./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1985661014
<...>
Warning: Permanently added '10.128.1.97' (ED25519) to the list of known hosts.
execve("./syz-executor1985661014", ["./syz-executor1985661014"], 0x7ffe47e3acc0 /* 10 vars */) = 0
brk(NULL) = 0x555555fdf000
brk(0x555555fdfd00) = 0x555555fdfd00
arch_prctl(ARCH_SET_FS, 0x555555fdf380) = 0
set_tid_address(0x555555fdf650) = 5013
set_robust_list(0x555555fdf660, 24) = 0
rseq(0x555555fdfca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor1985661014", 4096) = 28
getrandom("\xc2\x6f\x23\x5d\x4f\xc7\x93\x10", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x555555fdfd00
brk(0x555556000d00) = 0x555556000d00
brk(0x555556001000) = 0x555556001000
mprotect(0x7efc004b0000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
mkdir("./syzkaller.uXo0wZ", 0700) = 0
chmod("./syzkaller.uXo0wZ", 0777) = 0
chdir("./syzkaller.uXo0wZ") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555fdf650) = 5015
./strace-static-x86_64: Process 5015 attached
[pid 5015] set_robust_list(0x555555fdf660, 24) = 0
[pid 5015] chdir("./0") = 0
[pid 5015] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5015] setpgid(0, 0) = 0
[pid 5015] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5015] write(3, "1000", 4) = 4
[pid 5015] close(3) = 0
[pid 5015] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5015] memfd_create("syzkaller", 0) = 3
[pid 5015] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efbf7ff8000
[ 55.947748][ T5015] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5015 'syz-executor198'
[pid 5015] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5015] munmap(0x7efbf7ff8000, 16777216) = 0
[pid 5015] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5015] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5015] close(3) = 0
[pid 5015] mkdir("./bus", 0777) = 0
[ 56.118918][ T5015] loop0: detected capacity change from 0 to 32768
[ 56.130614][ T5015] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor198 (5015)
[ 56.151114][ T5015] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 56.160341][ T5015] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 56.171612][ T5015] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 56.182908][ T5015] BTRFS warning (device loop0): excessive commit interval 622039222
[ 56.191512][ T5015] BTRFS info (device loop0): force zlib compression, level 3
[ 56.199056][ T5015] BTRFS info (device loop0): using free space tree
[pid 5015] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "user_subvol_rm_allowed,noinode_cache,inode_cache,commit=0x00000000251390b6,compress-force,noacl,tree"...) = 0
[pid 5015] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5015] chdir("./bus") = 0
[pid 5015] ioctl(4, LOOP_CLR_FD) = 0
[pid 5015] close(4) = 0
[ 56.222937][ T5015] BTRFS info (device loop0): enabling ssd optimizations
[ 56.230059][ T5015] BTRFS info (device loop0): auto enabling async discard
[pid 5015] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid 5015] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5015] write(5, "5", 1) = 1
[ 56.271703][ T27] audit: type=1800 audit(1690592593.274:2): pid=5015 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor198" name="bus" dev="loop0" ino=263 res=0 errno=0
[ 56.573709][ T5015] FAULT_INJECTION: forcing a failure.
[ 56.573709][ T5015] name failslab, interval 1, probability 0, space 0, times 1
[ 56.586962][ T5015] CPU: 0 PID: 5015 Comm: syz-executor198 Not tainted 6.5.0-rc3-syzkaller-00225-gf837f0a3c948 #0
[ 56.597381][ T5015] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[ 56.607427][ T5015] Call Trace:
[ 56.610703][ T5015]
[ 56.613637][ T5015] dump_stack_lvl+0x1e7/0x2d0
[ 56.618354][ T5015] ? nf_tcp_handle_invalid+0x650/0x650
[ 56.623807][ T5015] ? panic+0x770/0x770
[ 56.627890][ T5015] ? __might_sleep+0xc0/0xc0
[ 56.632501][ T5015] should_fail_ex+0x3aa/0x4e0
[ 56.637182][ T5015] should_failslab+0x9/0x20
[ 56.641724][ T5015] slab_pre_alloc_hook+0x59/0x2b0
[ 56.647026][ T5015] kmem_cache_alloc+0x52/0x300
[ 56.651799][ T5015] ? __btrfs_free_extent+0x201/0x3250
[ 56.657180][ T5015] __btrfs_free_extent+0x201/0x3250
[ 56.662391][ T5015] ? __btrfs_inc_extent_ref+0x5f0/0x5f0
[ 56.667958][ T5015] ? _raw_read_unlock+0x28/0x40
[ 56.672830][ T5015] ? do_raw_spin_unlock+0x13b/0x8b0
[ 56.678062][ T5015] __btrfs_run_delayed_refs+0xf00/0x3f90
[ 56.683772][ T5015] ? btrfs_run_delayed_refs+0x480/0x480
[ 56.689356][ T5015] ? verify_lock_unused+0x140/0x140
[ 56.694665][ T5015] ? read_lock_is_recursive+0x20/0x20
[ 56.700063][ T5015] btrfs_run_delayed_refs+0x140/0x480
[ 56.705469][ T5015] btrfs_commit_transaction+0x495/0x2ff0
[ 56.711301][ T5015] ? read_lock_is_recursive+0x20/0x20
[ 56.716669][ T5015] ? __lock_acquire+0x7f70/0x7f70
[ 56.721714][ T5015] ? do_raw_spin_unlock+0x13b/0x8b0
[ 56.726930][ T5015] ? btrfs_commit_transaction_async+0x450/0x450
[ 56.733164][ T5015] ? join_transaction+0xbdc/0xe00
[ 56.738203][ T5015] ? btrfs_record_root_in_trans+0x92/0x180
[ 56.744025][ T5015] ? start_transaction+0x3de/0x1080
[ 56.749224][ T5015] ? btrfs_attach_transaction_barrier+0x34/0xa0
[ 56.755461][ T5015] ? btrfs_sync_fs+0x1be/0x6c0
[ 56.760222][ T5015] iterate_supers+0x12b/0x1e0
[ 56.764888][ T5015] ? sync_inodes_one_sb+0x70/0x70
[ 56.769906][ T5015] ksys_sync+0xdb/0x1c0
[ 56.774054][ T5015] ? sync_filesystem+0x220/0x220
[ 56.778994][ T5015] ? syscall_enter_from_user_mode+0x32/0x230
[ 56.785014][ T5015] ? syscall_enter_from_user_mode+0x8c/0x230
[ 56.791001][ T5015] __do_sys_sync+0xe/0x20
[ 56.795356][ T5015] do_syscall_64+0x41/0xc0
[ 56.799779][ T5015] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 56.805668][ T5015] RIP: 0033:0x7efc00437169
[ 56.810086][ T5015] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 56.829720][ T5015] RSP: 002b:00007ffea6a3b428 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
[ 56.838387][ T5015] RAX: ffffffffffffffda RBX: 00007ffea6a3b450 RCX: 00007efc00437169
[ 56.846440][ T5015] RDX: 00007efc00436230 RSI: 00007ffea6a3b450 RDI: 00007ffea6a3b450
[ 56.854412][ T5015] RBP: 0000000000000001 R08: 00007ffea6a3b1c7 R09: 0000000000000080
[ 56.862378][ T5015] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffea6a3b480
[ 56.870345][ T5015] R13: 00007ffea6a3b4c0 R14: 0000000001000000 R15: 0000000000000003
[ 56.878341][ T5015]
[ 56.883722][ T5015] BTRFS error (device loop0): failed to run delayed ref for logical 5255168 num_bytes 4096 type 176 action 2 ref_mod 1: -12
[ 56.897140][ T5015] BTRFS: error (device loop0: state A) in btrfs_run_delayed_refs:2123: errno=-12 Out of memory
[ 56.907655][ T5015] BTRFS info (device loop0: state EA): forced readonly
[pid 5015] sync() = 0
[pid 5015] exit_group(0) = ?
[pid 5015] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5015, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=31 /* 0.31 s */} ---
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555fe06f0 /* 4 entries */, 32768) = 104
umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555fe8730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555fe8730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./0/bus") = 0
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/binderfs") = 0
getdents64(3, 0x555555fe06f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./0") = 0
mkdir("./1", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555fdf650) = 5035
./strace-static-x86_64: Process 5035 attached
[pid 5035] set_robust_list(0x555555fdf660, 24) = 0
[pid 5035] chdir("./1") = 0
[pid 5035] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5035] setpgid(0, 0) = 0
[pid 5035] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5035] write(3, "1000", 4) = 4
[pid 5035] close(3) = 0
[pid 5035] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5035] memfd_create("syzkaller", 0) = 3
[pid 5035] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efbf7ff8000
[pid 5035] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5035] munmap(0x7efbf7ff8000, 16777216) = 0
[pid 5035] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5035] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5035] close(3) = 0
[pid 5035] mkdir("./bus", 0777) = 0
[ 57.253258][ T5035] loop0: detected capacity change from 0 to 32768
[ 57.263355][ T5035] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor198 (5035)
[ 57.279520][ T5035] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 57.288336][ T5035] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 57.299350][ T5035] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 57.310337][ T5035] BTRFS warning (device loop0): excessive commit interval 622039222
[ 57.318396][ T5035] BTRFS info (device loop0): force zlib compression, level 3
[ 57.325859][ T5035] BTRFS info (device loop0): using free space tree
[ 57.344822][ T5035] BTRFS info (device loop0): enabling ssd optimizations
[pid 5035] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "user_subvol_rm_allowed,noinode_cache,inode_cache,commit=0x00000000251390b6,compress-force,noacl,tree"...) = 0
[pid 5035] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5035] chdir("./bus") = 0
[pid 5035] ioctl(4, LOOP_CLR_FD) = 0
[pid 5035] close(4) = 0
[pid 5035] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid 5035] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5035] write(5, "5", 1) = 1
[ 57.351927][ T5035] BTRFS info (device loop0): auto enabling async discard
[ 57.366991][ T27] audit: type=1800 audit(1690592594.374:3): pid=5035 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor198" name="bus" dev="loop0" ino=263 res=0 errno=0
[ 57.397149][ T5035] FAULT_INJECTION: forcing a failure.
[ 57.397149][ T5035] name failslab, interval 1, probability 0, space 0, times 0
[ 57.410702][ T5035] CPU: 0 PID: 5035 Comm: syz-executor198 Not tainted 6.5.0-rc3-syzkaller-00225-gf837f0a3c948 #0
[ 57.422667][ T5035] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[ 57.433191][ T5035] Call Trace:
[ 57.436499][ T5035]
[ 57.439453][ T5035] dump_stack_lvl+0x1e7/0x2d0
[ 57.444169][ T5035] ? nf_tcp_handle_invalid+0x650/0x650
[ 57.449669][ T5035] ? panic+0x770/0x770
[ 57.453779][ T5035] ? __might_sleep+0xc0/0xc0
[ 57.458417][ T5035] should_fail_ex+0x3aa/0x4e0
[ 57.463145][ T5035] should_failslab+0x9/0x20
[ 57.467677][ T5035] slab_pre_alloc_hook+0x59/0x2b0
[ 57.472764][ T5035] kmem_cache_alloc+0x52/0x300
[ 57.477566][ T5035] ? alloc_extent_state+0x25/0x2e0
[ 57.482812][ T5035] alloc_extent_state+0x25/0x2e0
[ 57.487884][ T5035] __set_extent_bit+0x1c8/0x1b00
[ 57.492874][ T5035] ? __down_write_common+0x161/0x200
[ 57.498232][ T5035] ? PageUptodate+0xd9/0x290
[ 57.502872][ T5035] set_extent_bit+0x3b/0x50
[ 57.507416][ T5035] btrfs_alloc_tree_block+0xae1/0x17f0
[ 57.512922][ T5035] ? alloc_reserved_file_extent+0x5e0/0x5e0
[ 57.518846][ T5035] ? __lock_acquire+0x1345/0x7f70
[ 57.523920][ T5035] ? read_extent_buffer+0x122/0x2a0
[ 57.529159][ T5035] ? __asan_memcpy+0x40/0x70
[ 57.533799][ T5035] __btrfs_cow_block+0x465/0x1ae0
[ 57.538966][ T5035] ? btrfs_qgroup_trace_subtree_after_cow+0x1a8/0x1190
[ 57.545870][ T5035] ? btrfs_cow_block+0x780/0x780
[ 57.550832][ T5035] ? btrfs_qgroup_add_swapped_blocks+0x740/0x7f0
[ 57.557247][ T5035] ? rcu_is_watching+0x15/0xb0
[ 57.562098][ T5035] btrfs_cow_block+0x403/0x780
[ 57.566969][ T5035] btrfs_search_slot+0xbf9/0x2f80
[ 57.572016][ T5035] ? btrfs_extent_root+0x2a1/0x3b0
[ 57.577200][ T5035] ? __kasan_slab_alloc+0x66/0x70
[ 57.582290][ T5035] ? btrfs_find_item+0x5c0/0x5c0
[ 57.587334][ T5035] ? btrfs_extent_root+0x2a1/0x3b0
[ 57.592806][ T5035] ? btrfs_csum_root+0x3b0/0x3b0
[ 57.597872][ T5035] lookup_inline_extent_backref+0x3f2/0x1470
[ 57.603973][ T5035] ? insert_extent_data_ref+0xa30/0xa30
[ 57.609518][ T5035] ? __kasan_slab_alloc+0x66/0x70
[ 57.614540][ T5035] ? slab_post_alloc_hook+0x87/0x3b0
[ 57.620011][ T5035] ? rcu_is_watching+0x15/0xb0
[ 57.624955][ T5035] ? kmem_cache_alloc+0x152/0x300
[ 57.629996][ T5035] __btrfs_free_extent+0x28a/0x3250
[ 57.635243][ T5035] ? __btrfs_inc_extent_ref+0x5f0/0x5f0
[ 57.640813][ T5035] ? _raw_read_unlock+0x28/0x40
[ 57.645679][ T5035] ? do_raw_spin_unlock+0x13b/0x8b0
[ 57.650880][ T5035] __btrfs_run_delayed_refs+0xf00/0x3f90
[ 57.656544][ T5035] ? btrfs_run_delayed_refs+0x480/0x480
[ 57.662109][ T5035] ? verify_lock_unused+0x140/0x140
[ 57.667316][ T5035] ? start_transaction+0x469/0x1080
[ 57.672531][ T5035] ? btrfs_attach_transaction_barrier+0x26/0xa0
[ 57.678807][ T5035] ? btrfs_sync_fs+0x135/0x6c0
[ 57.683594][ T5035] ? read_lock_is_recursive+0x20/0x20
[ 57.689012][ T5035] btrfs_run_delayed_refs+0x140/0x480
[ 57.694517][ T5035] btrfs_commit_transaction+0x495/0x2ff0
[ 57.700191][ T5035] ? read_lock_is_recursive+0x20/0x20
[ 57.705595][ T5035] ? __lock_acquire+0x7f70/0x7f70
[ 57.710742][ T5035] ? do_raw_spin_unlock+0x13b/0x8b0
[ 57.715970][ T5035] ? btrfs_commit_transaction_async+0x450/0x450
[ 57.722211][ T5035] ? join_transaction+0xbdc/0xe00
[ 57.727256][ T5035] ? btrfs_record_root_in_trans+0x92/0x180
[ 57.733166][ T5035] ? start_transaction+0x3de/0x1080
[ 57.738492][ T5035] ? btrfs_attach_transaction_barrier+0x34/0xa0
[ 57.744756][ T5035] ? btrfs_sync_fs+0x1be/0x6c0
[ 57.749517][ T5035] iterate_supers+0x12b/0x1e0
[ 57.754196][ T5035] ? sync_inodes_one_sb+0x70/0x70
[ 57.759224][ T5035] ksys_sync+0xdb/0x1c0
[ 57.763378][ T5035] ? sync_filesystem+0x220/0x220
[ 57.768321][ T5035] ? syscall_enter_from_user_mode+0x32/0x230
[ 57.774324][ T5035] ? syscall_enter_from_user_mode+0x8c/0x230
[ 57.780303][ T5035] __do_sys_sync+0xe/0x20
[ 57.784625][ T5035] do_syscall_64+0x41/0xc0
[ 57.789053][ T5035] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 57.794967][ T5035] RIP: 0033:0x7efc00437169
[ 57.799382][ T5035] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 57.818996][ T5035] RSP: 002b:00007ffea6a3b428 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
[ 57.827547][ T5035] RAX: ffffffffffffffda RBX: 00007ffea6a3b450 RCX: 00007efc00437169
[ 57.835567][ T5035] RDX: 00007efc00436230 RSI: 00007ffea6a3b450 RDI: 00007ffea6a3b450
[ 57.843575][ T5035] RBP: 0000000000000001 R08: 00007ffea6a3b1c7 R09: 0000000000000080
[pid 5035] sync() = 0
[pid 5035] exit_group(0) = ?
[pid 5035] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5035, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=25 /* 0.25 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555fe06f0 /* 4 entries */, 32768) = 104
[ 57.851573][ T5035] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffea6a3b480
[ 57.859552][ T5035] R13: 00007ffea6a3b4c0 R14: 0000000001000000 R15: 0000000000000003
[ 57.867534][ T5035]
umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555fe8730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555fe8730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./1/bus") = 0
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/binderfs") = 0
getdents64(3, 0x555555fe06f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./1") = 0
mkdir("./2", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555fdf650) = 5053
./strace-static-x86_64: Process 5053 attached
[pid 5053] set_robust_list(0x555555fdf660, 24) = 0
[pid 5053] chdir("./2") = 0
[pid 5053] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5053] setpgid(0, 0) = 0
[pid 5053] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5053] write(3, "1000", 4) = 4
[pid 5053] close(3) = 0
[pid 5053] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5053] memfd_create("syzkaller", 0) = 3
[pid 5053] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efbf7ff8000
[pid 5053] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5053] munmap(0x7efbf7ff8000, 16777216) = 0
[pid 5053] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5053] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5053] close(3) = 0
[pid 5053] mkdir("./bus", 0777) = 0
[ 58.165743][ T5053] loop0: detected capacity change from 0 to 32768
[ 58.175079][ T5053] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor198 (5053)
[ 58.192170][ T5053] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 58.201510][ T5053] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 58.212692][ T5053] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 58.223803][ T5053] BTRFS warning (device loop0): excessive commit interval 622039222
[ 58.232048][ T5053] BTRFS info (device loop0): force zlib compression, level 3
[ 58.239588][ T5053] BTRFS info (device loop0): using free space tree
[ 58.257959][ T5053] BTRFS info (device loop0): enabling ssd optimizations
[pid 5053] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "user_subvol_rm_allowed,noinode_cache,inode_cache,commit=0x00000000251390b6,compress-force,noacl,tree"...) = 0
[pid 5053] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5053] chdir("./bus") = 0
[pid 5053] ioctl(4, LOOP_CLR_FD) = 0
[pid 5053] close(4) = 0
[pid 5053] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid 5053] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5053] write(5, "5", 1) = 1
[pid 5053] sync() = 0
[pid 5053] exit_group(0) = ?
