./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2943109239
<...>
Warning: Permanently added '10.128.10.22' (ED25519) to the list of known hosts.
execve("./syz-executor2943109239", ["./syz-executor2943109239"], 0x7fffe0f3c0f0 /* 10 vars */) = 0
brk(NULL) = 0x555555f51000
brk(0x555555f51d00) = 0x555555f51d00
arch_prctl(ARCH_SET_FS, 0x555555f51380) = 0
set_tid_address(0x555555f51650) = 5012
set_robust_list(0x555555f51660, 24) = 0
rseq(0x555555f51ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor2943109239", 4096) = 28
getrandom("\x87\x0c\xe3\x68\x0b\xb3\xae\x6d", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x555555f51d00
brk(0x555555f72d00) = 0x555555f72d00
brk(0x555555f73000) = 0x555555f73000
mprotect(0x7f0f36bff000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
[ 60.241457][ T26] audit: type=1400 audit(1690034210.225:83): avc: denied { write } for pid=5009 comm="strace-static-x" path="pipe:[28652]" dev="pipefs" ino=28652 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
mkdir("./syzkaller.JOqeC5", 0700) = 0
chmod("./syzkaller.JOqeC5", 0777) = 0
chdir("./syzkaller.JOqeC5") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f51650) = 5013
./strace-static-x86_64: Process 5013 attached
[ 60.279144][ T26] audit: type=1400 audit(1690034210.255:84): avc: denied { execmem } for pid=5012 comm="syz-executor294" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 60.301297][ T26] audit: type=1400 audit(1690034210.285:85): avc: denied { read write } for pid=5012 comm="syz-executor294" name="loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[pid 5013] set_robust_list(0x555555f51660, 24) = 0
[pid 5013] chdir("./0") = 0
[pid 5013] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5013] setpgid(0, 0) = 0
[pid 5013] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5013] write(3, "1000", 4) = 4
[pid 5013] close(3) = 0
[pid 5013] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5013] memfd_create("syzkaller", 0) = 3
[pid 5013] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f2e747000
[ 60.326386][ T26] audit: type=1400 audit(1690034210.285:86): avc: denied { open } for pid=5012 comm="syz-executor294" path="/dev/loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 60.352412][ T26] audit: type=1400 audit(1690034210.285:87): avc: denied { ioctl } for pid=5012 comm="syz-executor294" path="/dev/loop0" dev="devtmpfs" ino=648 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 60.358823][ T5013] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5013 'syz-executor294'
[pid 5013] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5013] munmap(0x7f0f2e747000, 16777216) = 0
[pid 5013] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5013] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5013] close(3) = 0
[pid 5013] mkdir("./file0", 0777) = 0
[ 60.540796][ T5013] loop0: detected capacity change from 0 to 32768
[ 60.553831][ T26] audit: type=1400 audit(1690034210.535:88): avc: denied { mounton } for pid=5013 comm="syz-executor294" path="/root/syzkaller.JOqeC5/0/file0" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[ 60.557028][ T5013] BTRFS: device fsid d09153a9-5497-4f31-8e52-d2d02bbdf7fc devid 1 transid 8 /dev/loop0 scanned by syz-executor294 (5013)
[ 60.599686][ T5013] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm
[ 60.609866][ T5013] BTRFS info (device loop0): using free space tree
[ 60.633704][ T5013] BTRFS info (device loop0): enabling ssd optimizations
[pid 5013] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0
[pid 5013] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5013] chdir("./file0") = 0
[pid 5013] ioctl(4, LOOP_CLR_FD) = 0
[pid 5013] close(4) = 0
[pid 5013] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5013] write(4, "17", 2) = 2
[ 60.641027][ T5013] BTRFS info (device loop0): auto enabling async discard
[ 60.653022][ T26] audit: type=1400 audit(1690034210.635:89): avc: denied { mount } for pid=5013 comm="syz-executor294" name="/" dev="loop0" ino=256 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[pid 5013] mkdir("./bus", 0777) = 0
[pid 5013] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid 5013] +++ killed by SIGSEGV +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5013, si_uid=0, si_status=SIGSEGV, si_utime=3 /* 0.03 s */, si_stime=22 /* 0.22 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555f526f0 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/binderfs") = 0
[ 60.685781][ T5013] audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=64
[ 60.707238][ T5013] audit: out of memory in audit_log_start
[ 60.714704][ T26] audit: type=1400 audit(1690034210.695:90): avc: denied { add_name } for pid=5013 comm="syz-executor294" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555f5a730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555f5a730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./0/file0") = 0
getdents64(3, 0x555555f526f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./0") = 0
mkdir("./1", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f51650) = 5041
./strace-static-x86_64: Process 5041 attached
[pid 5041] set_robust_list(0x555555f51660, 24) = 0
[pid 5041] chdir("./1") = 0
[pid 5041] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5041] setpgid(0, 0) = 0
[pid 5041] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5041] write(3, "1000", 4) = 4
[pid 5041] close(3) = 0
[pid 5041] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5041] memfd_create("syzkaller", 0) = 3
[pid 5041] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f2e747000
[pid 5041] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5041] munmap(0x7f0f2e747000, 16777216) = 0
[pid 5041] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5041] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5041] close(3) = 0
[pid 5041] mkdir("./file0", 0777) = 0
[ 61.121013][ T5041] loop0: detected capacity change from 0 to 32768
[ 61.135333][ T5041] BTRFS: device fsid d09153a9-5497-4f31-8e52-d2d02bbdf7fc devid 1 transid 8 /dev/loop0 scanned by syz-executor294 (5041)
[ 61.152737][ T5041] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm
[ 61.162431][ T5041] BTRFS info (device loop0): using free space tree
[pid 5041] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0
[pid 5041] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5041] chdir("./file0") = 0
[pid 5041] ioctl(4, LOOP_CLR_FD) = 0
[pid 5041] close(4) = 0
[pid 5041] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5041] write(4, "17", 2) = 2
[ 61.181079][ T5041] BTRFS info (device loop0): enabling ssd optimizations
[ 61.188148][ T5041] BTRFS info (device loop0): auto enabling async discard
[ 61.224066][ T5041] FAULT_INJECTION: forcing a failure.
[ 61.224066][ T5041] name failslab, interval 1, probability 0, space 0, times 0
[ 61.237124][ T5041] CPU: 0 PID: 5041 Comm: syz-executor294 Not tainted 6.5.0-rc2-syzkaller-00307-gd192f5382581 #0
[ 61.247669][ T5041] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[ 61.257840][ T5041] Call Trace:
[ 61.261151][ T5041]
[ 61.264195][ T5041] dump_stack_lvl+0x125/0x1b0
[ 61.268925][ T5041] should_fail_ex+0x496/0x5b0
[ 61.273741][ T5041] should_failslab+0x9/0x20
[ 61.278282][ T5041] kmem_cache_alloc+0x61/0x400
[ 61.283262][ T5041] security_inode_alloc+0x38/0x180
[ 61.288595][ T5041] inode_init_always+0xbef/0xee0
[ 61.293578][ T5041] alloc_inode+0x7a/0x220
[ 61.297933][ T5041] new_inode+0x29/0x270
[ 61.302104][ T5041] btrfs_mkdir+0x46/0x100
[ 61.306614][ T5041] vfs_mkdir+0x532/0x7e0
[ 61.310948][ T5041] do_mkdirat+0x2a9/0x330
[ 61.315464][ T5041] ? __ia32_sys_mknod+0xb0/0xb0
[ 61.320605][ T5041] ? getname_flags.part.0+0x1d5/0x4d0
[ 61.326040][ T5041] __x64_sys_mkdir+0xf2/0x140
[ 61.330729][ T5041] do_syscall_64+0x38/0xb0
[ 61.335321][ T5041] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 61.341228][ T5041] RIP: 0033:0x7f0f36b85167
[ 61.345644][ T5041] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 61.365347][ T5041] RSP: 002b:00007ffec710e3f8 EFLAGS: 00000286 ORIG_RAX: 0000000000000053
[pid 5041] mkdir("./bus", 0777) = -1 ENOMEM (Cannot allocate memory)
[pid 5041] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid 5041] +++ killed by SIGSEGV +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5041, si_uid=0, si_status=SIGSEGV, si_utime=2 /* 0.02 s */, si_stime=21 /* 0.21 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555f526f0 /* 4 entries */, 32768) = 112
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/binderfs") = 0
[ 61.373763][ T5041] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f0f36b85167
[ 61.381918][ T5041] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020000040
[ 61.389889][ T5041] RBP: 00007ffec710e490 R08: 0000000000000000 R09: 0000000020000000
[ 61.398120][ T5041] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000020000040
[ 61.406090][ T5041] R13: 0000000020000140 R14: 0000000000000000 R15: 0000000000000000
[ 61.414063][ T5041]
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555f5a730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555f5a730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./1/file0") = 0
getdents64(3, 0x555555f526f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./1") = 0
mkdir("./2", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f51650) = 5064
./strace-static-x86_64: Process 5064 attached
[pid 5064] set_robust_list(0x555555f51660, 24) = 0
[pid 5064] chdir("./2") = 0
[pid 5064] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5064] setpgid(0, 0) = 0
[pid 5064] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5064] write(3, "1000", 4) = 4
[pid 5064] close(3) = 0
[pid 5064] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5064] memfd_create("syzkaller", 0) = 3
[pid 5064] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f2e747000
[pid 5064] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5064] munmap(0x7f0f2e747000, 16777216) = 0
[pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5064] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5064] close(3) = 0
[pid 5064] mkdir("./file0", 0777) = 0
[ 61.748481][ T5064] loop0: detected capacity change from 0 to 32768
[ 61.761058][ T5064] BTRFS: device fsid d09153a9-5497-4f31-8e52-d2d02bbdf7fc devid 1 transid 8 /dev/loop0 scanned by syz-executor294 (5064)
[ 61.778861][ T5064] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm
[ 61.788721][ T5064] BTRFS info (device loop0): using free space tree
[pid 5064] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0
[pid 5064] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5064] chdir("./file0") = 0
[pid 5064] ioctl(4, LOOP_CLR_FD) = 0
[pid 5064] close(4) = 0
[pid 5064] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5064] write(4, "17", 2) = 2
[ 61.806535][ T5064] BTRFS info (device loop0): enabling ssd optimizations
[ 61.813924][ T5064] BTRFS info (device loop0): auto enabling async discard
[ 61.831817][ T5064] FAULT_INJECTION: forcing a failure.
