./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1701707170
<...>
Warning: Permanently added '10.128.0.154' (ECDSA) to the list of known hosts.
execve("./syz-executor1701707170", ["./syz-executor1701707170"], 0x7ffd931ecce0 /* 10 vars */) = 0
brk(NULL) = 0x555555d36000
brk(0x555555d36c40) = 0x555555d36c40
arch_prctl(ARCH_SET_FS, 0x555555d36300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor1701707170", 4096) = 28
brk(0x555555d57c40) = 0x555555d57c40
brk(0x555555d58000) = 0x555555d58000
mprotect(0x7fe5facaf000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
getpid() = 5067
mkdir("./syzkaller.mqaVon", 0700) = 0
chmod("./syzkaller.mqaVon", 0777) = 0
chdir("./syzkaller.mqaVon") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d365d0) = 5068
./strace-static-x86_64: Process 5068 attached
[pid 5068] chdir("./0") = 0
[pid 5068] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5068] setpgid(0, 0) = 0
[pid 5068] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5068] write(3, "1000", 4) = 4
[pid 5068] close(3) = 0
[pid 5068] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5068] memfd_create("syzkaller", 0) = 3
[pid 5068] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe5f27ee000
[ 48.559159][ T5068] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5068 'syz-executor170'
[pid 5068] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5068] munmap(0x7fe5f27ee000, 16777216) = 0
[pid 5068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5068] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5068] close(3) = 0
[pid 5068] mkdir("./file0", 0777) = 0
[ 48.727808][ T5068] loop0: detected capacity change from 0 to 32768
[ 48.740017][ T5068] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor170 (5068)
[ 48.759306][ T5068] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm
[ 48.768668][ T5068] BTRFS info (device loop0): force clearing of disk cache
[ 48.776307][ T5068] BTRFS info (device loop0): setting nodatasum
[ 48.782495][ T5068] BTRFS info (device loop0): enabling disk space caching
[ 48.789835][ T5068] BTRFS info (device loop0): disk space caching is enabled
[ 48.812308][ T5068] BTRFS info (device loop0): enabling ssd optimizations
[ 48.819495][ T5068] BTRFS info (device loop0): auto enabling async discard
[pid 5068] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,space_cache=v1,space_cache=v1,") = 0
[pid 5068] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5068] chdir("./file0") = 0
[pid 5068] ioctl(4, LOOP_CLR_FD) = 0
[pid 5068] close(4) = 0
[pid 5068] open("./file0", O_RDONLY) = 4
[pid 5068] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5068] write(5, "15", 2) = 2
[ 48.828578][ T5068] BTRFS info (device loop0): clearing free space tree
[ 48.836333][ T5068] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[ 48.846651][ T5068] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[ 48.868437][ T5068] BTRFS info (device loop0): checking UUID tree
[ 48.901606][ T5068] FAULT_INJECTION: forcing a failure.
[ 48.901606][ T5068] name failslab, interval 1, probability 0, space 0, times 1
[ 48.914730][ T5068] CPU: 0 PID: 5068 Comm: syz-executor170 Not tainted 6.3.0-rc2-syzkaller-00387-g534293368afa #0
[ 48.925182][ T5068] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 48.935256][ T5068] Call Trace:
[ 48.938555][ T5068]
[ 48.941502][ T5068] dump_stack_lvl+0x1e7/0x2d0
[ 48.946225][ T5068] ? nf_tcp_handle_invalid+0x650/0x650
[ 48.951724][ T5068] ? panic+0x770/0x770
[ 48.955819][ T5068] ? __might_sleep+0xc0/0xc0
[ 48.960791][ T5068] ? __asan_memset+0x23/0x40
[ 48.965421][ T5068] should_fail_ex+0x3aa/0x4e0
[ 48.970140][ T5068] should_failslab+0x9/0x20
[ 48.974676][ T5068] slab_pre_alloc_hook+0x59/0x2b0
[ 48.979728][ T5068] ? lockdep_softirqs_off+0x420/0x420
[ 48.985134][ T5068] kmem_cache_alloc+0x52/0x2e0
[ 48.989931][ T5068] ? security_inode_alloc+0x28/0x120
[ 48.995329][ T5068] security_inode_alloc+0x28/0x120
[ 49.000472][ T5068] inode_init_always+0x8e3/0xc00
[ 49.005528][ T5068] ? btrfs_new_subvol_inode+0xd0/0xd0
[ 49.010933][ T5068] new_inode_pseudo+0x98/0x1d0
[ 49.015734][ T5068] new_inode+0x29/0x1d0
[ 49.019922][ T5068] btrfs_new_subvol_inode+0x42/0xd0
[ 49.025145][ T5068] create_subvol+0x3ba/0x1930
[ 49.029861][ T5068] ? lockdep_hardirqs_on+0x98/0x140
