./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2591230600

<...>

syzkaller
syzkaller login: [   47.870009][   T26] kauditd_printk_skb: 42 callbacks suppressed
[   47.870020][   T26] audit: type=1400 audit(1686640450.616:77): avc:  denied  { transition } for  pid=4841 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   47.899173][   T26] audit: type=1400 audit(1686640450.626:78): avc:  denied  { noatsecure } for  pid=4841 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   47.918528][   T26] audit: type=1400 audit(1686640450.646:79): avc:  denied  { write } for  pid=4841 comm="sh" path="pipe:[30145]" dev="pipefs" ino=30145 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[   47.941974][   T26] audit: type=1400 audit(1686640450.666:80): avc:  denied  { rlimitinh } for  pid=4841 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   47.961082][   T26] audit: type=1400 audit(1686640450.666:81): avc:  denied  { siginh } for  pid=4841 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   48.378985][   T26] audit: type=1400 audit(1686640451.126:82): avc:  denied  { read } for  pid=4428 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
Warning: Permanently added '10.128.0.176' (ECDSA) to the list of known hosts.
execve("./syz-executor2591230600", ["./syz-executor2591230600"], 0x7ffd2d6a8040 /* 10 vars */) = 0
brk(NULL)                               = 0x555556f2c000
brk(0x555556f2cc40)                     = 0x555556f2cc40
arch_prctl(ARCH_SET_FS, 0x555556f2c300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor2591230600", 4096) = 28
brk(0x555556f4dc40)                     = 0x555556f4dc40
brk(0x555556f4e000)                     = 0x555556f4e000
mprotect(0x7f9265151000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
[   69.445061][   T26] audit: type=1400 audit(1686640472.186:83): avc:  denied  { write } for  pid=4988 comm="strace-static-x" path="pipe:[29173]" dev="pipefs" ino=29173 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[   69.474288][ T4991] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=4991 'syz-executor259'
memfd_create("syzkaller", 0)            = 3
mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f925cc93000
[   69.474563][   T26] audit: type=1400 audit(1686640472.216:84): avc:  denied  { execmem } for  pid=4991 comm="syz-executor259" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
munmap(0x7f925cc93000, 16777216)        = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 4
ioctl(4, LOOP_SET_FD, 3)                = 0
close(3)                                = 0
mkdir("./file0", 0777)                  = 0
[   69.630645][   T26] audit: type=1400 audit(1686640472.376:85): avc:  denied  { read write } for  pid=4991 comm="syz-executor259" name="loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   69.632912][ T4991] loop0: detected capacity change from 0 to 32768
[   69.663260][   T26] audit: type=1400 audit(1686640472.376:86): avc:  denied  { open } for  pid=4991 comm="syz-executor259" path="/dev/loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   69.671001][ T4991] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor259 (4991)
[   69.689124][   T26] audit: type=1400 audit(1686640472.376:87): avc:  denied  { ioctl } for  pid=4991 comm="syz-executor259" path="/dev/loop0" dev="devtmpfs" ino=648 ioctlcmd=0x4c00 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   69.728324][   T26] audit: type=1400 audit(1686640472.416:88): avc:  denied  { mounton } for  pid=4991 comm="syz-executor259" path="/root/file0" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[   69.759010][ T4991] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[   69.768116][ T4991] BTRFS info (device loop0): using free space tree
mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0
openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
chdir("./file0")                        = 0
ioctl(4, LOOP_CLR_FD)                   = 0
close(4)                                = 0
[   69.790069][ T4991] BTRFS info (device loop0): enabling ssd optimizations
[   69.797327][ T4991] BTRFS info (device loop0): auto enabling async discard
[   69.810986][   T26] audit: type=1400 audit(1686640472.556:89): avc:  denied  { mount } for  pid=4991 comm="syz-executor259" name="/" dev="loop0" ino=256 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
creat("./bus", 000)                     = 4
open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 010) = 5
openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[   69.834062][   T26] audit: type=1400 audit(1686640472.576:90): avc:  denied  { write } for  pid=4991 comm="syz-executor259" name="/" dev="loop0" ino=256 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   69.858354][   T26] audit: type=1400 audit(1686640472.576:91): avc:  denied  { add_name } for  pid=4991 comm="syz-executor259" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[   69.880532][   T26] audit: type=1400 audit(1686640472.576:92): avc:  denied  { create } for  pid=4991 comm="syz-executor259" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
fallocate(4, 0, 0, 2622468)             = 0
openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 7
write(7, "4", 1)                        = 1
[   69.957664][ T4991] FAULT_INJECTION: forcing a failure.
