./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1487775708
<...>
Warning: Permanently added '10.128.0.104' (ED25519) to the list of known hosts.
execve("./syz-executor1487775708", ["./syz-executor1487775708"], 0x7fffe7e7db20 /* 10 vars */) = 0
brk(NULL) = 0x555555590000
brk(0x555555590d00) = 0x555555590d00
arch_prctl(ARCH_SET_FS, 0x555555590380) = 0
set_tid_address(0x555555590650) = 5017
set_robust_list(0x555555590660, 24) = 0
rseq(0x555555590ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor1487775708", 4096) = 28
getrandom("\x87\x69\xef\x1c\x31\x4c\xcf\xbf", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x555555590d00
brk(0x5555555b1d00) = 0x5555555b1d00
brk(0x5555555b2000) = 0x5555555b2000
mprotect(0x7f982b444000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
mkdir("./syzkaller.Meo7rX", 0700) = 0
chmod("./syzkaller.Meo7rX", 0777) = 0
chdir("./syzkaller.Meo7rX") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555590650) = 5018
./strace-static-x86_64: Process 5018 attached
[pid 5018] set_robust_list(0x555555590660, 24) = 0
[pid 5018] chdir("./0") = 0
[pid 5018] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5018] setpgid(0, 0) = 0
[pid 5018] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5018] write(3, "1000", 4) = 4
[pid 5018] close(3) = 0
[pid 5018] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5018] memfd_create("syzkaller", 0) = 3
[pid 5018] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9822f8c000
[ 65.450709][ T5018] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5018 'syz-executor148'
[pid 5018] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5018] munmap(0x7f9822f8c000, 16777216) = 0
[pid 5018] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5018] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5018] close(3) = 0
[pid 5018] mkdir("./file0", 0777) = 0
[ 65.643062][ T5018] loop0: detected capacity change from 0 to 32768
[ 65.656518][ T5018] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz-executor148 (5018)
[ 65.678230][ T5018] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[pid 5018] mount("/dev/loop0", "./file0", "btrfs", MS_NODEV, "enospc_debug,nodatacow,subvolid=0x0000000000000005,nodatacow,") = 0
[pid 5018] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5018] chdir("./file0") = 0
[pid 5018] ioctl(4, LOOP_CLR_FD) = 0
[pid 5018] close(4) = 0
[pid 5018] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 65.687146][ T5018] BTRFS info (device loop0): setting nodatacow, compression disabled
[ 65.695399][ T5018] BTRFS info (device loop0): using free space tree
[ 65.719070][ T5018] BTRFS info (device loop0): enabling ssd optimizations
[ 65.726201][ T5018] BTRFS info (device loop0): auto enabling async discard
[pid 5018] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 5018] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[pid 5018] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 5018] write(6, "10", 2) = 2
[ 65.819612][ T5018] FAULT_INJECTION: forcing a failure.
[ 65.819612][ T5018] name failslab, interval 1, probability 0, space 0, times 1
[ 65.826368][ T41] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 65.832611][ T5018] CPU: 0 PID: 5018 Comm: syz-executor148 Not tainted 6.5.0-rc1-syzkaller-00033-geb26cbb1a754 #0
[ 65.851901][ T5018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023
[ 65.861993][ T5018] Call Trace:
[ 65.865321][ T5018]
[ 65.868374][ T5018] dump_stack_lvl+0x1e7/0x2d0
[ 65.873191][ T5018] ? nf_tcp_handle_invalid+0x650/0x650
[ 65.878722][ T5018] ? panic+0x770/0x770
[ 65.882853][ T5018] should_fail_ex+0x3aa/0x4e0
[ 65.887577][ T5018] should_failslab+0x9/0x20
[ 65.892117][ T5018] slab_pre_alloc_hook+0x59/0x2b0
[ 65.897194][ T5018] kmem_cache_alloc+0x52/0x300
[ 65.902024][ T5018] ? alloc_extent_map+0x21/0x130
[ 65.907014][ T5018] alloc_extent_map+0x21/0x130
[ 65.911837][ T5018] btrfs_get_extent+0x2a4/0x15f0
[ 65.916838][ T5018] ? btrfs_cont_expand+0xcd0/0xcd0
[ 65.922008][ T5018] ? mark_lock+0x9a/0x340
[ 65.926539][ T5018] btrfs_zero_range+0x1ad/0x1310
[ 65.931557][ T5018] ? print_irqtrace_events+0x220/0x220
[ 65.937077][ T5018] ? hole_mergeable+0x440/0x440
[ 65.941975][ T5018] ? btrfs_lookup_first_ordered_extent+0x4ea/0x680
[ 65.948530][ T5018] ? btrfs_wait_ordered_range+0x241/0x260
[ 65.954387][ T5018] btrfs_fallocate+0xbb5/0x1f90
[ 65.959399][ T5018] ? btrfs_file_open+0xf0/0xf0
[ 65.964215][ T5018] ? read_lock_is_recursive+0x20/0x20
[ 65.969650][ T5018] ? rcu_read_lock_any_held+0xb7/0x160
[ 65.975168][ T5018] ? rcu_read_lock_bh_held+0x120/0x120
[ 65.980689][ T5018] ? __lock_acquire+0x7f70/0x7f70
[ 65.985789][ T5018] vfs_fallocate+0x551/0x6b0
[ 65.990435][ T5018] do_vfs_ioctl+0x22cb/0x2b30
[ 65.995167][ T5018] ? __x64_compat_sys_ioctl+0x90/0x90
[ 66.000602][ T5018] ? __kmem_cache_free+0x25f/0x3b0
[ 66.005773][ T5018] ? tomoyo_path_number_perm+0x663/0x840
[ 66.011454][ T5018] ? tomoyo_path_number_perm+0x6e4/0x840
[ 66.017108][ T5018] ? smack_log+0x123/0x540
[ 66.021545][ T5018] ? tomoyo_check_path_acl+0x1c0/0x1c0
[ 66.027031][ T5018] ? smk_access+0x4b0/0x4b0
[ 66.031581][ T5018] ? _raw_spin_lock_irqsave+0x120/0x120
[ 66.037165][ T5018] ? smk_access+0x477/0x4b0
[ 66.041728][ T5018] ? smk_tskacc+0x2ff/0x360
[ 66.046284][ T5018] ? smack_file_ioctl+0x2a1/0x3a0
[ 66.051337][ T5018] ? smack_file_alloc_security+0xe0/0xe0
[ 66.056982][ T5018] ? do_notify_parent+0xf50/0xf50
[ 66.062017][ T5018] ? print_irqtrace_events+0x220/0x220
[ 66.067491][ T5018] ? bpf_lsm_file_ioctl+0x9/0x10
[ 66.072452][ T5018] ? security_file_ioctl+0x81/0xa0
[ 66.077690][ T5018] __se_sys_ioctl+0x81/0x170
[ 66.082298][ T5018] do_syscall_64+0x41/0xc0
[ 66.086750][ T5018] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 66.092697][ T5018] RIP: 0033:0x7f982b3cb329
[ 66.097136][ T5018] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[pid 5018] ioctl(5, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOMEM (Cannot allocate memory)
[pid 5018] exit_group(0) = ?
[pid 5018] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5018, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=28 /* 0.28 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555555916f0 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/binderfs") = 0
[ 66.116767][ T5018] RSP: 002b:00007ffd4055bb28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 66.125252][ T5018] RAX: ffffffffffffffda RBX: 00007ffd4055bb50 RCX: 00007f982b3cb329
[ 66.133257][ T5018] RDX: 0000000020000000 RSI: 0000000040305839 RDI: 0000000000000005
[ 66.141275][ T5018] RBP: 0000000000000002 R08: 00007ffd4055b8c6 R09: 00007ffd4055bb70
[ 66.149283][ T5018] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001
[ 66.157262][ T5018] R13: 0000000000000000 R14: 431bde82d7b634db R15: 00007ffd4055bb90
[ 66.165272][ T5018]
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555599730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555599730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./0/file0") = 0
getdents64(3, 0x5555555916f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./0") = 0
mkdir("./1", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555590650) = 5041
./strace-static-x86_64: Process 5041 attached
[pid 5041] set_robust_list(0x555555590660, 24) = 0
[pid 5041] chdir("./1") = 0
[pid 5041] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5041] setpgid(0, 0) = 0
[pid 5041] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5041] write(3, "1000", 4) = 4
[pid 5041] close(3) = 0
[pid 5041] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5041] memfd_create("syzkaller", 0) = 3
[pid 5041] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9822f8c000
[pid 5041] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5041] munmap(0x7f9822f8c000, 16777216) = 0
[pid 5041] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5041] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5041] close(3) = 0
[pid 5041] mkdir("./file0", 0777) = 0
[ 66.533054][ T5041] loop0: detected capacity change from 0 to 32768
[ 66.545023][ T5041] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz-executor148 (5041)
[ 66.562841][ T5041] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 66.571837][ T5041] BTRFS info (device loop0): setting nodatacow, compression disabled
[pid 5041] mount("/dev/loop0", "./file0", "btrfs", MS_NODEV, "enospc_debug,nodatacow,subvolid=0x0000000000000005,nodatacow,") = 0
[pid 5041] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5041] chdir("./file0") = 0
[pid 5041] ioctl(4, LOOP_CLR_FD) = 0
[pid 5041] close(4) = 0
[pid 5041] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 66.579990][ T5041] BTRFS info (device loop0): using free space tree
[ 66.600865][ T5041] BTRFS info (device loop0): enabling ssd optimizations
[ 66.608150][ T5041] BTRFS info (device loop0): auto enabling async discard
[pid 5041] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 5041] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[pid 5041] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 5041] write(6, "10", 2) = 2
[ 66.681179][ T5041] FAULT_INJECTION: forcing a failure.
[ 66.681179][ T5041] name failslab, interval 1, probability 0, space 0, times 0
[ 66.685675][ T57] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 66.694267][ T5041] CPU: 0 PID: 5041 Comm: syz-executor148 Not tainted 6.5.0-rc1-syzkaller-00033-geb26cbb1a754 #0
[ 66.713420][ T5041] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023
[ 66.723511][ T5041] Call Trace:
[ 66.726822][ T5041]
[ 66.729785][ T5041] dump_stack_lvl+0x1e7/0x2d0
[ 66.734520][ T5041] ? nf_tcp_handle_invalid+0x650/0x650
[ 66.740038][ T5041] ? panic+0x770/0x770
[ 66.744170][ T5041] should_fail_ex+0x3aa/0x4e0
[ 66.748899][ T5041] should_failslab+0x9/0x20
[ 66.753440][ T5041] slab_pre_alloc_hook+0x59/0x2b0
[ 66.758505][ T5041] kmem_cache_alloc+0x52/0x300
[ 66.763315][ T5041] ? alloc_extent_map+0x21/0x130
[ 66.768368][ T5041] alloc_extent_map+0x21/0x130
[ 66.773205][ T5041] btrfs_get_extent+0x2a4/0x15f0
[ 66.778174][ T5041] ? btrfs_cont_expand+0xcd0/0xcd0
[ 66.783311][ T5041] ? mark_lock+0x9a/0x340
[ 66.787676][ T5041] btrfs_zero_range+0x1ad/0x1310
[ 66.792627][ T5041] ? print_irqtrace_events+0x220/0x220
[ 66.798111][ T5041] ? hole_mergeable+0x440/0x440
[ 66.802983][ T5041] ? btrfs_lookup_first_ordered_extent+0x4ea/0x680
[ 66.809508][ T5041] ? btrfs_wait_ordered_range+0x241/0x260
[ 66.815248][ T5041] btrfs_fallocate+0xbb5/0x1f90
[ 66.820150][ T5041] ? btrfs_file_open+0xf0/0xf0
[ 66.824946][ T5041] ? read_lock_is_recursive+0x20/0x20
[ 66.830355][ T5041] ? rcu_read_lock_any_held+0xb7/0x160
[ 66.835832][ T5041] ? rcu_read_lock_bh_held+0x120/0x120
[ 66.841306][ T5041] ? __lock_acquire+0x7f70/0x7f70
[ 66.846374][ T5041] vfs_fallocate+0x551/0x6b0
[ 66.851015][ T5041] do_vfs_ioctl+0x22cb/0x2b30
[ 66.855767][ T5041] ? __x64_compat_sys_ioctl+0x90/0x90
[ 66.861192][ T5041] ? __kmem_cache_free+0x25f/0x3b0
[ 66.866346][ T5041] ? tomoyo_path_number_perm+0x663/0x840
[ 66.872008][ T5041] ? tomoyo_path_number_perm+0x6e4/0x840
[ 66.877660][ T5041] ? smack_log+0x123/0x540
[ 66.882090][ T5041] ? tomoyo_check_path_acl+0x1c0/0x1c0
[ 66.887564][ T5041] ? smk_access+0x4b0/0x4b0
[ 66.892097][ T5041] ? _raw_spin_lock_irqsave+0x120/0x120
[ 66.897685][ T5041] ? smk_access+0x477/0x4b0
[ 66.902235][ T5041] ? smk_tskacc+0x2ff/0x360
[ 66.906780][ T5041] ? smack_file_ioctl+0x2a1/0x3a0
[ 66.911844][ T5041] ? smack_file_alloc_security+0xe0/0xe0
[ 66.917519][ T5041] ? do_notify_parent+0xf50/0xf50
[ 66.922567][ T5041] ? print_irqtrace_events+0x220/0x220
[ 66.928052][ T5041] ? bpf_lsm_file_ioctl+0x9/0x10
[ 66.933010][ T5041] ? security_file_ioctl+0x81/0xa0
[ 66.938143][ T5041] __se_sys_ioctl+0x81/0x170
[ 66.942775][ T5041] do_syscall_64+0x41/0xc0
[ 66.947220][ T5041] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 66.953136][ T5041] RIP: 0033:0x7f982b3cb329
[ 66.957562][ T5041] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[pid 5041] ioctl(5, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOMEM (Cannot allocate memory)
[pid 5041] exit_group(0) = ?
[pid 5041] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5041, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=25 /* 0.25 s */} ---
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555555916f0 /* 4 entries */, 32768) = 112
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/binderfs") = 0
[ 66.977181][ T5041] RSP: 002b:00007ffd4055bb28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 66.985609][ T5041] RAX: ffffffffffffffda RBX: 00007ffd4055bb50 RCX: 00007f982b3cb329
[ 66.993678][ T5041] RDX: 0000000020000000 RSI: 0000000040305839 RDI: 0000000000000005
[ 67.001659][ T5041] RBP: 0000000000000002 R08: 00007ffd4055b8c6 R09: 00007ffd4055bb70
[ 67.009648][ T5041] R10: 0000000000000002 R11: 0000000000000246 R12: 00007ffd4055bb4c
[ 67.017627][ T5041] R13: 0000000000000001 R14: 431bde82d7b634db R15: 00007ffd4055bb90
[ 67.025625][ T5041]
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555599730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555599730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./1/file0") = 0
getdents64(3, 0x5555555916f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./1") = 0
mkdir("./2", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555590650) = 5064
./strace-static-x86_64: Process 5064 attached
[pid 5064] set_robust_list(0x555555590660, 24) = 0
[pid 5064] chdir("./2") = 0
[pid 5064] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5064] setpgid(0, 0) = 0
[pid 5064] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5064] write(3, "1000", 4) = 4
[pid 5064] close(3) = 0
[pid 5064] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5064] memfd_create("syzkaller", 0) = 3
[pid 5064] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9822f8c000
[pid 5064] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5064] munmap(0x7f9822f8c000, 16777216) = 0
[pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5064] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5064] close(3) = 0
[pid 5064] mkdir("./file0", 0777) = 0
[ 67.401010][ T5064] loop0: detected capacity change from 0 to 32768
[ 67.422330][ T5064] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz-executor148 (5064)
[ 67.439961][ T5064] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[pid 5064] mount("/dev/loop0", "./file0", "btrfs", MS_NODEV, "enospc_debug,nodatacow,subvolid=0x0000000000000005,nodatacow,") = 0
[pid 5064] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5064] chdir("./file0") = 0
[pid 5064] ioctl(4, LOOP_CLR_FD) = 0
[pid 5064] close(4) = 0
[pid 5064] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 5064] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[ 67.448778][ T5064] BTRFS info (device loop0): setting nodatacow, compression disabled
[ 67.456909][ T5064] BTRFS info (device loop0): using free space tree
[ 67.476153][ T5064] BTRFS info (device loop0): enabling ssd optimizations
[ 67.483208][ T5064] BTRFS info (device loop0): auto enabling async discard
[pid 5064] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[pid 5064] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 5064] write(6, "10", 2) = 2
[ 67.538970][ T12] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 67.539034][ T5064] FAULT_INJECTION: forcing a failure.
[ 67.539034][ T5064] name failslab, interval 1, probability 0, space 0, times 0
[ 67.565212][ T5064] CPU: 1 PID: 5064 Comm: syz-executor148 Not tainted 6.5.0-rc1-syzkaller-00033-geb26cbb1a754 #0
[ 67.575685][ T5064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023
[ 67.585781][ T5064] Call Trace:
[ 67.589093][ T5064]
[ 67.592056][ T5064] dump_stack_lvl+0x1e7/0x2d0
[ 67.596813][ T5064] ? nf_tcp_handle_invalid+0x650/0x650
[ 67.602323][ T5064] ? panic+0x770/0x770
[ 67.606441][ T5064] ? __might_sleep+0xc0/0xc0
[ 67.611087][ T5064] should_fail_ex+0x3aa/0x4e0
[ 67.615811][ T5064] should_failslab+0x9/0x20
[ 67.620352][ T5064] slab_pre_alloc_hook+0x59/0x2b0
[ 67.625437][ T5064] ? qgroup_reserve_data+0x1c7/0x8e0
[ 67.630760][ T5064] __kmem_cache_alloc_node+0x4b/0x270
[ 67.636180][ T5064] ? _raw_spin_lock_irq+0xdf/0x120
[ 67.641337][ T5064] ? qgroup_reserve_data+0x1c7/0x8e0
[ 67.646664][ T5064] kmalloc_trace+0x2a/0xe0
[ 67.651158][ T5064] qgroup_reserve_data+0x1c7/0x8e0
[ 67.656307][ T5064] ? _raw_spin_unlock_irq+0x2e/0x50
[ 67.661569][ T5064] btrfs_qgroup_reserve_data+0x2e/0xc0
[ 67.667070][ T5064] btrfs_zero_range+0xb94/0x1310
[ 67.672069][ T5064] ? hole_mergeable+0x440/0x440
[ 67.676963][ T5064] ? btrfs_lookup_first_ordered_extent+0x4ea/0x680
[ 67.683516][ T5064] ? btrfs_wait_ordered_range+0x241/0x260
[ 67.689290][ T5064] btrfs_fallocate+0xbb5/0x1f90
[ 67.694219][ T5064] ? btrfs_file_open+0xf0/0xf0
[ 67.699000][ T5064] ? read_lock_is_recursive+0x20/0x20
[ 67.704387][ T5064] ? rcu_read_lock_any_held+0xb7/0x160
[ 67.709872][ T5064] ? rcu_read_lock_bh_held+0x120/0x120
[ 67.715341][ T5064] ? __lock_acquire+0x7f70/0x7f70
[ 67.720381][ T5064] vfs_fallocate+0x551/0x6b0
[ 67.724983][ T5064] do_vfs_ioctl+0x22cb/0x2b30
[ 67.729671][ T5064] ? __x64_compat_sys_ioctl+0x90/0x90
[ 67.735107][ T5064] ? __kmem_cache_free+0x25f/0x3b0
[ 67.740228][ T5064] ? tomoyo_path_number_perm+0x663/0x840
[ 67.745868][ T5064] ? tomoyo_path_number_perm+0x6e4/0x840
[ 67.751509][ T5064] ? smack_log+0x123/0x540
[ 67.755936][ T5064] ? tomoyo_check_path_acl+0x1c0/0x1c0
[ 67.761401][ T5064] ? smk_access+0x4b0/0x4b0
[ 67.765911][ T5064] ? _raw_spin_lock_irqsave+0x120/0x120
[ 67.771473][ T5064] ? smk_access+0x477/0x4b0
[ 67.775990][ T5064] ? smk_tskacc+0x2ff/0x360
[ 67.780501][ T5064] ? smack_file_ioctl+0x2a1/0x3a0
[ 67.785549][ T5064] ? smack_file_alloc_security+0xe0/0xe0
[ 67.791198][ T5064] ? do_notify_parent+0xf50/0xf50
[ 67.796227][ T5064] ? print_irqtrace_events+0x220/0x220
[ 67.801693][ T5064] ? bpf_lsm_file_ioctl+0x9/0x10
[ 67.806640][ T5064] ? security_file_ioctl+0x81/0xa0
[ 67.811755][ T5064] __se_sys_ioctl+0x81/0x170
[ 67.816365][ T5064] do_syscall_64+0x41/0xc0
[ 67.820786][ T5064] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 67.826689][ T5064] RIP: 0033:0x7f982b3cb329
[ 67.831107][ T5064] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 67.850712][ T5064] RSP: 002b:00007ffd4055bb28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 67.859126][ T5064] RAX: ffffffffffffffda RBX: 00007ffd4055bb50 RCX: 00007f982b3cb329
[ 67.867107][ T5064] RDX: 0000000020000000 RSI: 0000000040305839 RDI: 0000000000000005
[ 67.875079][ T5064] RBP: 0000000000000002 R08: 00007ffd4055b8c6 R09: 00007ffd4055bb70
[pid 5064] ioctl(5, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOMEM (Cannot allocate memory)
[pid 5064] exit_group(0) = ?
[pid 5064] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5064, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=24 /* 0.24 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555555916f0 /* 4 entries */, 32768) = 112
umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./2/binderfs") = 0
[ 67.883051][ T5064] R10: 0000000000000002 R11: 0000000000000246 R12: 00007ffd4055bb4c
[ 67.891021][ T5064] R13: 0000000000000002 R14: 431bde82d7b634db R15: 00007ffd4055bb90
[ 67.899006][ T5064]
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555599730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555599730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./2/file0") = 0
getdents64(3, 0x5555555916f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./2") = 0
mkdir("./3", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555590650) = 5081
./strace-static-x86_64: Process 5081 attached
[pid 5081] set_robust_list(0x555555590660, 24) = 0
[pid 5081] chdir("./3") = 0
[pid 5081] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5081] setpgid(0, 0) = 0
[pid 5081] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5081] write(3, "1000", 4) = 4
[pid 5081] close(3) = 0
[pid 5081] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5081] memfd_create("syzkaller", 0) = 3
[pid 5081] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9822f8c000
[pid 5081] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5081] munmap(0x7f9822f8c000, 16777216) = 0
[pid 5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5081] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5081] close(3) = 0
[pid 5081] mkdir("./file0", 0777) = 0
[ 68.228852][ T5081] loop0: detected capacity change from 0 to 32768
[ 68.240232][ T5081] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz-executor148 (5081)
[ 68.255606][ T5081] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 68.264356][ T5081] BTRFS info (device loop0): setting nodatacow, compression disabled
[ 68.272592][ T5081] BTRFS info (device loop0): using free space tree
[pid 5081] mount("/dev/loop0", "./file0", "btrfs", MS_NODEV, "enospc_debug,nodatacow,subvolid=0x0000000000000005,nodatacow,") = 0
[pid 5081] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5081] chdir("./file0") = 0
[pid 5081] ioctl(4, LOOP_CLR_FD) = 0
[pid 5081] close(4) = 0
[pid 5081] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 5081] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[ 68.291879][ T5081] BTRFS info (device loop0): enabling ssd optimizations
[ 68.299105][ T5081] BTRFS info (device loop0): auto enabling async discard
[pid 5081] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[pid 5081] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 5081] write(6, "10", 2) = 2
[ 68.365266][ T5081] FAULT_INJECTION: forcing a failure.
[ 68.365266][ T5081] name failslab, interval 1, probability 0, space 0, times 0
[ 68.370639][ T57] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 68.378464][ T5081] CPU: 1 PID: 5081 Comm: syz-executor148 Not tainted 6.5.0-rc1-syzkaller-00033-geb26cbb1a754 #0
[ 68.397592][ T5081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023
[ 68.407652][ T5081] Call Trace:
[ 68.410937][ T5081]
[ 68.413870][ T5081] dump_stack_lvl+0x1e7/0x2d0
[ 68.418565][ T5081] ? nf_tcp_handle_invalid+0x650/0x650
[ 68.424068][ T5081] ? panic+0x770/0x770
[ 68.428230][ T5081] ? __might_sleep+0xc0/0xc0
[ 68.432835][ T5081] should_fail_ex+0x3aa/0x4e0
[ 68.437541][ T5081] should_failslab+0x9/0x20
[ 68.442095][ T5081] slab_pre_alloc_hook+0x59/0x2b0
[ 68.447176][ T5081] kmem_cache_alloc+0x52/0x300
[ 68.451989][ T5081] ? alloc_extent_state+0x25/0x2e0
[ 68.457168][ T5081] alloc_extent_state+0x25/0x2e0
[ 68.462164][ T5081] __set_extent_bit+0x1c8/0x1b00
[ 68.467174][ T5081] lock_extent+0x105/0x270
[ 68.471658][ T5081] ? try_lock_extent+0x1a0/0x1a0
[ 68.476664][ T5081] ? truncate_pagecache_range+0x87/0xb0
[ 68.482266][ T5081] btrfs_punch_hole_lock_range+0x68/0x150
[ 68.488035][ T5081] ? btrfs_reserve_data_bytes+0x174/0x200
[ 68.493807][ T5081] btrfs_zero_range+0xb7c/0x1310
[ 68.498891][ T5081] ? hole_mergeable+0x440/0x440
[ 68.503785][ T5081] ? btrfs_lookup_first_ordered_extent+0x4ea/0x680
[ 68.510337][ T5081] ? btrfs_wait_ordered_range+0x241/0x260
[ 68.516121][ T5081] btrfs_fallocate+0xbb5/0x1f90
[ 68.521061][ T5081] ? btrfs_file_open+0xf0/0xf0
[ 68.525876][ T5081] ? read_lock_is_recursive+0x20/0x20
[ 68.531309][ T5081] ? rcu_read_lock_any_held+0xb7/0x160
[ 68.536905][ T5081] ? rcu_read_lock_bh_held+0x120/0x120
[ 68.542413][ T5081] ? __lock_acquire+0x7f70/0x7f70
[ 68.547494][ T5081] vfs_fallocate+0x551/0x6b0
[ 68.552133][ T5081] do_vfs_ioctl+0x22cb/0x2b30
[ 68.556867][ T5081] ? __x64_compat_sys_ioctl+0x90/0x90
[ 68.562295][ T5081] ? __kmem_cache_free+0x25f/0x3b0
[ 68.567455][ T5081] ? tomoyo_path_number_perm+0x663/0x840
[ 68.573098][ T5081] ? tomoyo_path_number_perm+0x6e4/0x840
[ 68.578740][ T5081] ? smack_log+0x123/0x540
[ 68.583159][ T5081] ? tomoyo_check_path_acl+0x1c0/0x1c0
[ 68.588626][ T5081] ? smk_access+0x4b0/0x4b0
[ 68.593135][ T5081] ? _raw_spin_lock_irqsave+0x120/0x120
[ 68.598685][ T5081] ? smk_access+0x477/0x4b0
[ 68.603202][ T5081] ? smk_tskacc+0x2ff/0x360
[ 68.607716][ T5081] ? smack_file_ioctl+0x2a1/0x3a0
[ 68.612746][ T5081] ? smack_file_alloc_security+0xe0/0xe0
[ 68.618391][ T5081] ? do_notify_parent+0xf50/0xf50
[ 68.623435][ T5081] ? print_irqtrace_events+0x220/0x220
[ 68.628904][ T5081] ? bpf_lsm_file_ioctl+0x9/0x10
[ 68.633854][ T5081] ? security_file_ioctl+0x81/0xa0
[ 68.638973][ T5081] __se_sys_ioctl+0x81/0x170
[ 68.643576][ T5081] do_syscall_64+0x41/0xc0
[ 68.647993][ T5081] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 68.653897][ T5081] RIP: 0033:0x7f982b3cb329
[ 68.658314][ T5081] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 68.677921][ T5081] RSP: 002b:00007ffd4055bb28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 68.686339][ T5081] RAX: ffffffffffffffda RBX: 00007ffd4055bb50 RCX: 00007f982b3cb329
[ 68.694331][ T5081] RDX: 0000000020000000 RSI: 0000000040305839 RDI: 0000000000000005
[ 68.702317][ T5081] RBP: 0000000000000002 R08: 00007ffd4055b8c6 R09: 00007ffd4055bb70
[pid 5081] ioctl(5, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = 0
[pid 5081] exit_group(0) = ?
[pid 5081] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5081, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=24 /* 0.24 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555555916f0 /* 4 entries */, 32768) = 112
umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./3/binderfs") = 0
[ 68.710289][ T5081] R10: 0000000000000002 R11: 0000000000000246 R12: 00007ffd4055bb4c
[ 68.718266][ T5081] R13: 0000000000000003 R14: 431bde82d7b634db R15: 00007ffd4055bb90
[ 68.726339][ T5081]
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555599730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555599730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./3/file0") = 0
getdents64(3, 0x5555555916f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./3") = 0
mkdir("./4", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5098 attached
[pid 5098] set_robust_list(0x555555590660, 24) = 0
[pid 5098] chdir("./4") = 0
[pid 5098] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5098] setpgid(0, 0) = 0
[pid 5017] <... clone resumed>, child_tidptr=0x555555590650) = 5098
[pid 5098] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5098] write(3, "1000", 4) = 4
[pid 5098] close(3) = 0
[pid 5098] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5098] memfd_create("syzkaller", 0) = 3
[pid 5098] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9822f8c000
[pid 5098] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5098] munmap(0x7f9822f8c000, 16777216) = 0
[pid 5098] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5098] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5098] close(3) = 0
[pid 5098] mkdir("./file0", 0777) = 0
[ 69.092267][ T5098] loop0: detected capacity change from 0 to 32768
[ 69.103530][ T5098] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz-executor148 (5098)
[ 69.118638][ T5098] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 69.127500][ T5098] BTRFS info (device loop0): setting nodatacow, compression disabled
[ 69.135677][ T5098] BTRFS info (device loop0): using free space tree
[pid 5098] mount("/dev/loop0", "./file0", "btrfs", MS_NODEV, "enospc_debug,nodatacow,subvolid=0x0000000000000005,nodatacow,") = 0
[pid 5098] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5098] chdir("./file0") = 0
[pid 5098] ioctl(4, LOOP_CLR_FD) = 0
[pid 5098] close(4) = 0
[pid 5098] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 5098] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 5098] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[pid 5098] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 5098] write(6, "10", 2) = 2
[ 69.157258][ T5098] BTRFS info (device loop0): enabling ssd optimizations
[ 69.164394][ T5098] BTRFS info (device loop0): auto enabling async discard
[ 69.216832][ T5098] FAULT_INJECTION: forcing a failure.
[ 69.216832][ T5098] name failslab, interval 1, probability 0, space 0, times 0
[ 69.217564][ T57] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 69.230687][ T5098] CPU: 1 PID: 5098 Comm: syz-executor148 Not tainted 6.5.0-rc1-syzkaller-00033-geb26cbb1a754 #0
[ 69.249232][ T5098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023
[ 69.259319][ T5098] Call Trace:
[ 69.262628][ T5098]
[ 69.265594][ T5098] dump_stack_lvl+0x1e7/0x2d0
[ 69.270339][ T5098] ? nf_tcp_handle_invalid+0x650/0x650
[ 69.275850][ T5098] ? panic+0x770/0x770
[ 69.279969][ T5098] ? __might_sleep+0xc0/0xc0
[ 69.284625][ T5098] should_fail_ex+0x3aa/0x4e0
[ 69.289348][ T5098] should_failslab+0x9/0x20
[ 69.293888][ T5098] slab_pre_alloc_hook+0x59/0x2b0
[ 69.298967][ T5098] kmem_cache_alloc+0x52/0x300
[ 69.303785][ T5098] ? alloc_extent_state+0x25/0x2e0
[ 69.308956][ T5098] alloc_extent_state+0x25/0x2e0
[ 69.313956][ T5098] __set_extent_bit+0x1c8/0x1b00
[ 69.318980][ T5098] set_record_extent_bits+0x51/0x90
[ 69.324245][ T5098] qgroup_reserve_data+0x260/0x8e0
[ 69.329405][ T5098] ? _raw_spin_unlock_irq+0x2e/0x50
[ 69.334658][ T5098] btrfs_qgroup_reserve_data+0x2e/0xc0
[ 69.340154][ T5098] btrfs_zero_range+0xb94/0x1310
[ 69.345122][ T5098] ? hole_mergeable+0x440/0x440
[ 69.350022][ T5098] ? btrfs_lookup_first_ordered_extent+0x4ea/0x680
[ 69.356542][ T5098] ? btrfs_wait_ordered_range+0x241/0x260
[ 69.362291][ T5098] btrfs_fallocate+0xbb5/0x1f90
[ 69.367198][ T5098] ? btrfs_file_open+0xf0/0xf0
[ 69.372007][ T5098] ? read_lock_is_recursive+0x20/0x20
[ 69.377452][ T5098] ? rcu_read_lock_any_held+0xb7/0x160
[ 69.382945][ T5098] ? rcu_read_lock_bh_held+0x120/0x120
[ 69.388439][ T5098] ? __lock_acquire+0x7f70/0x7f70
[ 69.393494][ T5098] vfs_fallocate+0x551/0x6b0
[ 69.398107][ T5098] do_vfs_ioctl+0x22cb/0x2b30
[ 69.402816][ T5098] ? __x64_compat_sys_ioctl+0x90/0x90
[ 69.408236][ T5098] ? __kmem_cache_free+0x25f/0x3b0
[ 69.413385][ T5098] ? tomoyo_path_number_perm+0x663/0x840
[ 69.419055][ T5098] ? tomoyo_path_number_perm+0x6e4/0x840
[ 69.424731][ T5098] ? smack_log+0x123/0x540
[ 69.429175][ T5098] ? tomoyo_check_path_acl+0x1c0/0x1c0
[ 69.434662][ T5098] ? smk_access+0x4b0/0x4b0
[ 69.439186][ T5098] ? _raw_spin_lock_irqsave+0x120/0x120
[ 69.444750][ T5098] ? smk_access+0x477/0x4b0
[ 69.449295][ T5098] ? smk_tskacc+0x2ff/0x360
[ 69.453930][ T5098] ? smack_file_ioctl+0x2a1/0x3a0
[ 69.458994][ T5098] ? smack_file_alloc_security+0xe0/0xe0
[ 69.464654][ T5098] ? do_notify_parent+0xf50/0xf50
[ 69.469703][ T5098] ? print_irqtrace_events+0x220/0x220
[ 69.475179][ T5098] ? bpf_lsm_file_ioctl+0x9/0x10
[ 69.480135][ T5098] ? security_file_ioctl+0x81/0xa0
[ 69.485273][ T5098] __se_sys_ioctl+0x81/0x170
[ 69.489885][ T5098] do_syscall_64+0x41/0xc0
[ 69.494312][ T5098] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 69.500221][ T5098] RIP: 0033:0x7f982b3cb329
[ 69.504648][ T5098] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 69.524263][ T5098] RSP: 002b:00007ffd4055bb28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 69.532692][ T5098] RAX: ffffffffffffffda RBX: 00007ffd4055bb50 RCX: 00007f982b3cb329
[ 69.540684][ T5098] RDX: 0000000020000000 RSI: 0000000040305839 RDI: 0000000000000005
[ 69.548664][ T5098] RBP: 0000000000000002 R08: 00007ffd4055b8c6 R09: 00007ffd4055bb70
[ 69.556641][ T5098] R10: 0000000000000002 R11: 0000000000000246 R12: 00007ffd4055bb4c
[pid 5098] ioctl(5, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = 0
[pid 5098] exit_group(0) = ?
[pid 5098] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5098, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=22 /* 0.22 s */} ---
umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555555916f0 /* 4 entries */, 32768) = 112
umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./4/binderfs") = 0
[ 69.564631][ T5098] R13: 0000000000000004 R14: 431bde82d7b634db R15: 00007ffd4055bb90
[ 69.572626][ T5098]
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555599730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555599730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./4/file0") = 0
getdents64(3, 0x5555555916f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./4") = 0
mkdir("./5", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555590650) = 5122
./strace-static-x86_64: Process 5122 attached
[pid 5122] set_robust_list(0x555555590660, 24) = 0
[pid 5122] chdir("./5") = 0
[pid 5122] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5122] setpgid(0, 0) = 0
[pid 5122] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5122] write(3, "1000", 4) = 4
[pid 5122] close(3) = 0
[pid 5122] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5122] memfd_create("syzkaller", 0) = 3
[pid 5122] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9822f8c000
[pid 5122] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5122] munmap(0x7f9822f8c000, 16777216) = 0
[pid 5122] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5122] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5122] close(3) = 0
[pid 5122] mkdir("./file0", 0777) = 0
[ 69.948929][ T5122] loop0: detected capacity change from 0 to 32768
[ 69.958686][ T5122] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz-executor148 (5122)
[ 69.976008][ T5122] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 69.984778][ T5122] BTRFS info (device loop0): setting nodatacow, compression disabled
[ 69.992860][ T5122] BTRFS info (device loop0): using free space tree
[pid 5122] mount("/dev/loop0", "./file0", "btrfs", MS_NODEV, "enospc_debug,nodatacow,subvolid=0x0000000000000005,nodatacow,") = 0
[pid 5122] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5122] chdir("./file0") = 0
[pid 5122] ioctl(4, LOOP_CLR_FD) = 0
[pid 5122] close(4) = 0
[pid 5122] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 5122] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 5122] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[pid 5122] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 5122] write(6, "10", 2) = 2
[ 70.011880][ T5122] BTRFS info (device loop0): enabling ssd optimizations
[ 70.019232][ T5122] BTRFS info (device loop0): auto enabling async discard
[ 70.066489][ T5122] FAULT_INJECTION: forcing a failure.
[ 70.066489][ T5122] name failslab, interval 1, probability 0, space 0, times 0
[ 70.085972][ T57] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 70.095358][ T5122] CPU: 0 PID: 5122 Comm: syz-executor148 Not tainted 6.5.0-rc1-syzkaller-00033-geb26cbb1a754 #0
[ 70.105814][ T5122] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023
[ 70.115990][ T5122] Call Trace:
[ 70.119300][ T5122]
[ 70.122306][ T5122] dump_stack_lvl+0x1e7/0x2d0
[ 70.127046][ T5122] ? nf_tcp_handle_invalid+0x650/0x650
[ 70.132560][ T5122] ? panic+0x770/0x770
[ 70.136679][ T5122] ? __might_sleep+0xc0/0xc0
[ 70.141326][ T5122] should_fail_ex+0x3aa/0x4e0
[ 70.146051][ T5122] should_failslab+0x9/0x20
[ 70.150615][ T5122] slab_pre_alloc_hook+0x59/0x2b0
[ 70.155688][ T5122] kmem_cache_alloc+0x52/0x300
[ 70.160474][ T5122] ? alloc_extent_state+0x25/0x2e0
[ 70.165788][ T5122] alloc_extent_state+0x25/0x2e0
[ 70.170771][ T5122] __set_extent_bit+0x1c8/0x1b00
[ 70.175764][ T5122] set_record_extent_bits+0x51/0x90
[ 70.180989][ T5122] qgroup_reserve_data+0x260/0x8e0
[ 70.186111][ T5122] ? _raw_spin_unlock_irq+0x2e/0x50
[ 70.191335][ T5122] btrfs_qgroup_reserve_data+0x2e/0xc0
[ 70.196809][ T5122] btrfs_zero_range+0xb94/0x1310
[ 70.201773][ T5122] ? hole_mergeable+0x440/0x440
[ 70.206811][ T5122] ? btrfs_lookup_first_ordered_extent+0x4ea/0x680
[ 70.213337][ T5122] ? btrfs_wait_ordered_range+0x241/0x260
[ 70.219097][ T5122] btrfs_fallocate+0xbb5/0x1f90
[ 70.223994][ T5122] ? btrfs_file_open+0xf0/0xf0
[ 70.228787][ T5122] ? read_lock_is_recursive+0x20/0x20
[ 70.234189][ T5122] ? rcu_read_lock_any_held+0xb7/0x160
[ 70.239669][ T5122] ? rcu_read_lock_bh_held+0x120/0x120
[ 70.245151][ T5122] ? __lock_acquire+0x7f70/0x7f70
[ 70.250203][ T5122] vfs_fallocate+0x551/0x6b0
[ 70.254815][ T5122] do_vfs_ioctl+0x22cb/0x2b30
[ 70.259546][ T5122] ? __x64_compat_sys_ioctl+0x90/0x90
[ 70.264949][ T5122] ? __kmem_cache_free+0x25f/0x3b0
[ 70.270092][ T5122] ? tomoyo_path_number_perm+0x663/0x840
[ 70.275745][ T5122] ? tomoyo_path_number_perm+0x6e4/0x840
[ 70.281396][ T5122] ? smack_log+0x123/0x540
[ 70.285827][ T5122] ? tomoyo_check_path_acl+0x1c0/0x1c0
[ 70.291307][ T5122] ? smk_access+0x4b0/0x4b0
[ 70.295826][ T5122] ? _raw_spin_lock_irqsave+0x120/0x120
[ 70.301389][ T5122] ? smk_access+0x477/0x4b0
[ 70.305916][ T5122] ? smk_tskacc+0x2ff/0x360
[ 70.310439][ T5122] ? smack_file_ioctl+0x2a1/0x3a0
[ 70.315478][ T5122] ? smack_file_alloc_security+0xe0/0xe0
[ 70.321131][ T5122] ? do_notify_parent+0xf50/0xf50
[ 70.326168][ T5122] ? print_irqtrace_events+0x220/0x220
[ 70.331666][ T5122] ? bpf_lsm_file_ioctl+0x9/0x10
[ 70.336638][ T5122] ? security_file_ioctl+0x81/0xa0
[ 70.341780][ T5122] __se_sys_ioctl+0x81/0x170
[ 70.346412][ T5122] do_syscall_64+0x41/0xc0
[ 70.350852][ T5122] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 70.356764][ T5122] RIP: 0033:0x7f982b3cb329
[ 70.361194][ T5122] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 70.380815][ T5122] RSP: 002b:00007ffd4055bb28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 70.389259][ T5122] RAX: ffffffffffffffda RBX: 00007ffd4055bb50 RCX: 00007f982b3cb329
[ 70.397245][ T5122] RDX: 0000000020000000 RSI: 0000000040305839 RDI: 0000000000000005
[ 70.405227][ T5122] RBP: 0000000000000002 R08: 00007ffd4055b8c6 R09: 00007ffd4055bb70
[pid 5122] ioctl(5, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = 0
[pid 5122] exit_group(0) = ?
[pid 5122] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5122, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=26 /* 0.26 s */} ---
umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555555916f0 /* 4 entries */, 32768) = 112
umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[ 70.413227][ T5122] R10: 0000000000000002 R11: 0000000000000246 R12: 00007ffd4055bb4c
[ 70.421221][ T5122] R13: 0000000000000005 R14: 431bde82d7b634db R15: 00007ffd4055bb90
[ 70.429227][ T5122]
unlink("./5/binderfs") = 0
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555599730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555599730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./5/file0") = 0
getdents64(3, 0x5555555916f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./5") = 0
mkdir("./6", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555590650) = 5139
./strace-static-x86_64: Process 5139 attached
[pid 5139] set_robust_list(0x555555590660, 24) = 0
[pid 5139] chdir("./6") = 0
[pid 5139] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5139] setpgid(0, 0) = 0
[pid 5139] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5139] write(3, "1000", 4) = 4
[pid 5139] close(3) = 0
[pid 5139] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5139] memfd_create("syzkaller", 0) = 3
[pid 5139] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9822f8c000
[pid 5139] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5139] munmap(0x7f9822f8c000, 16777216) = 0
[pid 5139] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5139] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5139] close(3) = 0
[pid 5139] mkdir("./file0", 0777) = 0
[ 70.828307][ T5139] loop0: detected capacity change from 0 to 32768
[ 70.839356][ T5139] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz-executor148 (5139)
[ 70.856585][ T5139] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 70.865333][ T5139] BTRFS info (device loop0): setting nodatacow, compression disabled
[pid 5139] mount("/dev/loop0", "./file0", "btrfs", MS_NODEV, "enospc_debug,nodatacow,subvolid=0x0000000000000005,nodatacow,") = 0
[pid 5139] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5139] chdir("./file0") = 0
[pid 5139] ioctl(4, LOOP_CLR_FD) = 0
[pid 5139] close(4) = 0
[pid 5139] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 5139] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[ 70.873477][ T5139] BTRFS info (device loop0): using free space tree
[ 70.891406][ T5139] BTRFS info (device loop0): enabling ssd optimizations
[ 70.898486][ T5139] BTRFS info (device loop0): auto enabling async discard
[pid 5139] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[pid 5139] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 5139] write(6, "10", 2) = 2
[ 70.954309][ T41] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 70.966751][ T5139] FAULT_INJECTION: forcing a failure.
[ 70.966751][ T5139] name failslab, interval 1, probability 0, space 0, times 0
[ 70.980752][ T5139] CPU: 1 PID: 5139 Comm: syz-executor148 Not tainted 6.5.0-rc1-syzkaller-00033-geb26cbb1a754 #0
[ 70.991219][ T5139] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023
[ 71.001305][ T5139] Call Trace:
[ 71.004614][ T5139]
[ 71.007578][ T5139] dump_stack_lvl+0x1e7/0x2d0
[ 71.012312][ T5139] ? nf_tcp_handle_invalid+0x650/0x650
[ 71.017833][ T5139] ? panic+0x770/0x770
[ 71.021956][ T5139] ? __might_sleep+0xc0/0xc0
[ 71.026605][ T5139] should_fail_ex+0x3aa/0x4e0
[ 71.031342][ T5139] should_failslab+0x9/0x20
[ 71.035927][ T5139] slab_pre_alloc_hook+0x59/0x2b0
[ 71.041107][ T5139] kmem_cache_alloc+0x52/0x300
[ 71.045924][ T5139] ? alloc_extent_state+0x25/0x2e0
[ 71.051095][ T5139] alloc_extent_state+0x25/0x2e0
[ 71.056085][ T5139] __set_extent_bit+0x1c8/0x1b00
[ 71.061090][ T5139] set_record_extent_bits+0x51/0x90
[ 71.066346][ T5139] qgroup_reserve_data+0x260/0x8e0
[ 71.071499][ T5139] ? _raw_spin_unlock_irq+0x2e/0x50
[ 71.076758][ T5139] btrfs_qgroup_reserve_data+0x2e/0xc0
[ 71.082262][ T5139] btrfs_zero_range+0xb94/0x1310
[ 71.087263][ T5139] ? hole_mergeable+0x440/0x440
[ 71.092160][ T5139] ? btrfs_lookup_first_ordered_extent+0x4ea/0x680
[ 71.098709][ T5139] ? btrfs_wait_ordered_range+0x241/0x260
[ 71.104479][ T5139] btrfs_fallocate+0xbb5/0x1f90
[ 71.109404][ T5139] ? btrfs_file_open+0xf0/0xf0
[ 71.114217][ T5139] ? read_lock_is_recursive+0x20/0x20
[ 71.119645][ T5139] ? rcu_read_lock_any_held+0xb7/0x160
[ 71.125149][ T5139] ? rcu_read_lock_bh_held+0x120/0x120
[ 71.130661][ T5139] ? __lock_acquire+0x7f70/0x7f70
[ 71.135748][ T5139] vfs_fallocate+0x551/0x6b0
[ 71.140411][ T5139] do_vfs_ioctl+0x22cb/0x2b30
[ 71.145140][ T5139] ? __x64_compat_sys_ioctl+0x90/0x90
[ 71.150573][ T5139] ? __kmem_cache_free+0x25f/0x3b0
[ 71.155831][ T5139] ? tomoyo_path_number_perm+0x663/0x840
[ 71.161507][ T5139] ? tomoyo_path_number_perm+0x6e4/0x840
[ 71.167175][ T5139] ? smack_log+0x123/0x540
[ 71.171600][ T5139] ? tomoyo_check_path_acl+0x1c0/0x1c0
[ 71.177069][ T5139] ? smk_access+0x4b0/0x4b0
[ 71.181580][ T5139] ? _raw_spin_lock_irqsave+0x120/0x120
[ 71.187134][ T5139] ? smk_access+0x477/0x4b0
[ 71.191654][ T5139] ? smk_tskacc+0x2ff/0x360
[ 71.196172][ T5139] ? smack_file_ioctl+0x2a1/0x3a0
[ 71.201204][ T5139] ? smack_file_alloc_security+0xe0/0xe0
[ 71.206850][ T5139] ? do_notify_parent+0xf50/0xf50
[ 71.211899][ T5139] ? print_irqtrace_events+0x220/0x220
[ 71.217393][ T5139] ? bpf_lsm_file_ioctl+0x9/0x10
[ 71.222348][ T5139] ? security_file_ioctl+0x81/0xa0
[ 71.227469][ T5139] __se_sys_ioctl+0x81/0x170
[ 71.232085][ T5139] do_syscall_64+0x41/0xc0
[ 71.236544][ T5139] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 71.242496][ T5139] RIP: 0033:0x7f982b3cb329
[ 71.246920][ T5139] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 71.266630][ T5139] RSP: 002b:00007ffd4055bb28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 71.275078][ T5139] RAX: ffffffffffffffda RBX: 00007ffd4055bb50 RCX: 00007f982b3cb329
[ 71.283176][ T5139] RDX: 0000000020000000 RSI: 0000000040305839 RDI: 0000000000000005
[ 71.291153][ T5139] RBP: 0000000000000002 R08: 00007ffd4055b8c6 R09: 00007ffd4055bb70
[pid 5139] ioctl(5, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = 0
[pid 5139] exit_group(0) = ?
[pid 5139] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5139, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=23 /* 0.23 s */} ---
umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555555916f0 /* 4 entries */, 32768) = 112
umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./6/binderfs") = 0
[ 71.299139][ T5139] R10: 0000000000000002 R11: 0000000000000246 R12: 00007ffd4055bb4c
[ 71.307137][ T5139] R13: 0000000000000006 R14: 431bde82d7b634db R15: 00007ffd4055bb90
[ 71.315144][ T5139]
umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555599730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555599730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./6/file0") = 0
getdents64(3, 0x5555555916f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./6") = 0
mkdir("./7", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555590650) = 5156
./strace-static-x86_64: Process 5156 attached
[pid 5156] set_robust_list(0x555555590660, 24) = 0
[pid 5156] chdir("./7") = 0
[pid 5156] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5156] setpgid(0, 0) = 0
[pid 5156] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5156] write(3, "1000", 4) = 4
[pid 5156] close(3) = 0
[pid 5156] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5156] memfd_create("syzkaller", 0) = 3
[pid 5156] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9822f8c000
[pid 5156] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5156] munmap(0x7f9822f8c000, 16777216) = 0
[pid 5156] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5156] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5156] close(3) = 0
[pid 5156] mkdir("./file0", 0777) = 0
[ 71.658483][ T5156] loop0: detected capacity change from 0 to 32768
[ 71.669535][ T5156] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz-executor148 (5156)
[ 71.687795][ T5156] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 71.696634][ T5156] BTRFS info (device loop0): setting nodatacow, compression disabled
[pid 5156] mount("/dev/loop0", "./file0", "btrfs", MS_NODEV, "enospc_debug,nodatacow,subvolid=0x0000000000000005,nodatacow,") = 0
[pid 5156] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5156] chdir("./file0") = 0
[pid 5156] ioctl(4, LOOP_CLR_FD) = 0
[pid 5156] close(4) = 0
[pid 5156] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 5156] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 5156] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[ 71.704845][ T5156] BTRFS info (device loop0): using free space tree
[ 71.723661][ T5156] BTRFS info (device loop0): enabling ssd optimizations
[ 71.730702][ T5156] BTRFS info (device loop0): auto enabling async discard
[pid 5156] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 5156] write(6, "10", 2) = 2
[ 71.776700][ T12] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 71.788429][ T5156] FAULT_INJECTION: forcing a failure.
[ 71.788429][ T5156] name failslab, interval 1, probability 0, space 0, times 0
[ 71.801906][ T5156] CPU: 0 PID: 5156 Comm: syz-executor148 Not tainted 6.5.0-rc1-syzkaller-00033-geb26cbb1a754 #0
[ 71.812369][ T5156] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023
[ 71.822454][ T5156] Call Trace:
[ 71.825769][ T5156]
[ 71.828759][ T5156] dump_stack_lvl+0x1e7/0x2d0
[ 71.833503][ T5156] ? nf_tcp_handle_invalid+0x650/0x650
[ 71.839020][ T5156] ? panic+0x770/0x770
[ 71.843140][ T5156] ? __might_sleep+0xc0/0xc0
[ 71.847803][ T5156] should_fail_ex+0x3aa/0x4e0
[ 71.852537][ T5156] should_failslab+0x9/0x20
[ 71.857083][ T5156] slab_pre_alloc_hook+0x59/0x2b0
[ 71.862162][ T5156] kmem_cache_alloc+0x52/0x300
[ 71.866980][ T5156] ? alloc_extent_state+0x25/0x2e0
[ 71.872153][ T5156] alloc_extent_state+0x25/0x2e0
[ 71.877156][ T5156] __set_extent_bit+0x1c8/0x1b00
[ 71.882171][ T5156] set_record_extent_bits+0x51/0x90
[ 71.887430][ T5156] qgroup_reserve_data+0x260/0x8e0
[ 71.892620][ T5156] ? _raw_spin_unlock_irq+0x2e/0x50
[ 71.897959][ T5156] btrfs_qgroup_reserve_data+0x2e/0xc0
[ 71.903556][ T5156] btrfs_zero_range+0xb94/0x1310
[ 71.908566][ T5156] ? hole_mergeable+0x440/0x440
[ 71.913473][ T5156] ? btrfs_lookup_first_ordered_extent+0x4ea/0x680
[ 71.920031][ T5156] ? btrfs_wait_ordered_range+0x241/0x260
[ 71.925816][ T5156] btrfs_fallocate+0xbb5/0x1f90
[ 71.930758][ T5156] ? btrfs_file_open+0xf0/0xf0
[ 71.935588][ T5156] ? read_lock_is_recursive+0x20/0x20
[ 71.941028][ T5156] ? rcu_read_lock_any_held+0xb7/0x160
[ 71.946544][ T5156] ? rcu_read_lock_bh_held+0x120/0x120
[ 71.952065][ T5156] ? __lock_acquire+0x7f70/0x7f70
[ 71.957154][ T5156] vfs_fallocate+0x551/0x6b0
[ 71.961817][ T5156] do_vfs_ioctl+0x22cb/0x2b30
[ 71.966560][ T5156] ? __x64_compat_sys_ioctl+0x90/0x90
[ 71.971994][ T5156] ? __kmem_cache_free+0x25f/0x3b0
[ 71.977165][ T5156] ? tomoyo_path_number_perm+0x663/0x840
[ 71.982853][ T5156] ? tomoyo_path_number_perm+0x6e4/0x840
[ 71.988540][ T5156] ? smack_log+0x123/0x540
[ 71.993014][ T5156] ? tomoyo_check_path_acl+0x1c0/0x1c0
[ 71.998530][ T5156] ? smk_access+0x4b0/0x4b0
[ 72.003080][ T5156] ? _raw_spin_lock_irqsave+0x120/0x120
[ 72.008665][ T5156] ? smk_access+0x477/0x4b0
[ 72.013203][ T5156] ? smk_tskacc+0x2ff/0x360
[ 72.017733][ T5156] ? smack_file_ioctl+0x2a1/0x3a0
[ 72.022784][ T5156] ? smack_file_alloc_security+0xe0/0xe0
[ 72.028448][ T5156] ? do_notify_parent+0xf50/0xf50
[ 72.033492][ T5156] ? print_irqtrace_events+0x220/0x220
[ 72.038986][ T5156] ? bpf_lsm_file_ioctl+0x9/0x10
[ 72.043955][ T5156] ? security_file_ioctl+0x81/0xa0
[ 72.049094][ T5156] __se_sys_ioctl+0x81/0x170
[ 72.053719][ T5156] do_syscall_64+0x41/0xc0
[ 72.058160][ T5156] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 72.064118][ T5156] RIP: 0033:0x7f982b3cb329
[ 72.068550][ T5156] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 72.088266][ T5156] RSP: 002b:00007ffd4055bb28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 72.097076][ T5156] RAX: ffffffffffffffda RBX: 00007ffd4055bb50 RCX: 00007f982b3cb329
[ 72.105069][ T5156] RDX: 0000000020000000 RSI: 0000000040305839 RDI: 0000000000000005
[ 72.113162][ T5156] RBP: 0000000000000002 R08: 00007ffd4055b8c6 R09: 00007ffd4055bb70
[pid 5156] ioctl(5, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = 0
[pid 5156] exit_group(0) = ?
[pid 5156] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5156, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=22 /* 0.22 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555555916f0 /* 4 entries */, 32768) = 112
umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./7/binderfs") = 0
[ 72.121175][ T5156] R10: 0000000000000002 R11: 0000000000000246 R12: 00007ffd4055bb4c
[ 72.129171][ T5156] R13: 0000000000000007 R14: 431bde82d7b634db R15: 00007ffd4055bb90
[ 72.137325][ T5156]
umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555599730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555599730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./7/file0") = 0
getdents64(3, 0x5555555916f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./7") = 0
mkdir("./8", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555590650) = 5173
./strace-static-x86_64: Process 5173 attached
[pid 5173] set_robust_list(0x555555590660, 24) = 0
[pid 5173] chdir("./8") = 0
[pid 5173] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5173] setpgid(0, 0) = 0
[pid 5173] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5173] write(3, "1000", 4) = 4
[pid 5173] close(3) = 0
[pid 5173] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5173] memfd_create("syzkaller", 0) = 3
[pid 5173] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9822f8c000
[pid 5173] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5173] munmap(0x7f9822f8c000, 16777216) = 0
[pid 5173] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5173] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5173] close(3) = 0
[pid 5173] mkdir("./file0", 0777) = 0
[ 72.491352][ T5173] loop0: detected capacity change from 0 to 32768
[ 72.501656][ T5173] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz-executor148 (5173)
[ 72.518573][ T5173] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 72.527551][ T5173] BTRFS info (device loop0): setting nodatacow, compression disabled
[pid 5173] mount("/dev/loop0", "./file0", "btrfs", MS_NODEV, "enospc_debug,nodatacow,subvolid=0x0000000000000005,nodatacow,") = 0
[pid 5173] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5173] chdir("./file0") = 0
[pid 5173] ioctl(4, LOOP_CLR_FD) = 0
[pid 5173] close(4) = 0
[pid 5173] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 5173] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 5173] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[pid 5173] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 5173] write(6, "10", 2) = 2
[ 72.535849][ T5173] BTRFS info (device loop0): using free space tree
[ 72.553688][ T5173] BTRFS info (device loop0): enabling ssd optimizations
[ 72.560717][ T5173] BTRFS info (device loop0): auto enabling async discard
[ 72.616861][ T5173] FAULT_INJECTION: forcing a failure.
[ 72.616861][ T5173] name failslab, interval 1, probability 0, space 0, times 0
[ 72.630921][ T41] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 72.640411][ T5173] CPU: 0 PID: 5173 Comm: syz-executor148 Not tainted 6.5.0-rc1-syzkaller-00033-geb26cbb1a754 #0
[ 72.650850][ T5173] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023
[ 72.660924][ T5173] Call Trace:
[ 72.664244][ T5173]
[ 72.667205][ T5173] dump_stack_lvl+0x1e7/0x2d0
[ 72.671932][ T5173] ? nf_tcp_handle_invalid+0x650/0x650
[ 72.677448][ T5173] ? panic+0x770/0x770
[ 72.681571][ T5173] ? __might_sleep+0xc0/0xc0
[ 72.686237][ T5173] should_fail_ex+0x3aa/0x4e0
[ 72.690976][ T5173] should_failslab+0x9/0x20
[ 72.695522][ T5173] slab_pre_alloc_hook+0x59/0x2b0
[ 72.700602][ T5173] kmem_cache_alloc+0x52/0x300
[ 72.705412][ T5173] ? alloc_extent_state+0x25/0x2e0
[ 72.710581][ T5173] alloc_extent_state+0x25/0x2e0
[ 72.715572][ T5173] __set_extent_bit+0x1c8/0x1b00
[ 72.720587][ T5173] set_record_extent_bits+0x51/0x90
[ 72.725840][ T5173] qgroup_reserve_data+0x260/0x8e0
[ 72.730999][ T5173] ? _raw_spin_unlock_irq+0x2e/0x50
[ 72.736275][ T5173] btrfs_qgroup_reserve_data+0x2e/0xc0
[ 72.741777][ T5173] btrfs_zero_range+0xb94/0x1310
[ 72.746777][ T5173] ? hole_mergeable+0x440/0x440
[ 72.751671][ T5173] ? btrfs_lookup_first_ordered_extent+0x4ea/0x680
[ 72.758242][ T5173] ? btrfs_wait_ordered_range+0x241/0x260
[ 72.763994][ T5173] btrfs_fallocate+0xbb5/0x1f90
[ 72.768899][ T5173] ? btrfs_file_open+0xf0/0xf0
[ 72.773685][ T5173] ? read_lock_is_recursive+0x20/0x20
[ 72.779088][ T5173] ? rcu_read_lock_any_held+0xb7/0x160
[ 72.784565][ T5173] ? rcu_read_lock_bh_held+0x120/0x120
[ 72.790037][ T5173] ? __lock_acquire+0x7f70/0x7f70
[ 72.795090][ T5173] vfs_fallocate+0x551/0x6b0
[ 72.799722][ T5173] do_vfs_ioctl+0x22cb/0x2b30
[ 72.804425][ T5173] ? __x64_compat_sys_ioctl+0x90/0x90
[ 72.809912][ T5173] ? __kmem_cache_free+0x25f/0x3b0
[ 72.815045][ T5173] ? tomoyo_path_number_perm+0x663/0x840
[ 72.820694][ T5173] ? tomoyo_path_number_perm+0x6e4/0x840
[ 72.826345][ T5173] ? smack_log+0x123/0x540
[ 72.830772][ T5173] ? tomoyo_check_path_acl+0x1c0/0x1c0
[ 72.836258][ T5173] ? smk_access+0x4b0/0x4b0
[ 72.840791][ T5173] ? _raw_spin_lock_irqsave+0x120/0x120
[ 72.846371][ T5173] ? smk_access+0x477/0x4b0
[ 72.850919][ T5173] ? smk_tskacc+0x2ff/0x360
[ 72.855457][ T5173] ? smack_file_ioctl+0x2a1/0x3a0
[ 72.860505][ T5173] ? smack_file_alloc_security+0xe0/0xe0
[ 72.866156][ T5173] ? do_notify_parent+0xf50/0xf50
[ 72.871201][ T5173] ? print_irqtrace_events+0x220/0x220
[ 72.876676][ T5173] ? bpf_lsm_file_ioctl+0x9/0x10
[ 72.881650][ T5173] ? security_file_ioctl+0x81/0xa0
[ 72.886804][ T5173] __se_sys_ioctl+0x81/0x170
[ 72.891440][ T5173] do_syscall_64+0x41/0xc0
[ 72.895889][ T5173] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 72.901824][ T5173] RIP: 0033:0x7f982b3cb329
[ 72.906261][ T5173] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 72.925884][ T5173] RSP: 002b:00007ffd4055bb28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 72.934318][ T5173] RAX: ffffffffffffffda RBX: 00007ffd4055bb50 RCX: 00007f982b3cb329
[ 72.942324][ T5173] RDX: 0000000020000000 RSI: 0000000040305839 RDI: 0000000000000005
[ 72.950322][ T5173] RBP: 0000000000000002 R08: 00007ffd4055b8c6 R09: 00007ffd4055bb70
[ 72.958300][ T5173] R10: 0000000000000002 R11: 0000000000000246 R12: 00007ffd4055bb4c
[pid 5173] ioctl(5, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = 0
[pid 5173] exit_group(0) = ?
[pid 5173] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5173, si_uid=0, si_status=0, si_utime=0, si_stime=24 /* 0.24 s */} ---
umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555555916f0 /* 4 entries */, 32768) = 112
umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./8/binderfs") = 0
[ 72.966280][ T5173] R13: 0000000000000008 R14: 431bde82d7b634db R15: 00007ffd4055bb90
[ 72.974276][ T5173]
umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555599730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555599730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./8/file0") = 0
getdents64(3, 0x5555555916f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./8") = 0
mkdir("./9", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555590650) = 5190
./strace-static-x86_64: Process 5190 attached
[pid 5190] set_robust_list(0x555555590660, 24) = 0
[pid 5190] chdir("./9") = 0
[pid 5190] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5190] setpgid(0, 0) = 0
[pid 5190] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5190] write(3, "1000", 4) = 4
[pid 5190] close(3) = 0
[pid 5190] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5190] memfd_create("syzkaller", 0) = 3
[pid 5190] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9822f8c000
[pid 5190] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5190] munmap(0x7f9822f8c000, 16777216) = 0
[pid 5190] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5190] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5190] close(3) = 0
[pid 5190] mkdir("./file0", 0777) = 0
[ 73.334781][ T5190] loop0: detected capacity change from 0 to 32768
[ 73.355568][ T5190] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz-executor148 (5190)
[ 73.372790][ T5190] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[pid 5190] mount("/dev/loop0", "./file0", "btrfs", MS_NODEV, "enospc_debug,nodatacow,subvolid=0x0000000000000005,nodatacow,") = 0
[pid 5190] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5190] chdir("./file0") = 0
[pid 5190] ioctl(4, LOOP_CLR_FD) = 0
[pid 5190] close(4) = 0
[pid 5190] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 5190] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[ 73.381804][ T5190] BTRFS info (device loop0): setting nodatacow, compression disabled
[ 73.390099][ T5190] BTRFS info (device loop0): using free space tree
[ 73.408849][ T5190] BTRFS info (device loop0): enabling ssd optimizations
[ 73.416185][ T5190] BTRFS info (device loop0): auto enabling async discard
[pid 5190] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[pid 5190] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 5190] write(6, "10", 2) = 2
[ 73.474093][ T5190] FAULT_INJECTION: forcing a failure.
[ 73.474093][ T5190] name failslab, interval 1, probability 0, space 0, times 0
[ 73.491277][ T12] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 73.493851][ T5190] CPU: 0 PID: 5190 Comm: syz-executor148 Not tainted 6.5.0-rc1-syzkaller-00033-geb26cbb1a754 #0
[ 73.510861][ T5190] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023
[ 73.520949][ T5190] Call Trace:
[ 73.524258][ T5190]
[ 73.527234][ T5190] dump_stack_lvl+0x1e7/0x2d0
[ 73.531977][ T5190] ? nf_tcp_handle_invalid+0x650/0x650
[ 73.537494][ T5190] ? panic+0x770/0x770
[ 73.541616][ T5190] ? __might_sleep+0xc0/0xc0
[ 73.546264][ T5190] should_fail_ex+0x3aa/0x4e0
[ 73.550993][ T5190] should_failslab+0x9/0x20
[ 73.555540][ T5190] slab_pre_alloc_hook+0x59/0x2b0
[ 73.560622][ T5190] kmem_cache_alloc+0x52/0x300
[ 73.565521][ T5190] ? alloc_extent_state+0x25/0x2e0
[ 73.570691][ T5190] alloc_extent_state+0x25/0x2e0
[ 73.575686][ T5190] __set_extent_bit+0x1c8/0x1b00
[ 73.580698][ T5190] set_record_extent_bits+0x51/0x90
[ 73.585953][ T5190] qgroup_reserve_data+0x260/0x8e0
[ 73.591104][ T5190] ? _raw_spin_unlock_irq+0x2e/0x50
[ 73.596357][ T5190] btrfs_qgroup_reserve_data+0x2e/0xc0
[ 73.601885][ T5190] btrfs_zero_range+0xb94/0x1310
[ 73.606882][ T5190] ? hole_mergeable+0x440/0x440
[ 73.611782][ T5190] ? btrfs_lookup_first_ordered_extent+0x4ea/0x680
[ 73.618338][ T5190] ? btrfs_wait_ordered_range+0x241/0x260
[ 73.624109][ T5190] btrfs_fallocate+0xbb5/0x1f90
[ 73.629027][ T5190] ? btrfs_file_open+0xf0/0xf0
[ 73.633842][ T5190] ? read_lock_is_recursive+0x20/0x20
[ 73.639274][ T5190] ? rcu_read_lock_any_held+0xb7/0x160
[ 73.644786][ T5190] ? rcu_read_lock_bh_held+0x120/0x120
[ 73.650301][ T5190] ? __lock_acquire+0x7f70/0x7f70
[ 73.655384][ T5190] vfs_fallocate+0x551/0x6b0
[ 73.660026][ T5190] do_vfs_ioctl+0x22cb/0x2b30
[ 73.664760][ T5190] ? __x64_compat_sys_ioctl+0x90/0x90
[ 73.670201][ T5190] ? __kmem_cache_free+0x25f/0x3b0
[ 73.675367][ T5190] ? tomoyo_path_number_perm+0x663/0x840
[ 73.681045][ T5190] ? tomoyo_path_number_perm+0x6e4/0x840
[ 73.686729][ T5190] ? smack_log+0x123/0x540
[ 73.691190][ T5190] ? tomoyo_check_path_acl+0x1c0/0x1c0
[ 73.696680][ T5190] ? smk_access+0x4b0/0x4b0
[ 73.701196][ T5190] ? _raw_spin_lock_irqsave+0x120/0x120
[ 73.706774][ T5190] ? smk_access+0x477/0x4b0
[ 73.711308][ T5190] ? smk_tskacc+0x2ff/0x360
[ 73.715828][ T5190] ? smack_file_ioctl+0x2a1/0x3a0
[ 73.720876][ T5190] ? smack_file_alloc_security+0xe0/0xe0
[ 73.726544][ T5190] ? do_notify_parent+0xf50/0xf50
[ 73.731579][ T5190] ? print_irqtrace_events+0x220/0x220
[ 73.737078][ T5190] ? bpf_lsm_file_ioctl+0x9/0x10
[ 73.742050][ T5190] ? security_file_ioctl+0x81/0xa0
[ 73.747176][ T5190] __se_sys_ioctl+0x81/0x170
[ 73.751900][ T5190] do_syscall_64+0x41/0xc0
[ 73.756340][ T5190] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 73.762245][ T5190] RIP: 0033:0x7f982b3cb329
[ 73.766671][ T5190] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 73.786300][ T5190] RSP: 002b:00007ffd4055bb28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 73.794764][ T5190] RAX: ffffffffffffffda RBX: 00007ffd4055bb50 RCX: 00007f982b3cb329
[ 73.802744][ T5190] RDX: 0000000020000000 RSI: 0000000040305839 RDI: 0000000000000005
[ 73.810733][ T5190] RBP: 0000000000000002 R08: 00007ffd4055b8c6 R09: 00007ffd4055bb70
[pid 5190] ioctl(5, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = 0
[pid 5190] exit_group(0) = ?
[pid 5190] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5190, si_uid=0, si_status=0, si_utime=0, si_stime=28 /* 0.28 s */} ---
umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555555916f0 /* 4 entries */, 32768) = 112
umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./9/binderfs") = 0
[ 73.818728][ T5190] R10: 0000000000000002 R11: 0000000000000246 R12: 00007ffd4055bb4c
[ 73.826705][ T5190] R13: 0000000000000009 R14: 431bde82d7b634db R15: 00007ffd4055bb90
[ 73.834807][ T5190]
umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555599730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555599730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./9/file0") = 0
getdents64(3, 0x5555555916f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./9") = 0
mkdir("./10", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555590650) = 5207
./strace-static-x86_64: Process 5207 attached
[pid 5207] set_robust_list(0x555555590660, 24) = 0
[pid 5207] chdir("./10") = 0
[pid 5207] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5207] setpgid(0, 0) = 0
[pid 5207] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5207] write(3, "1000", 4) = 4
[pid 5207] close(3) = 0
[pid 5207] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5207] memfd_create("syzkaller", 0) = 3
[pid 5207] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9822f8c000
[pid 5207] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5207] munmap(0x7f9822f8c000, 16777216) = 0
[pid 5207] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5207] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5207] close(3) = 0
[pid 5207] mkdir("./file0", 0777) = 0
[ 74.204014][ T5207] loop0: detected capacity change from 0 to 32768
[ 74.214420][ T5207] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz-executor148 (5207)
[ 74.230867][ T5207] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 74.239657][ T5207] BTRFS info (device loop0): setting nodatacow, compression disabled
[ 74.247852][ T5207] BTRFS info (device loop0): using free space tree
[pid 5207] mount("/dev/loop0", "./file0", "btrfs", MS_NODEV, "enospc_debug,nodatacow,subvolid=0x0000000000000005,nodatacow,") = 0
[pid 5207] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5207] chdir("./file0") = 0
[pid 5207] ioctl(4, LOOP_CLR_FD) = 0
[pid 5207] close(4) = 0
[pid 5207] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 5207] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[ 74.267228][ T5207] BTRFS info (device loop0): enabling ssd optimizations
[ 74.274570][ T5207] BTRFS info (device loop0): auto enabling async discard
[pid 5207] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[pid 5207] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 5207] write(6, "10", 2) = 2
[ 74.340104][ T5207] FAULT_INJECTION: forcing a failure.
[ 74.340104][ T5207] name failslab, interval 1, probability 0, space 0, times 0
[ 74.359702][ T41] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 74.369088][ T5207] CPU: 1 PID: 5207 Comm: syz-executor148 Not tainted 6.5.0-rc1-syzkaller-00033-geb26cbb1a754 #0
[ 74.379576][ T5207] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023
[ 74.389668][ T5207] Call Trace:
[ 74.392989][ T5207]
[ 74.395952][ T5207] dump_stack_lvl+0x1e7/0x2d0
[ 74.400700][ T5207] ? nf_tcp_handle_invalid+0x650/0x650
[ 74.406255][ T5207] ? panic+0x770/0x770
[ 74.410372][ T5207] ? __might_sleep+0xc0/0xc0
[ 74.415020][ T5207] should_fail_ex+0x3aa/0x4e0
[ 74.419747][ T5207] should_failslab+0x9/0x20
[ 74.424286][ T5207] slab_pre_alloc_hook+0x59/0x2b0
[ 74.429397][ T5207] kmem_cache_alloc+0x52/0x300
[ 74.434208][ T5207] ? alloc_extent_state+0x25/0x2e0
[ 74.439385][ T5207] alloc_extent_state+0x25/0x2e0
[ 74.444398][ T5207] __set_extent_bit+0x1c8/0x1b00
[ 74.449444][ T5207] set_record_extent_bits+0x51/0x90
[ 74.454701][ T5207] qgroup_reserve_data+0x260/0x8e0
[ 74.459851][ T5207] ? _raw_spin_unlock_irq+0x2e/0x50
[ 74.465079][ T5207] btrfs_qgroup_reserve_data+0x2e/0xc0
[ 74.470548][ T5207] btrfs_zero_range+0xb94/0x1310
[ 74.475509][ T5207] ? hole_mergeable+0x440/0x440
[ 74.480380][ T5207] ? btrfs_lookup_first_ordered_extent+0x4ea/0x680
[ 74.486906][ T5207] ? btrfs_wait_ordered_range+0x241/0x260
[ 74.492637][ T5207] btrfs_fallocate+0xbb5/0x1f90
[ 74.497520][ T5207] ? btrfs_file_open+0xf0/0xf0
[ 74.502306][ T5207] ? read_lock_is_recursive+0x20/0x20
[ 74.507698][ T5207] ? rcu_read_lock_any_held+0xb7/0x160
[ 74.513174][ T5207] ? rcu_read_lock_bh_held+0x120/0x120
[ 74.518650][ T5207] ? __lock_acquire+0x7f70/0x7f70
[ 74.523713][ T5207] vfs_fallocate+0x551/0x6b0
[ 74.528337][ T5207] do_vfs_ioctl+0x22cb/0x2b30
[ 74.533031][ T5207] ? __x64_compat_sys_ioctl+0x90/0x90
[ 74.538443][ T5207] ? __kmem_cache_free+0x25f/0x3b0
[ 74.543590][ T5207] ? tomoyo_path_number_perm+0x663/0x840
[ 74.549238][ T5207] ? tomoyo_path_number_perm+0x6e4/0x840
[ 74.554910][ T5207] ? smack_log+0x123/0x540
[ 74.559359][ T5207] ? tomoyo_check_path_acl+0x1c0/0x1c0
[ 74.564850][ T5207] ? smk_access+0x4b0/0x4b0
[ 74.569394][ T5207] ? _raw_spin_lock_irqsave+0x120/0x120
[ 74.574972][ T5207] ? smk_access+0x477/0x4b0
[ 74.579494][ T5207] ? smk_tskacc+0x2ff/0x360
[ 74.584042][ T5207] ? smack_file_ioctl+0x2a1/0x3a0
[ 74.589095][ T5207] ? smack_file_alloc_security+0xe0/0xe0
[ 74.594739][ T5207] ? do_notify_parent+0xf50/0xf50
[ 74.599784][ T5207] ? print_irqtrace_events+0x220/0x220
[ 74.605293][ T5207] ? bpf_lsm_file_ioctl+0x9/0x10
[ 74.610264][ T5207] ? security_file_ioctl+0x81/0xa0
[ 74.615411][ T5207] __se_sys_ioctl+0x81/0x170
[ 74.620035][ T5207] do_syscall_64+0x41/0xc0
[ 74.624459][ T5207] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 74.630387][ T5207] RIP: 0033:0x7f982b3cb329
[ 74.634810][ T5207] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 74.654422][ T5207] RSP: 002b:00007ffd4055bb28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 74.662866][ T5207] RAX: ffffffffffffffda RBX: 00007ffd4055bb50 RCX: 00007f982b3cb329
[ 74.670844][ T5207] RDX: 0000000020000000 RSI: 0000000040305839 RDI: 0000000000000005
[ 74.678851][ T5207] RBP: 0000000000000002 R08: 00007ffd4055b8c6 R09: 00007ffd4055bb70
[pid 5207] ioctl(5, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = 0
[pid 5207] exit_group(0) = ?
[pid 5207] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5207, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=22 /* 0.22 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555555916f0 /* 4 entries */, 32768) = 112
umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./10/binderfs") = 0
[ 74.686837][ T5207] R10: 0000000000000002 R11: 0000000000000246 R12: 00007ffd4055bb4c
[ 74.694862][ T5207] R13: 000000000000000a R14: 431bde82d7b634db R15: 00007ffd4055bb90
[ 74.702854][ T5207]
umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555599730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555599730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./10/file0") = 0
getdents64(3, 0x5555555916f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./10") = 0
mkdir("./11", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555590650) = 5224
./strace-static-x86_64: Process 5224 attached
[pid 5224] set_robust_list(0x555555590660, 24) = 0
[pid 5224] chdir("./11") = 0
[pid 5224] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5224] setpgid(0, 0) = 0
[pid 5224] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5224] write(3, "1000", 4) = 4
[pid 5224] close(3) = 0
[pid 5224] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5224] memfd_create("syzkaller", 0) = 3
[pid 5224] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9822f8c000
[pid 5224] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5224] munmap(0x7f9822f8c000, 16777216) = 0
[pid 5224] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5224] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5224] close(3) = 0
[pid 5224] mkdir("./file0", 0777) = 0
[ 75.155698][ T5224] loop0: detected capacity change from 0 to 32768
[ 75.167754][ T5224] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz-executor148 (5224)
[ 75.185412][ T5224] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 75.194476][ T5224] BTRFS info (device loop0): setting nodatacow, compression disabled
[pid 5224] mount("/dev/loop0", "./file0", "btrfs", MS_NODEV, "enospc_debug,nodatacow,subvolid=0x0000000000000005,nodatacow,") = 0
[pid 5224] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5224] chdir("./file0") = 0
[pid 5224] ioctl(4, LOOP_CLR_FD) = 0
[pid 5224] close(4) = 0
[pid 5224] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 5224] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 5224] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[pid 5224] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 5224] write(6, "10", 2) = 2
[pid 5224] ioctl(5, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = 0
[pid 5224] exit_group(0) = ?
[ 75.202584][ T5224] BTRFS info (device loop0): using free space tree
[ 75.221778][ T5224] BTRFS info (device loop0): enabling ssd optimizations
[ 75.229035][ T5224] BTRFS info (device loop0): auto enabling async discard
[pid 5224] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5224, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=20 /* 0.20 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555555916f0 /* 4 entries */, 32768) = 112
umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./11/binderfs") = 0
[ 75.281748][ T12] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555599730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555599730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./11/file0") = 0
getdents64(3, 0x5555555916f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./11") = 0
mkdir("./12", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555590650) = 5241
./strace-static-x86_64: Process 5241 attached
[pid 5241] set_robust_list(0x555555590660, 24) = 0
[pid 5241] chdir("./12") = 0
[pid 5241] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5241] setpgid(0, 0) = 0
[pid 5241] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5241] write(3, "1000", 4) = 4
[pid 5241] close(3) = 0
[pid 5241] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5241] memfd_create("syzkaller", 0) = 3
[pid 5241] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9822f8c000
[pid 5241] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5241] munmap(0x7f9822f8c000, 16777216) = 0
[pid 5241] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5241] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5241] close(3) = 0
[pid 5241] mkdir("./file0", 0777) = 0
[ 75.676014][ T5241] loop0: detected capacity change from 0 to 32768
[ 75.688324][ T5241] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz-executor148 (5241)
[ 75.706957][ T5241] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 75.715671][ T5241] BTRFS info (device loop0): setting nodatacow, compression disabled
[pid 5241] mount("/dev/loop0", "./file0", "btrfs", MS_NODEV, "enospc_debug,nodatacow,subvolid=0x0000000000000005,nodatacow,") = 0
[pid 5241] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5241] chdir("./file0") = 0
[pid 5241] ioctl(4, LOOP_CLR_FD) = 0
[pid 5241] close(4) = 0
[pid 5241] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 5241] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 5241] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[pid 5241] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[ 75.723834][ T5241] BTRFS info (device loop0): using free space tree
[ 75.741180][ T5241] BTRFS info (device loop0): enabling ssd optimizations
[ 75.748237][ T5241] BTRFS info (device loop0): auto enabling async discard
[pid 5241] write(6, "10", 2) = 2
[ 75.808358][ T5241] FAULT_INJECTION: forcing a failure.
[ 75.808358][ T5241] name failslab, interval 1, probability 0, space 0, times 0
[ 75.824389][ T12] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 75.833804][ T5241] CPU: 1 PID: 5241 Comm: syz-executor148 Not tainted 6.5.0-rc1-syzkaller-00033-geb26cbb1a754 #0
[ 75.844258][ T5241] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023
[ 75.854347][ T5241] Call Trace:
[ 75.857656][ T5241]
[ 75.860619][ T5241] dump_stack_lvl+0x1e7/0x2d0
[ 75.865359][ T5241] ? nf_tcp_handle_invalid+0x650/0x650
[ 75.870877][ T5241] ? panic+0x770/0x770
[ 75.874993][ T5241] ? __might_sleep+0xc0/0xc0
[ 75.879641][ T5241] should_fail_ex+0x3aa/0x4e0
[ 75.884365][ T5241] should_failslab+0x9/0x20
[ 75.888917][ T5241] slab_pre_alloc_hook+0x59/0x2b0
[ 75.894000][ T5241] ? qgroup_reserve_data+0x1c7/0x8e0
[ 75.899327][ T5241] __kmem_cache_alloc_node+0x4b/0x270
[ 75.904751][ T5241] ? _raw_spin_lock_irq+0xdf/0x120
[ 75.909909][ T5241] ? qgroup_reserve_data+0x1c7/0x8e0
[ 75.915235][ T5241] kmalloc_trace+0x2a/0xe0
[ 75.919696][ T5241] qgroup_reserve_data+0x1c7/0x8e0
[ 75.924852][ T5241] ? _raw_spin_unlock_irq+0x2e/0x50
[ 75.930106][ T5241] btrfs_qgroup_reserve_data+0x2e/0xc0
[ 75.935617][ T5241] btrfs_zero_range+0xb94/0x1310
[ 75.940617][ T5241] ? hole_mergeable+0x440/0x440
[ 75.945513][ T5241] ? btrfs_lookup_first_ordered_extent+0x4ea/0x680
[ 75.952069][ T5241] ? btrfs_wait_ordered_range+0x241/0x260
[ 75.957841][ T5241] btrfs_fallocate+0xbb5/0x1f90
[ 75.962768][ T5241] ? btrfs_file_open+0xf0/0xf0
[ 75.967591][ T5241] ? read_lock_is_recursive+0x20/0x20
[ 75.973024][ T5241] ? rcu_read_lock_any_held+0xb7/0x160
[ 75.978530][ T5241] ? rcu_read_lock_bh_held+0x120/0x120
[ 75.984035][ T5241] ? __lock_acquire+0x7f70/0x7f70
[ 75.989123][ T5241] vfs_fallocate+0x551/0x6b0
[ 75.993799][ T5241] do_vfs_ioctl+0x22cb/0x2b30
[ 75.998505][ T5241] ? __x64_compat_sys_ioctl+0x90/0x90
[ 76.003912][ T5241] ? __kmem_cache_free+0x25f/0x3b0
[ 76.009062][ T5241] ? tomoyo_path_number_perm+0x663/0x840
[ 76.014710][ T5241] ? tomoyo_path_number_perm+0x6e4/0x840
[ 76.020371][ T5241] ? smack_log+0x123/0x540
[ 76.024834][ T5241] ? tomoyo_check_path_acl+0x1c0/0x1c0
[ 76.030355][ T5241] ? smk_access+0x4b0/0x4b0
[ 76.034894][ T5241] ? _raw_spin_lock_irqsave+0x120/0x120
[ 76.040467][ T5241] ? smk_access+0x477/0x4b0
[ 76.045016][ T5241] ? smk_tskacc+0x2ff/0x360
[ 76.049535][ T5241] ? smack_file_ioctl+0x2a1/0x3a0
[ 76.054587][ T5241] ? smack_file_alloc_security+0xe0/0xe0
[ 76.060263][ T5241] ? do_notify_parent+0xf50/0xf50
[ 76.065316][ T5241] ? print_irqtrace_events+0x220/0x220
[ 76.070788][ T5241] ? bpf_lsm_file_ioctl+0x9/0x10
[ 76.075748][ T5241] ? security_file_ioctl+0x81/0xa0
[ 76.080890][ T5241] __se_sys_ioctl+0x81/0x170
[ 76.085496][ T5241] do_syscall_64+0x41/0xc0
[ 76.089922][ T5241] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 76.095847][ T5241] RIP: 0033:0x7f982b3cb329
[ 76.100301][ T5241] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 76.119965][ T5241] RSP: 002b:00007ffd4055bb28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 76.128391][ T5241] RAX: ffffffffffffffda RBX: 00007ffd4055bb50 RCX: 00007f982b3cb329
[ 76.136380][ T5241] RDX: 0000000020000000 RSI: 0000000040305839 RDI: 0000000000000005
[ 76.144385][ T5241] RBP: 0000000000000002 R08: 00007ffd4055b8c6 R09: 00007ffd4055bb70
[pid 5241] ioctl(5, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOMEM (Cannot allocate memory)
[pid 5241] exit_group(0) = ?
[pid 5241] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5241, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=26 /* 0.26 s */} ---
umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555555916f0 /* 4 entries */, 32768) = 112
umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./12/binderfs") = 0
[ 76.152373][ T5241] R10: 0000000000000002 R11: 0000000000000246 R12: 00007ffd4055bb4c
[ 76.160373][ T5241] R13: 000000000000000c R14: 431bde82d7b634db R15: 00007ffd4055bb90
[ 76.168365][ T5241]
umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555599730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555599730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./12/file0") = 0
getdents64(3, 0x5555555916f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./12") = 0
mkdir("./13", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555590650) = 5258
./strace-static-x86_64: Process 5258 attached
[pid 5258] set_robust_list(0x555555590660, 24) = 0
[pid 5258] chdir("./13") = 0
[pid 5258] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5258] setpgid(0, 0) = 0
[pid 5258] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5258] write(3, "1000", 4) = 4
[pid 5258] close(3) = 0
[pid 5258] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5258] memfd_create("syzkaller", 0) = 3
[pid 5258] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9822f8c000
[pid 5258] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5258] munmap(0x7f9822f8c000, 16777216) = 0
[pid 5258] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5258] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5258] close(3) = 0
[pid 5258] mkdir("./file0", 0777) = 0
[ 76.542765][ T5258] loop0: detected capacity change from 0 to 32768
[ 76.555847][ T5258] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz-executor148 (5258)
[ 76.577992][ T5258] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[pid 5258] mount("/dev/loop0", "./file0", "btrfs", MS_NODEV, "enospc_debug,nodatacow,subvolid=0x0000000000000005,nodatacow,") = 0
[pid 5258] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5258] chdir("./file0") = 0
[pid 5258] ioctl(4, LOOP_CLR_FD) = 0
[pid 5258] close(4) = 0
[pid 5258] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 76.586891][ T5258] BTRFS info (device loop0): setting nodatacow, compression disabled
[ 76.595518][ T5258] BTRFS info (device loop0): using free space tree
[ 76.616745][ T5258] BTRFS info (device loop0): enabling ssd optimizations
[ 76.623896][ T5258] BTRFS info (device loop0): auto enabling async discard
[pid 5258] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 5258] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[pid 5258] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 5258] write(6, "10", 2) = 2
[pid 5258] ioctl(5, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = 0
[pid 5258] exit_group(0) = ?
[pid 5258] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5258, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=25 /* 0.25 s */} ---
umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555555916f0 /* 4 entries */, 32768) = 112
umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./13/binderfs") = 0
[ 76.716302][ T41] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555599730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555599730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./13/file0") = 0
getdents64(3, 0x5555555916f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./13") = 0
mkdir("./14", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555590650) = 5275
./strace-static-x86_64: Process 5275 attached
[pid 5275] set_robust_list(0x555555590660, 24) = 0
[pid 5275] chdir("./14") = 0
[pid 5275] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5275] setpgid(0, 0) = 0
[pid 5275] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5275] write(3, "1000", 4) = 4
[pid 5275] close(3) = 0
[pid 5275] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5275] memfd_create("syzkaller", 0) = 3
[pid 5275] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9822f8c000
[pid 5275] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5275] munmap(0x7f9822f8c000, 16777216) = 0
[pid 5275] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5275] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5275] close(3) = 0
[pid 5275] mkdir("./file0", 0777) = 0
[ 77.223587][ T5275] loop0: detected capacity change from 0 to 32768
[ 77.234429][ T5275] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz-executor148 (5275)
[ 77.252819][ T5275] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 77.261946][ T5275] BTRFS info (device loop0): setting nodatacow, compression disabled
[pid 5275] mount("/dev/loop0", "./file0", "btrfs", MS_NODEV, "enospc_debug,nodatacow,subvolid=0x0000000000000005,nodatacow,") = 0
[pid 5275] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5275] chdir("./file0") = 0
[pid 5275] ioctl(4, LOOP_CLR_FD) = 0
[pid 5275] close(4) = 0
[pid 5275] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 5275] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 5275] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[pid 5275] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 5275] write(6, "10", 2) = 2
[ 77.270475][ T5275] BTRFS info (device loop0): using free space tree
[ 77.289858][ T5275] BTRFS info (device loop0): enabling ssd optimizations
[ 77.297017][ T5275] BTRFS info (device loop0): auto enabling async discard
[ 77.345756][ T5275] FAULT_INJECTION: forcing a failure.
[ 77.345756][ T5275] name failslab, interval 1, probability 0, space 0, times 0
[ 77.362410][ T5275] CPU: 0 PID: 5275 Comm: syz-executor148 Not tainted 6.5.0-rc1-syzkaller-00033-geb26cbb1a754 #0
[ 77.364120][ T41] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 77.372860][ T5275] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023
[ 77.372875][ T5275] Call Trace:
[ 77.372884][ T5275]
[ 77.398374][ T5275] dump_stack_lvl+0x1e7/0x2d0
[ 77.403115][ T5275] ? nf_tcp_handle_invalid+0x650/0x650
[ 77.408628][ T5275] ? panic+0x770/0x770
[ 77.412745][ T5275] ? __might_sleep+0xc0/0xc0
[ 77.417392][ T5275] should_fail_ex+0x3aa/0x4e0
[ 77.422151][ T5275] should_failslab+0x9/0x20
[ 77.426695][ T5275] slab_pre_alloc_hook+0x59/0x2b0
[ 77.431780][ T5275] kmem_cache_alloc+0x52/0x300
[ 77.436592][ T5275] ? alloc_extent_state+0x25/0x2e0
[ 77.441762][ T5275] alloc_extent_state+0x25/0x2e0
[ 77.446763][ T5275] __set_extent_bit+0x1c8/0x1b00
[ 77.451783][ T5275] set_record_extent_bits+0x51/0x90
[ 77.457042][ T5275] qgroup_reserve_data+0x260/0x8e0
[ 77.462200][ T5275] ? _raw_spin_unlock_irq+0x2e/0x50
[ 77.467460][ T5275] btrfs_qgroup_reserve_data+0x2e/0xc0
[ 77.472971][ T5275] btrfs_zero_range+0xb94/0x1310
[ 77.477972][ T5275] ? hole_mergeable+0x440/0x440
[ 77.482869][ T5275] ? btrfs_lookup_first_ordered_extent+0x4ea/0x680
[ 77.489426][ T5275] ? btrfs_wait_ordered_range+0x241/0x260
[ 77.495198][ T5275] btrfs_fallocate+0xbb5/0x1f90
[ 77.500121][ T5275] ? btrfs_file_open+0xf0/0xf0
[ 77.504941][ T5275] ? read_lock_is_recursive+0x20/0x20
[ 77.510382][ T5275] ? rcu_read_lock_any_held+0xb7/0x160
[ 77.515890][ T5275] ? rcu_read_lock_bh_held+0x120/0x120
[ 77.521404][ T5275] ? __lock_acquire+0x7f70/0x7f70
[ 77.526492][ T5275] vfs_fallocate+0x551/0x6b0
[ 77.531135][ T5275] do_vfs_ioctl+0x22cb/0x2b30
[ 77.535866][ T5275] ? __x64_compat_sys_ioctl+0x90/0x90
[ 77.541301][ T5275] ? __kmem_cache_free+0x25f/0x3b0
[ 77.546472][ T5275] ? tomoyo_path_number_perm+0x663/0x840
[ 77.552144][ T5275] ? tomoyo_path_number_perm+0x6e4/0x840
[ 77.557795][ T5275] ? smack_log+0x123/0x540
[ 77.562225][ T5275] ? tomoyo_check_path_acl+0x1c0/0x1c0
[ 77.567731][ T5275] ? smk_access+0x4b0/0x4b0
[ 77.572246][ T5275] ? _raw_spin_lock_irqsave+0x120/0x120
[ 77.577803][ T5275] ? smk_access+0x477/0x4b0
[ 77.582336][ T5275] ? smk_tskacc+0x2ff/0x360
[ 77.586858][ T5275] ? smack_file_ioctl+0x2a1/0x3a0
[ 77.591896][ T5275] ? smack_file_alloc_security+0xe0/0xe0
[ 77.597549][ T5275] ? do_notify_parent+0xf50/0xf50
[ 77.602595][ T5275] ? print_irqtrace_events+0x220/0x220
[ 77.608119][ T5275] ? bpf_lsm_file_ioctl+0x9/0x10
[ 77.613072][ T5275] ? security_file_ioctl+0x81/0xa0
[ 77.618194][ T5275] __se_sys_ioctl+0x81/0x170
[ 77.622814][ T5275] do_syscall_64+0x41/0xc0
[ 77.627268][ T5275] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 77.633199][ T5275] RIP: 0033:0x7f982b3cb329
[ 77.637622][ T5275] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 77.657246][ T5275] RSP: 002b:00007ffd4055bb28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 77.665682][ T5275] RAX: ffffffffffffffda RBX: 00007ffd4055bb50 RCX: 00007f982b3cb329
[ 77.673704][ T5275] RDX: 0000000020000000 RSI: 0000000040305839 RDI: 0000000000000005
[ 77.681703][ T5275] RBP: 0000000000000002 R08: 00007ffd4055b8c6 R09: 00007ffd4055bb70
[pid 5275] ioctl(5, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = 0
[pid 5275] exit_group(0) = ?
[pid 5275] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5275, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=26 /* 0.26 s */} ---
umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555555916f0 /* 4 entries */, 32768) = 112
umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./14/binderfs") = 0
[ 77.689690][ T5275] R10: 0000000000000002 R11: 0000000000000246 R12: 00007ffd4055bb4c
[ 77.697684][ T5275] R13: 000000000000000e R14: 431bde82d7b634db R15: 00007ffd4055bb90
[ 77.705701][ T5275]
umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555599730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555599730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./14/file0") = 0
getdents64(3, 0x5555555916f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./14") = 0
mkdir("./15", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555590650) = 5292
./strace-static-x86_64: Process 5292 attached
[pid 5292] set_robust_list(0x555555590660, 24) = 0
[pid 5292] chdir("./15") = 0
[pid 5292] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5292] setpgid(0, 0) = 0
[pid 5292] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5292] write(3, "1000", 4) = 4
[pid 5292] close(3) = 0
[pid 5292] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5292] memfd_create("syzkaller", 0) = 3
[pid 5292] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9822f8c000
[pid 5292] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5292] munmap(0x7f9822f8c000, 16777216) = 0
[pid 5292] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5292] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5292] close(3) = 0
[pid 5292] mkdir("./file0", 0777) = 0
[ 78.061050][ T5292] loop0: detected capacity change from 0 to 32768
[ 78.072074][ T5292] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz-executor148 (5292)
[ 78.088921][ T5292] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 78.097784][ T5292] BTRFS info (device loop0): setting nodatacow, compression disabled
[pid 5292] mount("/dev/loop0", "./file0", "btrfs", MS_NODEV, "enospc_debug,nodatacow,subvolid=0x0000000000000005,nodatacow,") = 0
[pid 5292] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5292] chdir("./file0") = 0
[pid 5292] ioctl(4, LOOP_CLR_FD) = 0
[pid 5292] close(4) = 0
[pid 5292] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 78.106021][ T5292] BTRFS info (device loop0): using free space tree
[ 78.125246][ T5292] BTRFS info (device loop0): enabling ssd optimizations
[ 78.132277][ T5292] BTRFS info (device loop0): auto enabling async discard
[pid 5292] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 5292] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[pid 5292] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 5292] write(6, "10", 2) = 2
[ 78.169027][ T5292] FAULT_INJECTION: forcing a failure.
[ 78.169027][ T5292] name failslab, interval 1, probability 0, space 0, times 0
[ 78.182011][ T5292] CPU: 1 PID: 5292 Comm: syz-executor148 Not tainted 6.5.0-rc1-syzkaller-00033-geb26cbb1a754 #0
[ 78.192468][ T5292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023
[ 78.199407][ T57] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 78.202545][ T5292] Call Trace:
[ 78.202572][ T5292]
[ 78.202582][ T5292] dump_stack_lvl+0x1e7/0x2d0
[ 78.222621][ T5292] ? nf_tcp_handle_invalid+0x650/0x650
[ 78.228142][ T5292] ? panic+0x770/0x770
[ 78.232274][ T5292] should_fail_ex+0x3aa/0x4e0
[ 78.237005][ T5292] should_failslab+0x9/0x20
[ 78.241555][ T5292] slab_pre_alloc_hook+0x59/0x2b0
[ 78.246637][ T5292] ? ulist_add_merge+0x14c/0x480
[ 78.251626][ T5292] __kmem_cache_alloc_node+0x4b/0x270
[ 78.257056][ T5292] ? ulist_add_merge+0x14c/0x480
[ 78.262043][ T5292] kmalloc_trace+0x2a/0xe0
[ 78.266505][ T5292] ulist_add_merge+0x14c/0x480
[ 78.271333][ T5292] __set_extent_bit+0x69e/0x1b00
[ 78.276345][ T5292] set_record_extent_bits+0x51/0x90
[ 78.281605][ T5292] qgroup_reserve_data+0x260/0x8e0
[ 78.286755][ T5292] ? _raw_spin_unlock_irq+0x2e/0x50
[ 78.291986][ T5292] btrfs_qgroup_reserve_data+0x2e/0xc0
[ 78.297464][ T5292] btrfs_zero_range+0xb94/0x1310
[ 78.302445][ T5292] ? hole_mergeable+0x440/0x440
[ 78.307323][ T5292] ? btrfs_lookup_first_ordered_extent+0x4ea/0x680
[ 78.313901][ T5292] ? btrfs_wait_ordered_range+0x241/0x260
[ 78.319639][ T5292] btrfs_fallocate+0xbb5/0x1f90
[ 78.324528][ T5292] ? btrfs_file_open+0xf0/0xf0
[ 78.329314][ T5292] ? read_lock_is_recursive+0x20/0x20
[ 78.334715][ T5292] ? rcu_read_lock_any_held+0xb7/0x160
[ 78.340194][ T5292] ? rcu_read_lock_bh_held+0x120/0x120
[ 78.345678][ T5292] ? __lock_acquire+0x7f70/0x7f70
[ 78.350737][ T5292] vfs_fallocate+0x551/0x6b0
[ 78.355346][ T5292] do_vfs_ioctl+0x22cb/0x2b30
[ 78.360047][ T5292] ? __x64_compat_sys_ioctl+0x90/0x90
[ 78.365445][ T5292] ? __kmem_cache_free+0x25f/0x3b0
[ 78.370574][ T5292] ? tomoyo_path_number_perm+0x663/0x840
[ 78.376244][ T5292] ? tomoyo_path_number_perm+0x6e4/0x840
[ 78.381905][ T5292] ? smack_log+0x123/0x540
[ 78.386348][ T5292] ? tomoyo_check_path_acl+0x1c0/0x1c0
[ 78.391829][ T5292] ? smk_access+0x4b0/0x4b0
[ 78.396351][ T5292] ? _raw_spin_lock_irqsave+0x120/0x120
[ 78.401939][ T5292] ? smk_access+0x477/0x4b0
[ 78.406481][ T5292] ? smk_tskacc+0x2ff/0x360
[ 78.411024][ T5292] ? smack_file_ioctl+0x2a1/0x3a0
[ 78.416069][ T5292] ? smack_file_alloc_security+0xe0/0xe0
[ 78.421724][ T5292] ? do_notify_parent+0xf50/0xf50
[ 78.426763][ T5292] ? print_irqtrace_events+0x220/0x220
[ 78.432245][ T5292] ? bpf_lsm_file_ioctl+0x9/0x10
[ 78.437206][ T5292] ? security_file_ioctl+0x81/0xa0
[ 78.442336][ T5292] __se_sys_ioctl+0x81/0x170
[ 78.446950][ T5292] do_syscall_64+0x41/0xc0
[ 78.451385][ T5292] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 78.457294][ T5292] RIP: 0033:0x7f982b3cb329
[ 78.461717][ T5292] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 78.481419][ T5292] RSP: 002b:00007ffd4055bb28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 78.489846][ T5292] RAX: ffffffffffffffda RBX: 00007ffd4055bb50 RCX: 00007f982b3cb329
[ 78.497833][ T5292] RDX: 0000000020000000 RSI: 0000000040305839 RDI: 0000000000000005
[ 78.505816][ T5292] RBP: 0000000000000002 R08: 00007ffd4055b8c6 R09: 00007ffd4055bb70
[ 78.513796][ T5292] R10: 0000000000000002 R11: 0000000000000246 R12: 00007ffd4055bb4c
[ 78.521774][ T5292] R13: 000000000000000f R14: 431bde82d7b634db R15: 00007ffd4055bb90
[ 78.529870][ T5292]
[ 78.533828][ T5292] ------------[ cut here ]------------
[ 78.539329][ T5292] kernel BUG at fs/btrfs/extent-io-tree.c:379!
[ 78.545860][ T5292] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[ 78.551961][ T5292] CPU: 1 PID: 5292 Comm: syz-executor148 Not tainted 6.5.0-rc1-syzkaller-00033-geb26cbb1a754 #0
[ 78.562405][ T5292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023
[ 78.572487][ T5292] RIP: 0010:__set_extent_bit+0x188d/0x1b00
[ 78.578339][ T5292] Code: 33 fe e9 db fc ff ff 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c ff fd ff ff 4c 89 e7 e8 9d 22 33 fe e9 f2 fd ff ff e8 a3 6a da fd <0f> 0b e8 9c 6a da fd 48 8b 44 24 18 48 83 c0 08 48 89 c3 48 c1 e8
[ 78.597982][ T5292] RSP: 0018:ffffc90004f9f478 EFLAGS: 00010293
[ 78.604084][ T5292] RAX: ffffffff83b1990d RBX: 00000000fffffff4 RCX: ffff888079df9dc0
[ 78.612089][ T5292] RDX: 0000000000000000 RSI: 00000000fffffff4 RDI: 0000000000000000
[ 78.620082][ T5292] RBP: ffff8880774de1fc R08: ffffffff83b18729 R09: 1ffffffff1a83f1e
[ 78.628065][ T5292] R10: dffffc0000000000 R11: fffffbfff1a83f1f R12: ffff8880774de1fc
[ 78.636038][ T5292] R13: ffff8880774de180 R14: 0000000000000000 R15: 1ffff1100ee9bc3f
[ 78.644028][ T5292] FS: 0000555555590380(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[ 78.652983][ T5292] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 78.659571][ T5292] CR2: 00007f982b448100 CR3: 0000000021db0000 CR4: 00000000003506e0
[ 78.667552][ T5292] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 78.675525][ T5292] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 78.683499][ T5292] Call Trace:
[ 78.686782][ T5292]
[ 78.689715][ T5292] ? __die_body+0x5e/0xa0
[ 78.694060][ T5292] ? die+0x87/0xb0
[ 78.697816][ T5292] ? do_trap+0x11e/0x350
[ 78.702066][ T5292] ? __set_extent_bit+0x188d/0x1b00
[ 78.707276][ T5292] ? __set_extent_bit+0x188d/0x1b00
[ 78.712488][ T5292] ? do_error_trap+0x141/0x1f0
[ 78.717254][ T5292] ? __set_extent_bit+0x188d/0x1b00
[ 78.722470][ T5292] ? do_int3+0x30/0x30
[ 78.726547][ T5292] ? handle_invalid_op+0x2c/0x40
[ 78.731485][ T5292] ? __set_extent_bit+0x188d/0x1b00
[ 78.736696][ T5292] ? exc_invalid_op+0x33/0x50
[ 78.741378][ T5292] ? asm_exc_invalid_op+0x1a/0x20
[ 78.746415][ T5292] ? __set_extent_bit+0x6a9/0x1b00
[ 78.751536][ T5292] ? __set_extent_bit+0x188d/0x1b00
[ 78.756748][ T5292] ? __set_extent_bit+0x188d/0x1b00
[ 78.761963][ T5292] ? __set_extent_bit+0x188d/0x1b00
[ 78.767184][ T5292] set_record_extent_bits+0x51/0x90
[ 78.772401][ T5292] qgroup_reserve_data+0x260/0x8e0
[ 78.777516][ T5292] ? _raw_spin_unlock_irq+0x2e/0x50
[ 78.782728][ T5292] btrfs_qgroup_reserve_data+0x2e/0xc0
[ 78.788200][ T5292] btrfs_zero_range+0xb94/0x1310
[ 78.793253][ T5292] ? hole_mergeable+0x440/0x440
[ 78.798137][ T5292] ? btrfs_lookup_first_ordered_extent+0x4ea/0x680
[ 78.804658][ T5292] ? btrfs_wait_ordered_range+0x241/0x260
[ 78.810395][ T5292] btrfs_fallocate+0xbb5/0x1f90
[ 78.815272][ T5292] ? btrfs_file_open+0xf0/0xf0
[ 78.820142][ T5292] ? read_lock_is_recursive+0x20/0x20
[ 78.825548][ T5292] ? rcu_read_lock_any_held+0xb7/0x160
[ 78.831033][ T5292] ? rcu_read_lock_bh_held+0x120/0x120
[ 78.836510][ T5292] ? __lock_acquire+0x7f70/0x7f70
[ 78.841550][ T5292] vfs_fallocate+0x551/0x6b0
[ 78.846153][ T5292] do_vfs_ioctl+0x22cb/0x2b30
[ 78.850882][ T5292] ? __x64_compat_sys_ioctl+0x90/0x90
[ 78.856276][ T5292] ? __kmem_cache_free+0x25f/0x3b0
[ 78.861406][ T5292] ? tomoyo_path_number_perm+0x663/0x840
[ 78.867046][ T5292] ? tomoyo_path_number_perm+0x6e4/0x840
[ 78.872688][ T5292] ? smack_log+0x123/0x540
[ 78.877110][ T5292] ? tomoyo_check_path_acl+0x1c0/0x1c0
[ 78.882578][ T5292] ? smk_access+0x4b0/0x4b0
[ 78.887089][ T5292] ? _raw_spin_lock_irqsave+0x120/0x120
[ 78.892643][ T5292] ? smk_access+0x477/0x4b0
[ 78.897159][ T5292] ? smk_tskacc+0x2ff/0x360
[ 78.901674][ T5292] ? smack_file_ioctl+0x2a1/0x3a0
[ 78.906705][ T5292] ? smack_file_alloc_security+0xe0/0xe0
[ 78.912346][ T5292] ? do_notify_parent+0xf50/0xf50
[ 78.917374][ T5292] ? print_irqtrace_events+0x220/0x220
[ 78.922941][ T5292] ? bpf_lsm_file_ioctl+0x9/0x10
[ 78.927893][ T5292] ? security_file_ioctl+0x81/0xa0
[ 78.933013][ T5292] __se_sys_ioctl+0x81/0x170
[ 78.937616][ T5292] do_syscall_64+0x41/0xc0
[ 78.942039][ T5292] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 78.947947][ T5292] RIP: 0033:0x7f982b3cb329
[ 78.952369][ T5292] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 78.971977][ T5292] RSP: 002b:00007ffd4055bb28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 78.980397][ T5292] RAX: ffffffffffffffda RBX: 00007ffd4055bb50 RCX: 00007f982b3cb329
[ 78.988378][ T5292] RDX: 0000000020000000 RSI: 0000000040305839 RDI: 0000000000000005
[ 78.996354][ T5292] RBP: 0000000000000002 R08: 00007ffd4055b8c6 R09: 00007ffd4055bb70
[ 79.004341][ T5292] R10: 0000000000000002 R11: 0000000000000246 R12: 00007ffd4055bb4c
[ 79.012316][ T5292] R13: 000000000000000f R14: 431bde82d7b634db R15: 00007ffd4055bb90
[ 79.020300][ T5292]
[ 79.023321][ T5292] Modules linked in:
[ 79.027331][ T5292] ---[ end trace 0000000000000000 ]---
[ 79.032811][ T5292] RIP: 0010:__set_extent_bit+0x188d/0x1b00
[ 79.038804][ T5292] Code: 33 fe e9 db fc ff ff 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c ff fd ff ff 4c 89 e7 e8 9d 22 33 fe e9 f2 fd ff ff e8 a3 6a da fd <0f> 0b e8 9c 6a da fd 48 8b 44 24 18 48 83 c0 08 48 89 c3 48 c1 e8
[ 79.058502][ T5292] RSP: 0018:ffffc90004f9f478 EFLAGS: 00010293
[ 79.064636][ T5292] RAX: ffffffff83b1990d RBX: 00000000fffffff4 RCX: ffff888079df9dc0
[ 79.072643][ T5292] RDX: 0000000000000000 RSI: 00000000fffffff4 RDI: 0000000000000000
[ 79.080678][ T5292] RBP: ffff8880774de1fc R08: ffffffff83b18729 R09: 1ffffffff1a83f1e
[ 79.088782][ T5292] R10: dffffc0000000000 R11: fffffbfff1a83f1f R12: ffff8880774de1fc
[ 79.096812][ T5292] R13: ffff8880774de180 R14: 0000000000000000 R15: 1ffff1100ee9bc3f
[ 79.104817][ T5292] FS: 0000555555590380(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[ 79.113805][ T5292] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 79.120464][ T5292] CR2: 00007f982b448100 CR3: 0000000021db0000 CR4: 00000000003506e0
[ 79.128509][ T5292] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 79.136546][ T5292] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 79.144574][ T5292] Kernel panic - not syncing: Fatal exception
[ 79.150944][ T5292] Kernel Offset: disabled
[ 79.155273][ T5292] Rebooting in 86400 seconds..