./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3178163050

<...>
Warning: Permanently added '10.128.1.40' (ED25519) to the list of known hosts.
execve("./syz-executor3178163050", ["./syz-executor3178163050"], 0x7ffdd99da710 /* 10 vars */) = 0
brk(NULL)                               = 0x555556af9000
brk(0x555556af9d00)                     = 0x555556af9d00
arch_prctl(ARCH_SET_FS, 0x555556af9380) = 0
set_tid_address(0x555556af9650)         = 5059
set_robust_list(0x555556af9660, 24)     = 0
rseq(0x555556af9ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor3178163050", 4096) = 28
getrandom("\xbe\xdb\xd1\xa6\x09\xe2\x69\xf4", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x555556af9d00
brk(0x555556b1ad00)                     = 0x555556b1ad00
brk(0x555556b1b000)                     = 0x555556b1b000
mprotect(0x7f5cec81f000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
[   76.345311][   T27] audit: type=1400 audit(1700831998.415:83): avc:  denied  { execmem } for  pid=5059 comm="syz-executor317" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
mkdir("./syzkaller.93lxDW", 0700)       = 0
chmod("./syzkaller.93lxDW", 0777)       = 0
chdir("./syzkaller.93lxDW")             = 0
mkdir("./0", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556af9650) = 5060
./strace-static-x86_64: Process 5060 attached
[pid  5060] set_robust_list(0x555556af9660, 24) = 0
[pid  5060] chdir("./0")                = 0
[pid  5060] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5060] setpgid(0, 0)               = 0
[   76.488000][   T27] audit: type=1400 audit(1700831998.555:84): avc:  denied  { read write } for  pid=5059 comm="syz-executor317" name="loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   76.512592][   T27] audit: type=1400 audit(1700831998.555:85): avc:  denied  { open } for  pid=5059 comm="syz-executor317" path="/dev/loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[pid  5060] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5060] write(3, "1000", 4)         = 4
[pid  5060] close(3)                    = 0
[pid  5060] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5060] memfd_create("syzkaller", 0) = 3
[pid  5060] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5ce4367000
[   76.536970][   T27] audit: type=1400 audit(1700831998.575:86): avc:  denied  { ioctl } for  pid=5059 comm="syz-executor317" path="/dev/loop0" dev="devtmpfs" ino=648 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[pid  5060] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  5060] munmap(0x7f5ce4367000, 138412032) = 0
[pid  5060] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5060] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5060] close(3)                    = 0
[pid  5060] mkdir("./file0", 0777)      = 0
[   76.761558][ T5060] loop0: detected capacity change from 0 to 32768
[   76.780944][   T27] audit: type=1400 audit(1700831998.855:87): avc:  denied  { mounton } for  pid=5060 comm="syz-executor317" path="/root/syzkaller.93lxDW/0/file0" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[   76.785685][ T5060] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor317 (5060)
[   76.827675][ T5060] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm
[   76.837473][ T5060] BTRFS info (device loop0): force clearing of disk cache
[   76.844750][ T5060] BTRFS info (device loop0): setting nodatasum
[   76.850998][ T5060] BTRFS info (device loop0): enabling disk space caching
[   76.858214][ T5060] BTRFS info (device loop0): disk space caching is enabled
[   76.887612][ T5060] BTRFS info (device loop0): enabling ssd optimizations
[   76.895367][ T5060] BTRFS info (device loop0): auto enabling async discard
[   76.905375][ T5060] BTRFS info (device loop0): rebuilding free space tree
[   76.932461][ T5060] BTRFS info (device loop0): disabling free space tree
[   76.939620][ T5060] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[   76.941268][   T27] audit: type=1400 audit(1700831999.015:88): avc:  denied  { append } for  pid=4491 comm="syslogd" name="messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[   76.949761][ T5060] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[   76.972881][   T27] audit: type=1400 audit(1700831999.015:89): avc:  denied  { open } for  pid=4491 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[   76.993271][ T5060] BTRFS info (device loop0): checking UUID tree
[pid  5060] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,space_cache=v1,space_cache=v1,") = 0
[pid  5060] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5060] chdir("./file0")            = 0
[pid  5060] ioctl(4, LOOP_CLR_FD)       = 0
[   77.005418][   T27] audit: type=1400 audit(1700831999.015:90): avc:  denied  { getattr } for  pid=4491 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[   77.035466][   T27] audit: type=1400 audit(1700831999.105:91): avc:  denied  { mount } for  pid=5060 comm="syz-executor317" name="/" dev="loop0" ino=256 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[pid  5060] close(4)                    = 0
[pid  5060] open("./file0", O_RDONLY)   = 4
[pid  5060] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  5060] write(5, "15", 2)           = 2
[pid  5060] ioctl(4, BTRFS_IOC_SUBVOL_CREATE_V2, {fd=-1, flags=0, name="o"} => {transid=0}) = 0
[pid  5060] exit_group(0)               = ?
[pid  5060] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5060, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=37 /* 0.37 s */} ---
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[   77.152844][ T5060] audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=64
getdents64(3, 0x555556afa6f0 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/binderfs")                  = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556b02730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556b02730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./0/file0")                      = 0
getdents64(3, 0x555556afa6f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./0")                            = 0
mkdir("./1", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5080 attached
 <unfinished ...>
[pid  5080] set_robust_list(0x555556af9660, 24) = 0
[pid  5080] chdir("./1")                = 0
[pid  5080] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5059] <... clone resumed>, child_tidptr=0x555556af9650) = 5080
[pid  5080] setpgid(0, 0)               = 0
[pid  5080] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5080] write(3, "1000", 4)         = 4
[pid  5080] close(3)                    = 0
[pid  5080] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5080] memfd_create("syzkaller", 0) = 3
[pid  5080] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5ce4367000
[pid  5080] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  5080] munmap(0x7f5ce4367000, 138412032) = 0
[pid  5080] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5080] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5080] close(3)                    = 0
[pid  5080] mkdir("./file0", 0777)      = 0
[   77.780807][ T5080] loop0: detected capacity change from 0 to 32768
[   77.795422][ T5080] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor317 (5080)
[   77.812758][ T5080] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm
[   77.822143][ T5080] BTRFS info (device loop0): force clearing of disk cache
[   77.829350][ T5080] BTRFS info (device loop0): setting nodatasum
[   77.835696][ T5080] BTRFS info (device loop0): enabling disk space caching
[   77.842848][ T5080] BTRFS info (device loop0): disk space caching is enabled
[   77.865863][ T5080] BTRFS info (device loop0): enabling ssd optimizations
[   77.873044][ T5080] BTRFS info (device loop0): auto enabling async discard
[pid  5080] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,space_cache=v1,space_cache=v1,") = 0
[pid  5080] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5080] chdir("./file0")            = 0
[pid  5080] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5080] close(4)                    = 0
[   77.881973][ T5080] BTRFS info (device loop0): rebuilding free space tree
[   77.895295][ T5080] BTRFS info (device loop0): disabling free space tree
[   77.902366][ T5080] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[   77.912205][ T5080] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[   77.925620][ T5080] BTRFS info (device loop0): checking UUID tree
[pid  5080] open("./file0", O_RDONLY)   = 4
[pid  5080] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  5080] write(5, "15", 2)           = 2
[   77.974407][ T5080] FAULT_INJECTION: forcing a failure.
