./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor294376709

<...>
Warning: Permanently added '10.128.0.171' (ECDSA) to the list of known hosts.
execve("./syz-executor294376709", ["./syz-executor294376709"], 0x7ffe314d3ed0 /* 10 vars */) = 0
brk(NULL)                               = 0x5555572df000
brk(0x5555572dfc40)                     = 0x5555572dfc40
arch_prctl(ARCH_SET_FS, 0x5555572df300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor294376709", 4096) = 27
brk(0x555557300c40)                     = 0x555557300c40
brk(0x555557301000)                     = 0x555557301000
mprotect(0x7f9a61f01000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
getpid()                                = 5066
mkdir("./syzkaller.cl0oZf", 0700)       = 0
chmod("./syzkaller.cl0oZf", 0777)       = 0
chdir("./syzkaller.cl0oZf")             = 0
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5067 attached
, child_tidptr=0x5555572df5d0) = 5067
[pid  5067] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid  5067] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5067] setsid()                    = 1
[pid  5067] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid  5067] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid  5067] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid  5067] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid  5067] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid  5067] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid  5067] unshare(CLONE_NEWNS)        = 0
[pid  5067] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid  5067] unshare(CLONE_NEWIPC)       = 0
[pid  5067] unshare(CLONE_NEWCGROUP)    = 0
[pid  5067] unshare(CLONE_NEWUTS)       = 0
[pid  5067] unshare(CLONE_SYSVSEM)      = 0
[pid  5067] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5067] write(3, "16777216", 8)     = 8
[pid  5067] close(3)                    = 0
[pid  5067] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3
[pid  5067] write(3, "536870912", 9)    = 9
[pid  5067] close(3)                    = 0
[pid  5067] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5067] write(3, "1024", 4)         = 4
[pid  5067] close(3)                    = 0
[pid  5067] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5067] write(3, "8192", 4)         = 4
[pid  5067] close(3)                    = 0
[pid  5067] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5067] write(3, "1024", 4)         = 4
[pid  5067] close(3)                    = 0
[pid  5067] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3
[pid  5067] write(3, "1024", 4)         = 4
[pid  5067] close(3)                    = 0
[pid  5067] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3
[pid  5067] write(3, "1024 1048576 500 1024", 21) = 21
[pid  5067] close(3)                    = 0
[pid  5067] getpid()                    = 1
[pid  5067] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5067] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5067] unshare(CLONE_NEWNET)       = 0
[pid  5067] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid  5067] write(3, "0 65535", 7)      = 7
[pid  5067] close(3)                    = 0
[pid  5067] mkdir("/dev/binderfs", 0777) = 0
[pid  5067] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid  5067] mkdir("./0", 0777)          = 0
[pid  5067] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid  5067] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid  5067] close(3)                    = 0
[pid  5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555572df5d0) = 2
./strace-static-x86_64: Process 5069 attached
[pid  5069] chdir("./0")                = 0
[pid  5069] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5069] setpgid(0, 0)               = 0
[pid  5069] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5069] write(3, "1000", 4)         = 4
[pid  5069] close(3)                    = 0
[pid  5069] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5069] memfd_create("syzkaller", 0) = 3
[pid  5069] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9a59a40000
[   48.369863][ T5069] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5069 'syz-executor294'
[pid  5069] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  5069] munmap(0x7f9a59a40000, 16777216) = 0
[pid  5069] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5069] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5069] close(3)                    = 0
[pid  5069] mkdir("./file0", 0777)      = 0
[   48.522556][ T5069] loop0: detected capacity change from 0 to 32768
[   48.536054][ T5069] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor294 (5069)
[   48.555317][ T5069] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[   48.564424][ T5069] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[   48.575648][ T5069] BTRFS info (device loop0): setting nodatacow, compression disabled
