./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor130877434

<...>
Warning: Permanently added '10.128.1.94' (ECDSA) to the list of known hosts.
execve("./syz-executor130877434", ["./syz-executor130877434"], 0x7ffdf05a4b80 /* 10 vars */) = 0
brk(NULL)                               = 0x555555a9c000
brk(0x555555a9cc40)                     = 0x555555a9cc40
arch_prctl(ARCH_SET_FS, 0x555555a9c300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor130877434", 4096) = 27
brk(0x555555abdc40)                     = 0x555555abdc40
brk(0x555555abe000)                     = 0x555555abe000
mprotect(0x7fb17419d000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
getpid()                                = 4995
mkdir("./syzkaller.ZD0wVR", 0700)       = 0
chmod("./syzkaller.ZD0wVR", 0777)       = 0
chdir("./syzkaller.ZD0wVR")             = 0
mkdir("./0", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555a9c5d0) = 4996
./strace-static-x86_64: Process 4996 attached
[pid  4996] chdir("./0")                = 0
[pid  4996] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  4996] setpgid(0, 0)               = 0
[pid  4996] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  4996] write(3, "1000", 4)         = 4
[pid  4996] close(3)                    = 0
[pid  4996] symlink("/dev/binderfs", "./binderfs") = 0
[pid  4996] memfd_create("syzkaller", 0) = 3
[pid  4996] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb16bcdc000
syzkaller login: [   40.296255][ T4996] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=4996 'syz-executor130'
[pid  4996] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  4996] munmap(0x7fb16bcdc000, 16777216) = 0
[pid  4996] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  4996] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  4996] close(3)                    = 0
[pid  4996] mkdir("./bus", 0777)        = 0
[   40.405370][ T4996] loop0: detected capacity change from 0 to 32768
[   40.416325][ T4996] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor130 (4996)
[   40.432951][ T4996] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[   40.441810][ T4996] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[   40.452590][ T4996] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[   40.463382][ T4996] BTRFS warning (device loop0): excessive commit interval 622039222
[   40.471372][ T4996] BTRFS info (device loop0): force zlib compression, level 3
[   40.478934][ T4996] BTRFS info (device loop0): using free space tree
[   40.497149][ T4996] BTRFS info (device loop0): enabling ssd optimizations
[pid  4996] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "user_subvol_rm_allowed,noinode_cache,inode_cache,commit=0x00000000251390b6,compress-force,noacl,tree"...) = 0
[pid  4996] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  4996] chdir("./bus")              = 0
[pid  4996] ioctl(4, LOOP_CLR_FD)       = 0
[pid  4996] close(4)                    = 0
[pid  4996] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid  4996] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  4996] write(5, "5", 1)            = 1
[   40.504459][ T4996] BTRFS info (device loop0): auto enabling async discard
[   40.520415][   T26] audit: type=1800 audit(1682899497.706:2): pid=4996 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor130" name="bus" dev="loop0" ino=263 res=0 errno=0
[   40.788021][ T4996] FAULT_INJECTION: forcing a failure.
[   40.788021][ T4996] name failslab, interval 1, probability 0, space 0, times 1
[   40.800887][ T4996] CPU: 1 PID: 4996 Comm: syz-executor130 Not tainted 6.3.0-syzkaller-11733-g825a0714d2b3 #0
[   40.810951][ T4996] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[   40.820990][ T4996] Call Trace:
[   40.824252][ T4996]  <TASK>
[   40.827164][ T4996]  dump_stack_lvl+0x136/0x150
[   40.831927][ T4996]  should_fail_ex+0x4a3/0x5b0
[   40.836594][ T4996]  should_failslab+0x9/0x20
[   40.841075][ T4996]  kmem_cache_alloc+0x63/0x3b0
[   40.845833][ T4996]  alloc_extent_state+0x23/0x2e0
[   40.850778][ T4996]  __set_extent_bit+0x5ab/0x15f0
[   40.855728][ T4996]  set_extent_bit+0x41/0x50
[   40.860237][ T4996]  btrfs_alloc_tree_block+0xb62/0x1490
[   40.865775][ T4996]  ? btrfs_alloc_logged_file_extent+0x600/0x600
[   40.872102][ T4996]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[   40.878162][ T4996]  __btrfs_cow_block+0x3b2/0x1690
[   40.883184][ T4996]  ? update_ref_for_cow+0xb50/0xb50
[   40.888374][ T4996]  ? btrfs_qgroup_add_swapped_blocks+0x980/0x980
[   40.894714][ T4996]  ? down_write_nested+0x153/0x200
[   40.899921][ T4996]  btrfs_cow_block+0x2fa/0x820
[   40.904686][ T4996]  btrfs_search_slot+0x11c6/0x2da0
[   40.909798][ T4996]  ? split_leaf+0x13e0/0x13e0
[   40.914467][ T4996]  ? btrfs_global_root+0xf5/0x120
[   40.919478][ T4996]  ? btrfs_extent_root+0x13f/0x1a0
[   40.924581][ T4996]  ? btrfs_csum_root+0x1a0/0x1a0
[   40.929515][ T4996]  ? find_held_lock+0x2d/0x110
[   40.934361][ T4996]  lookup_inline_extent_backref+0x311/0x1210
[   40.940346][ T4996]  ? hash_extent_data_ref+0xf0/0xf0
[   40.945538][ T4996]  ? fs_reclaim_acquire+0xba/0x160
[   40.950751][ T4996]  lookup_extent_backref+0x46/0x110
[   40.955949][ T4996]  __btrfs_free_extent+0x234/0x27e0
[   40.961164][ T4996]  ? lookup_extent_backref+0x110/0x110