[ 49.035092][ T5068] ? create_snapshot+0x7e0/0x7e0
[ 49.040181][ T5068] ? btrfs_lookup_dir_item+0x310/0x310
[ 49.045689][ T5068] ? __down_read_common+0x184/0x2c0
[ 49.050932][ T5068] btrfs_mksubvol+0x5fd/0x750
[ 49.055653][ T5068] ? __btrfs_ioctl_snap_create+0x450/0x450
[ 49.061483][ T5068] __btrfs_ioctl_snap_create+0x198/0x450
[ 49.067145][ T5068] btrfs_ioctl_snap_create_v2+0x1c4/0x400
[ 49.072893][ T5068] btrfs_ioctl+0xa71/0xd40
[ 49.077318][ T5068] ? btrfs_ioctl_get_supported_features+0x50/0x50
[ 49.083917][ T5068] __se_sys_ioctl+0xf1/0x160
[ 49.088557][ T5068] do_syscall_64+0x41/0xc0
[ 49.093068][ T5068] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 49.099000][ T5068] RIP: 0033:0x7fe5fac3bab9
[ 49.103488][ T5068] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 49.123297][ T5068] RSP: 002b:00007fff1845b5f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 49.131749][ T5068] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fe5fac3bab9
[ 49.139738][ T5068] RDX: 0000000020000300 RSI: 0000000050009418 RDI: 0000000000000004
[pid 5068] ioctl(4, BTRFS_IOC_SUBVOL_CREATE_V2, {fd=-1, flags=0, name="o"}) = -1 ENOMEM (Cannot allocate memory)
[pid 5068] exit_group(0) = ?
[pid 5068] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5068, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=25 /* 0.25 s */} ---
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555d37620 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./0/binderfs") = 0
[ 49.147733][ T5068] RBP: 00007fff1845b620 R08: 0000000000000002 R09: 00007fff1845b630
[ 49.155813][ T5068] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 49.163803][ T5068] R13: 00007fff1845b660 R14: 00007fff1845b640 R15: 0000000000000000
[ 49.171784][ T5068]
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555d3f660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555d3f660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./0/file0") = 0
getdents64(3, 0x555555d37620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./0") = 0
mkdir("./1", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d365d0) = 5094
./strace-static-x86_64: Process 5094 attached
[pid 5094] chdir("./1") = 0
[pid 5094] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5094] setpgid(0, 0) = 0
[pid 5094] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5094] write(3, "1000", 4) = 4
[pid 5094] close(3) = 0
[pid 5094] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5094] memfd_create("syzkaller", 0) = 3
[pid 5094] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe5f27ee000
[pid 5094] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5094] munmap(0x7fe5f27ee000, 16777216) = 0
[pid 5094] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5094] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5094] close(3) = 0
[pid 5094] mkdir("./file0", 0777) = 0
[ 49.446940][ T5094] loop0: detected capacity change from 0 to 32768
[ 49.458484][ T5094] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor170 (5094)
[ 49.474808][ T5094] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm
[ 49.484116][ T5094] BTRFS info (device loop0): force clearing of disk cache
[ 49.491275][ T5094] BTRFS info (device loop0): setting nodatasum
[ 49.497494][ T5094] BTRFS info (device loop0): enabling disk space caching
[ 49.504780][ T5094] BTRFS info (device loop0): disk space caching is enabled
[ 49.523594][ T5094] BTRFS info (device loop0): enabling ssd optimizations
[ 49.530754][ T5094] BTRFS info (device loop0): auto enabling async discard
[ 49.539162][ T5094] BTRFS info (device loop0): clearing free space tree
[pid 5094] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,space_cache=v1,space_cache=v1,") = 0
[pid 5094] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5094] chdir("./file0") = 0
[pid 5094] ioctl(4, LOOP_CLR_FD) = 0
[pid 5094] close(4) = 0
[pid 5094] open("./file0", O_RDONLY) = 4
[pid 5094] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5094] write(5, "15", 2) = 2
[ 49.546108][ T5094] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[ 49.556147][ T5094] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[ 49.569271][ T5094] BTRFS info (device loop0): checking UUID tree
[ 49.582749][ T5094] FAULT_INJECTION: forcing a failure.
