./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1973217818

<...>
DUID 00:04:7a:dc:29:a2:f4:b1:6d:28:30:de:a7:64:4f:eb:cd:90
forked to background, child pid 4646
[   30.119978][ T4647] 8021q: adding VLAN 0 to HW filter on device bond0
[   30.131566][ T4647] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.1.136' (ECDSA) to the list of known hosts.
execve("./syz-executor1973217818", ["./syz-executor1973217818"], 0x7ffc2741f470 /* 10 vars */) = 0
brk(NULL)                               = 0x55555727e000
brk(0x55555727ec40)                     = 0x55555727ec40
arch_prctl(ARCH_SET_FS, 0x55555727e300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor1973217818", 4096) = 28
brk(0x55555729fc40)                     = 0x55555729fc40
brk(0x5555572a0000)                     = 0x5555572a0000
mprotect(0x7f0dcb3ef000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
getpid()                                = 5075
mkdir("./syzkaller.upUMUU", 0700)       = 0
chmod("./syzkaller.upUMUU", 0777)       = 0
chdir("./syzkaller.upUMUU")             = 0
mkdir("./0", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5076 attached
 <unfinished ...>
[pid  5076] chdir("./0")                = 0
[pid  5076] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5076] setpgid(0, 0)               = 0
[pid  5076] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5075] <... clone resumed>, child_tidptr=0x55555727e5d0) = 5076
[pid  5076] write(3, "1000", 4)         = 4
[pid  5076] close(3)                    = 0
[pid  5076] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5076] memfd_create("syzkaller", 0) = 3
[pid  5076] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0dc2f2d000
syzkaller login: [   53.630787][ T5076] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5076 'syz-executor197'
[pid  5076] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  5076] munmap(0x7f0dc2f2d000, 16777216) = 0
[pid  5076] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5076] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5076] close(3)                    = 0
[pid  5076] mkdir("./file0", 0777)      = 0
[   53.796440][ T5076] loop0: detected capacity change from 0 to 32768
[   53.809775][ T5076] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor197 (5076)
[   53.830220][ T5076] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[   53.839059][ T5076] BTRFS info (device loop0): using free space tree
[pid  5076] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0
[pid  5076] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5076] chdir("./file0")            = 0
[pid  5076] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5076] close(4)                    = 0
[pid  5076] open("./file0", O_RDONLY)   = 4
[   53.863136][ T5076] BTRFS info (device loop0): enabling ssd optimizations
[   53.870207][ T5076] BTRFS info (device loop0): auto enabling async discard
[pid  5076] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid  5076] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid  5076] write(6, "17", 2)           = 2
[   53.911772][   T27] audit: type=1800 audit(1679757259.414:2): pid=5076 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor197" name="bus" dev="loop0" ino=263 res=0 errno=0
[pid  5076] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x02\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0
[pid  5076] exit_group(0)               = ?
[pid  5076] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5076, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=18 /* 0.18 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555727f620 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./0/binderfs")                  = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555557287660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555557287660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./0/file0")                      = 0
getdents64(3, 0x55555727f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./0")                            = 0
mkdir("./1", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555727e5d0) = 5103
./strace-static-x86_64: Process 5103 attached
[pid  5103] chdir("./1")                = 0
[pid  5103] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5103] setpgid(0, 0)               = 0
[pid  5103] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5103] write(3, "1000", 4)         = 4
[pid  5103] close(3)                    = 0
[pid  5103] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5103] memfd_create("syzkaller", 0) = 3
[pid  5103] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0dc2f2d000
[pid  5103] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  5103] munmap(0x7f0dc2f2d000, 16777216) = 0
[pid  5103] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5103] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5103] close(3)                    = 0
[pid  5103] mkdir("./file0", 0777)      = 0
[   54.287322][ T5103] loop0: detected capacity change from 0 to 32768
[   54.297283][ T5103] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor197 (5103)
[   54.313512][ T5103] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[   54.322283][ T5103] BTRFS info (device loop0): using free space tree
[pid  5103] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0
[pid  5103] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5103] chdir("./file0")            = 0
[pid  5103] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5103] close(4)                    = 0
[pid  5103] open("./file0", O_RDONLY)   = 4
[   54.341844][ T5103] BTRFS info (device loop0): enabling ssd optimizations
[   54.348940][ T5103] BTRFS info (device loop0): auto enabling async discard
[pid  5103] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid  5103] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid  5103] write(6, "17", 2)           = 2
[   54.373162][   T27] audit: type=1800 audit(1679757259.874:3): pid=5103 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor197" name="bus" dev="loop0" ino=263 res=0 errno=0
[   54.400046][ T5103] FAULT_INJECTION: forcing a failure.
