./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3811963949

<...>

syzkaller
syzkaller login: [   46.239136][   T26] kauditd_printk_skb: 42 callbacks suppressed
[   46.239152][   T26] audit: type=1400 audit(1688926462.247:77): avc:  denied  { transition } for  pid=4863 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   46.268434][   T26] audit: type=1400 audit(1688926462.247:78): avc:  denied  { noatsecure } for  pid=4863 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   46.287999][   T26] audit: type=1400 audit(1688926462.257:79): avc:  denied  { write } for  pid=4863 comm="sh" path="pipe:[29813]" dev="pipefs" ino=29813 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[   46.310909][   T26] audit: type=1400 audit(1688926462.257:80): avc:  denied  { rlimitinh } for  pid=4863 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   46.329959][   T26] audit: type=1400 audit(1688926462.257:81): avc:  denied  { siginh } for  pid=4863 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   47.189150][   T26] audit: type=1400 audit(1688926463.197:82): avc:  denied  { read } for  pid=4451 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
Warning: Permanently added '10.128.0.134' (ECDSA) to the list of known hosts.
execve("./syz-executor3811963949", ["./syz-executor3811963949"], 0x7ffde74f05e0 /* 10 vars */) = 0
brk(NULL)                               = 0x555555aab000
brk(0x555555aabc40)                     = 0x555555aabc40
arch_prctl(ARCH_SET_FS, 0x555555aab300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor3811963949", 4096) = 28
brk(0x555555accc40)                     = 0x555555accc40
brk(0x555555acd000)                     = 0x555555acd000
mprotect(0x7f08ea536000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
getpid()                                = 5013
mkdir("./syzkaller.XLkxgg", 0700)       = 0
chmod("./syzkaller.XLkxgg", 0777)       = 0
chdir("./syzkaller.XLkxgg")             = 0
mkdir("./0", 0777)                      = 0
[   70.255924][   T26] audit: type=1400 audit(1688926486.267:83): avc:  denied  { write } for  pid=5010 comm="strace-static-x" path="pipe:[29893]" dev="pipefs" ino=29893 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[   70.282868][   T26] audit: type=1400 audit(1688926486.297:84): avc:  denied  { execmem } for  pid=5013 comm="syz-executor381" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555aab5d0) = 5014
./strace-static-x86_64: Process 5014 attached
[pid  5014] chdir("./0")                = 0
[pid  5014] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5014] setpgid(0, 0)               = 0
[pid  5014] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5014] write(3, "1000", 4)         = 4
[pid  5014] close(3)                    = 0
[pid  5014] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5014] memfd_create("syzkaller", 0) = 3
[pid  5014] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f08e2075000
[   70.317068][   T26] audit: type=1400 audit(1688926486.327:85): avc:  denied  { read write } for  pid=5013 comm="syz-executor381" name="loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   70.327704][ T5014] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5014 'syz-executor381'
[   70.359532][   T26] audit: type=1400 audit(1688926486.327:86): avc:  denied  { open } for  pid=5013 comm="syz-executor381" path="/dev/loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   70.384700][   T26] audit: type=1400 audit(1688926486.327:87): avc:  denied  { ioctl } for  pid=5013 comm="syz-executor381" path="/dev/loop0" dev="devtmpfs" ino=648 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[pid  5014] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  5014] munmap(0x7f08e2075000, 16777216) = 0
[pid  5014] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5014] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5014] close(3)                    = 0
[pid  5014] mkdir("./bus", 0777)        = 0
[   70.574955][ T5014] loop0: detected capacity change from 0 to 32768
[   70.585534][   T26] audit: type=1400 audit(1688926486.597:88): avc:  denied  { mounton } for  pid=5014 comm="syz-executor381" path="/root/syzkaller.XLkxgg/0/bus" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[   70.589139][ T5014] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor381 (5014)
[   70.630818][ T5014] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[   70.639783][ T5014] BTRFS info (device loop0): doing ref verification
[   70.646546][ T5014] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[   70.657373][ T5014] BTRFS info (device loop0): force zlib compression, level 3
[   70.664845][ T5014] BTRFS info (device loop0): allowing degraded mounts
[   70.671656][ T5014] BTRFS info (device loop0): using free space tree
[pid  5014] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0
[pid  5014] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  5014] chdir("./bus")              = 0
[pid  5014] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5014] close(4)                    = 0
[pid  5014] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC|0x3c, 000) = 4
[pid  5014] fallocate(4, 0, 0, 1048820) = 0
[   70.692656][ T5014] BTRFS info (device loop0): auto enabling async discard
[   70.705463][   T26] audit: type=1400 audit(1688926486.717:89): avc:  denied  { mount } for  pid=5014 comm="syz-executor381" name="/" dev="loop0" ino=256 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[pid  5014] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 5
[pid  5014] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid  5014] write(6, "12", 2)           = 2
[pid  5014] pwritev2(5, [{iov_base="\x85\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73"..., iov_len=475136}, {iov_base=NULL, iov_len=0}], 2, 16384, RWF_NOWAIT) = 475136
[pid  5014] exit_group(0)               = ?
