_iversion+0x1a3/0x1f0
[ 62.159599][ T5162] btrfs_dio_write+0xb6/0x100
[ 62.164283][ T5162] ? btrfs_dio_read+0x100/0x100
[ 62.169194][ T5162] btrfs_do_write_iter+0x7ac/0x1190
[ 62.174454][ T5162] ? btrfs_check_nocow_unlock+0x40/0x40
[ 62.180050][ T5162] do_iter_readv_writev+0x330/0x4a0
[ 62.185247][ T5162] ? generic_file_rw_checks+0x260/0x260
[ 62.190836][ T5162] ? fsnotify_perm+0x67/0x5a0
[ 62.195516][ T5162] ? bpf_lsm_file_permission+0x9/0x10
[ 62.200962][ T5162] do_iter_write+0x1f6/0x8d0
[ 62.205571][ T5162] do_pwritev+0x21a/0x360
[ 62.209935][ T5162] ? do_preadv+0x350/0x350
[ 62.214368][ T5162] ? do_notify_parent+0x10c0/0x10c0
[ 62.219692][ T5162] ? lockdep_hardirqs_on_prepare+0x43c/0x780
[ 62.225696][ T5162] ? print_irqtrace_events+0x220/0x220
[ 62.231208][ T5162] ? syscall_enter_from_user_mode+0xa4/0x2d0
[ 62.237265][ T5162] ? syscall_enter_from_user_mode+0xf5/0x2d0
[ 62.243259][ T5162] ? __x64_sys_pwritev2+0xbd/0x100
[ 62.248413][ T5162] do_syscall_64+0x45/0x110
[ 62.252926][ T5162] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 62.258875][ T5162] RIP: 0033:0x7f8c263a9329
[ 62.263295][ T5162] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 62.282979][ T5162] RSP: 002b:00007ffe7f0fdae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[ 62.291449][ T5162] RAX: ffffffffffffffda RBX: 00007ffe7f0fdb20 RCX: 00007f8c263a9329
[ 62.299479][ T5162] RDX: 000000000000000d RSI: 0000000020000240 RDI: 0000000000000004
[ 62.307505][ T5162] RBP: 0000000000000001 R08: 0000000000000408 R09: 0000000000000010
[ 62.315500][ T5162] R10: 0000000000001400 R11: 0000000000000246 R12: 00007ffe7f0fdb1c
[ 62.323547][ T5162] R13: 0000000000000006 R14: 431bde82d7b634db R15: 00007ffe7f0fdb60
[ 62.331556][ T5162]
[ 62.334568][ T5162] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 62.341829][ T5162] CPU: 0 PID: 5162 Comm: syz-executor168 Not tainted 6.7.0-rc2-syzkaller-00195-g0f5cc96c367f #0
[ 62.352219][ T5162] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 62.362257][ T5162] Call Trace:
[ 62.365533][ T5162]
[ 62.368450][ T5162] dump_stack_lvl+0x1e7/0x2d0
[ 62.373118][ T5162] ? nf_tcp_handle_invalid+0x650/0x650
[ 62.378562][ T5162] ? panic+0x850/0x850
[ 62.382621][ T5162] ? vscnprintf+0x5d/0x80
[ 62.386935][ T5162] panic+0x349/0x850
[ 62.390818][ T5162] ? __warn+0x171/0x4b0
[ 62.394970][ T5162] ? __memcpy_flushcache+0x2b0/0x2b0
[ 62.400270][ T5162] __warn+0x318/0x4b0
[ 62.404234][ T5162] ? btrfs_free_reserved_data_space_noquota+0x2c1/0x4d0
[ 62.411503][ T5162] report_bug+0x2b3/0x500
[ 62.415842][ T5162] ? btrfs_free_reserved_data_space_noquota+0x2c1/0x4d0
[ 62.422764][ T5162] handle_bug+0x3e/0x60
[ 62.426903][ T5162] exc_invalid_op+0x1a/0x50
[ 62.431390][ T5162] asm_exc_invalid_op+0x1a/0x20
[ 62.436235][ T5162] RIP: 0010:btrfs_free_reserved_data_space_noquota+0x2c1/0x4d0
[ 62.443774][ T5162] Code: 00 00 74 08 4c 89 ff e8 ad 92 32 fe 4d 8b 27 4c 89 e7 48 8b 5c 24 18 48 89 de e8 0a 8d d6 fd 49 39 dc 73 15 e8 f0 8a d6 fd 90 <0f> 0b 90 31 db 41 80 7c 2d 00 00 75 89 eb 8f e8 db 8a d6 fd 41 80
[ 62.463370][ T5162] RSP: 0018:ffffc90004377368 EFLAGS: 00010293