[ 61.831817][ T5064] name failslab, interval 1, probability 0, space 0, times 0
[ 61.845286][ T5064] CPU: 0 PID: 5064 Comm: syz-executor294 Not tainted 6.5.0-rc2-syzkaller-00307-gd192f5382581 #0
[ 61.855743][ T5064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[ 61.865996][ T5064] Call Trace:
[ 61.869297][ T5064]
[ 61.872246][ T5064] dump_stack_lvl+0x125/0x1b0
[ 61.876960][ T5064] should_fail_ex+0x496/0x5b0
[ 61.881883][ T5064] should_failslab+0x9/0x20
[ 61.886430][ T5064] __kmem_cache_alloc_node+0x5f/0x470
[ 61.891851][ T5064] ? spin_bug+0x1d0/0x1d0
[ 61.896315][ T5064] kmalloc_trace+0x25/0xe0
[ 61.900764][ T5064] join_transaction+0x136/0x1030
[ 61.905754][ T5064] start_transaction+0x757/0x14d0
[ 61.910809][ T5064] btrfs_create_common+0x1aa/0x290
[ 61.915964][ T5064] ? btrfs_tmpfile+0x440/0x440
[ 61.920855][ T5064] ? inode_init_owner+0x2d1/0x3c0
[ 61.925915][ T5064] btrfs_mkdir+0xc7/0x100
[ 61.930472][ T5064] vfs_mkdir+0x532/0x7e0
[ 61.934750][ T5064] do_mkdirat+0x2a9/0x330
[ 61.939379][ T5064] ? __ia32_sys_mknod+0xb0/0xb0
[ 61.944264][ T5064] ? getname_flags.part.0+0x1d5/0x4d0
[ 61.949942][ T5064] __x64_sys_mkdir+0xf2/0x140
[ 61.954658][ T5064] do_syscall_64+0x38/0xb0
[ 61.959109][ T5064] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 61.965057][ T5064] RIP: 0033:0x7f0f36b85167
[ 61.969500][ T5064] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 61.989226][ T5064] RSP: 002b:00007ffec710e3f8 EFLAGS: 00000286 ORIG_RAX: 0000000000000053
[ 61.997673][ T5064] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f0f36b85167
[pid 5064] mkdir("./bus", 0777) = -1 ENOMEM (Cannot allocate memory)
[pid 5064] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid 5064] +++ killed by SIGSEGV +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5064, si_uid=0, si_status=SIGSEGV, si_utime=2 /* 0.02 s */, si_stime=23 /* 0.23 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555f526f0 /* 4 entries */, 32768) = 112
umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./2/binderfs") = 0
[ 62.005791][ T5064] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020000040
[ 62.013792][ T5064] RBP: 00007ffec710e490 R08: 0000000000000000 R09: 0000000020000000
[ 62.021835][ T5064] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000020000040
[ 62.030532][ T5064] R13: 0000000020000140 R14: 0000000000000000 R15: 0000000000000000
[ 62.038601][ T5064]
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555f5a730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555f5a730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./2/file0") = 0
getdents64(3, 0x555555f526f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./2") = 0
mkdir("./3", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f51650) = 5081
./strace-static-x86_64: Process 5081 attached
[pid 5081] set_robust_list(0x555555f51660, 24) = 0
[pid 5081] chdir("./3") = 0
[pid 5081] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5081] setpgid(0, 0) = 0
[pid 5081] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5081] write(3, "1000", 4) = 4
[pid 5081] close(3) = 0
[pid 5081] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5081] memfd_create("syzkaller", 0) = 3
[pid 5081] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f2e747000
[pid 5081] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5081] munmap(0x7f0f2e747000, 16777216) = 0
[pid 5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5081] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5081] close(3) = 0
[pid 5081] mkdir("./file0", 0777) = 0
[ 62.327334][ T5081] loop0: detected capacity change from 0 to 32768
[ 62.337748][ T5081] BTRFS: device fsid d09153a9-5497-4f31-8e52-d2d02bbdf7fc devid 1 transid 8 /dev/loop0 scanned by syz-executor294 (5081)
[ 62.354285][ T5081] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm
[ 62.364159][ T5081] BTRFS info (device loop0): using free space tree
[pid 5081] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0
[pid 5081] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5081] chdir("./file0") = 0
[pid 5081] ioctl(4, LOOP_CLR_FD) = 0
[pid 5081] close(4) = 0
[pid 5081] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5081] write(4, "17", 2) = 2
[ 62.381894][ T5081] BTRFS info (device loop0): enabling ssd optimizations
[ 62.388952][ T5081] BTRFS info (device loop0): auto enabling async discard
[ 62.417382][ T5081] FAULT_INJECTION: forcing a failure.
[ 62.417382][ T5081] name failslab, interval 1, probability 0, space 0, times 0
[ 62.430721][ T5081] CPU: 0 PID: 5081 Comm: syz-executor294 Not tainted 6.5.0-rc2-syzkaller-00307-gd192f5382581 #0
[ 62.441180][ T5081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[ 62.451268][ T5081] Call Trace:
[ 62.454685][ T5081]
[ 62.457706][ T5081] dump_stack_lvl+0x125/0x1b0
[ 62.462413][ T5081] should_fail_ex+0x496/0x5b0
[ 62.467205][ T5081] should_failslab+0x9/0x20
[ 62.471806][ T5081] __kmem_cache_alloc_node+0x5f/0x470
[ 62.477220][ T5081] kmalloc_trace+0x25/0xe0
[ 62.481668][ T5081] btrfs_cache_block_group+0xcf/0x7d0
[ 62.487077][ T5081] ? print_usage_bug.part.0+0x670/0x670
[ 62.492808][ T5081] find_free_extent+0x32ab/0x65b0
[ 62.497841][ T5081] ? do_raw_spin_unlock+0x173/0x230
[ 62.503396][ T5081] ? _raw_spin_unlock+0x28/0x40
[ 62.508288][ T5081] ? btrfs_get_alloc_profile+0x2da/0x850
[ 62.514296][ T5081] btrfs_reserve_extent+0x333/0x6b0
[ 62.519530][ T5081] ? walk_down_tree+0x4d0/0x4d0
[ 62.524414][ T5081] ? do_raw_spin_unlock+0x173/0x230
[ 62.529647][ T5081] ? _raw_spin_unlock+0x28/0x40
[ 62.534525][ T5081] ? btrfs_use_block_rsv+0x2e3/0x7f0
[ 62.539816][ T5081] btrfs_alloc_tree_block+0x234/0x1420
[ 62.545282][ T5081] ? btrfs_alloc_logged_file_extent+0x580/0x580
[ 62.551705][ T5081] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 62.557781][ T5081] __btrfs_cow_block+0x3ce/0x18e0
[ 62.562898][ T5081] ? update_ref_for_cow+0xc10/0xc10
[ 62.568099][ T5081] ? btrfs_qgroup_add_swapped_blocks+0x9d0/0x9d0
[ 62.574434][ T5081] ? down_write_nested+0x153/0x200
[ 62.579639][ T5081] btrfs_cow_block+0x2f1/0x820
[ 62.584496][ T5081] btrfs_search_slot+0x12a0/0x30e0
[ 62.589619][ T5081] ? balance_level+0x2420/0x2420
[ 62.594558][ T5081] ? find_held_lock+0x2d/0x110
[ 62.599331][ T5081] ? btrfs_create_new_inode+0x763/0x2610
[ 62.604970][ T5081] ? reacquire_held_locks+0x4b0/0x4b0
[ 62.610436][ T5081] ? do_raw_spin_lock+0x12e/0x2b0
[ 62.615470][ T5081] ? spin_bug+0x1d0/0x1d0
[ 62.619866][ T5081] btrfs_insert_empty_items+0xb7/0x1b0
[ 62.625415][ T5081] ? do_raw_spin_unlock+0x173/0x230
[ 62.630625][ T5081] btrfs_create_new_inode+0x825/0x2610
[ 62.636121][ T5081] ? btrfs_link+0x790/0x790
[ 62.640659][ T5081] ? record_root_in_trans+0x2f7/0x3e0
[ 62.646509][ T5081] btrfs_create_common+0x1d5/0x290
[ 62.651910][ T5081] ? btrfs_tmpfile+0x440/0x440
[ 62.656788][ T5081] ? inode_init_owner+0x2d1/0x3c0
[ 62.661945][ T5081] btrfs_mkdir+0xc7/0x100
[ 62.666551][ T5081] vfs_mkdir+0x532/0x7e0
[ 62.670803][ T5081] do_mkdirat+0x2a9/0x330
[ 62.675407][ T5081] ? __ia32_sys_mknod+0xb0/0xb0
[ 62.680268][ T5081] ? getname_flags.part.0+0x1d5/0x4d0
[ 62.685674][ T5081] __x64_sys_mkdir+0xf2/0x140
[ 62.690367][ T5081] do_syscall_64+0x38/0xb0
[ 62.694799][ T5081] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 62.700982][ T5081] RIP: 0033:0x7f0f36b85167
[ 62.705406][ T5081] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[pid 5081] mkdir("./bus", 0777) = 0
[pid 5081] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid 5081] +++ killed by SIGSEGV +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5081, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=19 /* 0.19 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555f526f0 /* 4 entries */, 32768) = 112
umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./3/binderfs") = 0
[ 62.725386][ T5081] RSP: 002b:00007ffec710e3f8 EFLAGS: 00000286 ORIG_RAX: 0000000000000053
[ 62.733920][ T5081] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f0f36b85167
[ 62.742259][ T5081] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020000040
[ 62.750506][ T5081] RBP: 00007ffec710e490 R08: 0000000000000000 R09: 0000000020000000
[ 62.758832][ T5081] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000020000040
[ 62.767238][ T5081] R13: 0000000020000140 R14: 0000000000000000 R15: 0000000000000000
[ 62.775786][ T5081]
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555f5a730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555f5a730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./3/file0") = 0
getdents64(3, 0x555555f526f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./3") = 0
mkdir("./4", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f51650) = 5098
./strace-static-x86_64: Process 5098 attached
[pid 5098] set_robust_list(0x555555f51660, 24) = 0
[pid 5098] chdir("./4") = 0
[pid 5098] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5098] setpgid(0, 0) = 0
[pid 5098] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5098] write(3, "1000", 4) = 4
[pid 5098] close(3) = 0
[pid 5098] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5098] memfd_create("syzkaller", 0) = 3
[pid 5098] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f2e747000
[pid 5098] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5098] munmap(0x7f0f2e747000, 16777216) = 0
[pid 5098] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5098] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5098] close(3) = 0
[pid 5098] mkdir("./file0", 0777) = 0
[ 63.147169][ T5098] loop0: detected capacity change from 0 to 32768
[ 63.156897][ T5098] BTRFS: device fsid d09153a9-5497-4f31-8e52-d2d02bbdf7fc devid 1 transid 8 /dev/loop0 scanned by syz-executor294 (5098)
[ 63.173816][ T5098] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm
[ 63.183415][ T5098] BTRFS info (device loop0): using free space tree
[pid 5098] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0
[pid 5098] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5098] chdir("./file0") = 0
[pid 5098] ioctl(4, LOOP_CLR_FD) = 0
[pid 5098] close(4) = 0
[pid 5098] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5098] write(4, "17", 2) = 2
[pid 5098] mkdir("./bus", 0777) = 0
[pid 5098] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid 5098] +++ killed by SIGSEGV +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5098, si_uid=0, si_status=SIGSEGV, si_utime=2 /* 0.02 s */, si_stime=22 /* 0.22 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555f526f0 /* 4 entries */, 32768) = 112
umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./4/binderfs") = 0
[ 63.200537][ T5098] BTRFS info (device loop0): enabling ssd optimizations
[ 63.207704][ T5098] BTRFS info (device loop0): auto enabling async discard
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555f5a730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555f5a730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./4/file0") = 0
getdents64(3, 0x555555f526f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./4") = 0
mkdir("./5", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5115 attached
, child_tidptr=0x555555f51650) = 5115
[pid 5115] set_robust_list(0x555555f51660, 24) = 0
