./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3223555829

<...>
forked to background, child pid 3209
no interfaces have a carrier
[   27.437407][ T3210] 8021q: adding VLAN 0 to HW filter on device bond0
[   27.447707][ T3210] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.0.39' (ECDSA) to the list of known hosts.
execve("./syz-executor3223555829", ["./syz-executor3223555829"], 0x7ffc31b907e0 /* 10 vars */) = 0
brk(NULL)                               = 0x555555e3d000
brk(0x555555e3dc40)                     = 0x555555e3dc40
arch_prctl(ARCH_SET_FS, 0x555555e3d300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor3223555829", 4096) = 28
brk(0x555555e5ec40)                     = 0x555555e5ec40
brk(0x555555e5f000)                     = 0x555555e5f000
mprotect(0x7f83c0c90000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
getpid()                                = 3630
mkdir("./syzkaller.ru6VGH", 0700)       = 0
chmod("./syzkaller.ru6VGH", 0777)       = 0
chdir("./syzkaller.ru6VGH")             = 0
mkdir("./0", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e3d5d0) = 3631
./strace-static-x86_64: Process 3631 attached
[pid  3631] chdir("./0")                = 0
[pid  3631] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3631] setpgid(0, 0)               = 0
[pid  3631] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3631] write(3, "1000", 4)         = 4
[pid  3631] close(3)                    = 0
[pid  3631] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3631] memfd_create("syzkaller", 0) = 3
[pid  3631] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f83b87cf000
[pid  3631] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3631] munmap(0x7f83b87cf000, 16777216) = 0
[pid  3631] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3631] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3631] close(3)                    = 0
[pid  3631] mkdir("./file0", 0777)      = 0
syzkaller login: [   53.687760][ T3631] loop0: detected capacity change from 0 to 32768
[   53.698927][ T3631] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor322 (3631)
[   53.717977][ T3631] BTRFS info (device loop0): using sha256 (sha256-ni) checksum algorithm
[   53.726640][ T3631] BTRFS info (device loop0): using free space tree
[pid  3631] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0
[pid  3631] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3631] chdir("./file0")            = 0
[pid  3631] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3631] close(4)                    = 0
[pid  3631] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[   53.747853][ T3631] BTRFS info (device loop0): enabling ssd optimizations
[pid  3631] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid  3631] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[pid  3631] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191
[pid  3631] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid  3631] write(6, "9", 1)            = 1
[   53.829191][ T1098] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[   53.839905][ T3631] FAULT_INJECTION: forcing a failure.
[   53.839905][ T3631] name failslab, interval 1, probability 0, space 0, times 1
[   53.852855][ T3631] CPU: 0 PID: 3631 Comm: syz-executor322 Not tainted 6.1.0-rc8-syzkaller-00152-g3ecc37918c80 #0
[   53.863300][ T3631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   53.873384][ T3631] Call Trace:
[   53.876680][ T3631]  <TASK>
[   53.879626][ T3631]  dump_stack_lvl+0xd1/0x138
[   53.884278][ T3631]  should_fail_ex.cold+0x5/0xa
[   53.889183][ T3631]  ? alloc_extent_map+0x1e/0x150
[   53.894143][ T3631]  should_failslab+0x9/0x20
[   53.898674][ T3631]  kmem_cache_alloc+0x5a/0x3d0
[   53.903552][ T3631]  alloc_extent_map+0x1e/0x150
[   53.908518][ T3631]  create_io_em+0x32/0x2d0
[   53.912974][ T3631]  cow_file_range+0x4bd/0xd10
[   53.917700][ T3631]  ? cow_file_range_inline+0x7c0/0x7c0
[   53.923211][ T3631]  ? find_lock_delalloc_range+0x529/0x680
[   53.928967][ T3631]  btrfs_run_delalloc_range+0x578/0x12c0
[   53.934648][ T3631]  writepage_delalloc+0x1a6/0x3e0
[   53.939721][ T3631]  ? find_lock_delalloc_range+0x680/0x680
[   53.945520][ T3631]  __extent_writepage+0xffd/0x1550
[   53.950663][ T3631]  ? percpu_counter_add_batch+0xc1/0x180
[   53.956452][ T3631]  ? btrfs_do_readpage+0x1750/0x1750
[   53.961779][ T3631]  ? folio_clear_dirty_for_io+0x10f/0x740
[   53.967516][ T3631]  extent_write_cache_pages+0x614/0x16b0
[   53.973179][ T3631]  ? __extent_writepage+0x1550/0x1550
[   53.978586][ T3631]  ? stack_trace_save+0x90/0xc0
[   53.983491][ T3631]  ? module_get_kallsym+0x1ee/0x660
[   53.988715][ T3631]  ? save_trace+0x43/0xad0
[   53.993154][ T3631]  ? _find_first_zero_bit+0x94/0xb0
[   53.998389][ T3631]  extent_writepages+0x1d8/0x460
[   54.003383][ T3631]  ? extent_write_locked_range+0xe90/0xe90
[   54.009215][ T3631]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[   54.015227][ T3631]  ? btrfs_readahead+0x20/0x20
[   54.020036][ T3631]  do_writepages+0x1af/0x690
[   54.024640][ T3631]  ? writeback_set_ratelimit+0x150/0x150
[   54.030287][ T3631]  ? wbc_attach_and_unlock_inode+0x44d/0x8d0