[pid 5053] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5053, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=19 /* 0.19 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555fe06f0 /* 4 entries */, 32768) = 104
[ 58.265082][ T5053] BTRFS info (device loop0): auto enabling async discard
[ 58.278844][ T27] audit: type=1800 audit(1690592595.284:4): pid=5053 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor198" name="bus" dev="loop0" ino=263 res=0 errno=0
umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555fe8730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555fe8730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./2/bus") = 0
umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./2/binderfs") = 0
getdents64(3, 0x555555fe06f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./2") = 0
mkdir("./3", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555fdf650) = 5075
./strace-static-x86_64: Process 5075 attached
[pid 5075] set_robust_list(0x555555fdf660, 24) = 0
[pid 5075] chdir("./3") = 0
[pid 5075] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5075] setpgid(0, 0) = 0
[pid 5075] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5075] write(3, "1000", 4) = 4
[pid 5075] close(3) = 0
[pid 5075] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5075] memfd_create("syzkaller", 0) = 3
[pid 5075] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efbf7ff8000
[pid 5075] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5075] munmap(0x7efbf7ff8000, 16777216) = 0
[pid 5075] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5075] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5075] close(3) = 0
[pid 5075] mkdir("./bus", 0777) = 0
[ 58.662266][ T5075] loop0: detected capacity change from 0 to 32768
[ 58.673241][ T5075] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor198 (5075)
[ 58.691055][ T5075] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 58.700263][ T5075] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 58.711309][ T5075] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 58.722339][ T5075] BTRFS warning (device loop0): excessive commit interval 622039222
[ 58.730705][ T5075] BTRFS info (device loop0): force zlib compression, level 3
[ 58.738360][ T5075] BTRFS info (device loop0): using free space tree
[ 58.755600][ T5075] BTRFS info (device loop0): enabling ssd optimizations
[pid 5075] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "user_subvol_rm_allowed,noinode_cache,inode_cache,commit=0x00000000251390b6,compress-force,noacl,tree"...) = 0
[pid 5075] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5075] chdir("./bus") = 0
[pid 5075] ioctl(4, LOOP_CLR_FD) = 0
[pid 5075] close(4) = 0
[pid 5075] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid 5075] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5075] write(5, "5", 1) = 1
[ 58.762657][ T5075] BTRFS info (device loop0): auto enabling async discard
[ 58.784799][ T27] audit: type=1800 audit(1690592595.784:5): pid=5075 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor198" name="bus" dev="loop0" ino=263 res=0 errno=0
[ 58.815550][ T5075] FAULT_INJECTION: forcing a failure.
[ 58.815550][ T5075] name failslab, interval 1, probability 0, space 0, times 0
[ 58.828355][ T5075] CPU: 1 PID: 5075 Comm: syz-executor198 Not tainted 6.5.0-rc3-syzkaller-00225-gf837f0a3c948 #0
[ 58.838970][ T5075] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[ 58.849313][ T5075] Call Trace:
[ 58.852619][ T5075]
[ 58.855574][ T5075] dump_stack_lvl+0x1e7/0x2d0
[ 58.860284][ T5075] ? nf_tcp_handle_invalid+0x650/0x650
[ 58.865778][ T5075] ? panic+0x770/0x770
[ 58.869879][ T5075] ? __might_sleep+0xc0/0xc0
[ 58.874509][ T5075] should_fail_ex+0x3aa/0x4e0
[ 58.879217][ T5075] should_failslab+0x9/0x20
[ 58.883746][ T5075] slab_pre_alloc_hook+0x59/0x2b0
[ 58.888803][ T5075] kmem_cache_alloc+0x52/0x300
[ 58.893575][ T5075] ? alloc_extent_state+0x25/0x2e0
[ 58.898690][ T5075] alloc_extent_state+0x25/0x2e0
[ 58.903639][ T5075] __set_extent_bit+0x1c8/0x1b00
[ 58.908573][ T5075] ? __down_write_common+0x161/0x200
[ 58.913949][ T5075] ? PageUptodate+0xd9/0x290
[ 58.918538][ T5075] set_extent_bit+0x3b/0x50
[ 58.923039][ T5075] btrfs_alloc_tree_block+0xae1/0x17f0
[ 58.928500][ T5075] ? alloc_reserved_file_extent+0x5e0/0x5e0
[ 58.934412][ T5075] ? __lock_acquire+0x1345/0x7f70
[ 58.939435][ T5075] ? read_extent_buffer+0x122/0x2a0
[ 58.944626][ T5075] ? __asan_memcpy+0x40/0x70
[ 58.949217][ T5075] __btrfs_cow_block+0x465/0x1ae0
[ 58.954247][ T5075] ? btrfs_qgroup_trace_subtree_after_cow+0x1a8/0x1190
[ 58.961098][ T5075] ? btrfs_cow_block+0x780/0x780
[ 58.966119][ T5075] ? btrfs_qgroup_add_swapped_blocks+0x740/0x7f0
[ 58.972444][ T5075] ? rcu_is_watching+0x15/0xb0
[ 58.977212][ T5075] btrfs_cow_block+0x403/0x780
[ 58.981979][ T5075] btrfs_search_slot+0xbf9/0x2f80
[ 58.986998][ T5075] ? btrfs_extent_root+0x2a1/0x3b0
[ 58.992121][ T5075] ? __kasan_slab_alloc+0x66/0x70
[ 58.997145][ T5075] ? btrfs_find_item+0x5c0/0x5c0
[ 59.002074][ T5075] ? btrfs_extent_root+0x2a1/0x3b0
[ 59.007181][ T5075] ? btrfs_csum_root+0x3b0/0x3b0
[ 59.012138][ T5075] lookup_inline_extent_backref+0x3f2/0x1470
[ 59.018126][ T5075] ? insert_extent_data_ref+0xa30/0xa30
[ 59.023665][ T5075] ? __kasan_slab_alloc+0x66/0x70
[ 59.028684][ T5075] ? slab_post_alloc_hook+0x87/0x3b0
[ 59.033970][ T5075] ? rcu_is_watching+0x15/0xb0
[ 59.038819][ T5075] ? kmem_cache_alloc+0x152/0x300
[ 59.043851][ T5075] __btrfs_free_extent+0x28a/0x3250
[ 59.049062][ T5075] ? __btrfs_inc_extent_ref+0x5f0/0x5f0
[ 59.055040][ T5075] ? _raw_read_unlock+0x28/0x40
[ 59.059895][ T5075] ? do_raw_spin_unlock+0x13b/0x8b0
[ 59.065108][ T5075] __btrfs_run_delayed_refs+0xf00/0x3f90
[ 59.070777][ T5075] ? btrfs_run_delayed_refs+0x480/0x480
[ 59.076332][ T5075] ? verify_lock_unused+0x140/0x140
[ 59.081535][ T5075] ? start_transaction+0x469/0x1080
[ 59.086729][ T5075] ? btrfs_attach_transaction_barrier+0x26/0xa0
[ 59.093089][ T5075] ? btrfs_sync_fs+0x135/0x6c0
[ 59.097870][ T5075] ? read_lock_is_recursive+0x20/0x20
[ 59.103257][ T5075] btrfs_run_delayed_refs+0x140/0x480
[ 59.108650][ T5075] btrfs_commit_transaction+0x495/0x2ff0
[ 59.114462][ T5075] ? read_lock_is_recursive+0x20/0x20
[ 59.119832][ T5075] ? __lock_acquire+0x7f70/0x7f70
[ 59.124860][ T5075] ? do_raw_spin_unlock+0x13b/0x8b0
[ 59.130060][ T5075] ? btrfs_commit_transaction_async+0x450/0x450
[ 59.136390][ T5075] ? join_transaction+0xbdc/0xe00
[ 59.141418][ T5075] ? btrfs_record_root_in_trans+0x92/0x180
[ 59.147225][ T5075] ? start_transaction+0x3de/0x1080
[ 59.152459][ T5075] ? btrfs_attach_transaction_barrier+0x34/0xa0
[ 59.158694][ T5075] ? btrfs_sync_fs+0x1be/0x6c0
[ 59.163454][ T5075] iterate_supers+0x12b/0x1e0
[ 59.168121][ T5075] ? sync_inodes_one_sb+0x70/0x70
[ 59.173231][ T5075] ksys_sync+0xdb/0x1c0
[ 59.177383][ T5075] ? sync_filesystem+0x220/0x220
[ 59.182312][ T5075] ? syscall_enter_from_user_mode+0x32/0x230
[ 59.188294][ T5075] ? syscall_enter_from_user_mode+0x8c/0x230
[ 59.194272][ T5075] __do_sys_sync+0xe/0x20
[ 59.198595][ T5075] do_syscall_64+0x41/0xc0
[ 59.203006][ T5075] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 59.208897][ T5075] RIP: 0033:0x7efc00437169
[ 59.213402][ T5075] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 59.233096][ T5075] RSP: 002b:00007ffea6a3b428 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
[ 59.241681][ T5075] RAX: ffffffffffffffda RBX: 00007ffea6a3b450 RCX: 00007efc00437169
[ 59.249682][ T5075] RDX: 00007efc00436230 RSI: 00007ffea6a3b450 RDI: 00007ffea6a3b450
[ 59.257646][ T5075] RBP: 0000000000000001 R08: 00007ffea6a3b1c7 R09: 0000000000000080
[pid 5075] sync() = 0
[pid 5075] exit_group(0) = ?
[pid 5075] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5075, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=28 /* 0.28 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555fe06f0 /* 4 entries */, 32768) = 104
[ 59.265615][ T5075] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffea6a3b480
[ 59.273578][ T5075] R13: 00007ffea6a3b4c0 R14: 0000000001000000 R15: 0000000000000003
[ 59.281562][ T5075]
umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555fe8730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555fe8730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./3/bus") = 0
umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./3/binderfs") = 0
getdents64(3, 0x555555fe06f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./3") = 0
mkdir("./4", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555fdf650) = 5092
./strace-static-x86_64: Process 5092 attached
[pid 5092] set_robust_list(0x555555fdf660, 24) = 0
[pid 5092] chdir("./4") = 0
[pid 5092] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5092] setpgid(0, 0) = 0
[pid 5092] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5092] write(3, "1000", 4) = 4
[pid 5092] close(3) = 0
[pid 5092] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5092] memfd_create("syzkaller", 0) = 3
[pid 5092] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efbf7ff8000
[pid 5092] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5092] munmap(0x7efbf7ff8000, 16777216) = 0
[pid 5092] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5092] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5092] close(3) = 0
[pid 5092] mkdir("./bus", 0777) = 0
[ 59.616567][ T5092] loop0: detected capacity change from 0 to 32768
[ 59.626116][ T5092] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor198 (5092)
[ 59.642920][ T5092] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 59.651776][ T5092] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 59.662631][ T5092] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 59.673466][ T5092] BTRFS warning (device loop0): excessive commit interval 622039222
[ 59.681506][ T5092] BTRFS info (device loop0): force zlib compression, level 3
[ 59.689017][ T5092] BTRFS info (device loop0): using free space tree
[ 59.704985][ T5092] BTRFS info (device loop0): enabling ssd optimizations
[pid 5092] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "user_subvol_rm_allowed,noinode_cache,inode_cache,commit=0x00000000251390b6,compress-force,noacl,tree"...) = 0
[pid 5092] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5092] chdir("./bus") = 0
[pid 5092] ioctl(4, LOOP_CLR_FD) = 0
[pid 5092] close(4) = 0
[pid 5092] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid 5092] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5092] write(5, "5", 1) = 1
[ 59.712187][ T5092] BTRFS info (device loop0): auto enabling async discard
[ 59.727449][ T27] audit: type=1800 audit(1690592596.734:6): pid=5092 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor198" name="bus" dev="loop0" ino=263 res=0 errno=0
[ 59.753576][ T5092] FAULT_INJECTION: forcing a failure.
[ 59.753576][ T5092] name failslab, interval 1, probability 0, space 0, times 0
[ 59.766869][ T5092] CPU: 1 PID: 5092 Comm: syz-executor198 Not tainted 6.5.0-rc3-syzkaller-00225-gf837f0a3c948 #0
[ 59.777305][ T5092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[ 59.787353][ T5092] Call Trace:
[ 59.790632][ T5092]
[ 59.793552][ T5092] dump_stack_lvl+0x1e7/0x2d0
[ 59.798247][ T5092] ? nf_tcp_handle_invalid+0x650/0x650
[ 59.803698][ T5092] ? panic+0x770/0x770
[ 59.807765][ T5092] ? __might_sleep+0xc0/0xc0
[ 59.812356][ T5092] should_fail_ex+0x3aa/0x4e0
[ 59.817029][ T5092] should_failslab+0x9/0x20
[ 59.821522][ T5092] slab_pre_alloc_hook+0x59/0x2b0
[ 59.826559][ T5092] kmem_cache_alloc+0x52/0x300
[ 59.831319][ T5092] ? alloc_extent_state+0x25/0x2e0
[ 59.836436][ T5092] alloc_extent_state+0x25/0x2e0
[ 59.841467][ T5092] __set_extent_bit+0x1c8/0x1b00
[ 59.846399][ T5092] ? __down_write_common+0x161/0x200
[ 59.851687][ T5092] ? PageUptodate+0xd9/0x290
[ 59.856277][ T5092] set_extent_bit+0x3b/0x50
[ 59.860781][ T5092] btrfs_alloc_tree_block+0xae1/0x17f0
[ 59.866243][ T5092] ? alloc_reserved_file_extent+0x5e0/0x5e0
[ 59.872130][ T5092] ? __lock_acquire+0x1345/0x7f70
[ 59.877155][ T5092] ? read_extent_buffer+0x122/0x2a0
[ 59.882347][ T5092] ? __asan_memcpy+0x40/0x70
[ 59.886938][ T5092] __btrfs_cow_block+0x465/0x1ae0
[ 59.891974][ T5092] ? btrfs_qgroup_trace_subtree_after_cow+0x1a8/0x1190
[ 59.898826][ T5092] ? btrfs_cow_block+0x780/0x780
[ 59.903757][ T5092] ? btrfs_qgroup_add_swapped_blocks+0x740/0x7f0
[ 59.910169][ T5092] ? rcu_is_watching+0x15/0xb0
[ 59.914941][ T5092] btrfs_cow_block+0x403/0x780
[ 59.919723][ T5092] btrfs_search_slot+0xbf9/0x2f80
[ 59.924830][ T5092] ? btrfs_extent_root+0x2a1/0x3b0
[ 59.929947][ T5092] ? __kasan_slab_alloc+0x66/0x70
[ 59.934969][ T5092] ? btrfs_find_item+0x5c0/0x5c0
[ 59.939908][ T5092] ? btrfs_extent_root+0x2a1/0x3b0
[ 59.945016][ T5092] ? btrfs_csum_root+0x3b0/0x3b0
[ 59.949958][ T5092] lookup_inline_extent_backref+0x3f2/0x1470
[ 59.956045][ T5092] ? insert_extent_data_ref+0xa30/0xa30
[ 59.961586][ T5092] ? __kasan_slab_alloc+0x66/0x70
[ 59.966609][ T5092] ? slab_post_alloc_hook+0x87/0x3b0
[ 59.972158][ T5092] ? rcu_is_watching+0x15/0xb0
[ 59.976963][ T5092] ? kmem_cache_alloc+0x152/0x300
[ 59.981992][ T5092] __btrfs_free_extent+0x28a/0x3250
[ 59.987380][ T5092] ? __btrfs_inc_extent_ref+0x5f0/0x5f0
[ 59.993023][ T5092] ? _raw_read_unlock+0x28/0x40
[ 59.997904][ T5092] ? do_raw_spin_unlock+0x13b/0x8b0
[ 60.003128][ T5092] __btrfs_run_delayed_refs+0xf00/0x3f90
[ 60.008890][ T5092] ? btrfs_run_delayed_refs+0x480/0x480
[ 60.014437][ T5092] ? verify_lock_unused+0x140/0x140
[ 60.019641][ T5092] ? start_transaction+0x469/0x1080
[ 60.024838][ T5092] ? btrfs_attach_transaction_barrier+0x26/0xa0
[ 60.031073][ T5092] ? btrfs_sync_fs+0x135/0x6c0
[ 60.035842][ T5092] ? read_lock_is_recursive+0x20/0x20
[ 60.041219][ T5092] btrfs_run_delayed_refs+0x140/0x480
[ 60.046593][ T5092] btrfs_commit_transaction+0x495/0x2ff0
[ 60.052232][ T5092] ? read_lock_is_recursive+0x20/0x20
[ 60.057603][ T5092] ? __lock_acquire+0x7f70/0x7f70
[ 60.062628][ T5092] ? do_raw_spin_unlock+0x13b/0x8b0
[ 60.067830][ T5092] ? btrfs_commit_transaction_async+0x450/0x450
[ 60.074067][ T5092] ? join_transaction+0xbdc/0xe00
[ 60.079093][ T5092] ? btrfs_record_root_in_trans+0x92/0x180
[ 60.084896][ T5092] ? start_transaction+0x3de/0x1080
[ 60.090100][ T5092] ? btrfs_attach_transaction_barrier+0x34/0xa0
[ 60.096333][ T5092] ? btrfs_sync_fs+0x1be/0x6c0
[ 60.101097][ T5092] iterate_supers+0x12b/0x1e0
[ 60.105765][ T5092] ? sync_inodes_one_sb+0x70/0x70
[ 60.110781][ T5092] ksys_sync+0xdb/0x1c0
[ 60.114927][ T5092] ? sync_filesystem+0x220/0x220
[ 60.119855][ T5092] ? syscall_enter_from_user_mode+0x32/0x230
[ 60.125834][ T5092] ? syscall_enter_from_user_mode+0x8c/0x230
[ 60.131897][ T5092] __do_sys_sync+0xe/0x20
[ 60.136226][ T5092] do_syscall_64+0x41/0xc0
[ 60.140634][ T5092] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 60.146526][ T5092] RIP: 0033:0x7efc00437169
[ 60.150941][ T5092] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 60.170535][ T5092] RSP: 002b:00007ffea6a3b428 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
[ 60.178946][ T5092] RAX: ffffffffffffffda RBX: 00007ffea6a3b450 RCX: 00007efc00437169
[ 60.186920][ T5092] RDX: 00007efc00436230 RSI: 00007ffea6a3b450 RDI: 00007ffea6a3b450
[ 60.194881][ T5092] RBP: 0000000000000001 R08: 00007ffea6a3b1c7 R09: 0000000000000080
[ 60.202845][ T5092] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffea6a3b480
[ 60.210804][ T5092] R13: 00007ffea6a3b4c0 R14: 0000000001000000 R15: 0000000000000003
[pid 5092] sync() = 0
[pid 5092] exit_group(0) = ?
[pid 5092] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5092, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=24 /* 0.24 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555fe06f0 /* 4 entries */, 32768) = 104
[ 60.218780][ T5092]
umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555fe8730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555fe8730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./4/bus") = 0
umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./4/binderfs") = 0
getdents64(3, 0x555555fe06f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./4") = 0
mkdir("./5", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555fdf650) = 5109
./strace-static-x86_64: Process 5109 attached
[pid 5109] set_robust_list(0x555555fdf660, 24) = 0
[pid 5109] chdir("./5") = 0
[pid 5109] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5109] setpgid(0, 0) = 0
[pid 5109] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5109] write(3, "1000", 4) = 4
[pid 5109] close(3) = 0
[pid 5109] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5109] memfd_create("syzkaller", 0) = 3
[pid 5109] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efbf7ff8000
[pid 5109] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5109] munmap(0x7efbf7ff8000, 16777216) = 0
[pid 5109] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5109] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5109] close(3) = 0
[pid 5109] mkdir("./bus", 0777) = 0
[ 60.559127][ T5109] loop0: detected capacity change from 0 to 32768
[ 60.570204][ T5109] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor198 (5109)
[ 60.585979][ T5109] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 60.594781][ T5109] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 60.605900][ T5109] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 60.617001][ T5109] BTRFS warning (device loop0): excessive commit interval 622039222
[ 60.624998][ T5109] BTRFS info (device loop0): force zlib compression, level 3
[ 60.632948][ T5109] BTRFS info (device loop0): using free space tree
[ 60.651738][ T5109] BTRFS info (device loop0): enabling ssd optimizations
[pid 5109] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "user_subvol_rm_allowed,noinode_cache,inode_cache,commit=0x00000000251390b6,compress-force,noacl,tree"...) = 0
[pid 5109] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5109] chdir("./bus") = 0
[pid 5109] ioctl(4, LOOP_CLR_FD) = 0
[pid 5109] close(4) = 0
[pid 5109] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid 5109] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5109] write(5, "5", 1) = 1
[ 60.658835][ T5109] BTRFS info (device loop0): auto enabling async discard
[ 60.684387][ T27] audit: type=1800 audit(1690592597.684:7): pid=5109 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor198" name="bus" dev="loop0" ino=263 res=0 errno=0
[ 60.747540][ T5109] FAULT_INJECTION: forcing a failure.
