./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2291910927

<...>
DUID 00:04:b0:cd:33:f9:4f:8a:55:45:4d:7b:3b:ee:3a:71:f0:8b
forked to background, child pid 3209
[   30.122390][ T3210] 8021q: adding VLAN 0 to HW filter on device bond0
[   30.132509][ T3210] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.0.2' (ECDSA) to the list of known hosts.
execve("./syz-executor2291910927", ["./syz-executor2291910927"], 0x7ffddaa0a810 /* 10 vars */) = 0
brk(NULL)                               = 0x555555986000
brk(0x555555986c40)                     = 0x555555986c40
arch_prctl(ARCH_SET_FS, 0x555555986300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor2291910927", 4096) = 28
brk(0x5555559a7c40)                     = 0x5555559a7c40
brk(0x5555559a8000)                     = 0x5555559a8000
mprotect(0x7fdc57f6c000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
memfd_create("syzkaller", 0)            = 3
mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdc4fa00000
write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
munmap(0x7fdc4fa00000, 16777216)        = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 4
ioctl(4, LOOP_SET_FD, 3)                = 0
close(3)                                = 0
mkdir("./file0", 0777)                  = 0
syzkaller login: [   63.701386][ T3632] loop0: detected capacity change from 0 to 32768
[   63.712596][ T3632] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor229 (3632)
[   63.734020][ T3632] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[   63.742897][ T3632] BTRFS info (device loop0): using free space tree
mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0
openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
chdir("./file0")                        = 0
ioctl(4, LOOP_CLR_FD)                   = 0
close(4)                                = 0
creat("./bus", 000)                     = 4
open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5
openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
fallocate(4, 0, 0, 2622468)             = 0
openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 7
write(7, "4", 1)                        = 1
[   63.762705][ T3632] BTRFS info (device loop0): enabling ssd optimizations
[   63.786187][   T27] audit: type=1800 audit(1669517318.270:2): pid=3632 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor229" name="bus" dev="loop0" ino=263 res=0 errno=0
[   63.838853][ T3632] FAULT_INJECTION: forcing a failure.
[   63.838853][ T3632] name failslab, interval 1, probability 0, space 0, times 1
[   63.842807][   T46] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[   63.851822][ T3632] CPU: 1 PID: 3632 Comm: syz-executor229 Not tainted 6.1.0-rc6-syzkaller-00308-g644e9524388a #0
[   63.871248][ T3632] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   63.881323][ T3632] Call Trace:
[   63.884617][ T3632]  <TASK>
[   63.887574][ T3632]  dump_stack_lvl+0x1b1/0x28e
[   63.892304][ T3632]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   63.897790][ T3632]  ? panic+0x710/0x710
[   63.901898][ T3632]  should_fail_ex+0x395/0x4c0
[   63.906609][ T3632]  ? ulist_add_merge+0x15f/0x4a0
[   63.911554][ T3632]  should_failslab+0x5/0x20
[   63.916057][ T3632]  __kmem_cache_alloc_node+0x69/0x310
[   63.921433][ T3632]  ? read_lock_is_recursive+0x10/0x10
[   63.926804][ T3632]  ? ulist_add_merge+0x15f/0x4a0
[   63.931739][ T3632]  kmalloc_trace+0x26/0x60
[   63.936156][ T3632]  ulist_add_merge+0x15f/0x4a0
[   63.940926][ T3632]  insert_state_fast+0x159/0x250
[   63.945865][ T3632]  __set_extent_bit+0x1547/0x19a0
[   63.950909][ T3632]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[   63.956891][ T3632]  ? __kmem_cache_alloc_node+0x211/0x310
