./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2654495694
<...>
no interfaces have a carrier
[ 27.194040][ T3207] 8021q: adding VLAN 0 to HW filter on device bond0
[ 27.203835][ T3207] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: [ 27.651934][ T3297] sshd (3297) used greatest stack depth: 22376 bytes left
OK
syzkaller
Warning: Permanently added '10.128.0.131' (ECDSA) to the list of known hosts.
execve("./syz-executor2654495694", ["./syz-executor2654495694"], 0x7ffd9e7f3b20 /* 10 vars */) = 0
brk(NULL) = 0x555556352000
brk(0x555556352c40) = 0x555556352c40
arch_prctl(ARCH_SET_FS, 0x555556352300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor2654495694", 4096) = 28
brk(0x555556373c40) = 0x555556373c40
brk(0x555556374000) = 0x555556374000
mprotect(0x7f2da3d62000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
getpid() = 3627
mkdir("./syzkaller.EaePZs", 0700) = 0
chmod("./syzkaller.EaePZs", 0777) = 0
chdir("./syzkaller.EaePZs") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563525d0) = 3628
./strace-static-x86_64: Process 3628 attached
[pid 3628] chdir("./0") = 0
[pid 3628] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3628] setpgid(0, 0) = 0
[pid 3628] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3628] write(3, "1000", 4) = 4
[pid 3628] close(3) = 0
[pid 3628] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3628] memfd_create("syzkaller", 0) = 3
[pid 3628] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2d9b8a1000
[pid 3628] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 3628] munmap(0x7f2d9b8a1000, 16777216) = 0
[pid 3628] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3628] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3628] close(3) = 0
[pid 3628] mkdir("./file0", 0777) = 0
syzkaller login: [ 52.513615][ T3628] loop0: detected capacity change from 0 to 32768
[ 52.525902][ T3628] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor265 (3628)
[ 52.545498][ T3628] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm
[ 52.554902][ T3628] BTRFS info (device loop0): doing ref verification
[pid 3628] mount("/dev/loop0", "./file0", "btrfs", MS_SYNCHRONOUS|MS_STRICTATIME, "datacow,ref_verify,nodatasum,max_inline=%m-3,noautodefrag,ssd,") = 0
[pid 3628] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3628] chdir("./file0") = 0
[pid 3628] ioctl(4, LOOP_CLR_FD) = 0
[pid 3628] close(4) = 0
[pid 3628] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 3628] write(4, "44", 2) = 2
[ 52.561561][ T3628] BTRFS info (device loop0): setting nodatasum
[ 52.567742][ T3628] BTRFS info (device loop0): max_inline at 0
[ 52.573810][ T3628] BTRFS info (device loop0): enabling ssd optimizations
[ 52.580810][ T3628] BTRFS info (device loop0): using free space tree
[ 52.623994][ T3628] FAULT_INJECTION: forcing a failure.
[ 52.623994][ T3628] name failslab, interval 1, probability 0, space 0, times 1
[ 52.637190][ T3628] CPU: 0 PID: 3628 Comm: syz-executor265 Not tainted 6.1.0-rc8-syzkaller-00045-gce19275f0103 #0
[ 52.647648][ T3628] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 52.657714][ T3628] Call Trace:
[ 52.660984][ T3628]
[ 52.663906][ T3628] dump_stack_lvl+0xd1/0x138
[ 52.668602][ T3628] should_fail_ex.cold+0x5/0xa
[ 52.673369][ T3628] should_failslab+0x9/0x20
[ 52.677866][ T3628] __kmem_cache_alloc_node+0x66/0x3e0
[ 52.683319][ T3628] ? btrfs_ref_tree_mod+0x255/0x1a20
[ 52.688690][ T3628] kmalloc_trace+0x26/0x60
[ 52.693106][ T3628] btrfs_ref_tree_mod+0x255/0x1a20
[ 52.698229][ T3628] ? btrfs_alloc_tree_block+0xbc9/0x1320
[ 52.703855][ T3628] ? rcu_read_lock_sched_held+0x3e/0x70
[ 52.709399][ T3628] ? trace_kmem_cache_alloc+0x35/0x100
[ 52.714934][ T3628] ? kmem_cache_alloc+0x1ee/0x3d0
[ 52.719952][ T3628] btrfs_alloc_tree_block+0xe29/0x1320
[ 52.725416][ T3628] ? btrfs_alloc_logged_file_extent+0x600/0x600
[ 52.731669][ T3628] ? memcpy+0x3d/0x60
[ 52.735648][ T3628] __btrfs_cow_block+0x3b2/0x1430
[ 52.740666][ T3628] ? folio_mark_accessed+0xcf/0x830
[ 52.745864][ T3628] ? update_ref_for_cow+0xb30/0xb30
[ 52.751062][ T3628] ? btrfs_qgroup_trace_subtree_after_cow+0x200/0xe30
[ 52.757830][ T3628] btrfs_cow_block+0x2fa/0x950
[ 52.762596][ T3628] btrfs_search_slot+0x11b0/0x2c70
[ 52.767715][ T3628] ? split_leaf+0x1380/0x1380
[ 52.772399][ T3628] ? find_held_lock+0x2d/0x110
[ 52.777165][ T3628] ? btrfs_create_new_inode+0x790/0x27a0
[ 52.782799][ T3628] ? lock_downgrade+0x6e0/0x6e0
[ 52.787649][ T3628] ? do_raw_spin_lock+0x124/0x2b0
