./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3103319001

<...>
Warning: Permanently added '10.128.1.131' (ECDSA) to the list of known hosts.
execve("./syz-executor3103319001", ["./syz-executor3103319001"], 0x7fffb937b2d0 /* 10 vars */) = 0
brk(NULL)                               = 0x555555e9e000
brk(0x555555e9ec40)                     = 0x555555e9ec40
arch_prctl(ARCH_SET_FS, 0x555555e9e300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor3103319001", 4096) = 28
brk(0x555555ebfc40)                     = 0x555555ebfc40
brk(0x555555ec0000)                     = 0x555555ec0000
mprotect(0x7f7c6181f000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
[   91.414623][   T26] audit: type=1400 audit(1687416427.698:83): avc:  denied  { write } for  pid=4994 comm="strace-static-x" path="pipe:[29996]" dev="pipefs" ino=29996 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
getpid()                                = 4997
mkdir("./syzkaller.zawJY1", 0700)       = 0
chmod("./syzkaller.zawJY1", 0777)       = 0
chdir("./syzkaller.zawJY1")             = 0
mkdir("./0", 0777)                      = 0
[   91.456701][   T26] audit: type=1400 audit(1687416427.738:84): avc:  denied  { execmem } for  pid=4997 comm="syz-executor310" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e9e5d0) = 4998
./strace-static-x86_64: Process 4998 attached
[pid  4998] chdir("./0")                = 0
[pid  4998] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  4998] setpgid(0, 0)               = 0
[pid  4998] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  4998] write(3, "1000", 4)         = 4
[pid  4998] close(3)                    = 0
[pid  4998] symlink("/dev/binderfs", "./binderfs") = 0
[   91.484386][   T26] audit: type=1400 audit(1687416427.768:85): avc:  denied  { read write } for  pid=4997 comm="syz-executor310" name="loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   91.509595][   T26] audit: type=1400 audit(1687416427.768:86): avc:  denied  { open } for  pid=4997 comm="syz-executor310" path="/dev/loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[pid  4998] memfd_create("syzkaller", 0) = 3
[pid  4998] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7c5935e000
[   91.535633][   T26] audit: type=1400 audit(1687416427.768:87): avc:  denied  { ioctl } for  pid=4997 comm="syz-executor310" path="/dev/loop0" dev="devtmpfs" ino=648 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   91.550964][ T4998] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=4998 'syz-executor310'
[pid  4998] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  4998] munmap(0x7f7c5935e000, 16777216) = 0
[pid  4998] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  4998] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  4998] close(3)                    = 0
[pid  4998] mkdir("./file0", 0777)      = 0
[   91.775438][  T900] cfg80211: failed to load regulatory.db
[   91.784277][   T26] audit: type=1400 audit(1687416428.068:88): avc:  denied  { append } for  pid=4429 comm="syslogd" name="messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[   91.806095][ T4998] loop0: detected capacity change from 0 to 32768
[   91.806622][   T26] audit: type=1400 audit(1687416428.068:89): avc:  denied  { open } for  pid=4429 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[   91.824216][ T4998] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor310 (4998)
[   91.835486][   T26] audit: type=1400 audit(1687416428.068:90): avc:  denied  { getattr } for  pid=4429 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[   91.871510][   T26] audit: type=1400 audit(1687416428.098:91): avc:  denied  { mounton } for  pid=4998 comm="syz-executor310" path="/root/syzkaller.zawJY1/0/file0" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[   91.905698][ T4998] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[   91.914645][ T4998] BTRFS info (device loop0): using free space tree
[pid  4998] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0
[pid  4998] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  4998] chdir("./file0")            = 0
[pid  4998] ioctl(4, LOOP_CLR_FD)       = 0
[pid  4998] close(4)                    = 0
[pid  4998] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[   91.941497][ T4998] BTRFS info (device loop0): enabling ssd optimizations
[   91.948699][ T4998] BTRFS info (device loop0): auto enabling async discard
[   91.962256][   T26] audit: type=1400 audit(1687416428.238:92): avc:  denied  { mount } for  pid=4998 comm="syz-executor310" name="/" dev="loop0" ino=256 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[pid  4998] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid  4998] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[pid  4998] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191
[pid  4998] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid  4998] write(6, "9", 1)            = 1
[pid  4998] ioctl(5, _IOC(_IOC_WRITE, 0x58, 0x29, 0x30), 0x20000100) = 0
[pid  4998] exit_group(0)               = ?