[   63.962524][ T3632]  ? qgroup_reserve_data+0x1d7/0x6f0
[   63.967830][ T3632]  set_record_extent_bits+0x50/0x80
[   63.973030][ T3632]  qgroup_reserve_data+0x27b/0x6f0
[   63.978151][ T3632]  btrfs_qgroup_reserve_data+0x2a/0xc0
[   63.983609][ T3632]  btrfs_check_data_free_space+0x144/0x240
[   63.989418][ T3632]  btrfs_buffered_write+0x56c/0x16f0
[   63.994800][ T3632]  ? __file_remove_privs+0x29b/0x6c0
[   64.000098][ T3632]  ? btrfs_do_write_iter+0x1260/0x1260
[   64.005563][ T3632]  ? __up_read+0x251/0x690
[   64.009979][ T3632]  ? up_read+0x20/0x20
[   64.014039][ T3632]  ? btrfs_write_check+0x4a9/0x540
[   64.019159][ T3632]  btrfs_do_write_iter+0xeb4/0x1260
[   64.024374][ T3632]  ? btrfs_check_nocow_unlock+0x40/0x40
[   64.029932][ T3632]  vfs_write+0x7dc/0xc50
[   64.034185][ T3632]  ? file_end_write+0x230/0x230
[   64.039032][ T3632]  ? ptrace_stop+0x74d/0x970
[   64.043630][ T3632]  ? _raw_spin_unlock_irq+0x2a/0x40
[   64.048830][ T3632]  ? __fdget_pos+0x252/0x2e0
[   64.053420][ T3632]  ksys_write+0x177/0x2a0
[   64.057755][ T3632]  ? __ia32_sys_read+0x80/0x80
[   64.062524][ T3632]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   64.068509][ T3632]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   64.074494][ T3632]  do_syscall_64+0x3d/0xb0
[   64.078914][ T3632]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   64.084807][ T3632] RIP: 0033:0x7fdc57eface9
[   64.089226][ T3632] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   64.108833][ T3632] RSP: 002b:00007ffd0af295c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   64.117260][ T3632] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fdc57eface9
[   64.125232][ T3632] RDX: 0000000000000049 RSI: 0000000020000180 RDI: 0000000000000005
[   64.133207][ T3632] RBP: 00007ffd0af295d0 R08: 0000000000000001 R09: 00007fdc57eb0034
[   64.141176][ T3632] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007
[   64.149161][ T3632] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   64.157165][ T3632]  </TASK>
[   64.160686][ T3632] ------------[ cut here ]------------
[   64.166227][ T3632] kernel BUG at fs/btrfs/extent-io-tree.c:381!
[   64.172419][ T3632] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[   64.178493][ T3632] CPU: 1 PID: 3632 Comm: syz-executor229 Not tainted 6.1.0-rc6-syzkaller-00308-g644e9524388a #0
[   64.188909][ T3632] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   64.198972][ T3632] RIP: 0010:insert_state_fast+0x242/0x250
[   64.204708][ T3632] Code: 2e fe e9 77 ff ff ff 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c 72 fe ff ff 4c 89 e7 e8 d8 c1 2e fe e9 65 fe ff ff e8 fe a8 da fd <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 66 90 55 41 57 41 56 41 55 41
[   64.224414][ T3632] RSP: 0018:ffffc90003b6f698 EFLAGS: 00010293
[   64.230501][ T3632] RAX: ffffffff83afeeb2 RBX: dffffc0000000000 RCX: ffff888018ee57c0
[   64.238479][ T3632] RDX: 0000000000000000 RSI: 00000000fffffff4 RDI: 0000000000000000
[   64.246444][ T3632] RBP: 00000000fffffff4 R08: ffffffff83afedd4 R09: 00000000ffffffff
[   64.254408][ T3632] R10: fffffbfff1a42e97 R11: 1ffffffff1a42e96 R12: 0000000000000000
[   64.262373][ T3632] R13: ffff888029b51588 R14: ffff888021a0e840 R15: 0000000000001000
[   64.270334][ T3632] FS:  0000555555986300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[   64.279248][ T3632] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   64.285823][ T3632] CR2: 000055a0f58ad000 CR3: 000000007c25a000 CR4: 00000000003506e0
[   64.293785][ T3632] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   64.301745][ T3632] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   64.309718][ T3632] Call Trace:
[   64.313010][ T3632]  <TASK>