[   54.036294][ T3631]  ? lock_downgrade+0x6e0/0x6e0
[   54.041203][ T3631]  ? lock_release+0x810/0x810
[   54.045908][ T3631]  ? do_raw_spin_unlock+0x175/0x230
[   54.051144][ T3631]  ? _raw_spin_unlock+0x28/0x40
[   54.056018][ T3631]  ? wbc_attach_and_unlock_inode+0x4a3/0x8d0
[   54.062025][ T3631]  filemap_fdatawrite_wbc+0x147/0x1b0
[   54.067420][ T3631]  __filemap_fdatawrite_range+0xb8/0xf0
[   54.072986][ T3631]  ? delete_from_page_cache_batch+0xd60/0xd60
[   54.079081][ T3631]  ? mark_lock.part.0+0xee/0x1910
[   54.084125][ T3631]  ? mark_lock.part.0+0xee/0x1910
[   54.089172][ T3631]  ? down_write+0x157/0x220
[   54.093693][ T3631]  btrfs_fdatawrite_range+0x4a/0x110
[   54.099122][ T3631]  btrfs_wait_ordered_range+0x75/0x2a0
[   54.104645][ T3631]  btrfs_fallocate+0xabe/0x27c0
[   54.109542][ T3631]  ? btrfs_replace_file_extents+0x14e0/0x14e0
[   54.115614][ T3631]  ? debug_check_no_obj_freed+0x210/0x420
[   54.121371][ T3631]  ? lock_downgrade+0x6e0/0x6e0
[   54.126288][ T3631]  ? lock_release+0x810/0x810
[   54.130981][ T3631]  ? __might_fault+0xd9/0x180
[   54.135667][ T3631]  ? btrfs_replace_file_extents+0x14e0/0x14e0
[   54.141729][ T3631]  vfs_fallocate+0x48b/0xe00
[   54.146319][ T3631]  ioctl_preallocate+0x18e/0x200
[   54.151254][ T3631]  ? fiemap_prep+0x220/0x220
[   54.155851][ T3631]  do_vfs_ioctl+0x1306/0x1600
[   54.160546][ T3631]  ? vfs_fileattr_set+0xbe0/0xbe0
[   54.165605][ T3631]  ? find_held_lock+0x2d/0x110
[   54.170390][ T3631]  ? name_to_dev_t+0x312/0x990
[   54.175189][ T3631]  ? lock_downgrade+0x6e0/0x6e0
[   54.180073][ T3631]  ? bpf_lsm_file_ioctl+0x9/0x10
[   54.185068][ T3631]  __x64_sys_ioctl+0x10c/0x210
[   54.189868][ T3631]  do_syscall_64+0x39/0xb0
[   54.194421][ T3631]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   54.200330][ T3631] RIP: 0033:0x7f83c0c1caa9
[   54.204757][ T3631] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   54.224371][ T3631] RSP: 002b:00007ffd74f1df08 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   54.232789][ T3631] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f83c0c1caa9
[   54.240768][ T3631] RDX: 0000000020000100 RSI: 0000000040305829 RDI: 0000000000000005
[   54.248744][ T3631] RBP: 00007ffd74f1df30 R08: 0000000000000001 R09: 00007ffd74f1df40
[   54.256712][ T3631] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[   54.264684][ T3631] R13: 00007ffd74f1df70 R14: 00007ffd74f1df50 R15: 0000000000000000
[   54.272668][ T3631]  </TASK>
[pid  3631] ioctl(5, _IOC(_IOC_WRITE, 0x58, 0x29, 0x30), 0x20000100) = -1 EIO (Input/output error)
[pid  3631] exit_group(0)               = ?
[pid  3631] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3631, si_uid=0, si_status=0, si_utime=3, si_stime=18} ---
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555e3e620 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./0/binderfs")                  = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555e46660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555e46660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./0/file0")                      = 0
getdents64(3, 0x555555e3e620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./0")                            = 0
mkdir("./1", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e3d5d0) = 3654
./strace-static-x86_64: Process 3654 attached
[pid  3654] chdir("./1")                = 0
[pid  3654] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3654] setpgid(0, 0)               = 0
[pid  3654] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3654] write(3, "1000", 4)         = 4
[pid  3654] close(3)                    = 0
[pid  3654] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3654] memfd_create("syzkaller", 0) = 3
[pid  3654] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f83b87cf000
[pid  3654] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3654] munmap(0x7f83b87cf000, 16777216) = 0
[pid  3654] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3654] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3654] close(3)                    = 0
[pid  3654] mkdir("./file0", 0777)      = 0
[pid  3654] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0
[pid  3654] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3654] chdir("./file0")            = 0
[pid  3654] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3654] close(4)                    = 0
[pid  3654] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[   54.666009][ T3654] loop0: detected capacity change from 0 to 32768
[   54.679496][ T3654] BTRFS info (device loop0): using sha256 (sha256-ni) checksum algorithm
[   54.688164][ T3654] BTRFS info (device loop0): using free space tree
[   54.706708][ T3654] BTRFS info (device loop0): enabling ssd optimizations
[pid  3654] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid  3654] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[pid  3654] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191
[pid  3654] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid  3654] write(6, "9", 1)            = 1
[   54.754531][  T101] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[   54.768828][ T3654] FAULT_INJECTION: forcing a failure.