[pid  4998] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4998, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=37 /* 0.37 s */} ---
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555e9f620 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./0/binderfs")                  = 0
[   92.111235][   T45] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555ea7660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555ea7660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./0/file0")                      = 0
getdents64(3, 0x555555e9f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./0")                            = 0
mkdir("./1", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e9e5d0) = 5025
./strace-static-x86_64: Process 5025 attached
[pid  5025] chdir("./1")                = 0
[pid  5025] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5025] setpgid(0, 0)               = 0
[pid  5025] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5025] write(3, "1000", 4)         = 4
[pid  5025] close(3)                    = 0
[pid  5025] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5025] memfd_create("syzkaller", 0) = 3
[pid  5025] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7c5935e000
[pid  5025] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  5025] munmap(0x7f7c5935e000, 16777216) = 0
[pid  5025] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5025] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5025] close(3)                    = 0
[pid  5025] mkdir("./file0", 0777)      = 0
[   92.678616][ T5025] loop0: detected capacity change from 0 to 32768
[   92.689108][ T5025] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor310 (5025)
[   92.705207][ T5025] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[   92.713957][ T5025] BTRFS info (device loop0): using free space tree
[pid  5025] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0
[pid  5025] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5025] chdir("./file0")            = 0
[pid  5025] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5025] close(4)                    = 0
[pid  5025] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid  5025] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid  5025] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[pid  5025] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191
[pid  5025] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid  5025] write(6, "9", 1)            = 1
[   92.737099][ T5025] BTRFS info (device loop0): enabling ssd optimizations
[   92.744259][ T5025] BTRFS info (device loop0): auto enabling async discard
[   92.796184][ T5025] FAULT_INJECTION: forcing a failure.
[   92.796184][ T5025] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   92.817176][   T40] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[   92.826738][ T5025] CPU: 0 PID: 5025 Comm: syz-executor310 Not tainted 6.4.0-rc7-syzkaller-00072-gdad9774deaf1 #0
[   92.837384][ T5025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[   92.847487][ T5025] Call Trace:
[   92.850806][ T5025]  <TASK>
[   92.853773][ T5025]  dump_stack_lvl+0x136/0x150
[   92.858524][ T5025]  should_fail_ex+0x4a3/0x5b0
[   92.863282][ T5025]  _copy_from_user+0x30/0xf0
[   92.867961][ T5025]  ioctl_preallocate+0x9f/0x200
[   92.872873][ T5025]  ? fiemap_prep+0x220/0x220
[   92.877602][ T5025]  ? tomoyo_execute_permission+0x4a0/0x4a0
[   92.883493][ T5025]  do_vfs_ioctl+0x1306/0x1670
[   92.888226][ T5025]  ? vfs_fileattr_set+0xc40/0xc40
[   92.893302][ T5025]  ? ioctl_has_perm.constprop.0.isra.0+0x28c/0x420
[   92.899861][ T5025]  ? ioctl_has_perm.constprop.0.isra.0+0x295/0x420
[   92.906943][ T5025]  ? selinux_bprm_creds_for_exec+0xb20/0xb20
[   92.913006][ T5025]  ? find_held_lock+0x2d/0x110
[   92.917832][ T5025]  ? name_to_dev_t+0x362/0x9e0
[   92.922668][ T5025]  ? lock_downgrade+0x690/0x690
[   92.927582][ T5025]  ? selinux_file_ioctl+0xba/0x280
[   92.932751][ T5025]  __x64_sys_ioctl+0x10c/0x210
[   92.937657][ T5025]  do_syscall_64+0x39/0xb0
[   92.942127][ T5025]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   92.948097][ T5025] RIP: 0033:0x7f7c617abac9
[   92.952558][ T5025] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   92.972224][ T5025] RSP: 002b:00007ffefa85bda8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   92.980698][ T5025] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f7c617abac9
[   92.988739][ T5025] RDX: 0000000020000100 RSI: 0000000040305829 RDI: 0000000000000005
[pid  5025] ioctl(5, _IOC(_IOC_WRITE, 0x58, 0x29, 0x30), 0x20000100) = -1 EFAULT (Bad address)
[pid  5025] exit_group(0)               = ?