[pid 5115] chdir("./5") = 0
[pid 5115] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5115] setpgid(0, 0) = 0
[pid 5115] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5115] write(3, "1000", 4) = 4
[pid 5115] close(3) = 0
[pid 5115] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5115] memfd_create("syzkaller", 0) = 3
[pid 5115] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f2e747000
[pid 5115] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5115] munmap(0x7f0f2e747000, 16777216) = 0
[pid 5115] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5115] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5115] close(3) = 0
[pid 5115] mkdir("./file0", 0777) = 0
[ 63.607262][ T5115] loop0: detected capacity change from 0 to 32768
[ 63.618174][ T5115] BTRFS: device fsid d09153a9-5497-4f31-8e52-d2d02bbdf7fc devid 1 transid 8 /dev/loop0 scanned by syz-executor294 (5115)
[ 63.635203][ T5115] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm
[ 63.645427][ T5115] BTRFS info (device loop0): using free space tree
[pid 5115] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0
[pid 5115] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5115] chdir("./file0") = 0
[pid 5115] ioctl(4, LOOP_CLR_FD) = 0
[pid 5115] close(4) = 0
[pid 5115] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5115] write(4, "17", 2) = 2
[pid 5115] mkdir("./bus", 0777) = 0
[pid 5115] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid 5115] +++ killed by SIGSEGV +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5115, si_uid=0, si_status=SIGSEGV, si_utime=4 /* 0.04 s */, si_stime=23 /* 0.23 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555f526f0 /* 4 entries */, 32768) = 112
umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./5/binderfs") = 0
[ 63.663871][ T5115] BTRFS info (device loop0): enabling ssd optimizations
[ 63.671085][ T5115] BTRFS info (device loop0): auto enabling async discard
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555f5a730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555f5a730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./5/file0") = 0
getdents64(3, 0x555555f526f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./5") = 0
mkdir("./6", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f51650) = 5132
./strace-static-x86_64: Process 5132 attached
[pid 5132] set_robust_list(0x555555f51660, 24) = 0
[pid 5132] chdir("./6") = 0
[pid 5132] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5132] setpgid(0, 0) = 0
[pid 5132] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5132] write(3, "1000", 4) = 4
[pid 5132] close(3) = 0
[pid 5132] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5132] memfd_create("syzkaller", 0) = 3
[pid 5132] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f2e747000
[pid 5132] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5132] munmap(0x7f0f2e747000, 16777216) = 0
[pid 5132] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5132] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5132] close(3) = 0
[pid 5132] mkdir("./file0", 0777) = 0
[ 64.065376][ T5132] loop0: detected capacity change from 0 to 32768
[ 64.075397][ T5132] BTRFS: device fsid d09153a9-5497-4f31-8e52-d2d02bbdf7fc devid 1 transid 8 /dev/loop0 scanned by syz-executor294 (5132)
[ 64.092222][ T5132] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm
[ 64.102041][ T5132] BTRFS info (device loop0): using free space tree
[pid 5132] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0
[pid 5132] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5132] chdir("./file0") = 0
[pid 5132] ioctl(4, LOOP_CLR_FD) = 0
[pid 5132] close(4) = 0
[pid 5132] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5132] write(4, "17", 2) = 2
[pid 5132] mkdir("./bus", 0777) = 0
[pid 5132] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid 5132] +++ killed by SIGSEGV +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5132, si_uid=0, si_status=SIGSEGV, si_utime=4 /* 0.04 s */, si_stime=19 /* 0.19 s */} ---
umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555f526f0 /* 4 entries */, 32768) = 112
umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./6/binderfs") = 0
[ 64.119854][ T5132] BTRFS info (device loop0): enabling ssd optimizations
[ 64.127040][ T5132] BTRFS info (device loop0): auto enabling async discard
umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555f5a730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555f5a730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./6/file0") = 0
getdents64(3, 0x555555f526f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./6") = 0
mkdir("./7", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f51650) = 5150
./strace-static-x86_64: Process 5150 attached
[pid 5150] set_robust_list(0x555555f51660, 24) = 0
[pid 5150] chdir("./7") = 0
[pid 5150] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5150] setpgid(0, 0) = 0
[pid 5150] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5150] write(3, "1000", 4) = 4
[pid 5150] close(3) = 0
[pid 5150] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5150] memfd_create("syzkaller", 0) = 3
[pid 5150] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f2e747000
[pid 5150] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5150] munmap(0x7f0f2e747000, 16777216) = 0
[pid 5150] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5150] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5150] close(3) = 0
[pid 5150] mkdir("./file0", 0777) = 0
[ 64.522845][ T5150] loop0: detected capacity change from 0 to 32768
[ 64.533721][ T5150] BTRFS: device fsid d09153a9-5497-4f31-8e52-d2d02bbdf7fc devid 1 transid 8 /dev/loop0 scanned by syz-executor294 (5150)
[ 64.551096][ T5150] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm
[ 64.560837][ T5150] BTRFS info (device loop0): using free space tree
[pid 5150] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0
[pid 5150] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5150] chdir("./file0") = 0
[pid 5150] ioctl(4, LOOP_CLR_FD) = 0
[pid 5150] close(4) = 0
[pid 5150] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5150] write(4, "17", 2) = 2
[pid 5150] mkdir("./bus", 0777) = 0
[pid 5150] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid 5150] +++ killed by SIGSEGV +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5150, si_uid=0, si_status=SIGSEGV, si_utime=5 /* 0.05 s */, si_stime=22 /* 0.22 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555f526f0 /* 4 entries */, 32768) = 112
umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./7/binderfs") = 0
[ 64.577526][ T5150] BTRFS info (device loop0): enabling ssd optimizations
[ 64.584733][ T5150] BTRFS info (device loop0): auto enabling async discard
umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555f5a730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555f5a730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./7/file0") = 0
getdents64(3, 0x555555f526f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./7") = 0
mkdir("./8", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f51650) = 5167
./strace-static-x86_64: Process 5167 attached
[pid 5167] set_robust_list(0x555555f51660, 24) = 0
[pid 5167] chdir("./8") = 0
[pid 5167] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5167] setpgid(0, 0) = 0
[pid 5167] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5167] write(3, "1000", 4) = 4
[pid 5167] close(3) = 0
[pid 5167] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5167] memfd_create("syzkaller", 0) = 3
[pid 5167] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f2e747000
[pid 5167] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5167] munmap(0x7f0f2e747000, 16777216) = 0
[pid 5167] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5167] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5167] close(3) = 0
[pid 5167] mkdir("./file0", 0777) = 0
[ 64.962567][ T5167] loop0: detected capacity change from 0 to 32768
[ 64.971790][ T5167] BTRFS: device fsid d09153a9-5497-4f31-8e52-d2d02bbdf7fc devid 1 transid 8 /dev/loop0 scanned by syz-executor294 (5167)
[ 64.988785][ T5167] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm
[ 64.998609][ T5167] BTRFS info (device loop0): using free space tree
[pid 5167] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0
[pid 5167] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5167] chdir("./file0") = 0
[pid 5167] ioctl(4, LOOP_CLR_FD) = 0
[pid 5167] close(4) = 0
[pid 5167] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5167] write(4, "17", 2) = 2
[pid 5167] mkdir("./bus", 0777) = 0
[pid 5167] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid 5167] +++ killed by SIGSEGV +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5167, si_uid=0, si_status=SIGSEGV, si_utime=6 /* 0.06 s */, si_stime=20 /* 0.20 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555f526f0 /* 4 entries */, 32768) = 112
umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./8/binderfs") = 0
[ 65.016196][ T5167] BTRFS info (device loop0): enabling ssd optimizations
[ 65.023401][ T5167] BTRFS info (device loop0): auto enabling async discard
umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555f5a730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555f5a730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./8/file0") = 0
getdents64(3, 0x555555f526f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./8") = 0
mkdir("./9", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f51650) = 5184
./strace-static-x86_64: Process 5184 attached
[pid 5184] set_robust_list(0x555555f51660, 24) = 0
[pid 5184] chdir("./9") = 0
[pid 5184] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5184] setpgid(0, 0) = 0
[pid 5184] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5184] write(3, "1000", 4) = 4
[pid 5184] close(3) = 0
[pid 5184] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5184] memfd_create("syzkaller", 0) = 3
[pid 5184] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f2e747000
[pid 5184] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5184] munmap(0x7f0f2e747000, 16777216) = 0
[pid 5184] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5184] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5184] close(3) = 0
[pid 5184] mkdir("./file0", 0777) = 0
[ 65.410025][ T5184] loop0: detected capacity change from 0 to 32768
[ 65.421513][ T5184] BTRFS: device fsid d09153a9-5497-4f31-8e52-d2d02bbdf7fc devid 1 transid 8 /dev/loop0 scanned by syz-executor294 (5184)
[ 65.438239][ T5184] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm
[ 65.447998][ T5184] BTRFS info (device loop0): using free space tree
[pid 5184] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0
[pid 5184] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5184] chdir("./file0") = 0
[pid 5184] ioctl(4, LOOP_CLR_FD) = 0
[pid 5184] close(4) = 0
[pid 5184] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5184] write(4, "17", 2) = 2
[ 65.467388][ T5184] BTRFS info (device loop0): enabling ssd optimizations
[ 65.474756][ T5184] BTRFS info (device loop0): auto enabling async discard
[ 65.506914][ T5184] FAULT_INJECTION: forcing a failure.