[   48.583806][ T5069] BTRFS info (device loop0): enabling auto defrag
[   48.590523][ T5069] BTRFS info (device loop0): metadata ratio 1
[   48.596608][ T5069] BTRFS info (device loop0): using free space tree
[pid  5069] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,datacow,noinode_cache,nodatacow,nodatasum,autodefrag,user_subvol_rm_allowed,metadata_ra"...) = 0
[pid  5069] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5069] chdir("./file0")            = 0
[pid  5069] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5069] close(4)                    = 0
[   48.619477][ T5069] BTRFS info (device loop0): enabling ssd optimizations
[   48.627622][ T5069] BTRFS info (device loop0): auto enabling async discard
[pid  5069] openat(AT_FDCWD, "./file2", O_RDWR|O_EXCL|O_DIRECT|O_NOATIME) = 4
[   48.654983][   T27] audit: type=1800 audit(1679806732.389:2): pid=5069 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor294" name="file2" dev="loop0" ino=261 res=0 errno=0
[pid  5069] pwritev2(4, [{iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=4294934528}], 1, 134217728, 0) = 8388608
[pid  5069] openat(AT_FDCWD, "./file2", O_RDWR|O_EXCL|O_DIRECT|O_NOATIME) = 5
[pid  5069] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid  5069] write(6, "6", 1)            = 1
[pid  5069] pwritev2(5, [{iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=4294934528}], 1, 134217728, 0) = -1 ENOSPC (No space left on device)
[pid  5069] close(3)                    = 0
[pid  5069] close(4)                    = 0
[pid  5069] close(5)                    = 0
[pid  5069] close(6)                    = 0
[pid  5069] close(7)                    = -1 EBADF (Bad file descriptor)
[pid  5069] close(8)                    = -1 EBADF (Bad file descriptor)
[pid  5069] close(9)                    = -1 EBADF (Bad file descriptor)
[pid  5069] close(10)                   = -1 EBADF (Bad file descriptor)
[pid  5069] close(11)                   = -1 EBADF (Bad file descriptor)
[pid  5069] close(12)                   = -1 EBADF (Bad file descriptor)
[pid  5069] close(13)                   = -1 EBADF (Bad file descriptor)
[pid  5069] close(14)                   = -1 EBADF (Bad file descriptor)
[pid  5069] close(15)                   = -1 EBADF (Bad file descriptor)
[pid  5069] close(16)                   = -1 EBADF (Bad file descriptor)
[pid  5069] close(17)                   = -1 EBADF (Bad file descriptor)
[pid  5069] close(18)                   = -1 EBADF (Bad file descriptor)
[pid  5069] close(19)                   = -1 EBADF (Bad file descriptor)
[pid  5069] close(20)                   = -1 EBADF (Bad file descriptor)
[pid  5069] close(21)                   = -1 EBADF (Bad file descriptor)
[pid  5069] close(22)                   = -1 EBADF (Bad file descriptor)
[pid  5069] close(23)                   = -1 EBADF (Bad file descriptor)
[pid  5069] close(24)                   = -1 EBADF (Bad file descriptor)
[pid  5069] close(25)                   = -1 EBADF (Bad file descriptor)
[pid  5069] close(26)                   = -1 EBADF (Bad file descriptor)
[pid  5069] close(27)                   = -1 EBADF (Bad file descriptor)
[pid  5069] close(28)                   = -1 EBADF (Bad file descriptor)
[pid  5069] close(29)                   = -1 EBADF (Bad file descriptor)
[pid  5069] exit_group(0)               = ?
[pid  5069] +++ exited with 0 +++
[pid  5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=25 /* 0.25 s */} ---
[pid  5067] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid  5067] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5067] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid  5067] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid  5067] getdents64(3, 0x5555572e0620 /* 4 entries */, 32768) = 112
[pid  5067] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5067] lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
[pid  5067] unlink("./0/binderfs")      = 0
[   48.815324][   T27] audit: type=1800 audit(1679806732.549:3): pid=5069 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor294" name="file2" dev="loop0" ino=261 res=0 errno=0
[pid  5067] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
[pid  5067] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5067] lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid  5067] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5067] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid  5067] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid  5067] getdents64(4, 0x5555572e8660 /* 2 entries */, 32768) = 48
[pid  5067] getdents64(4, 0x5555572e8660 /* 0 entries */, 32768) = 0
[pid  5067] close(4)                    = 0
[pid  5067] rmdir("./0/file0")          = 0
[pid  5067] getdents64(3, 0x5555572e0620 /* 0 entries */, 32768) = 0
[pid  5067] close(3)                    = 0
[pid  5067] rmdir("./0")                = 0