[ 49.582749][ T5094] name failslab, interval 1, probability 0, space 0, times 0
[ 49.596006][ T5094] CPU: 0 PID: 5094 Comm: syz-executor170 Not tainted 6.3.0-rc2-syzkaller-00387-g534293368afa #0
[ 49.606454][ T5094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 49.616587][ T5094] Call Trace:
[ 49.619892][ T5094]
[ 49.622844][ T5094] dump_stack_lvl+0x1e7/0x2d0
[ 49.627556][ T5094] ? nf_tcp_handle_invalid+0x650/0x650
[ 49.633054][ T5094] ? panic+0x770/0x770
[ 49.637157][ T5094] ? __might_sleep+0xc0/0xc0
[ 49.641779][ T5094] ? __asan_memset+0x23/0x40
[ 49.646404][ T5094] should_fail_ex+0x3aa/0x4e0
[ 49.651249][ T5094] should_failslab+0x9/0x20
[ 49.655779][ T5094] slab_pre_alloc_hook+0x59/0x2b0
[ 49.661192][ T5094] ? lockdep_softirqs_off+0x420/0x420
[ 49.666581][ T5094] kmem_cache_alloc+0x52/0x2e0
[ 49.671364][ T5094] ? security_inode_alloc+0x28/0x120
[ 49.676656][ T5094] security_inode_alloc+0x28/0x120
[ 49.681766][ T5094] inode_init_always+0x8e3/0xc00
[ 49.686706][ T5094] ? btrfs_new_subvol_inode+0xd0/0xd0
[ 49.692095][ T5094] new_inode_pseudo+0x98/0x1d0
[ 49.696878][ T5094] new_inode+0x29/0x1d0
[ 49.701052][ T5094] btrfs_new_subvol_inode+0x42/0xd0
[ 49.706256][ T5094] create_subvol+0x3ba/0x1930
[ 49.710956][ T5094] ? create_snapshot+0x7e0/0x7e0
[ 49.715914][ T5094] ? btrfs_lookup_dir_item+0x310/0x310
[ 49.721382][ T5094] ? __down_read_common+0x184/0x2c0
[ 49.726586][ T5094] btrfs_mksubvol+0x5fd/0x750
[ 49.731270][ T5094] ? __btrfs_ioctl_snap_create+0x450/0x450
[ 49.737081][ T5094] __btrfs_ioctl_snap_create+0x198/0x450
[ 49.742716][ T5094] btrfs_ioctl_snap_create_v2+0x1c4/0x400
[ 49.748454][ T5094] btrfs_ioctl+0xa71/0xd40
[ 49.752868][ T5094] ? btrfs_ioctl_get_supported_features+0x50/0x50
[ 49.759281][ T5094] __se_sys_ioctl+0xf1/0x160
[ 49.763892][ T5094] do_syscall_64+0x41/0xc0
[ 49.768338][ T5094] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 49.774386][ T5094] RIP: 0033:0x7fe5fac3bab9
[ 49.778814][ T5094] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 49.798531][ T5094] RSP: 002b:00007fff1845b5f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 49.806960][ T5094] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fe5fac3bab9
[ 49.814932][ T5094] RDX: 0000000020000300 RSI: 0000000050009418 RDI: 0000000000000004
[ 49.822998][ T5094] RBP: 00007fff1845b620 R08: 0000000000000002 R09: 00007fff1845b630
[ 49.831253][ T5094] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 49.839329][ T5094] R13: 00007fff1845b660 R14: 00007fff1845b640 R15: 0000000000000001
[pid 5094] ioctl(4, BTRFS_IOC_SUBVOL_CREATE_V2, {fd=-1, flags=0, name="o"}) = -1 ENOMEM (Cannot allocate memory)
[pid 5094] exit_group(0) = ?