[ 62.469430][ T5162] RAX: ffffffff83b7ee90 RBX: 0000000000800000 RCX: ffff88807e91bb80
[ 62.477399][ T5162] RDX: 0000000000000000 RSI: 0000000000800000 RDI: 000000000067d000
[ 62.485365][ T5162] RBP: dffffc0000000000 R08: ffffffff83b7ee86 R09: 1ffffffff1e0186d
[ 62.493338][ T5162] R10: dffffc0000000000 R11: fffffbfff1e0186e R12: 000000000067d000
[ 62.501303][ T5162] R13: 1ffff11004132c0c R14: ffff88807f0e8000 R15: ffff888020996060
[ 62.509275][ T5162] ? btrfs_free_reserved_data_space_noquota+0x2b6/0x4d0
[ 62.516200][ T5162] ? btrfs_free_reserved_data_space_noquota+0x2c0/0x4d0
[ 62.523131][ T5162] ? btrfs_free_reserved_data_space_noquota+0x2c0/0x4d0
[ 62.530060][ T5162] btrfs_free_reserved_data_space+0xa2/0xe0
[ 62.535962][ T5162] btrfs_dio_iomap_begin+0x908/0x10b0
[ 62.541344][ T5162] ? csum_exist_in_range+0x300/0x300
[ 62.546632][ T5162] ? csum_exist_in_range+0x300/0x300
[ 62.551909][ T5162] iomap_iter+0x677/0xee0
[ 62.556238][ T5162] ? blk_start_plug+0x6f/0x1b0
[ 62.560993][ T5162] __iomap_dio_rw+0xdcf/0x2330
[ 62.565776][ T5162] ? lockdep_hardirqs_on_prepare+0x43c/0x780
[ 62.571749][ T5162] ? btrfs_getxattr+0x190/0x1b0
[ 62.576588][ T5162] ? iomap_dio_deferred_complete+0x20/0x20
[ 62.582404][ T5162] ? __file_remove_privs+0x460/0x650
[ 62.587690][ T5162] ? inode_maybe_inc_iversion+0x1a3/0x1f0
[ 62.593402][ T5162] btrfs_dio_write+0xb6/0x100
[ 62.598078][ T5162] ? btrfs_dio_read+0x100/0x100
[ 62.602926][ T5162] btrfs_do_write_iter+0x7ac/0x1190
[ 62.608131][ T5162] ? btrfs_check_nocow_unlock+0x40/0x40
[ 62.613677][ T5162] do_iter_readv_writev+0x330/0x4a0
[ 62.618878][ T5162] ? generic_file_rw_checks+0x260/0x260
[ 62.624423][ T5162] ? fsnotify_perm+0x67/0x5a0
[ 62.629091][ T5162] ? bpf_lsm_file_permission+0x9/0x10
[ 62.634456][ T5162] do_iter_write+0x1f6/0x8d0
[ 62.639054][ T5162] do_pwritev+0x21a/0x360
[ 62.643382][ T5162] ? do_preadv+0x350/0x350
[ 62.647800][ T5162] ? do_notify_parent+0x10c0/0x10c0
[ 62.652993][ T5162] ? lockdep_hardirqs_on_prepare+0x43c/0x780
[ 62.658974][ T5162] ? print_irqtrace_events+0x220/0x220
[ 62.664434][ T5162] ? syscall_enter_from_user_mode+0xa4/0x2d0
[ 62.670424][ T5162] ? syscall_enter_from_user_mode+0xf5/0x2d0
[ 62.676402][ T5162] ? __x64_sys_pwritev2+0xbd/0x100
[ 62.681535][ T5162] do_syscall_64+0x45/0x110
[ 62.686053][ T5162] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 62.691952][ T5162] RIP: 0033:0x7f8c263a9329
[ 62.696423][ T5162] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 62.716027][ T5162] RSP: 002b:00007ffe7f0fdae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[ 62.724436][ T5162] RAX: ffffffffffffffda RBX: 00007ffe7f0fdb20 RCX: 00007f8c263a9329
[ 62.732409][ T5162] RDX: 000000000000000d RSI: 0000000020000240 RDI: 0000000000000004
[ 62.740371][ T5162] RBP: 0000000000000001 R08: 0000000000000408 R09: 0000000000000010
[ 62.748334][ T5162] R10: 0000000000001400 R11: 0000000000000246 R12: 00007ffe7f0fdb1c
[ 62.756294][ T5162] R13: 0000000000000006 R14: 431bde82d7b634db R15: 00007ffe7f0fdb60
[ 62.764270][ T5162]
[ 62.767445][ T5162] Kernel Offset: disabled
[ 62.771867][ T5162] Rebooting in 86400 seconds..