[pid  5067] mkdir("./1", 0777)          = 0
[pid  5067] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid  5067] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid  5067] close(3)                    = 0
[pid  5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555572df5d0) = 3
./strace-static-x86_64: Process 5092 attached
[pid  5092] chdir("./1")                = 0
[pid  5092] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5092] setpgid(0, 0)               = 0
[pid  5092] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5092] write(3, "1000", 4)         = 4
[pid  5092] close(3)                    = 0
[pid  5092] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5092] memfd_create("syzkaller", 0) = 3
[pid  5092] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9a59a40000
[pid  5092] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  5092] munmap(0x7f9a59a40000, 16777216) = 0
[pid  5092] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5092] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5092] close(3)                    = 0
[pid  5092] mkdir("./file0", 0777)      = 0
[   49.144173][ T5092] loop0: detected capacity change from 0 to 32768
[   49.155342][ T5092] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor294 (5092)
[   49.174449][ T5092] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[   49.183619][ T5092] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[   49.194672][ T5092] BTRFS info (device loop0): setting nodatacow, compression disabled
[   49.203029][ T5092] BTRFS info (device loop0): enabling auto defrag
[   49.209869][ T5092] BTRFS info (device loop0): metadata ratio 1
[   49.215960][ T5092] BTRFS info (device loop0): using free space tree
[   49.233208][ T5092] BTRFS info (device loop0): enabling ssd optimizations
[pid  5092] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,datacow,noinode_cache,nodatacow,nodatasum,autodefrag,user_subvol_rm_allowed,metadata_ra"...) = 0
[pid  5092] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5092] chdir("./file0")            = 0
[pid  5092] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5092] close(4)                    = 0
[   49.240306][ T5092] BTRFS info (device loop0): auto enabling async discard
[pid  5092] openat(AT_FDCWD, "./file2", O_RDWR|O_EXCL|O_DIRECT|O_NOATIME) = 4
[   49.265106][   T27] audit: type=1800 audit(1679806732.999:4): pid=5092 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor294" name="file2" dev="loop0" ino=261 res=0 errno=0
[pid  5092] pwritev2(4, [{iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=4294934528}], 1, 134217728, 0) = 8388608
[pid  5092] openat(AT_FDCWD, "./file2", O_RDWR|O_EXCL|O_DIRECT|O_NOATIME) = 5
[pid  5092] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid  5092] write(6, "6", 1)            = 1
[pid  5092] pwritev2(5, [{iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=4294934528}], 1, 134217728, 0) = -1 ENOSPC (No space left on device)
[pid  5092] close(3)                    = 0
[pid  5092] close(4)                    = 0
[pid  5092] close(5)                    = 0
[pid  5092] close(6)                    = 0
[pid  5092] close(7)                    = -1 EBADF (Bad file descriptor)
[pid  5092] close(8)                    = -1 EBADF (Bad file descriptor)
[pid  5092] close(9)                    = -1 EBADF (Bad file descriptor)
[pid  5092] close(10)                   = -1 EBADF (Bad file descriptor)
[pid  5092] close(11)                   = -1 EBADF (Bad file descriptor)
[pid  5092] close(12)                   = -1 EBADF (Bad file descriptor)
[pid  5092] close(13)                   = -1 EBADF (Bad file descriptor)
[pid  5092] close(14)                   = -1 EBADF (Bad file descriptor)
[pid  5092] close(15)                   = -1 EBADF (Bad file descriptor)
[pid  5092] close(16)                   = -1 EBADF (Bad file descriptor)
[pid  5092] close(17)                   = -1 EBADF (Bad file descriptor)
[pid  5092] close(18)                   = -1 EBADF (Bad file descriptor)
[pid  5092] close(19)                   = -1 EBADF (Bad file descriptor)
[pid  5092] close(20)                   = -1 EBADF (Bad file descriptor)
[pid  5092] close(21)                   = -1 EBADF (Bad file descriptor)
[pid  5092] close(22)                   = -1 EBADF (Bad file descriptor)
[pid  5092] close(23)                   = -1 EBADF (Bad file descriptor)
[pid  5092] close(24)                   = -1 EBADF (Bad file descriptor)
[pid  5092] close(25)                   = -1 EBADF (Bad file descriptor)
[pid  5092] close(26)                   = -1 EBADF (Bad file descriptor)
[pid  5092] close(27)                   = -1 EBADF (Bad file descriptor)
[pid  5092] close(28)                   = -1 EBADF (Bad file descriptor)
[pid  5092] close(29)                   = -1 EBADF (Bad file descriptor)
[pid  5092] exit_group(0)               = ?