[pid 5094] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5094, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=20 /* 0.20 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555d37620 /* 4 entries */, 32768) = 112
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./1/binderfs") = 0
[ 49.847498][ T5094]
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555d3f660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555d3f660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./1/file0") = 0
getdents64(3, 0x555555d37620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./1") = 0
mkdir("./2", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d365d0) = 5122
./strace-static-x86_64: Process 5122 attached
[pid 5122] chdir("./2") = 0
[pid 5122] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5122] setpgid(0, 0) = 0
[pid 5122] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5122] write(3, "1000", 4) = 4
[pid 5122] close(3) = 0
[pid 5122] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5122] memfd_create("syzkaller", 0) = 3
[pid 5122] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe5f27ee000
[pid 5122] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5122] munmap(0x7fe5f27ee000, 16777216) = 0
[pid 5122] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5122] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5122] close(3) = 0
[pid 5122] mkdir("./file0", 0777) = 0
[ 50.135646][ T5122] loop0: detected capacity change from 0 to 32768
[ 50.146192][ T5122] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor170 (5122)
[ 50.163385][ T5122] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm
[ 50.172709][ T5122] BTRFS info (device loop0): force clearing of disk cache
[ 50.179885][ T5122] BTRFS info (device loop0): setting nodatasum
[ 50.186123][ T5122] BTRFS info (device loop0): enabling disk space caching
[ 50.193185][ T5122] BTRFS info (device loop0): disk space caching is enabled
[ 50.210623][ T5122] BTRFS info (device loop0): enabling ssd optimizations
[ 50.217766][ T5122] BTRFS info (device loop0): auto enabling async discard
[ 50.225655][ T5122] BTRFS info (device loop0): clearing free space tree
[pid 5122] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,space_cache=v1,space_cache=v1,") = 0
[pid 5122] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5122] chdir("./file0") = 0
[pid 5122] ioctl(4, LOOP_CLR_FD) = 0
[pid 5122] close(4) = 0
[pid 5122] open("./file0", O_RDONLY) = 4
[pid 5122] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5122] write(5, "15", 2) = 2
[ 50.232533][ T5122] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[ 50.242263][ T5122] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[ 50.256039][ T5122] BTRFS info (device loop0): checking UUID tree
[ 50.279000][ T5122] FAULT_INJECTION: forcing a failure.
[ 50.279000][ T5122] name failslab, interval 1, probability 0, space 0, times 0
[ 50.292319][ T5122] CPU: 1 PID: 5122 Comm: syz-executor170 Not tainted 6.3.0-rc2-syzkaller-00387-g534293368afa #0
[ 50.302875][ T5122] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 50.313125][ T5122] Call Trace:
[ 50.316431][ T5122]
[ 50.319393][ T5122] dump_stack_lvl+0x1e7/0x2d0
[ 50.324112][ T5122] ? nf_tcp_handle_invalid+0x650/0x650
[ 50.329699][ T5122] ? panic+0x770/0x770
[ 50.333803][ T5122] ? __might_sleep+0xc0/0xc0
[ 50.338514][ T5122] ? asm_sysvec_reschedule_ipi+0x1a/0x20
[ 50.344178][ T5122] ? lockdep_hardirqs_on+0x98/0x140
[ 50.349406][ T5122] should_fail_ex+0x3aa/0x4e0
[ 50.354164][ T5122] should_failslab+0x9/0x20
[ 50.358697][ T5122] slab_pre_alloc_hook+0x59/0x2b0
[ 50.363774][ T5122] kmem_cache_alloc+0x52/0x2e0
[ 50.368762][ T5122] ? alloc_extent_state+0x25/0x2e0
[ 50.373908][ T5122] alloc_extent_state+0x25/0x2e0
[ 50.378881][ T5122] __set_extent_bit+0x1a0/0x1ab0
[ 50.383888][ T5122] ? __down_write_common+0x161/0x200
[ 50.389220][ T5122] set_extent_bit+0x42/0x60
[ 50.393760][ T5122] btrfs_alloc_tree_block+0xaf3/0x1800
[ 50.399268][ T5122] ? alloc_reserved_file_extent+0x5e0/0x5e0
[ 50.405212][ T5122] ? start_transaction+0x3de/0x1050
[ 50.410459][ T5122] create_subvol+0x706/0x1930
[ 50.415202][ T5122] ? create_snapshot+0x7e0/0x7e0
[ 50.420210][ T5122] ? btrfs_lookup_dir_item+0x310/0x310
[ 50.425706][ T5122] ? __down_read_common+0x184/0x2c0
[ 50.430944][ T5122] btrfs_mksubvol+0x5fd/0x750
[ 50.435748][ T5122] ? __btrfs_ioctl_snap_create+0x450/0x450
[ 50.441573][ T5122] __btrfs_ioctl_snap_create+0x198/0x450
[ 50.447220][ T5122] btrfs_ioctl_snap_create_v2+0x1c4/0x400
[ 50.452945][ T5122] btrfs_ioctl+0xa71/0xd40
[ 50.457367][ T5122] ? btrfs_ioctl_get_supported_features+0x50/0x50
[ 50.463800][ T5122] __se_sys_ioctl+0xf1/0x160
[ 50.468406][ T5122] do_syscall_64+0x41/0xc0
[ 50.472822][ T5122] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 50.478715][ T5122] RIP: 0033:0x7fe5fac3bab9
[ 50.483132][ T5122] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 50.502754][ T5122] RSP: 002b:00007fff1845b5f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 50.511168][ T5122] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fe5fac3bab9
[ 50.519142][ T5122] RDX: 0000000020000300 RSI: 0000000050009418 RDI: 0000000000000004
[ 50.527133][ T5122] RBP: 00007fff1845b620 R08: 0000000000000002 R09: 00007fff1845b630
[pid 5122] ioctl(4, BTRFS_IOC_SUBVOL_CREATE_V2, {fd=-1, flags=0, name="o"} => {transid=0}) = 0
[pid 5122] exit_group(0) = ?