[ 60.747540][ T5109] name failslab, interval 1, probability 0, space 0, times 0
[ 60.761813][ T5109] CPU: 1 PID: 5109 Comm: syz-executor198 Not tainted 6.5.0-rc3-syzkaller-00225-gf837f0a3c948 #0
[ 60.772262][ T5109] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[ 60.782358][ T5109] Call Trace:
[ 60.785681][ T5109]
[ 60.788628][ T5109] dump_stack_lvl+0x1e7/0x2d0
[ 60.793340][ T5109] ? nf_tcp_handle_invalid+0x650/0x650
[ 60.798837][ T5109] ? panic+0x770/0x770
[ 60.802932][ T5109] ? __might_sleep+0xc0/0xc0
[ 60.807568][ T5109] should_fail_ex+0x3aa/0x4e0
[ 60.812280][ T5109] should_failslab+0x9/0x20
[ 60.816793][ T5109] slab_pre_alloc_hook+0x59/0x2b0
[ 60.821821][ T5109] kmem_cache_alloc+0x52/0x300
[ 60.826581][ T5109] ? alloc_extent_state+0x25/0x2e0
[ 60.831698][ T5109] alloc_extent_state+0x25/0x2e0
[ 60.836633][ T5109] __set_extent_bit+0x1c8/0x1b00
[ 60.841569][ T5109] ? __down_write_common+0x161/0x200
[ 60.846854][ T5109] ? PageUptodate+0xd9/0x290
[ 60.851443][ T5109] set_extent_bit+0x3b/0x50
[ 60.855953][ T5109] btrfs_alloc_tree_block+0xae1/0x17f0
[ 60.861414][ T5109] ? alloc_reserved_file_extent+0x5e0/0x5e0
[ 60.867304][ T5109] ? __lock_acquire+0x1345/0x7f70
[ 60.872331][ T5109] ? read_extent_buffer+0x122/0x2a0
[ 60.877609][ T5109] ? __asan_memcpy+0x40/0x70
[ 60.882200][ T5109] __btrfs_cow_block+0x465/0x1ae0
[ 60.887229][ T5109] ? btrfs_qgroup_trace_subtree_after_cow+0x1a8/0x1190
[ 60.894076][ T5109] ? btrfs_cow_block+0x780/0x780
[ 60.899014][ T5109] ? btrfs_qgroup_add_swapped_blocks+0x740/0x7f0
[ 60.905339][ T5109] ? rcu_is_watching+0x15/0xb0
[ 60.910107][ T5109] btrfs_cow_block+0x403/0x780
[ 60.914875][ T5109] btrfs_search_slot+0xbf9/0x2f80
[ 60.919895][ T5109] ? btrfs_extent_root+0x2a1/0x3b0
[ 60.925012][ T5109] ? __kasan_slab_alloc+0x66/0x70
[ 60.930032][ T5109] ? btrfs_find_item+0x5c0/0x5c0
[ 60.934962][ T5109] ? btrfs_extent_root+0x2a1/0x3b0
[ 60.940068][ T5109] ? btrfs_csum_root+0x3b0/0x3b0
[ 60.945009][ T5109] lookup_inline_extent_backref+0x3f2/0x1470
[ 60.950992][ T5109] ? insert_extent_data_ref+0xa30/0xa30
[ 60.956527][ T5109] ? __kasan_slab_alloc+0x66/0x70
[ 60.961543][ T5109] ? slab_post_alloc_hook+0x87/0x3b0
[ 60.966827][ T5109] ? rcu_is_watching+0x15/0xb0
[ 60.971671][ T5109] ? kmem_cache_alloc+0x152/0x300
[ 60.976693][ T5109] __btrfs_free_extent+0x28a/0x3250
[ 60.981900][ T5109] ? __btrfs_inc_extent_ref+0x5f0/0x5f0
[ 60.987439][ T5109] ? _raw_read_unlock+0x28/0x40
[ 60.992289][ T5109] ? do_raw_spin_unlock+0x13b/0x8b0
[ 60.997491][ T5109] __btrfs_run_delayed_refs+0xf00/0x3f90
[ 61.003155][ T5109] ? btrfs_run_delayed_refs+0x480/0x480
[ 61.008707][ T5109] ? verify_lock_unused+0x140/0x140
[ 61.013905][ T5109] ? start_transaction+0x469/0x1080
[ 61.019097][ T5109] ? btrfs_attach_transaction_barrier+0x26/0xa0
[ 61.025338][ T5109] ? btrfs_sync_fs+0x135/0x6c0
[ 61.030103][ T5109] ? read_lock_is_recursive+0x20/0x20
[ 61.035477][ T5109] btrfs_run_delayed_refs+0x140/0x480
[ 61.040851][ T5109] btrfs_commit_transaction+0x495/0x2ff0
[ 61.046483][ T5109] ? read_lock_is_recursive+0x20/0x20
[ 61.051850][ T5109] ? __lock_acquire+0x7f70/0x7f70
[ 61.056881][ T5109] ? do_raw_spin_unlock+0x13b/0x8b0
[ 61.062081][ T5109] ? btrfs_commit_transaction_async+0x450/0x450
[ 61.068326][ T5109] ? join_transaction+0xbdc/0xe00
[ 61.073432][ T5109] ? btrfs_record_root_in_trans+0x92/0x180
[ 61.079236][ T5109] ? start_transaction+0x3de/0x1080
[ 61.084450][ T5109] ? btrfs_attach_transaction_barrier+0x34/0xa0
[ 61.090694][ T5109] ? btrfs_sync_fs+0x1be/0x6c0
[ 61.095459][ T5109] iterate_supers+0x12b/0x1e0
[ 61.100131][ T5109] ? sync_inodes_one_sb+0x70/0x70
[ 61.105151][ T5109] ksys_sync+0xdb/0x1c0
[ 61.109298][ T5109] ? sync_filesystem+0x220/0x220
[ 61.114228][ T5109] ? syscall_enter_from_user_mode+0x32/0x230
[ 61.120222][ T5109] ? syscall_enter_from_user_mode+0x8c/0x230
[ 61.126196][ T5109] __do_sys_sync+0xe/0x20
[ 61.130524][ T5109] do_syscall_64+0x41/0xc0
[ 61.134930][ T5109] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 61.140993][ T5109] RIP: 0033:0x7efc00437169
[ 61.145408][ T5109] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 61.165017][ T5109] RSP: 002b:00007ffea6a3b428 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
[ 61.173425][ T5109] RAX: ffffffffffffffda RBX: 00007ffea6a3b450 RCX: 00007efc00437169
[ 61.181389][ T5109] RDX: 00007efc00436230 RSI: 00007ffea6a3b450 RDI: 00007ffea6a3b450
[ 61.189350][ T5109] RBP: 0000000000000001 R08: 00007ffea6a3b1c7 R09: 0000000000000080
[pid 5109] sync() = 0
[pid 5109] exit_group(0) = ?
[pid 5109] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5109, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=27 /* 0.27 s */} ---
umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555fe06f0 /* 4 entries */, 32768) = 104
[ 61.197310][ T5109] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffea6a3b480
[ 61.205268][ T5109] R13: 00007ffea6a3b4c0 R14: 0000000001000000 R15: 0000000000000003
[ 61.213242][ T5109]
umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555fe8730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555fe8730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./5/bus") = 0
umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./5/binderfs") = 0
getdents64(3, 0x555555fe06f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./5") = 0
mkdir("./6", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555fdf650) = 5126
./strace-static-x86_64: Process 5126 attached
[pid 5126] set_robust_list(0x555555fdf660, 24) = 0
[pid 5126] chdir("./6") = 0
[pid 5126] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5126] setpgid(0, 0) = 0
[pid 5126] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5126] write(3, "1000", 4) = 4
[pid 5126] close(3) = 0
[pid 5126] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5126] memfd_create("syzkaller", 0) = 3
[pid 5126] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efbf7ff8000
[pid 5126] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5126] munmap(0x7efbf7ff8000, 16777216) = 0
[pid 5126] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5126] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5126] close(3) = 0
[pid 5126] mkdir("./bus", 0777) = 0
[ 61.513252][ T5126] loop0: detected capacity change from 0 to 32768
[ 61.522614][ T5126] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor198 (5126)
[ 61.539366][ T5126] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 61.548637][ T5126] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 61.559821][ T5126] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 61.571584][ T5126] BTRFS warning (device loop0): excessive commit interval 622039222
[ 61.579867][ T5126] BTRFS info (device loop0): force zlib compression, level 3
[ 61.587475][ T5126] BTRFS info (device loop0): using free space tree
[ 61.605681][ T5126] BTRFS info (device loop0): enabling ssd optimizations
[pid 5126] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "user_subvol_rm_allowed,noinode_cache,inode_cache,commit=0x00000000251390b6,compress-force,noacl,tree"...) = 0
[pid 5126] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5126] chdir("./bus") = 0
[pid 5126] ioctl(4, LOOP_CLR_FD) = 0
[pid 5126] close(4) = 0
[pid 5126] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid 5126] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5126] write(5, "5", 1) = 1
[ 61.612719][ T5126] BTRFS info (device loop0): auto enabling async discard
[ 61.642814][ T27] audit: type=1800 audit(1690592598.644:8): pid=5126 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor198" name="bus" dev="loop0" ino=263 res=0 errno=0
[ 61.664527][ T5126] FAULT_INJECTION: forcing a failure.
[ 61.664527][ T5126] name failslab, interval 1, probability 0, space 0, times 0
[ 61.677520][ T5126] CPU: 1 PID: 5126 Comm: syz-executor198 Not tainted 6.5.0-rc3-syzkaller-00225-gf837f0a3c948 #0
[ 61.688145][ T5126] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[ 61.698224][ T5126] Call Trace:
[ 61.701527][ T5126]
[ 61.704474][ T5126] dump_stack_lvl+0x1e7/0x2d0
[ 61.709186][ T5126] ? nf_tcp_handle_invalid+0x650/0x650
[ 61.714669][ T5126] ? panic+0x770/0x770
[ 61.718767][ T5126] ? __might_sleep+0xc0/0xc0
[ 61.723397][ T5126] should_fail_ex+0x3aa/0x4e0
[ 61.728112][ T5126] should_failslab+0x9/0x20
[ 61.732640][ T5126] slab_pre_alloc_hook+0x59/0x2b0
[ 61.737687][ T5126] kmem_cache_alloc+0x52/0x300
[ 61.742459][ T5126] ? alloc_extent_state+0x25/0x2e0
[ 61.747575][ T5126] alloc_extent_state+0x25/0x2e0
[ 61.752512][ T5126] __set_extent_bit+0x1c8/0x1b00
[ 61.757446][ T5126] ? __down_write_common+0x161/0x200
[ 61.762732][ T5126] ? PageUptodate+0xd9/0x290
[ 61.767328][ T5126] set_extent_bit+0x3b/0x50
[ 61.771828][ T5126] btrfs_alloc_tree_block+0xae1/0x17f0
[ 61.777467][ T5126] ? alloc_reserved_file_extent+0x5e0/0x5e0
[ 61.783457][ T5126] ? mark_lock+0x9a/0x340
[ 61.787808][ T5126] ? read_extent_buffer+0x122/0x2a0
[ 61.793005][ T5126] ? __asan_memcpy+0x40/0x70
[ 61.797596][ T5126] __btrfs_cow_block+0x465/0x1ae0
[ 61.802637][ T5126] ? btrfs_qgroup_trace_subtree_after_cow+0x1a8/0x1190
[ 61.809840][ T5126] ? btrfs_cow_block+0x780/0x780
[ 61.814774][ T5126] ? btrfs_qgroup_add_swapped_blocks+0x740/0x7f0
[ 61.821107][ T5126] ? rcu_is_watching+0x15/0xb0
[ 61.825869][ T5126] btrfs_cow_block+0x403/0x780
[ 61.830641][ T5126] btrfs_search_slot+0xbf9/0x2f80
[ 61.835681][ T5126] ? btrfs_find_item+0x5c0/0x5c0
[ 61.840613][ T5126] ? do_raw_read_unlock+0x3c/0x80
[ 61.845631][ T5126] ? _raw_read_unlock+0x28/0x40
[ 61.850478][ T5126] ? btrfs_extent_root+0x2a1/0x3b0
[ 61.855939][ T5126] ? rcu_is_watching+0x15/0xb0
[ 61.860700][ T5126] btrfs_insert_empty_items+0x9c/0x180
[ 61.866166][ T5126] __btrfs_run_delayed_refs+0x1379/0x3f90
[ 61.871916][ T5126] ? btrfs_run_delayed_refs+0x480/0x480
[ 61.877458][ T5126] ? verify_lock_unused+0x140/0x140
[ 61.882660][ T5126] ? btrfs_attach_transaction_barrier+0x26/0xa0
[ 61.888894][ T5126] ? btrfs_sync_fs+0x135/0x6c0
[ 61.893652][ T5126] ? read_lock_is_recursive+0x20/0x20
[ 61.899025][ T5126] btrfs_run_delayed_refs+0x140/0x480
[ 61.904400][ T5126] btrfs_commit_transaction+0x495/0x2ff0
[ 61.910029][ T5126] ? read_lock_is_recursive+0x20/0x20
[ 61.915396][ T5126] ? __lock_acquire+0x7f70/0x7f70
[ 61.920595][ T5126] ? do_raw_spin_unlock+0x13b/0x8b0
[ 61.925792][ T5126] ? btrfs_commit_transaction_async+0x450/0x450
[ 61.932031][ T5126] ? join_transaction+0xbdc/0xe00
[ 61.937057][ T5126] ? btrfs_record_root_in_trans+0x92/0x180
[ 61.942870][ T5126] ? start_transaction+0x3de/0x1080
[ 61.948080][ T5126] ? btrfs_attach_transaction_barrier+0x34/0xa0
[ 61.954317][ T5126] ? btrfs_sync_fs+0x1be/0x6c0
[ 61.959079][ T5126] iterate_supers+0x12b/0x1e0
[ 61.963750][ T5126] ? sync_inodes_one_sb+0x70/0x70
[ 61.968867][ T5126] ksys_sync+0xdb/0x1c0
[ 61.973102][ T5126] ? sync_filesystem+0x220/0x220
[ 61.978031][ T5126] ? syscall_enter_from_user_mode+0x32/0x230
[ 61.984010][ T5126] ? syscall_enter_from_user_mode+0x8c/0x230
[ 61.989987][ T5126] __do_sys_sync+0xe/0x20
[ 61.994309][ T5126] do_syscall_64+0x41/0xc0
[ 61.998724][ T5126] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 62.004614][ T5126] RIP: 0033:0x7efc00437169
[ 62.009023][ T5126] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 62.028626][ T5126] RSP: 002b:00007ffea6a3b428 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
[ 62.037041][ T5126] RAX: ffffffffffffffda RBX: 00007ffea6a3b450 RCX: 00007efc00437169
[ 62.045010][ T5126] RDX: 00007efc00436230 RSI: 00007ffea6a3b450 RDI: 00007ffea6a3b450
[ 62.053754][ T5126] RBP: 0000000000000001 R08: 00007ffea6a3b1c7 R09: 0000000000000080
[pid 5126] sync() = 0
[pid 5126] exit_group(0) = ?
[pid 5126] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5126, si_uid=0, si_status=0, si_utime=0, si_stime=25 /* 0.25 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555fe06f0 /* 4 entries */, 32768) = 104
[ 62.061717][ T5126] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffea6a3b480
[ 62.069766][ T5126] R13: 00007ffea6a3b4c0 R14: 0000000001000000 R15: 0000000000000003
[ 62.077741][ T5126]
umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555fe8730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555fe8730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./6/bus") = 0
umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./6/binderfs") = 0
getdents64(3, 0x555555fe06f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./6") = 0
mkdir("./7", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555fdf650) = 5145
./strace-static-x86_64: Process 5145 attached
[pid 5145] set_robust_list(0x555555fdf660, 24) = 0
[pid 5145] chdir("./7") = 0
[pid 5145] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5145] setpgid(0, 0) = 0
[pid 5145] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5145] write(3, "1000", 4) = 4
[pid 5145] close(3) = 0
[pid 5145] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5145] memfd_create("syzkaller", 0) = 3
[pid 5145] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efbf7ff8000
[pid 5145] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5145] munmap(0x7efbf7ff8000, 16777216) = 0
[pid 5145] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5145] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5145] close(3) = 0
[pid 5145] mkdir("./bus", 0777) = 0
[ 62.379376][ T5145] loop0: detected capacity change from 0 to 32768
[ 62.390203][ T5145] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor198 (5145)
[ 62.407028][ T5145] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 62.415867][ T5145] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 62.427061][ T5145] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 62.438301][ T5145] BTRFS warning (device loop0): excessive commit interval 622039222
[ 62.446494][ T5145] BTRFS info (device loop0): force zlib compression, level 3
[ 62.453978][ T5145] BTRFS info (device loop0): using free space tree
[ 62.470855][ T5145] BTRFS info (device loop0): enabling ssd optimizations
[pid 5145] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "user_subvol_rm_allowed,noinode_cache,inode_cache,commit=0x00000000251390b6,compress-force,noacl,tree"...) = 0
[pid 5145] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5145] chdir("./bus") = 0
[pid 5145] ioctl(4, LOOP_CLR_FD) = 0
[pid 5145] close(4) = 0
[ 62.477936][ T5145] BTRFS info (device loop0): auto enabling async discard
[pid 5145] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid 5145] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5145] write(5, "5", 1) = 1
[ 62.509811][ T27] audit: type=1800 audit(1690592599.514:9): pid=5145 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor198" name="bus" dev="loop0" ino=263 res=0 errno=0
[ 62.525699][ T5145] FAULT_INJECTION: forcing a failure.