[   40.966611][ T4996]  ? __btrfs_run_delayed_refs+0x539/0x3770
[   40.972403][ T4996]  ? lock_downgrade+0x690/0x690
[   40.977239][ T4996]  ? _raw_read_unlock+0x28/0x40
[   40.982100][ T4996]  ? btrfs_tree_mod_log_lowest_seq+0x86/0xb0
[   40.988074][ T4996]  ? btrfs_merge_delayed_refs+0x41e/0x560
[   40.993783][ T4996]  __btrfs_run_delayed_refs+0x151d/0x3770
[   40.999496][ T4996]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[   41.005467][ T4996]  ? check_ref_cleanup+0x3e0/0x3e0
[   41.010573][ T4996]  ? lock_sync+0x190/0x190
[   41.014982][ T4996]  btrfs_run_delayed_refs+0x19a/0x540
[   41.020340][ T4996]  btrfs_commit_transaction+0x80d/0x3fa0
[   41.025972][ T4996]  ? spin_bug+0x1c0/0x1c0
[   41.030301][ T4996]  ? create_pending_snapshots+0x2c0/0x2c0
[   41.036009][ T4996]  ? start_transaction+0x2aa/0x14c0
[   41.041204][ T4996]  btrfs_sync_fs+0x132/0x730
[   41.045788][ T4996]  ? btrfs_mount_root+0xd50/0xd50
[   41.050809][ T4996]  sync_fs_one_sb+0x10b/0x150
[   41.055561][ T4996]  iterate_supers+0x140/0x2a0
[   41.060225][ T4996]  ? vfs_fsync_range+0x230/0x230
[   41.065155][ T4996]  ksys_sync+0xac/0x150
[   41.069312][ T4996]  ? vfs_fsync+0x1f0/0x1f0
[   41.073711][ T4996]  ? lockdep_hardirqs_on+0x7d/0x100
[   41.078903][ T4996]  ? _raw_spin_unlock_irq+0x2e/0x50
[   41.084100][ T4996]  ? ptrace_notify+0xfe/0x140
[   41.088766][ T4996]  ? syscall_trace_enter.constprop.0+0xb0/0x1e0
[   41.095003][ T4996]  __do_sys_sync+0xe/0x20
[   41.099419][ T4996]  do_syscall_64+0x39/0xb0
[   41.103831][ T4996]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   41.109714][ T4996] RIP: 0033:0x7fb1741299d9
[   41.114114][ T4996] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   41.133968][ T4996] RSP: 002b:00007ffcde568c18 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
[   41.142363][ T4996] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fb1741299d9
[   41.150318][ T4996] RDX: 0000000000000c40 RSI: 000000000000ffc2 RDI: 00007ffcde568c40
[   41.158273][ T4996] RBP: 00007ffcde568c40 R08: 0000000000000001 R09: 00007ffcde568c50
[   41.166226][ T4996] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   41.174265][ T4996] R13: 00007ffcde568c80 R14: 00007ffcde568c60 R15: 0000000000000000
[   41.182229][ T4996]  </TASK>
[pid  4996] sync()                      = 0
[pid  4996] exit_group(0)               = ?
[pid  4996] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4996, si_uid=0, si_status=0, si_utime=0, si_stime=20 /* 0.20 s */} ---
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555a9d620 /* 4 entries */, 32768) = 104
umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555aa5660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555aa5660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./0/bus")                        = 0
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./0/binderfs")                  = 0
getdents64(3, 0x555555a9d620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./0")                            = 0
mkdir("./1", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555a9c5d0) = 5018
./strace-static-x86_64: Process 5018 attached
[pid  5018] chdir("./1")                = 0
[pid  5018] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5018] setpgid(0, 0)               = 0
[pid  5018] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5018] write(3, "1000", 4)         = 4
[pid  5018] close(3)                    = 0
[pid  5018] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5018] memfd_create("syzkaller", 0) = 3
[pid  5018] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb16bcdc000
[pid  5018] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  5018] munmap(0x7fb16bcdc000, 16777216) = 0
[pid  5018] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5018] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5018] close(3)                    = 0
[pid  5018] mkdir("./bus", 0777)        = 0
[   41.434359][ T5018] loop0: detected capacity change from 0 to 32768
[   41.443703][ T5018] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor130 (5018)
[   41.458963][ T5018] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[   41.467687][ T5018] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[pid  5018] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "user_subvol_rm_allowed,noinode_cache,inode_cache,commit=0x00000000251390b6,compress-force,noacl,tree"...) = 0
[pid  5018] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  5018] chdir("./bus")              = 0
[pid  5018] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5018] close(4)                    = 0
[   41.478515][ T5018] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[   41.489279][ T5018] BTRFS warning (device loop0): excessive commit interval 622039222
[   41.497363][ T5018] BTRFS info (device loop0): force zlib compression, level 3
[   41.504731][ T5018] BTRFS info (device loop0): using free space tree
[   41.520317][ T5018] BTRFS info (device loop0): enabling ssd optimizations
[   41.527389][ T5018] BTRFS info (device loop0): auto enabling async discard
[pid  5018] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid  5018] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  5018] write(5, "5", 1)            = 1
[pid  5018] sync()                      = 0
[pid  5018] exit_group(0)               = ?