[pid  5092] +++ exited with 0 +++
[pid  5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=22 /* 0.22 s */} ---
[pid  5067] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5067] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid  5067] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid  5067] getdents64(3, 0x5555572e0620 /* 4 entries */, 32768) = 112
[pid  5067] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5067] lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
[pid  5067] unlink("./1/binderfs")      = 0
[   49.379898][   T27] audit: type=1800 audit(1679806733.119:5): pid=5092 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor294" name="file2" dev="loop0" ino=261 res=0 errno=0
[pid  5067] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
[pid  5067] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5067] lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid  5067] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5067] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid  5067] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid  5067] getdents64(4, 0x5555572e8660 /* 2 entries */, 32768) = 48
[pid  5067] getdents64(4, 0x5555572e8660 /* 0 entries */, 32768) = 0
[pid  5067] close(4)                    = 0
[pid  5067] rmdir("./1/file0")          = 0
[pid  5067] getdents64(3, 0x5555572e0620 /* 0 entries */, 32768) = 0
[pid  5067] close(3)                    = 0
[pid  5067] rmdir("./1")                = 0
[pid  5067] mkdir("./2", 0777)          = 0
[pid  5067] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid  5067] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid  5067] close(3)                    = 0
[pid  5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555572df5d0) = 4
./strace-static-x86_64: Process 5121 attached
[pid  5121] chdir("./2")                = 0
[pid  5121] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5121] setpgid(0, 0)               = 0
[pid  5121] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5121] write(3, "1000", 4)         = 4
[pid  5121] close(3)                    = 0
[pid  5121] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5121] memfd_create("syzkaller", 0) = 3
[pid  5121] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9a59a40000
[pid  5121] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  5121] munmap(0x7f9a59a40000, 16777216) = 0
[pid  5121] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5121] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5121] close(3)                    = 0
[pid  5121] mkdir("./file0", 0777)      = 0
[   49.666634][ T5121] loop0: detected capacity change from 0 to 32768
[   49.676748][ T5121] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor294 (5121)
[   49.694787][ T5121] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[   49.703572][ T5121] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[   49.714395][ T5121] BTRFS info (device loop0): setting nodatacow, compression disabled
[   49.722558][ T5121] BTRFS info (device loop0): enabling auto defrag
[   49.729059][ T5121] BTRFS info (device loop0): metadata ratio 1
[   49.735158][ T5121] BTRFS info (device loop0): using free space tree
[   49.753115][ T5121] BTRFS info (device loop0): enabling ssd optimizations
[pid  5121] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,datacow,noinode_cache,nodatacow,nodatasum,autodefrag,user_subvol_rm_allowed,metadata_ra"...) = 0
[pid  5121] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5121] chdir("./file0")            = 0
[pid  5121] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5121] close(4)                    = 0
[pid  5121] openat(AT_FDCWD, "./file2", O_RDWR|O_EXCL|O_DIRECT|O_NOATIME) = 4
[   49.760386][ T5121] BTRFS info (device loop0): auto enabling async discard
[   49.780243][   T27] audit: type=1800 audit(1679806733.519:6): pid=5121 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor294" name="file2" dev="loop0" ino=261 res=0 errno=0
[pid  5121] pwritev2(4, [{iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=4294934528}], 1, 134217728, 0) = 8388608
[pid  5121] openat(AT_FDCWD, "./file2", O_RDWR|O_EXCL|O_DIRECT|O_NOATIME) = 5
[pid  5121] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid  5121] write(6, "6", 1)            = 1
[pid  5121] pwritev2(5, [{iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=4294934528}], 1, 134217728, 0) = -1 ENOSPC (No space left on device)
[pid  5121] close(3)                    = 0
[pid  5121] close(4)                    = 0
[pid  5121] close(5)                    = 0
[pid  5121] close(6)                    = 0
[pid  5121] close(7)                    = -1 EBADF (Bad file descriptor)
[pid  5121] close(8)                    = -1 EBADF (Bad file descriptor)
[pid  5121] close(9)                    = -1 EBADF (Bad file descriptor)
[pid  5121] close(10)                   = -1 EBADF (Bad file descriptor)
[pid  5121] close(11)                   = -1 EBADF (Bad file descriptor)
[pid  5121] close(12)                   = -1 EBADF (Bad file descriptor)
[pid  5121] close(13)                   = -1 EBADF (Bad file descriptor)
[pid  5121] close(14)                   = -1 EBADF (Bad file descriptor)
[pid  5121] close(15)                   = -1 EBADF (Bad file descriptor)
[pid  5121] close(16)                   = -1 EBADF (Bad file descriptor)
[pid  5121] close(17)                   = -1 EBADF (Bad file descriptor)
[pid  5121] close(18)                   = -1 EBADF (Bad file descriptor)
[pid  5121] close(19)                   = -1 EBADF (Bad file descriptor)
[pid  5121] close(20)                   = -1 EBADF (Bad file descriptor)
[pid  5121] close(21)                   = -1 EBADF (Bad file descriptor)
[pid  5121] close(22)                   = -1 EBADF (Bad file descriptor)
[pid  5121] close(23)                   = -1 EBADF (Bad file descriptor)
[pid  5121] close(24)                   = -1 EBADF (Bad file descriptor)
[pid  5121] close(25)                   = -1 EBADF (Bad file descriptor)
[pid  5121] close(26)                   = -1 EBADF (Bad file descriptor)
[pid  5121] close(27)                   = -1 EBADF (Bad file descriptor)
[pid  5121] close(28)                   = -1 EBADF (Bad file descriptor)
[pid  5121] close(29)                   = -1 EBADF (Bad file descriptor)
[pid  5121] exit_group(0)               = ?