[ 65.506914][ T5184] name failslab, interval 1, probability 0, space 0, times 0
[ 65.519962][ T5184] CPU: 0 PID: 5184 Comm: syz-executor294 Not tainted 6.5.0-rc2-syzkaller-00307-gd192f5382581 #0
[ 65.530619][ T5184] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[ 65.540879][ T5184] Call Trace:
[ 65.544186][ T5184]
[ 65.547146][ T5184] dump_stack_lvl+0x125/0x1b0
[ 65.551892][ T5184] should_fail_ex+0x496/0x5b0
[ 65.556624][ T5184] should_failslab+0x9/0x20
[ 65.561166][ T5184] __kmem_cache_alloc_node+0x5f/0x470
[ 65.566754][ T5184] kmalloc_trace+0x25/0xe0
[ 65.571207][ T5184] btrfs_cache_block_group+0xcf/0x7d0
[ 65.576625][ T5184] ? print_usage_bug.part.0+0x670/0x670
[ 65.582212][ T5184] find_free_extent+0x32ab/0x65b0
[ 65.587375][ T5184] ? do_raw_spin_unlock+0x173/0x230
[ 65.592627][ T5184] ? _raw_spin_unlock+0x28/0x40
[ 65.597522][ T5184] ? btrfs_get_alloc_profile+0x2da/0x850
[ 65.603285][ T5184] btrfs_reserve_extent+0x333/0x6b0
[ 65.608895][ T5184] ? walk_down_tree+0x4d0/0x4d0
[ 65.613791][ T5184] ? do_raw_spin_unlock+0x173/0x230
[ 65.619127][ T5184] ? _raw_spin_unlock+0x28/0x40
[ 65.624026][ T5184] ? btrfs_use_block_rsv+0x2e3/0x7f0
[ 65.629531][ T5184] btrfs_alloc_tree_block+0x234/0x1420
[ 65.635127][ T5184] ? btrfs_alloc_logged_file_extent+0x580/0x580
[ 65.641779][ T5184] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 65.648705][ T5184] __btrfs_cow_block+0x3ce/0x18e0
[ 65.653788][ T5184] ? update_ref_for_cow+0xc10/0xc10
[ 65.659108][ T5184] ? btrfs_qgroup_add_swapped_blocks+0x9d0/0x9d0
[ 65.665577][ T5184] ? down_write_nested+0x153/0x200
[ 65.670732][ T5184] btrfs_cow_block+0x2f1/0x820
[ 65.675536][ T5184] btrfs_search_slot+0x12a0/0x30e0
[ 65.680685][ T5184] ? balance_level+0x2420/0x2420
[ 65.685783][ T5184] ? find_held_lock+0x2d/0x110
[ 65.690592][ T5184] ? btrfs_create_new_inode+0x763/0x2610
[ 65.696460][ T5184] ? reacquire_held_locks+0x4b0/0x4b0
[ 65.702135][ T5184] ? do_raw_spin_lock+0x12e/0x2b0
[ 65.707354][ T5184] ? spin_bug+0x1d0/0x1d0
[ 65.711943][ T5184] btrfs_insert_empty_items+0xb7/0x1b0
[ 65.717555][ T5184] ? do_raw_spin_unlock+0x173/0x230
[ 65.723046][ T5184] btrfs_create_new_inode+0x825/0x2610
[ 65.728527][ T5184] ? btrfs_link+0x790/0x790
[ 65.733140][ T5184] ? record_root_in_trans+0x2f7/0x3e0
[ 65.738723][ T5184] btrfs_create_common+0x1d5/0x290
[ 65.743944][ T5184] ? btrfs_tmpfile+0x440/0x440
[ 65.748982][ T5184] ? inode_init_owner+0x2d1/0x3c0
[ 65.754467][ T5184] btrfs_mkdir+0xc7/0x100
[ 65.758812][ T5184] vfs_mkdir+0x532/0x7e0
[ 65.763064][ T5184] do_mkdirat+0x2a9/0x330
[ 65.767400][ T5184] ? __ia32_sys_mknod+0xb0/0xb0
[ 65.772909][ T5184] ? getname_flags.part.0+0x1d5/0x4d0
[ 65.778319][ T5184] __x64_sys_mkdir+0xf2/0x140
[ 65.783022][ T5184] do_syscall_64+0x38/0xb0
[ 65.787442][ T5184] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 65.793358][ T5184] RIP: 0033:0x7f0f36b85167
[ 65.797780][ T5184] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[pid 5184] mkdir("./bus", 0777) = 0
[pid 5184] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid 5184] +++ killed by SIGSEGV +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5184, si_uid=0, si_status=SIGSEGV, si_utime=7 /* 0.07 s */, si_stime=24 /* 0.24 s */} ---
umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555f526f0 /* 4 entries */, 32768) = 112
umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./9/binderfs") = 0
[ 65.817664][ T5184] RSP: 002b:00007ffec710e3f8 EFLAGS: 00000286 ORIG_RAX: 0000000000000053
[ 65.826082][ T5184] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f0f36b85167
[ 65.834056][ T5184] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020000040
[ 65.842031][ T5184] RBP: 00007ffec710e490 R08: 0000000000000000 R09: 0000000020000000
[ 65.850003][ T5184] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000020000040
[ 65.858058][ T5184] R13: 0000000020000140 R14: 0000000000000000 R15: 0000000000000000
[ 65.866119][ T5184]
umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555f5a730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555f5a730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./9/file0") = 0
getdents64(3, 0x555555f526f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./9") = 0
mkdir("./10", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f51650) = 5201
./strace-static-x86_64: Process 5201 attached
[pid 5201] set_robust_list(0x555555f51660, 24) = 0
[pid 5201] chdir("./10") = 0
[pid 5201] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5201] setpgid(0, 0) = 0
[pid 5201] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5201] write(3, "1000", 4) = 4
[pid 5201] close(3) = 0
[pid 5201] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5201] memfd_create("syzkaller", 0) = 3
[pid 5201] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f2e747000
[pid 5201] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5201] munmap(0x7f0f2e747000, 16777216) = 0
[pid 5201] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5201] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5201] close(3) = 0
[pid 5201] mkdir("./file0", 0777) = 0
[ 66.158954][ T5201] loop0: detected capacity change from 0 to 32768
[ 66.169811][ T5201] BTRFS: device fsid d09153a9-5497-4f31-8e52-d2d02bbdf7fc devid 1 transid 8 /dev/loop0 scanned by syz-executor294 (5201)
[ 66.185022][ T5201] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm
[ 66.194768][ T5201] BTRFS info (device loop0): using free space tree
[pid 5201] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0
[pid 5201] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5201] chdir("./file0") = 0
[pid 5201] ioctl(4, LOOP_CLR_FD) = 0
[pid 5201] close(4) = 0
[pid 5201] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5201] write(4, "17", 2) = 2
[pid 5201] mkdir("./bus", 0777) = 0
[pid 5201] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid 5201] +++ killed by SIGSEGV +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5201, si_uid=0, si_status=SIGSEGV, si_utime=3 /* 0.03 s */, si_stime=16 /* 0.16 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555f526f0 /* 4 entries */, 32768) = 112
umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./10/binderfs") = 0
[ 66.213073][ T5201] BTRFS info (device loop0): enabling ssd optimizations
[ 66.220534][ T5201] BTRFS info (device loop0): auto enabling async discard
umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555f5a730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555f5a730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./10/file0") = 0
getdents64(3, 0x555555f526f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./10") = 0
mkdir("./11", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f51650) = 5218
./strace-static-x86_64: Process 5218 attached
[pid 5218] set_robust_list(0x555555f51660, 24) = 0
[pid 5218] chdir("./11") = 0
[pid 5218] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5218] setpgid(0, 0) = 0
[pid 5218] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5218] write(3, "1000", 4) = 4
[pid 5218] close(3) = 0
[pid 5218] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5218] memfd_create("syzkaller", 0) = 3
[pid 5218] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f2e747000
[pid 5218] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5218] munmap(0x7f0f2e747000, 16777216) = 0
[pid 5218] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5218] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5218] close(3) = 0
[pid 5218] mkdir("./file0", 0777) = 0
[ 66.612772][ T5218] loop0: detected capacity change from 0 to 32768
[ 66.622798][ T5218] BTRFS: device fsid d09153a9-5497-4f31-8e52-d2d02bbdf7fc devid 1 transid 8 /dev/loop0 scanned by syz-executor294 (5218)
[ 66.638795][ T5218] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm
[ 66.648494][ T5218] BTRFS info (device loop0): using free space tree
[pid 5218] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0
[pid 5218] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5218] chdir("./file0") = 0
[pid 5218] ioctl(4, LOOP_CLR_FD) = 0
[pid 5218] close(4) = 0
[pid 5218] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5218] write(4, "17", 2) = 2
[pid 5218] mkdir("./bus", 0777) = 0
[pid 5218] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid 5218] +++ killed by SIGSEGV +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5218, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=24 /* 0.24 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555f526f0 /* 4 entries */, 32768) = 112
umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./11/binderfs") = 0
[ 66.667416][ T5218] BTRFS info (device loop0): enabling ssd optimizations
[ 66.674881][ T5218] BTRFS info (device loop0): auto enabling async discard
umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555f5a730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555f5a730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./11/file0") = 0
getdents64(3, 0x555555f526f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./11") = 0
mkdir("./12", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f51650) = 5235
./strace-static-x86_64: Process 5235 attached
[pid 5235] set_robust_list(0x555555f51660, 24) = 0
[pid 5235] chdir("./12") = 0
[pid 5235] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5235] setpgid(0, 0) = 0
[pid 5235] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5235] write(3, "1000", 4) = 4
[pid 5235] close(3) = 0
[pid 5235] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5235] memfd_create("syzkaller", 0) = 3
[pid 5235] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f2e747000
[pid 5235] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5235] munmap(0x7f0f2e747000, 16777216) = 0
[pid 5235] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5235] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5235] close(3) = 0
[pid 5235] mkdir("./file0", 0777) = 0
[ 67.069637][ T5235] loop0: detected capacity change from 0 to 32768
[ 67.079915][ T5235] BTRFS: device fsid d09153a9-5497-4f31-8e52-d2d02bbdf7fc devid 1 transid 8 /dev/loop0 scanned by syz-executor294 (5235)
[ 67.097621][ T5235] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm
[ 67.107169][ T5235] BTRFS info (device loop0): using free space tree
[pid 5235] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0
[pid 5235] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5235] chdir("./file0") = 0
[pid 5235] ioctl(4, LOOP_CLR_FD) = 0
[pid 5235] close(4) = 0
[pid 5235] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5235] write(4, "17", 2) = 2
[pid 5235] mkdir("./bus", 0777) = 0
[pid 5235] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid 5235] +++ killed by SIGSEGV +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5235, si_uid=0, si_status=SIGSEGV, si_utime=4 /* 0.04 s */, si_stime=27 /* 0.27 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555f526f0 /* 4 entries */, 32768) = 112
umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[ 67.125127][ T5235] BTRFS info (device loop0): enabling ssd optimizations
[ 67.132775][ T5235] BTRFS info (device loop0): auto enabling async discard
unlink("./12/binderfs") = 0
umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555f5a730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555f5a730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./12/file0") = 0
getdents64(3, 0x555555f526f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./12") = 0
mkdir("./13", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f51650) = 5252
./strace-static-x86_64: Process 5252 attached
[pid 5252] set_robust_list(0x555555f51660, 24) = 0
[pid 5252] chdir("./13") = 0
[pid 5252] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5252] setpgid(0, 0) = 0
[pid 5252] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5252] write(3, "1000", 4) = 4
[pid 5252] close(3) = 0
[pid 5252] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5252] memfd_create("syzkaller", 0) = 3