[   69.957664][ T4991] name failslab, interval 1, probability 0, space 0, times 1
[   69.971278][ T4991] CPU: 1 PID: 4991 Comm: syz-executor259 Not tainted 6.4.0-rc6-syzkaller-00006-gfd37b884003c #0
[   69.981915][ T4991] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[   69.992004][ T4991] Call Trace:
[   69.995398][ T4991]  <TASK>
[   69.998390][ T4991]  dump_stack_lvl+0x136/0x150
[   70.005668][ T4991]  should_fail_ex+0x4a3/0x5b0
[   70.011124][ T4991]  should_failslab+0x9/0x20
[   70.016714][ T4991]  __kmem_cache_alloc_node+0x5b/0x3f0
[   70.023680][ T4991]  kmalloc_trace+0x26/0xe0
[   70.028965][ T4991]  ulist_add_merge.part.0+0x85/0x4b0
[   70.034581][ T4991]  ulist_add+0x106/0x160
[   70.039068][ T4991]  set_state_bits.isra.0+0x11f/0x1c0
[   70.044697][ T4991]  __set_extent_bit+0x3ec/0x15f0
[   70.049793][ T4991]  ? mark_held_locks+0x9f/0xe0
[   70.054720][ T4991]  set_record_extent_bits+0x5c/0x90
[   70.060087][ T4991]  qgroup_reserve_data+0x233/0xa80
[   70.065245][ T4991]  ? fault_in_readable+0x170/0x210
[   70.070408][ T4991]  btrfs_qgroup_reserve_data+0x2f/0xd0
[   70.075987][ T4991]  btrfs_check_data_free_space+0x111/0x280
[   70.082129][ T4991]  btrfs_buffered_write+0x519/0x1380
[   70.084878][   T40] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[   70.087443][ T4991]  ? ktime_get_coarse_real_ts64+0x1bb/0x200
[   70.087513][ T4991]  ? lockdep_hardirqs_on+0x7d/0x100
[   70.087544][ T4991]  ? btrfs_check_nocow_lock+0x3c0/0x3c0
[   70.087578][ T4991]  ? __up_read+0x1fe/0x750
[   70.087603][ T4991]  ? up_write+0x520/0x520
[   70.087627][ T4991]  btrfs_do_write_iter+0xef0/0x1470
[   70.087661][ T4991]  ? btrfs_fdatawrite_range+0x110/0x110
[   70.087695][ T4991]  vfs_write+0x945/0xd50
[   70.087721][ T4991]  ? kernel_write+0x670/0x670
[   70.087746][ T4991]  ? recalc_sigpending_tsk+0x18b/0x1d0
[   70.087783][ T4991]  ? find_held_lock+0x2d/0x110
[   70.087809][ T4991]  ? lock_downgrade+0x690/0x690
[   70.087838][ T4991]  ? __fget_light+0x20a/0x270
[   70.087862][ T4991]  ksys_write+0x12b/0x250
[   70.087887][ T4991]  ? __ia32_sys_read+0xb0/0xb0
[   70.087912][ T4991]  ? lockdep_hardirqs_on+0x7d/0x100
[   70.087940][ T4991]  ? _raw_spin_unlock_irq+0x2e/0x50
[   70.087973][ T4991]  ? ptrace_notify+0xfe/0x140
[   70.088000][ T4991]  do_syscall_64+0x39/0xb0
[   70.088021][ T4991]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   70.088058][ T4991] RIP: 0033:0x7f92650dfd19
[   70.088078][ T4991] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   70.088101][ T4991] RSP: 002b:00007ffc07b0e8b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   70.088127][ T4991] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f92650dfd19
[   70.088143][ T4991] RDX: 0000000000000049 RSI: 0000000020000180 RDI: 0000000000000005
[   70.088159][ T4991] RBP: 00007ffc07b0e8c0 R08: 0000000000000001 R09: 00007f9265090034
[   70.088176][ T4991] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007
[   70.088191][ T4991] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   70.088209][ T4991]  </TASK>
[   70.088952][ T4991] ------------[ cut here ]------------
[   70.281504][ T4991] kernel BUG at fs/btrfs/extent-io-tree.c:379!