[pid  5018] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5018, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555a9d620 /* 4 entries */, 32768) = 104
[   41.551712][   T26] audit: type=1800 audit(1682899498.736:3): pid=5018 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor130" name="bus" dev="loop0" ino=263 res=0 errno=0
umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555aa5660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555aa5660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./1/bus")                        = 0
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./1/binderfs")                  = 0
getdents64(3, 0x555555a9d620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./1")                            = 0
mkdir("./2", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = 0
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555a9c5d0) = 5041
./strace-static-x86_64: Process 5041 attached
[pid  5041] chdir("./2")                = 0
[pid  5041] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5041] setpgid(0, 0)               = 0
[pid  5041] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5041] write(3, "1000", 4)         = 4
[pid  5041] close(3)                    = 0
[pid  5041] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5041] memfd_create("syzkaller", 0) = 3
[pid  5041] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb16bcdc000
[pid  5041] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  5041] munmap(0x7fb16bcdc000, 16777216) = 0
[pid  5041] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5041] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5041] close(3)                    = 0
[pid  5041] mkdir("./bus", 0777)        = 0
[   41.780827][ T5041] loop0: detected capacity change from 0 to 32768
[   41.790168][ T5041] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor130 (5041)
[   41.805129][ T5041] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[   41.813850][ T5041] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[pid  5041] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "user_subvol_rm_allowed,noinode_cache,inode_cache,commit=0x00000000251390b6,compress-force,noacl,tree"...) = 0
[pid  5041] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  5041] chdir("./bus")              = 0
[pid  5041] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5041] close(4)                    = 0
[   41.824625][ T5041] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[   41.835401][ T5041] BTRFS warning (device loop0): excessive commit interval 622039222
[   41.843405][ T5041] BTRFS info (device loop0): force zlib compression, level 3
[   41.850878][ T5041] BTRFS info (device loop0): using free space tree
[   41.865699][ T5041] BTRFS info (device loop0): enabling ssd optimizations
[   41.872734][ T5041] BTRFS info (device loop0): auto enabling async discard
[pid  5041] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid  5041] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  5041] write(5, "5", 1)            = 1
[   41.886503][   T26] audit: type=1800 audit(1682899499.076:4): pid=5041 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor130" name="bus" dev="loop0" ino=263 res=0 errno=0
[   41.912240][ T5041] FAULT_INJECTION: forcing a failure.
[   41.912240][ T5041] name failslab, interval 1, probability 0, space 0, times 0
[   41.925054][ T5041] CPU: 1 PID: 5041 Comm: syz-executor130 Not tainted 6.3.0-syzkaller-11733-g825a0714d2b3 #0
[   41.935128][ T5041] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[   41.945181][ T5041] Call Trace:
[   41.948459][ T5041]  <TASK>
[   41.951392][ T5041]  dump_stack_lvl+0x136/0x150
[   41.956161][ T5041]  should_fail_ex+0x4a3/0x5b0
[   41.960937][ T5041]  should_failslab+0x9/0x20
[   41.965446][ T5041]  kmem_cache_alloc+0x63/0x3b0
[   41.970221][ T5041]  alloc_extent_state+0x23/0x2e0
[   41.975270][ T5041]  __set_extent_bit+0x5ab/0x15f0
[   41.980229][ T5041]  set_extent_bit+0x41/0x50
[   41.984745][ T5041]  btrfs_alloc_tree_block+0xb62/0x1490
[   41.990300][ T5041]  ? btrfs_alloc_logged_file_extent+0x600/0x600
[   41.996648][ T5041]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[   42.002644][ T5041]  __btrfs_cow_block+0x3b2/0x1690
[   42.007686][ T5041]  ? update_ref_for_cow+0xb50/0xb50
[   42.012886][ T5041]  ? btrfs_qgroup_add_swapped_blocks+0x980/0x980
[   42.019205][ T5041]  ? down_write_nested+0x153/0x200
[   42.024302][ T5041]  btrfs_cow_block+0x2fa/0x820
[   42.029146][ T5041]  btrfs_search_slot+0x11c6/0x2da0
[   42.034262][ T5041]  ? split_leaf+0x13e0/0x13e0
[   42.038924][ T5041]  ? btrfs_global_root+0xf5/0x120
[   42.043934][ T5041]  ? btrfs_extent_root+0x13f/0x1a0
[   42.049028][ T5041]  ? btrfs_csum_root+0x1a0/0x1a0
[   42.054035][ T5041]  ? find_held_lock+0x2d/0x110
[   42.058783][ T5041]  lookup_inline_extent_backref+0x311/0x1210
[   42.064754][ T5041]  ? hash_extent_data_ref+0xf0/0xf0
[   42.070022][ T5041]  ? fs_reclaim_acquire+0xba/0x160
[   42.075125][ T5041]  lookup_extent_backref+0x46/0x110
[   42.080311][ T5041]  __btrfs_free_extent+0x234/0x27e0
[   42.085499][ T5041]  ? lookup_extent_backref+0x110/0x110
[   42.091035][ T5041]  ? __btrfs_run_delayed_refs+0x539/0x3770
[   42.096822][ T5041]  ? lock_downgrade+0x690/0x690
[   42.101719][ T5041]  ? _raw_read_unlock+0x28/0x40
[   42.106554][ T5041]  ? btrfs_tree_mod_log_lowest_seq+0x86/0xb0
[   42.112529][ T5041]  ? btrfs_merge_delayed_refs+0x41e/0x560
[   42.118243][ T5041]  __btrfs_run_delayed_refs+0x151d/0x3770
[   42.123952][ T5041]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[   42.129921][ T5041]  ? check_ref_cleanup+0x3e0/0x3e0
[   42.135014][ T5041]  ? do_syscall_64+0x39/0xb0
[   42.139684][ T5041]  ? lock_sync+0x190/0x190
[   42.144097][ T5041]  btrfs_run_delayed_refs+0x19a/0x540
[   42.149468][ T5041]  btrfs_commit_transaction+0x80d/0x3fa0
[   42.155088][ T5041]  ? spin_bug+0x1c0/0x1c0
[   42.159497][ T5041]  ? create_pending_snapshots+0x2c0/0x2c0
[   42.165205][ T5041]  ? start_transaction+0x2aa/0x14c0
[   42.170391][ T5041]  btrfs_sync_fs+0x132/0x730
[   42.174962][ T5041]  ? btrfs_mount_root+0xd50/0xd50
[   42.180056][ T5041]  sync_fs_one_sb+0x10b/0x150
[   42.184726][ T5041]  iterate_supers+0x140/0x2a0
[   42.189401][ T5041]  ? vfs_fsync_range+0x230/0x230
[   42.194406][ T5041]  ksys_sync+0xac/0x150
[   42.198640][ T5041]  ? vfs_fsync+0x1f0/0x1f0
[   42.203049][ T5041]  ? lockdep_hardirqs_on+0x7d/0x100
[   42.208229][ T5041]  ? _raw_spin_unlock_irq+0x2e/0x50
[   42.213426][ T5041]  ? ptrace_notify+0xfe/0x140
[   42.218177][ T5041]  ? syscall_trace_enter.constprop.0+0xb0/0x1e0
[   42.224403][ T5041]  __do_sys_sync+0xe/0x20
[   42.228712][ T5041]  do_syscall_64+0x39/0xb0
[   42.233112][ T5041]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   42.238997][ T5041] RIP: 0033:0x7fb1741299d9
[   42.243408][ T5041] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   42.263004][ T5041] RSP: 002b:00007ffcde568c18 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
[   42.271590][ T5041] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fb1741299d9
[   42.279646][ T5041] RDX: 0000000000000c40 RSI: 000000000000ffc2 RDI: 00007ffcde568c40
[pid  5041] sync()                      = 0
[pid  5041] exit_group(0)               = ?
