./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2372950584

<...>
DUID 00:04:f8:32:f0:25:6b:f7:7b:d6:d2:5e:34:7f:1d:07:e3:4e
forked to background, child pid 4643
[   30.865839][ T4644] 8021q: adding VLAN 0 to HW filter on device bond0
[   30.875767][ T4644] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.0.196' (ECDSA) to the list of known hosts.
execve("./syz-executor2372950584", ["./syz-executor2372950584"], 0x7ffd07c1e0d0 /* 10 vars */) = 0
brk(NULL)                               = 0x555555596000
brk(0x555555596c40)                     = 0x555555596c40
arch_prctl(ARCH_SET_FS, 0x555555596300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor2372950584", 4096) = 28
brk(0x5555555b7c40)                     = 0x5555555b7c40
brk(0x5555555b8000)                     = 0x5555555b8000
mprotect(0x7fc24bf1f000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
getpid()                                = 5065
mkdir("./syzkaller.4V057c", 0700)       = 0
chmod("./syzkaller.4V057c", 0777)       = 0
chdir("./syzkaller.4V057c")             = 0
mkdir("./0", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5067 attached
 <unfinished ...>
[pid  5067] chdir("./0")                = 0
[pid  5067] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5067] setpgid(0, 0)               = 0
[pid  5067] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5067] write(3, "1000", 4)         = 4
[pid  5067] close(3)                    = 0
[pid  5067] symlink("/dev/binderfs", "./binderfs" <unfinished ...>
[pid  5065] <... clone resumed>, child_tidptr=0x5555555965d0) = 5067
[pid  5067] <... symlink resumed>)      = 0
[pid  5067] memfd_create("syzkaller", 0) = 3
[pid  5067] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc243a5e000
[pid  5067] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  5067] munmap(0x7fc243a5e000, 16777216) = 0
[pid  5067] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5067] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5067] close(3)                    = 0
[pid  5067] mkdir("./file0", 0777)      = 0
syzkaller login: [   58.314920][ T5067] loop0: detected capacity change from 0 to 32768
[   58.327187][ T5067] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz-executor237 (5067)
[   58.348931][ T5067] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[pid  5067] mount("/dev/loop0", "./file0", "btrfs", MS_NODEV, "enospc_debug,nodatacow,subvolid=0x0000000000000005,nodatacow,") = 0
[pid  5067] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5067] chdir("./file0")            = 0
[pid  5067] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5067] close(4)                    = 0
[pid  5067] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[   58.358280][ T5067] BTRFS info (device loop0): setting nodatacow, compression disabled
[   58.366823][ T5067] BTRFS info (device loop0): using free space tree
[   58.389253][ T5067] BTRFS info (device loop0): enabling ssd optimizations
[   58.396596][ T5067] BTRFS info (device loop0): auto enabling async discard
[pid  5067] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid  5067] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[pid  5067] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid  5067] write(6, "10", 2)           = 2
[   58.471652][ T5067] FAULT_INJECTION: forcing a failure.