[   54.768828][ T3654] name failslab, interval 1, probability 0, space 0, times 0
[   54.782724][ T3654] CPU: 0 PID: 3654 Comm: syz-executor322 Not tainted 6.1.0-rc8-syzkaller-00152-g3ecc37918c80 #0
[   54.793180][ T3654] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   54.803346][ T3654] Call Trace:
[   54.806638][ T3654]  <TASK>
[   54.809584][ T3654]  dump_stack_lvl+0xd1/0x138
[   54.814200][ T3654]  should_fail_ex.cold+0x5/0xa
[   54.818996][ T3654]  ? alloc_extent_state+0x25/0x430
[   54.824140][ T3654]  should_failslab+0x9/0x20
[   54.828765][ T3654]  kmem_cache_alloc+0x5a/0x3d0
[   54.833633][ T3654]  alloc_extent_state+0x25/0x430
[   54.838608][ T3654]  __set_extent_bit+0x6ab/0x1430
[   54.843598][ T3654]  ? do_raw_spin_lock+0x124/0x2b0
[   54.848658][ T3654]  lock_extent+0x97/0x180
[   54.853020][ T3654]  ? try_lock_extent+0x130/0x130
[   54.857985][ T3654]  ? _raw_spin_unlock+0x28/0x40
[   54.862861][ T3654]  ? btrfs_find_delalloc_range+0x3ba/0x5d0
[   54.868723][ T3654]  find_lock_delalloc_range+0x279/0x680
[   54.874409][ T3654]  ? lock_delalloc_pages+0x1c0/0x1c0
[   54.879701][ T3654]  writepage_delalloc+0x16a/0x3e0
[   54.884736][ T3654]  ? find_lock_delalloc_range+0x680/0x680
[   54.890460][ T3654]  __extent_writepage+0xffd/0x1550
[   54.895603][ T3654]  ? percpu_counter_add_batch+0xc1/0x180
[   54.901231][ T3654]  ? btrfs_do_readpage+0x1750/0x1750
[   54.906526][ T3654]  ? folio_clear_dirty_for_io+0x10f/0x740
[   54.912252][ T3654]  extent_write_cache_pages+0x614/0x16b0
[   54.918504][ T3654]  ? __extent_writepage+0x1550/0x1550
[   54.923875][ T3654]  ? tomoyo_commit_ok+0x22/0x90
[   54.928722][ T3654]  ? mark_lock.part.0+0xee/0x1910
[   54.933743][ T3654]  extent_writepages+0x1d8/0x460
[   54.938763][ T3654]  ? extent_write_locked_range+0xe90/0xe90
[   54.944584][ T3654]  ? is_dynamic_key.part.0+0x130/0x130
[   54.950043][ T3654]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[   54.956019][ T3654]  ? btrfs_readahead+0x20/0x20
[   54.960861][ T3654]  do_writepages+0x1af/0x690
[   54.965445][ T3654]  ? writeback_set_ratelimit+0x150/0x150
[   54.971066][ T3654]  ? wbc_attach_and_unlock_inode+0x44d/0x8d0
[   54.977035][ T3654]  ? lock_downgrade+0x6e0/0x6e0
[   54.981881][ T3654]  ? lock_release+0x810/0x810
[   54.986557][ T3654]  ? do_raw_spin_unlock+0x175/0x230
[   54.991741][ T3654]  ? _raw_spin_unlock+0x28/0x40
[   54.996585][ T3654]  ? wbc_attach_and_unlock_inode+0x4a3/0x8d0
[   55.002662][ T3654]  filemap_fdatawrite_wbc+0x147/0x1b0
[   55.008045][ T3654]  __filemap_fdatawrite_range+0xb8/0xf0
[   55.013585][ T3654]  ? delete_from_page_cache_batch+0xd60/0xd60
[   55.019643][ T3654]  ? mark_lock.part.0+0xee/0x1910
[   55.024673][ T3654]  ? mark_lock.part.0+0xee/0x1910
[   55.029705][ T3654]  ? down_write+0x157/0x220
[   55.034194][ T3654]  btrfs_fdatawrite_range+0x4a/0x110
[   55.039484][ T3654]  btrfs_wait_ordered_range+0x75/0x2a0
[   55.045025][ T3654]  btrfs_fallocate+0xabe/0x27c0
[   55.049872][ T3654]  ? btrfs_replace_file_extents+0x14e0/0x14e0
[   55.055922][ T3654]  ? debug_check_no_obj_freed+0x210/0x420
[   55.061636][ T3654]  ? lock_downgrade+0x6e0/0x6e0
[   55.066495][ T3654]  ? lock_release+0x810/0x810
[   55.071253][ T3654]  ? __might_fault+0xd9/0x180
[   55.075947][ T3654]  ? btrfs_replace_file_extents+0x14e0/0x14e0
[   55.082016][ T3654]  vfs_fallocate+0x48b/0xe00
[   55.086608][ T3654]  ioctl_preallocate+0x18e/0x200
[   55.091533][ T3654]  ? fiemap_prep+0x220/0x220
[   55.096124][ T3654]  do_vfs_ioctl+0x1306/0x1600
[   55.100798][ T3654]  ? vfs_fileattr_set+0xbe0/0xbe0
[   55.105916][ T3654]  ? find_held_lock+0x2d/0x110
[   55.110674][ T3654]  ? name_to_dev_t+0x312/0x990
[   55.115449][ T3654]  ? lock_downgrade+0x6e0/0x6e0
[   55.120298][ T3654]  ? bpf_lsm_file_ioctl+0x9/0x10
[   55.125347][ T3654]  __x64_sys_ioctl+0x10c/0x210
[   55.130283][ T3654]  do_syscall_64+0x39/0xb0
[   55.134704][ T3654]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   55.140592][ T3654] RIP: 0033:0x7f83c0c1caa9
[   55.145000][ T3654] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   55.164703][ T3654] RSP: 002b:00007ffd74f1df08 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   55.173107][ T3654] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f83c0c1caa9
[   55.181062][ T3654] RDX: 0000000020000100 RSI: 0000000040305829 RDI: 0000000000000005
[   55.189034][ T3654] RBP: 00007ffd74f1df30 R08: 0000000000000001 R09: 00007ffd74f1df40
[   55.197005][ T3654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[pid  3654] ioctl(5, _IOC(_IOC_WRITE, 0x58, 0x29, 0x30), 0x20000100) = 0
[pid  3654] exit_group(0)               = ?
