./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3369944640
<...>
Warning: Permanently added '10.128.1.3' (ECDSA) to the list of known hosts.
execve("./syz-executor3369944640", ["./syz-executor3369944640"], 0x7ffc18904e70 /* 10 vars */) = 0
brk(NULL) = 0x555557300000
brk(0x555557300c40) = 0x555557300c40
arch_prctl(ARCH_SET_FS, 0x555557300300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor3369944640", 4096) = 28
brk(0x555557321c40) = 0x555557321c40
brk(0x555557322000) = 0x555557322000
mprotect(0x7f77f5fb9000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
getpid() = 5079
mkdir("./syzkaller.7jtDcf", 0700) = 0
chmod("./syzkaller.7jtDcf", 0777) = 0
chdir("./syzkaller.7jtDcf") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5080 attached
<unfinished ...>
[pid 5080] chdir("./0") = 0
[pid 5080] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5080] setpgid(0, 0) = 0
[pid 5080] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid 5079] <... clone resumed>, child_tidptr=0x5555573005d0) = 5080
[pid 5080] <... openat resumed>) = 3
[pid 5080] write(3, "1000", 4) = 4
[pid 5080] close(3) = 0
[pid 5080] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5080] memfd_create("syzkaller", 0) = 3
[pid 5080] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f77edaf8000
[ 60.348821][ T5080] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5080 'syz-executor336'
[pid 5080] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5080] munmap(0x7f77edaf8000, 16777216) = 0
[pid 5080] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5080] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5080] close(3) = 0
[pid 5080] mkdir("./file0", 0777) = 0
[ 60.560960][ T5080] loop0: detected capacity change from 0 to 32768
[ 60.574310][ T5080] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor336 (5080)
[ 60.596297][ T5080] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[pid 5080] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0
[pid 5080] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5080] chdir("./file0") = 0
[pid 5080] ioctl(4, LOOP_CLR_FD) = 0
[pid 5080] close(4) = 0
[pid 5080] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 60.605516][ T5080] BTRFS info (device loop0): using free space tree
[ 60.630802][ T5080] BTRFS info (device loop0): enabling ssd optimizations
[ 60.637845][ T5080] BTRFS info (device loop0): auto enabling async discard
[pid 5080] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 5080] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[pid 5080] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191
[pid 5080] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 5080] write(6, "9", 1) = 1
[ 60.744689][ T42] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 60.748844][ T5080] FAULT_INJECTION: forcing a failure.
[ 60.748844][ T5080] name failslab, interval 1, probability 0, space 0, times 1
[ 60.767531][ T5080] CPU: 0 PID: 5080 Comm: syz-executor336 Not tainted 6.3.0-rc2-syzkaller-00405-ga3671bd86a97 #0
[ 60.778006][ T5080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 60.788108][ T5080] Call Trace:
[ 60.791422][ T5080] <TASK>
[ 60.794393][ T5080] dump_stack_lvl+0x1e7/0x2d0
[ 60.799150][ T5080] ? nf_tcp_handle_invalid+0x650/0x650
[ 60.804685][ T5080] ? panic+0x770/0x770
[ 60.808799][ T5080] ? __might_sleep+0xc0/0xc0
[ 60.813438][ T5080] should_fail_ex+0x3aa/0x4e0
[ 60.818167][ T5080] should_failslab+0x9/0x20
[ 60.822714][ T5080] slab_pre_alloc_hook+0x59/0x2b0
[ 60.827792][ T5080] kmem_cache_alloc+0x52/0x2e0
[ 60.832576][ T5080] ? alloc_extent_map+0x21/0x130
[ 60.837538][ T5080] alloc_extent_map+0x21/0x130
[ 60.842322][ T5080] cow_file_range+0x5cc/0xfe0
[ 60.847023][ T5080] ? run_delalloc_zoned+0x590/0x590
[ 60.852233][ T5080] ? find_lock_delalloc_range+0x7af/0x9a0
[ 60.857983][ T5080] btrfs_run_delalloc_range+0xe9b/0x11d0
[ 60.863637][ T5080] ? mark_lock+0x9a/0x340
[ 60.867986][ T5080] writepage_delalloc+0x261/0x590
[ 60.873060][ T5080] ? end_bio_extent_buffer_writepage+0x880/0x880
[ 60.879517][ T5080] ? rcu_lock_release+0x5/0x30
[ 60.884476][ T5080] ? __lock_acquire+0x1f80/0x1f80
[ 60.889613][ T5080] ? set_page_extent_mapped+0x154/0x1b0
[ 60.895202][ T5080] __extent_writepage+0x850/0x16d0
[ 60.900347][ T5080] ? extent_write_locked_range+0xdc0/0xdc0
[ 60.906186][ T5080] ? folio_wait_writeback+0x1b2/0x1f0
[ 60.911617][ T5080] extent_writepages+0xc31/0x1930
[ 60.916674][ T5080] ? __extent_writepage+0x16d0/0x16d0
[ 60.922088][ T5080] ? __lock_acquire+0x125b/0x1f80
[ 60.927132][ T5080] ? acls_after_inode_item+0x5f0/0x5f0
[ 60.932695][ T5080] do_writepages+0x3a6/0x670
[ 60.937314][ T5080] ? folio_nr_pages+0x1c0/0x1c0
[ 60.942185][ T5080] ? __lock_acquire+0x1f80/0x1f80
[ 60.947226][ T5080] ? do_raw_spin_lock+0x14d/0x3a0
[ 60.952268][ T5080] ? do_raw_spin_unlock+0x13b/0x8b0
[ 60.957492][ T5080] ? wbc_attach_and_unlock_inode+0x351/0x560
[ 60.963492][ T5080] filemap_fdatawrite_wbc+0x125/0x180
[ 60.968886][ T5080] filemap_fdatawrite_range+0x16e/0x1e0
[ 60.974747][ T5080] ? filemap_fdatawrite+0x1b0/0x1b0