[   58.471652][ T5067] name failslab, interval 1, probability 0, space 0, times 1
[   58.485169][ T5067] CPU: 1 PID: 5067 Comm: syz-executor237 Not tainted 6.2.0-rc3-syzkaller-00021-g7dd4b804e080 #0
[   58.495603][ T5067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   58.505661][ T5067] Call Trace:
[   58.508938][ T5067]  <TASK>
[   58.511861][ T5067]  dump_stack_lvl+0x1b1/0x290
[   58.516568][ T5067]  ? nf_tcp_handle_invalid+0x630/0x630
[   58.522025][ T5067]  ? panic+0x710/0x710
[   58.526088][ T5067]  ? __might_sleep+0xc0/0xc0
[   58.530685][ T5067]  should_fail_ex+0x3aa/0x4e0
[   58.535551][ T5067]  ? join_transaction+0x147/0xe50
[   58.540674][ T5067]  should_failslab+0x5/0x20
[   58.545175][ T5067]  __kmem_cache_alloc_node+0x68/0x340
[   58.550540][ T5067]  ? do_raw_spin_unlock+0x134/0x8a0
[   58.555739][ T5067]  ? join_transaction+0x147/0xe50
[   58.560757][ T5067]  kmalloc_trace+0x26/0x60
[   58.565179][ T5067]  join_transaction+0x147/0xe50
[   58.570206][ T5067]  start_transaction+0x73b/0x10f0
[   58.575248][ T5067]  btrfs_dirty_inode+0xa5/0x1a0
[   58.580092][ T5067]  ? btrfs_fiemap+0x1e0/0x1e0
[   58.584763][ T5067]  file_modified_flags+0x531/0x700
[   58.589872][ T5067]  ? file_modified+0x20/0x20
[   58.594453][ T5067]  ? rcu_lock_release+0x5/0x20
[   58.599208][ T5067]  ? unwind_get_return_address+0x48/0x80
[   58.604846][ T5067]  btrfs_fallocate+0x67f/0x2020
[   58.609712][ T5067]  ? btrfs_file_open+0x80/0x80
[   58.614474][ T5067]  ? read_lock_is_recursive+0x10/0x10
[   58.619934][ T5067]  ? rcu_read_lock_any_held+0xb1/0x130
[   58.625472][ T5067]  ? rcu_read_lock_bh_held+0xf0/0xf0
[   58.630753][ T5067]  ? apparmor_file_permission+0x2da/0x310
[   58.636475][ T5067]  vfs_fallocate+0x515/0x670
[   58.641064][ T5067]  do_vfs_ioctl+0x2163/0x2980
[   58.645830][ T5067]  ? __x64_compat_sys_ioctl+0x80/0x80
[   58.651283][ T5067]  ? slab_free_freelist_hook+0x12e/0x1a0
[   58.657618][ T5067]  ? tomoyo_path_number_perm+0x5af/0x780
[   58.663248][ T5067]  ? __kmem_cache_free+0x71/0x110
[   58.668965][ T5067]  ? tomoyo_path_number_perm+0x629/0x780
[   58.674604][ T5067]  ? tomoyo_check_path_acl+0x1c0/0x1c0
[   58.680065][ T5067]  ? _raw_spin_lock_irqsave+0x100/0x100
[   58.685633][ T5067]  ? do_notify_parent+0xe00/0xe00
[   58.690749][ T5067]  ? bpf_lsm_file_ioctl+0x5/0x10
[   58.695686][ T5067]  ? security_file_ioctl+0x9d/0xb0
[   58.700794][ T5067]  __se_sys_ioctl+0x83/0x170
[   58.705380][ T5067]  do_syscall_64+0x3d/0xb0
[   58.709804][ T5067]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   58.715866][ T5067] RIP: 0033:0x7fc24beabb49
[   58.720296][ T5067] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   58.740703][ T5067] RSP: 002b:00007ffcf7999608 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   58.749246][ T5067] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fc24beabb49
[   58.757238][ T5067] RDX: 0000000020000000 RSI: 0000000040305839 RDI: 0000000000000005
[   58.765222][ T5067] RBP: 00007ffcf7999630 R08: 0000000000000002 R09: 00007ffcf7999640
[pid  5067] ioctl(5, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOMEM (Cannot allocate memory)
[pid  5067] exit_group(0)               = ?