[pid 5252] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f2e747000
[pid 5252] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5252] munmap(0x7f0f2e747000, 16777216) = 0
[pid 5252] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5252] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5252] close(3) = 0
[pid 5252] mkdir("./file0", 0777) = 0
[ 67.522448][ T5252] loop0: detected capacity change from 0 to 32768
[ 67.533599][ T5252] BTRFS: device fsid d09153a9-5497-4f31-8e52-d2d02bbdf7fc devid 1 transid 8 /dev/loop0 scanned by syz-executor294 (5252)
[ 67.549591][ T5252] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm
[ 67.559416][ T5252] BTRFS info (device loop0): using free space tree
[pid 5252] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0
[pid 5252] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5252] chdir("./file0") = 0
[pid 5252] ioctl(4, LOOP_CLR_FD) = 0
[pid 5252] close(4) = 0
[pid 5252] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5252] write(4, "17", 2) = 2
[pid 5252] mkdir("./bus", 0777) = 0
[pid 5252] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid 5252] +++ killed by SIGSEGV +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5252, si_uid=0, si_status=SIGSEGV, si_utime=3 /* 0.03 s */, si_stime=24 /* 0.24 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555f526f0 /* 4 entries */, 32768) = 112
umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./13/binderfs") = 0
[ 67.577771][ T5252] BTRFS info (device loop0): enabling ssd optimizations
[ 67.585018][ T5252] BTRFS info (device loop0): auto enabling async discard
umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555f5a730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555f5a730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./13/file0") = 0
getdents64(3, 0x555555f526f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./13") = 0
mkdir("./14", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f51650) = 5269
./strace-static-x86_64: Process 5269 attached
[pid 5269] set_robust_list(0x555555f51660, 24) = 0
[pid 5269] chdir("./14") = 0
[pid 5269] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5269] setpgid(0, 0) = 0
[pid 5269] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5269] write(3, "1000", 4) = 4
[pid 5269] close(3) = 0
[pid 5269] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5269] memfd_create("syzkaller", 0) = 3
[pid 5269] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f2e747000
[pid 5269] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5269] munmap(0x7f0f2e747000, 16777216) = 0
[pid 5269] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5269] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5269] close(3) = 0
[pid 5269] mkdir("./file0", 0777) = 0
[ 67.972943][ T5269] loop0: detected capacity change from 0 to 32768
[ 67.993593][ T5269] BTRFS: device fsid d09153a9-5497-4f31-8e52-d2d02bbdf7fc devid 1 transid 8 /dev/loop0 scanned by syz-executor294 (5269)
[ 68.012933][ T5269] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm
[pid 5269] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0
[pid 5269] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5269] chdir("./file0") = 0
[pid 5269] ioctl(4, LOOP_CLR_FD) = 0
[pid 5269] close(4) = 0
[pid 5269] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5269] write(4, "17", 2) = 2
[pid 5269] mkdir("./bus", 0777) = 0
[pid 5269] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid 5269] +++ killed by SIGSEGV +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5269, si_uid=0, si_status=SIGSEGV, si_utime=3 /* 0.03 s */, si_stime=20 /* 0.20 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555f526f0 /* 4 entries */, 32768) = 112
umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./14/binderfs") = 0
[ 68.022681][ T5269] BTRFS info (device loop0): using free space tree
[ 68.040856][ T5269] BTRFS info (device loop0): enabling ssd optimizations
[ 68.047833][ T5269] BTRFS info (device loop0): auto enabling async discard
umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555f5a730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555f5a730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./14/file0") = 0
getdents64(3, 0x555555f526f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./14") = 0
mkdir("./15", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f51650) = 5286
./strace-static-x86_64: Process 5286 attached
[pid 5286] set_robust_list(0x555555f51660, 24) = 0
[pid 5286] chdir("./15") = 0
[pid 5286] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5286] setpgid(0, 0) = 0
[pid 5286] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5286] write(3, "1000", 4) = 4
[pid 5286] close(3) = 0
[pid 5286] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5286] memfd_create("syzkaller", 0) = 3
[pid 5286] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f2e747000
[pid 5286] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5286] munmap(0x7f0f2e747000, 16777216) = 0
[pid 5286] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5286] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5286] close(3) = 0
[pid 5286] mkdir("./file0", 0777) = 0
[ 68.424542][ T5286] loop0: detected capacity change from 0 to 32768
[ 68.435701][ T5286] BTRFS: device fsid d09153a9-5497-4f31-8e52-d2d02bbdf7fc devid 1 transid 8 /dev/loop0 scanned by syz-executor294 (5286)
[ 68.453717][ T5286] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm
[ 68.463542][ T5286] BTRFS info (device loop0): using free space tree
[pid 5286] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0
[pid 5286] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5286] chdir("./file0") = 0
[pid 5286] ioctl(4, LOOP_CLR_FD) = 0
[pid 5286] close(4) = 0
[pid 5286] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5286] write(4, "17", 2) = 2
[ 68.481233][ T5286] BTRFS info (device loop0): enabling ssd optimizations
[ 68.488226][ T5286] BTRFS info (device loop0): auto enabling async discard
[ 68.518867][ T5286] FAULT_INJECTION: forcing a failure.
[ 68.518867][ T5286] name failslab, interval 1, probability 0, space 0, times 0
[ 68.531794][ T5286] CPU: 0 PID: 5286 Comm: syz-executor294 Not tainted 6.5.0-rc2-syzkaller-00307-gd192f5382581 #0
[ 68.542782][ T5286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[ 68.552983][ T5286] Call Trace:
[ 68.556382][ T5286]
[ 68.559354][ T5286] dump_stack_lvl+0x125/0x1b0
[ 68.564149][ T5286] should_fail_ex+0x496/0x5b0
[ 68.568876][ T5286] should_failslab+0x9/0x20
[ 68.573425][ T5286] __kmem_cache_alloc_node+0x5f/0x470
[ 68.578930][ T5286] kmalloc_trace+0x25/0xe0
[ 68.583384][ T5286] btrfs_cache_block_group+0xcf/0x7d0
[ 68.588941][ T5286] ? print_usage_bug.part.0+0x670/0x670
[ 68.594537][ T5286] find_free_extent+0x32ab/0x65b0
[ 68.599704][ T5286] ? do_raw_spin_unlock+0x173/0x230
[ 68.604946][ T5286] ? _raw_spin_unlock+0x28/0x40
[ 68.610024][ T5286] ? btrfs_get_alloc_profile+0x2da/0x850
[ 68.615708][ T5286] btrfs_reserve_extent+0x333/0x6b0
[ 68.621219][ T5286] ? walk_down_tree+0x4d0/0x4d0
[ 68.626123][ T5286] ? do_raw_spin_unlock+0x173/0x230
[ 68.631364][ T5286] ? _raw_spin_unlock+0x28/0x40
[ 68.636355][ T5286] ? btrfs_use_block_rsv+0x2e3/0x7f0
[ 68.641774][ T5286] btrfs_alloc_tree_block+0x234/0x1420
[ 68.647387][ T5286] ? btrfs_alloc_logged_file_extent+0x580/0x580
[ 68.653944][ T5286] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 68.660056][ T5286] __btrfs_cow_block+0x3ce/0x18e0
[ 68.665212][ T5286] ? update_ref_for_cow+0xc10/0xc10
[ 68.670619][ T5286] ? btrfs_qgroup_add_swapped_blocks+0x9d0/0x9d0
[ 68.676990][ T5286] ? down_write_nested+0x153/0x200
[ 68.682149][ T5286] btrfs_cow_block+0x2f1/0x820
[ 68.686956][ T5286] btrfs_search_slot+0x12a0/0x30e0
[ 68.692193][ T5286] ? balance_level+0x2420/0x2420
[ 68.697257][ T5286] ? find_held_lock+0x2d/0x110
[ 68.702070][ T5286] ? btrfs_create_new_inode+0x763/0x2610
[ 68.707759][ T5286] ? reacquire_held_locks+0x4b0/0x4b0
[ 68.713177][ T5286] ? do_raw_spin_lock+0x12e/0x2b0
[ 68.718248][ T5286] ? spin_bug+0x1d0/0x1d0
[ 68.722706][ T5286] btrfs_insert_empty_items+0xb7/0x1b0
[ 68.728210][ T5286] ? do_raw_spin_unlock+0x173/0x230
[ 68.733559][ T5286] btrfs_create_new_inode+0x825/0x2610
[ 68.739424][ T5286] ? btrfs_link+0x790/0x790
[ 68.744077][ T5286] ? record_root_in_trans+0x2f7/0x3e0
[ 68.749663][ T5286] btrfs_create_common+0x1d5/0x290
[ 68.754796][ T5286] ? btrfs_tmpfile+0x440/0x440
[ 68.759680][ T5286] ? inode_init_owner+0x2d1/0x3c0
[ 68.764737][ T5286] btrfs_mkdir+0xc7/0x100
[ 68.769198][ T5286] vfs_mkdir+0x532/0x7e0
[ 68.773550][ T5286] do_mkdirat+0x2a9/0x330
[ 68.778065][ T5286] ? __ia32_sys_mknod+0xb0/0xb0
[ 68.782929][ T5286] ? getname_flags.part.0+0x1d5/0x4d0
[ 68.788400][ T5286] __x64_sys_mkdir+0xf2/0x140
[ 68.793266][ T5286] do_syscall_64+0x38/0xb0
[ 68.797792][ T5286] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 68.804016][ T5286] RIP: 0033:0x7f0f36b85167
[ 68.808437][ T5286] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[pid 5286] mkdir("./bus", 0777) = 0
[pid 5286] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid 5286] +++ killed by SIGSEGV +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5286, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=34 /* 0.34 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555f526f0 /* 4 entries */, 32768) = 112
umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./15/binderfs") = 0
[ 68.828169][ T5286] RSP: 002b:00007ffec710e3f8 EFLAGS: 00000286 ORIG_RAX: 0000000000000053
[ 68.836935][ T5286] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f0f36b85167
[ 68.845169][ T5286] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020000040
[ 68.853141][ T5286] RBP: 00007ffec710e490 R08: 0000000000000000 R09: 0000000020000000
[ 68.861112][ T5286] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000020000040
[ 68.869088][ T5286] R13: 0000000020000140 R14: 0000000000000000 R15: 0000000000000000
[ 68.877200][ T5286]
umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555f5a730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555f5a730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./15/file0") = 0
getdents64(3, 0x555555f526f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./15") = 0
mkdir("./16", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f51650) = 5303
./strace-static-x86_64: Process 5303 attached
[pid 5303] set_robust_list(0x555555f51660, 24) = 0
[pid 5303] chdir("./16") = 0
[pid 5303] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5303] setpgid(0, 0) = 0
[pid 5303] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5303] write(3, "1000", 4) = 4
[pid 5303] close(3) = 0
[pid 5303] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5303] memfd_create("syzkaller", 0) = 3
[pid 5303] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f2e747000
[pid 5303] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5303] munmap(0x7f0f2e747000, 16777216) = 0
[pid 5303] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5303] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5303] close(3) = 0
[pid 5303] mkdir("./file0", 0777) = 0
[ 69.188629][ T5303] loop0: detected capacity change from 0 to 32768
[ 69.199412][ T5303] BTRFS: device fsid d09153a9-5497-4f31-8e52-d2d02bbdf7fc devid 1 transid 8 /dev/loop0 scanned by syz-executor294 (5303)
[ 69.216170][ T5303] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm
[ 69.225918][ T5303] BTRFS info (device loop0): using free space tree
[pid 5303] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0
[pid 5303] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5303] chdir("./file0") = 0
[pid 5303] ioctl(4, LOOP_CLR_FD) = 0
[pid 5303] close(4) = 0
[pid 5303] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5303] write(4, "17", 2) = 2
[ 69.243264][ T5303] BTRFS info (device loop0): enabling ssd optimizations
[ 69.251155][ T5303] BTRFS info (device loop0): auto enabling async discard
[ 69.280760][ T5303] FAULT_INJECTION: forcing a failure.