[pid  5121] +++ exited with 0 +++
[pid  5067] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=23 /* 0.23 s */} ---
[pid  5067] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5067] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid  5067] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid  5067] getdents64(3, 0x5555572e0620 /* 4 entries */, 32768) = 112
[pid  5067] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5067] lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
[pid  5067] unlink("./2/binderfs")      = 0
[   49.894028][   T27] audit: type=1800 audit(1679806733.629:7): pid=5121 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor294" name="file2" dev="loop0" ino=261 res=0 errno=0
[pid  5067] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
[pid  5067] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5067] lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid  5067] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5067] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid  5067] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid  5067] getdents64(4, 0x5555572e8660 /* 2 entries */, 32768) = 48
[pid  5067] getdents64(4, 0x5555572e8660 /* 0 entries */, 32768) = 0
[pid  5067] close(4)                    = 0
[pid  5067] rmdir("./2/file0")          = 0
[pid  5067] getdents64(3, 0x5555572e0620 /* 0 entries */, 32768) = 0
[pid  5067] close(3)                    = 0
[pid  5067] rmdir("./2")                = 0
[pid  5067] mkdir("./3", 0777)          = 0
[pid  5067] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid  5067] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid  5067] close(3)                    = 0
[pid  5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555572df5d0) = 5
./strace-static-x86_64: Process 5147 attached
[pid  5147] chdir("./3")                = 0
[pid  5147] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5147] setpgid(0, 0)               = 0
[pid  5147] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5147] write(3, "1000", 4)         = 4
[pid  5147] close(3)                    = 0
[pid  5147] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5147] memfd_create("syzkaller", 0) = 3
[pid  5147] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9a59a40000
[pid  5147] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  5147] munmap(0x7f9a59a40000, 16777216) = 0
[pid  5147] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5147] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5147] close(3)                    = 0
[pid  5147] mkdir("./file0", 0777)      = 0
[   50.206210][ T5147] loop0: detected capacity change from 0 to 32768
[   50.215697][ T5147] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor294 (5147)
[   50.232017][ T5147] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[   50.240828][ T5147] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[pid  5147] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,datacow,noinode_cache,nodatacow,nodatasum,autodefrag,user_subvol_rm_allowed,metadata_ra"...) = 0
[pid  5147] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5147] chdir("./file0")            = 0
[pid  5147] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5147] close(4)                    = 0
[   50.251639][ T5147] BTRFS info (device loop0): setting nodatacow, compression disabled
[   50.259917][ T5147] BTRFS info (device loop0): enabling auto defrag
[   50.266372][ T5147] BTRFS info (device loop0): metadata ratio 1
[   50.272496][ T5147] BTRFS info (device loop0): using free space tree
[   50.290225][ T5147] BTRFS info (device loop0): enabling ssd optimizations
[   50.297343][ T5147] BTRFS info (device loop0): auto enabling async discard
[pid  5147] openat(AT_FDCWD, "./file2", O_RDWR|O_EXCL|O_DIRECT|O_NOATIME) = 4
[pid  5147] pwritev2(4, [{iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=4294934528}], 1, 134217728, 0) = -1 EIO (Input/output error)
[pid  5147] openat(AT_FDCWD, "./file2", O_RDWR|O_EXCL|O_DIRECT|O_NOATIME) = 5