[pid  3654] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3654, si_uid=0, si_status=0, si_utime=4, si_stime=16} ---
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555e3e620 /* 4 entries */, 32768) = 112
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./1/binderfs")                  = 0
[   55.204971][ T3654] R13: 00007ffd74f1df70 R14: 00007ffd74f1df50 R15: 0000000000000001
[   55.213033][ T3654]  </TASK>
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555e46660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555e46660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./1/file0")                      = 0
getdents64(3, 0x555555e3e620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./1")                            = 0
mkdir("./2", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3675 attached
, child_tidptr=0x555555e3d5d0) = 3675
[pid  3675] chdir("./2")                = 0
[pid  3675] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3675] setpgid(0, 0)               = 0
[pid  3675] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3675] write(3, "1000", 4)         = 4
[pid  3675] close(3)                    = 0
[pid  3675] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3675] memfd_create("syzkaller", 0) = 3
[pid  3675] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f83b87cf000
[pid  3675] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3675] munmap(0x7f83b87cf000, 16777216) = 0
[pid  3675] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3675] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3675] close(3)                    = 0
[pid  3675] mkdir("./file0", 0777)      = 0
[pid  3675] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0
[pid  3675] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3675] chdir("./file0")            = 0
[pid  3675] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3675] close(4)                    = 0
[pid  3675] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid  3675] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[   55.491912][ T3675] loop0: detected capacity change from 0 to 32768
[   55.504584][ T3675] BTRFS info (device loop0): using sha256 (sha256-ni) checksum algorithm
[   55.513107][ T3675] BTRFS info (device loop0): using free space tree
[   55.531508][ T3675] BTRFS info (device loop0): enabling ssd optimizations
[pid  3675] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[pid  3675] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191
[pid  3675] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid  3675] write(6, "9", 1)            = 1
[   55.566019][ T3675] FAULT_INJECTION: forcing a failure.
[   55.566019][ T3675] name failslab, interval 1, probability 0, space 0, times 0
[   55.582218][  T101] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[   55.591632][ T3675] CPU: 0 PID: 3675 Comm: syz-executor322 Not tainted 6.1.0-rc8-syzkaller-00152-g3ecc37918c80 #0
[   55.602167][ T3675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   55.612245][ T3675] Call Trace:
[   55.615549][ T3675]  <TASK>
[   55.618499][ T3675]  dump_stack_lvl+0xd1/0x138
[   55.623123][ T3675]  should_fail_ex.cold+0x5/0xa
[   55.627930][ T3675]  ? btrfs_drop_extent_map_range+0x239/0x16c0
[   55.634118][ T3675]  should_failslab+0x9/0x20
[   55.638830][ T3675]  kmem_cache_alloc+0x5a/0x3d0
[   55.643642][ T3675]  btrfs_drop_extent_map_range+0x239/0x16c0
[   55.649576][ T3675]  ? find_held_lock+0x2d/0x110
[   55.654380][ T3675]  ? fs_reclaim_acquire+0xba/0x160
[   55.659540][ T3675]  ? btrfs_add_extent_mapping+0x6d0/0x6d0
[   55.665314][ T3675]  btrfs_replace_extent_map_range+0x102/0x180
[   55.671425][ T3675]  create_io_em+0x1cc/0x2d0
[   55.675980][ T3675]  cow_file_range+0x4bd/0xd10
[   55.680684][ T3675]  ? cow_file_range_inline+0x7c0/0x7c0
[   55.686156][ T3675]  ? find_lock_delalloc_range+0x529/0x680
[   55.691895][ T3675]  btrfs_run_delalloc_range+0x578/0x12c0
[   55.697564][ T3675]  writepage_delalloc+0x1a6/0x3e0
[   55.702627][ T3675]  ? find_lock_delalloc_range+0x680/0x680
[   55.708371][ T3675]  __extent_writepage+0xffd/0x1550
[   55.713581][ T3675]  ? percpu_counter_add_batch+0xc1/0x180
[   55.719240][ T3675]  ? btrfs_do_readpage+0x1750/0x1750
[   55.724645][ T3675]  ? folio_clear_dirty_for_io+0x10f/0x740
[   55.730371][ T3675]  extent_write_cache_pages+0x614/0x16b0
[   55.736036][ T3675]  ? __extent_writepage+0x1550/0x1550
[   55.741429][ T3675]  ? mark_lock.part.0+0xee/0x1910
[   55.746472][ T3675]  extent_writepages+0x1d8/0x460
[   55.751420][ T3675]  ? extent_write_locked_range+0xe90/0xe90
[   55.757241][ T3675]  ? is_dynamic_key.part.0+0x130/0x130
[   55.762709][ T3675]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[   55.768692][ T3675]  ? btrfs_readahead+0x20/0x20
[   55.773450][ T3675]  do_writepages+0x1af/0x690
[   55.778040][ T3675]  ? writeback_set_ratelimit+0x150/0x150
[   55.783676][ T3675]  ? wbc_attach_and_unlock_inode+0x44d/0x8d0
[   55.789647][ T3675]  ? lock_downgrade+0x6e0/0x6e0
[   55.794497][ T3675]  ? lock_release+0x810/0x810