[pid  5041] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5041, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=21 /* 0.21 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555a9d620 /* 4 entries */, 32768) = 104
[   42.287611][ T5041] RBP: 00007ffcde568c40 R08: 0000000000000001 R09: 00007ffcde568c50
[   42.295563][ T5041] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   42.303516][ T5041] R13: 00007ffcde568c80 R14: 00007ffcde568c60 R15: 0000000000000002
[   42.311481][ T5041]  </TASK>
umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555aa5660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555aa5660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./2/bus")                        = 0
umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./2/binderfs")                  = 0
getdents64(3, 0x555555a9d620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./2")                            = 0
mkdir("./3", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555a9c5d0) = 5059
./strace-static-x86_64: Process 5059 attached
[pid  5059] chdir("./3")                = 0
[pid  5059] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5059] setpgid(0, 0)               = 0
[pid  5059] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5059] write(3, "1000", 4)         = 4
[pid  5059] close(3)                    = 0
[pid  5059] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5059] memfd_create("syzkaller", 0) = 3
[pid  5059] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb16bcdc000
[pid  5059] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  5059] munmap(0x7fb16bcdc000, 16777216) = 0
[pid  5059] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5059] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5059] close(3)                    = 0
[pid  5059] mkdir("./bus", 0777)        = 0
[   42.496768][ T5059] loop0: detected capacity change from 0 to 32768
[   42.505290][ T5059] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor130 (5059)
[   42.519443][ T5059] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[   42.528182][ T5059] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[pid  5059] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "user_subvol_rm_allowed,noinode_cache,inode_cache,commit=0x00000000251390b6,compress-force,noacl,tree"...) = 0
[pid  5059] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  5059] chdir("./bus")              = 0
[pid  5059] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5059] close(4)                    = 0
[   42.539121][ T5059] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[   42.549907][ T5059] BTRFS warning (device loop0): excessive commit interval 622039222
[   42.557992][ T5059] BTRFS info (device loop0): force zlib compression, level 3
[   42.565361][ T5059] BTRFS info (device loop0): using free space tree
[   42.580072][ T5059] BTRFS info (device loop0): enabling ssd optimizations
[   42.587205][ T5059] BTRFS info (device loop0): auto enabling async discard
[pid  5059] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid  5059] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  5059] write(5, "5", 1)            = 1
[   42.607585][   T26] audit: type=1800 audit(1682899499.796:5): pid=5059 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor130" name="bus" dev="loop0" ino=263 res=0 errno=0
[   42.635366][ T5059] FAULT_INJECTION: forcing a failure.