[pid  5067] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5067, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=22 /* 0.22 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555597620 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./0/binderfs")                  = 0
[   58.773302][ T5067] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[   58.781474][ T5067] R13: 00007ffcf7999670 R14: 00007ffcf7999650 R15: 0000000000000000
[   58.789747][ T5067]  </TASK>
[   58.798680][   T75] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555559f660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555559f660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./0/file0")                      = 0
getdents64(3, 0x555555597620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./0")                            = 0
mkdir("./1", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555965d0) = 5095
./strace-static-x86_64: Process 5095 attached
[pid  5095] chdir("./1")                = 0
[pid  5095] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5095] setpgid(0, 0)               = 0
[pid  5095] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5095] write(3, "1000", 4)         = 4
[pid  5095] close(3)                    = 0
[pid  5095] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5095] memfd_create("syzkaller", 0) = 3
[pid  5095] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc243a5e000
[pid  5095] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  5095] munmap(0x7fc243a5e000, 16777216) = 0
[pid  5095] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5095] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5095] close(3)                    = 0
[pid  5095] mkdir("./file0", 0777)      = 0
[   59.143310][ T5095] loop0: detected capacity change from 0 to 32768
[   59.158526][ T5095] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[   59.167396][ T5095] BTRFS info (device loop0): setting nodatacow, compression disabled
[   59.175672][ T5095] BTRFS info (device loop0): using free space tree
[pid  5095] mount("/dev/loop0", "./file0", "btrfs", MS_NODEV, "enospc_debug,nodatacow,subvolid=0x0000000000000005,nodatacow,") = 0
[pid  5095] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5095] chdir("./file0")            = 0
[pid  5095] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5095] close(4)                    = 0
[pid  5095] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid  5095] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[   59.194005][ T5095] BTRFS info (device loop0): enabling ssd optimizations
[   59.200985][ T5095] BTRFS info (device loop0): auto enabling async discard
[pid  5095] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[pid  5095] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid  5095] write(6, "10", 2)           = 2
[   59.255188][   T75] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[   59.260388][ T5095] FAULT_INJECTION: forcing a failure.
[   59.260388][ T5095] name failslab, interval 1, probability 0, space 0, times 0
[   59.278642][ T5095] CPU: 0 PID: 5095 Comm: syz-executor237 Not tainted 6.2.0-rc3-syzkaller-00021-g7dd4b804e080 #0
[   59.289447][ T5095] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   59.299535][ T5095] Call Trace:
[   59.302836][ T5095]  <TASK>
[   59.305789][ T5095]  dump_stack_lvl+0x1b1/0x290
[   59.310507][ T5095]  ? nf_tcp_handle_invalid+0x630/0x630
[   59.315997][ T5095]  ? panic+0x710/0x710
[   59.320120][ T5095]  should_fail_ex+0x3aa/0x4e0
[   59.324928][ T5095]  ? alloc_extent_map+0x1d/0x130
[   59.329902][ T5095]  should_failslab+0x5/0x20
[   59.334520][ T5095]  kmem_cache_alloc+0x69/0x350
[   59.339766][ T5095]  ? mark_lock+0x9a/0x350
[   59.344480][ T5095]  alloc_extent_map+0x1d/0x130
[   59.349279][ T5095]  btrfs_get_extent+0x277/0x1310
[   59.354256][ T5095]  ? rcu_read_lock_sched_held+0x87/0x110
[   59.360032][ T5095]  ? btrfs_cont_expand+0xd00/0xd00
[   59.365370][ T5095]  ? mark_lock+0x9a/0x350
[   59.369924][ T5095]  btrfs_zero_range+0x1aa/0x1300
[   59.374909][ T5095]  ? hole_mergeable+0x420/0x420
[   59.379959][ T5095]  ? _raw_spin_unlock_irq+0x2a/0x40
[   59.385186][ T5095]  ? btrfs_lookup_first_ordered_extent+0x486/0x4c0
[   59.391732][ T5095]  btrfs_fallocate+0xb73/0x2020
[   59.396638][ T5095]  ? btrfs_file_open+0x80/0x80
[   59.401600][ T5095]  ? read_lock_is_recursive+0x10/0x10
[   59.407414][ T5095]  ? rcu_read_lock_any_held+0xb1/0x130
[   59.412972][ T5095]  ? rcu_read_lock_bh_held+0xf0/0xf0