[   55.799178][ T3675]  ? do_raw_spin_unlock+0x175/0x230
[   55.804370][ T3675]  ? _raw_spin_unlock+0x28/0x40
[   55.809217][ T3675]  ? wbc_attach_and_unlock_inode+0x4a3/0x8d0
[   55.815205][ T3675]  filemap_fdatawrite_wbc+0x147/0x1b0
[   55.820583][ T3675]  __filemap_fdatawrite_range+0xb8/0xf0
[   55.826134][ T3675]  ? delete_from_page_cache_batch+0xd60/0xd60
[   55.832201][ T3675]  ? mark_lock.part.0+0xee/0x1910
[   55.837229][ T3675]  ? mark_lock.part.0+0xee/0x1910
[   55.842262][ T3675]  ? down_write+0x157/0x220
[   55.846764][ T3675]  btrfs_fdatawrite_range+0x4a/0x110
[   55.852050][ T3675]  btrfs_wait_ordered_range+0x75/0x2a0
[   55.857613][ T3675]  btrfs_fallocate+0xabe/0x27c0
[   55.862469][ T3675]  ? btrfs_replace_file_extents+0x14e0/0x14e0
[   55.868550][ T3675]  ? debug_check_no_obj_freed+0x210/0x420
[   55.874291][ T3675]  ? lock_downgrade+0x6e0/0x6e0
[   55.879159][ T3675]  ? lock_release+0x810/0x810
[   55.883838][ T3675]  ? __might_fault+0xd9/0x180
[   55.888524][ T3675]  ? btrfs_replace_file_extents+0x14e0/0x14e0
[   55.894586][ T3675]  vfs_fallocate+0x48b/0xe00
[   55.899180][ T3675]  ioctl_preallocate+0x18e/0x200
[   55.904114][ T3675]  ? fiemap_prep+0x220/0x220
[   55.908718][ T3675]  do_vfs_ioctl+0x1306/0x1600
[   55.913395][ T3675]  ? vfs_fileattr_set+0xbe0/0xbe0
[   55.918424][ T3675]  ? find_held_lock+0x2d/0x110
[   55.923193][ T3675]  ? name_to_dev_t+0x312/0x990
[   55.927956][ T3675]  ? lock_downgrade+0x6e0/0x6e0
[   55.932820][ T3675]  ? bpf_lsm_file_ioctl+0x9/0x10
[   55.937752][ T3675]  __x64_sys_ioctl+0x10c/0x210
[   55.942517][ T3675]  do_syscall_64+0x39/0xb0
[   55.946942][ T3675]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   55.952837][ T3675] RIP: 0033:0x7f83c0c1caa9
[   55.957245][ T3675] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   55.976852][ T3675] RSP: 002b:00007ffd74f1df08 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   55.985264][ T3675] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f83c0c1caa9
[   55.993232][ T3675] RDX: 0000000020000100 RSI: 0000000040305829 RDI: 0000000000000005
[   56.001195][ T3675] RBP: 00007ffd74f1df30 R08: 0000000000000001 R09: 00007ffd74f1df40
[   56.009164][ T3675] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[pid  3675] ioctl(5, _IOC(_IOC_WRITE, 0x58, 0x29, 0x30), 0x20000100) = 0
[pid  3675] exit_group(0)               = ?
[pid  3675] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3675, si_uid=0, si_status=0, si_utime=1, si_stime=20} ---
umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555e3e620 /* 4 entries */, 32768) = 112
umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./2/binderfs")                  = 0
[   56.017136][ T3675] R13: 00007ffd74f1df70 R14: 00007ffd74f1df50 R15: 0000000000000002
[   56.025116][ T3675]  </TASK>
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555e46660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555e46660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./2/file0")                      = 0
getdents64(3, 0x555555e3e620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./2")                            = 0
mkdir("./3", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e3d5d0) = 3696
./strace-static-x86_64: Process 3696 attached
[pid  3696] chdir("./3")                = 0
[pid  3696] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3696] setpgid(0, 0)               = 0
[pid  3696] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3696] write(3, "1000", 4)         = 4
[pid  3696] close(3)                    = 0
[pid  3696] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3696] memfd_create("syzkaller", 0) = 3
[pid  3696] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f83b87cf000
[pid  3696] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3696] munmap(0x7f83b87cf000, 16777216) = 0
[pid  3696] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3696] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3696] close(3)                    = 0
[pid  3696] mkdir("./file0", 0777)      = 0
[pid  3696] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0
[pid  3696] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3696] chdir("./file0")            = 0
[pid  3696] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3696] close(4)                    = 0
[pid  3696] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[   56.328096][ T3696] loop0: detected capacity change from 0 to 32768
[   56.340374][ T3696] BTRFS info (device loop0): using sha256 (sha256-ni) checksum algorithm
[   56.349015][ T3696] BTRFS info (device loop0): using free space tree
[   56.367780][ T3696] BTRFS info (device loop0): enabling ssd optimizations
[pid  3696] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid  3696] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[pid  3696] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191
[pid  3696] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid  3696] write(6, "9", 1)            = 1
[   56.425053][ T3696] FAULT_INJECTION: forcing a failure.