[   42.635366][ T5059] name failslab, interval 1, probability 0, space 0, times 0
[   42.648748][ T5059] CPU: 0 PID: 5059 Comm: syz-executor130 Not tainted 6.3.0-syzkaller-11733-g825a0714d2b3 #0
[   42.658833][ T5059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[   42.668980][ T5059] Call Trace:
[   42.672259][ T5059]  <TASK>
[   42.675188][ T5059]  dump_stack_lvl+0x136/0x150
[   42.679870][ T5059]  should_fail_ex+0x4a3/0x5b0
[   42.684556][ T5059]  should_failslab+0x9/0x20
[   42.689072][ T5059]  kmem_cache_alloc+0x63/0x3b0
[   42.693848][ T5059]  alloc_extent_state+0x23/0x2e0
[   42.698798][ T5059]  __set_extent_bit+0x5ab/0x15f0
[   42.703779][ T5059]  set_extent_bit+0x41/0x50
[   42.708289][ T5059]  btrfs_alloc_tree_block+0xb62/0x1490
[   42.713743][ T5059]  ? btrfs_alloc_logged_file_extent+0x600/0x600
[   42.719982][ T5059]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[   42.725958][ T5059]  __btrfs_cow_block+0x3b2/0x1690
[   42.730979][ T5059]  ? update_ref_for_cow+0xb50/0xb50
[   42.736253][ T5059]  ? btrfs_qgroup_add_swapped_blocks+0x980/0x980
[   42.742567][ T5059]  ? down_write_nested+0x153/0x200
[   42.747673][ T5059]  btrfs_cow_block+0x2fa/0x820
[   42.752432][ T5059]  btrfs_search_slot+0x11c6/0x2da0
[   42.757549][ T5059]  ? split_leaf+0x13e0/0x13e0
[   42.762214][ T5059]  ? btrfs_global_root+0xf5/0x120
[   42.767227][ T5059]  ? btrfs_extent_root+0x13f/0x1a0
[   42.772324][ T5059]  ? btrfs_csum_root+0x1a0/0x1a0
[   42.777252][ T5059]  ? find_held_lock+0x2d/0x110
[   42.782006][ T5059]  lookup_inline_extent_backref+0x311/0x1210
[   42.787985][ T5059]  ? hash_extent_data_ref+0xf0/0xf0
[   42.793171][ T5059]  ? fs_reclaim_acquire+0xba/0x160
[   42.798366][ T5059]  lookup_extent_backref+0x46/0x110
[   42.803563][ T5059]  __btrfs_free_extent+0x234/0x27e0
[   42.808845][ T5059]  ? lookup_extent_backref+0x110/0x110
[   42.814295][ T5059]  ? __btrfs_run_delayed_refs+0x539/0x3770
[   42.820171][ T5059]  ? lock_downgrade+0x690/0x690
[   42.825010][ T5059]  ? _raw_read_unlock+0x28/0x40
[   42.829939][ T5059]  ? btrfs_tree_mod_log_lowest_seq+0x86/0xb0
[   42.835999][ T5059]  ? btrfs_merge_delayed_refs+0x41e/0x560
[   42.841706][ T5059]  __btrfs_run_delayed_refs+0x151d/0x3770
[   42.847632][ T5059]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[   42.853631][ T5059]  ? check_ref_cleanup+0x3e0/0x3e0
[   42.858740][ T5059]  ? do_syscall_64+0x39/0xb0
[   42.863332][ T5059]  ? lock_sync+0x190/0x190
[   42.867743][ T5059]  btrfs_run_delayed_refs+0x19a/0x540
[   42.873105][ T5059]  btrfs_commit_transaction+0x80d/0x3fa0
[   42.878730][ T5059]  ? spin_bug+0x1c0/0x1c0
[   42.883056][ T5059]  ? create_pending_snapshots+0x2c0/0x2c0
[   42.888853][ T5059]  ? start_transaction+0x2aa/0x14c0
[   42.894053][ T5059]  btrfs_sync_fs+0x132/0x730
[   42.898720][ T5059]  ? btrfs_mount_root+0xd50/0xd50
[   42.903729][ T5059]  sync_fs_one_sb+0x10b/0x150
[   42.908391][ T5059]  iterate_supers+0x140/0x2a0
[   42.913054][ T5059]  ? vfs_fsync_range+0x230/0x230
[   42.917979][ T5059]  ksys_sync+0xac/0x150
[   42.922129][ T5059]  ? vfs_fsync+0x1f0/0x1f0
[   42.926530][ T5059]  ? lockdep_hardirqs_on+0x7d/0x100
[   42.931717][ T5059]  ? _raw_spin_unlock_irq+0x2e/0x50
[   42.936914][ T5059]  ? ptrace_notify+0xfe/0x140
[   42.941582][ T5059]  ? syscall_trace_enter.constprop.0+0xb0/0x1e0
[   42.947817][ T5059]  __do_sys_sync+0xe/0x20
[   42.952130][ T5059]  do_syscall_64+0x39/0xb0
[   42.956537][ T5059]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   42.962418][ T5059] RIP: 0033:0x7fb1741299d9
[   42.966815][ T5059] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   42.986495][ T5059] RSP: 002b:00007ffcde568c18 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
[   42.994896][ T5059] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fb1741299d9
[pid  5059] sync()                      = 0
[pid  5059] exit_group(0)               = ?
[pid  5059] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5059, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=17 /* 0.17 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555a9d620 /* 4 entries */, 32768) = 104
[   43.003113][ T5059] RDX: 0000000000000c40 RSI: 000000000000ffc2 RDI: 00007ffcde568c40
[   43.011070][ T5059] RBP: 00007ffcde568c40 R08: 0000000000000001 R09: 00007ffcde568c50
[   43.019026][ T5059] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   43.027154][ T5059] R13: 00007ffcde568c80 R14: 00007ffcde568c60 R15: 0000000000000003
[   43.035124][ T5059]  </TASK>
umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./3/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555aa5660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555aa5660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./3/bus")                        = 0
umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./3/binderfs")                  = 0
getdents64(3, 0x555555a9d620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./3")                            = 0
mkdir("./4", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555a9c5d0) = 5077
./strace-static-x86_64: Process 5077 attached
[pid  5077] chdir("./4")                = 0
[pid  5077] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5077] setpgid(0, 0)               = 0
[pid  5077] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5077] write(3, "1000", 4)         = 4
[pid  5077] close(3)                    = 0
[pid  5077] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5077] memfd_create("syzkaller", 0) = 3
[pid  5077] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb16bcdc000
[pid  5077] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  5077] munmap(0x7fb16bcdc000, 16777216) = 0
[pid  5077] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5077] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5077] close(3)                    = 0
[pid  5077] mkdir("./bus", 0777)        = 0
[   43.221160][ T5077] loop0: detected capacity change from 0 to 32768
[   43.230309][ T5077] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor130 (5077)
[   43.245438][ T5077] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[   43.254263][ T5077] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[pid  5077] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "user_subvol_rm_allowed,noinode_cache,inode_cache,commit=0x00000000251390b6,compress-force,noacl,tree"...) = 0
[pid  5077] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  5077] chdir("./bus")              = 0
[pid  5077] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5077] close(4)                    = 0
[   43.265075][ T5077] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[   43.275950][ T5077] BTRFS warning (device loop0): excessive commit interval 622039222
[   43.283944][ T5077] BTRFS info (device loop0): force zlib compression, level 3
[   43.291370][ T5077] BTRFS info (device loop0): using free space tree
[   43.306234][ T5077] BTRFS info (device loop0): enabling ssd optimizations
[   43.313208][ T5077] BTRFS info (device loop0): auto enabling async discard
[pid  5077] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid  5077] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  5077] write(5, "5", 1)            = 1
[   43.333521][   T26] audit: type=1800 audit(1682899500.516:6): pid=5077 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor130" name="bus" dev="loop0" ino=263 res=0 errno=0
[   43.358206][ T5077] FAULT_INJECTION: forcing a failure.