[   54.400046][ T5103] name failslab, interval 1, probability 0, space 0, times 1
[   54.416134][ T5103] CPU: 1 PID: 5103 Comm: syz-executor197 Not tainted 6.3.0-rc3-syzkaller-00317-g65aca32efdcb #0
[   54.426602][ T5103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[   54.436682][ T5103] Call Trace:
[   54.439978][ T5103]  <TASK>
[   54.442971][ T5103]  dump_stack_lvl+0x1e7/0x2d0
[   54.447703][ T5103]  ? nf_tcp_handle_invalid+0x650/0x650
[   54.453197][ T5103]  ? panic+0x770/0x770
[   54.457296][ T5103]  ? __might_sleep+0xc0/0xc0
[   54.461959][ T5103]  should_fail_ex+0x3aa/0x4e0
[   54.466674][ T5103]  should_failslab+0x9/0x20
[   54.471204][ T5103]  slab_pre_alloc_hook+0x59/0x2b0
[   54.476266][ T5103]  kmem_cache_alloc+0x52/0x2e0
[   54.481056][ T5103]  ? start_transaction+0x469/0x1050
[   54.486287][ T5103]  start_transaction+0x469/0x1050
[   54.491354][ T5103]  create_snapshot+0x437/0x7e0
[   54.496154][ T5103]  btrfs_mksubvol+0x5d0/0x750
[   54.500880][ T5103]  ? __btrfs_ioctl_snap_create+0x450/0x450
[   54.506699][ T5103]  ? __might_fault+0xbe/0x120
[   54.511389][ T5103]  btrfs_mksnapshot+0xb5/0xf0
[   54.516073][ T5103]  __btrfs_ioctl_snap_create+0x338/0x450
[   54.521711][ T5103]  btrfs_ioctl_snap_create+0x136/0x190
[   54.527186][ T5103]  btrfs_ioctl+0xbbc/0xd40
[   54.531599][ T5103]  ? btrfs_ioctl_get_supported_features+0x50/0x50
[   54.538011][ T5103]  __se_sys_ioctl+0xf1/0x160
[   54.542605][ T5103]  do_syscall_64+0x41/0xc0
[   54.547022][ T5103]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   54.552914][ T5103] RIP: 0033:0x7f0dcb37aa29
[   54.557328][ T5103] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   54.577210][ T5103] RSP: 002b:00007ffd8c6fac58 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[pid  5103] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x02\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = -1 ENOMEM (Cannot allocate memory)
[pid  5103] exit_group(0)               = ?
[pid  5103] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5103, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=17 /* 0.17 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555727f620 /* 4 entries */, 32768) = 112
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./1/binderfs")                  = 0
[   54.585628][ T5103] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0dcb37aa29
[   54.593593][ T5103] RDX: 00000000200000c0 RSI: 0000000050009401 RDI: 0000000000000004
[   54.601557][ T5103] RBP: 00007ffd8c6fac80 R08: 0000000000000002 R09: 00007ffd8c6fac90
[   54.609543][ T5103] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[   54.617571][ T5103] R13: 00007ffd8c6facc0 R14: 00007ffd8c6faca0 R15: 0000000000000001
[   54.625556][ T5103]  </TASK>
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555557287660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555557287660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./1/file0")                      = 0
getdents64(3, 0x55555727f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./1")                            = 0
mkdir("./2", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = 0
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555727e5d0) = 5130
./strace-static-x86_64: Process 5130 attached
[pid  5130] chdir("./2")                = 0
[pid  5130] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5130] setpgid(0, 0)               = 0
[pid  5130] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5130] write(3, "1000", 4)         = 4
[pid  5130] close(3)                    = 0
[pid  5130] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5130] memfd_create("syzkaller", 0) = 3
[pid  5130] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0dc2f2d000
[pid  5130] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  5130] munmap(0x7f0dc2f2d000, 16777216) = 0
[pid  5130] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5130] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5130] close(3)                    = 0
[pid  5130] mkdir("./file0", 0777)      = 0
[   54.916644][ T5130] loop0: detected capacity change from 0 to 32768
[   54.926654][ T5130] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor197 (5130)
[   54.942916][ T5130] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[   54.951688][ T5130] BTRFS info (device loop0): using free space tree
[pid  5130] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0
[pid  5130] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5130] chdir("./file0")            = 0
[pid  5130] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5130] close(4)                    = 0
[pid  5130] open("./file0", O_RDONLY)   = 4
[pid  5130] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid  5130] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid  5130] write(6, "17", 2)           = 2
[   54.971133][ T5130] BTRFS info (device loop0): enabling ssd optimizations
[   54.978301][ T5130] BTRFS info (device loop0): auto enabling async discard
[   54.994847][   T27] audit: type=1800 audit(1679757260.494:4): pid=5130 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor197" name="bus" dev="loop0" ino=263 res=0 errno=0
[   54.996772][ T5130] FAULT_INJECTION: forcing a failure.