[   70.287831][ T4991] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[   70.294291][ T4991] CPU: 1 PID: 4991 Comm: syz-executor259 Not tainted 6.4.0-rc6-syzkaller-00006-gfd37b884003c #0
[   70.304732][ T4991] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[   70.315025][ T4991] RIP: 0010:set_state_bits.isra.0+0x17b/0x1c0
[   70.321149][ T4991] Code: 38 d0 7c 04 84 d2 75 31 44 8b 73 7c e8 4e 74 f8 fd 44 89 e0 44 09 f0 89 43 7c 5b 5d 41 5c 41 5d 41 5e 41 5f c3 e8 35 74 f8 fd <0f> 0b 4c 89 ef e8 4b 47 4a fe e9 e6 fe ff ff 4c 89 ef e8 3e 47 4a
[   70.340797][ T4991] RSP: 0018:ffffc900033e7850 EFLAGS: 00010293
[   70.346873][ T4991] RAX: 0000000000000000 RBX: ffff88807e97f600 RCX: 0000000000000000
[   70.354845][ T4991] RDX: ffff88807e102080 RSI: ffffffff838af37b RDI: 0000000000000005
[   70.362826][ T4991] RBP: 00000000fffffff4 R08: 0000000000000005 R09: 0000000000000000
[   70.370918][ T4991] R10: 00000000fffffff4 R11: 41525f4749524f20 R12: 0000000000000800
[   70.379023][ T4991] R13: ffff88807e97f67c R14: 0000000000000fff R15: 0000000000000000
[   70.387636][ T4991] FS:  0000555556f2c300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[   70.396601][ T4991] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   70.403194][ T4991] CR2: 00007f7101514d00 CR3: 000000002267a000 CR4: 00000000003506e0
[   70.411200][ T4991] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   70.419190][ T4991] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   70.427164][ T4991] Call Trace:
[   70.430447][ T4991]  <TASK>
[   70.433377][ T4991]  ? die+0x32/0x90
[   70.437122][ T4991]  ? do_trap+0x1b2/0x3f0
[   70.441396][ T4991]  ? set_state_bits.isra.0+0x17b/0x1c0
[   70.447138][ T4991]  ? set_state_bits.isra.0+0x17b/0x1c0
[   70.452641][ T4991]  ? do_error_trap+0xb1/0x170
[   70.457340][ T4991]  ? set_state_bits.isra.0+0x17b/0x1c0
[   70.462830][ T4991]  ? handle_invalid_op+0x2c/0x30
[   70.467797][ T4991]  ? set_state_bits.isra.0+0x17b/0x1c0
[   70.473293][ T4991]  ? exc_invalid_op+0x2f/0x50
[   70.478110][ T4991]  ? asm_exc_invalid_op+0x1a/0x20
[   70.483190][ T4991]  ? set_state_bits.isra.0+0x17b/0x1c0
[   70.488667][ T4991]  ? set_state_bits.isra.0+0x17b/0x1c0
[   70.494169][ T4991]  __set_extent_bit+0x3ec/0x15f0
[   70.499152][ T4991]  ? mark_held_locks+0x9f/0xe0
[   70.503942][ T4991]  set_record_extent_bits+0x5c/0x90
[   70.509180][ T4991]  qgroup_reserve_data+0x233/0xa80
[   70.514316][ T4991]  ? fault_in_readable+0x170/0x210
[   70.519447][ T4991]  btrfs_qgroup_reserve_data+0x2f/0xd0
[   70.525031][ T4991]  btrfs_check_data_free_space+0x111/0x280
[   70.530901][ T4991]  btrfs_buffered_write+0x519/0x1380
[   70.536519][ T4991]  ? ktime_get_coarse_real_ts64+0x1bb/0x200
[   70.542720][ T4991]  ? lockdep_hardirqs_on+0x7d/0x100
[   70.548661][ T4991]  ? btrfs_check_nocow_lock+0x3c0/0x3c0
[   70.554354][ T4991]  ? __up_read+0x1fe/0x750
[   70.558989][ T4991]  ? up_write+0x520/0x520