[   43.358206][ T5077] name failslab, interval 1, probability 0, space 0, times 0
[   43.371141][ T5077] CPU: 1 PID: 5077 Comm: syz-executor130 Not tainted 6.3.0-syzkaller-11733-g825a0714d2b3 #0
[   43.381209][ T5077] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[   43.391265][ T5077] Call Trace:
[   43.394632][ T5077]  <TASK>
[   43.397563][ T5077]  dump_stack_lvl+0x136/0x150
[   43.402251][ T5077]  should_fail_ex+0x4a3/0x5b0
[   43.406943][ T5077]  should_failslab+0x9/0x20
[   43.411452][ T5077]  kmem_cache_alloc+0x63/0x3b0
[   43.416231][ T5077]  btrfs_alloc_tree_block+0xbcd/0x1490
[   43.421697][ T5077]  ? btrfs_alloc_logged_file_extent+0x600/0x600
[   43.427940][ T5077]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[   43.433919][ T5077]  __btrfs_cow_block+0x3b2/0x1690
[   43.438933][ T5077]  ? update_ref_for_cow+0xb50/0xb50
[   43.444130][ T5077]  ? btrfs_qgroup_add_swapped_blocks+0x980/0x980
[   43.450439][ T5077]  ? down_write_nested+0x153/0x200
[   43.455530][ T5077]  btrfs_cow_block+0x2fa/0x820
[   43.460364][ T5077]  btrfs_search_slot+0x11c6/0x2da0
[   43.465454][ T5077]  ? btrfs_global_root+0xf5/0x120
[   43.470463][ T5077]  ? split_leaf+0x13e0/0x13e0
[   43.475119][ T5077]  ? do_raw_read_unlock+0x44/0xe0
[   43.480129][ T5077]  ? btrfs_global_root+0xf5/0x120
[   43.485134][ T5077]  ? btrfs_extent_root+0x13f/0x1a0
[   43.490227][ T5077]  ? btrfs_csum_root+0x1a0/0x1a0
[   43.495146][ T5077]  btrfs_insert_empty_items+0xbd/0x1c0
[   43.500675][ T5077]  __btrfs_run_delayed_refs+0x1cab/0x3770
[   43.506509][ T5077]  ? check_ref_cleanup+0x3e0/0x3e0
[   43.511605][ T5077]  ? do_syscall_64+0x39/0xb0
[   43.516358][ T5077]  ? lock_sync+0x190/0x190
[   43.520761][ T5077]  btrfs_run_delayed_refs+0x19a/0x540
[   43.526118][ T5077]  btrfs_commit_transaction+0x80d/0x3fa0
[   43.532166][ T5077]  ? spin_bug+0x1c0/0x1c0
[   43.536569][ T5077]  ? create_pending_snapshots+0x2c0/0x2c0
[   43.542267][ T5077]  ? start_transaction+0x2aa/0x14c0
[   43.547449][ T5077]  btrfs_sync_fs+0x132/0x730
[   43.552077][ T5077]  ? btrfs_mount_root+0xd50/0xd50
[   43.557079][ T5077]  sync_fs_one_sb+0x10b/0x150
[   43.561729][ T5077]  iterate_supers+0x140/0x2a0
[   43.566385][ T5077]  ? vfs_fsync_range+0x230/0x230
[   43.571302][ T5077]  ksys_sync+0xac/0x150
[   43.575433][ T5077]  ? vfs_fsync+0x1f0/0x1f0
[   43.579828][ T5077]  ? lockdep_hardirqs_on+0x7d/0x100
[   43.585006][ T5077]  ? _raw_spin_unlock_irq+0x2e/0x50
[   43.590189][ T5077]  ? ptrace_notify+0xfe/0x140
[   43.594842][ T5077]  ? syscall_trace_enter.constprop.0+0xb0/0x1e0
[   43.601153][ T5077]  __do_sys_sync+0xe/0x20
[   43.605458][ T5077]  do_syscall_64+0x39/0xb0
[   43.609880][ T5077]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   43.615947][ T5077] RIP: 0033:0x7fb1741299d9
[   43.620512][ T5077] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   43.640189][ T5077] RSP: 002b:00007ffcde568c18 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
[   43.648595][ T5077] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fb1741299d9
[   43.656555][ T5077] RDX: 0000000000000c40 RSI: 000000000000ffc2 RDI: 00007ffcde568c40
[   43.664506][ T5077] RBP: 00007ffcde568c40 R08: 0000000000000001 R09: 00007ffcde568c50
[   43.672459][ T5077] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid  5077] sync()                      = 0
[pid  5077] exit_group(0)               = ?