[   77.974407][ T5080] name failslab, interval 1, probability 0, space 0, times 0
[   77.987964][ T5080] CPU: 0 PID: 5080 Comm: syz-executor317 Not tainted 6.7.0-rc2-syzkaller-00095-gd3fa86b1a7b4 #0
[   77.998776][ T5080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[   78.008953][ T5080] Call Trace:
[   78.012273][ T5080]  <TASK>
[   78.015228][ T5080]  dump_stack_lvl+0x125/0x1b0
[   78.019969][ T5080]  should_fail_ex+0x496/0x5b0
[   78.024716][ T5080]  should_failslab+0x9/0x20
[   78.029277][ T5080]  __kmem_cache_alloc_node+0x5f/0x460
[   78.034702][ T5080]  kmalloc_trace+0x25/0x60
[   78.039503][ T5080]  create_subvol+0x206/0x1630
[   78.044225][ T5080]  ? lockdep_hardirqs_on_prepare+0x420/0x420
[   78.050259][ T5080]  ? btrfs_ioctl_encoded_read+0x8a0/0x8a0
[   78.056038][ T5080]  ? preempt_count_sub+0x160/0x160
[   78.061289][ T5080]  ? security_inode_permission+0xd8/0x100
[   78.067056][ T5080]  ? inode_permission+0xdd/0x5e0
[   78.072091][ T5080]  btrfs_mksubvol+0xe9f/0x12c0
[   78.076894][ T5080]  ? reacquire_held_locks+0x4c0/0x4c0
[   78.082407][ T5080]  ? mnt_get_write_access+0x6a/0x300
[   78.087792][ T5080]  ? create_subvol+0x1630/0x1630
[   78.092786][ T5080]  ? mnt_get_write_access+0x20c/0x300
[   78.098187][ T5080]  __btrfs_ioctl_snap_create+0x2f7/0x4f0
[   78.103835][ T5080]  ? _copy_from_user+0xaf/0xf0
[   78.108630][ T5080]  btrfs_ioctl_snap_create_v2+0x261/0x4f0
[   78.114446][ T5080]  btrfs_ioctl+0x2c1/0x61e0
[   78.118967][ T5080]  ? btrfs_ioctl_get_supported_features+0x40/0x40
[   78.125774][ T5080]  ? __sanitizer_cov_trace_switch+0x54/0x90
[   78.131862][ T5080]  ? do_vfs_ioctl+0x379/0x1920
[   78.136728][ T5080]  ? vfs_fileattr_set+0xbf0/0xbf0
[   78.142031][ T5080]  ? ioctl_has_perm.constprop.0.isra.0+0x2f0/0x460
[   78.148632][ T5080]  ? ioctl_has_perm.constprop.0.isra.0+0x2f9/0x460
[   78.155315][ T5080]  ? selinux_bprm_creds_for_exec+0xb30/0xb30
[   78.161334][ T5080]  ? selinux_file_ioctl+0x17d/0x270
[   78.166627][ T5080]  ? selinux_file_ioctl+0xb5/0x270
[   78.171744][ T5080]  ? btrfs_ioctl_get_supported_features+0x40/0x40
[   78.178267][ T5080]  __x64_sys_ioctl+0x18f/0x210
[   78.183072][ T5080]  do_syscall_64+0x40/0x110
[   78.187591][ T5080]  entry_SYSCALL_64_after_hwframe+0x63/0x6b
[   78.193543][ T5080] RIP: 0033:0x7f5cec7a62a9
[   78.197965][ T5080] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[pid  5080] ioctl(4, BTRFS_IOC_SUBVOL_CREATE_V2, {fd=-1, flags=0, name="o"}) = -1 ENOMEM (Cannot allocate memory)
[pid  5080] exit_group(0)               = ?
[pid  5080] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5080, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=31 /* 0.31 s */} ---
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[   78.217776][ T5080] RSP: 002b:00007ffc4105f4f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   78.226297][ T5080] RAX: ffffffffffffffda RBX: 00007ffc4105f520 RCX: 00007f5cec7a62a9
[   78.234294][ T5080] RDX: 0000000020000300 RSI: 0000000050009418 RDI: 0000000000000004
[   78.242397][ T5080] RBP: 0000000000000002 R08: 00007ffc4105f296 R09: 00007ffc4105f540
[   78.250571][ T5080] R10: 0000000000000002 R11: 0000000000000246 R12: 00007ffc4105f51c
[   78.258560][ T5080] R13: 0000000000000001 R14: 431bde82d7b634db R15: 00007ffc4105f560
[   78.266543][ T5080]  </TASK>
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556afa6f0 /* 4 entries */, 32768) = 112
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/binderfs")                  = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556b02730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556b02730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./1/file0")                      = 0
getdents64(3, 0x555556afa6f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./1")                            = 0
mkdir("./2", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5098 attached
, child_tidptr=0x555556af9650) = 5098
[pid  5098] set_robust_list(0x555556af9660, 24) = 0
[pid  5098] chdir("./2")                = 0
[pid  5098] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5098] setpgid(0, 0)               = 0
[pid  5098] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5098] write(3, "1000", 4)         = 4
[pid  5098] close(3)                    = 0
[pid  5098] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5098] memfd_create("syzkaller", 0) = 3
[pid  5098] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5ce4367000
[pid  5098] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  5098] munmap(0x7f5ce4367000, 138412032) = 0
[pid  5098] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5098] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5098] close(3)                    = 0
[pid  5098] mkdir("./file0", 0777)      = 0
[   78.832372][ T5098] loop0: detected capacity change from 0 to 32768
[   78.843058][ T5098] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor317 (5098)
[   78.861879][ T5098] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm
[   78.871286][ T5098] BTRFS info (device loop0): force clearing of disk cache
[   78.878479][ T5098] BTRFS info (device loop0): setting nodatasum
[   78.885041][ T5098] BTRFS info (device loop0): enabling disk space caching
[   78.892245][ T5098] BTRFS info (device loop0): disk space caching is enabled
[   78.914727][ T5098] BTRFS info (device loop0): enabling ssd optimizations
[   78.921856][ T5098] BTRFS info (device loop0): auto enabling async discard
[pid  5098] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,space_cache=v1,space_cache=v1,") = 0
[pid  5098] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5098] chdir("./file0")            = 0
[pid  5098] ioctl(4, LOOP_CLR_FD)       = 0
[   78.930655][ T5098] BTRFS info (device loop0): rebuilding free space tree
[   78.943749][ T5098] BTRFS info (device loop0): disabling free space tree
[   78.950906][ T5098] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[   78.960931][ T5098] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[   78.974450][ T5098] BTRFS info (device loop0): checking UUID tree
[pid  5098] close(4)                    = 0
[pid  5098] open("./file0", O_RDONLY)   = 4
[pid  5098] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  5098] write(5, "15", 2)           = 2
[   79.058874][ T5098] FAULT_INJECTION: forcing a failure.