[   54.996772][ T5130] name failslab, interval 1, probability 0, space 0, times 0
[   55.028336][ T5130] CPU: 0 PID: 5130 Comm: syz-executor197 Not tainted 6.3.0-rc3-syzkaller-00317-g65aca32efdcb #0
[   55.038791][ T5130] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[   55.048871][ T5130] Call Trace:
[   55.052174][ T5130]  <TASK>
[   55.055124][ T5130]  dump_stack_lvl+0x1e7/0x2d0
[   55.059843][ T5130]  ? nf_tcp_handle_invalid+0x650/0x650
[   55.065346][ T5130]  ? panic+0x770/0x770
[   55.069445][ T5130]  ? __might_sleep+0xc0/0xc0
[   55.074066][ T5130]  ? btrfs_mksnapshot+0xb5/0xf0
[   55.079052][ T5130]  ? btrfs_ioctl_snap_create+0x136/0x190
[   55.084729][ T5130]  ? __se_sys_ioctl+0xf1/0x160
[   55.089522][ T5130]  ? do_syscall_64+0x41/0xc0
[   55.094141][ T5130]  ? entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   55.100247][ T5130]  should_fail_ex+0x3aa/0x4e0
[   55.105163][ T5130]  should_failslab+0x9/0x20
[   55.109788][ T5130]  slab_pre_alloc_hook+0x59/0x2b0
[   55.114856][ T5130]  kmem_cache_alloc+0x52/0x2e0
[   55.119666][ T5130]  ? btrfs_add_delayed_tree_ref+0x231/0xfc0
[   55.125602][ T5130]  btrfs_add_delayed_tree_ref+0x231/0xfc0
[   55.131376][ T5130]  ? btrfs_delete_ref_head+0x270/0x270
[   55.136878][ T5130]  ? btrfs_alloc_tree_block+0xbae/0x1800
[   55.142546][ T5130]  ? btrfs_alloc_tree_block+0xbdb/0x1800
[   55.148219][ T5130]  btrfs_alloc_tree_block+0xf56/0x1800
[   55.153729][ T5130]  ? alloc_reserved_file_extent+0x5e0/0x5e0
[   55.159745][ T5130]  ? mark_lock+0x9a/0x340
[   55.164142][ T5130]  ? read_extent_buffer+0x122/0x2a0
[   55.169416][ T5130]  ? __asan_memcpy+0x40/0x70
[   55.174058][ T5130]  __btrfs_cow_block+0x470/0x1830
[   55.179132][ T5130]  ? btrfs_qgroup_trace_subtree_after_cow+0x1a8/0x1190
[   55.186029][ T5130]  ? btrfs_cow_block+0x780/0x780
[   55.190998][ T5130]  ? btrfs_qgroup_add_swapped_blocks+0x7e0/0x7f0
[   55.197388][ T5130]  ? rcu_is_watching+0x15/0xb0
[   55.202281][ T5130]  btrfs_cow_block+0x403/0x780
[   55.207100][ T5130]  btrfs_search_slot+0xc89/0x2f70
[   55.212147][ T5130]  ? validate_chain+0x119/0x58e0
[   55.217111][ T5130]  ? kasan_set_track+0x61/0x70
[   55.221893][ T5130]  ? btrfs_find_item+0x530/0x530
[   55.226843][ T5130]  ? btrfs_extent_root+0x2a6/0x3b0
[   55.232032][ T5130]  ? btrfs_ioctl_snap_create+0x136/0x190
[   55.237661][ T5130]  ? btrfs_ioctl+0xbbc/0xd40
[   55.242335][ T5130]  ? btrfs_csum_root+0x3b0/0x3b0
[   55.247289][ T5130]  lookup_inline_extent_backref+0x3f2/0x1470
[   55.253280][ T5130]  ? insert_extent_data_ref+0xa30/0xa30
[   55.258908][ T5130]  ? __kasan_slab_alloc+0x66/0x70
[   55.263932][ T5130]  ? slab_post_alloc_hook+0x83/0x3a0
[   55.269240][ T5130]  ? kmem_cache_alloc+0x14e/0x2e0