[ 62.525699][ T5145] name failslab, interval 1, probability 0, space 0, times 0
[ 62.542690][ T5145] CPU: 1 PID: 5145 Comm: syz-executor198 Not tainted 6.5.0-rc3-syzkaller-00225-gf837f0a3c948 #0
[ 62.553132][ T5145] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[ 62.563210][ T5145] Call Trace:
[ 62.566518][ T5145]
[ 62.569468][ T5145] dump_stack_lvl+0x1e7/0x2d0
[ 62.574239][ T5145] ? nf_tcp_handle_invalid+0x650/0x650
[ 62.579731][ T5145] ? panic+0x770/0x770
[ 62.583865][ T5145] ? __might_sleep+0xc0/0xc0
[ 62.588505][ T5145] should_fail_ex+0x3aa/0x4e0
[ 62.593222][ T5145] should_failslab+0x9/0x20
[ 62.597921][ T5145] slab_pre_alloc_hook+0x59/0x2b0
[ 62.602984][ T5145] kmem_cache_alloc+0x52/0x300
[ 62.607862][ T5145] ? alloc_extent_state+0x25/0x2e0
[ 62.613185][ T5145] alloc_extent_state+0x25/0x2e0
[ 62.618158][ T5145] __set_extent_bit+0x1c8/0x1b00
[ 62.623221][ T5145] ? __down_write_common+0x161/0x200
[ 62.628634][ T5145] ? PageUptodate+0xd9/0x290
[ 62.633351][ T5145] set_extent_bit+0x3b/0x50
[ 62.637965][ T5145] btrfs_alloc_tree_block+0xae1/0x17f0
[ 62.643432][ T5145] ? alloc_reserved_file_extent+0x5e0/0x5e0
[ 62.649416][ T5145] ? __lock_acquire+0x1345/0x7f70
[ 62.654467][ T5145] ? read_extent_buffer+0x122/0x2a0
[ 62.659686][ T5145] ? __asan_memcpy+0x40/0x70
[ 62.664304][ T5145] __btrfs_cow_block+0x465/0x1ae0
[ 62.669375][ T5145] ? btrfs_qgroup_trace_subtree_after_cow+0x1a8/0x1190
[ 62.676227][ T5145] ? btrfs_cow_block+0x780/0x780
[ 62.681266][ T5145] ? btrfs_qgroup_add_swapped_blocks+0x740/0x7f0
[ 62.687613][ T5145] ? rcu_is_watching+0x15/0xb0
[ 62.692382][ T5145] btrfs_cow_block+0x403/0x780
[ 62.697170][ T5145] btrfs_search_slot+0xbf9/0x2f80
[ 62.702199][ T5145] ? btrfs_extent_root+0x2a1/0x3b0
[ 62.707326][ T5145] ? __kasan_slab_alloc+0x66/0x70
[ 62.712358][ T5145] ? btrfs_find_item+0x5c0/0x5c0
[ 62.717403][ T5145] ? btrfs_extent_root+0x2a1/0x3b0
[ 62.722534][ T5145] ? btrfs_csum_root+0x3b0/0x3b0
[ 62.727499][ T5145] lookup_inline_extent_backref+0x3f2/0x1470
[ 62.733515][ T5145] ? insert_extent_data_ref+0xa30/0xa30
[ 62.739078][ T5145] ? __kasan_slab_alloc+0x66/0x70
[ 62.744111][ T5145] ? slab_post_alloc_hook+0x87/0x3b0
[ 62.749458][ T5145] ? rcu_is_watching+0x15/0xb0
[ 62.754234][ T5145] ? kmem_cache_alloc+0x152/0x300
[ 62.759262][ T5145] __btrfs_free_extent+0x28a/0x3250
[ 62.764484][ T5145] ? __btrfs_inc_extent_ref+0x5f0/0x5f0
[ 62.770032][ T5145] ? _raw_read_unlock+0x28/0x40
[ 62.774909][ T5145] ? do_raw_spin_unlock+0x13b/0x8b0
[ 62.780111][ T5145] __btrfs_run_delayed_refs+0xf00/0x3f90
[ 62.788215][ T5145] ? btrfs_run_delayed_refs+0x480/0x480
[ 62.793767][ T5145] ? verify_lock_unused+0x140/0x140
[ 62.798975][ T5145] ? start_transaction+0x469/0x1080
[ 62.804166][ T5145] ? btrfs_attach_transaction_barrier+0x26/0xa0
[ 62.810418][ T5145] ? btrfs_sync_fs+0x135/0x6c0
[ 62.815195][ T5145] ? read_lock_is_recursive+0x20/0x20
[ 62.820567][ T5145] btrfs_run_delayed_refs+0x140/0x480
[ 62.825944][ T5145] btrfs_commit_transaction+0x495/0x2ff0
[ 62.831586][ T5145] ? read_lock_is_recursive+0x20/0x20
[ 62.836960][ T5145] ? __lock_acquire+0x7f70/0x7f70
[ 62.842006][ T5145] ? do_raw_spin_unlock+0x13b/0x8b0
[ 62.847231][ T5145] ? btrfs_commit_transaction_async+0x450/0x450
[ 62.853498][ T5145] ? join_transaction+0xbdc/0xe00
[ 62.858518][ T5145] ? btrfs_record_root_in_trans+0x92/0x180
[ 62.864324][ T5145] ? start_transaction+0x3de/0x1080
[ 62.869613][ T5145] ? btrfs_attach_transaction_barrier+0x34/0xa0
[ 62.875868][ T5145] ? btrfs_sync_fs+0x1be/0x6c0
[ 62.880655][ T5145] iterate_supers+0x12b/0x1e0
[ 62.885332][ T5145] ? sync_inodes_one_sb+0x70/0x70
[ 62.890387][ T5145] ksys_sync+0xdb/0x1c0
[ 62.894536][ T5145] ? sync_filesystem+0x220/0x220
[ 62.899774][ T5145] ? syscall_enter_from_user_mode+0x32/0x230
[ 62.906052][ T5145] ? syscall_enter_from_user_mode+0x8c/0x230
[ 62.912043][ T5145] __do_sys_sync+0xe/0x20
[ 62.916372][ T5145] do_syscall_64+0x41/0xc0
[ 62.920783][ T5145] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 62.926668][ T5145] RIP: 0033:0x7efc00437169
[ 62.931070][ T5145] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 62.950687][ T5145] RSP: 002b:00007ffea6a3b428 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
[pid 5145] sync() = 0
[pid 5145] exit_group(0) = ?
[pid 5145] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5145, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=24 /* 0.24 s */} ---
umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555fe06f0 /* 4 entries */, 32768) = 104
[ 62.959117][ T5145] RAX: ffffffffffffffda RBX: 00007ffea6a3b450 RCX: 00007efc00437169
[ 62.967095][ T5145] RDX: 00007efc00436230 RSI: 00007ffea6a3b450 RDI: 00007ffea6a3b450
[ 62.975085][ T5145] RBP: 0000000000000001 R08: 00007ffea6a3b1c7 R09: 0000000000000080
[ 62.983057][ T5145] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffea6a3b480
[ 62.991040][ T5145] R13: 00007ffea6a3b4c0 R14: 0000000001000000 R15: 0000000000000003
[ 62.999143][ T5145]
umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555fe8730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555fe8730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./7/bus") = 0
umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./7/binderfs") = 0
getdents64(3, 0x555555fe06f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./7") = 0
mkdir("./8", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555fdf650) = 5162
./strace-static-x86_64: Process 5162 attached
[pid 5162] set_robust_list(0x555555fdf660, 24) = 0
[pid 5162] chdir("./8") = 0
[pid 5162] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5162] setpgid(0, 0) = 0
[pid 5162] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5162] write(3, "1000", 4) = 4
[pid 5162] close(3) = 0
[pid 5162] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5162] memfd_create("syzkaller", 0) = 3
[pid 5162] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efbf7ff8000
[pid 5162] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5162] munmap(0x7efbf7ff8000, 16777216) = 0
[pid 5162] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5162] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5162] close(3) = 0
[pid 5162] mkdir("./bus", 0777) = 0
[ 63.294961][ T5162] loop0: detected capacity change from 0 to 32768
[ 63.305032][ T5162] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor198 (5162)
[ 63.322006][ T5162] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 63.330980][ T5162] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 63.342254][ T5162] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 63.353329][ T5162] BTRFS warning (device loop0): excessive commit interval 622039222
[ 63.361764][ T5162] BTRFS info (device loop0): force zlib compression, level 3
[ 63.369396][ T5162] BTRFS info (device loop0): using free space tree
[ 63.387043][ T5162] BTRFS info (device loop0): enabling ssd optimizations
[pid 5162] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "user_subvol_rm_allowed,noinode_cache,inode_cache,commit=0x00000000251390b6,compress-force,noacl,tree"...) = 0
[pid 5162] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5162] chdir("./bus") = 0
[pid 5162] ioctl(4, LOOP_CLR_FD) = 0
[pid 5162] close(4) = 0
[pid 5162] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid 5162] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5162] write(5, "5", 1) = 1
[ 63.394254][ T5162] BTRFS info (device loop0): auto enabling async discard
[ 63.422637][ T27] audit: type=1800 audit(1690592600.424:10): pid=5162 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor198" name="bus" dev="loop0" ino=263 res=0 errno=0
[ 63.451381][ T5162] FAULT_INJECTION: forcing a failure.
[ 63.451381][ T5162] name failslab, interval 1, probability 0, space 0, times 0
[ 63.464244][ T5162] CPU: 0 PID: 5162 Comm: syz-executor198 Not tainted 6.5.0-rc3-syzkaller-00225-gf837f0a3c948 #0
[ 63.474690][ T5162] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[ 63.484771][ T5162] Call Trace:
[ 63.488077][ T5162]
[ 63.491028][ T5162] dump_stack_lvl+0x1e7/0x2d0
[ 63.495734][ T5162] ? nf_tcp_handle_invalid+0x650/0x650
[ 63.501224][ T5162] ? panic+0x770/0x770
[ 63.505321][ T5162] ? __might_sleep+0xc0/0xc0
[ 63.509947][ T5162] should_fail_ex+0x3aa/0x4e0
[ 63.514657][ T5162] should_failslab+0x9/0x20
[ 63.519181][ T5162] slab_pre_alloc_hook+0x59/0x2b0
[ 63.524239][ T5162] kmem_cache_alloc+0x52/0x300
[ 63.529034][ T5162] ? alloc_extent_state+0x25/0x2e0
[ 63.534366][ T5162] alloc_extent_state+0x25/0x2e0
[ 63.539361][ T5162] __set_extent_bit+0x1c8/0x1b00
[ 63.544329][ T5162] ? __down_write_common+0x161/0x200
[ 63.549642][ T5162] ? PageUptodate+0xd9/0x290
[ 63.554263][ T5162] set_extent_bit+0x3b/0x50
[ 63.558803][ T5162] btrfs_alloc_tree_block+0xae1/0x17f0
[ 63.564303][ T5162] ? alloc_reserved_file_extent+0x5e0/0x5e0
[ 63.570222][ T5162] ? __lock_acquire+0x1345/0x7f70
[ 63.575272][ T5162] ? read_extent_buffer+0x122/0x2a0
[ 63.580470][ T5162] ? __asan_memcpy+0x40/0x70
[ 63.585149][ T5162] __btrfs_cow_block+0x465/0x1ae0
[ 63.590200][ T5162] ? btrfs_qgroup_trace_subtree_after_cow+0x1a8/0x1190
[ 63.597179][ T5162] ? btrfs_cow_block+0x780/0x780
[ 63.602149][ T5162] ? btrfs_qgroup_add_swapped_blocks+0x740/0x7f0
[ 63.608487][ T5162] ? rcu_is_watching+0x15/0xb0
[ 63.613343][ T5162] btrfs_cow_block+0x403/0x780
[ 63.618120][ T5162] btrfs_search_slot+0xbf9/0x2f80
[ 63.623173][ T5162] ? btrfs_extent_root+0x2a1/0x3b0
[ 63.628395][ T5162] ? __kasan_slab_alloc+0x66/0x70
[ 63.633522][ T5162] ? btrfs_find_item+0x5c0/0x5c0
[ 63.638488][ T5162] ? btrfs_extent_root+0x2a1/0x3b0
[ 63.643610][ T5162] ? btrfs_csum_root+0x3b0/0x3b0
[ 63.648581][ T5162] lookup_inline_extent_backref+0x3f2/0x1470
[ 63.654675][ T5162] ? insert_extent_data_ref+0xa30/0xa30
[ 63.660217][ T5162] ? __kasan_slab_alloc+0x66/0x70
[ 63.665258][ T5162] ? slab_post_alloc_hook+0x87/0x3b0
[ 63.670600][ T5162] ? rcu_is_watching+0x15/0xb0
[ 63.675552][ T5162] ? kmem_cache_alloc+0x152/0x300
[ 63.680578][ T5162] __btrfs_free_extent+0x28a/0x3250
[ 63.685812][ T5162] ? __btrfs_inc_extent_ref+0x5f0/0x5f0
[ 63.691358][ T5162] ? _raw_read_unlock+0x28/0x40
[ 63.696220][ T5162] ? do_raw_spin_unlock+0x13b/0x8b0
[ 63.701425][ T5162] __btrfs_run_delayed_refs+0xf00/0x3f90
[ 63.707087][ T5162] ? btrfs_run_delayed_refs+0x480/0x480
[ 63.712730][ T5162] ? verify_lock_unused+0x140/0x140
[ 63.718129][ T5162] ? start_transaction+0x469/0x1080
[ 63.723369][ T5162] ? btrfs_attach_transaction_barrier+0x26/0xa0
[ 63.729606][ T5162] ? btrfs_sync_fs+0x135/0x6c0
[ 63.734363][ T5162] ? read_lock_is_recursive+0x20/0x20
[ 63.739740][ T5162] btrfs_run_delayed_refs+0x140/0x480
[ 63.745113][ T5162] btrfs_commit_transaction+0x495/0x2ff0
[ 63.750840][ T5162] ? read_lock_is_recursive+0x20/0x20
[ 63.756330][ T5162] ? __lock_acquire+0x7f70/0x7f70
[ 63.761370][ T5162] ? do_raw_spin_unlock+0x13b/0x8b0
[ 63.766563][ T5162] ? btrfs_commit_transaction_async+0x450/0x450
[ 63.772893][ T5162] ? join_transaction+0xbdc/0xe00
[ 63.777911][ T5162] ? btrfs_record_root_in_trans+0x92/0x180
[ 63.783732][ T5162] ? start_transaction+0x3de/0x1080
[ 63.788978][ T5162] ? btrfs_attach_transaction_barrier+0x34/0xa0
[ 63.795228][ T5162] ? btrfs_sync_fs+0x1be/0x6c0
[ 63.799996][ T5162] iterate_supers+0x12b/0x1e0
[ 63.804677][ T5162] ? sync_inodes_one_sb+0x70/0x70
[ 63.809704][ T5162] ksys_sync+0xdb/0x1c0
[ 63.813859][ T5162] ? sync_filesystem+0x220/0x220
[ 63.818785][ T5162] ? syscall_enter_from_user_mode+0x32/0x230
[ 63.824775][ T5162] ? syscall_enter_from_user_mode+0x8c/0x230
[ 63.830758][ T5162] __do_sys_sync+0xe/0x20
[ 63.835088][ T5162] do_syscall_64+0x41/0xc0
[ 63.839502][ T5162] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 63.845418][ T5162] RIP: 0033:0x7efc00437169
[ 63.849831][ T5162] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 63.869528][ T5162] RSP: 002b:00007ffea6a3b428 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
[ 63.877961][ T5162] RAX: ffffffffffffffda RBX: 00007ffea6a3b450 RCX: 00007efc00437169
[ 63.886025][ T5162] RDX: 00007efc00436230 RSI: 00007ffea6a3b450 RDI: 00007ffea6a3b450
[ 63.894019][ T5162] RBP: 0000000000000001 R08: 00007ffea6a3b1c7 R09: 0000000000000080
[pid 5162] sync() = 0
[pid 5162] exit_group(0) = ?
[pid 5162] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5162, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=21 /* 0.21 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555fe06f0 /* 4 entries */, 32768) = 104
[ 63.902048][ T5162] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffea6a3b480
[ 63.910014][ T5162] R13: 00007ffea6a3b4c0 R14: 0000000001000000 R15: 0000000000000003
[ 63.917991][ T5162]
umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555fe8730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555fe8730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./8/bus") = 0
umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./8/binderfs") = 0
getdents64(3, 0x555555fe06f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./8") = 0
mkdir("./9", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555fdf650) = 5179
./strace-static-x86_64: Process 5179 attached
[pid 5179] set_robust_list(0x555555fdf660, 24) = 0
[pid 5179] chdir("./9") = 0
[pid 5179] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5179] setpgid(0, 0) = 0
[pid 5179] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5179] write(3, "1000", 4) = 4
[pid 5179] close(3) = 0
[pid 5179] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5179] memfd_create("syzkaller", 0) = 3
[pid 5179] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efbf7ff8000
[pid 5179] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5179] munmap(0x7efbf7ff8000, 16777216) = 0
[pid 5179] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5179] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5179] close(3) = 0
[pid 5179] mkdir("./bus", 0777) = 0
[ 64.195727][ T5179] loop0: detected capacity change from 0 to 32768
[ 64.206703][ T5179] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor198 (5179)
[ 64.224231][ T5179] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 64.233246][ T5179] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 64.244239][ T5179] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 64.255062][ T5179] BTRFS warning (device loop0): excessive commit interval 622039222
[ 64.263212][ T5179] BTRFS info (device loop0): force zlib compression, level 3
[ 64.270762][ T5179] BTRFS info (device loop0): using free space tree
[ 64.287390][ T5179] BTRFS info (device loop0): enabling ssd optimizations
[pid 5179] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "user_subvol_rm_allowed,noinode_cache,inode_cache,commit=0x00000000251390b6,compress-force,noacl,tree"...) = 0
[pid 5179] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5179] chdir("./bus") = 0
[pid 5179] ioctl(4, LOOP_CLR_FD) = 0
[pid 5179] close(4) = 0
[ 64.294460][ T5179] BTRFS info (device loop0): auto enabling async discard
[pid 5179] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid 5179] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5179] write(5, "5", 1) = 1
[ 64.327793][ T27] audit: type=1800 audit(1690592601.334:11): pid=5179 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor198" name="bus" dev="loop0" ino=263 res=0 errno=0
[ 64.354884][ T5179] FAULT_INJECTION: forcing a failure.