[pid  5025] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5025, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=29 /* 0.29 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555e9f620 /* 4 entries */, 32768) = 112
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./1/binderfs")                  = 0
[   92.996759][ T5025] RBP: 00007ffefa85bdd0 R08: 0000000000000001 R09: 00007ffefa85bde0
[   93.004779][ T5025] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[   93.012800][ T5025] R13: 00007ffefa85be10 R14: 00007ffefa85bdf0 R15: 0000000000000001
[   93.020825][ T5025]  </TASK>
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555ea7660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555ea7660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./1/file0")                      = 0
getdents64(3, 0x555555e9f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./1")                            = 0
mkdir("./2", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e9e5d0) = 5045
./strace-static-x86_64: Process 5045 attached
[pid  5045] chdir("./2")                = 0
[pid  5045] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5045] setpgid(0, 0)               = 0
[pid  5045] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5045] write(3, "1000", 4)         = 4
[pid  5045] close(3)                    = 0
[pid  5045] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5045] memfd_create("syzkaller", 0) = 3
[pid  5045] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7c5935e000
[pid  5045] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  5045] munmap(0x7f7c5935e000, 16777216) = 0
[pid  5045] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5045] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5045] close(3)                    = 0
[pid  5045] mkdir("./file0", 0777)      = 0
[   93.438360][ T5045] loop0: detected capacity change from 0 to 32768
[   93.449763][ T5045] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor310 (5045)
[   93.468635][ T5045] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[   93.477516][ T5045] BTRFS info (device loop0): using free space tree
[pid  5045] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0
[pid  5045] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5045] chdir("./file0")            = 0
[pid  5045] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5045] close(4)                    = 0
[pid  5045] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[   93.497675][ T5045] BTRFS info (device loop0): enabling ssd optimizations
[   93.504781][ T5045] BTRFS info (device loop0): auto enabling async discard
[pid  5045] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid  5045] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[pid  5045] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191
[pid  5045] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid  5045] write(6, "9", 1)            = 1
[   93.580658][ T5045] FAULT_INJECTION: forcing a failure.
[   93.580658][ T5045] name failslab, interval 1, probability 0, space 0, times 1
[   93.593999][ T5045] CPU: 1 PID: 5045 Comm: syz-executor310 Not tainted 6.4.0-rc7-syzkaller-00072-gdad9774deaf1 #0
[   93.604478][ T5045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[   93.614582][ T5045] Call Trace:
[   93.617898][ T5045]  <TASK>
[   93.620864][ T5045]  dump_stack_lvl+0x136/0x150
[   93.625595][ T5045]  should_fail_ex+0x4a3/0x5b0
[   93.630337][ T5045]  ? find_held_lock+0x2d/0x110
[   93.635149][ T5045]  should_failslab+0x9/0x20
[   93.639711][ T5045]  __kmem_cache_alloc_node+0x5b/0x3f0
[   93.645151][ T5045]  kmalloc_trace+0x26/0xe0
[   93.649619][ T5045]  ulist_add_merge.part.0+0x85/0x4b0
[   93.654947][ T5045]  ? btrfs_clear_delalloc_extent+0x1d4/0x900
[   93.660978][ T5045]  ulist_add+0x106/0x160
[   93.665267][ T5045]  clear_state_bit+0x151/0x3a0
[   93.670105][ T5045]  __clear_extent_bit+0x560/0xba0
[   93.675186][ T5045]  clear_record_extent_bits+0x58/0x90
[   93.680606][ T5045]  __btrfs_qgroup_release_data+0x19b/0x8f0
[   93.686474][ T5045]  ? btrfs_qgroup_account_extents+0x8d0/0x8d0
[   93.692594][ T5045]  ? find_held_lock+0x2d/0x110
[   93.697418][ T5045]  ? lock_downgrade+0x690/0x690
[   93.702331][ T5045]  btrfs_alloc_ordered_extent+0x76c/0x1000
[   93.708194][ T5045]  ? _raw_write_unlock+0x28/0x40
[   93.713894][ T5045]  ? btrfs_replace_extent_map_range+0x13f/0x1b0
[   93.720209][ T5045]  btrfs_add_ordered_extent+0x49/0xa0
[   93.725642][ T5045]  cow_file_range+0x4c0/0xd30
[   93.730384][ T5045]  ? cow_file_range_inline+0xa30/0xa30
[   93.735745][   T45] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[   93.735877][ T5045]  ? test_range_bit+0x23b/0x4b0
[   93.749930][ T5045]  ? free_extent_state+0x6a/0x2c0
[   93.755023][ T5045]  ? find_lock_delalloc_range+0x52e/0x700
[   93.760791][ T5045]  btrfs_run_delalloc_range+0x53e/0x12d0
[   93.766448][ T5045]  ? mark_lock.part.0+0xee/0x1970
[   93.771514][ T5045]  writepage_delalloc+0x1a6/0x3e0
[   93.776595][ T5045]  ? find_lock_delalloc_range+0x700/0x700
[   93.782347][ T5045]  ? find_held_lock+0x2d/0x110
[   93.787150][ T5045]  __extent_writepage+0xf8d/0x15e0
[   93.792295][ T5045]  ? btrfs_do_readpage+0x1750/0x1750
[   93.797603][ T5045]  ? folio_clear_dirty_for_io+0x10f/0x770
[   93.803372][ T5045]  extent_write_cache_pages+0x465/0xd10
[   93.808952][ T5045]  ? __extent_writepage+0x15e0/0x15e0
[   93.814371][ T5045]  extent_writepages+0x20c/0x4a0
[   93.819355][ T5045]  ? extent_write_locked_range+0xfa0/0xfa0
[   93.825189][ T5045]  ? mark_lock.part.0+0xee/0x1970
[   93.830242][ T5045]  ? find_held_lock+0x2d/0x110
[   93.835052][ T5045]  ? btrfs_readahead+0x20/0x20
[   93.839830][ T5045]  do_writepages+0x1a8/0x640
[   93.844447][ T5045]  ? writeback_set_ratelimit+0x150/0x150
[   93.850107][ T5045]  ? do_raw_spin_unlock+0x175/0x230
[   93.855415][ T5045]  ? _raw_spin_unlock+0x28/0x40
[   93.860291][ T5045]  ? wbc_attach_and_unlock_inode+0x4a3/0x910
[   93.866303][ T5045]  filemap_fdatawrite_wbc+0x147/0x1b0
[   93.871714][ T5045]  __filemap_fdatawrite_range+0xb8/0xf0
[   93.877274][ T5045]  ? delete_from_page_cache_batch+0xa60/0xa60
[   93.883362][ T5045]  btrfs_fdatawrite_range+0x4a/0x110
[   93.888765][ T5045]  btrfs_wait_ordered_range+0x75/0x290
[   93.894367][ T5045]  btrfs_fallocate+0xab6/0x27f0
[   93.899246][ T5045]  ? find_held_lock+0x2d/0x110
[   93.904043][ T5045]  ? btrfs_replace_file_extents+0x1aa0/0x1aa0
[   93.910167][ T5045]  ? avc_has_extended_perms+0x62c/0xea0
[   93.915742][ T5045]  ? lock_downgrade+0x690/0x690