[ 60.979984][ T5080] ? __might_sleep+0xc0/0xc0
[ 60.984594][ T5080] ? __down_write_common+0x161/0x200
[ 60.989897][ T5080] ? stack_trace_save+0x1c0/0x1c0
[ 60.994937][ T5080] btrfs_fdatawrite_range+0x4f/0x110
[ 61.000247][ T5080] btrfs_wait_ordered_range+0x59/0x260
[ 61.005733][ T5080] btrfs_fallocate+0x474/0x1fa0
[ 61.010624][ T5080] ? btrfs_file_open+0xf0/0xf0
[ 61.015410][ T5080] ? read_lock_is_recursive+0x20/0x20
[ 61.020815][ T5080] ? rcu_read_lock_any_held+0xb7/0x160
[ 61.026299][ T5080] ? rcu_read_lock_bh_held+0x120/0x120
[ 61.031774][ T5080] ? __lock_acquire+0x1f80/0x1f80
[ 61.036903][ T5080] vfs_fallocate+0x54b/0x6b0
[ 61.041516][ T5080] do_vfs_ioctl+0x22aa/0x2b10
[ 61.046221][ T5080] ? __x64_compat_sys_ioctl+0x90/0x90
[ 61.051618][ T5080] ? __lock_acquire+0x1f80/0x1f80
[ 61.056651][ T5080] ? lockdep_hardirqs_on+0x98/0x140
[ 61.061878][ T5080] ? tomoyo_path_number_perm+0x663/0x840
[ 61.067522][ T5080] ? tomoyo_path_number_perm+0x6e4/0x840
[ 61.073188][ T5080] ? smack_log+0x123/0x540
[ 61.077618][ T5080] ? tomoyo_check_path_acl+0x1c0/0x1c0
[ 61.083094][ T5080] ? smk_access+0x4b0/0x4b0
[ 61.087610][ T5080] ? _raw_spin_lock_irqsave+0x120/0x120
[ 61.093173][ T5080] ? smk_access+0x477/0x4b0
[ 61.097728][ T5080] ? smk_tskacc+0x2ff/0x360
[ 61.102247][ T5080] ? smack_file_ioctl+0x295/0x390
[ 61.107288][ T5080] ? smack_file_alloc_security+0xe0/0xe0
[ 61.112933][ T5080] ? do_notify_parent+0xf50/0xf50
[ 61.118162][ T5080] ? print_irqtrace_events+0x220/0x220
[ 61.123633][ T5080] ? bpf_lsm_file_ioctl+0x9/0x10
[ 61.128582][ T5080] ? security_file_ioctl+0x81/0xa0
[ 61.133713][ T5080] __se_sys_ioctl+0x81/0x160
[ 61.138326][ T5080] do_syscall_64+0x41/0xc0
[ 61.142759][ T5080] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 61.148668][ T5080] RIP: 0033:0x7f77f5f45ac9
[ 61.153098][ T5080] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 61.172732][ T5080] RSP: 002b:00007ffe41c06098 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 61.181160][ T5080] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f77f5f45ac9
[ 61.189166][ T5080] RDX: 0000000020000100 RSI: 0000000040305829 RDI: 0000000000000005
[ 61.197147][ T5080] RBP: 00007ffe41c060c0 R08: 0000000000000001 R09: 00007ffe41c060d0
[ 61.205124][ T5080] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[ 61.213100][ T5080] R13: 00007ffe41c06100 R14: 00007ffe41c060e0 R15: 0000000000000000
[ 61.221096][ T5080] </TASK>
[pid 5080] ioctl(5, _IOC(_IOC_WRITE, 0x58, 0x29, 0x30), 0x20000100) = -1 EIO (Input/output error)
[pid 5080] exit_group(0) = ?
[pid 5080] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5080, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=28 /* 0.28 s */} ---
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555557301620 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./0/binderfs") = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555557309660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555557309660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./0/file0") = 0
getdents64(3, 0x555557301620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./0") = 0
mkdir("./1", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573005d0) = 5107
./strace-static-x86_64: Process 5107 attached
[pid 5107] chdir("./1") = 0
[pid 5107] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5107] setpgid(0, 0) = 0
[pid 5107] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5107] write(3, "1000", 4) = 4
[pid 5107] close(3) = 0
[pid 5107] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5107] memfd_create("syzkaller", 0) = 3
[pid 5107] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f77edaf8000
[pid 5107] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5107] munmap(0x7f77edaf8000, 16777216) = 0
[pid 5107] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5107] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5107] close(3) = 0
[pid 5107] mkdir("./file0", 0777) = 0
[ 61.696674][ T5107] loop0: detected capacity change from 0 to 32768
[ 61.708041][ T5107] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor336 (5107)
[ 61.724701][ T5107] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 61.733541][ T5107] BTRFS info (device loop0): using free space tree
[pid 5107] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0
[pid 5107] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5107] chdir("./file0") = 0
[pid 5107] ioctl(4, LOOP_CLR_FD) = 0
[pid 5107] close(4) = 0
[pid 5107] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 61.753841][ T5107] BTRFS info (device loop0): enabling ssd optimizations
[ 61.761127][ T5107] BTRFS info (device loop0): auto enabling async discard
[pid 5107] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 5107] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[pid 5107] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191
[pid 5107] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 5107] write(6, "9", 1) = 1
[ 61.835589][ T5107] FAULT_INJECTION: forcing a failure.