[ 64.354884][ T5179] name failslab, interval 1, probability 0, space 0, times 0
[ 64.367888][ T5179] CPU: 1 PID: 5179 Comm: syz-executor198 Not tainted 6.5.0-rc3-syzkaller-00225-gf837f0a3c948 #0
[ 64.378459][ T5179] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[ 64.388555][ T5179] Call Trace:
[ 64.391857][ T5179]
[ 64.394835][ T5179] dump_stack_lvl+0x1e7/0x2d0
[ 64.399553][ T5179] ? nf_tcp_handle_invalid+0x650/0x650
[ 64.405072][ T5179] ? panic+0x770/0x770
[ 64.409176][ T5179] ? __might_sleep+0xc0/0xc0
[ 64.413806][ T5179] should_fail_ex+0x3aa/0x4e0
[ 64.418514][ T5179] should_failslab+0x9/0x20
[ 64.423045][ T5179] slab_pre_alloc_hook+0x59/0x2b0
[ 64.428108][ T5179] kmem_cache_alloc+0x52/0x300
[ 64.432902][ T5179] ? alloc_extent_state+0x25/0x2e0
[ 64.438055][ T5179] alloc_extent_state+0x25/0x2e0
[ 64.443031][ T5179] __set_extent_bit+0x1c8/0x1b00
[ 64.448015][ T5179] ? __down_write_common+0x161/0x200
[ 64.453340][ T5179] ? PageUptodate+0xd9/0x290
[ 64.458061][ T5179] set_extent_bit+0x3b/0x50
[ 64.462617][ T5179] btrfs_alloc_tree_block+0xae1/0x17f0
[ 64.468218][ T5179] ? alloc_reserved_file_extent+0x5e0/0x5e0
[ 64.474152][ T5179] ? __lock_acquire+0x1345/0x7f70
[ 64.479217][ T5179] ? read_extent_buffer+0x122/0x2a0
[ 64.484455][ T5179] ? __asan_memcpy+0x40/0x70
[ 64.489080][ T5179] __btrfs_cow_block+0x465/0x1ae0
[ 64.494148][ T5179] ? btrfs_qgroup_trace_subtree_after_cow+0x1a8/0x1190
[ 64.501038][ T5179] ? btrfs_cow_block+0x780/0x780
[ 64.506003][ T5179] ? btrfs_qgroup_add_swapped_blocks+0x740/0x7f0
[ 64.512369][ T5179] ? rcu_is_watching+0x15/0xb0
[ 64.517144][ T5179] btrfs_cow_block+0x403/0x780
[ 64.521944][ T5179] btrfs_search_slot+0xbf9/0x2f80
[ 64.527002][ T5179] ? btrfs_extent_root+0x2a1/0x3b0
[ 64.532135][ T5179] ? __kasan_slab_alloc+0x66/0x70
[ 64.537172][ T5179] ? btrfs_find_item+0x5c0/0x5c0
[ 64.542100][ T5179] ? btrfs_extent_root+0x2a1/0x3b0
[ 64.547205][ T5179] ? btrfs_csum_root+0x3b0/0x3b0
[ 64.552141][ T5179] lookup_inline_extent_backref+0x3f2/0x1470
[ 64.558131][ T5179] ? insert_extent_data_ref+0xa30/0xa30
[ 64.563666][ T5179] ? __kasan_slab_alloc+0x66/0x70
[ 64.568681][ T5179] ? slab_post_alloc_hook+0x87/0x3b0
[ 64.573962][ T5179] ? rcu_is_watching+0x15/0xb0
[ 64.578715][ T5179] ? kmem_cache_alloc+0x152/0x300
[ 64.583745][ T5179] __btrfs_free_extent+0x28a/0x3250
[ 64.588967][ T5179] ? __btrfs_inc_extent_ref+0x5f0/0x5f0
[ 64.594618][ T5179] ? _raw_read_unlock+0x28/0x40
[ 64.599472][ T5179] ? do_raw_spin_unlock+0x13b/0x8b0
[ 64.604757][ T5179] __btrfs_run_delayed_refs+0xf00/0x3f90
[ 64.610466][ T5179] ? btrfs_run_delayed_refs+0x480/0x480
[ 64.616041][ T5179] ? verify_lock_unused+0x140/0x140
[ 64.621266][ T5179] ? start_transaction+0x469/0x1080
[ 64.626477][ T5179] ? btrfs_attach_transaction_barrier+0x26/0xa0
[ 64.632710][ T5179] ? btrfs_sync_fs+0x135/0x6c0
[ 64.637469][ T5179] ? read_lock_is_recursive+0x20/0x20
[ 64.642840][ T5179] btrfs_run_delayed_refs+0x140/0x480
[ 64.648223][ T5179] btrfs_commit_transaction+0x495/0x2ff0
[ 64.653862][ T5179] ? read_lock_is_recursive+0x20/0x20
[ 64.659293][ T5179] ? __lock_acquire+0x7f70/0x7f70
[ 64.664414][ T5179] ? do_raw_spin_unlock+0x13b/0x8b0
[ 64.669614][ T5179] ? btrfs_commit_transaction_async+0x450/0x450
[ 64.675858][ T5179] ? join_transaction+0xbdc/0xe00
[ 64.680909][ T5179] ? btrfs_record_root_in_trans+0x92/0x180
[ 64.686731][ T5179] ? start_transaction+0x3de/0x1080
[ 64.691956][ T5179] ? btrfs_attach_transaction_barrier+0x34/0xa0
[ 64.698328][ T5179] ? btrfs_sync_fs+0x1be/0x6c0
[ 64.703113][ T5179] iterate_supers+0x12b/0x1e0
[ 64.707798][ T5179] ? sync_inodes_one_sb+0x70/0x70
[ 64.712871][ T5179] ksys_sync+0xdb/0x1c0
[ 64.717056][ T5179] ? sync_filesystem+0x220/0x220
[ 64.722006][ T5179] ? syscall_enter_from_user_mode+0x32/0x230
[ 64.728085][ T5179] ? syscall_enter_from_user_mode+0x8c/0x230
[ 64.734095][ T5179] __do_sys_sync+0xe/0x20
[ 64.738449][ T5179] do_syscall_64+0x41/0xc0
[ 64.742861][ T5179] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 64.748759][ T5179] RIP: 0033:0x7efc00437169
[ 64.753185][ T5179] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 64.772907][ T5179] RSP: 002b:00007ffea6a3b428 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
[ 64.781323][ T5179] RAX: ffffffffffffffda RBX: 00007ffea6a3b450 RCX: 00007efc00437169
[ 64.789285][ T5179] RDX: 00007efc00436230 RSI: 00007ffea6a3b450 RDI: 00007ffea6a3b450
[pid 5179] sync() = 0
[pid 5179] exit_group(0) = ?
[pid 5179] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5179, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=22 /* 0.22 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555fe06f0 /* 4 entries */, 32768) = 104
[ 64.797257][ T5179] RBP: 0000000000000001 R08: 00007ffea6a3b1c7 R09: 0000000000000080
[ 64.805243][ T5179] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffea6a3b480
[ 64.813221][ T5179] R13: 00007ffea6a3b4c0 R14: 0000000001000000 R15: 0000000000000003
[ 64.821244][ T5179]
umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555fe8730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555fe8730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./9/bus") = 0
umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./9/binderfs") = 0
getdents64(3, 0x555555fe06f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./9") = 0
mkdir("./10", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555fdf650) = 5196
./strace-static-x86_64: Process 5196 attached
[pid 5196] set_robust_list(0x555555fdf660, 24) = 0
[pid 5196] chdir("./10") = 0
[pid 5196] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5196] setpgid(0, 0) = 0
[pid 5196] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5196] write(3, "1000", 4) = 4
[pid 5196] close(3) = 0
[pid 5196] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5196] memfd_create("syzkaller", 0) = 3
[pid 5196] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efbf7ff8000
[pid 5196] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5196] munmap(0x7efbf7ff8000, 16777216) = 0
[pid 5196] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5196] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5196] close(3) = 0
[pid 5196] mkdir("./bus", 0777) = 0
[ 65.117590][ T5196] loop0: detected capacity change from 0 to 32768
[ 65.128246][ T5196] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor198 (5196)
[ 65.144570][ T5196] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 65.153395][ T5196] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 65.164276][ T5196] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 65.175234][ T5196] BTRFS warning (device loop0): excessive commit interval 622039222
[ 65.183324][ T5196] BTRFS info (device loop0): force zlib compression, level 3
[ 65.190874][ T5196] BTRFS info (device loop0): using free space tree
[ 65.208110][ T5196] BTRFS info (device loop0): enabling ssd optimizations
[pid 5196] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "user_subvol_rm_allowed,noinode_cache,inode_cache,commit=0x00000000251390b6,compress-force,noacl,tree"...) = 0
[pid 5196] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5196] chdir("./bus") = 0
[pid 5196] ioctl(4, LOOP_CLR_FD) = 0
[pid 5196] close(4) = 0
[ 65.215170][ T5196] BTRFS info (device loop0): auto enabling async discard
[pid 5196] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid 5196] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5196] write(5, "5", 1) = 1
[pid 5196] sync() = 0
[pid 5196] exit_group(0) = ?
[pid 5196] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5196, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=20 /* 0.20 s */} ---
umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555fe06f0 /* 4 entries */, 32768) = 104
[ 65.258432][ T27] audit: type=1800 audit(1690592602.264:12): pid=5196 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor198" name="bus" dev="loop0" ino=263 res=0 errno=0
umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555fe8730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555fe8730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./10/bus") = 0
umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./10/binderfs") = 0
getdents64(3, 0x555555fe06f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./10") = 0
mkdir("./11", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555fdf650) = 5215
./strace-static-x86_64: Process 5215 attached
[pid 5215] set_robust_list(0x555555fdf660, 24) = 0
[pid 5215] chdir("./11") = 0
[pid 5215] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5215] setpgid(0, 0) = 0
[pid 5215] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5215] write(3, "1000", 4) = 4
[pid 5215] close(3) = 0
[pid 5215] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5215] memfd_create("syzkaller", 0) = 3
[pid 5215] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efbf7ff8000
[pid 5215] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5215] munmap(0x7efbf7ff8000, 16777216) = 0
[pid 5215] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5215] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5215] close(3) = 0
[pid 5215] mkdir("./bus", 0777) = 0
[ 65.596075][ T5215] loop0: detected capacity change from 0 to 32768
[ 65.605714][ T5215] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor198 (5215)
[ 65.621861][ T5215] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 65.631167][ T5215] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 65.642273][ T5215] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 65.653259][ T5215] BTRFS warning (device loop0): excessive commit interval 622039222
[ 65.661533][ T5215] BTRFS info (device loop0): force zlib compression, level 3
[ 65.669246][ T5215] BTRFS info (device loop0): using free space tree
[ 65.687854][ T5215] BTRFS info (device loop0): enabling ssd optimizations
[pid 5215] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "user_subvol_rm_allowed,noinode_cache,inode_cache,commit=0x00000000251390b6,compress-force,noacl,tree"...) = 0
[pid 5215] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5215] chdir("./bus") = 0
[pid 5215] ioctl(4, LOOP_CLR_FD) = 0
[pid 5215] close(4) = 0
[pid 5215] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid 5215] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5215] write(5, "5", 1) = 1
[ 65.694885][ T5215] BTRFS info (device loop0): auto enabling async discard
[ 65.723680][ T27] audit: type=1800 audit(1690592602.724:13): pid=5215 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor198" name="bus" dev="loop0" ino=263 res=0 errno=0
[ 65.785226][ T5215] FAULT_INJECTION: forcing a failure.
[ 65.785226][ T5215] name failslab, interval 1, probability 0, space 0, times 0
[ 65.815404][ T5215] CPU: 0 PID: 5215 Comm: syz-executor198 Not tainted 6.5.0-rc3-syzkaller-00225-gf837f0a3c948 #0
[ 65.825871][ T5215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[ 65.835949][ T5215] Call Trace:
[ 65.839252][ T5215]
[ 65.842200][ T5215] dump_stack_lvl+0x1e7/0x2d0
[ 65.846910][ T5215] ? nf_tcp_handle_invalid+0x650/0x650
[ 65.852396][ T5215] ? panic+0x770/0x770
[ 65.856537][ T5215] ? __might_sleep+0xc0/0xc0
[ 65.861157][ T5215] should_fail_ex+0x3aa/0x4e0
[ 65.865832][ T5215] should_failslab+0x9/0x20
[ 65.870347][ T5215] slab_pre_alloc_hook+0x59/0x2b0
[ 65.875382][ T5215] kmem_cache_alloc+0x52/0x300
[ 65.880177][ T5215] ? alloc_extent_state+0x25/0x2e0
[ 65.885425][ T5215] alloc_extent_state+0x25/0x2e0
[ 65.890407][ T5215] __set_extent_bit+0x1c8/0x1b00
[ 65.895346][ T5215] ? __down_write_common+0x161/0x200
[ 65.900650][ T5215] ? PageUptodate+0xd9/0x290
[ 65.905252][ T5215] set_extent_bit+0x3b/0x50
[ 65.909757][ T5215] btrfs_alloc_tree_block+0xae1/0x17f0
[ 65.915218][ T5215] ? alloc_reserved_file_extent+0x5e0/0x5e0
[ 65.921116][ T5215] ? __lock_acquire+0x1345/0x7f70
[ 65.926149][ T5215] ? read_extent_buffer+0x122/0x2a0
[ 65.931346][ T5215] ? __asan_memcpy+0x40/0x70
[ 65.935938][ T5215] __btrfs_cow_block+0x465/0x1ae0
[ 65.940969][ T5215] ? btrfs_qgroup_trace_subtree_after_cow+0x1a8/0x1190
[ 65.947824][ T5215] ? btrfs_cow_block+0x780/0x780
[ 65.952766][ T5215] ? btrfs_qgroup_add_swapped_blocks+0x740/0x7f0
[ 65.959123][ T5215] ? rcu_is_watching+0x15/0xb0
[ 65.963904][ T5215] btrfs_cow_block+0x403/0x780
[ 65.968684][ T5215] btrfs_search_slot+0xbf9/0x2f80
[ 65.973720][ T5215] ? btrfs_extent_root+0x2a1/0x3b0
[ 65.978860][ T5215] ? __kasan_slab_alloc+0x66/0x70
[ 65.983887][ T5215] ? btrfs_find_item+0x5c0/0x5c0
[ 65.988833][ T5215] ? btrfs_extent_root+0x2a1/0x3b0
[ 65.993960][ T5215] ? btrfs_csum_root+0x3b0/0x3b0
[ 65.998902][ T5215] lookup_inline_extent_backref+0x3f2/0x1470
[ 66.004922][ T5215] ? insert_extent_data_ref+0xa30/0xa30
[ 66.010470][ T5215] ? __kasan_slab_alloc+0x66/0x70
[ 66.015497][ T5215] ? slab_post_alloc_hook+0x87/0x3b0
[ 66.020790][ T5215] ? rcu_is_watching+0x15/0xb0
[ 66.025552][ T5215] ? kmem_cache_alloc+0x152/0x300
[ 66.030574][ T5215] __btrfs_free_extent+0x28a/0x3250
[ 66.035780][ T5215] ? __btrfs_inc_extent_ref+0x5f0/0x5f0
[ 66.041322][ T5215] ? _raw_read_unlock+0x28/0x40
[ 66.046171][ T5215] ? do_raw_spin_unlock+0x13b/0x8b0
[ 66.051403][ T5215] __btrfs_run_delayed_refs+0xf00/0x3f90
[ 66.057197][ T5215] ? btrfs_run_delayed_refs+0x480/0x480
[ 66.062872][ T5215] ? verify_lock_unused+0x140/0x140
[ 66.068106][ T5215] ? start_transaction+0x469/0x1080
[ 66.073315][ T5215] ? btrfs_attach_transaction_barrier+0x26/0xa0
[ 66.079582][ T5215] ? btrfs_sync_fs+0x135/0x6c0
[ 66.084358][ T5215] ? read_lock_is_recursive+0x20/0x20
[ 66.089740][ T5215] btrfs_run_delayed_refs+0x140/0x480
[ 66.095396][ T5215] btrfs_commit_transaction+0x495/0x2ff0
[ 66.101151][ T5215] ? read_lock_is_recursive+0x20/0x20
[ 66.106677][ T5215] ? __lock_acquire+0x7f70/0x7f70
[ 66.111751][ T5215] ? do_raw_spin_unlock+0x13b/0x8b0
[ 66.116955][ T5215] ? btrfs_commit_transaction_async+0x450/0x450
[ 66.123303][ T5215] ? join_transaction+0xbdc/0xe00
[ 66.128340][ T5215] ? btrfs_record_root_in_trans+0x92/0x180
[ 66.134327][ T5215] ? start_transaction+0x3de/0x1080
[ 66.139535][ T5215] ? btrfs_attach_transaction_barrier+0x34/0xa0
[ 66.145866][ T5215] ? btrfs_sync_fs+0x1be/0x6c0
[ 66.150638][ T5215] iterate_supers+0x12b/0x1e0
[ 66.155421][ T5215] ? sync_inodes_one_sb+0x70/0x70
[ 66.160471][ T5215] ksys_sync+0xdb/0x1c0
[ 66.164633][ T5215] ? sync_filesystem+0x220/0x220
[ 66.169575][ T5215] ? syscall_enter_from_user_mode+0x32/0x230
[ 66.175572][ T5215] ? syscall_enter_from_user_mode+0x8c/0x230
[ 66.181604][ T5215] __do_sys_sync+0xe/0x20
[ 66.185932][ T5215] do_syscall_64+0x41/0xc0
[ 66.190349][ T5215] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 66.196250][ T5215] RIP: 0033:0x7efc00437169
[ 66.200661][ T5215] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 66.220390][ T5215] RSP: 002b:00007ffea6a3b428 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
[ 66.228857][ T5215] RAX: ffffffffffffffda RBX: 00007ffea6a3b450 RCX: 00007efc00437169
[pid 5215] sync() = 0
[pid 5215] exit_group(0) = ?
[pid 5215] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5215, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=28 /* 0.28 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555fe06f0 /* 4 entries */, 32768) = 104
[ 66.236861][ T5215] RDX: 00007efc00436230 RSI: 00007ffea6a3b450 RDI: 00007ffea6a3b450
[ 66.244845][ T5215] RBP: 0000000000000001 R08: 00007ffea6a3b1c7 R09: 0000000000000080
[ 66.252831][ T5215] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffea6a3b480
[ 66.260893][ T5215] R13: 00007ffea6a3b4c0 R14: 0000000001000000 R15: 0000000000000003
[ 66.268896][ T5215]
umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555fe8730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555fe8730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./11/bus") = 0
umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./11/binderfs") = 0
getdents64(3, 0x555555fe06f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./11") = 0
mkdir("./12", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5232 attached
, child_tidptr=0x555555fdf650) = 5232
[pid 5232] set_robust_list(0x555555fdf660, 24) = 0
[pid 5232] chdir("./12") = 0
[pid 5232] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5232] setpgid(0, 0) = 0
[pid 5232] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5232] write(3, "1000", 4) = 4
[pid 5232] close(3) = 0
[pid 5232] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5232] memfd_create("syzkaller", 0) = 3
[pid 5232] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efbf7ff8000
[pid 5232] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5232] munmap(0x7efbf7ff8000, 16777216) = 0
[pid 5232] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5232] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5232] close(3) = 0
[pid 5232] mkdir("./bus", 0777) = 0
[ 66.597171][ T5232] loop0: detected capacity change from 0 to 32768
[ 66.616855][ T5232] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor198 (5232)
[ 66.632949][ T5232] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 66.641823][ T5232] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 66.652671][ T5232] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 66.663511][ T5232] BTRFS warning (device loop0): excessive commit interval 622039222
[ 66.671711][ T5232] BTRFS info (device loop0): force zlib compression, level 3
[ 66.679141][ T5232] BTRFS info (device loop0): using free space tree
[pid 5232] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "user_subvol_rm_allowed,noinode_cache,inode_cache,commit=0x00000000251390b6,compress-force,noacl,tree"...) = 0
[pid 5232] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5232] chdir("./bus") = 0
[pid 5232] ioctl(4, LOOP_CLR_FD) = 0
[pid 5232] close(4) = 0
[ 66.695913][ T5232] BTRFS info (device loop0): enabling ssd optimizations
[ 66.702890][ T5232] BTRFS info (device loop0): auto enabling async discard
[pid 5232] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid 5232] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5232] write(5, "5", 1) = 1
[ 66.736045][ T27] audit: type=1800 audit(1690592603.744:14): pid=5232 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor198" name="bus" dev="loop0" ino=263 res=0 errno=0
[ 66.764929][ T5232] FAULT_INJECTION: forcing a failure.