[pid  5147] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid  5147] write(6, "6", 1)            = 1
[   50.319900][   T27] audit: type=1800 audit(1679806734.059:8): pid=5147 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor294" name="file2" dev="loop0" ino=261 res=0 errno=0
[   50.357303][   T27] audit: type=1800 audit(1679806734.089:9): pid=5147 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor294" name="file2" dev="loop0" ino=261 res=0 errno=0
[   50.358031][ T5147] FAULT_INJECTION: forcing a failure.
[   50.358031][ T5147] name failslab, interval 1, probability 0, space 0, times 1
[   50.390426][ T5147] CPU: 1 PID: 5147 Comm: syz-executor294 Not tainted 6.3.0-rc3-syzkaller-00322-g4bdec23f971b #0
[   50.400871][ T5147] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[   50.410992][ T5147] Call Trace:
[   50.414295][ T5147]  <TASK>
[   50.417248][ T5147]  dump_stack_lvl+0x1e7/0x2d0
[   50.421985][ T5147]  ? nf_tcp_handle_invalid+0x650/0x650
[   50.427506][ T5147]  ? panic+0x770/0x770
[   50.431616][ T5147]  ? __might_sleep+0xc0/0xc0
[   50.436245][ T5147]  should_fail_ex+0x3aa/0x4e0
[   50.440966][ T5147]  should_failslab+0x9/0x20
[   50.445501][ T5147]  slab_pre_alloc_hook+0x59/0x2b0
[   50.450563][ T5147]  kmem_cache_alloc+0x52/0x2e0
[   50.455337][ T5147]  ? alloc_extent_map+0x21/0x130
[   50.460286][ T5147]  alloc_extent_map+0x21/0x130
[   50.465064][ T5147]  btrfs_get_blocks_direct_write+0x86b/0x1070
[   50.471153][ T5147]  ? btrfs_dio_iomap_end+0x240/0x240
[   50.476450][ T5147]  ? btrfs_cont_expand+0xcd0/0xcd0
[   50.481606][ T5147]  btrfs_dio_iomap_begin+0x9fd/0xf20
[   50.486932][ T5147]  ? csum_exist_in_range+0x300/0x300
[   50.492241][ T5147]  ? csum_exist_in_range+0x300/0x300
[   50.497555][ T5147]  iomap_iter+0x677/0xec0
[   50.501925][ T5147]  ? blk_start_plug+0x99/0x110
[   50.506703][ T5147]  __iomap_dio_rw+0xd74/0x20d0
[   50.511499][ T5147]  ? iomap_dio_complete_work+0x70/0x70
[   50.516981][ T5147]  ? __file_remove_privs+0x37e/0x640
[   50.522293][ T5147]  ? inode_maybe_inc_iversion+0x1a3/0x1f0
[   50.528054][ T5147]  btrfs_dio_write+0xbc/0x110
[   50.532749][ T5147]  ? btrfs_dio_read+0x110/0x110
[   50.537608][ T5147]  ? btrfs_write_check+0x51b/0x5b0
[   50.542732][ T5147]  ? iov_iter_alignment_iovec+0x193/0x1b0
[   50.548473][ T5147]  btrfs_do_write_iter+0x86f/0x1270
[   50.553691][ T5147]  ? btrfs_check_nocow_unlock+0x40/0x40
[   50.561264][ T5147]  do_iter_write+0x6ea/0xc50
[   50.565871][ T5147]  ? vfs_iter_write+0xa0/0xa0
[   50.570554][ T5147]  ? rcu_read_lock_any_held+0xb7/0x160
[   50.576038][ T5147]  do_pwritev+0x21a/0x360
[   50.580396][ T5147]  ? do_preadv+0x350/0x350
[   50.585090][ T5147]  ? do_notify_parent+0xf50/0xf50
[   50.590127][ T5147]  ? print_irqtrace_events+0x220/0x220
[   50.595613][ T5147]  ? syscall_enter_from_user_mode+0x32/0x260
[   50.601605][ T5147]  ? __x64_sys_pwritev2+0xbd/0x100
[   50.606731][ T5147]  do_syscall_64+0x41/0xc0
[   50.611157][ T5147]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   50.617062][ T5147] RIP: 0033:0x7f9a61e8dec9
[   50.621506][ T5147] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   50.641288][ T5147] RSP: 002b:00007ffde59e4cb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[   50.649705][ T5147] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f9a61e8dec9
[   50.657681][ T5147] RDX: 0000000000000001 RSI: 0000000020000280 RDI: 0000000000000005
[   50.665655][ T5147] RBP: 00007ffde59e4cf0 R08: 0000000000000000 R09: 0000000000000000
[   50.673629][ T5147] R10: 0000000008000000 R11: 0000000000000246 R12: 0000000000000006
[   50.681604][ T5147] R13: 00007ffde59e4d30 R14: 00007ffde59e4d10 R15: 0000000000000003
[   50.689592][ T5147]  </TASK>
[   50.693478][ T5147] ------------[ cut here ]------------
[   50.699667][ T5147] WARNING: CPU: 1 PID: 5147 at fs/btrfs/space-info.h:197 btrfs_free_reserved_data_space_noquota+0x2c5/0x4c0
[   50.711400][ T5147] Modules linked in:
[   50.715324][ T5147] CPU: 1 PID: 5147 Comm: syz-executor294 Not tainted 6.3.0-rc3-syzkaller-00322-g4bdec23f971b #0