[   64.315952][ T3632]  __set_extent_bit+0x1547/0x19a0
[   64.320991][ T3632]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[   64.326977][ T3632]  ? __kmem_cache_alloc_node+0x211/0x310
[   64.332608][ T3632]  ? qgroup_reserve_data+0x1d7/0x6f0
[   64.337891][ T3632]  set_record_extent_bits+0x50/0x80
[   64.343086][ T3632]  qgroup_reserve_data+0x27b/0x6f0
[   64.348197][ T3632]  btrfs_qgroup_reserve_data+0x2a/0xc0
[   64.353651][ T3632]  btrfs_check_data_free_space+0x144/0x240
[   64.359456][ T3632]  btrfs_buffered_write+0x56c/0x16f0
[   64.364745][ T3632]  ? __file_remove_privs+0x29b/0x6c0
[   64.370032][ T3632]  ? btrfs_do_write_iter+0x1260/0x1260
[   64.375486][ T3632]  ? __up_read+0x251/0x690
[   64.379899][ T3632]  ? up_read+0x20/0x20
[   64.383958][ T3632]  ? btrfs_write_check+0x4a9/0x540
[   64.389067][ T3632]  btrfs_do_write_iter+0xeb4/0x1260
[   64.394269][ T3632]  ? btrfs_check_nocow_unlock+0x40/0x40
[   64.399825][ T3632]  vfs_write+0x7dc/0xc50
[   64.404074][ T3632]  ? file_end_write+0x230/0x230
[   64.408922][ T3632]  ? ptrace_stop+0x74d/0x970
[   64.413513][ T3632]  ? _raw_spin_unlock_irq+0x2a/0x40
[   64.418714][ T3632]  ? __fdget_pos+0x252/0x2e0
[   64.423304][ T3632]  ksys_write+0x177/0x2a0
[   64.427636][ T3632]  ? __ia32_sys_read+0x80/0x80
[   64.432399][ T3632]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   64.438383][ T3632]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   64.444364][ T3632]  do_syscall_64+0x3d/0xb0
[   64.448779][ T3632]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   64.454669][ T3632] RIP: 0033:0x7fdc57eface9
[   64.459074][ T3632] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   64.478678][ T3632] RSP: 002b:00007ffd0af295c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   64.487085][ T3632] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fdc57eface9
[   64.495046][ T3632] RDX: 0000000000000049 RSI: 0000000020000180 RDI: 0000000000000005
[   64.503008][ T3632] RBP: 00007ffd0af295d0 R08: 0000000000000001 R09: 00007fdc57eb0034
[   64.510975][ T3632] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007
[   64.518939][ T3632] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   64.526910][ T3632]  </TASK>
[   64.529922][ T3632] Modules linked in:
[   64.533884][ T3632] ---[ end trace 0000000000000000 ]---
[   64.539369][ T3632] RIP: 0010:insert_state_fast+0x242/0x250
[   64.545125][ T3632] Code: 2e fe e9 77 ff ff ff 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c 72 fe ff ff 4c 89 e7 e8 d8 c1 2e fe e9 65 fe ff ff e8 fe a8 da fd <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 66 90 55 41 57 41 56 41 55 41
[   64.564758][ T3632] RSP: 0018:ffffc90003b6f698 EFLAGS: 00010293
[   64.570849][ T3632] RAX: ffffffff83afeeb2 RBX: dffffc0000000000 RCX: ffff888018ee57c0
[   64.578837][ T3632] RDX: 0000000000000000 RSI: 00000000fffffff4 RDI: 0000000000000000
[   64.586833][ T3632] RBP: 00000000fffffff4 R08: ffffffff83afedd4 R09: 00000000ffffffff
[   64.594788][ T3632] R10: fffffbfff1a42e97 R11: 1ffffffff1a42e96 R12: 0000000000000000
[   64.602823][ T3632] R13: ffff888029b51588 R14: ffff888021a0e840 R15: 0000000000001000
[   64.610820][ T3632] FS:  0000555555986300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[   64.619768][ T3632] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   64.626368][ T3632] CR2: 000055a0f58ad000 CR3: 000000007c25a000 CR4: 00000000003506e0
[   64.634328][ T3632] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   64.642335][ T3632] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   64.650333][ T3632] Kernel panic - not syncing: Fatal exception
[   64.656538][ T3632] Kernel Offset: disabled
[   64.660850][ T3632] Rebooting in 86400 seconds..