[ 66.764929][ T5232] name failslab, interval 1, probability 0, space 0, times 0
[ 66.778321][ T5232] CPU: 1 PID: 5232 Comm: syz-executor198 Not tainted 6.5.0-rc3-syzkaller-00225-gf837f0a3c948 #0
[ 66.788771][ T5232] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[ 66.798848][ T5232] Call Trace:
[ 66.802147][ T5232]
[ 66.805098][ T5232] dump_stack_lvl+0x1e7/0x2d0
[ 66.809808][ T5232] ? nf_tcp_handle_invalid+0x650/0x650
[ 66.815292][ T5232] ? panic+0x770/0x770
[ 66.819392][ T5232] ? __might_sleep+0xc0/0xc0
[ 66.824015][ T5232] should_fail_ex+0x3aa/0x4e0
[ 66.828735][ T5232] should_failslab+0x9/0x20
[ 66.833297][ T5232] slab_pre_alloc_hook+0x59/0x2b0
[ 66.838358][ T5232] kmem_cache_alloc+0x52/0x300
[ 66.843588][ T5232] ? alloc_extent_state+0x25/0x2e0
[ 66.848750][ T5232] alloc_extent_state+0x25/0x2e0
[ 66.853722][ T5232] __set_extent_bit+0x1c8/0x1b00
[ 66.858698][ T5232] ? __down_write_common+0x161/0x200
[ 66.864023][ T5232] ? PageUptodate+0xd9/0x290
[ 66.868655][ T5232] set_extent_bit+0x3b/0x50
[ 66.873206][ T5232] btrfs_alloc_tree_block+0xae1/0x17f0
[ 66.878708][ T5232] ? alloc_reserved_file_extent+0x5e0/0x5e0
[ 66.884623][ T5232] ? __lock_acquire+0x1345/0x7f70
[ 66.889656][ T5232] ? read_extent_buffer+0x122/0x2a0
[ 66.894864][ T5232] ? __asan_memcpy+0x40/0x70
[ 66.899474][ T5232] __btrfs_cow_block+0x465/0x1ae0
[ 66.904518][ T5232] ? btrfs_qgroup_trace_subtree_after_cow+0x1a8/0x1190
[ 66.911403][ T5232] ? btrfs_cow_block+0x780/0x780
[ 66.916382][ T5232] ? btrfs_qgroup_add_swapped_blocks+0x740/0x7f0
[ 66.922724][ T5232] ? rcu_is_watching+0x15/0xb0
[ 66.927498][ T5232] btrfs_cow_block+0x403/0x780
[ 66.932299][ T5232] btrfs_search_slot+0xbf9/0x2f80
[ 66.937338][ T5232] ? btrfs_extent_root+0x2a1/0x3b0
[ 66.942472][ T5232] ? __kasan_slab_alloc+0x66/0x70
[ 66.947514][ T5232] ? btrfs_find_item+0x5c0/0x5c0
[ 66.952443][ T5232] ? btrfs_extent_root+0x2a1/0x3b0
[ 66.957566][ T5232] ? btrfs_csum_root+0x3b0/0x3b0
[ 66.962514][ T5232] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0
[ 66.968593][ T5232] lookup_inline_extent_backref+0x3f2/0x1470
[ 66.974581][ T5232] ? insert_extent_data_ref+0xa30/0xa30
[ 66.980125][ T5232] ? lockdep_hardirqs_on+0x98/0x140
[ 66.985353][ T5232] ? asm_sysvec_reschedule_ipi+0x1a/0x20
[ 66.991016][ T5232] __btrfs_free_extent+0x28a/0x3250
[ 66.996227][ T5232] ? __btrfs_inc_extent_ref+0x5f0/0x5f0
[ 67.001772][ T5232] ? _raw_read_unlock+0x28/0x40
[ 67.006623][ T5232] ? do_raw_spin_unlock+0x13b/0x8b0
[ 67.011842][ T5232] __btrfs_run_delayed_refs+0xf00/0x3f90
[ 67.017519][ T5232] ? btrfs_run_delayed_refs+0x480/0x480
[ 67.023063][ T5232] ? verify_lock_unused+0x140/0x140
[ 67.028437][ T5232] ? start_transaction+0x469/0x1080
[ 67.033638][ T5232] ? btrfs_attach_transaction_barrier+0x26/0xa0
[ 67.039892][ T5232] ? btrfs_sync_fs+0x135/0x6c0
[ 67.044651][ T5232] ? read_lock_is_recursive+0x20/0x20
[ 67.050035][ T5232] btrfs_run_delayed_refs+0x140/0x480
[ 67.055429][ T5232] btrfs_commit_transaction+0x495/0x2ff0
[ 67.061079][ T5232] ? read_lock_is_recursive+0x20/0x20
[ 67.066446][ T5232] ? __lock_acquire+0x7f70/0x7f70
[ 67.071577][ T5232] ? do_raw_spin_unlock+0x13b/0x8b0
[ 67.076808][ T5232] ? btrfs_commit_transaction_async+0x450/0x450
[ 67.083047][ T5232] ? join_transaction+0xbdc/0xe00
[ 67.088083][ T5232] ? btrfs_record_root_in_trans+0x92/0x180
[ 67.093893][ T5232] ? start_transaction+0x3de/0x1080
[ 67.099198][ T5232] ? btrfs_attach_transaction_barrier+0x34/0xa0
[ 67.105447][ T5232] ? btrfs_sync_fs+0x1be/0x6c0
[ 67.110235][ T5232] iterate_supers+0x12b/0x1e0
[ 67.114923][ T5232] ? sync_inodes_one_sb+0x70/0x70
[ 67.119952][ T5232] ksys_sync+0xdb/0x1c0
[ 67.124186][ T5232] ? sync_filesystem+0x220/0x220
[ 67.129144][ T5232] ? syscall_enter_from_user_mode+0x32/0x230
[ 67.135152][ T5232] ? syscall_enter_from_user_mode+0x8c/0x230
[ 67.141137][ T5232] __do_sys_sync+0xe/0x20
[ 67.145466][ T5232] do_syscall_64+0x41/0xc0
[ 67.149911][ T5232] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 67.156001][ T5232] RIP: 0033:0x7efc00437169
[ 67.160416][ T5232] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 67.180034][ T5232] RSP: 002b:00007ffea6a3b428 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
[ 67.188481][ T5232] RAX: ffffffffffffffda RBX: 00007ffea6a3b450 RCX: 00007efc00437169
[pid 5232] sync() = 0
[pid 5232] exit_group(0) = ?
[pid 5232] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5232, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=21 /* 0.21 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555fe06f0 /* 4 entries */, 32768) = 104
[ 67.196467][ T5232] RDX: 00007efc00436230 RSI: 00007ffea6a3b450 RDI: 00007ffea6a3b450
[ 67.204458][ T5232] RBP: 0000000000000001 R08: 00007ffea6a3b1c7 R09: 0000000000000080
[ 67.212438][ T5232] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffea6a3b480
[ 67.220404][ T5232] R13: 00007ffea6a3b4c0 R14: 0000000001000000 R15: 0000000000000003
[ 67.228378][ T5232]
umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555fe8730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555fe8730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./12/bus") = 0
umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./12/binderfs") = 0
getdents64(3, 0x555555fe06f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./12") = 0
mkdir("./13", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555fdf650) = 5249
./strace-static-x86_64: Process 5249 attached
[pid 5249] set_robust_list(0x555555fdf660, 24) = 0
[pid 5249] chdir("./13") = 0
[pid 5249] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5249] setpgid(0, 0) = 0
[pid 5249] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5249] write(3, "1000", 4) = 4
[pid 5249] close(3) = 0
[pid 5249] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5249] memfd_create("syzkaller", 0) = 3
[pid 5249] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efbf7ff8000
[pid 5249] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5249] munmap(0x7efbf7ff8000, 16777216) = 0
[pid 5249] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5249] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5249] close(3) = 0
[pid 5249] mkdir("./bus", 0777) = 0
[ 67.514095][ T5249] loop0: detected capacity change from 0 to 32768
[ 67.524239][ T5249] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor198 (5249)
[ 67.542029][ T5249] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 67.551125][ T5249] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 67.562185][ T5249] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 67.573421][ T5249] BTRFS warning (device loop0): excessive commit interval 622039222
[ 67.582024][ T5249] BTRFS info (device loop0): force zlib compression, level 3
[ 67.589755][ T5249] BTRFS info (device loop0): using free space tree
[pid 5249] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "user_subvol_rm_allowed,noinode_cache,inode_cache,commit=0x00000000251390b6,compress-force,noacl,tree"...) = 0
[pid 5249] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5249] chdir("./bus") = 0
[pid 5249] ioctl(4, LOOP_CLR_FD) = 0
[pid 5249] close(4) = 0
[pid 5249] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid 5249] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5249] write(5, "5", 1) = 1
[pid 5249] sync() = 0
[pid 5249] exit_group(0) = ?
[pid 5249] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5249, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=23 /* 0.23 s */} ---
umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555fe06f0 /* 4 entries */, 32768) = 104
[ 67.607735][ T5249] BTRFS info (device loop0): enabling ssd optimizations
[ 67.615253][ T5249] BTRFS info (device loop0): auto enabling async discard
[ 67.635534][ T27] audit: type=1800 audit(1690592604.634:15): pid=5249 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor198" name="bus" dev="loop0" ino=263 res=0 errno=0
umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555fe8730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555fe8730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./13/bus") = 0
umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./13/binderfs") = 0
getdents64(3, 0x555555fe06f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./13") = 0
mkdir("./14", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555fdf650) = 5266
./strace-static-x86_64: Process 5266 attached
[pid 5266] set_robust_list(0x555555fdf660, 24) = 0
[pid 5266] chdir("./14") = 0
[pid 5266] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5266] setpgid(0, 0) = 0
[pid 5266] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5266] write(3, "1000", 4) = 4
[pid 5266] close(3) = 0
[pid 5266] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5266] memfd_create("syzkaller", 0) = 3
[pid 5266] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efbf7ff8000
[pid 5266] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5266] munmap(0x7efbf7ff8000, 16777216) = 0
[pid 5266] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5266] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5266] close(3) = 0
[pid 5266] mkdir("./bus", 0777) = 0
[ 67.981648][ T5266] loop0: detected capacity change from 0 to 32768
[ 67.992055][ T5266] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor198 (5266)
[ 68.007206][ T5266] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 68.016224][ T5266] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 68.027490][ T5266] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 68.038709][ T5266] BTRFS warning (device loop0): excessive commit interval 622039222
[ 68.047039][ T5266] BTRFS info (device loop0): force zlib compression, level 3
[ 68.054444][ T5266] BTRFS info (device loop0): using free space tree
[ 68.071782][ T5266] BTRFS info (device loop0): enabling ssd optimizations
[pid 5266] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "user_subvol_rm_allowed,noinode_cache,inode_cache,commit=0x00000000251390b6,compress-force,noacl,tree"...) = 0
[pid 5266] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5266] chdir("./bus") = 0
[pid 5266] ioctl(4, LOOP_CLR_FD) = 0
[pid 5266] close(4) = 0
[pid 5266] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid 5266] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5266] write(5, "5", 1) = 1
[ 68.079847][ T5266] BTRFS info (device loop0): auto enabling async discard
[ 68.097906][ T27] audit: type=1800 audit(1690592605.104:16): pid=5266 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor198" name="bus" dev="loop0" ino=263 res=0 errno=0
[ 68.123245][ T5266] FAULT_INJECTION: forcing a failure.
[ 68.123245][ T5266] name failslab, interval 1, probability 0, space 0, times 0
[ 68.136901][ T5266] CPU: 0 PID: 5266 Comm: syz-executor198 Not tainted 6.5.0-rc3-syzkaller-00225-gf837f0a3c948 #0
[ 68.147354][ T5266] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[ 68.157437][ T5266] Call Trace:
[ 68.160736][ T5266]
[ 68.163690][ T5266] dump_stack_lvl+0x1e7/0x2d0
[ 68.168397][ T5266] ? nf_tcp_handle_invalid+0x650/0x650
[ 68.173885][ T5266] ? panic+0x770/0x770
[ 68.177987][ T5266] ? __might_sleep+0xc0/0xc0
[ 68.182708][ T5266] should_fail_ex+0x3aa/0x4e0
[ 68.187421][ T5266] should_failslab+0x9/0x20
[ 68.191949][ T5266] slab_pre_alloc_hook+0x59/0x2b0
[ 68.197014][ T5266] kmem_cache_alloc+0x52/0x300
[ 68.201806][ T5266] ? alloc_extent_state+0x25/0x2e0
[ 68.206991][ T5266] alloc_extent_state+0x25/0x2e0
[ 68.211965][ T5266] __set_extent_bit+0x1c8/0x1b00
[ 68.216934][ T5266] ? __down_write_common+0x161/0x200
[ 68.222268][ T5266] ? PageUptodate+0xd9/0x290
[ 68.226912][ T5266] set_extent_bit+0x3b/0x50
[ 68.231451][ T5266] btrfs_alloc_tree_block+0xae1/0x17f0
[ 68.236956][ T5266] ? alloc_reserved_file_extent+0x5e0/0x5e0
[ 68.242887][ T5266] ? __lock_acquire+0x1345/0x7f70
[ 68.247954][ T5266] ? read_extent_buffer+0x122/0x2a0
[ 68.253179][ T5266] ? __asan_memcpy+0x40/0x70
[ 68.257907][ T5266] __btrfs_cow_block+0x465/0x1ae0
[ 68.262977][ T5266] ? btrfs_qgroup_trace_subtree_after_cow+0x1a8/0x1190
[ 68.269850][ T5266] ? btrfs_cow_block+0x780/0x780
[ 68.274787][ T5266] ? btrfs_qgroup_add_swapped_blocks+0x740/0x7f0
[ 68.281108][ T5266] ? rcu_is_watching+0x15/0xb0
[ 68.286686][ T5266] btrfs_cow_block+0x403/0x780
[ 68.291456][ T5266] btrfs_search_slot+0xbf9/0x2f80
[ 68.296472][ T5266] ? btrfs_extent_root+0x2a1/0x3b0
[ 68.301593][ T5266] ? __kasan_slab_alloc+0x66/0x70
[ 68.306617][ T5266] ? btrfs_find_item+0x5c0/0x5c0
[ 68.311572][ T5266] ? btrfs_extent_root+0x2a1/0x3b0
[ 68.316672][ T5266] ? btrfs_csum_root+0x3b0/0x3b0
[ 68.321630][ T5266] lookup_inline_extent_backref+0x3f2/0x1470
[ 68.327615][ T5266] ? insert_extent_data_ref+0xa30/0xa30
[ 68.333145][ T5266] ? __kasan_slab_alloc+0x66/0x70
[ 68.338161][ T5266] ? slab_post_alloc_hook+0x87/0x3b0
[ 68.343456][ T5266] ? rcu_is_watching+0x15/0xb0
[ 68.348244][ T5266] ? kmem_cache_alloc+0x152/0x300
[ 68.353275][ T5266] __btrfs_free_extent+0x28a/0x3250
[ 68.358478][ T5266] ? __btrfs_inc_extent_ref+0x5f0/0x5f0
[ 68.364012][ T5266] ? _raw_read_unlock+0x28/0x40
[ 68.368855][ T5266] ? do_raw_spin_unlock+0x13b/0x8b0
[ 68.374053][ T5266] __btrfs_run_delayed_refs+0xf00/0x3f90
[ 68.379723][ T5266] ? btrfs_run_delayed_refs+0x480/0x480
[ 68.385268][ T5266] ? verify_lock_unused+0x140/0x140
[ 68.390560][ T5266] ? start_transaction+0x469/0x1080
[ 68.395764][ T5266] ? btrfs_attach_transaction_barrier+0x26/0xa0
[ 68.402011][ T5266] ? btrfs_sync_fs+0x135/0x6c0
[ 68.406803][ T5266] ? read_lock_is_recursive+0x20/0x20
[ 68.412203][ T5266] btrfs_run_delayed_refs+0x140/0x480
[ 68.417592][ T5266] btrfs_commit_transaction+0x495/0x2ff0
[ 68.423248][ T5266] ? read_lock_is_recursive+0x20/0x20
[ 68.428715][ T5266] ? __lock_acquire+0x7f70/0x7f70
[ 68.433733][ T5266] ? do_raw_spin_unlock+0x13b/0x8b0
[ 68.438923][ T5266] ? btrfs_commit_transaction_async+0x450/0x450
[ 68.445157][ T5266] ? join_transaction+0xbdc/0xe00
[ 68.450172][ T5266] ? btrfs_record_root_in_trans+0x92/0x180
[ 68.455969][ T5266] ? start_transaction+0x3de/0x1080
[ 68.461179][ T5266] ? btrfs_attach_transaction_barrier+0x34/0xa0
[ 68.467433][ T5266] ? btrfs_sync_fs+0x1be/0x6c0
[ 68.472213][ T5266] iterate_supers+0x12b/0x1e0
[ 68.477080][ T5266] ? sync_inodes_one_sb+0x70/0x70
[ 68.482123][ T5266] ksys_sync+0xdb/0x1c0
[ 68.486275][ T5266] ? sync_filesystem+0x220/0x220
[ 68.491203][ T5266] ? syscall_enter_from_user_mode+0x32/0x230
[ 68.497178][ T5266] ? syscall_enter_from_user_mode+0x8c/0x230
[ 68.503151][ T5266] __do_sys_sync+0xe/0x20
[ 68.507471][ T5266] do_syscall_64+0x41/0xc0
[ 68.511900][ T5266] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 68.517782][ T5266] RIP: 0033:0x7efc00437169
[ 68.522888][ T5266] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 68.542489][ T5266] RSP: 002b:00007ffea6a3b428 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
[ 68.550917][ T5266] RAX: ffffffffffffffda RBX: 00007ffea6a3b450 RCX: 00007efc00437169
[ 68.558887][ T5266] RDX: 00007efc00436230 RSI: 00007ffea6a3b450 RDI: 00007ffea6a3b450
[ 68.566856][ T5266] RBP: 0000000000000001 R08: 00007ffea6a3b1c7 R09: 0000000000000080
[ 68.574838][ T5266] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffea6a3b480
[pid 5266] sync() = 0
[pid 5266] exit_group(0) = ?
[pid 5266] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5266, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=28 /* 0.28 s */} ---
umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555fe06f0 /* 4 entries */, 32768) = 104
[ 68.582809][ T5266] R13: 00007ffea6a3b4c0 R14: 0000000001000000 R15: 0000000000000003
[ 68.590790][ T5266]
umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555fe8730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555fe8730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./14/bus") = 0
umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./14/binderfs") = 0
getdents64(3, 0x555555fe06f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./14") = 0
mkdir("./15", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555fdf650) = 5283
./strace-static-x86_64: Process 5283 attached
[pid 5283] set_robust_list(0x555555fdf660, 24) = 0
[pid 5283] chdir("./15") = 0
[pid 5283] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5283] setpgid(0, 0) = 0
[pid 5283] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5283] write(3, "1000", 4) = 4
[pid 5283] close(3) = 0
[pid 5283] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5283] memfd_create("syzkaller", 0) = 3
[pid 5283] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efbf7ff8000
[pid 5283] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5283] munmap(0x7efbf7ff8000, 16777216) = 0
[pid 5283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5283] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5283] close(3) = 0
[pid 5283] mkdir("./bus", 0777) = 0
[ 68.869273][ T5283] loop0: detected capacity change from 0 to 32768
[ 68.880043][ T5283] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor198 (5283)
[ 68.896326][ T5283] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 68.905529][ T5283] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 68.916728][ T5283] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 68.927988][ T5283] BTRFS warning (device loop0): excessive commit interval 622039222
[ 68.936336][ T5283] BTRFS info (device loop0): force zlib compression, level 3
[ 68.943931][ T5283] BTRFS info (device loop0): using free space tree
[ 68.961086][ T5283] BTRFS info (device loop0): enabling ssd optimizations
[pid 5283] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "user_subvol_rm_allowed,noinode_cache,inode_cache,commit=0x00000000251390b6,compress-force,noacl,tree"...) = 0
[pid 5283] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5283] chdir("./bus") = 0
[pid 5283] ioctl(4, LOOP_CLR_FD) = 0
[pid 5283] close(4) = 0
[pid 5283] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid 5283] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5283] write(5, "5", 1) = 1
[ 68.968157][ T5283] BTRFS info (device loop0): auto enabling async discard
[ 68.990001][ T27] audit: type=1800 audit(1690592605.994:17): pid=5283 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor198" name="bus" dev="loop0" ino=263 res=0 errno=0
[ 69.014879][ T5283] FAULT_INJECTION: forcing a failure.