[   50.725814][ T5147] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[   50.735923][ T5147] RIP: 0010:btrfs_free_reserved_data_space_noquota+0x2c5/0x4c0
[   50.743687][ T5147] Code: 2d 00 00 74 08 4c 89 ff e8 88 3c 38 fe 4d 8b 27 4c 89 e7 48 8b 5c 24 18 48 89 de e8 d5 87 e2 fd 49 39 dc 73 13 e8 bb 85 e2 fd <0f> 0b 31 db 41 80 7c 2d 00 00 75 8b eb 91 e8 a8 85 e2 fd 41 80 7c
[   50.763393][ T5147] RSP: 0018:ffffc9000407f408 EFLAGS: 00010293
[   50.769548][ T5147] RAX: ffffffff83a7e765 RBX: 0000000000800000 RCX: ffff888029b68000
[   50.777594][ T5147] RDX: 0000000000000000 RSI: 0000000000800000 RDI: 00000000005cb000
[   50.785616][ T5147] RBP: dffffc0000000000 R08: ffffffff83a7e75b R09: fffffbfff1ca6f0e
[   50.793652][ T5147] R10: 0000000000000000 R11: dffffc0000000001 R12: 00000000005cb000
[   50.801706][ T5147] R13: 1ffff110055d090c R14: ffff88802859c000 R15: ffff88802ae84860
[   50.809785][ T5147] FS:  00005555572df300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[   50.818793][ T5147] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   50.825393][ T5147] CR2: 00007f9a61f05140 CR3: 000000002092b000 CR4: 00000000003506e0
[   50.833420][ T5147] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   50.841472][ T5147] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   50.849527][ T5147] Call Trace:
[   50.852841][ T5147]  <TASK>
[   50.855799][ T5147]  btrfs_free_reserved_data_space+0xa2/0xe0
[   50.861773][ T5147]  btrfs_dio_iomap_begin+0x852/0xf20
[   50.867115][ T5147]  ? csum_exist_in_range+0x300/0x300
[   50.872413][ T5147]  ? csum_exist_in_range+0x300/0x300
[   50.877752][ T5147]  iomap_iter+0x677/0xec0
[   50.882102][ T5147]  ? blk_start_plug+0x99/0x110
[   50.886884][ T5147]  __iomap_dio_rw+0xd74/0x20d0
[   50.891754][ T5147]  ? iomap_dio_complete_work+0x70/0x70
[   50.897273][ T5147]  ? __file_remove_privs+0x37e/0x640
[   50.902573][ T5147]  ? inode_maybe_inc_iversion+0x1a3/0x1f0
[   50.908367][ T5147]  btrfs_dio_write+0xbc/0x110
[   50.913083][ T5147]  ? btrfs_dio_read+0x110/0x110
[   50.918010][ T5147]  ? btrfs_write_check+0x51b/0x5b0
[   50.923145][ T5147]  ? iov_iter_alignment_iovec+0x193/0x1b0
[   50.930161][ T5147]  btrfs_do_write_iter+0x86f/0x1270
[   50.935401][ T5147]  ? btrfs_check_nocow_unlock+0x40/0x40
[   50.941033][ T5147]  do_iter_write+0x6ea/0xc50
[   50.945662][ T5147]  ? vfs_iter_write+0xa0/0xa0
[   50.950412][ T5147]  ? rcu_read_lock_any_held+0xb7/0x160
[   50.955902][ T5147]  do_pwritev+0x21a/0x360
[   50.960293][ T5147]  ? do_preadv+0x350/0x350
[   50.964751][ T5147]  ? do_notify_parent+0xf50/0xf50
[   50.969916][ T5147]  ? print_irqtrace_events+0x220/0x220
[   50.975418][ T5147]  ? syscall_enter_from_user_mode+0x32/0x260
[   50.981968][ T5147]  ? __x64_sys_pwritev2+0xbd/0x100
[   50.987144][ T5147]  do_syscall_64+0x41/0xc0
[   50.991602][ T5147]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   50.997655][ T5147] RIP: 0033:0x7f9a61e8dec9
[   51.002090][ T5147] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   51.021760][ T5147] RSP: 002b:00007ffde59e4cb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[   51.030223][ T5147] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f9a61e8dec9
[   51.038250][ T5147] RDX: 0000000000000001 RSI: 0000000020000280 RDI: 0000000000000005
[   51.046253][ T5147] RBP: 00007ffde59e4cf0 R08: 0000000000000000 R09: 0000000000000000
[   51.054309][ T5147] R10: 0000000008000000 R11: 0000000000000246 R12: 0000000000000006
[   51.062334][ T5147] R13: 00007ffde59e4d30 R14: 00007ffde59e4d10 R15: 0000000000000003
[   51.070369][ T5147]  </TASK>
[   51.073400][ T5147] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   51.080694][ T5147] CPU: 1 PID: 5147 Comm: syz-executor294 Not tainted 6.3.0-rc3-syzkaller-00322-g4bdec23f971b #0
[   51.091117][ T5147] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[   51.101168][ T5147] Call Trace:
[   51.104445][ T5147]  <TASK>
[   51.107372][ T5147]  dump_stack_lvl+0x1e7/0x2d0