[pid  5014] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5014, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=23 /* 0.23 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555aac620 /* 4 entries */, 32768) = 104
[   70.746452][   T26] audit: type=1400 audit(1688926486.717:90): avc:  denied  { write } for  pid=5014 comm="syz-executor381" name="/" dev="loop0" ino=256 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   70.769523][   T26] audit: type=1400 audit(1688926486.717:91): avc:  denied  { add_name } for  pid=5014 comm="syz-executor381" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   70.791378][   T26] audit: type=1400 audit(1688926486.717:92): avc:  denied  { create } for  pid=5014 comm="syz-executor381" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555ab4660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555ab4660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./0/bus")                        = 0
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./0/binderfs")                  = 0
getdents64(3, 0x555555aac620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./0")                            = 0
mkdir("./1", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = 0
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5043 attached
, child_tidptr=0x555555aab5d0) = 5043
[pid  5043] chdir("./1")                = 0
[pid  5043] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5043] setpgid(0, 0)               = 0
[pid  5043] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5043] write(3, "1000", 4)         = 4
[pid  5043] close(3)                    = 0
[pid  5043] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5043] memfd_create("syzkaller", 0) = 3
[pid  5043] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f08e2075000
[pid  5043] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  5043] munmap(0x7f08e2075000, 16777216) = 0
[pid  5043] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5043] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5043] close(3)                    = 0
[pid  5043] mkdir("./bus", 0777)        = 0
[   71.255997][ T5043] loop0: detected capacity change from 0 to 32768
[   71.267458][ T5043] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor381 (5043)
[   71.285634][ T5043] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[   71.294683][ T5043] BTRFS info (device loop0): doing ref verification
[pid  5043] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0
[pid  5043] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  5043] chdir("./bus")              = 0
[pid  5043] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5043] close(4)                    = 0
[   71.301696][ T5043] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[   71.312842][ T5043] BTRFS info (device loop0): force zlib compression, level 3
[   71.320252][ T5043] BTRFS info (device loop0): allowing degraded mounts
[   71.327196][ T5043] BTRFS info (device loop0): using free space tree
[   71.347310][ T5043] BTRFS info (device loop0): auto enabling async discard
[pid  5043] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC|0x3c, 000) = 4
[pid  5043] fallocate(4, 0, 0, 1048820) = 0
[pid  5043] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 5
[pid  5043] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid  5043] write(6, "12", 2)           = 2
[pid  5043] pwritev2(5, [{iov_base="\x85\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x72\x65\x66\x5f\x76\x65\x72\x69\x66\x79\x2c\x6e\x6f\x73\x73\x64\x2c\x69\x6e\x6f\x64\x65\x5f\x63\x61\x63\x68\x65\x2c\x63\x6f\x6d\x70\x72\x65\x73"..., iov_len=475136}, {iov_base=NULL, iov_len=0}], 2, 16384, RWF_NOWAIT) = -1 EAGAIN (Resource temporarily unavailable)
[pid  5043] exit_group(0)               = ?