[pid  5077] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5077, si_uid=0, si_status=0, si_utime=0, si_stime=20 /* 0.20 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555a9d620 /* 4 entries */, 32768) = 104
[   43.680523][ T5077] R13: 00007ffcde568c80 R14: 00007ffcde568c60 R15: 0000000000000004
[   43.688484][ T5077]  </TASK>
[   43.693792][ T5077] BTRFS error (device loop0): failed to run delayed ref for logical 5242880 num_bytes 4096 type 176 action 1 ref_mod 1: -12
[   43.707963][ T5077] BTRFS: error (device loop0: state A) in btrfs_run_delayed_refs:2127: errno=-12 Out of memory
[   43.718425][ T5077] BTRFS info (device loop0: state EA): forced readonly
[   43.785975][ T4995] ------------[ cut here ]------------
[   43.791500][ T4995] WARNING: CPU: 0 PID: 4995 at fs/btrfs/space-info.h:198 btrfs_space_info_update_bytes_may_use+0x452/0x590
[   43.802921][ T4995] Modules linked in:
[   43.806841][ T4995] CPU: 0 PID: 4995 Comm: syz-executor130 Not tainted 6.3.0-syzkaller-11733-g825a0714d2b3 #0
[   43.816943][ T4995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[   43.827009][ T4995] RIP: 0010:btrfs_space_info_update_bytes_may_use+0x452/0x590
[   43.834456][ T4995] Code: fd e9 40 fc ff ff e8 0d 60 fb fd 49 89 ed 4c 89 e6 49 f7 dd 4c 89 ef e8 bc 5b fb fd 4d 39 e5 0f 86 2a fd ff ff e8 ee 5f fb fd <0f> 0b 31 ed e9 24 fd ff ff e8 e0 5f fb fd 48 8d 7b 18 be ff ff ff
[   43.854106][ T4995] RSP: 0018:ffffc90003affa98 EFLAGS: 00010293
[   43.860218][ T4995] RAX: 0000000000000000 RBX: ffff88807b0c1800 RCX: 0000000000000000
[   43.868207][ T4995] RDX: ffff88807e275940 RSI: ffffffff8388fe52 RDI: 0000000000000006
[   43.876292][ T4995] RBP: ffffffffffea0000 R08: 0000000000000006 R09: 0000000000160000
[   43.884266][ T4995] R10: 000000000015f000 R11: 0000000000000000 R12: 000000000015f000
[   43.892337][ T4995] R13: 0000000000160000 R14: ffff88807b0c1860 R15: 0000000000000000
[   43.900335][ T4995] FS:  0000555555a9c300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[   43.909281][ T4995] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   43.915878][ T4995] CR2: 0000555555aa5628 CR3: 0000000075b6b000 CR4: 0000000000350ef0
[   43.923833][ T4995] Call Trace:
[   43.927146][ T4995]  <TASK>
[   43.930089][ T4995]  btrfs_block_rsv_release+0x519/0x650
[   43.935580][ T4995]  btrfs_release_global_block_rsv+0x26/0x2e0
[   43.941595][ T4995]  btrfs_free_block_groups+0xa0c/0x11d0
[   43.947310][ T4995]  ? free_root_pointers+0x6fe/0x980
[   43.952580][ T4995]  close_ctree+0x552/0xf60
[   43.957017][ T4995]  ? btrfs_cleanup_transaction.isra.0+0x11d0/0x11d0
[   43.963618][ T4995]  ? collect_domain_accesses+0x900/0x900
[   43.969287][ T4995]  ? __fsnotify_vfsmount_delete+0x20/0x20
[   43.975031][ T4995]  ? dispose_list+0x1e0/0x1e0
[   43.979776][ T4995]  ? fscrypt_destroy_keyring+0x1a/0x350
[   43.985330][ T4995]  ? btrfs_set_super+0x70/0x70
[   43.990215][ T4995]  generic_shutdown_super+0x158/0x480
[   43.995592][ T4995]  kill_anon_super+0x3a/0x60
[   44.000202][ T4995]  btrfs_kill_super+0x3c/0x50
[   44.004884][ T4995]  deactivate_locked_super+0x98/0x160
[   44.010358][ T4995]  deactivate_super+0xb1/0xd0
[   44.015041][ T4995]  cleanup_mnt+0x2ae/0x3d0
[   44.019488][ T4995]  task_work_run+0x16f/0x270
[   44.024081][ T4995]  ? task_work_cancel+0x30/0x30
[   44.028953][ T4995]  ? __x64_sys_umount+0x118/0x190
[   44.033988][ T4995]  ptrace_notify+0x118/0x140
[   44.038620][ T4995]  syscall_exit_to_user_mode_prepare+0x129/0x220
[   44.044976][ T4995]  syscall_exit_to_user_mode+0xd/0x50
[   44.050394][ T4995]  do_syscall_64+0x46/0xb0
[   44.054830][ T4995]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   44.060754][ T4995] RIP: 0033:0x7fb17412ad77
[   44.065174][ T4995] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   44.084813][ T4995] RSP: 002b:00007ffcde567b28 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6
[   44.093366][ T4995] RAX: 0000000000000000 RBX: 000000000000a85b RCX: 00007fb17412ad77
[   44.101358][ T4995] RDX: 00007ffcde567be7 RSI: 000000000000000a RDI: 00007ffcde567be0
[   44.109346][ T4995] RBP: 00007ffcde567be0 R08: 00000000ffffffff R09: 00007ffcde5679c0
[   44.117420][ T4995] R10: 0000555555a9d633 R11: 0000000000000206 R12: 00007ffcde568c60