[   55.274298][ T5130]  __btrfs_free_extent+0x28c/0x2ef0
[   55.279512][ T5130]  ? __btrfs_inc_extent_ref+0x5f0/0x5f0
[   55.285065][ T5130]  ? _raw_read_unlock+0x28/0x40
[   55.289922][ T5130]  ? do_raw_spin_unlock+0x13b/0x8b0
[   55.295121][ T5130]  __btrfs_run_delayed_refs+0x10c6/0x4100
[   55.300871][ T5130]  ? reacquire_held_locks+0x660/0x660
[   55.306263][ T5130]  ? __lock_acquire+0x125b/0x1f80
[   55.311295][ T5130]  ? btrfs_run_delayed_refs+0x480/0x480
[   55.316869][ T5130]  ? read_lock_is_recursive+0x20/0x20
[   55.322321][ T5130]  ? mark_lock+0x9a/0x340
[   55.326654][ T5130]  btrfs_run_delayed_refs+0x140/0x480
[   55.332017][ T5130]  ? btrfs_trans_release_metadata+0x158/0x1c0
[   55.338110][ T5130]  btrfs_commit_transaction+0x42c/0x3440
[   55.343876][ T5130]  ? read_lock_is_recursive+0x20/0x20
[   55.349270][ T5130]  ? join_transaction+0xbfd/0xe80
[   55.354308][ T5130]  ? __lock_acquire+0x1f80/0x1f80
[   55.359326][ T5130]  ? btrfs_commit_transaction_async+0x450/0x450
[   55.365573][ T5130]  ? do_raw_spin_unlock+0x13b/0x8b0
[   55.370890][ T5130]  ? join_transaction+0xc52/0xe80
[   55.375939][ T5130]  ? join_transaction+0xc28/0xe80
[   55.381135][ T5130]  ? btrfs_record_root_in_trans+0x12d/0x180
[   55.387044][ T5130]  ? start_transaction+0x3de/0x1050
[   55.392264][ T5130]  create_snapshot+0x4a5/0x7e0
[   55.397029][ T5130]  btrfs_mksubvol+0x5d0/0x750
[   55.401706][ T5130]  ? __btrfs_ioctl_snap_create+0x450/0x450
[   55.407610][ T5130]  ? __might_fault+0xbe/0x120
[   55.412318][ T5130]  btrfs_mksnapshot+0xb5/0xf0
[   55.417006][ T5130]  __btrfs_ioctl_snap_create+0x338/0x450
[   55.422661][ T5130]  btrfs_ioctl_snap_create+0x136/0x190
[   55.428114][ T5130]  btrfs_ioctl+0xbbc/0xd40
[   55.432526][ T5130]  ? btrfs_ioctl_get_supported_features+0x50/0x50
[   55.439022][ T5130]  __se_sys_ioctl+0xf1/0x160
[   55.443612][ T5130]  do_syscall_64+0x41/0xc0
[   55.448035][ T5130]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   55.453944][ T5130] RIP: 0033:0x7f0dcb37aa29
[   55.458373][ T5130] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   55.478081][ T5130] RSP: 002b:00007ffd8c6fac58 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   55.486506][ T5130] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0dcb37aa29
[   55.494473][ T5130] RDX: 00000000200000c0 RSI: 0000000050009401 RDI: 0000000000000004
[   55.502444][ T5130] RBP: 00007ffd8c6fac80 R08: 0000000000000002 R09: 00007ffd8c6fac90
[   55.510444][ T5130] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[pid  5130] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x02\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = -1 ENOMEM (Cannot allocate memory)
[pid  5130] exit_group(0)               = ?