[   51.112069][ T5147]  ? nf_tcp_handle_invalid+0x650/0x650
[   51.117529][ T5147]  ? panic+0x770/0x770
[   51.121596][ T5147]  ? vscnprintf+0x5d/0x80
[   51.125925][ T5147]  panic+0x31c/0x770
[   51.129829][ T5147]  ? __warn+0x171/0x4a0
[   51.133992][ T5147]  ? memcpy_page_flushcache+0x100/0x100
[   51.139554][ T5147]  __warn+0x314/0x4a0
[   51.143538][ T5147]  ? btrfs_free_reserved_data_space_noquota+0x2c5/0x4c0
[   51.150483][ T5147]  report_bug+0x2b3/0x500
[   51.154818][ T5147]  ? btrfs_free_reserved_data_space_noquota+0x2c5/0x4c0
[   51.161770][ T5147]  handle_bug+0x3d/0x70
[   51.165942][ T5147]  exc_invalid_op+0x1a/0x50
[   51.170452][ T5147]  asm_exc_invalid_op+0x1a/0x20
[   51.175313][ T5147] RIP: 0010:btrfs_free_reserved_data_space_noquota+0x2c5/0x4c0
[   51.182872][ T5147] Code: 2d 00 00 74 08 4c 89 ff e8 88 3c 38 fe 4d 8b 27 4c 89 e7 48 8b 5c 24 18 48 89 de e8 d5 87 e2 fd 49 39 dc 73 13 e8 bb 85 e2 fd <0f> 0b 31 db 41 80 7c 2d 00 00 75 8b eb 91 e8 a8 85 e2 fd 41 80 7c
[   51.207456][ T5147] RSP: 0018:ffffc9000407f408 EFLAGS: 00010293
[   51.213533][ T5147] RAX: ffffffff83a7e765 RBX: 0000000000800000 RCX: ffff888029b68000
[   51.221511][ T5147] RDX: 0000000000000000 RSI: 0000000000800000 RDI: 00000000005cb000
[   51.229486][ T5147] RBP: dffffc0000000000 R08: ffffffff83a7e75b R09: fffffbfff1ca6f0e
[   51.237477][ T5147] R10: 0000000000000000 R11: dffffc0000000001 R12: 00000000005cb000
[   51.245453][ T5147] R13: 1ffff110055d090c R14: ffff88802859c000 R15: ffff88802ae84860
[   51.253438][ T5147]  ? btrfs_free_reserved_data_space_noquota+0x2bb/0x4c0
[   51.260410][ T5147]  ? btrfs_free_reserved_data_space_noquota+0x2c5/0x4c0
[   51.267364][ T5147]  ? btrfs_free_reserved_data_space_noquota+0x2c5/0x4c0
[   51.274330][ T5147]  btrfs_free_reserved_data_space+0xa2/0xe0
[   51.280232][ T5147]  btrfs_dio_iomap_begin+0x852/0xf20
[   51.285541][ T5147]  ? csum_exist_in_range+0x300/0x300
[   51.290840][ T5147]  ? csum_exist_in_range+0x300/0x300
[   51.296167][ T5147]  iomap_iter+0x677/0xec0
[   51.300510][ T5147]  ? blk_start_plug+0x99/0x110
[   51.305284][ T5147]  __iomap_dio_rw+0xd74/0x20d0
[   51.310102][ T5147]  ? iomap_dio_complete_work+0x70/0x70
[   51.315592][ T5147]  ? __file_remove_privs+0x37e/0x640
[   51.320892][ T5147]  ? inode_maybe_inc_iversion+0x1a3/0x1f0
[   51.326625][ T5147]  btrfs_dio_write+0xbc/0x110
[   51.331335][ T5147]  ? btrfs_dio_read+0x110/0x110
[   51.336211][ T5147]  ? btrfs_write_check+0x51b/0x5b0
[   51.341374][ T5147]  ? iov_iter_alignment_iovec+0x193/0x1b0
[   51.347114][ T5147]  btrfs_do_write_iter+0x86f/0x1270
[   51.352353][ T5147]  ? btrfs_check_nocow_unlock+0x40/0x40
[   51.357933][ T5147]  do_iter_write+0x6ea/0xc50
[   51.362573][ T5147]  ? vfs_iter_write+0xa0/0xa0
[   51.367258][ T5147]  ? rcu_read_lock_any_held+0xb7/0x160
[   51.372736][ T5147]  do_pwritev+0x21a/0x360
[   51.377075][ T5147]  ? do_preadv+0x350/0x350
[   51.381533][ T5147]  ? do_notify_parent+0xf50/0xf50
[   51.386576][ T5147]  ? print_irqtrace_events+0x220/0x220
[   51.392136][ T5147]  ? syscall_enter_from_user_mode+0x32/0x260
[   51.398127][ T5147]  ? __x64_sys_pwritev2+0xbd/0x100
[   51.403256][ T5147]  do_syscall_64+0x41/0xc0
[   51.407683][ T5147]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   51.413591][ T5147] RIP: 0033:0x7f9a61e8dec9
[   51.418015][ T5147] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   51.437625][ T5147] RSP: 002b:00007ffde59e4cb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[   51.446041][ T5147] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f9a61e8dec9
[   51.454021][ T5147] RDX: 0000000000000001 RSI: 0000000020000280 RDI: 0000000000000005
[   51.461994][ T5147] RBP: 00007ffde59e4cf0 R08: 0000000000000000 R09: 0000000000000000
[   51.469968][ T5147] R10: 0000000008000000 R11: 0000000000000246 R12: 0000000000000006
[   51.477937][ T5147] R13: 00007ffde59e4d30 R14: 00007ffde59e4d10 R15: 0000000000000003
[   51.485931][ T5147]  </TASK>
[   51.489109][ T5147] Kernel Offset: disabled
[   51.493566][ T5147] Rebooting in 86400 seconds..