[ 61.835589][ T5107] name failslab, interval 1, probability 0, space 0, times 0
[ 61.855336][ T9] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 61.865466][ T5107] CPU: 0 PID: 5107 Comm: syz-executor336 Not tainted 6.3.0-rc2-syzkaller-00405-ga3671bd86a97 #0
[ 61.876106][ T5107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 61.886233][ T5107] Call Trace:
[ 61.889547][ T5107] <TASK>
[ 61.892507][ T5107] dump_stack_lvl+0x1e7/0x2d0
[ 61.897242][ T5107] ? nf_tcp_handle_invalid+0x650/0x650
[ 61.902757][ T5107] ? panic+0x770/0x770
[ 61.906874][ T5107] ? __might_sleep+0xc0/0xc0
[ 61.911551][ T5107] should_fail_ex+0x3aa/0x4e0
[ 61.916297][ T5107] should_failslab+0x9/0x20
[ 61.920847][ T5107] slab_pre_alloc_hook+0x59/0x2b0
[ 61.925924][ T5107] kmem_cache_alloc+0x52/0x2e0
[ 61.930740][ T5107] ? alloc_extent_map+0x21/0x130
[ 61.935743][ T5107] alloc_extent_map+0x21/0x130
[ 61.940644][ T5107] cow_file_range+0x5cc/0xfe0
[ 61.945385][ T5107] ? run_delalloc_zoned+0x590/0x590
[ 61.950769][ T5107] ? find_lock_delalloc_range+0x7af/0x9a0
[ 61.956552][ T5107] btrfs_run_delalloc_range+0xe9b/0x11d0
[ 61.962235][ T5107] ? mark_lock+0x9a/0x340
[ 61.966612][ T5107] writepage_delalloc+0x261/0x590
[ 61.971685][ T5107] ? end_bio_extent_buffer_writepage+0x880/0x880
[ 61.978042][ T5107] ? rcu_lock_release+0x5/0x30
[ 61.982808][ T5107] ? __lock_acquire+0x1f80/0x1f80
[ 61.987839][ T5107] ? set_page_extent_mapped+0x154/0x1b0
[ 61.993394][ T5107] __extent_writepage+0x850/0x16d0
[ 61.998533][ T5107] ? extent_write_locked_range+0xdc0/0xdc0
[ 62.004354][ T5107] ? folio_wait_writeback+0x1b2/0x1f0
[ 62.009737][ T5107] extent_writepages+0xc31/0x1930
[ 62.014783][ T5107] ? __extent_writepage+0x16d0/0x16d0
[ 62.020160][ T5107] ? validate_chain+0x119/0x58e0
[ 62.025116][ T5107] ? __lock_acquire+0x125b/0x1f80
[ 62.030153][ T5107] ? acls_after_inode_item+0x5f0/0x5f0
[ 62.035621][ T5107] do_writepages+0x3a6/0x670
[ 62.040225][ T5107] ? folio_nr_pages+0x1c0/0x1c0
[ 62.045179][ T5107] ? __lock_acquire+0x1f80/0x1f80
[ 62.050207][ T5107] ? do_raw_spin_lock+0x14d/0x3a0
[ 62.055246][ T5107] ? do_raw_spin_unlock+0x13b/0x8b0
[ 62.060462][ T5107] ? wbc_attach_and_unlock_inode+0x351/0x560
[ 62.066496][ T5107] filemap_fdatawrite_wbc+0x125/0x180
[ 62.071872][ T5107] filemap_fdatawrite_range+0x16e/0x1e0
[ 62.077423][ T5107] ? filemap_fdatawrite+0x1b0/0x1b0
[ 62.082636][ T5107] ? __might_sleep+0xc0/0xc0
[ 62.087232][ T5107] ? __down_write_common+0x161/0x200
[ 62.092530][ T5107] ? stack_trace_save+0x1c0/0x1c0
[ 62.097560][ T5107] btrfs_fdatawrite_range+0x4f/0x110
[ 62.102858][ T5107] btrfs_wait_ordered_range+0x59/0x260
[ 62.108328][ T5107] btrfs_fallocate+0x474/0x1fa0
[ 62.113215][ T5107] ? btrfs_file_open+0xf0/0xf0
[ 62.117991][ T5107] ? read_lock_is_recursive+0x20/0x20
[ 62.123403][ T5107] ? rcu_read_lock_any_held+0xb7/0x160
[ 62.128868][ T5107] ? rcu_read_lock_bh_held+0x120/0x120
[ 62.134337][ T5107] ? __lock_acquire+0x1f80/0x1f80
[ 62.139367][ T5107] vfs_fallocate+0x54b/0x6b0
[ 62.143966][ T5107] do_vfs_ioctl+0x22aa/0x2b10
[ 62.148660][ T5107] ? __x64_compat_sys_ioctl+0x90/0x90
[ 62.154127][ T5107] ? __lock_acquire+0x1f80/0x1f80
[ 62.159169][ T5107] ? lockdep_hardirqs_on+0x98/0x140
[ 62.164396][ T5107] ? tomoyo_path_number_perm+0x663/0x840
[ 62.170045][ T5107] ? tomoyo_path_number_perm+0x6e4/0x840
[ 62.175687][ T5107] ? smack_log+0x123/0x540
[ 62.180126][ T5107] ? tomoyo_check_path_acl+0x1c0/0x1c0
[ 62.185610][ T5107] ? smk_access+0x4b0/0x4b0
[ 62.190144][ T5107] ? _raw_spin_lock_irqsave+0x120/0x120
[ 62.195735][ T5107] ? smk_access+0x477/0x4b0
[ 62.200257][ T5107] ? smk_tskacc+0x2ff/0x360
[ 62.204869][ T5107] ? smack_file_ioctl+0x295/0x390
[ 62.209918][ T5107] ? smack_file_alloc_security+0xe0/0xe0
[ 62.215569][ T5107] ? do_notify_parent+0xf50/0xf50
[ 62.220630][ T5107] ? print_irqtrace_events+0x220/0x220
[ 62.226147][ T5107] ? bpf_lsm_file_ioctl+0x9/0x10
[ 62.231099][ T5107] ? security_file_ioctl+0x81/0xa0
[ 62.236231][ T5107] __se_sys_ioctl+0x81/0x160
[ 62.240839][ T5107] do_syscall_64+0x41/0xc0
[ 62.245271][ T5107] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 62.251183][ T5107] RIP: 0033:0x7f77f5f45ac9
[ 62.255639][ T5107] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 62.275387][ T5107] RSP: 002b:00007ffe41c06098 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 62.283823][ T5107] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f77f5f45ac9
[ 62.291812][ T5107] RDX: 0000000020000100 RSI: 0000000040305829 RDI: 0000000000000005
[ 62.299820][ T5107] RBP: 00007ffe41c060c0 R08: 0000000000000001 R09: 00007ffe41c060d0
[ 62.307796][ T5107] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[ 62.315770][ T5107] R13: 00007ffe41c06100 R14: 00007ffe41c060e0 R15: 0000000000000001
[ 62.323868][ T5107] </TASK>
[pid 5107] ioctl(5, _IOC(_IOC_WRITE, 0x58, 0x29, 0x30), 0x20000100) = -1 EIO (Input/output error)
[pid 5107] exit_group(0) = ?