[ 69.280760][ T5303] name failslab, interval 1, probability 0, space 0, times 0
[ 69.293790][ T5303] CPU: 0 PID: 5303 Comm: syz-executor294 Not tainted 6.5.0-rc2-syzkaller-00307-gd192f5382581 #0
[ 69.304331][ T5303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[ 69.314587][ T5303] Call Trace:
[ 69.317993][ T5303]
[ 69.320953][ T5303] dump_stack_lvl+0x125/0x1b0
[ 69.325742][ T5303] should_fail_ex+0x496/0x5b0
[ 69.330521][ T5303] should_failslab+0x9/0x20
[ 69.335047][ T5303] __kmem_cache_alloc_node+0x5f/0x470
[ 69.340612][ T5303] kmalloc_trace+0x25/0xe0
[ 69.346014][ T5303] btrfs_cache_block_group+0xcf/0x7d0
[ 69.351392][ T5303] ? print_usage_bug.part.0+0x670/0x670
[ 69.357122][ T5303] find_free_extent+0x32ab/0x65b0
[ 69.362246][ T5303] ? do_raw_spin_unlock+0x173/0x230
[ 69.367501][ T5303] ? _raw_spin_unlock+0x28/0x40
[ 69.372383][ T5303] ? btrfs_get_alloc_profile+0x2da/0x850
[ 69.378032][ T5303] btrfs_reserve_extent+0x333/0x6b0
[ 69.383245][ T5303] ? walk_down_tree+0x4d0/0x4d0
[ 69.388099][ T5303] ? do_raw_spin_unlock+0x173/0x230
[ 69.393306][ T5303] ? _raw_spin_unlock+0x28/0x40
[ 69.398514][ T5303] ? btrfs_use_block_rsv+0x2e3/0x7f0
[ 69.404076][ T5303] btrfs_alloc_tree_block+0x234/0x1420
[ 69.409546][ T5303] ? btrfs_alloc_logged_file_extent+0x580/0x580
[ 69.415809][ T5303] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 69.421985][ T5303] __btrfs_cow_block+0x3ce/0x18e0
[ 69.427015][ T5303] ? update_ref_for_cow+0xc10/0xc10
[ 69.432242][ T5303] ? btrfs_qgroup_add_swapped_blocks+0x9d0/0x9d0
[ 69.438615][ T5303] ? down_write_nested+0x153/0x200
[ 69.443772][ T5303] btrfs_cow_block+0x2f1/0x820
[ 69.449241][ T5303] btrfs_search_slot+0x12a0/0x30e0
[ 69.454448][ T5303] ? balance_level+0x2420/0x2420
[ 69.459475][ T5303] ? find_held_lock+0x2d/0x110
[ 69.464330][ T5303] ? btrfs_create_new_inode+0x763/0x2610
[ 69.470056][ T5303] ? reacquire_held_locks+0x4b0/0x4b0
[ 69.475711][ T5303] ? do_raw_spin_lock+0x12e/0x2b0
[ 69.480926][ T5303] ? spin_bug+0x1d0/0x1d0
[ 69.485273][ T5303] btrfs_insert_empty_items+0xb7/0x1b0
[ 69.490754][ T5303] ? do_raw_spin_unlock+0x173/0x230
[ 69.495965][ T5303] btrfs_create_new_inode+0x825/0x2610
[ 69.501437][ T5303] ? btrfs_link+0x790/0x790
[ 69.505947][ T5303] ? record_root_in_trans+0x2f7/0x3e0
[ 69.511334][ T5303] btrfs_create_common+0x1d5/0x290
[ 69.516544][ T5303] ? btrfs_tmpfile+0x440/0x440
[ 69.521327][ T5303] ? inode_init_owner+0x2d1/0x3c0
[ 69.526357][ T5303] btrfs_mkdir+0xc7/0x100
[ 69.530716][ T5303] vfs_mkdir+0x532/0x7e0
[ 69.534994][ T5303] do_mkdirat+0x2a9/0x330
[ 69.539434][ T5303] ? __ia32_sys_mknod+0xb0/0xb0
[ 69.544299][ T5303] ? getname_flags.part.0+0x1d5/0x4d0
[ 69.549803][ T5303] __x64_sys_mkdir+0xf2/0x140
[ 69.554498][ T5303] do_syscall_64+0x38/0xb0
[ 69.558932][ T5303] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 69.564840][ T5303] RIP: 0033:0x7f0f36b85167
[ 69.569255][ T5303] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[pid 5303] mkdir("./bus", 0777) = 0
[pid 5303] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid 5303] +++ killed by SIGSEGV +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5303, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=20 /* 0.20 s */} ---
umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555f526f0 /* 4 entries */, 32768) = 112
umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./16/binderfs") = 0
[ 69.588882][ T5303] RSP: 002b:00007ffec710e3f8 EFLAGS: 00000286 ORIG_RAX: 0000000000000053
[ 69.599068][ T5303] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f0f36b85167
[ 69.607223][ T5303] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020000040
[ 69.615220][ T5303] RBP: 00007ffec710e490 R08: 0000000000000000 R09: 0000000020000000
[ 69.623203][ T5303] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000020000040
[ 69.631195][ T5303] R13: 0000000020000140 R14: 0000000000000000 R15: 0000000000000000
[ 69.639263][ T5303]
umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555f5a730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555f5a730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./16/file0") = 0
getdents64(3, 0x555555f526f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./16") = 0
mkdir("./17", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f51650) = 5320
./strace-static-x86_64: Process 5320 attached
[pid 5320] set_robust_list(0x555555f51660, 24) = 0
[pid 5320] chdir("./17") = 0
[pid 5320] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5320] setpgid(0, 0) = 0
[pid 5320] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5320] write(3, "1000", 4) = 4
[pid 5320] close(3) = 0
[pid 5320] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5320] memfd_create("syzkaller", 0) = 3
[pid 5320] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f2e747000
[pid 5320] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5320] munmap(0x7f0f2e747000, 16777216) = 0
[pid 5320] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5320] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5320] close(3) = 0
[pid 5320] mkdir("./file0", 0777) = 0
[ 70.005727][ T5320] loop0: detected capacity change from 0 to 32768
[ 70.016146][ T5320] BTRFS: device fsid d09153a9-5497-4f31-8e52-d2d02bbdf7fc devid 1 transid 8 /dev/loop0 scanned by syz-executor294 (5320)
[ 70.033955][ T5320] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm
[ 70.044004][ T5320] BTRFS info (device loop0): using free space tree
[pid 5320] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0
[pid 5320] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5320] chdir("./file0") = 0
[pid 5320] ioctl(4, LOOP_CLR_FD) = 0
[pid 5320] close(4) = 0
[pid 5320] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5320] write(4, "17", 2) = 2
[ 70.062517][ T5320] BTRFS info (device loop0): enabling ssd optimizations
[ 70.069636][ T5320] BTRFS info (device loop0): auto enabling async discard
[ 70.082015][ T5320] FAULT_INJECTION: forcing a failure.