[pid  5043] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5043, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=26 /* 0.26 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555aac620 /* 4 entries */, 32768) = 104
umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555ab4660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555ab4660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./1/bus")                        = 0
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./1/binderfs")                  = 0
getdents64(3, 0x555555aac620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./1")                            = 0
mkdir("./2", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = 0
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5066 attached
, child_tidptr=0x555555aab5d0) = 5066
[pid  5066] chdir("./2")                = 0
[pid  5066] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5066] setpgid(0, 0)               = 0
[pid  5066] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5066] write(3, "1000", 4)         = 4
[pid  5066] close(3)                    = 0
[pid  5066] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5066] memfd_create("syzkaller", 0) = 3
[pid  5066] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f08e2075000
[pid  5066] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  5066] munmap(0x7f08e2075000, 16777216) = 0
[pid  5066] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5066] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5066] close(3)                    = 0
[pid  5066] mkdir("./bus", 0777)        = 0
[   71.803460][ T5066] loop0: detected capacity change from 0 to 32768
[   71.814750][ T5066] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor381 (5066)
[   71.829507][ T5066] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[   71.838348][ T5066] BTRFS info (device loop0): doing ref verification
[pid  5066] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0
[pid  5066] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  5066] chdir("./bus")              = 0
[pid  5066] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5066] close(4)                    = 0
[pid  5066] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|FASYNC|0x3c, 000) = 4
[pid  5066] fallocate(4, 0, 0, 1048820) = 0
[pid  5066] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 5
[pid  5066] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid  5066] write(6, "12", 2)           = 2
[   71.845074][ T5066] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[   71.855920][ T5066] BTRFS info (device loop0): force zlib compression, level 3
[   71.863384][ T5066] BTRFS info (device loop0): allowing degraded mounts
[   71.870174][ T5066] BTRFS info (device loop0): using free space tree
[   71.887962][ T5066] BTRFS info (device loop0): auto enabling async discard
[   71.921776][ T5066] FAULT_INJECTION: forcing a failure.
[   71.921776][ T5066] name failslab, interval 1, probability 0, space 0, times 0
[   71.934894][ T5066] CPU: 0 PID: 5066 Comm: syz-executor381 Not tainted 6.4.0-syzkaller-12454-g1c7873e33645 #0
[   71.945004][ T5066] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023
[   71.955090][ T5066] Call Trace:
[   71.958392][ T5066]  <TASK>
[   71.961356][ T5066]  dump_stack_lvl+0x136/0x150
[   71.966103][ T5066]  should_fail_ex+0x4a3/0x5b0
[   71.970830][ T5066]  should_failslab+0x9/0x20
[   71.975372][ T5066]  kmem_cache_alloc+0x5d/0x3f0
[   71.980179][ T5066]  split_extent_map+0x72/0xe80
[   71.984997][ T5066]  btrfs_dio_submit_io+0x40d/0x740
[   71.990145][ T5066]  ? btrfs_migrate_folio+0x100/0x100
[   71.995475][ T5066]  iomap_dio_submit_bio+0x194/0x210
[   72.000729][ T5066]  iomap_dio_bio_iter+0xb26/0x1430
[   72.005975][ T5066]  __iomap_dio_rw+0x1010/0x1d80
[   72.010876][ T5066]  ? print_usage_bug.part.0+0x670/0x670
[   72.016467][ T5066]  ? iomap_dio_bio_end_io+0x5f0/0x5f0
[   72.021886][ T5066]  ? current_time+0x79/0x2c0
[   72.026525][ T5066]  ? inode_maybe_inc_iversion+0x130/0x190
[   72.032283][ T5066]  btrfs_dio_write+0xb1/0xe0
[   72.036917][ T5066]  ? btrfs_dio_read+0xe0/0xe0