[pid 5107] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5107, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=23 /* 0.23 s */} ---
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555557301620 /* 4 entries */, 32768) = 112
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./1/binderfs") = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555557309660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555557309660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./1/file0") = 0
getdents64(3, 0x555557301620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./1") = 0
mkdir("./2", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573005d0) = 5126
./strace-static-x86_64: Process 5126 attached
[pid 5126] chdir("./2") = 0
[pid 5126] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5126] setpgid(0, 0) = 0
[pid 5126] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5126] write(3, "1000", 4) = 4
[pid 5126] close(3) = 0
[pid 5126] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5126] memfd_create("syzkaller", 0) = 3
[pid 5126] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f77edaf8000
[pid 5126] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5126] munmap(0x7f77edaf8000, 16777216) = 0
[pid 5126] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5126] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5126] close(3) = 0
[pid 5126] mkdir("./file0", 0777) = 0
[ 62.785617][ T5126] loop0: detected capacity change from 0 to 32768
[ 62.795520][ T5126] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor336 (5126)
[ 62.811745][ T5126] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 62.820646][ T5126] BTRFS info (device loop0): using free space tree
[pid 5126] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0
[pid 5126] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5126] chdir("./file0") = 0
[pid 5126] ioctl(4, LOOP_CLR_FD) = 0
[pid 5126] close(4) = 0
[pid 5126] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 5126] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 5126] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[pid 5126] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191
[pid 5126] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 5126] write(6, "9", 1) = 1
[ 62.839064][ T5126] BTRFS info (device loop0): enabling ssd optimizations
[ 62.846550][ T5126] BTRFS info (device loop0): auto enabling async discard
[ 62.878284][ T5126] FAULT_INJECTION: forcing a failure.
[ 62.878284][ T5126] name failslab, interval 1, probability 0, space 0, times 0
[ 62.891299][ T5126] CPU: 0 PID: 5126 Comm: syz-executor336 Not tainted 6.3.0-rc2-syzkaller-00405-ga3671bd86a97 #0
[ 62.901764][ T5126] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 62.911834][ T5126] Call Trace:
[ 62.915121][ T5126] <TASK>
[ 62.918063][ T5126] dump_stack_lvl+0x1e7/0x2d0
[ 62.922768][ T5126] ? nf_tcp_handle_invalid+0x650/0x650
[ 62.928273][ T5126] ? panic+0x770/0x770
[ 62.932370][ T5126] ? __might_sleep+0xc0/0xc0
[ 62.936984][ T5126] ? btrfs_run_delalloc_range+0xe9b/0x11d0
[ 62.942800][ T5126] ? __extent_writepage+0x850/0x16d0
[ 62.948110][ T5126] ? do_writepages+0x3a6/0x670
[ 62.952901][ T5126] should_fail_ex+0x3aa/0x4e0
[ 62.957606][ T5126] should_failslab+0x9/0x20
[ 62.962151][ T5126] slab_pre_alloc_hook+0x59/0x2b0
[ 62.967198][ T5126] kmem_cache_alloc+0x52/0x2e0
[ 62.971976][ T5126] ? alloc_extent_state+0x25/0x2e0
[ 62.977191][ T5126] alloc_extent_state+0x25/0x2e0
[ 62.982162][ T5126] __clear_extent_bit+0x18d/0xb20
[ 62.987209][ T5126] clear_record_extent_bits+0x52/0x80
[ 62.992601][ T5126] __btrfs_qgroup_release_data+0x4a4/0xa60
[ 62.998519][ T5126] ? btrfs_qgroup_free_data+0x40/0x40
[ 63.003931][ T5126] btrfs_add_ordered_extent+0xe2/0xc20
[ 63.009406][ T5126] ? btrfs_replace_extent_map_range+0x134/0x170
[ 63.015658][ T5126] cow_file_range+0x764/0xfe0
[ 63.020363][ T5126] ? run_delalloc_zoned+0x590/0x590
[ 63.025574][ T5126] ? find_lock_delalloc_range+0x7af/0x9a0
[ 63.031321][ T5126] btrfs_run_delalloc_range+0xe9b/0x11d0
[ 63.036986][ T5126] ? mark_lock+0x9a/0x340
[ 63.041332][ T5126] writepage_delalloc+0x261/0x590
[ 63.046393][ T5126] ? end_bio_extent_buffer_writepage+0x880/0x880
[ 63.052744][ T5126] ? rcu_lock_release+0x5/0x30
[ 63.057620][ T5126] ? __lock_acquire+0x1f80/0x1f80
[ 63.062662][ T5126] ? set_page_extent_mapped+0x154/0x1b0
[ 63.068253][ T5126] __extent_writepage+0x850/0x16d0
[ 63.073415][ T5126] ? extent_write_locked_range+0xdc0/0xdc0
[ 63.079272][ T5126] ? folio_wait_writeback+0x1b2/0x1f0
[ 63.084681][ T5126] extent_writepages+0xc31/0x1930
[ 63.089746][ T5126] ? __extent_writepage+0x16d0/0x16d0
[ 63.095139][ T5126] ? validate_chain+0x119/0x58e0
[ 63.100110][ T5126] ? __lock_acquire+0x125b/0x1f80
[ 63.105162][ T5126] ? acls_after_inode_item+0x5f0/0x5f0
[ 63.110640][ T5126] do_writepages+0x3a6/0x670
[ 63.115257][ T5126] ? folio_nr_pages+0x1c0/0x1c0
[ 63.120130][ T5126] ? __lock_acquire+0x1f80/0x1f80
[ 63.125173][ T5126] ? do_raw_spin_lock+0x14d/0x3a0
[ 63.130211][ T5126] ? do_raw_spin_unlock+0x13b/0x8b0
[ 63.135431][ T5126] ? wbc_attach_and_unlock_inode+0x351/0x560
[ 63.141435][ T5126] filemap_fdatawrite_wbc+0x125/0x180