[pid 5122] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5122, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=20 /* 0.20 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555d37620 /* 4 entries */, 32768) = 112
umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./2/binderfs") = 0
[ 50.535154][ T5122] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 50.543136][ T5122] R13: 00007fff1845b660 R14: 00007fff1845b640 R15: 0000000000000002
[ 50.551181][ T5122]
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555d3f660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555d3f660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./2/file0") = 0
getdents64(3, 0x555555d37620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./2") = 0
mkdir("./3", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d365d0) = 5141
./strace-static-x86_64: Process 5141 attached
[pid 5141] chdir("./3") = 0
[pid 5141] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5141] setpgid(0, 0) = 0
[pid 5141] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5141] write(3, "1000", 4) = 4
[pid 5141] close(3) = 0
[pid 5141] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5141] memfd_create("syzkaller", 0) = 3
[pid 5141] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe5f27ee000
[pid 5141] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5141] munmap(0x7fe5f27ee000, 16777216) = 0
[pid 5141] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5141] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5141] close(3) = 0
[pid 5141] mkdir("./file0", 0777) = 0
[ 50.822709][ T5141] loop0: detected capacity change from 0 to 32768
[ 50.833040][ T5141] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor170 (5141)
[ 50.851236][ T5141] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm
[ 50.860857][ T5141] BTRFS info (device loop0): force clearing of disk cache
[ 50.868453][ T5141] BTRFS info (device loop0): setting nodatasum
[ 50.874837][ T5141] BTRFS info (device loop0): enabling disk space caching
[ 50.881907][ T5141] BTRFS info (device loop0): disk space caching is enabled
[ 50.901042][ T5141] BTRFS info (device loop0): enabling ssd optimizations
[ 50.908137][ T5141] BTRFS info (device loop0): auto enabling async discard
[ 50.916481][ T5141] BTRFS info (device loop0): clearing free space tree
[pid 5141] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,space_cache=v1,space_cache=v1,") = 0
[pid 5141] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5141] chdir("./file0") = 0
[pid 5141] ioctl(4, LOOP_CLR_FD) = 0
[pid 5141] close(4) = 0
[pid 5141] open("./file0", O_RDONLY) = 4
[pid 5141] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5141] write(5, "15", 2) = 2
[ 50.923302][ T5141] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[ 50.933375][ T5141] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[ 50.947459][ T5141] BTRFS info (device loop0): checking UUID tree
[ 50.970780][ T5141] FAULT_INJECTION: forcing a failure.
[ 50.970780][ T5141] name failslab, interval 1, probability 0, space 0, times 0
[ 50.983964][ T5141] CPU: 0 PID: 5141 Comm: syz-executor170 Not tainted 6.3.0-rc2-syzkaller-00387-g534293368afa #0
[ 50.994418][ T5141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 51.004498][ T5141] Call Trace:
[ 51.007806][ T5141]
[ 51.010758][ T5141] dump_stack_lvl+0x1e7/0x2d0
[ 51.015470][ T5141] ? nf_tcp_handle_invalid+0x650/0x650
[ 51.021104][ T5141] ? panic+0x770/0x770
[ 51.025205][ T5141] ? __might_sleep+0xc0/0xc0
[ 51.030005][ T5141] should_fail_ex+0x3aa/0x4e0