[ 70.082015][ T5320] name failslab, interval 1, probability 0, space 0, times 0
[ 70.098156][ T5320] CPU: 0 PID: 5320 Comm: syz-executor294 Not tainted 6.5.0-rc2-syzkaller-00307-gd192f5382581 #0
[ 70.108638][ T5320] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[ 70.118992][ T5320] Call Trace:
[ 70.122313][ T5320]
[ 70.125270][ T5320] dump_stack_lvl+0x125/0x1b0
[ 70.130068][ T5320] should_fail_ex+0x496/0x5b0
[ 70.134972][ T5320] should_failslab+0x9/0x20
[ 70.139600][ T5320] __kmem_cache_alloc_node+0x5f/0x470
[ 70.145106][ T5320] kmalloc_trace+0x25/0xe0
[ 70.149965][ T5320] btrfs_cache_block_group+0xcf/0x7d0
[ 70.155472][ T5320] ? print_usage_bug.part.0+0x670/0x670
[ 70.161066][ T5320] find_free_extent+0x32ab/0x65b0
[ 70.166485][ T5320] ? do_raw_spin_unlock+0x173/0x230
[ 70.171812][ T5320] ? _raw_spin_unlock+0x28/0x40
[ 70.176803][ T5320] ? btrfs_get_alloc_profile+0x2da/0x850
[ 70.182522][ T5320] btrfs_reserve_extent+0x333/0x6b0
[ 70.187882][ T5320] ? walk_down_tree+0x4d0/0x4d0
[ 70.192782][ T5320] ? do_raw_spin_unlock+0x173/0x230
[ 70.198034][ T5320] ? _raw_spin_unlock+0x28/0x40
[ 70.202921][ T5320] ? btrfs_use_block_rsv+0x2e3/0x7f0
[ 70.208234][ T5320] btrfs_alloc_tree_block+0x234/0x1420
[ 70.213709][ T5320] ? btrfs_alloc_logged_file_extent+0x580/0x580
[ 70.219991][ T5320] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 70.226005][ T5320] __btrfs_cow_block+0x3ce/0x18e0
[ 70.231045][ T5320] ? update_ref_for_cow+0xc10/0xc10
[ 70.236336][ T5320] ? btrfs_qgroup_add_swapped_blocks+0x9d0/0x9d0
[ 70.242758][ T5320] ? down_write_nested+0x153/0x200
[ 70.247871][ T5320] btrfs_cow_block+0x2f1/0x820
[ 70.252661][ T5320] btrfs_search_slot+0x12a0/0x30e0
[ 70.257878][ T5320] ? balance_level+0x2420/0x2420
[ 70.262916][ T5320] ? find_held_lock+0x2d/0x110
[ 70.267695][ T5320] ? btrfs_create_new_inode+0x763/0x2610
[ 70.273350][ T5320] ? reacquire_held_locks+0x4b0/0x4b0
[ 70.278999][ T5320] ? do_raw_spin_lock+0x12e/0x2b0
[ 70.284038][ T5320] ? spin_bug+0x1d0/0x1d0
[ 70.288561][ T5320] btrfs_insert_empty_items+0xb7/0x1b0
[ 70.294111][ T5320] ? do_raw_spin_unlock+0x173/0x230
[ 70.299323][ T5320] btrfs_create_new_inode+0x825/0x2610
[ 70.304795][ T5320] ? btrfs_link+0x790/0x790
[ 70.309335][ T5320] ? record_root_in_trans+0x2f7/0x3e0
[ 70.314748][ T5320] btrfs_create_common+0x1d5/0x290
[ 70.319893][ T5320] ? btrfs_tmpfile+0x440/0x440
[ 70.324769][ T5320] ? inode_init_owner+0x2d1/0x3c0
[ 70.329804][ T5320] btrfs_mkdir+0xc7/0x100
[ 70.334144][ T5320] vfs_mkdir+0x532/0x7e0
[ 70.338496][ T5320] do_mkdirat+0x2a9/0x330
[ 70.342880][ T5320] ? __ia32_sys_mknod+0xb0/0xb0
[ 70.347758][ T5320] ? getname_flags.part.0+0x1d5/0x4d0
[ 70.353145][ T5320] __x64_sys_mkdir+0xf2/0x140
[ 70.358249][ T5320] do_syscall_64+0x38/0xb0
[ 70.362866][ T5320] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 70.369345][ T5320] RIP: 0033:0x7f0f36b85167
[ 70.373943][ T5320] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 70.393658][ T5320] RSP: 002b:00007ffec710e3f8 EFLAGS: 00000286 ORIG_RAX: 0000000000000053
[ 70.402259][ T5320] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f0f36b85167
[pid 5320] mkdir("./bus", 0777) = 0
[pid 5320] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid 5320] +++ killed by SIGSEGV +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5320, si_uid=0, si_status=SIGSEGV, si_utime=5 /* 0.05 s */, si_stime=23 /* 0.23 s */} ---
umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555f526f0 /* 4 entries */, 32768) = 112
umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./17/binderfs") = 0
[ 70.410405][ T5320] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020000040
[ 70.418378][ T5320] RBP: 00007ffec710e490 R08: 0000000000000000 R09: 0000000020000000
[ 70.426348][ T5320] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000020000040
[ 70.434325][ T5320] R13: 0000000020000140 R14: 0000000000000000 R15: 0000000000000000
[ 70.442303][ T5320]
umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555f5a730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555f5a730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./17/file0") = 0
getdents64(3, 0x555555f526f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./17") = 0
mkdir("./18", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f51650) = 5337
./strace-static-x86_64: Process 5337 attached
[pid 5337] set_robust_list(0x555555f51660, 24) = 0
[pid 5337] chdir("./18") = 0
[pid 5337] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5337] setpgid(0, 0) = 0
[pid 5337] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5337] write(3, "1000", 4) = 4
[pid 5337] close(3) = 0
[pid 5337] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5337] memfd_create("syzkaller", 0) = 3
[pid 5337] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f2e747000
[pid 5337] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5337] munmap(0x7f0f2e747000, 16777216) = 0
[pid 5337] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5337] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5337] close(3) = 0
[pid 5337] mkdir("./file0", 0777) = 0
[ 70.769956][ T5337] loop0: detected capacity change from 0 to 32768
[ 70.781339][ T5337] BTRFS: device fsid d09153a9-5497-4f31-8e52-d2d02bbdf7fc devid 1 transid 8 /dev/loop0 scanned by syz-executor294 (5337)
[ 70.797446][ T5337] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm
[ 70.807155][ T5337] BTRFS info (device loop0): using free space tree
[pid 5337] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0
[pid 5337] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5337] chdir("./file0") = 0
[pid 5337] ioctl(4, LOOP_CLR_FD) = 0
[pid 5337] close(4) = 0
[pid 5337] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5337] write(4, "17", 2) = 2
[pid 5337] mkdir("./bus", 0777) = 0
[pid 5337] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid 5337] +++ killed by SIGSEGV +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5337, si_uid=0, si_status=SIGSEGV, si_utime=4 /* 0.04 s */, si_stime=19 /* 0.19 s */} ---
umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555f526f0 /* 4 entries */, 32768) = 112
umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./18/binderfs") = 0
[ 70.826933][ T5337] BTRFS info (device loop0): enabling ssd optimizations
[ 70.834319][ T5337] BTRFS info (device loop0): auto enabling async discard
umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555f5a730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555f5a730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./18/file0") = 0
getdents64(3, 0x555555f526f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./18") = 0
mkdir("./19", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f51650) = 5354
./strace-static-x86_64: Process 5354 attached
[pid 5354] set_robust_list(0x555555f51660, 24) = 0
[pid 5354] chdir("./19") = 0
[pid 5354] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5354] setpgid(0, 0) = 0
[pid 5354] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5354] write(3, "1000", 4) = 4
[pid 5354] close(3) = 0
[pid 5354] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5354] memfd_create("syzkaller", 0) = 3
[pid 5354] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f2e747000
[pid 5354] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5354] munmap(0x7f0f2e747000, 16777216) = 0
[pid 5354] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5354] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5354] close(3) = 0
[pid 5354] mkdir("./file0", 0777) = 0
[ 71.221337][ T5354] loop0: detected capacity change from 0 to 32768
[ 71.230701][ T5354] BTRFS: device fsid d09153a9-5497-4f31-8e52-d2d02bbdf7fc devid 1 transid 8 /dev/loop0 scanned by syz-executor294 (5354)
[ 71.247876][ T5354] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm
[ 71.257572][ T5354] BTRFS info (device loop0): using free space tree
[pid 5354] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0
[pid 5354] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5354] chdir("./file0") = 0
[pid 5354] ioctl(4, LOOP_CLR_FD) = 0
[pid 5354] close(4) = 0
[pid 5354] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5354] write(4, "17", 2) = 2
[ 71.273754][ T5354] BTRFS info (device loop0): enabling ssd optimizations
[ 71.280777][ T5354] BTRFS info (device loop0): auto enabling async discard
[ 71.307818][ T5354] FAULT_INJECTION: forcing a failure.
[ 71.307818][ T5354] name failslab, interval 1, probability 0, space 0, times 0
[ 71.321006][ T5354] CPU: 0 PID: 5354 Comm: syz-executor294 Not tainted 6.5.0-rc2-syzkaller-00307-gd192f5382581 #0
[ 71.331454][ T5354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[ 71.341539][ T5354] Call Trace:
[ 71.344936][ T5354]
[ 71.347899][ T5354] dump_stack_lvl+0x125/0x1b0
[ 71.352609][ T5354] should_fail_ex+0x496/0x5b0
[ 71.357330][ T5354] should_failslab+0x9/0x20
[ 71.361954][ T5354] kmem_cache_alloc+0x61/0x400
[ 71.366791][ T5354] btrfs_alloc_tree_block+0xbaf/0x1420
[ 71.372294][ T5354] ? btrfs_alloc_logged_file_extent+0x580/0x580
[ 71.378578][ T5354] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 71.384772][ T5354] __btrfs_cow_block+0x3ce/0x18e0
[ 71.389921][ T5354] ? update_ref_for_cow+0xc10/0xc10
[ 71.395157][ T5354] ? btrfs_qgroup_add_swapped_blocks+0x9d0/0x9d0
[ 71.401534][ T5354] ? down_write_nested+0x153/0x200
[ 71.406687][ T5354] btrfs_cow_block+0x2f1/0x820
[ 71.411594][ T5354] btrfs_search_slot+0x12a0/0x30e0
[ 71.416947][ T5354] ? balance_level+0x2420/0x2420
[ 71.422003][ T5354] ? find_held_lock+0x2d/0x110
[ 71.426888][ T5354] ? btrfs_create_new_inode+0x763/0x2610
[ 71.432564][ T5354] ? reacquire_held_locks+0x4b0/0x4b0
[ 71.438761][ T5354] ? do_raw_spin_lock+0x12e/0x2b0
[ 71.443827][ T5354] ? spin_bug+0x1d0/0x1d0
[ 71.448202][ T5354] btrfs_insert_empty_items+0xb7/0x1b0
[ 71.453713][ T5354] ? do_raw_spin_unlock+0x173/0x230
[ 71.458957][ T5354] btrfs_create_new_inode+0x825/0x2610