[pid  5130] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5130, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=24 /* 0.24 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555727f620 /* 4 entries */, 32768) = 112
umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./2/binderfs")                  = 0
[   55.518433][ T5130] R13: 00007ffd8c6facc0 R14: 00007ffd8c6faca0 R15: 0000000000000002
[   55.526430][ T5130]  </TASK>
[   55.530153][ T5130] BTRFS: error (device loop0: state A) in __btrfs_free_extent:3076: errno=-12 Out of memory
[   55.540601][ T5130] BTRFS info (device loop0: state EA): forced readonly
[   55.547703][ T5130] BTRFS error (device loop0: state EA): failed to run delayed ref for logical 5255168 num_bytes 4096 type 176 action 2 ref_mod 1: -12
[   55.561548][ T5130] BTRFS: error (device loop0: state EA) in btrfs_run_delayed_refs:2150: errno=-12 Out of memory
[   55.609572][ T5075] ------------[ cut here ]------------
[   55.615172][ T5075] WARNING: CPU: 0 PID: 5075 at fs/btrfs/space-info.h:197 btrfs_space_info_update_bytes_may_use+0x29f/0x600
[   55.626797][ T5075] Modules linked in:
[   55.630735][ T5075] CPU: 0 PID: 5075 Comm: syz-executor197 Not tainted 6.3.0-rc3-syzkaller-00317-g65aca32efdcb #0
[   55.641235][ T5075] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[   55.651355][ T5075] RIP: 0010:btrfs_space_info_update_bytes_may_use+0x29f/0x600
[   55.658858][ T5075] Code: 25 00 00 74 08 4c 89 ff e8 fe 52 38 fe 49 8b 1f 48 89 df 48 8b 6c 24 20 48 89 ee e8 4b 9e e2 fd 48 39 eb 73 14 e8 31 9c e2 fd <0f> 0b 45 31 f6 43 80 7c 25 00 00 75 ac eb b2 e8 1d 9c e2 fd 43 80
[   55.678526][ T5075] RSP: 0018:ffffc90003c6f910 EFLAGS: 00010293
[   55.684598][ T5075] RAX: ffffffff83a7d0ef RBX: 00000000000df000 RCX: ffff8880283157c0
[   55.692803][ T5075] RDX: 0000000000000000 RSI: 00000000000e0000 RDI: 00000000000df000
[   55.700834][ T5075] RBP: 00000000000e0000 R08: ffffffff83a7d0e5 R09: fffffbfff1ca6f0e
[   55.708868][ T5075] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
[   55.716877][ T5075] R13: 1ffff11004af6c0c R14: fffffffffff20000 R15: ffff8880257b6060
[   55.724925][ T5075] FS:  000055555727e300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[   55.733898][ T5075] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   55.740522][ T5075] CR2: 0000555557287628 CR3: 000000001ec5e000 CR4: 00000000003506f0
[   55.748537][ T5075] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   55.756542][ T5075] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   55.764506][ T5075] Call Trace:
[   55.767822][ T5075]  <TASK>
[   55.770759][ T5075]  ? do_raw_write_lock+0x147/0x4f0
[   55.775887][ T5075]  btrfs_block_rsv_release+0x441/0x520
[   55.781406][ T5075]  btrfs_release_global_block_rsv+0x33/0x260
[   55.787428][ T5075]  btrfs_free_block_groups+0xb3e/0xe80
[   55.792890][ T5075]  close_ctree+0x742/0xd30
[   55.797368][ T5075]  ? init_tree_roots+0x1f80/0x1f80
[   55.802502][ T5075]  ? hook_inode_free_security+0xb0/0xb0
[   55.808116][ T5075]  ? __fsnotify_vfsmount_delete+0x20/0x20
[   55.813843][ T5075]  ? clear_inode+0x150/0x150
[   55.818530][ T5075]  ? dput+0x403/0x420
[   55.822531][ T5075]  ? fscrypt_destroy_keyring+0x273/0x290
[   55.828234][ T5075]  ? btrfs_fill_super+0x2d0/0x2d0
[   55.833281][ T5075]  generic_shutdown_super+0x134/0x340
[   55.838700][ T5075]  kill_anon_super+0x3b/0x60
[   55.843300][ T5075]  btrfs_kill_super+0x41/0x50
[   55.848049][ T5075]  deactivate_locked_super+0xa4/0x110
[   55.853457][ T5075]  cleanup_mnt+0x426/0x4c0
[   55.857935][ T5075]  ? _raw_spin_unlock_irq+0x23/0x50
[   55.863148][ T5075]  task_work_run+0x24a/0x300
[   55.867780][ T5075]  ? dput+0x3a1/0x420
[   55.871780][ T5075]  ? task_work_cancel+0x2b0/0x2b0
[   55.876843][ T5075]  ? __x64_sys_umount+0x126/0x170
[   55.881879][ T5075]  ptrace_notify+0x2cd/0x380
[   55.886529][ T5075]  ? do_notify_parent+0xf50/0xf50
[   55.891564][ T5075]  ? user_path_at_empty+0x12f/0x180
[   55.896803][ T5075]  ? __x64_sys_umount+0x126/0x170
[   55.901833][ T5075]  ? path_umount+0xea0/0xea0
[   55.906469][ T5075]  ? syscall_enter_from_user_mode+0x32/0x260
[   55.912464][ T5075]  syscall_exit_to_user_mode+0x157/0x280
[   55.918156][ T5075]  do_syscall_64+0x4d/0xc0
[   55.922588][ T5075]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   55.928531][ T5075] RIP: 0033:0x7f0dcb37bdc7
[   55.932951][ T5075] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   55.952602][ T5075] RSP: 002b:00007ffd8c6f9b68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[   55.961092][ T5075] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f0dcb37bdc7
[   55.969112][ T5075] RDX: 00007ffd8c6f9c29 RSI: 000000000000000a RDI: 00007ffd8c6f9c20
[   55.977150][ T5075] RBP: 00007ffd8c6f9c20 R08: 00000000ffffffff R09: 00007ffd8c6f9a00
[   55.985149][ T5075] R10: 000055555727f653 R11: 0000000000000202 R12: 00007ffd8c6faca0
[   55.994055][ T5075] R13: 000055555727f5f0 R14: 00007ffd8c6f9b90 R15: 0000000000000003
[   56.002087][ T5075]  </TASK>
[   56.005098][ T5075] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   56.012456][ T5075] CPU: 0 PID: 5075 Comm: syz-executor197 Not tainted 6.3.0-rc3-syzkaller-00317-g65aca32efdcb #0
[   56.022876][ T5075] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[   56.032932][ T5075] Call Trace:
[   56.036210][ T5075]  <TASK>
[   56.039151][ T5075]  dump_stack_lvl+0x1e7/0x2d0
[   56.043832][ T5075]  ? nf_tcp_handle_invalid+0x650/0x650
[   56.049293][ T5075]  ? panic+0x770/0x770
[   56.053368][ T5075]  ? vscnprintf+0x5d/0x80
[   56.057692][ T5075]  panic+0x31c/0x770
[   56.061597][ T5075]  ? __warn+0x171/0x4a0
[   56.065743][ T5075]  ? memcpy_page_flushcache+0x100/0x100
[   56.071286][ T5075]  __warn+0x314/0x4a0
[   56.075254][ T5075]  ? btrfs_space_info_update_bytes_may_use+0x29f/0x600
[   56.082092][ T5075]  report_bug+0x2b3/0x500
[   56.086422][ T5075]  ? btrfs_space_info_update_bytes_may_use+0x29f/0x600
[   56.093284][ T5075]  handle_bug+0x3d/0x70
[   56.097435][ T5075]  exc_invalid_op+0x1a/0x50
[   56.101930][ T5075]  asm_exc_invalid_op+0x1a/0x20
[   56.106777][ T5075] RIP: 0010:btrfs_space_info_update_bytes_may_use+0x29f/0x600
[   56.114262][ T5075] Code: 25 00 00 74 08 4c 89 ff e8 fe 52 38 fe 49 8b 1f 48 89 df 48 8b 6c 24 20 48 89 ee e8 4b 9e e2 fd 48 39 eb 73 14 e8 31 9c e2 fd <0f> 0b 45 31 f6 43 80 7c 25 00 00 75 ac eb b2 e8 1d 9c e2 fd 43 80