[ 69.014879][ T5283] name failslab, interval 1, probability 0, space 0, times 0
[ 69.028622][ T5283] CPU: 0 PID: 5283 Comm: syz-executor198 Not tainted 6.5.0-rc3-syzkaller-00225-gf837f0a3c948 #0
[ 69.039092][ T5283] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[ 69.049161][ T5283] Call Trace:
[ 69.052439][ T5283]
[ 69.055975][ T5283] dump_stack_lvl+0x1e7/0x2d0
[ 69.060656][ T5283] ? nf_tcp_handle_invalid+0x650/0x650
[ 69.066112][ T5283] ? panic+0x770/0x770
[ 69.070180][ T5283] ? __might_sleep+0xc0/0xc0
[ 69.074773][ T5283] should_fail_ex+0x3aa/0x4e0
[ 69.079539][ T5283] should_failslab+0x9/0x20
[ 69.084034][ T5283] slab_pre_alloc_hook+0x59/0x2b0
[ 69.089149][ T5283] kmem_cache_alloc+0x52/0x300
[ 69.093912][ T5283] ? alloc_extent_state+0x25/0x2e0
[ 69.099030][ T5283] alloc_extent_state+0x25/0x2e0
[ 69.103967][ T5283] __set_extent_bit+0x1c8/0x1b00
[ 69.108901][ T5283] ? __down_write_common+0x161/0x200
[ 69.114198][ T5283] ? PageUptodate+0xd9/0x290
[ 69.118966][ T5283] set_extent_bit+0x3b/0x50
[ 69.123479][ T5283] btrfs_alloc_tree_block+0xae1/0x17f0
[ 69.128946][ T5283] ? alloc_reserved_file_extent+0x5e0/0x5e0
[ 69.134836][ T5283] ? release_firmware_map_entry+0x190/0x190
[ 69.140735][ T5283] ? read_extent_buffer+0x122/0x2a0
[ 69.145949][ T5283] ? __asan_memcpy+0x40/0x70
[ 69.150566][ T5283] __btrfs_cow_block+0x465/0x1ae0
[ 69.155612][ T5283] ? btrfs_qgroup_trace_subtree_after_cow+0x1a8/0x1190
[ 69.162488][ T5283] ? btrfs_cow_block+0x780/0x780
[ 69.167426][ T5283] ? btrfs_qgroup_add_swapped_blocks+0x740/0x7f0
[ 69.173792][ T5283] ? rcu_is_watching+0x15/0xb0
[ 69.178656][ T5283] btrfs_cow_block+0x403/0x780
[ 69.183468][ T5283] btrfs_search_slot+0xbf9/0x2f80
[ 69.188500][ T5283] ? btrfs_extent_root+0x2a1/0x3b0
[ 69.193969][ T5283] ? __kasan_slab_alloc+0x66/0x70
[ 69.198994][ T5283] ? btrfs_find_item+0x5c0/0x5c0
[ 69.203940][ T5283] ? btrfs_extent_root+0x2a1/0x3b0
[ 69.209045][ T5283] ? btrfs_csum_root+0x3b0/0x3b0
[ 69.214424][ T5283] lookup_inline_extent_backref+0x3f2/0x1470
[ 69.220426][ T5283] ? insert_extent_data_ref+0xa30/0xa30
[ 69.225964][ T5283] ? __kasan_slab_alloc+0x66/0x70
[ 69.230979][ T5283] ? slab_post_alloc_hook+0x87/0x3b0
[ 69.236352][ T5283] ? rcu_is_watching+0x15/0xb0
[ 69.241139][ T5283] ? kmem_cache_alloc+0x152/0x300
[ 69.246171][ T5283] __btrfs_free_extent+0x28a/0x3250
[ 69.251390][ T5283] ? __btrfs_inc_extent_ref+0x5f0/0x5f0
[ 69.256927][ T5283] ? _raw_read_unlock+0x28/0x40
[ 69.261779][ T5283] ? do_raw_spin_unlock+0x13b/0x8b0
[ 69.266979][ T5283] __btrfs_run_delayed_refs+0xf00/0x3f90
[ 69.272752][ T5283] ? btrfs_run_delayed_refs+0x480/0x480
[ 69.278293][ T5283] ? verify_lock_unused+0x140/0x140
[ 69.283492][ T5283] ? start_transaction+0x469/0x1080
[ 69.288680][ T5283] ? btrfs_attach_transaction_barrier+0x26/0xa0
[ 69.294923][ T5283] ? btrfs_sync_fs+0x135/0x6c0
[ 69.299888][ T5283] ? read_lock_is_recursive+0x20/0x20
[ 69.305312][ T5283] btrfs_run_delayed_refs+0x140/0x480
[ 69.310885][ T5283] btrfs_commit_transaction+0x495/0x2ff0
[ 69.316525][ T5283] ? read_lock_is_recursive+0x20/0x20
[ 69.321894][ T5283] ? __lock_acquire+0x7f70/0x7f70
[ 69.326920][ T5283] ? do_raw_spin_unlock+0x13b/0x8b0
[ 69.332314][ T5283] ? btrfs_commit_transaction_async+0x450/0x450
[ 69.338551][ T5283] ? join_transaction+0xbdc/0xe00
[ 69.343573][ T5283] ? btrfs_record_root_in_trans+0x92/0x180
[ 69.349379][ T5283] ? start_transaction+0x3de/0x1080
[ 69.354582][ T5283] ? btrfs_attach_transaction_barrier+0x34/0xa0
[ 69.360818][ T5283] ? btrfs_sync_fs+0x1be/0x6c0
[ 69.365580][ T5283] iterate_supers+0x12b/0x1e0
[ 69.370264][ T5283] ? sync_inodes_one_sb+0x70/0x70
[ 69.375285][ T5283] ksys_sync+0xdb/0x1c0
[ 69.379432][ T5283] ? sync_filesystem+0x220/0x220
[ 69.384361][ T5283] ? syscall_enter_from_user_mode+0x32/0x230
[ 69.390340][ T5283] ? syscall_enter_from_user_mode+0x8c/0x230
[ 69.396327][ T5283] __do_sys_sync+0xe/0x20
[ 69.400736][ T5283] do_syscall_64+0x41/0xc0
[ 69.405143][ T5283] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 69.411034][ T5283] RIP: 0033:0x7efc00437169
[ 69.415528][ T5283] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 69.435142][ T5283] RSP: 002b:00007ffea6a3b428 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
[ 69.443565][ T5283] RAX: ffffffffffffffda RBX: 00007ffea6a3b450 RCX: 00007efc00437169
[ 69.451537][ T5283] RDX: 00007efc00436230 RSI: 00007ffea6a3b450 RDI: 00007ffea6a3b450
[ 69.459592][ T5283] RBP: 0000000000000001 R08: 00007ffea6a3b1c7 R09: 0000000000000080
[pid 5283] sync() = 0
[pid 5283] exit_group(0) = ?
[pid 5283] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5283, si_uid=0, si_status=0, si_utime=0, si_stime=24 /* 0.24 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555fe06f0 /* 4 entries */, 32768) = 104
[ 69.467554][ T5283] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffea6a3b480
[ 69.475540][ T5283] R13: 00007ffea6a3b4c0 R14: 0000000001000000 R15: 0000000000000003
[ 69.483517][ T5283]
umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./15/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555fe8730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555fe8730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./15/bus") = 0
umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./15/binderfs") = 0
getdents64(3, 0x555555fe06f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./15") = 0
mkdir("./16", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555fdf650) = 5300
./strace-static-x86_64: Process 5300 attached
[pid 5300] set_robust_list(0x555555fdf660, 24) = 0
[pid 5300] chdir("./16") = 0
[pid 5300] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5300] setpgid(0, 0) = 0
[pid 5300] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5300] write(3, "1000", 4) = 4
[pid 5300] close(3) = 0
[pid 5300] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5300] memfd_create("syzkaller", 0) = 3
[pid 5300] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efbf7ff8000
[pid 5300] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5300] munmap(0x7efbf7ff8000, 16777216) = 0
[pid 5300] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5300] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5300] close(3) = 0
[pid 5300] mkdir("./bus", 0777) = 0
[ 69.812793][ T5300] loop0: detected capacity change from 0 to 32768
[ 69.823350][ T5300] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor198 (5300)
[ 69.840032][ T5300] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 69.849081][ T5300] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 69.860223][ T5300] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 69.871263][ T5300] BTRFS warning (device loop0): excessive commit interval 622039222
[ 69.879515][ T5300] BTRFS info (device loop0): force zlib compression, level 3
[ 69.887113][ T5300] BTRFS info (device loop0): using free space tree
[ 69.904879][ T5300] BTRFS info (device loop0): enabling ssd optimizations
[pid 5300] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "user_subvol_rm_allowed,noinode_cache,inode_cache,commit=0x00000000251390b6,compress-force,noacl,tree"...) = 0
[pid 5300] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5300] chdir("./bus") = 0
[pid 5300] ioctl(4, LOOP_CLR_FD) = 0
[pid 5300] close(4) = 0
[ 69.912216][ T5300] BTRFS info (device loop0): auto enabling async discard
[ 69.943267][ T27] audit: type=1800 audit(1690592606.944:18): pid=5300 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor198" name="bus" dev="loop0" ino=263 res=0 errno=0
[pid 5300] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid 5300] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5300] write(5, "5", 1) = 1
[ 69.972481][ T5300] FAULT_INJECTION: forcing a failure.
[ 69.972481][ T5300] name failslab, interval 1, probability 0, space 0, times 0
[ 69.987442][ T5300] CPU: 1 PID: 5300 Comm: syz-executor198 Not tainted 6.5.0-rc3-syzkaller-00225-gf837f0a3c948 #0
[ 69.997989][ T5300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[ 70.008071][ T5300] Call Trace:
[ 70.011406][ T5300]
[ 70.014357][ T5300] dump_stack_lvl+0x1e7/0x2d0
[ 70.019153][ T5300] ? nf_tcp_handle_invalid+0x650/0x650
[ 70.024645][ T5300] ? panic+0x770/0x770
[ 70.028744][ T5300] ? __might_sleep+0xc0/0xc0
[ 70.033370][ T5300] should_fail_ex+0x3aa/0x4e0
[ 70.038075][ T5300] should_failslab+0x9/0x20
[ 70.042597][ T5300] slab_pre_alloc_hook+0x59/0x2b0
[ 70.047714][ T5300] kmem_cache_alloc+0x52/0x300
[ 70.052508][ T5300] ? alloc_extent_state+0x25/0x2e0
[ 70.057668][ T5300] alloc_extent_state+0x25/0x2e0
[ 70.062727][ T5300] __set_extent_bit+0x1c8/0x1b00
[ 70.067699][ T5300] ? __down_write_common+0x161/0x200
[ 70.073022][ T5300] ? PageUptodate+0xd9/0x290
[ 70.077656][ T5300] set_extent_bit+0x3b/0x50
[ 70.082280][ T5300] btrfs_alloc_tree_block+0xae1/0x17f0
[ 70.087789][ T5300] ? alloc_reserved_file_extent+0x5e0/0x5e0
[ 70.093703][ T5300] ? __lock_acquire+0x1345/0x7f70
[ 70.098735][ T5300] ? read_extent_buffer+0x122/0x2a0
[ 70.103936][ T5300] ? __asan_memcpy+0x40/0x70
[ 70.108527][ T5300] __btrfs_cow_block+0x465/0x1ae0
[ 70.113558][ T5300] ? btrfs_qgroup_trace_subtree_after_cow+0x1a8/0x1190
[ 70.120413][ T5300] ? btrfs_cow_block+0x780/0x780
[ 70.125357][ T5300] ? btrfs_qgroup_add_swapped_blocks+0x740/0x7f0
[ 70.131683][ T5300] ? rcu_is_watching+0x15/0xb0
[ 70.136441][ T5300] btrfs_cow_block+0x403/0x780
[ 70.141218][ T5300] btrfs_search_slot+0xbf9/0x2f80
[ 70.146270][ T5300] ? btrfs_extent_root+0x2a1/0x3b0
[ 70.151387][ T5300] ? __kasan_slab_alloc+0x66/0x70
[ 70.156411][ T5300] ? btrfs_find_item+0x5c0/0x5c0
[ 70.161341][ T5300] ? btrfs_extent_root+0x2a1/0x3b0
[ 70.166446][ T5300] ? btrfs_csum_root+0x3b0/0x3b0
[ 70.171389][ T5300] lookup_inline_extent_backref+0x3f2/0x1470
[ 70.177383][ T5300] ? insert_extent_data_ref+0xa30/0xa30
[ 70.182926][ T5300] ? __kasan_slab_alloc+0x66/0x70
[ 70.187945][ T5300] ? slab_post_alloc_hook+0x87/0x3b0
[ 70.193230][ T5300] ? rcu_is_watching+0x15/0xb0
[ 70.197986][ T5300] ? kmem_cache_alloc+0x152/0x300
[ 70.203014][ T5300] __btrfs_free_extent+0x28a/0x3250
[ 70.208224][ T5300] ? __btrfs_inc_extent_ref+0x5f0/0x5f0
[ 70.213764][ T5300] ? _raw_read_unlock+0x28/0x40
[ 70.218619][ T5300] ? do_raw_spin_unlock+0x13b/0x8b0
[ 70.223818][ T5300] __btrfs_run_delayed_refs+0xf00/0x3f90
[ 70.229578][ T5300] ? btrfs_run_delayed_refs+0x480/0x480
[ 70.235218][ T5300] ? verify_lock_unused+0x140/0x140
[ 70.240473][ T5300] ? start_transaction+0x469/0x1080
[ 70.245667][ T5300] ? btrfs_attach_transaction_barrier+0x26/0xa0
[ 70.251907][ T5300] ? btrfs_sync_fs+0x135/0x6c0
[ 70.256669][ T5300] ? read_lock_is_recursive+0x20/0x20
[ 70.262048][ T5300] btrfs_run_delayed_refs+0x140/0x480
[ 70.267426][ T5300] btrfs_commit_transaction+0x495/0x2ff0
[ 70.273058][ T5300] ? read_lock_is_recursive+0x20/0x20
[ 70.278424][ T5300] ? __lock_acquire+0x7f70/0x7f70
[ 70.283450][ T5300] ? do_raw_spin_unlock+0x13b/0x8b0
[ 70.288650][ T5300] ? btrfs_commit_transaction_async+0x450/0x450
[ 70.294885][ T5300] ? join_transaction+0xbdc/0xe00
[ 70.299993][ T5300] ? btrfs_record_root_in_trans+0x92/0x180
[ 70.305798][ T5300] ? start_transaction+0x3de/0x1080
[ 70.311001][ T5300] ? btrfs_attach_transaction_barrier+0x34/0xa0
[ 70.317236][ T5300] ? btrfs_sync_fs+0x1be/0x6c0
[ 70.322014][ T5300] iterate_supers+0x12b/0x1e0
[ 70.326686][ T5300] ? sync_inodes_one_sb+0x70/0x70
[ 70.331712][ T5300] ksys_sync+0xdb/0x1c0
[ 70.335860][ T5300] ? sync_filesystem+0x220/0x220
[ 70.340814][ T5300] ? syscall_enter_from_user_mode+0x32/0x230
[ 70.346828][ T5300] ? syscall_enter_from_user_mode+0x8c/0x230
[ 70.353426][ T5300] __do_sys_sync+0xe/0x20
[ 70.357775][ T5300] do_syscall_64+0x41/0xc0
[ 70.362192][ T5300] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 70.368095][ T5300] RIP: 0033:0x7efc00437169
[ 70.372540][ T5300] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 70.392169][ T5300] RSP: 002b:00007ffea6a3b428 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
[ 70.400683][ T5300] RAX: ffffffffffffffda RBX: 00007ffea6a3b450 RCX: 00007efc00437169
[ 70.408826][ T5300] RDX: 00007efc00436230 RSI: 00007ffea6a3b450 RDI: 00007ffea6a3b450
[ 70.416808][ T5300] RBP: 0000000000000001 R08: 00007ffea6a3b1c7 R09: 0000000000000080
[pid 5300] sync() = 0
[pid 5300] exit_group(0) = ?
[pid 5300] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5300, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=23 /* 0.23 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555fe06f0 /* 4 entries */, 32768) = 104
[ 70.424783][ T5300] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffea6a3b480
[ 70.432765][ T5300] R13: 00007ffea6a3b4c0 R14: 0000000001000000 R15: 0000000000000003
[ 70.440789][ T5300]
umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./16/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555fe8730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555fe8730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./16/bus") = 0
umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./16/binderfs") = 0
getdents64(3, 0x555555fe06f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./16") = 0
mkdir("./17", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555fdf650) = 5317
./strace-static-x86_64: Process 5317 attached
[pid 5317] set_robust_list(0x555555fdf660, 24) = 0
[pid 5317] chdir("./17") = 0
[pid 5317] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5317] setpgid(0, 0) = 0
[pid 5317] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5317] write(3, "1000", 4) = 4
[pid 5317] close(3) = 0
[pid 5317] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5317] memfd_create("syzkaller", 0) = 3
[pid 5317] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efbf7ff8000
[pid 5317] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5317] munmap(0x7efbf7ff8000, 16777216) = 0
[pid 5317] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5317] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5317] close(3) = 0
[pid 5317] mkdir("./bus", 0777) = 0
[ 70.737284][ T5317] loop0: detected capacity change from 0 to 32768
[ 70.747728][ T5317] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor198 (5317)
[ 70.765459][ T5317] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 70.774249][ T5317] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 70.785082][ T5317] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 70.795904][ T5317] BTRFS warning (device loop0): excessive commit interval 622039222
[ 70.803902][ T5317] BTRFS info (device loop0): force zlib compression, level 3
[ 70.811335][ T5317] BTRFS info (device loop0): using free space tree
[ 70.828712][ T5317] BTRFS info (device loop0): enabling ssd optimizations
[pid 5317] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "user_subvol_rm_allowed,noinode_cache,inode_cache,commit=0x00000000251390b6,compress-force,noacl,tree"...) = 0
[pid 5317] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5317] chdir("./bus") = 0
[pid 5317] ioctl(4, LOOP_CLR_FD) = 0
[pid 5317] close(4) = 0
[ 70.835853][ T5317] BTRFS info (device loop0): auto enabling async discard
[pid 5317] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid 5317] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5317] write(5, "5", 1) = 1
[ 70.860033][ T27] audit: type=1800 audit(1690592607.864:19): pid=5317 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor198" name="bus" dev="loop0" ino=263 res=0 errno=0
[ 70.892861][ T5317] FAULT_INJECTION: forcing a failure.