[ 71.464545][ T5354] ? btrfs_link+0x790/0x790
[ 71.469100][ T5354] ? record_root_in_trans+0x2f7/0x3e0
[ 71.474527][ T5354] btrfs_create_common+0x1d5/0x290
[ 71.480342][ T5354] ? btrfs_tmpfile+0x440/0x440
[ 71.485157][ T5354] ? inode_init_owner+0x2d1/0x3c0
[ 71.490219][ T5354] btrfs_mkdir+0xc7/0x100
[ 71.494938][ T5354] vfs_mkdir+0x532/0x7e0
[ 71.499217][ T5354] do_mkdirat+0x2a9/0x330
[ 71.503595][ T5354] ? __ia32_sys_mknod+0xb0/0xb0
[ 71.508550][ T5354] ? getname_flags.part.0+0x1d5/0x4d0
[ 71.514042][ T5354] __x64_sys_mkdir+0xf2/0x140
[ 71.518831][ T5354] do_syscall_64+0x38/0xb0
[ 71.523333][ T5354] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 71.529321][ T5354] RIP: 0033:0x7f0f36b85167
[ 71.533740][ T5354] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 71.554935][ T5354] RSP: 002b:00007ffec710e3f8 EFLAGS: 00000286 ORIG_RAX: 0000000000000053
[ 71.564145][ T5354] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f0f36b85167
[ 71.572123][ T5354] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020000040
[ 71.580100][ T5354] RBP: 00007ffec710e490 R08: 0000000000000000 R09: 0000000020000000
[ 71.588078][ T5354] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000020000040
[ 71.596242][ T5354] R13: 0000000020000140 R14: 0000000000000000 R15: 0000000000000000
[ 71.604318][ T5354]
[ 71.613021][ T5354] BTRFS: error (device loop0: state A) in btrfs_create_new_inode:6401: errno=-12 Out of memory
[pid 5354] mkdir("./bus", 0777) = -1 ENOMEM (Cannot allocate memory)
[pid 5354] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid 5354] +++ killed by SIGSEGV +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5354, si_uid=0, si_status=SIGSEGV, si_utime=2 /* 0.02 s */, si_stime=28 /* 0.28 s */} ---
umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555f526f0 /* 4 entries */, 32768) = 112
umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./19/binderfs") = 0
[ 71.623561][ T5354] BTRFS info (device loop0: state EA): forced readonly
[ 71.673808][ T5012] ------------[ cut here ]------------
[ 71.679445][ T5012] WARNING: CPU: 0 PID: 5012 at fs/btrfs/space-info.h:198 btrfs_space_info_update_bytes_may_use+0x448/0x590
[ 71.691159][ T5012] Modules linked in:
[ 71.695165][ T5012] CPU: 0 PID: 5012 Comm: syz-executor294 Not tainted 6.5.0-rc2-syzkaller-00307-gd192f5382581 #0
[ 71.705840][ T5012] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[ 71.715979][ T5012] RIP: 0010:btrfs_space_info_update_bytes_may_use+0x448/0x590
[ 71.723544][ T5012] Code: fd e9 69 fc ff ff e8 e7 6e f4 fd 49 89 ee 4c 89 e6 49 f7 de 4c 89 f7 e8 e6 69 f4 fd 4d 39 f4 0f 83 7c fd ff ff e8 c8 6e f4 fd <0f> 0b 45 31 e4 e9 75 fd ff ff e8 b9 6e f4 fd 48 8d 7b 18 be ff ff
[ 71.743880][ T5012] RSP: 0018:ffffc9000341fac0 EFLAGS: 00010293
[ 71.750110][ T5012] RAX: 0000000000000000 RBX: ffff888079ea2800 RCX: 0000000000000000
[ 71.758281][ T5012] RDX: ffff88807a90c040 RSI: ffffffff83911a08 RDI: 0000000000000006
[ 71.766708][ T5012] RBP: ffffffffffea0000 R08: 0000000000000006 R09: 0000000000160000
[ 71.774882][ T5012] R10: 000000000015f000 R11: 0000000000094000 R12: 000000000015f000
[ 71.782929][ T5012] R13: ffff888079ea2860 R14: 0000000000160000 R15: 0000000000000005
[ 71.790973][ T5012] FS: 0000555555f51380(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[ 71.799963][ T5012] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 71.806571][ T5012] CR2: 00007ffec710cd28 CR3: 0000000076481000 CR4: 00000000003506f0
[ 71.814841][ T5012] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 71.824022][ T5012] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 71.832789][ T5012] Call Trace:
[ 71.838348][ T5012]
[ 71.841609][ T5012] ? __warn+0xe6/0x380
[ 71.845888][ T5012] ? btrfs_space_info_update_bytes_may_use+0x448/0x590
[ 71.852812][ T5012] ? report_bug+0x3bc/0x580
[ 71.857553][ T5012] ? handle_bug+0x3c/0x70
[ 71.861989][ T5012] ? exc_invalid_op+0x17/0x40
[ 71.866710][ T5012] ? asm_exc_invalid_op+0x1a/0x20
[ 71.872360][ T5012] ? btrfs_space_info_update_bytes_may_use+0x448/0x590
[ 71.879330][ T5012] ? btrfs_space_info_update_bytes_may_use+0x448/0x590
[ 71.886429][ T5012] btrfs_block_rsv_release+0x566/0x670
[ 71.892030][ T5012] btrfs_release_global_block_rsv+0x26/0x2e0
[ 71.898223][ T5012] btrfs_free_block_groups+0xa3a/0x11b0
[ 71.903931][ T5012] close_ctree+0x8c7/0xdd0
[ 71.908597][ T5012] ? btrfs_cleanup_transaction.isra.0+0x1200/0x1200
[ 71.915352][ T5012] ? find_rule+0x370/0x370
[ 71.919836][ T5012] ? __fsnotify_vfsmount_delete+0x20/0x20
[ 71.925936][ T5012] ? dispose_list+0x1e0/0x1e0
[ 71.930678][ T5012] ? fscrypt_destroy_keyring+0x1e/0x390
[ 71.936245][ T5012] ? btrfs_set_super+0x70/0x70
[ 71.941139][ T5012] generic_shutdown_super+0x158/0x480
[ 71.946552][ T5012] kill_anon_super+0x3a/0x60
[ 71.951184][ T5012] btrfs_kill_super+0x3b/0x50
[ 71.955972][ T5012] deactivate_locked_super+0x9a/0x170
[ 71.961415][ T5012] deactivate_super+0xde/0x100
[ 71.966199][ T5012] cleanup_mnt+0x222/0x3d0
[ 71.971004][ T5012] task_work_run+0x14d/0x240
[ 71.975879][ T5012] ? task_work_cancel+0x30/0x30
[ 71.980804][ T5012] ptrace_notify+0x10c/0x130
[ 71.985417][ T5012] syscall_exit_to_user_mode_prepare+0x120/0x220
[ 71.991836][ T5012] syscall_exit_to_user_mode+0xd/0x50
[ 71.997226][ T5012] do_syscall_64+0x44/0xb0
[ 72.001702][ T5012] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 72.007744][ T5012] RIP: 0033:0x7f0f36b87507
[ 72.012200][ T5012] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8
[ 72.032716][ T5012] RSP: 002b:00007ffec710d4d8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6
[ 72.041227][ T5012] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f0f36b87507
[ 72.049560][ T5012] RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffec710d590
[ 72.057630][ T5012] RBP: 00007ffec710d590 R08: 0000000000000000 R09: 0000000000000000
[ 72.065656][ T5012] R10: 00000000ffffffff R11: 0000000000000206 R12: 00007ffec710e610
[ 72.073782][ T5012] R13: 0000555555f526c0 R14: 431bde82d7b634db R15: 00007ffec710e630
[ 72.082025][ T5012]
[ 72.085043][ T5012] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 72.092405][ T5012] CPU: 0 PID: 5012 Comm: syz-executor294 Not tainted 6.5.0-rc2-syzkaller-00307-gd192f5382581 #0
[ 72.102815][ T5012] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[ 72.112967][ T5012] Call Trace:
[ 72.116258][ T5012]
[ 72.119188][ T5012] dump_stack_lvl+0xd9/0x1b0
[ 72.123959][ T5012] panic+0x6a4/0x750
[ 72.127967][ T5012] ? panic_smp_self_stop+0xa0/0xa0
[ 72.133102][ T5012] ? show_trace_log_lvl+0x29d/0x3c0
[ 72.138416][ T5012] ? btrfs_space_info_update_bytes_may_use+0x448/0x590
[ 72.145298][ T5012] check_panic_on_warn+0xab/0xb0
[ 72.150341][ T5012] __warn+0xf2/0x380
[ 72.154247][ T5012] ? btrfs_space_info_update_bytes_may_use+0x448/0x590
[ 72.161204][ T5012] report_bug+0x3bc/0x580
[ 72.165634][ T5012] handle_bug+0x3c/0x70
[ 72.169791][ T5012] exc_invalid_op+0x17/0x40
[ 72.174755][ T5012] asm_exc_invalid_op+0x1a/0x20
[ 72.179793][ T5012] RIP: 0010:btrfs_space_info_update_bytes_may_use+0x448/0x590
[ 72.187429][ T5012] Code: fd e9 69 fc ff ff e8 e7 6e f4 fd 49 89 ee 4c 89 e6 49 f7 de 4c 89 f7 e8 e6 69 f4 fd 4d 39 f4 0f 83 7c fd ff ff e8 c8 6e f4 fd <0f> 0b 45 31 e4 e9 75 fd ff ff e8 b9 6e f4 fd 48 8d 7b 18 be ff ff
[ 72.207666][ T5012] RSP: 0018:ffffc9000341fac0 EFLAGS: 00010293
[ 72.214374][ T5012] RAX: 0000000000000000 RBX: ffff888079ea2800 RCX: 0000000000000000
[ 72.222716][ T5012] RDX: ffff88807a90c040 RSI: ffffffff83911a08 RDI: 0000000000000006
[ 72.230953][ T5012] RBP: ffffffffffea0000 R08: 0000000000000006 R09: 0000000000160000
[ 72.239198][ T5012] R10: 000000000015f000 R11: 0000000000094000 R12: 000000000015f000
[ 72.247869][ T5012] R13: ffff888079ea2860 R14: 0000000000160000 R15: 0000000000000005
[ 72.257690][ T5012] ? btrfs_space_info_update_bytes_may_use+0x448/0x590
[ 72.264851][ T5012] btrfs_block_rsv_release+0x566/0x670
[ 72.270588][ T5012] btrfs_release_global_block_rsv+0x26/0x2e0
[ 72.276867][ T5012] btrfs_free_block_groups+0xa3a/0x11b0
[ 72.282517][ T5012] close_ctree+0x8c7/0xdd0
[ 72.287035][ T5012] ? btrfs_cleanup_transaction.isra.0+0x1200/0x1200
[ 72.293638][ T5012] ? find_rule+0x370/0x370
[ 72.298139][ T5012] ? __fsnotify_vfsmount_delete+0x20/0x20
[ 72.304114][ T5012] ? dispose_list+0x1e0/0x1e0
[ 72.309104][ T5012] ? fscrypt_destroy_keyring+0x1e/0x390
[ 72.314788][ T5012] ? btrfs_set_super+0x70/0x70
[ 72.319910][ T5012] generic_shutdown_super+0x158/0x480
[ 72.325766][ T5012] kill_anon_super+0x3a/0x60
[ 72.330367][ T5012] btrfs_kill_super+0x3b/0x50
[ 72.335054][ T5012] deactivate_locked_super+0x9a/0x170
[ 72.340458][ T5012] deactivate_super+0xde/0x100
[ 72.345252][ T5012] cleanup_mnt+0x222/0x3d0
[ 72.349691][ T5012] task_work_run+0x14d/0x240
[ 72.354300][ T5012] ? task_work_cancel+0x30/0x30
[ 72.359161][ T5012] ptrace_notify+0x10c/0x130
[ 72.363751][ T5012] syscall_exit_to_user_mode_prepare+0x120/0x220
[ 72.370094][ T5012] syscall_exit_to_user_mode+0xd/0x50
[ 72.375476][ T5012] do_syscall_64+0x44/0xb0
[ 72.379983][ T5012] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 72.386155][ T5012] RIP: 0033:0x7f0f36b87507
[ 72.390658][ T5012] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8
[ 72.410636][ T5012] RSP: 002b:00007ffec710d4d8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6
[ 72.419263][ T5012] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f0f36b87507
[ 72.427421][ T5012] RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffec710d590
[ 72.435413][ T5012] RBP: 00007ffec710d590 R08: 0000000000000000 R09: 0000000000000000
[ 72.443737][ T5012] R10: 00000000ffffffff R11: 0000000000000206 R12: 00007ffec710e610
[ 72.451719][ T5012] R13: 0000555555f526c0 R14: 431bde82d7b634db R15: 00007ffec710e630
[ 72.459899][ T5012]
[ 72.463032][ T5012] Kernel Offset: disabled
[ 72.467562][ T5012] Rebooting in 86400 seconds..