[ 63.146822][ T5126] filemap_fdatawrite_range+0x16e/0x1e0
[ 63.152384][ T5126] ? filemap_fdatawrite+0x1b0/0x1b0
[ 63.157614][ T5126] ? __might_sleep+0xc0/0xc0
[ 63.162224][ T5126] ? __down_write_common+0x161/0x200
[ 63.167617][ T5126] ? stack_trace_save+0x1c0/0x1c0
[ 63.172676][ T5126] btrfs_fdatawrite_range+0x4f/0x110
[ 63.177986][ T5126] btrfs_wait_ordered_range+0x59/0x260
[ 63.183468][ T5126] btrfs_fallocate+0x474/0x1fa0
[ 63.188357][ T5126] ? btrfs_file_open+0xf0/0xf0
[ 63.193153][ T5126] ? read_lock_is_recursive+0x20/0x20
[ 63.198553][ T5126] ? rcu_read_lock_any_held+0xb7/0x160
[ 63.204139][ T5126] ? rcu_read_lock_bh_held+0x120/0x120
[ 63.209628][ T5126] ? __lock_acquire+0x1f80/0x1f80
[ 63.214673][ T5126] vfs_fallocate+0x54b/0x6b0
[ 63.219290][ T5126] do_vfs_ioctl+0x22aa/0x2b10
[ 63.223999][ T5126] ? __x64_compat_sys_ioctl+0x90/0x90
[ 63.229388][ T5126] ? __lock_acquire+0x1f80/0x1f80
[ 63.234421][ T5126] ? lockdep_hardirqs_on+0x98/0x140
[ 63.240083][ T5126] ? tomoyo_path_number_perm+0x663/0x840
[ 63.245817][ T5126] ? tomoyo_path_number_perm+0x6e4/0x840
[ 63.251464][ T5126] ? smack_log+0x123/0x540
[ 63.258680][ T5126] ? tomoyo_check_path_acl+0x1c0/0x1c0
[ 63.264260][ T5126] ? smk_access+0x4b0/0x4b0
[ 63.268803][ T5126] ? _raw_spin_lock_irqsave+0x120/0x120
[ 63.274368][ T5126] ? smk_access+0x477/0x4b0
[ 63.293058][ T5126] ? smk_tskacc+0x2ff/0x360
[ 63.297615][ T5126] ? smack_file_ioctl+0x295/0x390
[ 63.302651][ T5126] ? smack_file_alloc_security+0xe0/0xe0
[ 63.308409][ T5126] ? do_notify_parent+0xf50/0xf50
[ 63.313457][ T5126] ? print_irqtrace_events+0x220/0x220
[ 63.319015][ T5126] ? bpf_lsm_file_ioctl+0x9/0x10
[ 63.324061][ T5126] ? security_file_ioctl+0x81/0xa0
[ 63.329300][ T5126] __se_sys_ioctl+0x81/0x160
[ 63.333914][ T5126] do_syscall_64+0x41/0xc0
[ 63.338359][ T5126] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 63.344704][ T5126] RIP: 0033:0x7f77f5f45ac9
[ 63.349132][ T5126] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 63.368842][ T5126] RSP: 002b:00007ffe41c06098 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 63.377380][ T5126] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f77f5f45ac9
[pid 5126] ioctl(5, _IOC(_IOC_WRITE, 0x58, 0x29, 0x30), 0x20000100) = 0
[pid 5126] exit_group(0) = ?
[pid 5126] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5126, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=21 /* 0.21 s */} ---
umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555557301620 /* 4 entries */, 32768) = 112
[ 63.385449][ T5126] RDX: 0000000020000100 RSI: 0000000040305829 RDI: 0000000000000005
[ 63.393445][ T5126] RBP: 00007ffe41c060c0 R08: 0000000000000001 R09: 00007ffe41c060d0
[ 63.401449][ T5126] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[ 63.409564][ T5126] R13: 00007ffe41c06100 R14: 00007ffe41c060e0 R15: 0000000000000002
[ 63.417676][ T5126] </TASK>
umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./2/binderfs") = 0
[ 63.461395][ T9] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555557309660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555557309660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./2/file0") = 0
getdents64(3, 0x555557301620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./2") = 0
mkdir("./3", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5149 attached
, child_tidptr=0x5555573005d0) = 5149
[pid 5149] chdir("./3") = 0
[pid 5149] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5149] setpgid(0, 0) = 0
[pid 5149] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5149] write(3, "1000", 4) = 4
[pid 5149] close(3) = 0
[pid 5149] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5149] memfd_create("syzkaller", 0) = 3
[pid 5149] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f77edaf8000
[pid 5149] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5149] munmap(0x7f77edaf8000, 16777216) = 0
[pid 5149] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5149] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5149] close(3) = 0
[pid 5149] mkdir("./file0", 0777) = 0
[ 63.849156][ T5149] loop0: detected capacity change from 0 to 32768
[ 63.860732][ T5149] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor336 (5149)
[ 63.877981][ T5149] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 63.886701][ T5149] BTRFS info (device loop0): using free space tree
[pid 5149] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0
[pid 5149] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5149] chdir("./file0") = 0
[pid 5149] ioctl(4, LOOP_CLR_FD) = 0
[pid 5149] close(4) = 0
[pid 5149] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 5149] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 5149] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[pid 5149] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191
[pid 5149] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 5149] write(6, "9", 1) = 1
[ 63.908108][ T5149] BTRFS info (device loop0): enabling ssd optimizations
[ 63.915465][ T5149] BTRFS info (device loop0): auto enabling async discard
[ 63.965888][ T5149] FAULT_INJECTION: forcing a failure.