[ 51.034724][ T5141] should_failslab+0x9/0x20
[ 51.039240][ T5141] slab_pre_alloc_hook+0x59/0x2b0
[ 51.044369][ T5141] kmem_cache_alloc+0x52/0x2e0
[ 51.049142][ T5141] ? btrfs_add_delayed_tree_ref+0x231/0xfc0
[ 51.055477][ T5141] btrfs_add_delayed_tree_ref+0x231/0xfc0
[ 51.061214][ T5141] ? btrfs_delete_ref_head+0x270/0x270
[ 51.066705][ T5141] ? btrfs_alloc_tree_block+0xbae/0x1800
[ 51.072494][ T5141] btrfs_alloc_tree_block+0xf56/0x1800
[ 51.078050][ T5141] ? alloc_reserved_file_extent+0x5e0/0x5e0
[ 51.083950][ T5141] ? start_transaction+0x3de/0x1050
[ 51.089155][ T5141] create_subvol+0x706/0x1930
[ 51.093849][ T5141] ? create_snapshot+0x7e0/0x7e0
[ 51.098811][ T5141] ? btrfs_lookup_dir_item+0x310/0x310
[ 51.104277][ T5141] ? __down_read_common+0x184/0x2c0
[ 51.109479][ T5141] btrfs_mksubvol+0x5fd/0x750
[ 51.114250][ T5141] ? __btrfs_ioctl_snap_create+0x450/0x450
[ 51.120104][ T5141] __btrfs_ioctl_snap_create+0x198/0x450
[ 51.125788][ T5141] btrfs_ioctl_snap_create_v2+0x1c4/0x400
[ 51.131510][ T5141] btrfs_ioctl+0xa71/0xd40
[ 51.135967][ T5141] ? btrfs_ioctl_get_supported_features+0x50/0x50
[ 51.142394][ T5141] __se_sys_ioctl+0xf1/0x160
[ 51.146994][ T5141] do_syscall_64+0x41/0xc0
[ 51.151415][ T5141] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 51.157320][ T5141] RIP: 0033:0x7fe5fac3bab9
[ 51.161837][ T5141] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 51.181450][ T5141] RSP: 002b:00007fff1845b5f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 51.189885][ T5141] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fe5fac3bab9
[ 51.197871][ T5141] RDX: 0000000020000300 RSI: 0000000050009418 RDI: 0000000000000004
[ 51.205850][ T5141] RBP: 00007fff1845b620 R08: 0000000000000002 R09: 00007fff1845b630
[ 51.213914][ T5141] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid 5141] ioctl(4, BTRFS_IOC_SUBVOL_CREATE_V2, {fd=-1, flags=0, name="o"}) = -1 ENOMEM (Cannot allocate memory)
[pid 5141] exit_group(0) = ?
[pid 5141] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5141, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=21 /* 0.21 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555d37620 /* 4 entries */, 32768) = 112
umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./3/binderfs") = 0
[ 51.221893][ T5141] R13: 00007fff1845b660 R14: 00007fff1845b640 R15: 0000000000000003
[ 51.229877][ T5141]
[ 51.288623][ T5067] ------------[ cut here ]------------
[ 51.294389][ T5067] WARNING: CPU: 1 PID: 5067 at fs/btrfs/space-info.h:199 btrfs_space_info_update_bytes_may_use+0x29f/0x600
[ 51.306180][ T5067] Modules linked in:
[ 51.310095][ T5067] CPU: 1 PID: 5067 Comm: syz-executor170 Not tainted 6.3.0-rc2-syzkaller-00387-g534293368afa #0
[ 51.320833][ T5067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 51.330943][ T5067] RIP: 0010:btrfs_space_info_update_bytes_may_use+0x29f/0x600
[ 51.338567][ T5067] Code: 25 00 00 74 08 4c 89 ff e8 2e 55 38 fe 49 8b 1f 48 89 df 48 8b 6c 24 20 48 89 ee e8 4b a6 e2 fd 48 39 eb 73 14 e8 31 a4 e2 fd <0f> 0b 45 31 f6 43 80 7c 25 00 00 75 ac eb b2 e8 1d a4 e2 fd 43 80
[ 51.358236][ T5067] RSP: 0018:ffffc90003c4f910 EFLAGS: 00010293
[ 51.364349][ T5067] RAX: ffffffff83a7c8ef RBX: 00000000000df000 RCX: ffff8880258dd7c0
[ 51.372336][ T5067] RDX: 0000000000000000 RSI: 00000000000e0000 RDI: 00000000000df000
[ 51.380351][ T5067] RBP: 00000000000e0000 R08: ffffffff83a7c8e5 R09: fffffbfff1ca6f7e
[ 51.388360][ T5067] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