[   56.425053][ T3696] name failslab, interval 1, probability 0, space 0, times 0
[   56.437981][ T3696] CPU: 1 PID: 3696 Comm: syz-executor322 Not tainted 6.1.0-rc8-syzkaller-00152-g3ecc37918c80 #0
[   56.448430][ T3696] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   56.458512][ T3696] Call Trace:
[   56.461820][ T3696]  <TASK>
[   56.464765][ T3696]  dump_stack_lvl+0xd1/0x138
[   56.469382][ T3696]  should_fail_ex.cold+0x5/0xa
[   56.474354][ T3696]  should_failslab+0x9/0x20
[   56.478986][ T3696]  __kmem_cache_alloc_node+0x66/0x3e0
[   56.484396][ T3696]  ? ulist_add_merge.part.0+0x86/0x490
[   56.490061][ T3696]  kmalloc_trace+0x26/0x60
[   56.494621][ T3696]  ulist_add_merge.part.0+0x86/0x490
[   56.494769][ T1098] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[   56.499915][ T3696]  ulist_add+0x106/0x160
[   56.513403][ T3696]  clear_state_bit+0x153/0x3a0
[   56.518216][ T3696]  __clear_extent_bit+0x578/0xca0
[   56.523301][ T3696]  clear_record_extent_bits+0x5c/0x70
[   56.528716][ T3696]  __btrfs_qgroup_release_data+0x1a2/0xa40
[   56.534576][ T3696]  ? btrfs_qgroup_account_extents+0xb60/0xb60
[   56.540687][ T3696]  ? lock_downgrade+0x6e0/0x6e0
[   56.545608][ T3696]  btrfs_add_ordered_extent+0x9d6/0x1020
[   56.551294][ T3696]  ? create_io_em+0x1e0/0x2d0
[   56.556012][ T3696]  cow_file_range+0x50f/0xd10
[   56.560761][ T3696]  ? cow_file_range_inline+0x7c0/0x7c0
[   56.566238][ T3696]  ? find_lock_delalloc_range+0x529/0x680
[   56.572158][ T3696]  btrfs_run_delalloc_range+0x578/0x12c0
[   56.577824][ T3696]  writepage_delalloc+0x1a6/0x3e0
[   56.582870][ T3696]  ? find_lock_delalloc_range+0x680/0x680
[   56.588650][ T3696]  __extent_writepage+0xffd/0x1550
[   56.593822][ T3696]  ? percpu_counter_add_batch+0xc1/0x180
[   56.599565][ T3696]  ? btrfs_do_readpage+0x1750/0x1750
[   56.604961][ T3696]  ? folio_clear_dirty_for_io+0x10f/0x740
[   56.610700][ T3696]  extent_write_cache_pages+0x614/0x16b0
[   56.616364][ T3696]  ? __extent_writepage+0x1550/0x1550
[   56.621770][ T3696]  ? mark_lock.part.0+0xee/0x1910
[   56.626825][ T3696]  extent_writepages+0x1d8/0x460
[   56.631807][ T3696]  ? extent_write_locked_range+0xe90/0xe90
[   56.637706][ T3696]  ? is_dynamic_key.part.0+0x130/0x130
[   56.643206][ T3696]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[   56.649196][ T3696]  ? btrfs_readahead+0x20/0x20
[   56.653971][ T3696]  do_writepages+0x1af/0x690
[   56.658570][ T3696]  ? writeback_set_ratelimit+0x150/0x150
[   56.664211][ T3696]  ? wbc_attach_and_unlock_inode+0x44d/0x8d0
[   56.670202][ T3696]  ? lock_downgrade+0x6e0/0x6e0
[   56.675067][ T3696]  ? lock_release+0x810/0x810
[   56.679758][ T3696]  ? do_raw_spin_unlock+0x175/0x230
[   56.684966][ T3696]  ? _raw_spin_unlock+0x28/0x40
[   56.689824][ T3696]  ? wbc_attach_and_unlock_inode+0x4a3/0x8d0
[   56.695921][ T3696]  filemap_fdatawrite_wbc+0x147/0x1b0
[   56.701315][ T3696]  __filemap_fdatawrite_range+0xb8/0xf0
[   56.706937][ T3696]  ? delete_from_page_cache_batch+0xd60/0xd60
[   56.713059][ T3696]  ? mark_lock.part.0+0xee/0x1910
[   56.718115][ T3696]  ? mark_lock.part.0+0xee/0x1910
[   56.723289][ T3696]  ? down_write+0x157/0x220
[   56.727825][ T3696]  btrfs_fdatawrite_range+0x4a/0x110
[   56.733160][ T3696]  btrfs_wait_ordered_range+0x75/0x2a0
[   56.738642][ T3696]  btrfs_fallocate+0xabe/0x27c0
[   56.743512][ T3696]  ? btrfs_replace_file_extents+0x14e0/0x14e0
[   56.749590][ T3696]  ? debug_check_no_obj_freed+0x210/0x420
[   56.755324][ T3696]  ? lock_downgrade+0x6e0/0x6e0
[   56.760381][ T3696]  ? lock_release+0x810/0x810
[   56.765082][ T3696]  ? __might_fault+0xd9/0x180
[   56.769792][ T3696]  ? btrfs_replace_file_extents+0x14e0/0x14e0
[   56.775890][ T3696]  vfs_fallocate+0x48b/0xe00
[   56.780503][ T3696]  ioctl_preallocate+0x18e/0x200
[   56.785457][ T3696]  ? fiemap_prep+0x220/0x220
[   56.790091][ T3696]  do_vfs_ioctl+0x1306/0x1600
[   56.794888][ T3696]  ? vfs_fileattr_set+0xbe0/0xbe0
[   56.799994][ T3696]  ? find_held_lock+0x2d/0x110