[ 63.965888][ T5149] name failslab, interval 1, probability 0, space 0, times 0
[ 63.979103][ T5149] CPU: 0 PID: 5149 Comm: syz-executor336 Not tainted 6.3.0-rc2-syzkaller-00405-ga3671bd86a97 #0
[ 63.989571][ T5149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 63.997130][ T9] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 63.999643][ T5149] Call Trace:
[ 63.999669][ T5149] <TASK>
[ 63.999680][ T5149] dump_stack_lvl+0x1e7/0x2d0
[ 64.019911][ T5149] ? filemap_fdatawrite_range+0x16e/0x1e0
[ 64.026113][ T5149] ? nf_tcp_handle_invalid+0x650/0x650
[ 64.031642][ T5149] ? panic+0x770/0x770
[ 64.035731][ T5149] ? __lock_acquire+0x125b/0x1f80
[ 64.040783][ T5149] should_fail_ex+0x3aa/0x4e0
[ 64.045509][ T5149] should_failslab+0x9/0x20
[ 64.050038][ T5149] slab_pre_alloc_hook+0x59/0x2b0
[ 64.055113][ T5149] ? ulist_add_merge+0x14c/0x470
[ 64.060067][ T5149] __kmem_cache_alloc_node+0x4b/0x290
[ 64.065468][ T5149] ? ulist_add_merge+0x14c/0x470
[ 64.070415][ T5149] kmalloc_trace+0x2a/0xe0
[ 64.074851][ T5149] ulist_add_merge+0x14c/0x470
[ 64.079638][ T5149] clear_state_bit+0x148/0x330
[ 64.084436][ T5149] __clear_extent_bit+0x523/0xb20
[ 64.089485][ T5149] clear_record_extent_bits+0x52/0x80
[ 64.094878][ T5149] __btrfs_qgroup_release_data+0x4a4/0xa60
[ 64.100709][ T5149] ? btrfs_qgroup_free_data+0x40/0x40
[ 64.106123][ T5149] btrfs_add_ordered_extent+0xe2/0xc20
[ 64.111603][ T5149] ? btrfs_replace_extent_map_range+0x134/0x170
[ 64.117862][ T5149] cow_file_range+0x764/0xfe0
[ 64.122572][ T5149] ? run_delalloc_zoned+0x590/0x590
[ 64.127788][ T5149] ? find_lock_delalloc_range+0x7af/0x9a0
[ 64.133637][ T5149] btrfs_run_delalloc_range+0xe9b/0x11d0
[ 64.139309][ T5149] ? mark_lock+0x9a/0x340
[ 64.143663][ T5149] writepage_delalloc+0x261/0x590
[ 64.148807][ T5149] ? end_bio_extent_buffer_writepage+0x880/0x880
[ 64.155156][ T5149] ? rcu_lock_release+0x5/0x30
[ 64.159931][ T5149] ? __lock_acquire+0x1f80/0x1f80
[ 64.165021][ T5149] ? set_page_extent_mapped+0x154/0x1b0
[ 64.170614][ T5149] __extent_writepage+0x850/0x16d0
[ 64.175853][ T5149] ? extent_write_locked_range+0xdc0/0xdc0
[ 64.181690][ T5149] ? folio_wait_writeback+0x1b2/0x1f0
[ 64.187092][ T5149] extent_writepages+0xc31/0x1930
[ 64.192163][ T5149] ? __extent_writepage+0x16d0/0x16d0
[ 64.197552][ T5149] ? validate_chain+0x119/0x58e0
[ 64.202539][ T5149] ? __lock_acquire+0x125b/0x1f80
[ 64.207605][ T5149] ? acls_after_inode_item+0x5f0/0x5f0
[ 64.213185][ T5149] do_writepages+0x3a6/0x670
[ 64.217820][ T5149] ? folio_nr_pages+0x1c0/0x1c0
[ 64.222802][ T5149] ? __lock_acquire+0x1f80/0x1f80
[ 64.227869][ T5149] ? do_raw_spin_lock+0x14d/0x3a0
[ 64.232931][ T5149] ? do_raw_spin_unlock+0x13b/0x8b0
[ 64.238162][ T5149] ? wbc_attach_and_unlock_inode+0x351/0x560
[ 64.244196][ T5149] filemap_fdatawrite_wbc+0x125/0x180
[ 64.249589][ T5149] filemap_fdatawrite_range+0x16e/0x1e0
[ 64.255163][ T5149] ? filemap_fdatawrite+0x1b0/0x1b0
[ 64.260404][ T5149] ? __might_sleep+0xc0/0xc0
[ 64.265050][ T5149] ? __down_write_common+0x161/0x200
[ 64.270376][ T5149] ? stack_trace_save+0x1c0/0x1c0
[ 64.275425][ T5149] btrfs_fdatawrite_range+0x4f/0x110
[ 64.280749][ T5149] btrfs_wait_ordered_range+0x59/0x260
[ 64.286234][ T5149] btrfs_fallocate+0x474/0x1fa0
[ 64.291125][ T5149] ? btrfs_file_open+0xf0/0xf0
[ 64.295921][ T5149] ? read_lock_is_recursive+0x20/0x20
[ 64.301580][ T5149] ? rcu_read_lock_any_held+0xb7/0x160
[ 64.307074][ T5149] ? rcu_read_lock_bh_held+0x120/0x120
[ 64.312559][ T5149] ? __lock_acquire+0x1f80/0x1f80
[ 64.317616][ T5149] vfs_fallocate+0x54b/0x6b0
[ 64.322230][ T5149] do_vfs_ioctl+0x22aa/0x2b10
[ 64.326929][ T5149] ? __x64_compat_sys_ioctl+0x90/0x90
[ 64.332406][ T5149] ? __lock_acquire+0x1f80/0x1f80
[ 64.337440][ T5149] ? lockdep_hardirqs_on+0x98/0x140
[ 64.342660][ T5149] ? tomoyo_path_number_perm+0x663/0x840
[ 64.348309][ T5149] ? tomoyo_path_number_perm+0x6e4/0x840
[ 64.353983][ T5149] ? smack_log+0x123/0x540
[ 64.358520][ T5149] ? tomoyo_check_path_acl+0x1c0/0x1c0
[ 64.364044][ T5149] ? smk_access+0x4b0/0x4b0
[ 64.368573][ T5149] ? _raw_spin_lock_irqsave+0x120/0x120
[ 64.374150][ T5149] ? smk_access+0x477/0x4b0
[ 64.378711][ T5149] ? smk_tskacc+0x2ff/0x360
[ 64.383234][ T5149] ? smack_file_ioctl+0x295/0x390