[   59.418376][ T5095]  ? apparmor_file_permission+0x2da/0x310
[   59.424413][ T5095]  vfs_fallocate+0x515/0x670
[   59.429027][ T5095]  do_vfs_ioctl+0x2163/0x2980
[   59.433707][ T5095]  ? __x64_compat_sys_ioctl+0x80/0x80
[   59.439075][ T5095]  ? slab_free_freelist_hook+0x12e/0x1a0
[   59.444795][ T5095]  ? tomoyo_path_number_perm+0x5af/0x780
[   59.450708][ T5095]  ? __kmem_cache_free+0x71/0x110
[   59.455781][ T5095]  ? tomoyo_path_number_perm+0x629/0x780
[   59.461450][ T5095]  ? tomoyo_check_path_acl+0x1c0/0x1c0
[   59.466916][ T5095]  ? _raw_spin_lock_irqsave+0x100/0x100
[   59.472497][ T5095]  ? do_notify_parent+0xe00/0xe00
[   59.477641][ T5095]  ? bpf_lsm_file_ioctl+0x5/0x10
[   59.482580][ T5095]  ? security_file_ioctl+0x9d/0xb0
[   59.487867][ T5095]  __se_sys_ioctl+0x83/0x170
[   59.492458][ T5095]  do_syscall_64+0x3d/0xb0
[   59.496968][ T5095]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   59.502869][ T5095] RIP: 0033:0x7fc24beabb49
[   59.507277][ T5095] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   59.527145][ T5095] RSP: 002b:00007ffcf7999608 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   59.535817][ T5095] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fc24beabb49
[   59.543811][ T5095] RDX: 0000000020000000 RSI: 0000000040305839 RDI: 0000000000000005
[pid  5095] ioctl(5, _IOC(_IOC_WRITE, 0x58, 0x39, 0x30), 0x20000000) = -1 ENOMEM (Cannot allocate memory)
[pid  5095] exit_group(0)               = ?
[pid  5095] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5095, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=24 /* 0.24 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555597620 /* 4 entries */, 32768) = 112
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./1/binderfs")                  = 0
[   59.552053][ T5095] RBP: 00007ffcf7999630 R08: 0000000000000002 R09: 00007ffcf7999640
[   59.560024][ T5095] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[   59.568420][ T5095] R13: 00007ffcf7999670 R14: 00007ffcf7999650 R15: 0000000000000001
[   59.576406][ T5095]  </TASK>
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555559f660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555559f660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./1/file0")                      = 0
getdents64(3, 0x555555597620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./1")                            = 0
mkdir("./2", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555965d0) = 5117
./strace-static-x86_64: Process 5117 attached
[pid  5117] chdir("./2")                = 0
[pid  5117] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5117] setpgid(0, 0)               = 0
[pid  5117] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5117] write(3, "1000", 4)         = 4
[pid  5117] close(3)                    = 0
[pid  5117] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5117] memfd_create("syzkaller", 0) = 3
[pid  5117] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc243a5e000
[pid  5117] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  5117] munmap(0x7fc243a5e000, 16777216) = 0
[pid  5117] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5117] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5117] close(3)                    = 0
[pid  5117] mkdir("./file0", 0777)      = 0
[   59.870599][ T5117] loop0: detected capacity change from 0 to 32768
[   59.882034][ T5117] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[   59.890915][ T5117] BTRFS info (device loop0): setting nodatacow, compression disabled
[   59.899117][ T5117] BTRFS info (device loop0): using free space tree
[pid  5117] mount("/dev/loop0", "./file0", "btrfs", MS_NODEV, "enospc_debug,nodatacow,subvolid=0x0000000000000005,nodatacow,") = 0
[pid  5117] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5117] chdir("./file0")            = 0
[pid  5117] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5117] close(4)                    = 0
[pid  5117] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid  5117] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid  5117] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[pid  5117] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid  5117] write(6, "10", 2)           = 2
[   59.919948][ T5117] BTRFS info (device loop0): enabling ssd optimizations
[   59.927057][ T5117] BTRFS info (device loop0): auto enabling async discard
[   59.979159][ T5117] FAULT_INJECTION: forcing a failure.