[   56.804781][ T3696]  ? name_to_dev_t+0x312/0x990
[   56.809552][ T3696]  ? lock_downgrade+0x6e0/0x6e0
[   56.814446][ T3696]  ? bpf_lsm_file_ioctl+0x9/0x10
[   56.819499][ T3696]  __x64_sys_ioctl+0x10c/0x210
[   56.824287][ T3696]  do_syscall_64+0x39/0xb0
[   56.828722][ T3696]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   56.834629][ T3696] RIP: 0033:0x7f83c0c1caa9
[   56.839053][ T3696] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   56.858758][ T3696] RSP: 002b:00007ffd74f1df08 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   56.867314][ T3696] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f83c0c1caa9
[   56.875321][ T3696] RDX: 0000000020000100 RSI: 0000000040305829 RDI: 0000000000000005
[   56.883296][ T3696] RBP: 00007ffd74f1df30 R08: 0000000000000001 R09: 00007ffd74f1df40
[   56.891280][ T3696] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[   56.899269][ T3696] R13: 00007ffd74f1df70 R14: 00007ffd74f1df50 R15: 0000000000000003
[   56.907453][ T3696]  </TASK>
[   56.911145][ T3696] ------------[ cut here ]------------
[   56.916682][ T3696] kernel BUG at fs/btrfs/extent-io-tree.c:517!
[   56.922939][ T3696] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[   56.929023][ T3696] CPU: 1 PID: 3696 Comm: syz-executor322 Not tainted 6.1.0-rc8-syzkaller-00152-g3ecc37918c80 #0
[   56.939444][ T3696] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   56.949511][ T3696] RIP: 0010:clear_state_bit+0x31d/0x3a0
[   56.955056][ T3696] Code: 14 02 4c 89 f0 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 33 44 8b 7d 7c e9 af fe ff ff e8 ec ae fb fd 0f 0b eb 97 e8 e3 ae fb fd <0f> 0b 4c 89 f7 e8 e9 88 48 fe e9 72 fd ff ff 4c 89 f7 e8 dc 88 48
[   56.974836][ T3696] RSP: 0018:ffffc9000415eca8 EFLAGS: 00010293
[   56.980898][ T3696] RAX: 0000000000000000 RBX: 00000000fffffff4 RCX: 0000000000000000
[   56.988866][ T3696] RDX: ffff888075d457c0 RSI: ffffffff83846f1d RDI: 0000000000000005
[   56.996827][ T3696] RBP: ffff88807e64f780 R08: 0000000000000005 R09: 0000000000000000
[   57.004784][ T3696] R10: 00000000fffffff4 R11: 0000000000000000 R12: ffff888070493a80
[   57.012741][ T3696] R13: 0000000000000000 R14: ffff88807e64f7fc R15: 000000000000efff
[   57.020709][ T3696] FS:  0000555555e3d300(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
[   57.029627][ T3696] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   57.036215][ T3696] CR2: 00007f2eb68b4050 CR3: 00000000286db000 CR4: 0000000000350ee0
[   57.044264][ T3696] Call Trace:
[   57.047527][ T3696]  <TASK>
[   57.050446][ T3696]  __clear_extent_bit+0x578/0xca0
[   57.055472][ T3696]  clear_record_extent_bits+0x5c/0x70
[   57.060834][ T3696]  __btrfs_qgroup_release_data+0x1a2/0xa40
[   57.066811][ T3696]  ? btrfs_qgroup_account_extents+0xb60/0xb60
[   57.072871][ T3696]  ? lock_downgrade+0x6e0/0x6e0
[   57.077723][ T3696]  btrfs_add_ordered_extent+0x9d6/0x1020
[   57.083375][ T3696]  ? create_io_em+0x1e0/0x2d0
[   57.088044][ T3696]  cow_file_range+0x50f/0xd10
[   57.092762][ T3696]  ? cow_file_range_inline+0x7c0/0x7c0
[   57.098211][ T3696]  ? find_lock_delalloc_range+0x529/0x680
[   57.103922][ T3696]  btrfs_run_delalloc_range+0x578/0x12c0
[   57.109550][ T3696]  writepage_delalloc+0x1a6/0x3e0
[   57.114656][ T3696]  ? find_lock_delalloc_range+0x680/0x680
[   57.120373][ T3696]  __extent_writepage+0xffd/0x1550
[   57.125564][ T3696]  ? percpu_counter_add_batch+0xc1/0x180
[   57.131183][ T3696]  ? btrfs_do_readpage+0x1750/0x1750
[   57.136481][ T3696]  ? folio_clear_dirty_for_io+0x10f/0x740
[   57.142204][ T3696]  extent_write_cache_pages+0x614/0x16b0
[   57.147921][ T3696]  ? __extent_writepage+0x1550/0x1550
[   57.153377][ T3696]  ? mark_lock.part.0+0xee/0x1910
[   57.158395][ T3696]  extent_writepages+0x1d8/0x460
[   57.163327][ T3696]  ? extent_write_locked_range+0xe90/0xe90
[   57.169129][ T3696]  ? is_dynamic_key.part.0+0x130/0x130
[   57.174581][ T3696]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[   57.180554][ T3696]  ? btrfs_readahead+0x20/0x20