[ 64.388274][ T5149] ? smack_file_alloc_security+0xe0/0xe0
[ 64.393933][ T5149] ? do_notify_parent+0xf50/0xf50
[ 64.398984][ T5149] ? print_irqtrace_events+0x220/0x220
[ 64.404465][ T5149] ? bpf_lsm_file_ioctl+0x9/0x10
[ 64.409418][ T5149] ? security_file_ioctl+0x81/0xa0
[ 64.414555][ T5149] __se_sys_ioctl+0x81/0x160
[ 64.419208][ T5149] do_syscall_64+0x41/0xc0
[ 64.423697][ T5149] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 64.429636][ T5149] RIP: 0033:0x7f77f5f45ac9
[ 64.434256][ T5149] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 64.454053][ T5149] RSP: 002b:00007ffe41c06098 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 64.462574][ T5149] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f77f5f45ac9
[ 64.470557][ T5149] RDX: 0000000020000100 RSI: 0000000040305829 RDI: 0000000000000005
[ 64.478542][ T5149] RBP: 00007ffe41c060c0 R08: 0000000000000001 R09: 00007ffe41c060d0
[ 64.486531][ T5149] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[ 64.494538][ T5149] R13: 00007ffe41c06100 R14: 00007ffe41c060e0 R15: 0000000000000003
[ 64.502540][ T5149] </TASK>
[ 64.506138][ T5149] ------------[ cut here ]------------
[ 64.511645][ T5149] kernel BUG at fs/btrfs/extent-io-tree.c:515!
[ 64.517910][ T5149] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[ 64.524021][ T5149] CPU: 0 PID: 5149 Comm: syz-executor336 Not tainted 6.3.0-rc2-syzkaller-00405-ga3671bd86a97 #0
[ 64.534467][ T5149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 64.544558][ T5149] RIP: 0010:clear_state_bit+0x328/0x330
[ 64.550155][ T5149] Code: 34 fe e9 9a fd ff ff 44 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c c7 fe ff ff 4c 89 ef e8 a2 bc 34 fe e9 ba fe ff ff e8 d8 0b df fd <0f> 0b 66 0f 1f 44 00 00 f3 0f 1e fa 55 48 89 e5 41 57 41 56 41 55
[ 64.569797][ T5149] RSP: 0018:ffffc900040ae970 EFLAGS: 00010293
[ 64.575903][ T5149] RAX: ffffffff83ab6148 RBX: 00000000fffffff4 RCX: ffff88802bf68000
[ 64.583910][ T5149] RDX: 0000000000000000 RSI: 00000000fffffff4 RDI: 0000000000000000
[ 64.591963][ T5149] RBP: 0000000000000000 R08: ffffffff83ab5f73 R09: fffffbfff1a02ba3
[ 64.600150][ T5149] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff88801dcdf000
[ 64.608158][ T5149] R13: ffffc900040aeb78 R14: 0000000000000800 R15: dffffc0000000000
[ 64.616192][ T5149] FS: 0000555557300300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[ 64.625145][ T5149] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 64.631823][ T5149] CR2: 0000000020010000 CR3: 000000001e73e000 CR4: 00000000003506f0
[ 64.639806][ T5149] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 64.647791][ T5149] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 64.655853][ T5149] Call Trace:
[ 64.659277][ T5149] <TASK>
[ 64.662218][ T5149] __clear_extent_bit+0x523/0xb20
[ 64.667274][ T5149] clear_record_extent_bits+0x52/0x80
[ 64.672743][ T5149] __btrfs_qgroup_release_data+0x4a4/0xa60
[ 64.678567][ T5149] ? btrfs_qgroup_free_data+0x40/0x40
[ 64.684053][ T5149] btrfs_add_ordered_extent+0xe2/0xc20
[ 64.689526][ T5149] ? btrfs_replace_extent_map_range+0x134/0x170
[ 64.695863][ T5149] cow_file_range+0x764/0xfe0
[ 64.700559][ T5149] ? run_delalloc_zoned+0x590/0x590
[ 64.705768][ T5149] ? find_lock_delalloc_range+0x7af/0x9a0
[ 64.711598][ T5149] btrfs_run_delalloc_range+0xe9b/0x11d0
[ 64.717418][ T5149] ? mark_lock+0x9a/0x340
[ 64.721758][ T5149] writepage_delalloc+0x261/0x590
[ 64.726810][ T5149] ? end_bio_extent_buffer_writepage+0x880/0x880
[ 64.733158][ T5149] ? rcu_lock_release+0x5/0x30
[ 64.737939][ T5149] ? __lock_acquire+0x1f80/0x1f80
[ 64.742973][ T5149] ? set_page_extent_mapped+0x154/0x1b0
[ 64.748529][ T5149] __extent_writepage+0x850/0x16d0
[ 64.753657][ T5149] ? extent_write_locked_range+0xdc0/0xdc0
[ 64.759476][ T5149] ? folio_wait_writeback+0x1b2/0x1f0
[ 64.764955][ T5149] extent_writepages+0xc31/0x1930
[ 64.769997][ T5149] ? __extent_writepage+0x16d0/0x16d0
[ 64.775398][ T5149] ? validate_chain+0x119/0x58e0
[ 64.780352][ T5149] ? __lock_acquire+0x125b/0x1f80
[ 64.785393][ T5149] ? acls_after_inode_item+0x5f0/0x5f0
[ 64.790868][ T5149] do_writepages+0x3a6/0x670
[ 64.795476][ T5149] ? folio_nr_pages+0x1c0/0x1c0
[ 64.800346][ T5149] ? __lock_acquire+0x1f80/0x1f80