[ 51.396375][ T5067] R13: 1ffff11004440d0c R14: fffffffffff20000 R15: ffff888022206860
[ 51.404634][ T5067] FS: 0000555555d36300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[ 51.413580][ T5067] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 51.420235][ T5067] CR2: 00007fff18459dc8 CR3: 0000000075efd000 CR4: 00000000003506e0
[ 51.428277][ T5067] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 51.436306][ T5067] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 51.444333][ T5067] Call Trace:
[ 51.447901][ T5067]
[ 51.451304][ T5067] ? do_raw_write_lock+0x147/0x4f0
[ 51.456549][ T5067] btrfs_block_rsv_release+0x441/0x520
[ 51.462043][ T5067] btrfs_release_global_block_rsv+0x33/0x260
[ 51.468167][ T5067] btrfs_free_block_groups+0xb3e/0xe80
[ 51.473669][ T5067] close_ctree+0x742/0xd30
[ 51.478160][ T5067] ? init_tree_roots+0x1f80/0x1f80
[ 51.483330][ T5067] ? hook_inode_free_security+0xb0/0xb0
[ 51.488985][ T5067] ? __fsnotify_vfsmount_delete+0x20/0x20
[ 51.494844][ T5067] ? clear_inode+0x150/0x150
[ 51.499458][ T5067] ? fscrypt_destroy_keyring+0x273/0x290
[ 51.505164][ T5067] ? btrfs_fill_super+0x2d0/0x2d0
[ 51.510216][ T5067] generic_shutdown_super+0x134/0x340
[ 51.515668][ T5067] kill_anon_super+0x3b/0x60
[ 51.520382][ T5067] btrfs_kill_super+0x41/0x50
[ 51.525119][ T5067] deactivate_locked_super+0xa4/0x110
[ 51.530704][ T5067] cleanup_mnt+0x426/0x4c0
[ 51.535177][ T5067] ? _raw_spin_unlock_irq+0x23/0x50
[ 51.540488][ T5067] task_work_run+0x24a/0x300
[ 51.545136][ T5067] ? dput+0x3a1/0x420
[ 51.549146][ T5067] ? task_work_cancel+0x2b0/0x2b0
[ 51.554246][ T5067] ? __x64_sys_umount+0x126/0x170
[ 51.559387][ T5067] ptrace_notify+0x2cd/0x380
[ 51.564107][ T5067] ? do_notify_parent+0xf50/0xf50
[ 51.569341][ T5067] ? user_path_at_empty+0x12f/0x180
[ 51.575696][ T5067] ? __x64_sys_umount+0x126/0x170
[ 51.580932][ T5067] ? path_umount+0xea0/0xea0
[ 51.585985][ T5067] ? syscall_enter_from_user_mode+0x32/0x260
[ 51.592095][ T5067] syscall_exit_to_user_mode+0x157/0x280
[ 51.597813][ T5067] do_syscall_64+0x4d/0xc0
[ 51.602287][ T5067] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 51.608236][ T5067] RIP: 0033:0x7fe5fac3ce57
[ 51.612687][ T5067] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 51.632363][ T5067] RSP: 002b:00007fff1845a508 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[ 51.640827][ T5067] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fe5fac3ce57
[ 51.648974][ T5067] RDX: 00007fff1845a5c9 RSI: 000000000000000a RDI: 00007fff1845a5c0
[ 51.657000][ T5067] RBP: 00007fff1845a5c0 R08: 00000000ffffffff R09: 00007fff1845a3a0
[ 51.665117][ T5067] R10: 0000555555d37653 R11: 0000000000000202 R12: 00007fff1845b640
[ 51.675218][ T5067] R13: 0000555555d375f0 R14: 00007fff1845a530 R15: 0000000000000004
[ 51.683225][ T5067]
[ 51.686358][ T5067] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 51.693823][ T5067] CPU: 1 PID: 5067 Comm: syz-executor170 Not tainted 6.3.0-rc2-syzkaller-00387-g534293368afa #0
[ 51.704328][ T5067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 51.714391][ T5067] Call Trace:
[ 51.717667][ T5067]
[ 51.720602][ T5067] dump_stack_lvl+0x1e7/0x2d0
[ 51.725284][ T5067] ? nf_tcp_handle_invalid+0x650/0x650
[ 51.730761][ T5067] ? panic+0x770/0x770
[ 51.734948][ T5067] ? vscnprintf+0x5d/0x80
[ 51.739728][ T5067] panic+0x31c/0x770
[ 51.743640][ T5067] ? __warn+0x171/0x4a0
[ 51.747928][ T5067] ? memcpy_page_flushcache+0x100/0x100
[ 51.753599][ T5067] __warn+0x314/0x4a0
[ 51.757583][ T5067] ? btrfs_space_info_update_bytes_may_use+0x29f/0x600