[   79.058874][ T5098] name failslab, interval 1, probability 0, space 0, times 0
[   79.073081][ T5098] CPU: 0 PID: 5098 Comm: syz-executor317 Not tainted 6.7.0-rc2-syzkaller-00095-gd3fa86b1a7b4 #0
[   79.083545][ T5098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[   79.093629][ T5098] Call Trace:
[   79.096940][ T5098]  <TASK>
[   79.100511][ T5098]  dump_stack_lvl+0x125/0x1b0
[   79.105229][ T5098]  should_fail_ex+0x496/0x5b0
[   79.110130][ T5098]  should_failslab+0x9/0x20
[   79.114754][ T5098]  kmem_cache_alloc+0x61/0x360
[   79.119569][ T5098]  alloc_extent_state+0x1b/0x2d0
[   79.124549][ T5098]  __set_extent_bit+0xb66/0x1580
[   79.129531][ T5098]  set_extent_bit+0x3b/0x50
[   79.134082][ T5098]  btrfs_alloc_tree_block+0xbbb/0x12c0
[   79.139576][ T5098]  ? mark_held_locks+0x9f/0xe0
[   79.144379][ T5098]  ? btrfs_alloc_logged_file_extent+0x640/0x640
[   79.150681][ T5098]  ? __kmem_cache_free+0x179/0x3d0
[   79.155842][ T5098]  ? __phys_addr+0xc6/0x140
[   79.160386][ T5098]  create_subvol+0x639/0x1630
[   79.165115][ T5098]  ? btrfs_ioctl_encoded_read+0x8a0/0x8a0
[   79.170890][ T5098]  ? preempt_count_sub+0x160/0x160
[   79.176037][ T5098]  ? security_inode_permission+0xd8/0x100
[   79.181798][ T5098]  ? inode_permission+0xdd/0x5e0
[   79.186775][ T5098]  btrfs_mksubvol+0xe9f/0x12c0
[   79.191579][ T5098]  ? reacquire_held_locks+0x4c0/0x4c0
[   79.196996][ T5098]  ? mnt_get_write_access+0x6a/0x300
[   79.202318][ T5098]  ? create_subvol+0x1630/0x1630
[   79.207304][ T5098]  ? mnt_get_write_access+0x20c/0x300
[   79.212744][ T5098]  __btrfs_ioctl_snap_create+0x2f7/0x4f0
[   79.218493][ T5098]  ? _copy_from_user+0xaf/0xf0
[   79.223336][ T5098]  btrfs_ioctl_snap_create_v2+0x261/0x4f0
[   79.229098][ T5098]  btrfs_ioctl+0x2c1/0x61e0
[   79.233835][ T5098]  ? btrfs_ioctl_get_supported_features+0x40/0x40
[   79.240400][ T5098]  ? __sanitizer_cov_trace_switch+0x54/0x90
[   79.246287][ T5098]  ? do_vfs_ioctl+0x379/0x1920
[   79.251051][ T5098]  ? vfs_fileattr_set+0xbf0/0xbf0
[   79.256262][ T5098]  ? ioctl_has_perm.constprop.0.isra.0+0x2f0/0x460
[   79.262901][ T5098]  ? ioctl_has_perm.constprop.0.isra.0+0x2f9/0x460
[   79.269420][ T5098]  ? selinux_bprm_creds_for_exec+0xb30/0xb30
[   79.275487][ T5098]  ? selinux_file_ioctl+0x17d/0x270
[   79.280711][ T5098]  ? selinux_file_ioctl+0xb5/0x270
[   79.285914][ T5098]  ? btrfs_ioctl_get_supported_features+0x40/0x40
[   79.292431][ T5098]  __x64_sys_ioctl+0x18f/0x210
[   79.297204][ T5098]  do_syscall_64+0x40/0x110
[   79.301799][ T5098]  entry_SYSCALL_64_after_hwframe+0x63/0x6b
[   79.307880][ T5098] RIP: 0033:0x7f5cec7a62a9
[   79.312535][ T5098] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   79.332447][ T5098] RSP: 002b:00007ffc4105f4f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   79.340942][ T5098] RAX: ffffffffffffffda RBX: 00007ffc4105f520 RCX: 00007f5cec7a62a9
[   79.349063][ T5098] RDX: 0000000020000300 RSI: 0000000050009418 RDI: 0000000000000004
[pid  5098] ioctl(4, BTRFS_IOC_SUBVOL_CREATE_V2, {fd=-1, flags=0, name="o"} => {transid=0}) = 0
[pid  5098] exit_group(0)               = ?
[pid  5098] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5098, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=30 /* 0.30 s */} ---
umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[   79.357151][ T5098] RBP: 0000000000000002 R08: 00007ffc4105f296 R09: 00007ffc4105f540
[   79.366040][ T5098] R10: 0000000000000002 R11: 0000000000000246 R12: 00007ffc4105f51c
[   79.374930][ T5098] R13: 0000000000000002 R14: 431bde82d7b634db R15: 00007ffc4105f560
[   79.383444][ T5098]  </TASK>
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556afa6f0 /* 4 entries */, 32768) = 112
umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./2/binderfs")                  = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556b02730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556b02730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./2/file0")                      = 0
getdents64(3, 0x555556afa6f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./2")                            = 0
mkdir("./3", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5116 attached
, child_tidptr=0x555556af9650) = 5116
[pid  5116] set_robust_list(0x555556af9660, 24) = 0
[pid  5116] chdir("./3")                = 0
[pid  5116] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5116] setpgid(0, 0)               = 0
[pid  5116] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5116] write(3, "1000", 4)         = 4
[pid  5116] close(3)                    = 0
[pid  5116] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5116] memfd_create("syzkaller", 0) = 3
[pid  5116] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5ce4367000
[pid  5116] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  5116] munmap(0x7f5ce4367000, 138412032) = 0
[pid  5116] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5116] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5116] close(3)                    = 0
[pid  5116] mkdir("./file0", 0777)      = 0
[   80.007220][ T5116] loop0: detected capacity change from 0 to 32768
[   80.033409][ T5116] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor317 (5116)
[   80.050883][ T5116] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm
[   80.060354][ T5116] BTRFS info (device loop0): force clearing of disk cache
[   80.067488][ T5116] BTRFS info (device loop0): setting nodatasum
[   80.074087][ T5116] BTRFS info (device loop0): enabling disk space caching
[   80.081640][ T5116] BTRFS info (device loop0): disk space caching is enabled
[   80.104820][ T5116] BTRFS info (device loop0): enabling ssd optimizations
[   80.112706][ T5116] BTRFS info (device loop0): auto enabling async discard
[   80.121349][ T5116] BTRFS info (device loop0): rebuilding free space tree
[   80.134493][ T5116] BTRFS info (device loop0): disabling free space tree
[   80.142408][ T5116] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[pid  5116] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,space_cache=v1,space_cache=v1,") = 0
[pid  5116] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5116] chdir("./file0")            = 0
[pid  5116] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5116] close(4)                    = 0
[pid  5116] open("./file0", O_RDONLY)   = 4
[   80.152248][ T5116] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[   80.166125][ T5116] BTRFS info (device loop0): checking UUID tree
[pid  5116] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  5116] write(5, "15", 2)           = 2
[pid  5116] ioctl(4, BTRFS_IOC_SUBVOL_CREATE_V2, {fd=-1, flags=0, name="o"} => {transid=0}) = 0
[pid  5116] exit_group(0)               = ?
[pid  5116] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5116, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=24 /* 0.24 s */} ---
umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556afa6f0 /* 4 entries */, 32768) = 112
umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./3/binderfs")                  = 0
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556b02730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556b02730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./3/file0")                      = 0
getdents64(3, 0x555556afa6f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./3")                            = 0
mkdir("./4", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5134 attached
, child_tidptr=0x555556af9650) = 5134
[pid  5134] set_robust_list(0x555556af9660, 24) = 0
[pid  5134] chdir("./4")                = 0
[pid  5134] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5134] setpgid(0, 0)               = 0
[pid  5134] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5134] write(3, "1000", 4)         = 4
[pid  5134] close(3)                    = 0
[pid  5134] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5134] memfd_create("syzkaller", 0) = 3
[pid  5134] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5ce4367000
[pid  5134] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  5134] munmap(0x7f5ce4367000, 138412032) = 0
[pid  5134] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5134] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5134] close(3)                    = 0
[pid  5134] mkdir("./file0", 0777)      = 0
[   80.853766][ T5134] loop0: detected capacity change from 0 to 32768
[   80.869196][ T5134] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor317 (5134)
[   80.885525][ T5134] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm
[   80.895195][ T5134] BTRFS info (device loop0): force clearing of disk cache
[   80.902973][ T5134] BTRFS info (device loop0): setting nodatasum
[   80.909440][ T5134] BTRFS info (device loop0): enabling disk space caching
[   80.916914][ T5134] BTRFS info (device loop0): disk space caching is enabled
[   80.939631][ T5134] BTRFS info (device loop0): enabling ssd optimizations
[   80.946635][ T5134] BTRFS info (device loop0): auto enabling async discard
[pid  5134] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,space_cache=v1,space_cache=v1,") = 0
[pid  5134] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5134] chdir("./file0")            = 0
[pid  5134] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5134] close(4)                    = 0
[pid  5134] open("./file0", O_RDONLY)   = 4
[   80.955375][ T5134] BTRFS info (device loop0): rebuilding free space tree
[   80.967895][ T5134] BTRFS info (device loop0): disabling free space tree
[   80.975188][ T5134] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[   80.984895][ T5134] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[   80.998403][ T5134] BTRFS info (device loop0): checking UUID tree
[pid  5134] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  5134] write(5, "15", 2)           = 2
[   81.059300][ T5134] FAULT_INJECTION: forcing a failure.
[   81.059300][ T5134] name failslab, interval 1, probability 0, space 0, times 0
[   81.072664][ T5134] CPU: 0 PID: 5134 Comm: syz-executor317 Not tainted 6.7.0-rc2-syzkaller-00095-gd3fa86b1a7b4 #0
[   81.083119][ T5134] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[   81.093465][ T5134] Call Trace:
[   81.096761][ T5134]  <TASK>
[   81.099710][ T5134]  dump_stack_lvl+0x125/0x1b0
[   81.104478][ T5134]  should_fail_ex+0x496/0x5b0
[   81.109207][ T5134]  should_failslab+0x9/0x20
[   81.113747][ T5134]  __kmem_cache_alloc_node+0x5f/0x460
[   81.119160][ T5134]  ? record_root_in_trans+0x2f9/0x3e0
[   81.124573][ T5134]  kmalloc_trace+0x25/0x60
[   81.129031][ T5134]  btrfs_qgroup_inherit+0x88/0x2730
[   81.134291][ T5134]  create_subvol+0x5fb/0x1630
[   81.139019][ T5134]  ? btrfs_ioctl_encoded_read+0x8a0/0x8a0
[   81.144806][ T5134]  ? preempt_count_sub+0x160/0x160
[   81.149958][ T5134]  ? security_inode_permission+0xd8/0x100
[   81.155731][ T5134]  ? inode_permission+0xdd/0x5e0
[   81.160712][ T5134]  btrfs_mksubvol+0xe9f/0x12c0
[   81.165512][ T5134]  ? reacquire_held_locks+0x4c0/0x4c0
[   81.171026][ T5134]  ? mnt_get_write_access+0x6a/0x300
[   81.176359][ T5134]  ? create_subvol+0x1630/0x1630
[   81.181349][ T5134]  ? mnt_get_write_access+0x20c/0x300
[   81.186771][ T5134]  __btrfs_ioctl_snap_create+0x2f7/0x4f0
[   81.192527][ T5134]  ? _copy_from_user+0xaf/0xf0
[   81.197331][ T5134]  btrfs_ioctl_snap_create_v2+0x261/0x4f0
[   81.203139][ T5134]  btrfs_ioctl+0x2c1/0x61e0
[   81.207729][ T5134]  ? btrfs_ioctl_get_supported_features+0x40/0x40
[   81.214190][ T5134]  ? __sanitizer_cov_trace_switch+0x54/0x90
[   81.220124][ T5134]  ? do_vfs_ioctl+0x379/0x1920
[   81.224934][ T5134]  ? vfs_fileattr_set+0xbf0/0xbf0
[   81.230001][ T5134]  ? ioctl_has_perm.constprop.0.isra.0+0x2f0/0x460
[   81.236636][ T5134]  ? ioctl_has_perm.constprop.0.isra.0+0x2f9/0x460
[   81.243179][ T5134]  ? selinux_bprm_creds_for_exec+0xb30/0xb30
[   81.249207][ T5134]  ? selinux_file_ioctl+0x17d/0x270
[   81.254444][ T5134]  ? selinux_file_ioctl+0xb5/0x270
[   81.259594][ T5134]  ? btrfs_ioctl_get_supported_features+0x40/0x40
[   81.266065][ T5134]  __x64_sys_ioctl+0x18f/0x210
[   81.270871][ T5134]  do_syscall_64+0x40/0x110
[   81.275414][ T5134]  entry_SYSCALL_64_after_hwframe+0x63/0x6b
[   81.281352][ T5134] RIP: 0033:0x7f5cec7a62a9
[   81.285875][ T5134] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[pid  5134] ioctl(4, BTRFS_IOC_SUBVOL_CREATE_V2, {fd=-1, flags=0, name="o"}) = -1 ENOMEM (Cannot allocate memory)
[pid  5134] exit_group(0)               = ?
[   81.305539][ T5134] RSP: 002b:00007ffc4105f4f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   81.313971][ T5134] RAX: ffffffffffffffda RBX: 00007ffc4105f520 RCX: 00007f5cec7a62a9
[   81.321951][ T5134] RDX: 0000000020000300 RSI: 0000000050009418 RDI: 0000000000000004
[   81.329932][ T5134] RBP: 0000000000000002 R08: 00007ffc4105f296 R09: 00007ffc4105f540
[   81.338099][ T5134] R10: 0000000000000002 R11: 0000000000000246 R12: 00007ffc4105f51c
[   81.346169][ T5134] R13: 0000000000000004 R14: 431bde82d7b634db R15: 00007ffc4105f560
[   81.354157][ T5134]  </TASK>
[pid  5134] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5134, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=30 /* 0.30 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556afa6f0 /* 4 entries */, 32768) = 112
umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./4/binderfs")                  = 0
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556b02730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556b02730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./4/file0")                      = 0
getdents64(3, 0x555556afa6f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./4")                            = 0
mkdir("./5", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5152 attached
, child_tidptr=0x555556af9650) = 5152
[pid  5152] set_robust_list(0x555556af9660, 24) = 0
[pid  5152] chdir("./5")                = 0
[pid  5152] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5152] setpgid(0, 0)               = 0
[pid  5152] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5152] write(3, "1000", 4)         = 4
[pid  5152] close(3)                    = 0
[pid  5152] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5152] memfd_create("syzkaller", 0) = 3
[pid  5152] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5ce4367000
[pid  5152] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  5152] munmap(0x7f5ce4367000, 138412032) = 0
[pid  5152] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5152] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5152] close(3)                    = 0
[pid  5152] mkdir("./file0", 0777)      = 0
[   81.933597][ T5152] loop0: detected capacity change from 0 to 32768
[   81.953952][ T5152] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor317 (5152)
[   81.969697][ T5152] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm
[   81.978964][ T5152] BTRFS info (device loop0): force clearing of disk cache
[   81.986245][ T5152] BTRFS info (device loop0): setting nodatasum
[   81.992541][ T5152] BTRFS info (device loop0): enabling disk space caching
[   81.999776][ T5152] BTRFS info (device loop0): disk space caching is enabled
[   82.021782][ T5152] BTRFS info (device loop0): enabling ssd optimizations
[   82.028856][ T5152] BTRFS info (device loop0): auto enabling async discard
[   82.037117][ T5152] BTRFS info (device loop0): rebuilding free space tree
[   82.050082][ T5152] BTRFS info (device loop0): disabling free space tree
[   82.057003][ T5152] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[   82.067012][ T5152] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[pid  5152] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,space_cache=v1,space_cache=v1,") = 0
[pid  5152] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[   82.081490][ T5152] BTRFS info (device loop0): checking UUID tree
[pid  5152] chdir("./file0")            = 0
[pid  5152] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5152] close(4)                    = 0
[pid  5152] open("./file0", O_RDONLY)   = 4
[pid  5152] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  5152] write(5, "15", 2)           = 2
[   82.157038][ T5152] FAULT_INJECTION: forcing a failure.
[   82.157038][ T5152] name failslab, interval 1, probability 0, space 0, times 0
[   82.184497][ T5152] CPU: 0 PID: 5152 Comm: syz-executor317 Not tainted 6.7.0-rc2-syzkaller-00095-gd3fa86b1a7b4 #0
[   82.194973][ T5152] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[   82.205054][ T5152] Call Trace:
[   82.208354][ T5152]  <TASK>
[   82.211401][ T5152]  dump_stack_lvl+0x125/0x1b0
[   82.216118][ T5152]  should_fail_ex+0x496/0x5b0
[   82.220836][ T5152]  should_failslab+0x9/0x20
[   82.225370][ T5152]  __kmem_cache_alloc_node+0x5f/0x460
[   82.230790][ T5152]  ? record_root_in_trans+0x2f9/0x3e0
[   82.236200][ T5152]  kmalloc_trace+0x25/0x60
[   82.240646][ T5152]  btrfs_qgroup_inherit+0x88/0x2730
[   82.245897][ T5152]  create_subvol+0x5fb/0x1630
[   82.250632][ T5152]  ? btrfs_ioctl_encoded_read+0x8a0/0x8a0
[   82.256432][ T5152]  ? preempt_count_sub+0x160/0x160
[   82.261582][ T5152]  ? security_inode_permission+0xd8/0x100
[   82.267417][ T5152]  ? inode_permission+0xdd/0x5e0
[   82.272398][ T5152]  btrfs_mksubvol+0xe9f/0x12c0
[   82.277193][ T5152]  ? reacquire_held_locks+0x4c0/0x4c0
[   82.282604][ T5152]  ? mnt_get_write_access+0x6a/0x300
[   82.287926][ T5152]  ? create_subvol+0x1630/0x1630
[   82.292949][ T5152]  ? mnt_get_write_access+0x20c/0x300
[   82.298373][ T5152]  __btrfs_ioctl_snap_create+0x2f7/0x4f0
[   82.304041][ T5152]  ? _copy_from_user+0xaf/0xf0
[   82.308841][ T5152]  btrfs_ioctl_snap_create_v2+0x261/0x4f0
[   82.314606][ T5152]  btrfs_ioctl+0x2c1/0x61e0
[   82.319172][ T5152]  ? btrfs_ioctl_get_supported_features+0x40/0x40
[   82.325644][ T5152]  ? __sanitizer_cov_trace_switch+0x54/0x90
[   82.331592][ T5152]  ? do_vfs_ioctl+0x379/0x1920
[   82.336396][ T5152]  ? vfs_fileattr_set+0xbf0/0xbf0
[   82.341451][ T5152]  ? ioctl_has_perm.constprop.0.isra.0+0x2f0/0x460
[   82.347978][ T5152]  ? ioctl_has_perm.constprop.0.isra.0+0x2f9/0x460
[   82.354514][ T5152]  ? selinux_bprm_creds_for_exec+0xb30/0xb30
[   82.360525][ T5152]  ? selinux_file_ioctl+0x17d/0x270
[   82.365753][ T5152]  ? selinux_file_ioctl+0xb5/0x270
[   82.370894][ T5152]  ? btrfs_ioctl_get_supported_features+0x40/0x40
[   82.377515][ T5152]  __x64_sys_ioctl+0x18f/0x210
[   82.382314][ T5152]  do_syscall_64+0x40/0x110
[   82.386958][ T5152]  entry_SYSCALL_64_after_hwframe+0x63/0x6b
[   82.393110][ T5152] RIP: 0033:0x7f5cec7a62a9
[   82.397547][ T5152] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   82.417187][ T5152] RSP: 002b:00007ffc4105f4f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   82.425727][ T5152] RAX: ffffffffffffffda RBX: 00007ffc4105f520 RCX: 00007f5cec7a62a9
[   82.433740][ T5152] RDX: 0000000020000300 RSI: 0000000050009418 RDI: 0000000000000004
[   82.441831][ T5152] RBP: 0000000000000002 R08: 00007ffc4105f296 R09: 00007ffc4105f540
[   82.450006][ T5152] R10: 0000000000000002 R11: 0000000000000246 R12: 00007ffc4105f51c
[pid  5152] ioctl(4, BTRFS_IOC_SUBVOL_CREATE_V2, {fd=-1, flags=0, name="o"}) = -1 ENOMEM (Cannot allocate memory)
[pid  5152] exit_group(0)               = ?
[pid  5152] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5152, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=26 /* 0.26 s */} ---
umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556afa6f0 /* 4 entries */, 32768) = 112
umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./5/binderfs")                  = 0
[   82.457999][ T5152] R13: 0000000000000005 R14: 431bde82d7b634db R15: 00007ffc4105f560
[   82.466002][ T5152]  </TASK>
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556b02730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556b02730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./5/file0")                      = 0
getdents64(3, 0x555556afa6f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./5")                            = 0
mkdir("./6", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = 0
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556af9650) = 5170
./strace-static-x86_64: Process 5170 attached
[pid  5170] set_robust_list(0x555556af9660, 24) = 0
[pid  5170] chdir("./6")                = 0
[pid  5170] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5170] setpgid(0, 0)               = 0
[pid  5170] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5170] write(3, "1000", 4)         = 4
[pid  5170] close(3)                    = 0
[pid  5170] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5170] memfd_create("syzkaller", 0) = 3
[pid  5170] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5ce4367000
[pid  5170] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  5170] munmap(0x7f5ce4367000, 138412032) = 0
[pid  5170] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5170] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5170] close(3)                    = 0
[pid  5170] mkdir("./file0", 0777)      = 0
[   82.970446][ T5170] loop0: detected capacity change from 0 to 32768
[   82.988116][ T5170] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor317 (5170)
[   83.004835][ T5170] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm
[   83.014279][ T5170] BTRFS info (device loop0): force clearing of disk cache
[   83.021485][ T5170] BTRFS info (device loop0): setting nodatasum
[   83.027679][ T5170] BTRFS info (device loop0): enabling disk space caching
[   83.034998][ T5170] BTRFS info (device loop0): disk space caching is enabled
[   83.058740][ T5170] BTRFS info (device loop0): enabling ssd optimizations
[   83.066195][ T5170] BTRFS info (device loop0): auto enabling async discard
[   83.074499][ T5170] BTRFS info (device loop0): rebuilding free space tree
[   83.086330][ T5170] BTRFS info (device loop0): disabling free space tree
[   83.093458][ T5170] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[   83.103223][ T5170] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[pid  5170] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,space_cache=v1,space_cache=v1,") = 0
[pid  5170] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5170] chdir("./file0")            = 0
[pid  5170] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5170] close(4)                    = 0
[pid  5170] open("./file0", O_RDONLY)   = 4
[   83.117043][ T5170] BTRFS info (device loop0): checking UUID tree
[pid  5170] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  5170] write(5, "15", 2)           = 2
[pid  5170] ioctl(4, BTRFS_IOC_SUBVOL_CREATE_V2, {fd=-1, flags=0, name="o"} => {transid=0}) = 0
[pid  5170] exit_group(0)               = ?
[pid  5170] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5170, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=40 /* 0.40 s */} ---
umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556afa6f0 /* 4 entries */, 32768) = 112
umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./6/binderfs")                  = 0
umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556b02730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556b02730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./6/file0")                      = 0
getdents64(3, 0x555556afa6f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./6")                            = 0
mkdir("./7", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = 0
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556af9650) = 5188
./strace-static-x86_64: Process 5188 attached
[pid  5188] set_robust_list(0x555556af9660, 24) = 0
[pid  5188] chdir("./7")                = 0
[pid  5188] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5188] setpgid(0, 0)               = 0
[pid  5188] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5188] write(3, "1000", 4)         = 4
[pid  5188] close(3)                    = 0
[pid  5188] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5188] memfd_create("syzkaller", 0) = 3
[pid  5188] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5ce4367000
[pid  5188] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  5188] munmap(0x7f5ce4367000, 138412032) = 0
[pid  5188] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5188] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5188] close(3)                    = 0
[pid  5188] mkdir("./file0", 0777)      = 0
[   83.649555][ T5188] loop0: detected capacity change from 0 to 32768
[   83.663935][ T5188] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor317 (5188)
[   83.681790][ T5188] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm
[   83.691121][ T5188] BTRFS info (device loop0): force clearing of disk cache
[   83.698521][ T5188] BTRFS info (device loop0): setting nodatasum
[   83.705295][ T5188] BTRFS info (device loop0): enabling disk space caching
[   83.712503][ T5188] BTRFS info (device loop0): disk space caching is enabled
[   83.735891][ T5188] BTRFS info (device loop0): enabling ssd optimizations
[   83.743157][ T5188] BTRFS info (device loop0): auto enabling async discard
[   83.751527][ T5188] BTRFS info (device loop0): rebuilding free space tree
[   83.765775][ T5188] BTRFS info (device loop0): disabling free space tree
[   83.772852][ T5188] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[   83.782633][ T5188] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[pid  5188] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,space_cache=v1,space_cache=v1,") = 0
[pid  5188] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5188] chdir("./file0")            = 0
[pid  5188] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5188] close(4)                    = 0
[   83.796086][ T5188] BTRFS info (device loop0): checking UUID tree
[pid  5188] open("./file0", O_RDONLY)   = 4
[pid  5188] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  5188] write(5, "15", 2)           = 2
[   83.873197][ T5188] FAULT_INJECTION: forcing a failure.
[   83.873197][ T5188] name failslab, interval 1, probability 0, space 0, times 0
[   83.886253][ T5188] CPU: 1 PID: 5188 Comm: syz-executor317 Not tainted 6.7.0-rc2-syzkaller-00095-gd3fa86b1a7b4 #0
[   83.896708][ T5188] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[   83.906887][ T5188] Call Trace:
[   83.910197][ T5188]  <TASK>
[   83.913150][ T5188]  dump_stack_lvl+0x125/0x1b0
[   83.917862][ T5188]  should_fail_ex+0x496/0x5b0
[   83.922591][ T5188]  should_failslab+0x9/0x20
[   83.927477][ T5188]  __kmem_cache_alloc_node+0x5f/0x460
[   83.932898][ T5188]  ? record_root_in_trans+0x2f9/0x3e0
[   83.938313][ T5188]  kmalloc_trace+0x25/0x60
[   83.942775][ T5188]  btrfs_qgroup_inherit+0x88/0x2730
[   83.948024][ T5188]  create_subvol+0x5fb/0x1630
[   83.952755][ T5188]  ? btrfs_ioctl_encoded_read+0x8a0/0x8a0
[   83.958538][ T5188]  ? preempt_count_sub+0x160/0x160
[   83.963734][ T5188]  ? security_inode_permission+0xd8/0x100
[   83.969495][ T5188]  ? inode_permission+0xdd/0x5e0
[   83.974552][ T5188]  btrfs_mksubvol+0xe9f/0x12c0
[   83.979349][ T5188]  ? reacquire_held_locks+0x4c0/0x4c0
[   83.984765][ T5188]  ? mnt_get_write_access+0x6a/0x300
[   83.990133][ T5188]  ? create_subvol+0x1630/0x1630
[   83.995111][ T5188]  ? mnt_get_write_access+0x20c/0x300
[   84.000526][ T5188]  __btrfs_ioctl_snap_create+0x2f7/0x4f0
[   84.006192][ T5188]  ? _copy_from_user+0xaf/0xf0
[   84.010996][ T5188]  btrfs_ioctl_snap_create_v2+0x261/0x4f0
[   84.016754][ T5188]  btrfs_ioctl+0x2c1/0x61e0
[   84.021467][ T5188]  ? btrfs_ioctl_get_supported_features+0x40/0x40
[   84.027911][ T5188]  ? __sanitizer_cov_trace_switch+0x54/0x90
[   84.033839][ T5188]  ? do_vfs_ioctl+0x379/0x1920
[   84.038620][ T5188]  ? vfs_fileattr_set+0xbf0/0xbf0
[   84.043658][ T5188]  ? ioctl_has_perm.constprop.0.isra.0+0x2f0/0x460
[   84.050194][ T5188]  ? ioctl_has_perm.constprop.0.isra.0+0x2f9/0x460
[   84.056708][ T5188]  ? selinux_bprm_creds_for_exec+0xb30/0xb30
[   84.062701][ T5188]  ? selinux_file_ioctl+0x17d/0x270
[   84.067909][ T5188]  ? selinux_file_ioctl+0xb5/0x270
[   84.073127][ T5188]  ? btrfs_ioctl_get_supported_features+0x40/0x40
[   84.079566][ T5188]  __x64_sys_ioctl+0x18f/0x210
[   84.084366][ T5188]  do_syscall_64+0x40/0x110
[   84.088872][ T5188]  entry_SYSCALL_64_after_hwframe+0x63/0x6b
[   84.094778][ T5188] RIP: 0033:0x7f5cec7a62a9
[   84.099206][ T5188] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[pid  5188] ioctl(4, BTRFS_IOC_SUBVOL_CREATE_V2, {fd=-1, flags=0, name="o"}) = -1 ENOMEM (Cannot allocate memory)
[pid  5188] exit_group(0)               = ?
[pid  5188] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5188, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=39 /* 0.39 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[   84.118834][ T5188] RSP: 002b:00007ffc4105f4f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   84.127422][ T5188] RAX: ffffffffffffffda RBX: 00007ffc4105f520 RCX: 00007f5cec7a62a9
[   84.135416][ T5188] RDX: 0000000020000300 RSI: 0000000050009418 RDI: 0000000000000004
[   84.143414][ T5188] RBP: 0000000000000002 R08: 00007ffc4105f296 R09: 00007ffc4105f540
[   84.151386][ T5188] R10: 0000000000000002 R11: 0000000000000246 R12: 00007ffc4105f51c
[   84.159916][ T5188] R13: 0000000000000007 R14: 431bde82d7b634db R15: 00007ffc4105f560
[   84.167888][ T5188]  </TASK>
getdents64(3, 0x555556afa6f0 /* 4 entries */, 32768) = 112
umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./7/binderfs")                  = 0
umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556b02730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556b02730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./7/file0")                      = 0
getdents64(3, 0x555556afa6f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./7")                            = 0
mkdir("./8", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5207 attached
, child_tidptr=0x555556af9650) = 5207
[pid  5207] set_robust_list(0x555556af9660, 24) = 0
[pid  5207] chdir("./8")                = 0
[pid  5207] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5207] setpgid(0, 0)               = 0
[pid  5207] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5207] write(3, "1000", 4)         = 4
[pid  5207] close(3)                    = 0
[pid  5207] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5207] memfd_create("syzkaller", 0) = 3
[pid  5207] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5ce4367000
[pid  5207] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  5207] munmap(0x7f5ce4367000, 138412032) = 0
[pid  5207] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5207] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5207] close(3)                    = 0
[pid  5207] mkdir("./file0", 0777)      = 0
[   84.740639][ T5207] loop0: detected capacity change from 0 to 32768
[   84.755999][ T5207] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor317 (5207)
[   84.773475][ T5207] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm
[   84.782902][ T5207] BTRFS info (device loop0): force clearing of disk cache
[   84.790073][ T5207] BTRFS info (device loop0): setting nodatasum
[   84.796362][ T5207] BTRFS info (device loop0): enabling disk space caching
[   84.803731][ T5207] BTRFS info (device loop0): disk space caching is enabled
[   84.827368][ T5207] BTRFS info (device loop0): enabling ssd optimizations
[   84.834629][ T5207] BTRFS info (device loop0): auto enabling async discard
[   84.843194][ T5207] BTRFS info (device loop0): rebuilding free space tree
[   84.855481][ T5207] BTRFS info (device loop0): disabling free space tree
[   84.862612][ T5207] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[   84.872444][ T5207] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[pid  5207] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,space_cache=v1,space_cache=v1,") = 0
[pid  5207] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5207] chdir("./file0")            = 0
[pid  5207] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5207] close(4)                    = 0
[pid  5207] open("./file0", O_RDONLY)   = 4
[   84.886212][ T5207] BTRFS info (device loop0): checking UUID tree
[pid  5207] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  5207] write(5, "15", 2)           = 2
[   84.934170][ T5207] FAULT_INJECTION: forcing a failure.
[   84.934170][ T5207] name failslab, interval 1, probability 0, space 0, times 0
[   84.947498][ T5207] CPU: 1 PID: 5207 Comm: syz-executor317 Not tainted 6.7.0-rc2-syzkaller-00095-gd3fa86b1a7b4 #0
[   84.958046][ T5207] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[   84.968142][ T5207] Call Trace:
[   84.971451][ T5207]  <TASK>
[   84.974405][ T5207]  dump_stack_lvl+0x125/0x1b0
[   84.979120][ T5207]  should_fail_ex+0x496/0x5b0
[   84.983935][ T5207]  should_failslab+0x9/0x20
[   84.988485][ T5207]  kmem_cache_alloc+0x61/0x360
[   84.993394][ T5207]  btrfs_alloc_tree_block+0xc79/0x12c0
[   84.998899][ T5207]  ? mark_held_locks+0x9f/0xe0
[   85.003744][ T5207]  ? btrfs_alloc_logged_file_extent+0x640/0x640
[   85.010030][ T5207]  ? __kmem_cache_free+0x179/0x3d0
[   85.015458][ T5207]  ? __phys_addr+0xc6/0x140
[   85.020112][ T5207]  create_subvol+0x639/0x1630
[   85.024845][ T5207]  ? btrfs_ioctl_encoded_read+0x8a0/0x8a0
[   85.030730][ T5207]  ? preempt_count_sub+0x160/0x160
[   85.035896][ T5207]  ? security_inode_permission+0xd8/0x100
[   85.041840][ T5207]  ? inode_permission+0xdd/0x5e0
[   85.046918][ T5207]  btrfs_mksubvol+0xe9f/0x12c0
[   85.051927][ T5207]  ? reacquire_held_locks+0x4c0/0x4c0
[   85.057807][ T5207]  ? mnt_get_write_access+0x6a/0x300
[   85.063229][ T5207]  ? create_subvol+0x1630/0x1630
[   85.068220][ T5207]  ? mnt_get_write_access+0x20c/0x300
[   85.073734][ T5207]  __btrfs_ioctl_snap_create+0x2f7/0x4f0
[   85.079578][ T5207]  ? _copy_from_user+0xaf/0xf0
[   85.084497][ T5207]  btrfs_ioctl_snap_create_v2+0x261/0x4f0
[   85.090271][ T5207]  btrfs_ioctl+0x2c1/0x61e0
[   85.094918][ T5207]  ? btrfs_ioctl_get_supported_features+0x40/0x40
[   85.101376][ T5207]  ? __sanitizer_cov_trace_switch+0x54/0x90
[   85.107416][ T5207]  ? do_vfs_ioctl+0x379/0x1920
[   85.112396][ T5207]  ? vfs_fileattr_set+0xbf0/0xbf0
[   85.117469][ T5207]  ? ioctl_has_perm.constprop.0.isra.0+0x2f0/0x460
[   85.124143][ T5207]  ? ioctl_has_perm.constprop.0.isra.0+0x2f9/0x460
[   85.130878][ T5207]  ? selinux_bprm_creds_for_exec+0xb30/0xb30
[   85.137375][ T5207]  ? selinux_file_ioctl+0x17d/0x270
[   85.142795][ T5207]  ? selinux_file_ioctl+0xb5/0x270
[   85.148042][ T5207]  ? btrfs_ioctl_get_supported_features+0x40/0x40
[   85.154680][ T5207]  __x64_sys_ioctl+0x18f/0x210
[   85.160361][ T5207]  do_syscall_64+0x40/0x110
[   85.165029][ T5207]  entry_SYSCALL_64_after_hwframe+0x63/0x6b
[   85.170986][ T5207] RIP: 0033:0x7f5cec7a62a9
[   85.175691][ T5207] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   85.195700][ T5207] RSP: 002b:00007ffc4105f4f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   85.204265][ T5207] RAX: ffffffffffffffda RBX: 00007ffc4105f520 RCX: 00007f5cec7a62a9
[   85.212356][ T5207] RDX: 0000000020000300 RSI: 0000000050009418 RDI: 0000000000000004
[   85.220460][ T5207] RBP: 0000000000000002 R08: 00007ffc4105f296 R09: 00007ffc4105f540
[pid  5207] ioctl(4, BTRFS_IOC_SUBVOL_CREATE_V2, {fd=-1, flags=0, name="o"}) = -1 ENOMEM (Cannot allocate memory)
[pid  5207] exit_group(0)               = ?
[pid  5207] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5207, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=31 /* 0.31 s */} ---
umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556afa6f0 /* 4 entries */, 32768) = 112
umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./8/binderfs")                  = 0
[   85.228438][ T5207] R10: 0000000000000002 R11: 0000000000000246 R12: 00007ffc4105f51c
[   85.236443][ T5207] R13: 0000000000000008 R14: 431bde82d7b634db R15: 00007ffc4105f560
[   85.244442][ T5207]  </TASK>
[   85.315385][ T5059] ------------[ cut here ]------------
[   85.322304][ T5059] WARNING: CPU: 0 PID: 5059 at fs/btrfs/space-info.h:199 btrfs_space_info_update_bytes_may_use+0x449/0x5a0
[   85.333749][ T5059] Modules linked in:
[   85.337735][ T5059] CPU: 0 PID: 5059 Comm: syz-executor317 Not tainted 6.7.0-rc2-syzkaller-00095-gd3fa86b1a7b4 #0
[   85.348403][ T5059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[   85.358585][ T5059] RIP: 0010:btrfs_space_info_update_bytes_may_use+0x449/0x5a0
[   85.366262][ T5059] Code: e9 69 fc ff ff e8 d7 87 ee fd 49 89 ee 4c 89 e6 49 f7 de 4c 89 f7 e8 d6 82 ee fd 4d 39 f4 0f 83 7c fd ff ff e8 b8 87 ee fd 90 <0f> 0b 90 31 ed e9 74 fd ff ff e8 a8 87 ee fd 48 8d 7b 18 be ff ff
[   85.386207][ T5059] RSP: 0018:ffffc9000347fab0 EFLAGS: 00010293
[   85.392339][ T5059] RAX: 0000000000000000 RBX: ffff88802a826000 RCX: ffffffff8397f88a
[   85.400430][ T5059] RDX: ffff888020510080 RSI: ffffffff8397f898 RDI: 0000000000000006
[   85.408447][ T5059] RBP: fffffffffff00000 R08: 0000000000000006 R09: 0000000000100000
[   85.416499][ T5059] R10: 00000000000ff000 R11: 0000000000000001 R12: 00000000000ff000
[   85.424619][ T5059] R13: ffff88802a826060 R14: 0000000000100000 R15: 0000000000000005
[   85.433086][ T5059] FS:  0000555556af9380(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[   85.442101][ T5059] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   85.448812][ T5059] CR2: 00007ffc4105dc58 CR3: 0000000070fc8000 CR4: 00000000003506f0
[   85.456869][ T5059] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   85.464909][ T5059] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   85.472948][ T5059] Call Trace:
[   85.476345][ T5059]  <TASK>
[   85.479266][ T5059]  ? show_regs+0x8f/0xa0
[   85.483588][ T5059]  ? __warn+0xe6/0x390
[   85.487951][ T5059]  ? btrfs_space_info_update_bytes_may_use+0x449/0x5a0
[   85.494867][ T5059]  ? report_bug+0x3bc/0x580
[   85.499408][ T5059]  ? handle_bug+0x3d/0x70
[   85.503903][ T5059]  ? exc_invalid_op+0x17/0x40
[   85.508690][ T5059]  ? asm_exc_invalid_op+0x1a/0x20
[   85.513801][ T5059]  ? btrfs_space_info_update_bytes_may_use+0x43a/0x5a0
[   85.520764][ T5059]  ? btrfs_space_info_update_bytes_may_use+0x448/0x5a0
[   85.527736][ T5059]  ? btrfs_space_info_update_bytes_may_use+0x449/0x5a0
[   85.534682][ T5059]  btrfs_block_rsv_release+0x5a8/0x6c0
[   85.540274][ T5059]  btrfs_release_global_block_rsv+0x26/0x2f0
[   85.546413][ T5059]  btrfs_free_block_groups+0xbbc/0x13e0