[ 64.805389][ T5149] ? do_raw_spin_lock+0x14d/0x3a0
[ 64.810422][ T5149] ? do_raw_spin_unlock+0x13b/0x8b0
[ 64.815649][ T5149] ? wbc_attach_and_unlock_inode+0x351/0x560
[ 64.821989][ T5149] filemap_fdatawrite_wbc+0x125/0x180
[ 64.827368][ T5149] filemap_fdatawrite_range+0x16e/0x1e0
[ 64.832923][ T5149] ? filemap_fdatawrite+0x1b0/0x1b0
[ 64.838132][ T5149] ? __might_sleep+0xc0/0xc0
[ 64.842741][ T5149] ? __down_write_common+0x161/0x200
[ 64.848043][ T5149] ? stack_trace_save+0x1c0/0x1c0
[ 64.853076][ T5149] btrfs_fdatawrite_range+0x4f/0x110
[ 64.858396][ T5149] btrfs_wait_ordered_range+0x59/0x260
[ 64.864310][ T5149] btrfs_fallocate+0x474/0x1fa0
[ 64.869188][ T5149] ? btrfs_file_open+0xf0/0xf0
[ 64.874055][ T5149] ? read_lock_is_recursive+0x20/0x20
[ 64.879626][ T5149] ? rcu_read_lock_any_held+0xb7/0x160
[ 64.885119][ T5149] ? rcu_read_lock_bh_held+0x120/0x120
[ 64.890696][ T5149] ? __lock_acquire+0x1f80/0x1f80
[ 64.895732][ T5149] vfs_fallocate+0x54b/0x6b0
[ 64.900336][ T5149] do_vfs_ioctl+0x22aa/0x2b10
[ 64.905044][ T5149] ? __x64_compat_sys_ioctl+0x90/0x90
[ 64.910428][ T5149] ? __lock_acquire+0x1f80/0x1f80
[ 64.915453][ T5149] ? lockdep_hardirqs_on+0x98/0x140
[ 64.920658][ T5149] ? tomoyo_path_number_perm+0x663/0x840
[ 64.926300][ T5149] ? tomoyo_path_number_perm+0x6e4/0x840
[ 64.931940][ T5149] ? smack_log+0x123/0x540
[ 64.936369][ T5149] ? tomoyo_check_path_acl+0x1c0/0x1c0
[ 64.941835][ T5149] ? smk_access+0x4b0/0x4b0
[ 64.946344][ T5149] ? _raw_spin_lock_irqsave+0x120/0x120
[ 64.951925][ T5149] ? smk_access+0x477/0x4b0
[ 64.956441][ T5149] ? smk_tskacc+0x2ff/0x360
[ 64.961043][ T5149] ? smack_file_ioctl+0x295/0x390
[ 64.966078][ T5149] ? smack_file_alloc_security+0xe0/0xe0
[ 64.971717][ T5149] ? do_notify_parent+0xf50/0xf50
[ 64.976759][ T5149] ? print_irqtrace_events+0x220/0x220
[ 64.982223][ T5149] ? bpf_lsm_file_ioctl+0x9/0x10
[ 64.987169][ T5149] ? security_file_ioctl+0x81/0xa0
[ 64.992287][ T5149] __se_sys_ioctl+0x81/0x160
[ 64.996892][ T5149] do_syscall_64+0x41/0xc0
[ 65.001321][ T5149] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 65.007241][ T5149] RIP: 0033:0x7f77f5f45ac9
[ 65.011659][ T5149] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 65.031273][ T5149] RSP: 002b:00007ffe41c06098 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 65.039783][ T5149] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f77f5f45ac9
[ 65.047775][ T5149] RDX: 0000000020000100 RSI: 0000000040305829 RDI: 0000000000000005
[ 65.055767][ T5149] RBP: 00007ffe41c060c0 R08: 0000000000000001 R09: 00007ffe41c060d0
[ 65.063760][ T5149] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[ 65.071733][ T5149] R13: 00007ffe41c06100 R14: 00007ffe41c060e0 R15: 0000000000000003
[ 65.079741][ T5149] </TASK>
[ 65.082759][ T5149] Modules linked in:
[ 65.086765][ T5149] ---[ end trace 0000000000000000 ]---
[ 65.092245][ T5149] RIP: 0010:clear_state_bit+0x328/0x330
[ 65.097858][ T5149] Code: 34 fe e9 9a fd ff ff 44 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c c7 fe ff ff 4c 89 ef e8 a2 bc 34 fe e9 ba fe ff ff e8 d8 0b df fd <0f> 0b 66 0f 1f 44 00 00 f3 0f 1e fa 55 48 89 e5 41 57 41 56 41 55
[ 65.117528][ T5149] RSP: 0018:ffffc900040ae970 EFLAGS: 00010293
[ 65.123648][ T5149] RAX: ffffffff83ab6148 RBX: 00000000fffffff4 RCX: ffff88802bf68000
[ 65.131660][ T5149] RDX: 0000000000000000 RSI: 00000000fffffff4 RDI: 0000000000000000
[ 65.139686][ T5149] RBP: 0000000000000000 R08: ffffffff83ab5f73 R09: fffffbfff1a02ba3
[ 65.147892][ T5149] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff88801dcdf000
[ 65.155905][ T5149] R13: ffffc900040aeb78 R14: 0000000000000800 R15: dffffc0000000000
[ 65.163967][ T5149] FS: 0000555557300300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[ 65.172927][ T5149] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 65.179575][ T5149] CR2: 0000000020010000 CR3: 000000001e73e000 CR4: 00000000003506f0
[ 65.187635][ T5149] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 65.195702][ T5149] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 65.203745][ T5149] Kernel panic - not syncing: Fatal exception
[ 65.210005][ T5149] Kernel Offset: disabled
[ 65.214351][ T5149] Rebooting in 86400 seconds..