[ 70.892861][ T5317] name failslab, interval 1, probability 0, space 0, times 0
[ 70.906046][ T5317] CPU: 0 PID: 5317 Comm: syz-executor198 Not tainted 6.5.0-rc3-syzkaller-00225-gf837f0a3c948 #0
[ 70.916492][ T5317] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[ 70.926574][ T5317] Call Trace:
[ 70.929861][ T5317]
[ 70.932788][ T5317] dump_stack_lvl+0x1e7/0x2d0
[ 70.937467][ T5317] ? nf_tcp_handle_invalid+0x650/0x650
[ 70.942921][ T5317] ? panic+0x770/0x770
[ 70.946994][ T5317] ? __might_sleep+0xc0/0xc0
[ 70.951672][ T5317] should_fail_ex+0x3aa/0x4e0
[ 70.956345][ T5317] should_failslab+0x9/0x20
[ 70.960969][ T5317] slab_pre_alloc_hook+0x59/0x2b0
[ 70.965993][ T5317] kmem_cache_alloc+0x52/0x300
[ 70.970751][ T5317] ? btrfs_alloc_tree_block+0xb9c/0x17f0
[ 70.976374][ T5317] ? set_extent_bit+0x3b/0x50
[ 70.981148][ T5317] btrfs_alloc_tree_block+0xb9c/0x17f0
[ 70.986640][ T5317] ? alloc_reserved_file_extent+0x5e0/0x5e0
[ 70.992614][ T5317] ? __lock_acquire+0x1345/0x7f70
[ 70.997659][ T5317] ? read_extent_buffer+0x122/0x2a0
[ 71.002878][ T5317] ? __asan_memcpy+0x40/0x70
[ 71.007492][ T5317] __btrfs_cow_block+0x465/0x1ae0
[ 71.012570][ T5317] ? btrfs_qgroup_trace_subtree_after_cow+0x1a8/0x1190
[ 71.019450][ T5317] ? btrfs_cow_block+0x780/0x780
[ 71.024395][ T5317] ? btrfs_qgroup_add_swapped_blocks+0x740/0x7f0
[ 71.030740][ T5317] ? rcu_is_watching+0x15/0xb0
[ 71.035501][ T5317] btrfs_cow_block+0x403/0x780
[ 71.040275][ T5317] btrfs_search_slot+0xbf9/0x2f80
[ 71.045295][ T5317] ? btrfs_extent_root+0x2a1/0x3b0
[ 71.050418][ T5317] ? __kasan_slab_alloc+0x66/0x70
[ 71.055444][ T5317] ? btrfs_find_item+0x5c0/0x5c0
[ 71.060377][ T5317] ? btrfs_extent_root+0x2a1/0x3b0
[ 71.065486][ T5317] ? btrfs_csum_root+0x3b0/0x3b0
[ 71.070431][ T5317] lookup_inline_extent_backref+0x3f2/0x1470
[ 71.076508][ T5317] ? insert_extent_data_ref+0xa30/0xa30
[ 71.082046][ T5317] ? __kasan_slab_alloc+0x66/0x70
[ 71.087087][ T5317] ? slab_post_alloc_hook+0x87/0x3b0
[ 71.092413][ T5317] ? rcu_is_watching+0x15/0xb0
[ 71.097192][ T5317] ? kmem_cache_alloc+0x152/0x300
[ 71.102226][ T5317] __btrfs_free_extent+0x28a/0x3250
[ 71.107447][ T5317] ? __btrfs_inc_extent_ref+0x5f0/0x5f0
[ 71.113058][ T5317] ? _raw_read_unlock+0x28/0x40
[ 71.117911][ T5317] ? do_raw_spin_unlock+0x13b/0x8b0
[ 71.123112][ T5317] __btrfs_run_delayed_refs+0xf00/0x3f90
[ 71.128781][ T5317] ? btrfs_run_delayed_refs+0x480/0x480
[ 71.134353][ T5317] ? verify_lock_unused+0x140/0x140
[ 71.139582][ T5317] ? start_transaction+0x469/0x1080
[ 71.144785][ T5317] ? btrfs_attach_transaction_barrier+0x26/0xa0
[ 71.151024][ T5317] ? btrfs_sync_fs+0x135/0x6c0
[ 71.155789][ T5317] ? read_lock_is_recursive+0x20/0x20
[ 71.161169][ T5317] btrfs_run_delayed_refs+0x140/0x480
[ 71.166722][ T5317] btrfs_commit_transaction+0x495/0x2ff0
[ 71.172390][ T5317] ? read_lock_is_recursive+0x20/0x20
[ 71.177868][ T5317] ? __lock_acquire+0x7f70/0x7f70
[ 71.182910][ T5317] ? do_raw_spin_unlock+0x13b/0x8b0
[ 71.188114][ T5317] ? btrfs_commit_transaction_async+0x450/0x450
[ 71.194357][ T5317] ? join_transaction+0xbdc/0xe00
[ 71.199385][ T5317] ? btrfs_record_root_in_trans+0x92/0x180
[ 71.205220][ T5317] ? start_transaction+0x3de/0x1080
[ 71.210428][ T5317] ? btrfs_attach_transaction_barrier+0x34/0xa0
[ 71.216933][ T5317] ? btrfs_sync_fs+0x1be/0x6c0
[ 71.221695][ T5317] iterate_supers+0x12b/0x1e0
[ 71.226388][ T5317] ? sync_inodes_one_sb+0x70/0x70
[ 71.231529][ T5317] ksys_sync+0xdb/0x1c0
[ 71.235702][ T5317] ? sync_filesystem+0x220/0x220
[ 71.240651][ T5317] ? syscall_enter_from_user_mode+0x32/0x230
[ 71.246640][ T5317] ? syscall_enter_from_user_mode+0x8c/0x230
[ 71.252617][ T5317] __do_sys_sync+0xe/0x20
[ 71.256940][ T5317] do_syscall_64+0x41/0xc0
[ 71.261420][ T5317] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 71.267345][ T5317] RIP: 0033:0x7efc00437169
[ 71.271756][ T5317] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 71.291385][ T5317] RSP: 002b:00007ffea6a3b428 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
[ 71.300435][ T5317] RAX: ffffffffffffffda RBX: 00007ffea6a3b450 RCX: 00007efc00437169
[ 71.308428][ T5317] RDX: 00007efc00436230 RSI: 00007ffea6a3b450 RDI: 00007ffea6a3b450
[ 71.316405][ T5317] RBP: 0000000000000001 R08: 00007ffea6a3b1c7 R09: 0000000000000080
[ 71.324375][ T5317] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffea6a3b480
[ 71.332377][ T5317] R13: 00007ffea6a3b4c0 R14: 0000000001000000 R15: 0000000000000003
[ 71.340362][ T5317]
[ 71.347495][ T5317] BTRFS: error (device loop0: state A) in __btrfs_free_extent:3055: errno=-12 Out of memory
[pid 5317] sync() = 0
[pid 5317] exit_group(0) = ?
[pid 5317] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5317, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=24 /* 0.24 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555fe06f0 /* 4 entries */, 32768) = 104
[ 71.369363][ T5317] BTRFS info (device loop0: state EA): forced readonly
[ 71.376594][ T5317] BTRFS error (device loop0: state EA): failed to run delayed ref for logical 5255168 num_bytes 4096 type 176 action 2 ref_mod 1: -12
[ 71.391110][ T5317] BTRFS: error (device loop0: state EA) in btrfs_run_delayed_refs:2123: errno=-12 Out of memory
[ 71.443939][ T5013] ------------[ cut here ]------------
[ 71.449858][ T5013] WARNING: CPU: 1 PID: 5013 at fs/btrfs/space-info.h:198 btrfs_space_info_update_bytes_may_use+0x29f/0x600
[ 71.461676][ T5013] Modules linked in:
[ 71.466407][ T5013] CPU: 1 PID: 5013 Comm: syz-executor198 Not tainted 6.5.0-rc3-syzkaller-00225-gf837f0a3c948 #0
[ 71.477099][ T5013] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[ 71.487556][ T5013] RIP: 0010:btrfs_space_info_update_bytes_may_use+0x29f/0x600
[ 71.495101][ T5013] Code: 25 00 00 74 08 4c 89 ff e8 ae c7 36 fe 49 8b 1f 48 89 df 48 8b 6c 24 20 48 89 ee e8 8b 03 de fd 48 39 eb 73 14 e8 71 01 de fd <0f> 0b 45 31 f6 43 80 7c 25 00 00 75 ac eb b2 e8 5d 01 de fd 43 80
[ 71.514906][ T5013] RSP: 0018:ffffc90003a0f928 EFLAGS: 00010293
[ 71.521059][ T5013] RAX: ffffffff83ae149f RBX: 000000000015f000 RCX: ffff888020b68000
[ 71.529088][ T5013] RDX: 0000000000000000 RSI: 0000000000160000 RDI: 000000000015f000
[ 71.537111][ T5013] RBP: 0000000000160000 R08: ffffffff83ae1495 R09: 1ffffffff1d30bd5
[ 71.545071][ T5013] R10: dffffc0000000000 R11: fffffbfff1d30bd6 R12: dffffc0000000000
[ 71.553094][ T5013] R13: 1ffff1100f579b0c R14: ffffffffffea0000 R15: ffff88807abcd860
[ 71.561100][ T5013] FS: 0000555555fdf380(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[ 71.570085][ T5013] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 71.576715][ T5013] CR2: 00007ffea6a39b88 CR3: 000000002b58b000 CR4: 00000000003506e0
[ 71.584678][ T5013] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 71.592702][ T5013] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 71.600735][ T5013] Call Trace:
[ 71.604053][ T5013]
[ 71.607082][ T5013] ? __warn+0x162/0x4a0
[ 71.611280][ T5013] ? btrfs_space_info_update_bytes_may_use+0x29f/0x600
[ 71.618212][ T5013] ? report_bug+0x2b3/0x500
[ 71.622738][ T5013] ? btrfs_space_info_update_bytes_may_use+0x29f/0x600
[ 71.629715][ T5013] ? handle_bug+0x3d/0x70
[ 71.634069][ T5013] ? exc_invalid_op+0x1a/0x50
[ 71.638807][ T5013] ? asm_exc_invalid_op+0x1a/0x20
[ 71.643859][ T5013] ? btrfs_space_info_update_bytes_may_use+0x295/0x600
[ 71.650799][ T5013] ? btrfs_space_info_update_bytes_may_use+0x29f/0x600
[ 71.657690][ T5013] ? btrfs_space_info_update_bytes_may_use+0x29f/0x600
[ 71.664534][ T5013] ? btrfs_space_info_update_bytes_may_use+0x29f/0x600
[ 71.671612][ T5013] ? __lock_acquire+0x7f70/0x7f70
[ 71.676695][ T5013] btrfs_block_rsv_release+0x47b/0x560
[ 71.682174][ T5013] btrfs_release_global_block_rsv+0x33/0x260
[ 71.688252][ T5013] btrfs_free_block_groups+0xa35/0xe60
[ 71.694027][ T5013] close_ctree+0x72c/0xd00
[ 71.698506][ T5013] ? hook_sb_delete+0xa07/0xb30
[ 71.703368][ T5013] ? init_tree_roots+0x1db0/0x1db0
[ 71.708693][ T5013] ? hook_inode_free_security+0xb0/0xb0
[ 71.714250][ T5013] ? __fsnotify_vfsmount_delete+0x20/0x20
[ 71.720020][ T5013] ? clear_inode+0x150/0x150
[ 71.724631][ T5013] ? dput+0x403/0x420
[ 71.728670][ T5013] ? fscrypt_destroy_keyring+0x273/0x290
[ 71.734325][ T5013] ? btrfs_fill_super+0x2f0/0x2f0
[ 71.739508][ T5013] generic_shutdown_super+0x134/0x340
[ 71.744931][ T5013] kill_anon_super+0x3b/0x60
[ 71.749804][ T5013] btrfs_kill_super+0x41/0x50
[ 71.754514][ T5013] deactivate_locked_super+0xa4/0x110
[ 71.759981][ T5013] cleanup_mnt+0x426/0x4c0
[ 71.764408][ T5013] ? _raw_spin_unlock_irq+0x23/0x50
[ 71.769679][ T5013] task_work_run+0x24a/0x300
[ 71.774276][ T5013] ? dput+0x3a1/0x420
[ 71.778377][ T5013] ? task_work_cancel+0x2b0/0x2b0
[ 71.783431][ T5013] ? __x64_sys_umount+0x126/0x170
[ 71.788620][ T5013] ptrace_notify+0x2cd/0x380
[ 71.793222][ T5013] ? do_notify_parent+0xf50/0xf50
[ 71.798431][ T5013] ? user_path_at_empty+0x12f/0x180
[ 71.803647][ T5013] ? __x64_sys_umount+0x126/0x170
[ 71.808745][ T5013] ? path_umount+0xf40/0xf40
[ 71.813348][ T5013] ? syscall_enter_from_user_mode+0x32/0x230
[ 71.819379][ T5013] syscall_exit_to_user_mode+0x157/0x280
[ 71.825044][ T5013] do_syscall_64+0x4d/0xc0
[ 71.829526][ T5013] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 71.835483][ T5013] RIP: 0033:0x7efc004383c7
[ 71.839889][ T5013] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8
[ 71.859643][ T5013] RSP: 002b:00007ffea6a3a338 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[ 71.868162][ T5013] RAX: 0000000000000000 RBX: 000000000001137c RCX: 00007efc004383c7
[ 71.876196][ T5013] RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffea6a3a3f0
[ 71.884195][ T5013] RBP: 00007ffea6a3a3f0 R08: 0000000000000000 R09: 0000000000000000
[ 71.892243][ T5013] R10: 00000000ffffffff R11: 0000000000000202 R12: 00007ffea6a3b460
[ 71.900264][ T5013] R13: 0000555555fe06c0 R14: 0000000000000012 R15: 431bde82d7b634db
[ 71.908311][ T5013]
[ 71.911333][ T5013] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 71.918610][ T5013] CPU: 1 PID: 5013 Comm: syz-executor198 Not tainted 6.5.0-rc3-syzkaller-00225-gf837f0a3c948 #0
[ 71.929001][ T5013] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[ 71.939053][ T5013] Call Trace:
[ 71.942318][ T5013]
[ 71.945236][ T5013] dump_stack_lvl+0x1e7/0x2d0
[ 71.949903][ T5013] ? nf_tcp_handle_invalid+0x650/0x650
[ 71.955346][ T5013] ? panic+0x770/0x770
[ 71.959424][ T5013] ? vscnprintf+0x5d/0x80
[ 71.963739][ T5013] panic+0x30f/0x770
[ 71.967623][ T5013] ? __warn+0x171/0x4a0
[ 71.971770][ T5013] ? __memcpy_flushcache+0x2b0/0x2b0
[ 71.977077][ T5013] __warn+0x314/0x4a0
[ 71.981221][ T5013] ? btrfs_space_info_update_bytes_may_use+0x29f/0x600
[ 71.988083][ T5013] report_bug+0x2b3/0x500
[ 71.992398][ T5013] ? btrfs_space_info_update_bytes_may_use+0x29f/0x600
[ 71.999235][ T5013] handle_bug+0x3d/0x70
[ 72.003481][ T5013] exc_invalid_op+0x1a/0x50
[ 72.007982][ T5013] asm_exc_invalid_op+0x1a/0x20
[ 72.012821][ T5013] RIP: 0010:btrfs_space_info_update_bytes_may_use+0x29f/0x600
[ 72.020357][ T5013] Code: 25 00 00 74 08 4c 89 ff e8 ae c7 36 fe 49 8b 1f 48 89 df 48 8b 6c 24 20 48 89 ee e8 8b 03 de fd 48 39 eb 73 14 e8 71 01 de fd <0f> 0b 45 31 f6 43 80 7c 25 00 00 75 ac eb b2 e8 5d 01 de fd 43 80
[ 72.039955][ T5013] RSP: 0018:ffffc90003a0f928 EFLAGS: 00010293
[ 72.046024][ T5013] RAX: ffffffff83ae149f RBX: 000000000015f000 RCX: ffff888020b68000
[ 72.053987][ T5013] RDX: 0000000000000000 RSI: 0000000000160000 RDI: 000000000015f000
[ 72.062035][ T5013] RBP: 0000000000160000 R08: ffffffff83ae1495 R09: 1ffffffff1d30bd5
[ 72.069998][ T5013] R10: dffffc0000000000 R11: fffffbfff1d30bd6 R12: dffffc0000000000
[ 72.077964][ T5013] R13: 1ffff1100f579b0c R14: ffffffffffea0000 R15: ffff88807abcd860
[ 72.085930][ T5013] ? btrfs_space_info_update_bytes_may_use+0x295/0x600
[ 72.092772][ T5013] ? btrfs_space_info_update_bytes_may_use+0x29f/0x600
[ 72.099616][ T5013] ? btrfs_space_info_update_bytes_may_use+0x29f/0x600
[ 72.106454][ T5013] ? __lock_acquire+0x7f70/0x7f70
[ 72.111471][ T5013] btrfs_block_rsv_release+0x47b/0x560
[ 72.116930][ T5013] btrfs_release_global_block_rsv+0x33/0x260
[ 72.122929][ T5013] btrfs_free_block_groups+0xa35/0xe60
[ 72.128385][ T5013] close_ctree+0x72c/0xd00
[ 72.132801][ T5013] ? hook_sb_delete+0xa07/0xb30
[ 72.137728][ T5013] ? init_tree_roots+0x1db0/0x1db0
[ 72.142834][ T5013] ? hook_inode_free_security+0xb0/0xb0
[ 72.148805][ T5013] ? __fsnotify_vfsmount_delete+0x20/0x20
[ 72.154524][ T5013] ? clear_inode+0x150/0x150
[ 72.159106][ T5013] ? dput+0x403/0x420
[ 72.163075][ T5013] ? fscrypt_destroy_keyring+0x273/0x290
[ 72.168701][ T5013] ? btrfs_fill_super+0x2f0/0x2f0
[ 72.173720][ T5013] generic_shutdown_super+0x134/0x340
[ 72.179172][ T5013] kill_anon_super+0x3b/0x60
[ 72.183755][ T5013] btrfs_kill_super+0x41/0x50
[ 72.188427][ T5013] deactivate_locked_super+0xa4/0x110
[ 72.193787][ T5013] cleanup_mnt+0x426/0x4c0
[ 72.198197][ T5013] ? _raw_spin_unlock_irq+0x23/0x50
[ 72.203394][ T5013] task_work_run+0x24a/0x300
[ 72.207979][ T5013] ? dput+0x3a1/0x420
[ 72.211952][ T5013] ? task_work_cancel+0x2b0/0x2b0
[ 72.216976][ T5013] ? __x64_sys_umount+0x126/0x170
[ 72.221997][ T5013] ptrace_notify+0x2cd/0x380
[ 72.226581][ T5013] ? do_notify_parent+0xf50/0xf50
[ 72.231615][ T5013] ? user_path_at_empty+0x12f/0x180
[ 72.236805][ T5013] ? __x64_sys_umount+0x126/0x170
[ 72.241824][ T5013] ? path_umount+0xf40/0xf40
[ 72.246501][ T5013] ? syscall_enter_from_user_mode+0x32/0x230
[ 72.252482][ T5013] syscall_exit_to_user_mode+0x157/0x280
[ 72.258115][ T5013] do_syscall_64+0x4d/0xc0
[ 72.262523][ T5013] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 72.268416][ T5013] RIP: 0033:0x7efc004383c7
[ 72.272859][ T5013] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8
[ 72.292887][ T5013] RSP: 002b:00007ffea6a3a338 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[ 72.301383][ T5013] RAX: 0000000000000000 RBX: 000000000001137c RCX: 00007efc004383c7
[ 72.309435][ T5013] RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffea6a3a3f0
[ 72.317568][ T5013] RBP: 00007ffea6a3a3f0 R08: 0000000000000000 R09: 0000000000000000
[ 72.325528][ T5013] R10: 00000000ffffffff R11: 0000000000000202 R12: 00007ffea6a3b460
[ 72.333495][ T5013] R13: 0000555555fe06c0 R14: 0000000000000012 R15: 431bde82d7b634db
[ 72.341469][ T5013]
[ 72.344689][ T5013] Kernel Offset: disabled
[ 72.349113][ T5013] Rebooting in 86400 seconds..
umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW