./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1750838972
<...>
Warning: Permanently added '10.128.1.177' (ECDSA) to the list of known hosts.
execve("./syz-executor1750838972", ["./syz-executor1750838972"], 0x7ffc28839070 /* 10 vars */) = 0
brk(NULL) = 0x555556368000
brk(0x555556368c40) = 0x555556368c40
arch_prctl(ARCH_SET_FS, 0x555556368300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor1750838972", 4096) = 28
brk(0x555556389c40) = 0x555556389c40
brk(0x55555638a000) = 0x55555638a000
mprotect(0x7fea9ce43000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
getpid() = 4993
mkdir("./syzkaller.TUhhOJ", 0700) = 0
chmod("./syzkaller.TUhhOJ", 0777) = 0
chdir("./syzkaller.TUhhOJ") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563685d0) = 4995
./strace-static-x86_64: Process 4995 attached
[pid 4995] chdir("./0") = 0
[pid 4995] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 4995] setpgid(0, 0) = 0
[pid 4995] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 4995] write(3, "1000", 4) = 4
[pid 4995] close(3) = 0
[pid 4995] symlink("/dev/binderfs", "./binderfs") = 0
[pid 4995] memfd_create("syzkaller", 0) = 3
[pid 4995] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fea94982000
syzkaller login: [ 56.811680][ T4995] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=4995 'syz-executor175'
[pid 4995] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 4995] munmap(0x7fea94982000, 16777216) = 0
[pid 4995] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 4995] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 4995] close(3) = 0
[pid 4995] mkdir("./file0", 0777) = 0
[ 56.974663][ T4995] loop0: detected capacity change from 0 to 32768
[ 56.988379][ T4995] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz-executor175 (4995)
[ 57.007834][ T4995] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 57.016608][ T4995] BTRFS info (device loop0): using free space tree
[pid 4995] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0
[pid 4995] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 4995] ioctl(4, LOOP_CLR_FD) = 0
[pid 4995] close(4) = 0
[pid 4995] fcntl(3, F_DUPFD, 3) = 4
[pid 4995] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 4995] write(5, "17", 2) = 2
[ 57.038326][ T4995] BTRFS info (device loop0): enabling ssd optimizations
[ 57.045510][ T4995] BTRFS info (device loop0): auto enabling async discard
[ 57.062027][ T4995] FAULT_INJECTION: forcing a failure.
[ 57.062027][ T4995] name failslab, interval 1, probability 0, space 0, times 1
[ 57.075488][ T4995] CPU: 0 PID: 4995 Comm: syz-executor175 Not tainted 6.4.0-rc6-syzkaller-00037-gb6dad5178cea #0
[ 57.085941][ T4995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 57.096026][ T4995] Call Trace:
[ 57.099303][ T4995]
[ 57.102250][ T4995] dump_stack_lvl+0x1e7/0x2d0
[ 57.106941][ T4995] ? nf_tcp_handle_invalid+0x650/0x650
[ 57.112404][ T4995] ? panic+0x770/0x770
[ 57.116478][ T4995] should_fail_ex+0x3aa/0x4e0
[ 57.121153][ T4995] should_failslab+0x9/0x20
[ 57.125653][ T4995] slab_pre_alloc_hook+0x59/0x2b0
[ 57.130672][ T4995] kmem_cache_alloc+0x52/0x2e0
[ 57.135430][ T4995] ? create_snapshot+0x24b/0x7e0
[ 57.140366][ T4995] create_snapshot+0x24b/0x7e0
[ 57.145130][ T4995] btrfs_mksubvol+0x5d0/0x750
[ 57.149803][ T4995] ? __btrfs_ioctl_snap_create+0x450/0x450
[ 57.155609][ T4995] btrfs_mksnapshot+0xb5/0xf0
[ 57.160281][ T4995] __btrfs_ioctl_snap_create+0x338/0x450
[ 57.165914][ T4995] btrfs_ioctl_snap_create_v2+0x1c4/0x400
[ 57.171630][ T4995] btrfs_ioctl+0xa71/0xd40
[ 57.176049][ T4995] ? btrfs_ioctl_get_supported_features+0x50/0x50
[ 57.182462][ T4995] __se_sys_ioctl+0xf1/0x160
[ 57.187053][ T4995] do_syscall_64+0x41/0xc0
[ 57.191466][ T4995] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 57.197353][ T4995] RIP: 0033:0x7fea9cdcfa29
[ 57.201769][ T4995] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 57.221371][ T4995] RSP: 002b:00007ffd03d248a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 57.229777][ T4995] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fea9cdcfa29
[pid 4995] ioctl(4, BTRFS_IOC_SNAP_CREATE_V2, {fd=4, flags=BTRFS_SUBVOL_QGROUP_INHERIT, size=72, qgroup_inherit={flags=0, num_qgroups=0, num_ref_copies=0, num_excl_copies=0, lim={flags=0, max_rfer=0, max_excl=0, rsv_rfer=0, rsv_excl=0}, ...}, name="\x05"}) = -1 ENOMEM (Cannot allocate memory)
[pid 4995] exit_group(0) = ?
[pid 4995] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4995, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=19 /* 0.19 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556369620 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./0/binderfs") = 0
[ 57.237740][ T4995] RDX: 0000000020002d40 RSI: 0000000050009417 RDI: 0000000000000004
[ 57.245703][ T4995] RBP: 00007ffd03d248d0 R08: 0000000000000002 R09: 00007ffd03d248e0
[ 57.253752][ T4995] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 57.261709][ T4995] R13: 00007ffd03d24910 R14: 00007ffd03d248f0 R15: 0000000000000000
[ 57.269681][ T4995]
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556371660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556371660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./0/file0") = 0
getdents64(3, 0x555556369620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./0") = 0
mkdir("./1", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5020 attached
, child_tidptr=0x5555563685d0) = 5020
[pid 5020] chdir("./1") = 0
[pid 5020] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5020] setpgid(0, 0) = 0
[pid 5020] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5020] write(3, "1000", 4) = 4
[pid 5020] close(3) = 0
[pid 5020] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5020] memfd_create("syzkaller", 0) = 3
[pid 5020] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fea94982000
[pid 5020] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5020] munmap(0x7fea94982000, 16777216) = 0
[pid 5020] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5020] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5020] close(3) = 0
[pid 5020] mkdir("./file0", 0777) = 0
[ 57.611335][ T5020] loop0: detected capacity change from 0 to 32768
[ 57.621307][ T5020] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz-executor175 (5020)
[ 57.638769][ T5020] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 57.647525][ T5020] BTRFS info (device loop0): using free space tree
[pid 5020] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0
[pid 5020] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5020] ioctl(4, LOOP_CLR_FD) = 0
[pid 5020] close(4) = 0
[pid 5020] fcntl(3, F_DUPFD, 3) = 4
[pid 5020] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5020] write(5, "17", 2) = 2
[ 57.666096][ T5020] BTRFS info (device loop0): enabling ssd optimizations
[ 57.673156][ T5020] BTRFS info (device loop0): auto enabling async discard
[ 57.698385][ T5020] FAULT_INJECTION: forcing a failure.
[ 57.698385][ T5020] name failslab, interval 1, probability 0, space 0, times 0
[ 57.711170][ T5020] CPU: 0 PID: 5020 Comm: syz-executor175 Not tainted 6.4.0-rc6-syzkaller-00037-gb6dad5178cea #0
[ 57.721610][ T5020] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 57.731688][ T5020] Call Trace:
[ 57.734990][ T5020]
[ 57.737945][ T5020] dump_stack_lvl+0x1e7/0x2d0
[ 57.742654][ T5020] ? nf_tcp_handle_invalid+0x650/0x650
[ 57.748125][ T5020] ? panic+0x770/0x770
[ 57.752203][ T5020] should_fail_ex+0x3aa/0x4e0
[ 57.756878][ T5020] should_failslab+0x9/0x20
[ 57.761375][ T5020] slab_pre_alloc_hook+0x59/0x2b0
[ 57.766393][ T5020] kmem_cache_alloc+0x52/0x2e0
[ 57.771154][ T5020] ? create_snapshot+0x24b/0x7e0
[ 57.776085][ T5020] create_snapshot+0x24b/0x7e0
[ 57.780848][ T5020] btrfs_mksubvol+0x5d0/0x750
[ 57.785523][ T5020] ? __btrfs_ioctl_snap_create+0x450/0x450
[ 57.791327][ T5020] btrfs_mksnapshot+0xb5/0xf0
[ 57.795999][ T5020] __btrfs_ioctl_snap_create+0x338/0x450
[ 57.801633][ T5020] btrfs_ioctl_snap_create_v2+0x1c4/0x400
[ 57.807348][ T5020] btrfs_ioctl+0xa71/0xd40
[ 57.811759][ T5020] ? btrfs_ioctl_get_supported_features+0x50/0x50
[ 57.818170][ T5020] __se_sys_ioctl+0xf1/0x160
[ 57.822756][ T5020] do_syscall_64+0x41/0xc0
[ 57.827165][ T5020] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 57.833057][ T5020] RIP: 0033:0x7fea9cdcfa29
[ 57.837465][ T5020] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 57.857148][ T5020] RSP: 002b:00007ffd03d248a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[pid 5020] ioctl(4, BTRFS_IOC_SNAP_CREATE_V2, {fd=4, flags=BTRFS_SUBVOL_QGROUP_INHERIT, size=72, qgroup_inherit={flags=0, num_qgroups=0, num_ref_copies=0, num_excl_copies=0, lim={flags=0, max_rfer=0, max_excl=0, rsv_rfer=0, rsv_excl=0}, ...}, name="\x05"}) = -1 ENOMEM (Cannot allocate memory)
[pid 5020] exit_group(0) = ?
[pid 5020] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5020, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=19 /* 0.19 s */} ---
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556369620 /* 4 entries */, 32768) = 112
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./1/binderfs") = 0
[ 57.865555][ T5020] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fea9cdcfa29
[ 57.873525][ T5020] RDX: 0000000020002d40 RSI: 0000000050009417 RDI: 0000000000000004
[ 57.881487][ T5020] RBP: 00007ffd03d248d0 R08: 0000000000000002 R09: 00007ffd03d248e0
[ 57.889449][ T5020] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 57.897413][ T5020] R13: 00007ffd03d24910 R14: 00007ffd03d248f0 R15: 0000000000000001
[ 57.905389][ T5020]
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556371660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556371660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./1/file0") = 0
getdents64(3, 0x555556369620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./1") = 0
mkdir("./2", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563685d0) = 5038
./strace-static-x86_64: Process 5038 attached
[pid 5038] chdir("./2") = 0
[pid 5038] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5038] setpgid(0, 0) = 0
[pid 5038] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5038] write(3, "1000", 4) = 4
[pid 5038] close(3) = 0
[pid 5038] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5038] memfd_create("syzkaller", 0) = 3
[pid 5038] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fea94982000
[pid 5038] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5038] munmap(0x7fea94982000, 16777216) = 0
[pid 5038] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5038] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5038] close(3) = 0
[pid 5038] mkdir("./file0", 0777) = 0
[ 58.201709][ T5038] loop0: detected capacity change from 0 to 32768
[ 58.212334][ T5038] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz-executor175 (5038)
[ 58.228256][ T5038] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 58.237085][ T5038] BTRFS info (device loop0): using free space tree
[pid 5038] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0
[pid 5038] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5038] ioctl(4, LOOP_CLR_FD) = 0
[pid 5038] close(4) = 0
[pid 5038] fcntl(3, F_DUPFD, 3) = 4
[pid 5038] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5038] write(5, "17", 2) = 2
[ 58.256199][ T5038] BTRFS info (device loop0): enabling ssd optimizations
[ 58.263357][ T5038] BTRFS info (device loop0): auto enabling async discard
[ 58.276087][ T5038] FAULT_INJECTION: forcing a failure.
[ 58.276087][ T5038] name failslab, interval 1, probability 0, space 0, times 0
[ 58.289055][ T5038] CPU: 0 PID: 5038 Comm: syz-executor175 Not tainted 6.4.0-rc6-syzkaller-00037-gb6dad5178cea #0
[ 58.299511][ T5038] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 58.309587][ T5038] Call Trace:
[ 58.312888][ T5038]
[ 58.315846][ T5038] dump_stack_lvl+0x1e7/0x2d0
[ 58.320554][ T5038] ? nf_tcp_handle_invalid+0x650/0x650
[ 58.326042][ T5038] ? panic+0x770/0x770
[ 58.330149][ T5038] should_fail_ex+0x3aa/0x4e0
[ 58.334866][ T5038] should_failslab+0x9/0x20
[ 58.339395][ T5038] slab_pre_alloc_hook+0x59/0x2b0
[ 58.344463][ T5038] kmem_cache_alloc+0x52/0x2e0
[ 58.349257][ T5038] ? create_snapshot+0x24b/0x7e0
[ 58.354293][ T5038] create_snapshot+0x24b/0x7e0
[ 58.359069][ T5038] btrfs_mksubvol+0x5d0/0x750
[ 58.363851][ T5038] ? __btrfs_ioctl_snap_create+0x450/0x450
[ 58.369666][ T5038] btrfs_mksnapshot+0xb5/0xf0
[ 58.374380][ T5038] __btrfs_ioctl_snap_create+0x338/0x450
[ 58.380011][ T5038] btrfs_ioctl_snap_create_v2+0x1c4/0x400
[ 58.385729][ T5038] btrfs_ioctl+0xa71/0xd40
[ 58.390141][ T5038] ? btrfs_ioctl_get_supported_features+0x50/0x50
[ 58.396736][ T5038] __se_sys_ioctl+0xf1/0x160
[ 58.401363][ T5038] do_syscall_64+0x41/0xc0
[ 58.405774][ T5038] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 58.411660][ T5038] RIP: 0033:0x7fea9cdcfa29
[ 58.416067][ T5038] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 58.435665][ T5038] RSP: 002b:00007ffd03d248a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 58.444080][ T5038] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fea9cdcfa29
[pid 5038] ioctl(4, BTRFS_IOC_SNAP_CREATE_V2, {fd=4, flags=BTRFS_SUBVOL_QGROUP_INHERIT, size=72, qgroup_inherit={flags=0, num_qgroups=0, num_ref_copies=0, num_excl_copies=0, lim={flags=0, max_rfer=0, max_excl=0, rsv_rfer=0, rsv_excl=0}, ...}, name="\x05"}) = -1 ENOMEM (Cannot allocate memory)
[pid 5038] exit_group(0) = ?
[pid 5038] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5038, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=20 /* 0.20 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556369620 /* 4 entries */, 32768) = 112
umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./2/binderfs") = 0
[ 58.452067][ T5038] RDX: 0000000020002d40 RSI: 0000000050009417 RDI: 0000000000000004
[ 58.460048][ T5038] RBP: 00007ffd03d248d0 R08: 0000000000000002 R09: 00007ffd03d248e0
[ 58.468108][ T5038] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 58.476090][ T5038] R13: 00007ffd03d24910 R14: 00007ffd03d248f0 R15: 0000000000000002
[ 58.484081][ T5038]
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556371660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556371660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./2/file0") = 0
getdents64(3, 0x555556369620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./2") = 0
mkdir("./3", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563685d0) = 5063
./strace-static-x86_64: Process 5063 attached
[pid 5063] chdir("./3") = 0
[pid 5063] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5063] setpgid(0, 0) = 0
[pid 5063] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5063] write(3, "1000", 4) = 4
[pid 5063] close(3) = 0
[pid 5063] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5063] memfd_create("syzkaller", 0) = 3
[pid 5063] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fea94982000
[pid 5063] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5063] munmap(0x7fea94982000, 16777216) = 0
[pid 5063] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5063] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5063] close(3) = 0
[pid 5063] mkdir("./file0", 0777) = 0
[ 58.789611][ T5063] loop0: detected capacity change from 0 to 32768
[ 58.799644][ T5063] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz-executor175 (5063)
[ 58.816026][ T5063] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 58.824716][ T5063] BTRFS info (device loop0): using free space tree
[pid 5063] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0
[pid 5063] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5063] ioctl(4, LOOP_CLR_FD) = 0
[pid 5063] close(4) = 0
[pid 5063] fcntl(3, F_DUPFD, 3) = 4
[pid 5063] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5063] write(5, "17", 2) = 2
[ 58.843499][ T5063] BTRFS info (device loop0): enabling ssd optimizations
[ 58.850559][ T5063] BTRFS info (device loop0): auto enabling async discard
[ 58.867742][ T5063] FAULT_INJECTION: forcing a failure.
[ 58.867742][ T5063] name failslab, interval 1, probability 0, space 0, times 0
[ 58.880992][ T5063] CPU: 0 PID: 5063 Comm: syz-executor175 Not tainted 6.4.0-rc6-syzkaller-00037-gb6dad5178cea #0
[ 58.891444][ T5063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 58.901529][ T5063] Call Trace:
[ 58.904833][ T5063]
[ 58.907786][ T5063] dump_stack_lvl+0x1e7/0x2d0
[ 58.912494][ T5063] ? nf_tcp_handle_invalid+0x650/0x650
[ 58.917980][ T5063] ? panic+0x770/0x770
[ 58.922079][ T5063] ? __might_sleep+0xc0/0xc0
[ 58.926711][ T5063] should_fail_ex+0x3aa/0x4e0
[ 58.931421][ T5063] should_failslab+0x9/0x20
[ 58.935946][ T5063] slab_pre_alloc_hook+0x59/0x2b0
[ 58.941011][ T5063] kmem_cache_alloc+0x52/0x2e0
[ 58.945803][ T5063] ? btrfs_set_inode_index+0x251/0x580
[ 58.951301][ T5063] btrfs_set_inode_index+0x251/0x580
[ 58.956624][ T5063] ? btrfs_lookup_dentry+0x1510/0x1510
[ 58.962128][ T5063] ? current_time+0x1be/0x300
[ 58.966841][ T5063] ? atime_needs_update+0x5f0/0x6d0
[ 58.972067][ T5063] ? record_root_in_trans+0x111/0x360
[ 58.977471][ T5063] ? trace_btrfs_space_reservation+0x96/0x210
[ 58.983574][ T5063] create_pending_snapshot+0x808/0x28f0
[ 58.989177][ T5063] ? trace_btrfs_space_reservation+0x210/0x210
[ 58.995348][ T5063] ? rcu_is_watching+0x15/0xb0
[ 59.000102][ T5063] ? trace_contention_end+0x3c/0xf0
[ 59.005290][ T5063] ? __mutex_lock_common+0x42d/0x2530
[ 59.010663][ T5063] create_pending_snapshots+0x195/0x1d0
[ 59.016208][ T5063] btrfs_commit_transaction+0x12f5/0x3370
[ 59.021934][ T5063] ? __mutex_unlock_slowpath+0x21c/0x750
[ 59.027586][ T5063] ? btrfs_commit_transaction_async+0x450/0x450
[ 59.033838][ T5063] ? record_root_in_trans+0x2d8/0x360
[ 59.039222][ T5063] ? btrfs_record_root_in_trans+0x16e/0x180
[ 59.045115][ T5063] ? start_transaction+0x3de/0x1080
[ 59.050316][ T5063] create_snapshot+0x4a5/0x7e0
[ 59.055086][ T5063] btrfs_mksubvol+0x5d0/0x750
[ 59.059760][ T5063] ? __btrfs_ioctl_snap_create+0x450/0x450
[ 59.065578][ T5063] btrfs_mksnapshot+0xb5/0xf0
[ 59.070254][ T5063] __btrfs_ioctl_snap_create+0x338/0x450
[ 59.075880][ T5063] btrfs_ioctl_snap_create_v2+0x1c4/0x400
[ 59.081589][ T5063] btrfs_ioctl+0xa71/0xd40
[ 59.085998][ T5063] ? btrfs_ioctl_get_supported_features+0x50/0x50
[ 59.092418][ T5063] __se_sys_ioctl+0xf1/0x160
[ 59.097009][ T5063] do_syscall_64+0x41/0xc0
[ 59.101414][ T5063] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 59.107297][ T5063] RIP: 0033:0x7fea9cdcfa29
[ 59.111699][ T5063] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 59.131381][ T5063] RSP: 002b:00007ffd03d248a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 59.139783][ T5063] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fea9cdcfa29
[ 59.147743][ T5063] RDX: 0000000020002d40 RSI: 0000000050009417 RDI: 0000000000000004
[ 59.155708][ T5063] RBP: 00007ffd03d248d0 R08: 0000000000000002 R09: 00007ffd03d248e0
[ 59.163665][ T5063] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 59.171622][ T5063] R13: 00007ffd03d24910 R14: 00007ffd03d248f0 R15: 0000000000000003
[ 59.179613][ T5063]
[ 59.183901][ T5063] ------------[ cut here ]------------
[ 59.189422][ T5063] kernel BUG at fs/btrfs/transaction.c:1691!
[ 59.195530][ T5063] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[ 59.201602][ T5063] CPU: 0 PID: 5063 Comm: syz-executor175 Not tainted 6.4.0-rc6-syzkaller-00037-gb6dad5178cea #0
[ 59.212014][ T5063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 59.222153][ T5063] RIP: 0010:create_pending_snapshot+0x2531/0x28f0
[ 59.228585][ T5063] Code: e9 f3 ed ff ff e8 af 9c 02 fe 48 c7 c7 20 26 2a 8b 44 89 e6 e8 b0 1b ca fd 0f 0b e9 ab f9 ff ff e8 e4 ba 26 07 e8 8f 9c 02 fe <0f> 0b f3 0f 1e fa e8 84 9c 02 fe 48 b8 00 00 00 00 00 fc ff df 48
[ 59.248216][ T5063] RSP: 0018:ffffc90003ddf5e0 EFLAGS: 00010293
[ 59.254308][ T5063] RAX: ffffffff8388e311 RBX: 00000000fffffff4 RCX: ffff888070ea0000
[ 59.262292][ T5063] RDX: 0000000000000000 RSI: 00000000fffffff4 RDI: 0000000000000000
[ 59.270258][ T5063] RBP: ffffc90003ddf8d0 R08: ffffffff8388c5f3 R09: fffffbfff1a03967
[ 59.278223][ T5063] R10: 0000000000000000 R11: dffffc0000000001 R12: 00000000000a0000
[ 59.286187][ T5063] R13: ffff88801f6fc000 R14: dffffc0000000000 R15: ffff8880783a2050
[ 59.294237][ T5063] FS: 0000555556368300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[ 59.303160][ T5063] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 59.309730][ T5063] CR2: 0000000020002d48 CR3: 000000002b96b000 CR4: 00000000003506f0
[ 59.317692][ T5063] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 59.325660][ T5063] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 59.333618][ T5063] Call Trace:
[ 59.336885][ T5063]
[ 59.339809][ T5063] ? __die_body+0x5e/0xa0
[ 59.344140][ T5063] ? die+0x87/0xb0
[ 59.347847][ T5063] ? do_trap+0x11e/0x350
[ 59.352085][ T5063] ? create_pending_snapshot+0x2531/0x28f0
[ 59.357880][ T5063] ? create_pending_snapshot+0x2531/0x28f0
[ 59.363680][ T5063] ? do_error_trap+0x141/0x1f0
[ 59.368433][ T5063] ? create_pending_snapshot+0x2531/0x28f0
[ 59.374232][ T5063] ? do_int3+0x30/0x30
[ 59.378288][ T5063] ? report_bug+0x3e4/0x500
[ 59.382785][ T5063] ? handle_invalid_op+0x2c/0x40
[ 59.387712][ T5063] ? create_pending_snapshot+0x2531/0x28f0
[ 59.393510][ T5063] ? exc_invalid_op+0x33/0x50
[ 59.398174][ T5063] ? asm_exc_invalid_op+0x1a/0x20
[ 59.403196][ T5063] ? create_pending_snapshot+0x813/0x28f0
[ 59.408903][ T5063] ? create_pending_snapshot+0x2531/0x28f0
[ 59.414699][ T5063] ? create_pending_snapshot+0x2531/0x28f0
[ 59.420508][ T5063] ? trace_btrfs_space_reservation+0x210/0x210
[ 59.426658][ T5063] ? rcu_is_watching+0x15/0xb0
[ 59.431411][ T5063] ? trace_contention_end+0x3c/0xf0
[ 59.436595][ T5063] ? __mutex_lock_common+0x42d/0x2530
[ 59.441962][ T5063] create_pending_snapshots+0x195/0x1d0
[ 59.447507][ T5063] btrfs_commit_transaction+0x12f5/0x3370
[ 59.453222][ T5063] ? __mutex_unlock_slowpath+0x21c/0x750
[ 59.458860][ T5063] ? btrfs_commit_transaction_async+0x450/0x450
[ 59.465091][ T5063] ? record_root_in_trans+0x2d8/0x360
[ 59.470500][ T5063] ? btrfs_record_root_in_trans+0x16e/0x180
[ 59.476496][ T5063] ? start_transaction+0x3de/0x1080
[ 59.481700][ T5063] create_snapshot+0x4a5/0x7e0
[ 59.486461][ T5063] btrfs_mksubvol+0x5d0/0x750
[ 59.491130][ T5063] ? __btrfs_ioctl_snap_create+0x450/0x450
[ 59.496931][ T5063] btrfs_mksnapshot+0xb5/0xf0
[ 59.501600][ T5063] __btrfs_ioctl_snap_create+0x338/0x450
[ 59.507226][ T5063] btrfs_ioctl_snap_create_v2+0x1c4/0x400
[ 59.512935][ T5063] btrfs_ioctl+0xa71/0xd40
[ 59.517343][ T5063] ? btrfs_ioctl_get_supported_features+0x50/0x50
[ 59.523755][ T5063] __se_sys_ioctl+0xf1/0x160
[ 59.528336][ T5063] do_syscall_64+0x41/0xc0
[ 59.532742][ T5063] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 59.538637][ T5063] RIP: 0033:0x7fea9cdcfa29
[ 59.543053][ T5063] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 59.562649][ T5063] RSP: 002b:00007ffd03d248a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 59.571054][ T5063] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fea9cdcfa29
[ 59.579022][ T5063] RDX: 0000000020002d40 RSI: 0000000050009417 RDI: 0000000000000004
[ 59.586980][ T5063] RBP: 00007ffd03d248d0 R08: 0000000000000002 R09: 00007ffd03d248e0
[ 59.594939][ T5063] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 59.602898][ T5063] R13: 00007ffd03d24910 R14: 00007ffd03d248f0 R15: 0000000000000003
[ 59.610867][ T5063]
[ 59.613874][ T5063] Modules linked in:
[ 59.617849][ T5063] ---[ end trace 0000000000000000 ]---
[ 59.623337][ T5063] RIP: 0010:create_pending_snapshot+0x2531/0x28f0
[ 59.629773][ T5063] Code: e9 f3 ed ff ff e8 af 9c 02 fe 48 c7 c7 20 26 2a 8b 44 89 e6 e8 b0 1b ca fd 0f 0b e9 ab f9 ff ff e8 e4 ba 26 07 e8 8f 9c 02 fe <0f> 0b f3 0f 1e fa e8 84 9c 02 fe 48 b8 00 00 00 00 00 fc ff df 48
[ 59.649612][ T5063] RSP: 0018:ffffc90003ddf5e0 EFLAGS: 00010293
[ 59.655733][ T5063] RAX: ffffffff8388e311 RBX: 00000000fffffff4 RCX: ffff888070ea0000
[ 59.663759][ T5063] RDX: 0000000000000000 RSI: 00000000fffffff4 RDI: 0000000000000000
[ 59.671747][ T5063] RBP: ffffc90003ddf8d0 R08: ffffffff8388c5f3 R09: fffffbfff1a03967
[ 59.679808][ T5063] R10: 0000000000000000 R11: dffffc0000000001 R12: 00000000000a0000
[ 59.687829][ T5063] R13: ffff88801f6fc000 R14: dffffc0000000000 R15: ffff8880783a2050
[ 59.695889][ T5063] FS: 0000555556368300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[ 59.704845][ T5063] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 59.711419][ T5063] CR2: 0000000020002d48 CR3: 000000002b96b000 CR4: 00000000003506f0
[ 59.719414][ T5063] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 59.727418][ T5063] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 59.735415][ T5063] Kernel panic - not syncing: Fatal exception
[ 59.741666][ T5063] Kernel Offset: disabled
[ 59.745979][ T5063] Rebooting in 86400 seconds..