[   56.134042][ T5075] RSP: 0018:ffffc90003c6f910 EFLAGS: 00010293
[   56.140107][ T5075] RAX: ffffffff83a7d0ef RBX: 00000000000df000 RCX: ffff8880283157c0
[   56.148071][ T5075] RDX: 0000000000000000 RSI: 00000000000e0000 RDI: 00000000000df000
[   56.156038][ T5075] RBP: 00000000000e0000 R08: ffffffff83a7d0e5 R09: fffffbfff1ca6f0e
[   56.164141][ T5075] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
[   56.172109][ T5075] R13: 1ffff11004af6c0c R14: fffffffffff20000 R15: ffff8880257b6060
[   56.180097][ T5075]  ? btrfs_space_info_update_bytes_may_use+0x295/0x600
[   56.186955][ T5075]  ? btrfs_space_info_update_bytes_may_use+0x29f/0x600
[   56.193807][ T5075]  ? do_raw_write_lock+0x147/0x4f0
[   56.198921][ T5075]  btrfs_block_rsv_release+0x441/0x520
[   56.204406][ T5075]  btrfs_release_global_block_rsv+0x33/0x260
[   56.210411][ T5075]  btrfs_free_block_groups+0xb3e/0xe80
[   56.215888][ T5075]  close_ctree+0x742/0xd30
[   56.220326][ T5075]  ? init_tree_roots+0x1f80/0x1f80
[   56.225545][ T5075]  ? hook_inode_free_security+0xb0/0xb0
[   56.231110][ T5075]  ? __fsnotify_vfsmount_delete+0x20/0x20
[   56.236859][ T5075]  ? clear_inode+0x150/0x150
[   56.241469][ T5075]  ? dput+0x403/0x420
[   56.245470][ T5075]  ? fscrypt_destroy_keyring+0x273/0x290
[   56.251125][ T5075]  ? btrfs_fill_super+0x2d0/0x2d0
[   56.256175][ T5075]  generic_shutdown_super+0x134/0x340
[   56.261549][ T5075]  kill_anon_super+0x3b/0x60
[   56.266154][ T5075]  btrfs_kill_super+0x41/0x50
[   56.270830][ T5075]  deactivate_locked_super+0xa4/0x110
[   56.276203][ T5075]  cleanup_mnt+0x426/0x4c0
[   56.280616][ T5075]  ? _raw_spin_unlock_irq+0x23/0x50
[   56.285840][ T5075]  task_work_run+0x24a/0x300
[   56.290496][ T5075]  ? dput+0x3a1/0x420
[   56.294497][ T5075]  ? task_work_cancel+0x2b0/0x2b0
[   56.299526][ T5075]  ? __x64_sys_umount+0x126/0x170
[   56.304583][ T5075]  ptrace_notify+0x2cd/0x380
[   56.309223][ T5075]  ? do_notify_parent+0xf50/0xf50
[   56.314247][ T5075]  ? user_path_at_empty+0x12f/0x180
[   56.319447][ T5075]  ? __x64_sys_umount+0x126/0x170
[   56.324559][ T5075]  ? path_umount+0xea0/0xea0
[   56.329153][ T5075]  ? syscall_enter_from_user_mode+0x32/0x260
[   56.335134][ T5075]  syscall_exit_to_user_mode+0x157/0x280
[   56.340767][ T5075]  do_syscall_64+0x4d/0xc0
[   56.345187][ T5075]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   56.351082][ T5075] RIP: 0033:0x7f0dcb37bdc7
[   56.355512][ T5075] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   56.375115][ T5075] RSP: 002b:00007ffd8c6f9b68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[   56.383527][ T5075] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f0dcb37bdc7
[   56.391496][ T5075] RDX: 00007ffd8c6f9c29 RSI: 000000000000000a RDI: 00007ffd8c6f9c20
[   56.399481][ T5075] RBP: 00007ffd8c6f9c20 R08: 00000000ffffffff R09: 00007ffd8c6f9a00
[   56.407449][ T5075] R10: 000055555727f653 R11: 0000000000000202 R12: 00007ffd8c6faca0
[   56.415414][ T5075] R13: 000055555727f5f0 R14: 00007ffd8c6f9b90 R15: 0000000000000003
[   56.423393][ T5075]  </TASK>
[   56.426558][ T5075] Kernel Offset: disabled
[   56.431006][ T5075] Rebooting in 86400 seconds..