[   44.125386][ T4995] R13: 0000555555a9d5f0 R14: 00007ffcde567b50 R15: 0000000000000005
[   44.133405][ T4995]  </TASK>
[   44.136435][ T4995] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   44.143860][ T4995] CPU: 0 PID: 4995 Comm: syz-executor130 Not tainted 6.3.0-syzkaller-11733-g825a0714d2b3 #0
[   44.154072][ T4995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[   44.164192][ T4995] Call Trace:
[   44.167462][ T4995]  <TASK>
[   44.170380][ T4995]  dump_stack_lvl+0xd9/0x150
[   44.174961][ T4995]  panic+0x686/0x730
[   44.178847][ T4995]  ? panic_smp_self_stop+0xa0/0xa0
[   44.183951][ T4995]  ? show_trace_log_lvl+0x285/0x390
[   44.189149][ T4995]  ? btrfs_space_info_update_bytes_may_use+0x452/0x590
[   44.195995][ T4995]  check_panic_on_warn+0xb1/0xc0
[   44.200924][ T4995]  __warn+0xf2/0x390
[   44.204813][ T4995]  ? btrfs_space_info_update_bytes_may_use+0x452/0x590
[   44.211768][ T4995]  report_bug+0x2da/0x500
[   44.216198][ T4995]  handle_bug+0x3c/0x70
[   44.220350][ T4995]  exc_invalid_op+0x18/0x50
[   44.224843][ T4995]  asm_exc_invalid_op+0x1a/0x20
[   44.229711][ T4995] RIP: 0010:btrfs_space_info_update_bytes_may_use+0x452/0x590
[   44.237166][ T4995] Code: fd e9 40 fc ff ff e8 0d 60 fb fd 49 89 ed 4c 89 e6 49 f7 dd 4c 89 ef e8 bc 5b fb fd 4d 39 e5 0f 86 2a fd ff ff e8 ee 5f fb fd <0f> 0b 31 ed e9 24 fd ff ff e8 e0 5f fb fd 48 8d 7b 18 be ff ff ff
[   44.256850][ T4995] RSP: 0018:ffffc90003affa98 EFLAGS: 00010293
[   44.262918][ T4995] RAX: 0000000000000000 RBX: ffff88807b0c1800 RCX: 0000000000000000
[   44.270876][ T4995] RDX: ffff88807e275940 RSI: ffffffff8388fe52 RDI: 0000000000000006
[   44.278839][ T4995] RBP: ffffffffffea0000 R08: 0000000000000006 R09: 0000000000160000
[   44.286795][ T4995] R10: 000000000015f000 R11: 0000000000000000 R12: 000000000015f000
[   44.294752][ T4995] R13: 0000000000160000 R14: ffff88807b0c1860 R15: 0000000000000000
[   44.302713][ T4995]  ? btrfs_space_info_update_bytes_may_use+0x452/0x590
[   44.309564][ T4995]  ? btrfs_space_info_update_bytes_may_use+0x452/0x590
[   44.316410][ T4995]  btrfs_block_rsv_release+0x519/0x650
[   44.321872][ T4995]  btrfs_release_global_block_rsv+0x26/0x2e0
[   44.327856][ T4995]  btrfs_free_block_groups+0xa0c/0x11d0
[   44.333400][ T4995]  ? free_root_pointers+0x6fe/0x980
[   44.338593][ T4995]  close_ctree+0x552/0xf60
[   44.343008][ T4995]  ? btrfs_cleanup_transaction.isra.0+0x11d0/0x11d0
[   44.349587][ T4995]  ? collect_domain_accesses+0x900/0x900
[   44.355212][ T4995]  ? __fsnotify_vfsmount_delete+0x20/0x20
[   44.360925][ T4995]  ? dispose_list+0x1e0/0x1e0
[   44.365592][ T4995]  ? fscrypt_destroy_keyring+0x1a/0x350
[   44.371134][ T4995]  ? btrfs_set_super+0x70/0x70
[   44.375886][ T4995]  generic_shutdown_super+0x158/0x480
[   44.381256][ T4995]  kill_anon_super+0x3a/0x60
[   44.385836][ T4995]  btrfs_kill_super+0x3c/0x50
[   44.390503][ T4995]  deactivate_locked_super+0x98/0x160
[   44.395875][ T4995]  deactivate_super+0xb1/0xd0
[   44.400546][ T4995]  cleanup_mnt+0x2ae/0x3d0
[   44.404951][ T4995]  task_work_run+0x16f/0x270
[   44.409530][ T4995]  ? task_work_cancel+0x30/0x30
[   44.414394][ T4995]  ? __x64_sys_umount+0x118/0x190
[   44.419421][ T4995]  ptrace_notify+0x118/0x140
[   44.424002][ T4995]  syscall_exit_to_user_mode_prepare+0x129/0x220
[   44.430329][ T4995]  syscall_exit_to_user_mode+0xd/0x50
[   44.435691][ T4995]  do_syscall_64+0x46/0xb0
[   44.440105][ T4995]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   44.445992][ T4995] RIP: 0033:0x7fb17412ad77
[   44.450393][ T4995] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   44.470081][ T4995] RSP: 002b:00007ffcde567b28 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6
[   44.478483][ T4995] RAX: 0000000000000000 RBX: 000000000000a85b RCX: 00007fb17412ad77
[   44.486440][ T4995] RDX: 00007ffcde567be7 RSI: 000000000000000a RDI: 00007ffcde567be0
[   44.494404][ T4995] RBP: 00007ffcde567be0 R08: 00000000ffffffff R09: 00007ffcde5679c0
[   44.502365][ T4995] R10: 0000555555a9d633 R11: 0000000000000206 R12: 00007ffcde568c60
[   44.510413][ T4995] R13: 0000555555a9d5f0 R14: 00007ffcde567b50 R15: 0000000000000005
[   44.518380][ T4995]  </TASK>
[   44.522343][ T4995] Kernel Offset: disabled
[   44.526748][ T4995] Rebooting in 86400 seconds..