[   72.041636][ T5066]  ? iov_iter_alignment+0xe1/0x5e0
[   72.046798][ T5066]  btrfs_do_write_iter+0x971/0x11e0
[   72.052043][ T5066]  ? btrfs_fdatawrite_range+0x110/0x110
[   72.057636][ T5066]  do_iter_readv_writev+0x211/0x3b0
[   72.062893][ T5066]  ? generic_copy_file_range+0x1d0/0x1d0
[   72.068576][ T5066]  ? avc_policy_seqno+0x9/0x10
[   72.073384][ T5066]  ? selinux_file_permission+0x9c/0x530
[   72.078987][ T5066]  ? security_file_permission+0xaf/0xd0
[   72.084577][ T5066]  do_iter_write+0x182/0x810
[   72.089231][ T5066]  vfs_writev+0x1b0/0x670
[   72.093596][ T5066]  ? vfs_iter_write+0xb0/0xb0
[   72.098308][ T5066]  ? lock_sync+0x190/0x190
[   72.102758][ T5066]  ? ptrace_stop.part.0+0x4a3/0x8e0
[   72.108000][ T5066]  ? spin_bug+0x1c0/0x1c0
[   72.112358][ T5066]  ? recalc_sigpending_tsk+0x18b/0x1d0
[   72.117907][ T5066]  ? ptrace_stop.part.0+0x60f/0x8e0
[   72.123105][ T5066]  ? find_held_lock+0x2d/0x110
[   72.127865][ T5066]  do_pwritev+0x1ad/0x260
[   72.132210][ T5066]  ? do_writev+0x2f0/0x2f0
[   72.136630][ T5066]  ? _raw_spin_unlock_irq+0x23/0x50
[   72.141849][ T5066]  ? lockdep_hardirqs_on+0x7d/0x100
[   72.147054][ T5066]  __x64_sys_pwritev2+0xef/0x150
[   72.152004][ T5066]  do_syscall_64+0x39/0xb0
[   72.156465][ T5066]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   72.162485][ T5066] RIP: 0033:0x7f08ea4c2b29
[   72.166908][ T5066] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   72.186541][ T5066] RSP: 002b:00007fffb56dc888 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[   72.195053][ T5066] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f08ea4c2b29
[   72.203042][ T5066] RDX: 0000000000000002 RSI: 0000000020000240 RDI: 0000000000000005
[   72.211030][ T5066] RBP: 00007fffb56dc8c0 R08: 0000000000000000 R09: 0000000000000008
[   72.219188][ T5066] R10: 0000000000004000 R11: 0000000000000246 R12: 0000000000000006
[   72.227180][ T5066] R13: 00007fffb56dc900 R14: 00007fffb56dc8e0 R15: 0000000000000002
[   72.235158][ T5066]  </TASK>
[   72.238545][ T5066] BTRFS warning (device loop0): direct IO failed ino 263 op 0x8801 offset 0x4000 len 4096 err no 9
[   72.249345][ T5066] general protection fault, probably for non-canonical address 0xdffffc000000000c: 0000 [#1] PREEMPT SMP KASAN
[   72.261069][ T5066] KASAN: null-ptr-deref in range [0x0000000000000060-0x0000000000000067]
[   72.269481][ T5066] CPU: 0 PID: 5066 Comm: syz-executor381 Not tainted 6.4.0-syzkaller-12454-g1c7873e33645 #0
[   72.279542][ T5066] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023
[   72.289610][ T5066] RIP: 0010:btrfs_finish_ordered_extent+0x3b/0x2c0
[   72.296143][ T5066] Code: 89 d5 41 54 55 48 89 fd 53 44 89 c3 48 83 ec 10 e8 3a c2 12 fe 48 8d 7d 60 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 4f 02 00 00 48 8b 45 60 0f b6 db 48 89 04 24 0f
[   72.315774][ T5066] RSP: 0018:ffffc9000371f4d0 EFLAGS: 00010206
[   72.321847][ T5066] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000
[   72.329813][ T5066] RDX: 000000000000000c RSI: ffffffff83714026 RDI: 0000000000000060
[   72.337889][ T5066] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   72.345864][ T5066] R10: 0000000000000009 R11: 0000000000000001 R12: 0000000000001000
[   72.353846][ T5066] R13: 0000000000004000 R14: 0000000000001000 R15: 0000000000000000
[   72.361850][ T5066] FS:  0000555555aab300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[   72.370792][ T5066] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   72.377375][ T5066] CR2: 00007f08ea53a140 CR3: 000000002c72c000 CR4: 00000000003506f0
[   72.385353][ T5066] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   72.393494][ T5066] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   72.401481][ T5066] Call Trace:
[   72.404757][ T5066]  <TASK>
[   72.407687][ T5066]  ? die_addr+0x3c/0xa0
[   72.411866][ T5066]  ? exc_general_protection+0x129/0x230
[   72.417453][ T5066]  ? asm_exc_general_protection+0x26/0x30
[   72.423186][ T5066]  ? btrfs_finish_ordered_extent+0x26/0x2c0
[   72.429091][ T5066]  ? btrfs_finish_ordered_extent+0x3b/0x2c0