[   57.185307][ T3696]  do_writepages+0x1af/0x690
[   57.189892][ T3696]  ? writeback_set_ratelimit+0x150/0x150
[   57.195515][ T3696]  ? wbc_attach_and_unlock_inode+0x44d/0x8d0
[   57.201482][ T3696]  ? lock_downgrade+0x6e0/0x6e0
[   57.206413][ T3696]  ? lock_release+0x810/0x810
[   57.211090][ T3696]  ? do_raw_spin_unlock+0x175/0x230
[   57.216273][ T3696]  ? _raw_spin_unlock+0x28/0x40
[   57.221110][ T3696]  ? wbc_attach_and_unlock_inode+0x4a3/0x8d0
[   57.227079][ T3696]  filemap_fdatawrite_wbc+0x147/0x1b0
[   57.232442][ T3696]  __filemap_fdatawrite_range+0xb8/0xf0
[   57.237982][ T3696]  ? delete_from_page_cache_batch+0xd60/0xd60
[   57.244041][ T3696]  ? mark_lock.part.0+0xee/0x1910
[   57.249062][ T3696]  ? mark_lock.part.0+0xee/0x1910
[   57.254090][ T3696]  ? down_write+0x157/0x220
[   57.258596][ T3696]  btrfs_fdatawrite_range+0x4a/0x110
[   57.263870][ T3696]  btrfs_wait_ordered_range+0x75/0x2a0
[   57.269322][ T3696]  btrfs_fallocate+0xabe/0x27c0
[   57.274185][ T3696]  ? btrfs_replace_file_extents+0x14e0/0x14e0
[   57.280243][ T3696]  ? debug_check_no_obj_freed+0x210/0x420
[   57.285972][ T3696]  ? lock_downgrade+0x6e0/0x6e0
[   57.290821][ T3696]  ? lock_release+0x810/0x810
[   57.295578][ T3696]  ? __might_fault+0xd9/0x180
[   57.300251][ T3696]  ? btrfs_replace_file_extents+0x14e0/0x14e0
[   57.306319][ T3696]  vfs_fallocate+0x48b/0xe00
[   57.310900][ T3696]  ioctl_preallocate+0x18e/0x200
[   57.315911][ T3696]  ? fiemap_prep+0x220/0x220
[   57.320494][ T3696]  do_vfs_ioctl+0x1306/0x1600
[   57.325174][ T3696]  ? vfs_fileattr_set+0xbe0/0xbe0
[   57.330186][ T3696]  ? find_held_lock+0x2d/0x110
[   57.334959][ T3696]  ? name_to_dev_t+0x312/0x990
[   57.339715][ T3696]  ? lock_downgrade+0x6e0/0x6e0
[   57.344561][ T3696]  ? bpf_lsm_file_ioctl+0x9/0x10
[   57.349570][ T3696]  __x64_sys_ioctl+0x10c/0x210
[   57.354325][ T3696]  do_syscall_64+0x39/0xb0
[   57.358732][ T3696]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   57.364629][ T3696] RIP: 0033:0x7f83c0c1caa9
[   57.369027][ T3696] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   57.388727][ T3696] RSP: 002b:00007ffd74f1df08 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   57.397127][ T3696] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f83c0c1caa9
[   57.405088][ T3696] RDX: 0000000020000100 RSI: 0000000040305829 RDI: 0000000000000005
[   57.413059][ T3696] RBP: 00007ffd74f1df30 R08: 0000000000000001 R09: 00007ffd74f1df40
[   57.421021][ T3696] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[   57.428979][ T3696] R13: 00007ffd74f1df70 R14: 00007ffd74f1df50 R15: 0000000000000003
[   57.436941][ T3696]  </TASK>
[   57.439939][ T3696] Modules linked in:
[   57.443926][ T3696] ---[ end trace 0000000000000000 ]---
[   57.449383][ T3696] RIP: 0010:clear_state_bit+0x31d/0x3a0
[   57.455075][ T3696] Code: 14 02 4c 89 f0 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 33 44 8b 7d 7c e9 af fe ff ff e8 ec ae fb fd 0f 0b eb 97 e8 e3 ae fb fd <0f> 0b 4c 89 f7 e8 e9 88 48 fe e9 72 fd ff ff 4c 89 f7 e8 dc 88 48
[   57.475166][ T3696] RSP: 0018:ffffc9000415eca8 EFLAGS: 00010293
[   57.481265][ T3696] RAX: 0000000000000000 RBX: 00000000fffffff4 RCX: 0000000000000000
[   57.489321][ T3696] RDX: ffff888075d457c0 RSI: ffffffff83846f1d RDI: 0000000000000005
[   57.497365][ T3696] RBP: ffff88807e64f780 R08: 0000000000000005 R09: 0000000000000000
[   57.505435][ T3696] R10: 00000000fffffff4 R11: 0000000000000000 R12: ffff888070493a80
[   57.513476][ T3696] R13: 0000000000000000 R14: ffff88807e64f7fc R15: 000000000000efff
[   57.521476][ T3696] FS:  0000555555e3d300(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
[   57.530631][ T3696] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   57.537264][ T3696] CR2: 00007f2eb68b4050 CR3: 00000000286db000 CR4: 0000000000350ee0
[   57.545284][ T3696] Kernel panic - not syncing: Fatal exception
[   57.552128][ T3696] Kernel Offset: disabled
[   57.556443][ T3696] Rebooting in 86400 seconds..