[   85.552146][ T5059]  ? free_root_pointers+0x7cd/0xa90
[   85.557384][ T5059]  close_ctree+0xa51/0xf90
[   85.561914][ T5059]  ? btrfs_cleanup_transaction.isra.0+0x13a0/0x13a0
[   85.568709][ T5059]  ? collect_domain_accesses+0x290/0x290
[   85.574587][ T5059]  ? __fsnotify_vfsmount_delete+0x20/0x20
[   85.580485][ T5059]  ? dispose_list+0x1e0/0x1e0
[   85.585183][ T5059]  ? fscrypt_destroy_keyring+0x1e/0x3d0
[   85.590910][ T5059]  ? btrfs_set_super+0x70/0x70
[   85.595724][ T5059]  generic_shutdown_super+0x161/0x3d0
[   85.601276][ T5059]  kill_anon_super+0x3a/0x60
[   85.605905][ T5059]  btrfs_kill_super+0x3b/0x50
[   85.610642][ T5059]  deactivate_locked_super+0xbc/0x1a0
[   85.616068][ T5059]  deactivate_super+0xde/0x100
[   85.621020][ T5059]  cleanup_mnt+0x222/0x450
[   85.625466][ T5059]  task_work_run+0x14d/0x240
[   85.630163][ T5059]  ? task_work_cancel+0x30/0x30
[   85.635053][ T5059]  ptrace_notify+0x10d/0x130
[   85.639728][ T5059]  syscall_exit_to_user_mode_prepare+0x126/0x230
[   85.646099][ T5059]  syscall_exit_to_user_mode+0xe/0x60
[   85.652483][ T5059]  do_syscall_64+0x4d/0x110
[   85.657020][ T5059]  entry_SYSCALL_64_after_hwframe+0x63/0x6b
[   85.663151][ T5059] RIP: 0033:0x7f5cec7a7507
[   85.667590][ T5059] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8
[   85.687320][ T5059] RSP: 002b:00007ffc4105e408 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[   85.695807][ T5059] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f5cec7a7507
[   85.704253][ T5059] RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffc4105e4c0
[   85.712376][ T5059] RBP: 00007ffc4105e4c0 R08: 0000000000000000 R09: 0000000000000000
[   85.720418][ T5059] R10: 00000000ffffffff R11: 0000000000000202 R12: 00007ffc4105f540
[   85.728408][ T5059] R13: 0000555556afa6c0 R14: 431bde82d7b634db R15: 00007ffc4105f560
[   85.736464][ T5059]  </TASK>
[   85.739571][ T5059] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   85.746945][ T5059] CPU: 0 PID: 5059 Comm: syz-executor317 Not tainted 6.7.0-rc2-syzkaller-00095-gd3fa86b1a7b4 #0
[   85.757382][ T5059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[   85.767560][ T5059] Call Trace:
[   85.770836][ T5059]  <TASK>
[   85.773757][ T5059]  dump_stack_lvl+0xd9/0x1b0
[   85.778347][ T5059]  panic+0x6dc/0x790
[   85.782262][ T5059]  ? panic_smp_self_stop+0xa0/0xa0
[   85.787368][ T5059]  ? show_trace_log_lvl+0x363/0x4f0
[   85.792575][ T5059]  ? check_panic_on_warn+0x1f/0xb0
[   85.797797][ T5059]  ? btrfs_space_info_update_bytes_may_use+0x449/0x5a0
[   85.804671][ T5059]  check_panic_on_warn+0xab/0xb0
[   85.809717][ T5059]  __warn+0xf2/0x390
[   85.813627][ T5059]  ? btrfs_space_info_update_bytes_may_use+0x449/0x5a0
[   85.820512][ T5059]  report_bug+0x3bc/0x580
[   85.824913][ T5059]  handle_bug+0x3d/0x70
[   85.829085][ T5059]  exc_invalid_op+0x17/0x40
[   85.833612][ T5059]  asm_exc_invalid_op+0x1a/0x20
[   85.838487][ T5059] RIP: 0010:btrfs_space_info_update_bytes_may_use+0x449/0x5a0
[   85.845985][ T5059] Code: e9 69 fc ff ff e8 d7 87 ee fd 49 89 ee 4c 89 e6 49 f7 de 4c 89 f7 e8 d6 82 ee fd 4d 39 f4 0f 83 7c fd ff ff e8 b8 87 ee fd 90 <0f> 0b 90 31 ed e9 74 fd ff ff e8 a8 87 ee fd 48 8d 7b 18 be ff ff
[   85.865637][ T5059] RSP: 0018:ffffc9000347fab0 EFLAGS: 00010293
[   85.871780][ T5059] RAX: 0000000000000000 RBX: ffff88802a826000 RCX: ffffffff8397f88a
[   85.879760][ T5059] RDX: ffff888020510080 RSI: ffffffff8397f898 RDI: 0000000000000006
[   85.887743][ T5059] RBP: fffffffffff00000 R08: 0000000000000006 R09: 0000000000100000
[   85.895725][ T5059] R10: 00000000000ff000 R11: 0000000000000001 R12: 00000000000ff000
[   85.903709][ T5059] R13: ffff88802a826060 R14: 0000000000100000 R15: 0000000000000005
[   85.911693][ T5059]  ? btrfs_space_info_update_bytes_may_use+0x43a/0x5a0
[   85.918568][ T5059]  ? btrfs_space_info_update_bytes_may_use+0x448/0x5a0
[   85.925443][ T5059]  btrfs_block_rsv_release+0x5a8/0x6c0
[   85.930922][ T5059]  btrfs_release_global_block_rsv+0x26/0x2f0
[   85.936939][ T5059]  btrfs_free_block_groups+0xbbc/0x13e0
[   85.942502][ T5059]  ? free_root_pointers+0x7cd/0xa90
[   85.947888][ T5059]  close_ctree+0xa51/0xf90
[   85.952319][ T5059]  ? btrfs_cleanup_transaction.isra.0+0x13a0/0x13a0
[   85.958927][ T5059]  ? collect_domain_accesses+0x290/0x290
[   85.964584][ T5059]  ? __fsnotify_vfsmount_delete+0x20/0x20
[   85.970322][ T5059]  ? dispose_list+0x1e0/0x1e0
[   85.975016][ T5059]  ? fscrypt_destroy_keyring+0x1e/0x3d0
[   85.980576][ T5059]  ? btrfs_set_super+0x70/0x70
[   85.985435][ T5059]  generic_shutdown_super+0x161/0x3d0
[   85.990825][ T5059]  kill_anon_super+0x3a/0x60
[   85.995434][ T5059]  btrfs_kill_super+0x3b/0x50
[   86.000121][ T5059]  deactivate_locked_super+0xbc/0x1a0
[   86.005509][ T5059]  deactivate_super+0xde/0x100
[   86.010548][ T5059]  cleanup_mnt+0x222/0x450
[   86.015033][ T5059]  task_work_run+0x14d/0x240
[   86.019683][ T5059]  ? task_work_cancel+0x30/0x30
[   86.024617][ T5059]  ptrace_notify+0x10d/0x130
[   86.029227][ T5059]  syscall_exit_to_user_mode_prepare+0x126/0x230
[   86.035582][ T5059]  syscall_exit_to_user_mode+0xe/0x60
[   86.041012][ T5059]  do_syscall_64+0x4d/0x110
[   86.045532][ T5059]  entry_SYSCALL_64_after_hwframe+0x63/0x6b
[   86.051452][ T5059] RIP: 0033:0x7f5cec7a7507
[   86.055878][ T5059] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8
[   86.075506][ T5059] RSP: 002b:00007ffc4105e408 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[   86.083935][ T5059] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f5cec7a7507
[   86.091923][ T5059] RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffc4105e4c0
[   86.099909][ T5059] RBP: 00007ffc4105e4c0 R08: 0000000000000000 R09: 0000000000000000
[   86.107900][ T5059] R10: 00000000ffffffff R11: 0000000000000202 R12: 00007ffc4105f540
[   86.115897][ T5059] R13: 0000555556afa6c0 R14: 431bde82d7b634db R15: 00007ffc4105f560
[   86.123899][ T5059]  </TASK>
[   86.127208][ T5059] Kernel Offset: disabled
[   86.131656][ T5059] Rebooting in 86400 seconds..