[   72.434996][ T5066]  btrfs_dio_end_io+0x24e/0x460
[   72.439853][ T5066]  btrfs_dio_submit_io+0x459/0x740
[   72.444995][ T5066]  ? btrfs_migrate_folio+0x100/0x100
[   72.450307][ T5066]  iomap_dio_submit_bio+0x194/0x210
[   72.455545][ T5066]  iomap_dio_bio_iter+0xb26/0x1430
[   72.460681][ T5066]  __iomap_dio_rw+0x1010/0x1d80
[   72.465546][ T5066]  ? print_usage_bug.part.0+0x670/0x670
[   72.471099][ T5066]  ? iomap_dio_bio_end_io+0x5f0/0x5f0
[   72.476487][ T5066]  ? current_time+0x79/0x2c0
[   72.481088][ T5066]  ? inode_maybe_inc_iversion+0x130/0x190
[   72.486811][ T5066]  btrfs_dio_write+0xb1/0xe0
[   72.491412][ T5066]  ? btrfs_dio_read+0xe0/0xe0
[   72.496100][ T5066]  ? iov_iter_alignment+0xe1/0x5e0
[   72.501229][ T5066]  btrfs_do_write_iter+0x971/0x11e0
[   72.506440][ T5066]  ? btrfs_fdatawrite_range+0x110/0x110
[   72.511999][ T5066]  do_iter_readv_writev+0x211/0x3b0
[   72.517234][ T5066]  ? generic_copy_file_range+0x1d0/0x1d0
[   72.522905][ T5066]  ? avc_policy_seqno+0x9/0x10
[   72.527709][ T5066]  ? selinux_file_permission+0x9c/0x530
[   72.533279][ T5066]  ? security_file_permission+0xaf/0xd0
[   72.538840][ T5066]  do_iter_write+0x182/0x810
[   72.543457][ T5066]  vfs_writev+0x1b0/0x670
[   72.547785][ T5066]  ? vfs_iter_write+0xb0/0xb0
[   72.552461][ T5066]  ? lock_sync+0x190/0x190
[   72.556885][ T5066]  ? ptrace_stop.part.0+0x4a3/0x8e0
[   72.562101][ T5066]  ? spin_bug+0x1c0/0x1c0
[   72.566442][ T5066]  ? recalc_sigpending_tsk+0x18b/0x1d0
[   72.571915][ T5066]  ? ptrace_stop.part.0+0x60f/0x8e0
[   72.577144][ T5066]  ? find_held_lock+0x2d/0x110
[   72.581929][ T5066]  do_pwritev+0x1ad/0x260
[   72.586268][ T5066]  ? do_writev+0x2f0/0x2f0
[   72.590706][ T5066]  ? _raw_spin_unlock_irq+0x23/0x50
[   72.595938][ T5066]  ? lockdep_hardirqs_on+0x7d/0x100
[   72.601154][ T5066]  __x64_sys_pwritev2+0xef/0x150
[   72.606105][ T5066]  do_syscall_64+0x39/0xb0
[   72.610522][ T5066]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   72.616440][ T5066] RIP: 0033:0x7f08ea4c2b29
[   72.620854][ T5066] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   72.640467][ T5066] RSP: 002b:00007fffb56dc888 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[   72.648880][ T5066] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f08ea4c2b29
[   72.656853][ T5066] RDX: 0000000000000002 RSI: 0000000020000240 RDI: 0000000000000005
[   72.664822][ T5066] RBP: 00007fffb56dc8c0 R08: 0000000000000000 R09: 0000000000000008
[   72.672792][ T5066] R10: 0000000000004000 R11: 0000000000000246 R12: 0000000000000006
[   72.680763][ T5066] R13: 00007fffb56dc900 R14: 00007fffb56dc8e0 R15: 0000000000000002
[   72.688739][ T5066]  </TASK>
[   72.691757][ T5066] Modules linked in:
[   72.695941][ T5066] ---[ end trace 0000000000000000 ]---
[   72.701531][ T5066] RIP: 0010:btrfs_finish_ordered_extent+0x3b/0x2c0
[   72.708216][ T5066] Code: 89 d5 41 54 55 48 89 fd 53 44 89 c3 48 83 ec 10 e8 3a c2 12 fe 48 8d 7d 60 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 4f 02 00 00 48 8b 45 60 0f b6 db 48 89 04 24 0f
[   72.728033][ T5066] RSP: 0018:ffffc9000371f4d0 EFLAGS: 00010206
[   72.734134][ T5066] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000
[   72.742186][ T5066] RDX: 000000000000000c RSI: ffffffff83714026 RDI: 0000000000000060
[   72.750196][ T5066] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   72.758207][ T5066] R10: 0000000000000009 R11: 0000000000000001 R12: 0000000000001000
[   72.766251][ T5066] R13: 0000000000004000 R14: 0000000000001000 R15: 0000000000000000
[   72.774283][ T5066] FS:  0000555555aab300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[   72.783278][ T5066] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   72.789891][ T5066] CR2: 00007f08ea53a140 CR3: 000000002c72c000 CR4: 00000000003506f0
[   72.797895][ T5066] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   72.805902][ T5066] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   72.813909][ T5066] Kernel panic - not syncing: Fatal exception
[   72.820202][ T5066] Kernel Offset: disabled
[   72.824519][ T5066] Rebooting in 86400 seconds..