[   59.979159][ T5117] name failslab, interval 1, probability 0, space 0, times 0
[   59.992254][ T5117] CPU: 1 PID: 5117 Comm: syz-executor237 Not tainted 6.2.0-rc3-syzkaller-00021-g7dd4b804e080 #0
[   59.995961][   T75] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[   60.002761][ T5117] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   60.002786][ T5117] Call Trace:
[   60.002792][ T5117]  <TASK>
[   60.002799][ T5117]  dump_stack_lvl+0x1b1/0x290
[   60.002829][ T5117]  ? nf_tcp_handle_invalid+0x630/0x630
[   60.039223][ T5117]  ? panic+0x710/0x710
[   60.043307][ T5117]  should_fail_ex+0x3aa/0x4e0
[   60.047983][ T5117]  ? ulist_add_merge+0x15f/0x4b0
[   60.053017][ T5117]  should_failslab+0x5/0x20
[   60.057532][ T5117]  __kmem_cache_alloc_node+0x68/0x340
[   60.062907][ T5117]  ? do_raw_spin_lock+0x147/0x3a0
[   60.067934][ T5117]  ? ulist_add_merge+0x15f/0x4b0
[   60.073146][ T5117]  kmalloc_trace+0x26/0x60
[   60.077578][ T5117]  ulist_add_merge+0x15f/0x4b0
[   60.082523][ T5117]  __set_extent_bit+0x6c3/0x1c90
[   60.087475][ T5117]  set_record_extent_bits+0x52/0x80
[   60.092672][ T5117]  qgroup_reserve_data+0x27b/0x6f0
[   60.097866][ T5117]  ? btrfs_lookup_first_ordered_range+0x397/0x3d0
[   60.104650][ T5117]  ? truncate_pagecache_range+0x83/0xb0
[   60.110517][ T5117]  btrfs_qgroup_reserve_data+0x2a/0xc0
[   60.116023][ T5117]  btrfs_zero_range+0xb78/0x1300
[   60.121093][ T5117]  ? hole_mergeable+0x420/0x420
[   60.126274][ T5117]  ? _raw_spin_unlock_irq+0x2a/0x40
[   60.131649][ T5117]  ? btrfs_lookup_first_ordered_extent+0x486/0x4c0
[   60.138559][ T5117]  btrfs_fallocate+0xb73/0x2020
[   60.143737][ T5117]  ? btrfs_file_open+0x80/0x80
[   60.148542][ T5117]  ? read_lock_is_recursive+0x10/0x10
[   60.153965][ T5117]  ? rcu_read_lock_any_held+0xb1/0x130
[   60.159439][ T5117]  ? rcu_read_lock_bh_held+0xf0/0xf0
[   60.164846][ T5117]  ? apparmor_file_permission+0x2da/0x310
[   60.170774][ T5117]  vfs_fallocate+0x515/0x670
[   60.175370][ T5117]  do_vfs_ioctl+0x2163/0x2980
[   60.180176][ T5117]  ? __x64_compat_sys_ioctl+0x80/0x80
[   60.185781][ T5117]  ? slab_free_freelist_hook+0x12e/0x1a0
[   60.191805][ T5117]  ? tomoyo_path_number_perm+0x5af/0x780
[   60.197658][ T5117]  ? __kmem_cache_free+0x71/0x110
[   60.203124][ T5117]  ? tomoyo_path_number_perm+0x629/0x780
[   60.208949][ T5117]  ? tomoyo_check_path_acl+0x1c0/0x1c0
[   60.214426][ T5117]  ? _raw_spin_lock_irqsave+0x100/0x100
[   60.220282][ T5117]  ? do_notify_parent+0xe00/0xe00
[   60.225504][ T5117]  ? bpf_lsm_file_ioctl+0x5/0x10
[   60.230449][ T5117]  ? security_file_ioctl+0x9d/0xb0
[   60.235566][ T5117]  __se_sys_ioctl+0x83/0x170
[   60.240192][ T5117]  do_syscall_64+0x3d/0xb0
[   60.244648][ T5117]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   60.250634][ T5117] RIP: 0033:0x7fc24beabb49
[   60.255073][ T5117] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   60.274774][ T5117] RSP: 002b:00007ffcf7999608 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   60.283710][ T5117] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fc24beabb49
[   60.291846][ T5117] RDX: 0000000020000000 RSI: 0000000040305839 RDI: 0000000000000005
[   60.299898][ T5117] RBP: 00007ffcf7999630 R08: 0000000000000002 R09: 00007ffcf7999640
[   60.307865][ T5117] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[   60.316272][ T5117] R13: 00007ffcf7999670 R14: 00007ffcf7999650 R15: 0000000000000002
[   60.324268][ T5117]  </TASK>
[   60.328070][ T5117] ------------[ cut here ]------------
[   60.333594][ T5117] kernel BUG at fs/btrfs/extent-io-tree.c:379!
[   60.339863][ T5117] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[   60.347519][ T5117] CPU: 1 PID: 5117 Comm: syz-executor237 Not tainted 6.2.0-rc3-syzkaller-00021-g7dd4b804e080 #0
[   60.357952][ T5117] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   60.369313][ T5117] RIP: 0010:__set_extent_bit+0x1c2f/0x1c90
[   60.375128][ T5117] Code: 48 c7 c6 4a b6 cc 8c ba 47 01 00 00 89 e9 49 c7 c0 00 1b 3c 8b 31 c0 e8 ff 8e fb 06 0f 0b e8 68 84 d7 fd 0f 0b e8 61 84 d7 fd <0f> 0b e8 5a 84 d7 fd 49 83 c4 08 4c 89 e5 49 c1 ec 03 43 80 3c 34
[   60.394823][ T5117] RSP: 0018:ffffc90003dcf468 EFLAGS: 00010293
[   60.400884][ T5117] RAX: ffffffff83b456ff RBX: 00000000fffffff4 RCX: ffff888019d80000
[   60.409096][ T5117] RDX: 0000000000000000 RSI: 00000000fffffff4 RDI: 0000000000000000
[   60.417107][ T5117] RBP: 0000000000000800 R08: ffffffff83b4419e R09: 00000000ffffffff
[   60.425335][ T5117] R10: fffffbfff1a8331b R11: 1ffffffff1a8331a R12: 0000000000000000
[   60.433398][ T5117] R13: ffff888020fd9900 R14: 1ffff110041fb32f R15: ffff888020fd997c
[   60.441365][ T5117] FS:  0000555555596300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[   60.450377][ T5117] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   60.457559][ T5117] CR2: 00007fc24bf23140 CR3: 000000007ea4d000 CR4: 00000000003506e0
[   60.465521][ T5117] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   60.473479][ T5117] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   60.481446][ T5117] Call Trace:
[   60.484711][ T5117]  <TASK>
[   60.487636][ T5117]  set_record_extent_bits+0x52/0x80
[   60.492829][ T5117]  qgroup_reserve_data+0x27b/0x6f0
[   60.497931][ T5117]  ? btrfs_lookup_first_ordered_range+0x397/0x3d0
[   60.504335][ T5117]  ? truncate_pagecache_range+0x83/0xb0
[   60.510673][ T5117]  btrfs_qgroup_reserve_data+0x2a/0xc0
[   60.516234][ T5117]  btrfs_zero_range+0xb78/0x1300
[   60.521167][ T5117]  ? hole_mergeable+0x420/0x420
[   60.526032][ T5117]  ? _raw_spin_unlock_irq+0x2a/0x40
[   60.531238][ T5117]  ? btrfs_lookup_first_ordered_extent+0x486/0x4c0
[   60.537740][ T5117]  btrfs_fallocate+0xb73/0x2020
[   60.542590][ T5117]  ? btrfs_file_open+0x80/0x80
[   60.547350][ T5117]  ? read_lock_is_recursive+0x10/0x10
[   60.552735][ T5117]  ? rcu_read_lock_any_held+0xb1/0x130
[   60.558559][ T5117]  ? rcu_read_lock_bh_held+0xf0/0xf0
[   60.563844][ T5117]  ? apparmor_file_permission+0x2da/0x310
[   60.569559][ T5117]  vfs_fallocate+0x515/0x670
[   60.574142][ T5117]  do_vfs_ioctl+0x2163/0x2980
[   60.578808][ T5117]  ? __x64_compat_sys_ioctl+0x80/0x80
[   60.584168][ T5117]  ? slab_free_freelist_hook+0x12e/0x1a0
[   60.589895][ T5117]  ? tomoyo_path_number_perm+0x5af/0x780
[   60.595529][ T5117]  ? __kmem_cache_free+0x71/0x110
[   60.600540][ T5117]  ? tomoyo_path_number_perm+0x629/0x780
[   60.606251][ T5117]  ? tomoyo_check_path_acl+0x1c0/0x1c0
[   60.611702][ T5117]  ? _raw_spin_lock_irqsave+0x100/0x100
[   60.617334][ T5117]  ? do_notify_parent+0xe00/0xe00
[   60.622354][ T5117]  ? bpf_lsm_file_ioctl+0x5/0x10
[   60.627292][ T5117]  ? security_file_ioctl+0x9d/0xb0
[   60.632486][ T5117]  __se_sys_ioctl+0x83/0x170
[   60.637108][ T5117]  do_syscall_64+0x3d/0xb0
[   60.641522][ T5117]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   60.647492][ T5117] RIP: 0033:0x7fc24beabb49
[   60.651910][ T5117] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   60.671513][ T5117] RSP: 002b:00007ffcf7999608 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   60.679921][ T5117] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fc24beabb49
[   60.687875][ T5117] RDX: 0000000020000000 RSI: 0000000040305839 RDI: 0000000000000005
[   60.695919][ T5117] RBP: 00007ffcf7999630 R08: 0000000000000002 R09: 00007ffcf7999640
[   60.703874][ T5117] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[   60.711828][ T5117] R13: 00007ffcf7999670 R14: 00007ffcf7999650 R15: 0000000000000002
[   60.719789][ T5117]  </TASK>
[   60.722893][ T5117] Modules linked in:
[   60.726898][ T5117] ---[ end trace 0000000000000000 ]---
[   60.732379][ T5117] RIP: 0010:__set_extent_bit+0x1c2f/0x1c90
[   60.738204][ T5117] Code: 48 c7 c6 4a b6 cc 8c ba 47 01 00 00 89 e9 49 c7 c0 00 1b 3c 8b 31 c0 e8 ff 8e fb 06 0f 0b e8 68 84 d7 fd 0f 0b e8 61 84 d7 fd <0f> 0b e8 5a 84 d7 fd 49 83 c4 08 4c 89 e5 49 c1 ec 03 43 80 3c 34
[   60.757949][ T5117] RSP: 0018:ffffc90003dcf468 EFLAGS: 00010293
[   60.764071][ T5117] RAX: ffffffff83b456ff RBX: 00000000fffffff4 RCX: ffff888019d80000
[   60.772202][ T5117] RDX: 0000000000000000 RSI: 00000000fffffff4 RDI: 0000000000000000
[   60.780284][ T5117] RBP: 0000000000000800 R08: ffffffff83b4419e R09: 00000000ffffffff
[   60.788408][ T5117] R10: fffffbfff1a8331b R11: 1ffffffff1a8331a R12: 0000000000000000
[   60.796433][ T5117] R13: ffff888020fd9900 R14: 1ffff110041fb32f R15: ffff888020fd997c
[   60.804624][ T5117] FS:  0000555555596300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[   60.813679][ T5117] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   60.820368][ T5117] CR2: 00007fc24bf23140 CR3: 000000007ea4d000 CR4: 00000000003506e0
[   60.828391][ T5117] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   60.836527][ T5117] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   60.844868][ T5117] Kernel panic - not syncing: Fatal exception
[   60.851374][ T5117] Kernel Offset: disabled
[   60.855748][ T5117] Rebooting in 86400 seconds..