[   70.563825][ T4991]  btrfs_do_write_iter+0xef0/0x1470
[   70.569431][ T4991]  ? btrfs_fdatawrite_range+0x110/0x110
[   70.575312][ T4991]  vfs_write+0x945/0xd50
[   70.580051][ T4991]  ? kernel_write+0x670/0x670
[   70.584768][ T4991]  ? recalc_sigpending_tsk+0x18b/0x1d0
[   70.590414][ T4991]  ? find_held_lock+0x2d/0x110
[   70.595187][ T4991]  ? lock_downgrade+0x690/0x690
[   70.600081][ T4991]  ? __fget_light+0x20a/0x270
[   70.604780][ T4991]  ksys_write+0x12b/0x250
[   70.609121][ T4991]  ? __ia32_sys_read+0xb0/0xb0
[   70.614037][ T4991]  ? lockdep_hardirqs_on+0x7d/0x100
[   70.619283][ T4991]  ? _raw_spin_unlock_irq+0x2e/0x50
[   70.624515][ T4991]  ? ptrace_notify+0xfe/0x140
[   70.629229][ T4991]  do_syscall_64+0x39/0xb0
[   70.633725][ T4991]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   70.639662][ T4991] RIP: 0033:0x7f92650dfd19
[   70.644174][ T4991] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   70.663854][ T4991] RSP: 002b:00007ffc07b0e8b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   70.672388][ T4991] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f92650dfd19
[   70.680398][ T4991] RDX: 0000000000000049 RSI: 0000000020000180 RDI: 0000000000000005
[   70.688392][ T4991] RBP: 00007ffc07b0e8c0 R08: 0000000000000001 R09: 00007f9265090034
[   70.696456][ T4991] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007
[   70.704448][ T4991] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   70.712451][ T4991]  </TASK>
[   70.715672][ T4991] Modules linked in:
[   70.719814][ T4991] ---[ end trace 0000000000000000 ]---
[   70.725309][ T4991] RIP: 0010:set_state_bits.isra.0+0x17b/0x1c0
[   70.731527][ T4991] Code: 38 d0 7c 04 84 d2 75 31 44 8b 73 7c e8 4e 74 f8 fd 44 89 e0 44 09 f0 89 43 7c 5b 5d 41 5c 41 5d 41 5e 41 5f c3 e8 35 74 f8 fd <0f> 0b 4c 89 ef e8 4b 47 4a fe e9 e6 fe ff ff 4c 89 ef e8 3e 47 4a
[   70.751290][ T4991] RSP: 0018:ffffc900033e7850 EFLAGS: 00010293
[   70.757406][ T4991] RAX: 0000000000000000 RBX: ffff88807e97f600 RCX: 0000000000000000
[   70.765576][ T4991] RDX: ffff88807e102080 RSI: ffffffff838af37b RDI: 0000000000000005
[   70.773607][ T4991] RBP: 00000000fffffff4 R08: 0000000000000005 R09: 0000000000000000
[   70.781681][ T4991] R10: 00000000fffffff4 R11: 41525f4749524f20 R12: 0000000000000800
[   70.789760][ T4991] R13: ffff88807e97f67c R14: 0000000000000fff R15: 0000000000000000
[   70.797872][ T4991] FS:  0000555556f2c300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[   70.807020][ T4991] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   70.813702][ T4991] CR2: 00007f7101514d00 CR3: 000000002267a000 CR4: 00000000003506e0
[   70.821931][ T4991] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   70.830007][ T4991] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   70.838117][ T4991] Kernel panic - not syncing: Fatal exception
[   70.844500][ T4991] Kernel Offset: disabled
[   70.848848][ T4991] Rebooting in 86400 seconds..