[ 51.764466][ T5067] report_bug+0x2b3/0x500
[ 51.768808][ T5067] ? btrfs_space_info_update_bytes_may_use+0x29f/0x600
[ 51.776168][ T5067] handle_bug+0x3d/0x70
[ 51.780558][ T5067] exc_invalid_op+0x1a/0x50
[ 51.785320][ T5067] asm_exc_invalid_op+0x1a/0x20
[ 51.790200][ T5067] RIP: 0010:btrfs_space_info_update_bytes_may_use+0x29f/0x600
[ 51.797669][ T5067] Code: 25 00 00 74 08 4c 89 ff e8 2e 55 38 fe 49 8b 1f 48 89 df 48 8b 6c 24 20 48 89 ee e8 4b a6 e2 fd 48 39 eb 73 14 e8 31 a4 e2 fd <0f> 0b 45 31 f6 43 80 7c 25 00 00 75 ac eb b2 e8 1d a4 e2 fd 43 80
[ 51.817326][ T5067] RSP: 0018:ffffc90003c4f910 EFLAGS: 00010293
[ 51.823389][ T5067] RAX: ffffffff83a7c8ef RBX: 00000000000df000 RCX: ffff8880258dd7c0
[ 51.831359][ T5067] RDX: 0000000000000000 RSI: 00000000000e0000 RDI: 00000000000df000
[ 51.839340][ T5067] RBP: 00000000000e0000 R08: ffffffff83a7c8e5 R09: fffffbfff1ca6f7e
[ 51.847323][ T5067] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
[ 51.855305][ T5067] R13: 1ffff11004440d0c R14: fffffffffff20000 R15: ffff888022206860
[ 51.863656][ T5067] ? btrfs_space_info_update_bytes_may_use+0x295/0x600
[ 51.870518][ T5067] ? btrfs_space_info_update_bytes_may_use+0x29f/0x600
[ 51.877397][ T5067] ? do_raw_write_lock+0x147/0x4f0
[ 51.882613][ T5067] btrfs_block_rsv_release+0x441/0x520
[ 51.888087][ T5067] btrfs_release_global_block_rsv+0x33/0x260
[ 51.894129][ T5067] btrfs_free_block_groups+0xb3e/0xe80
[ 51.899602][ T5067] close_ctree+0x742/0xd30
[ 51.904044][ T5067] ? init_tree_roots+0x1f80/0x1f80
[ 51.909427][ T5067] ? hook_inode_free_security+0xb0/0xb0
[ 51.915089][ T5067] ? __fsnotify_vfsmount_delete+0x20/0x20
[ 51.920831][ T5067] ? clear_inode+0x150/0x150
[ 51.925425][ T5067] ? fscrypt_destroy_keyring+0x273/0x290
[ 51.931072][ T5067] ? btrfs_fill_super+0x2d0/0x2d0
[ 51.936112][ T5067] generic_shutdown_super+0x134/0x340
[ 51.941520][ T5067] kill_anon_super+0x3b/0x60
[ 51.946475][ T5067] btrfs_kill_super+0x41/0x50
[ 51.951153][ T5067] deactivate_locked_super+0xa4/0x110
[ 51.956536][ T5067] cleanup_mnt+0x426/0x4c0
[ 51.960966][ T5067] ? _raw_spin_unlock_irq+0x23/0x50
[ 51.966332][ T5067] task_work_run+0x24a/0x300
[ 51.970988][ T5067] ? dput+0x3a1/0x420
[ 51.974982][ T5067] ? task_work_cancel+0x2b0/0x2b0
[ 51.980017][ T5067] ? __x64_sys_umount+0x126/0x170
[ 51.985042][ T5067] ptrace_notify+0x2cd/0x380
[ 51.989645][ T5067] ? do_notify_parent+0xf50/0xf50
[ 51.994689][ T5067] ? user_path_at_empty+0x12f/0x180
[ 51.999906][ T5067] ? __x64_sys_umount+0x126/0x170
[ 52.004940][ T5067] ? path_umount+0xea0/0xea0
[ 52.009536][ T5067] ? syscall_enter_from_user_mode+0x32/0x260
[ 52.015512][ T5067] syscall_exit_to_user_mode+0x157/0x280
[ 52.021145][ T5067] do_syscall_64+0x4d/0xc0
[ 52.025570][ T5067] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 52.031473][ T5067] RIP: 0033:0x7fe5fac3ce57
[ 52.035885][ T5067] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 52.055494][ T5067] RSP: 002b:00007fff1845a508 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[ 52.063928][ T5067] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fe5fac3ce57
[ 52.071906][ T5067] RDX: 00007fff1845a5c9 RSI: 000000000000000a RDI: 00007fff1845a5c0
[ 52.079923][ T5067] RBP: 00007fff1845a5c0 R08: 00000000ffffffff R09: 00007fff1845a3a0
[ 52.087889][ T5067] R10: 0000555555d37653 R11: 0000000000000202 R12: 00007fff1845b640
[ 52.095914][ T5067] R13: 0000555555d375f0 R14: 00007fff1845a530 R15: 0000000000000004
[ 52.103884][ T5067]
[ 52.107004][ T5067] Kernel Offset: disabled
[ 52.111602][ T5067] Rebooting in 86400 seconds..