[   93.920728][ T5045]  ? print_usage_bug.part.0+0x660/0x660
[   93.926306][ T5045]  ? lock_sync+0x190/0x190
[   93.930770][ T5045]  ? btrfs_replace_file_extents+0x1aa0/0x1aa0
[   93.936881][ T5045]  vfs_fallocate+0x48b/0xe40
[   93.941514][ T5045]  ioctl_preallocate+0x18e/0x200
[   93.946485][ T5045]  ? fiemap_prep+0x220/0x220
[   93.951133][ T5045]  do_vfs_ioctl+0x1306/0x1670
[   93.955838][ T5045]  ? vfs_fileattr_set+0xc40/0xc40
[   93.960884][ T5045]  ? ioctl_has_perm.constprop.0.isra.0+0x28c/0x420
[   93.967431][ T5045]  ? ioctl_has_perm.constprop.0.isra.0+0x295/0x420
[   93.973959][ T5045]  ? selinux_bprm_creds_for_exec+0xb20/0xb20
[   93.979973][ T5045]  ? find_held_lock+0x2d/0x110
[   93.984796][ T5045]  ? name_to_dev_t+0x362/0x9e0
[   93.989618][ T5045]  ? lock_downgrade+0x690/0x690
[   93.994522][ T5045]  ? selinux_file_ioctl+0xba/0x280
[   93.999658][ T5045]  __x64_sys_ioctl+0x10c/0x210
[   94.004448][ T5045]  do_syscall_64+0x39/0xb0
[   94.008885][ T5045]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   94.014815][ T5045] RIP: 0033:0x7f7c617abac9
[   94.019265][ T5045] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   94.038898][ T5045] RSP: 002b:00007ffefa85bda8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   94.047334][ T5045] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f7c617abac9
[   94.055357][ T5045] RDX: 0000000020000100 RSI: 0000000040305829 RDI: 0000000000000005
[   94.064052][ T5045] RBP: 00007ffefa85bdd0 R08: 0000000000000001 R09: 00007ffefa85bde0
[   94.072070][ T5045] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[   94.080083][ T5045] R13: 00007ffefa85be10 R14: 00007ffefa85bdf0 R15: 0000000000000002
[   94.088091][ T5045]  </TASK>
[   94.092510][ T5045] ------------[ cut here ]------------
[   94.098066][ T5045] kernel BUG at fs/btrfs/extent-io-tree.c:515!
[   94.104280][ T5045] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[   94.110367][ T5045] CPU: 1 PID: 5045 Comm: syz-executor310 Not tainted 6.4.0-rc7-syzkaller-00072-gdad9774deaf1 #0
[   94.120821][ T5045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[   94.130896][ T5045] RIP: 0010:clear_state_bit+0x31b/0x3a0
[   94.136492][ T5045] Code: 14 02 4c 89 f0 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 33 44 8b 7d 7c e9 af fe ff ff e8 ee 41 f8 fd 0f 0b eb 97 e8 e5 41 f8 fd <0f> 0b 4c 89 f7 e8 3b 16 4a fe e9 72 fd ff ff 4c 89 f7 e8 2e 16 4a
[   94.156132][ T5045] RSP: 0018:ffffc900035bece8 EFLAGS: 00010293
[   94.162235][ T5045] RAX: 0000000000000000 RBX: 00000000fffffff4 RCX: 0000000000000000
[   94.170256][ T5045] RDX: ffff8880797de080 RSI: ffffffff838b25fb RDI: 0000000000000005
[   94.178247][ T5045] RBP: ffff888029424e40 R08: 0000000000000005 R09: 0000000000000000
[   94.186234][ T5045] R10: 00000000fffffff4 R11: 0000000000000001 R12: ffff888071f1e300
[   94.194219][ T5045] R13: 0000000000000000 R14: ffff888029424ebc R15: 000000000000ffff
[   94.202307][ T5045] FS:  0000555555e9e300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[   94.211258][ T5045] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   94.217866][ T5045] CR2: 0000000020010000 CR3: 000000002bb0a000 CR4: 00000000003506e0
[   94.225859][ T5045] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   94.233852][ T5045] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   94.241874][ T5045] Call Trace:
[   94.245168][ T5045]  <TASK>
[   94.248114][ T5045]  ? die+0x32/0x90
[   94.251873][ T5045]  ? do_trap+0x1b2/0x3f0
[   94.256137][ T5045]  ? clear_state_bit+0x31b/0x3a0
[   94.261123][ T5045]  ? clear_state_bit+0x31b/0x3a0
[   94.266097][ T5045]  ? do_error_trap+0xb1/0x170
[   94.270802][ T5045]  ? clear_state_bit+0x31b/0x3a0
[   94.275780][ T5045]  ? handle_invalid_op+0x2c/0x30
[   94.280743][ T5045]  ? clear_state_bit+0x31b/0x3a0
[   94.285765][ T5045]  ? exc_invalid_op+0x2f/0x50
[   94.290483][ T5045]  ? asm_exc_invalid_op+0x1a/0x20
[   94.295548][ T5045]  ? clear_state_bit+0x31b/0x3a0
[   94.300521][ T5045]  ? clear_state_bit+0x31b/0x3a0
[   94.305494][ T5045]  ? clear_state_bit+0x31b/0x3a0
[   94.310479][ T5045]  __clear_extent_bit+0x560/0xba0
[   94.315525][ T5045]  clear_record_extent_bits+0x58/0x90
[   94.320915][ T5045]  __btrfs_qgroup_release_data+0x19b/0x8f0
[   94.326746][ T5045]  ? btrfs_qgroup_account_extents+0x8d0/0x8d0
[   94.332834][ T5045]  ? find_held_lock+0x2d/0x110
[   94.337624][ T5045]  ? lock_downgrade+0x690/0x690
[   94.342522][ T5045]  btrfs_alloc_ordered_extent+0x76c/0x1000
[   94.348356][ T5045]  ? _raw_write_unlock+0x28/0x40
[   94.353327][ T5045]  ? btrfs_replace_extent_map_range+0x13f/0x1b0
[   94.359606][ T5045]  btrfs_add_ordered_extent+0x49/0xa0
[   94.365010][ T5045]  cow_file_range+0x4c0/0xd30
[   94.369716][ T5045]  ? cow_file_range_inline+0xa30/0xa30
[   94.375196][ T5045]  ? test_range_bit+0x23b/0x4b0
[   94.380061][ T5045]  ? free_extent_state+0x6a/0x2c0
[   94.385118][ T5045]  ? find_lock_delalloc_range+0x52e/0x700
[   94.390870][ T5045]  btrfs_run_delalloc_range+0x53e/0x12d0
[   94.396531][ T5045]  ? mark_lock.part.0+0xee/0x1970
[   94.401586][ T5045]  writepage_delalloc+0x1a6/0x3e0
[   94.406653][ T5045]  ? find_lock_delalloc_range+0x700/0x700
[   94.412405][ T5045]  ? find_held_lock+0x2d/0x110
[   94.417197][ T5045]  __extent_writepage+0xf8d/0x15e0
[   94.422340][ T5045]  ? btrfs_do_readpage+0x1750/0x1750
[   94.427674][ T5045]  ? folio_clear_dirty_for_io+0x10f/0x770
[   94.433428][ T5045]  extent_write_cache_pages+0x465/0xd10
[   94.439008][ T5045]  ? __extent_writepage+0x15e0/0x15e0
[   94.444414][ T5045]  extent_writepages+0x20c/0x4a0
[   94.449384][ T5045]  ? extent_write_locked_range+0xfa0/0xfa0
[   94.455223][ T5045]  ? mark_lock.part.0+0xee/0x1970
[   94.460275][ T5045]  ? find_held_lock+0x2d/0x110
[   94.465061][ T5045]  ? btrfs_readahead+0x20/0x20
[   94.469861][ T5045]  do_writepages+0x1a8/0x640
[   94.474485][ T5045]  ? writeback_set_ratelimit+0x150/0x150
[   94.480154][ T5045]  ? do_raw_spin_unlock+0x175/0x230
[   94.485382][ T5045]  ? _raw_spin_unlock+0x28/0x40
[   94.490264][ T5045]  ? wbc_attach_and_unlock_inode+0x4a3/0x910
[   94.496285][ T5045]  filemap_fdatawrite_wbc+0x147/0x1b0
[   94.501700][ T5045]  __filemap_fdatawrite_range+0xb8/0xf0
[   94.507268][ T5045]  ? delete_from_page_cache_batch+0xa60/0xa60
[   94.513379][ T5045]  btrfs_fdatawrite_range+0x4a/0x110
[   94.518702][ T5045]  btrfs_wait_ordered_range+0x75/0x290
[   94.524201][ T5045]  btrfs_fallocate+0xab6/0x27f0
[   94.529087][ T5045]  ? find_held_lock+0x2d/0x110
[   94.533963][ T5045]  ? btrfs_replace_file_extents+0x1aa0/0x1aa0
[   94.540153][ T5045]  ? avc_has_extended_perms+0x62c/0xea0
[   94.545723][ T5045]  ? lock_downgrade+0x690/0x690
[   94.550601][ T5045]  ? print_usage_bug.part.0+0x660/0x660
[   94.556181][ T5045]  ? lock_sync+0x190/0x190
[   94.560633][ T5045]  ? btrfs_replace_file_extents+0x1aa0/0x1aa0
[   94.566821][ T5045]  vfs_fallocate+0x48b/0xe40
[   94.571462][ T5045]  ioctl_preallocate+0x18e/0x200
[   94.576441][ T5045]  ? fiemap_prep+0x220/0x220
[   94.581064][ T5045]  do_vfs_ioctl+0x1306/0x1670
[   94.585773][ T5045]  ? vfs_fileattr_set+0xc40/0xc40
[   94.590817][ T5045]  ? ioctl_has_perm.constprop.0.isra.0+0x28c/0x420
[   94.597338][ T5045]  ? ioctl_has_perm.constprop.0.isra.0+0x295/0x420
[   94.603872][ T5045]  ? selinux_bprm_creds_for_exec+0xb20/0xb20
[   94.609967][ T5045]  ? find_held_lock+0x2d/0x110
[   94.614761][ T5045]  ? name_to_dev_t+0x362/0x9e0
[   94.619558][ T5045]  ? lock_downgrade+0x690/0x690
[   94.624439][ T5045]  ? selinux_file_ioctl+0xba/0x280
[   94.629572][ T5045]  __x64_sys_ioctl+0x10c/0x210
[   94.634359][ T5045]  do_syscall_64+0x39/0xb0
[   94.638796][ T5045]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   94.644732][ T5045] RIP: 0033:0x7f7c617abac9
[   94.649183][ T5045] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   94.668811][ T5045] RSP: 002b:00007ffefa85bda8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   94.677243][ T5045] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f7c617abac9
[   94.685233][ T5045] RDX: 0000000020000100 RSI: 0000000040305829 RDI: 0000000000000005
[   94.693219][ T5045] RBP: 00007ffefa85bdd0 R08: 0000000000000001 R09: 00007ffefa85bde0
[   94.701243][ T5045] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[   94.709229][ T5045] R13: 00007ffefa85be10 R14: 00007ffefa85bdf0 R15: 0000000000000002
[   94.717223][ T5045]  </TASK>
[   94.720254][ T5045] Modules linked in:
[   94.724530][ T5045] ---[ end trace 0000000000000000 ]---
[   94.730032][ T5045] RIP: 0010:clear_state_bit+0x31b/0x3a0
[   94.735683][ T5045] Code: 14 02 4c 89 f0 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 33 44 8b 7d 7c e9 af fe ff ff e8 ee 41 f8 fd 0f 0b eb 97 e8 e5 41 f8 fd <0f> 0b 4c 89 f7 e8 3b 16 4a fe e9 72 fd ff ff 4c 89 f7 e8 2e 16 4a
[   94.755367][ T5045] RSP: 0018:ffffc900035bece8 EFLAGS: 00010293
[   94.761478][ T5045] RAX: 0000000000000000 RBX: 00000000fffffff4 RCX: 0000000000000000
[   94.769525][ T5045] RDX: ffff8880797de080 RSI: ffffffff838b25fb RDI: 0000000000000005
[   94.777553][ T5045] RBP: ffff888029424e40 R08: 0000000000000005 R09: 0000000000000000
[   94.785597][ T5045] R10: 00000000fffffff4 R11: 0000000000000001 R12: ffff888071f1e300
[   94.793624][ T5045] R13: 0000000000000000 R14: ffff888029424ebc R15: 000000000000ffff
[   94.801612][ T5045] FS:  0000555555e9e300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[   94.810592][ T5045] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   94.817313][ T5045] CR2: 0000000020010000 CR3: 000000002bb0a000 CR4: 00000000003506e0
[   94.825488][ T5045] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   94.833531][ T5045] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   94.841521][ T5045] Kernel panic - not syncing: Fatal exception
[   94.847858][ T5045] Kernel Offset: disabled
[   94.852200][ T5045] Rebooting in 86400 seconds..