[ 52.792665][ T3628] ? rwlock_bug.part.0+0x90/0x90
[ 52.797597][ T3628] btrfs_insert_empty_items+0xbd/0x1c0
[ 52.803052][ T3628] ? do_raw_spin_unlock+0x175/0x230
[ 52.808243][ T3628] btrfs_create_new_inode+0x8be/0x27a0
[ 52.813710][ T3628] ? btrfs_link+0x730/0x730
[ 52.818217][ T3628] ? radix_tree_tag_set+0x260/0x300
[ 52.823500][ T3628] ? record_root_in_trans+0x2f7/0x3e0
[ 52.828869][ T3628] ? btrfs_record_root_in_trans+0x15a/0x1b0
[ 52.834762][ T3628] ? __btrfs_end_transaction+0x3b0/0x930
[ 52.840399][ T3628] btrfs_create_common+0x1d5/0x260
[ 52.845511][ T3628] ? btrfs_tmpfile+0x420/0x420
[ 52.850271][ T3628] ? rwlock_bug.part.0+0x90/0x90
[ 52.855209][ T3628] ? do_raw_spin_unlock+0x175/0x230
[ 52.860401][ T3628] ? _raw_spin_unlock+0x28/0x40
[ 52.865247][ T3628] ? inode_init_owner+0x376/0x440
[ 52.870273][ T3628] btrfs_create+0x116/0x160
[ 52.874774][ T3628] ? btrfs_mkdir+0x100/0x100
[ 52.879364][ T3628] lookup_open.isra.0+0xf05/0x12a0
[ 52.884482][ T3628] ? link_path_walk.part.0+0xe20/0xe20
[ 52.889962][ T3628] path_openat+0x996/0x2860
[ 52.894475][ T3628] ? path_lookupat+0x840/0x840
[ 52.899242][ T3628] do_filp_open+0x1ba/0x410
[ 52.903733][ T3628] ? may_open_dev+0xf0/0xf0
[ 52.908224][ T3628] ? find_held_lock+0x2d/0x110
[ 52.912994][ T3628] ? do_raw_spin_lock+0x124/0x2b0
[ 52.918012][ T3628] ? rwlock_bug.part.0+0x90/0x90
[ 52.922948][ T3628] ? _raw_spin_unlock+0x28/0x40
[ 52.927796][ T3628] ? alloc_fd+0x2d8/0x6d0
[ 52.932127][ T3628] do_sys_openat2+0x16d/0x4c0
[ 52.936800][ T3628] ? build_open_flags+0x6f0/0x6f0
[ 52.941823][ T3628] ? ptrace_notify+0xfe/0x140
[ 52.946501][ T3628] ? lock_downgrade+0x6e0/0x6e0
[ 52.951355][ T3628] __x64_sys_openat+0x143/0x1f0
[ 52.956204][ T3628] ? __ia32_sys_open+0x1c0/0x1c0
[ 52.961132][ T3628] ? _raw_spin_unlock_irq+0x23/0x50
[ 52.966327][ T3628] ? lockdep_hardirqs_on+0x7d/0x100
[ 52.971516][ T3628] ? _raw_spin_unlock_irq+0x2e/0x50
[ 52.976705][ T3628] ? ptrace_notify+0xfe/0x140
[ 52.981389][ T3628] do_syscall_64+0x39/0xb0
[ 52.985803][ T3628] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 52.991693][ T3628] RIP: 0033:0x7f2da3ceea89
[ 52.996102][ T3628] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 53.015714][ T3628] RSP: 002b:00007ffc7c859448 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[pid 3628] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[pid 3628] exit_group(0) = ?
[pid 3628] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3628, si_uid=0, si_status=0, si_utime=4, si_stime=20} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556353620 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./0/binderfs") = 0
[ 53.024123][ T3628] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f2da3ceea89
[ 53.032432][ T3628] RDX: 000000000000275a RSI: 0000000020000040 RDI: 00000000ffffff9c
[ 53.040394][ T3628] RBP: 00007ffc7c859470 R08: 0000000000000002 R09: 00007ffc7c859480
[ 53.048367][ T3628] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[ 53.056341][ T3628] R13: 00007ffc7c8594b0 R14: 00007ffc7c859490 R15: 0000000000000000
[ 53.064333][ T3628]
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555635b660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555635b660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./0/file0") = 0
getdents64(3, 0x555556353620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./0") = 0
mkdir("./1", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563525d0) = 3659
./strace-static-x86_64: Process 3659 attached
[pid 3659] chdir("./1") = 0
[pid 3659] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3659] setpgid(0, 0) = 0
[pid 3659] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3659] write(3, "1000", 4) = 4
[pid 3659] close(3) = 0
[pid 3659] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3659] memfd_create("syzkaller", 0) = 3
[pid 3659] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2d9b8a1000
[pid 3659] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 3659] munmap(0x7f2d9b8a1000, 16777216) = 0
[pid 3659] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3659] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3659] close(3) = 0
[pid 3659] mkdir("./file0", 0777) = 0
[ 53.406205][ T3659] loop0: detected capacity change from 0 to 32768
[ 53.420158][ T3659] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm
[ 53.429751][ T3659] BTRFS info (device loop0): doing ref verification
[ 53.436689][ T3659] BTRFS info (device loop0): setting nodatasum
[ 53.443122][ T3659] BTRFS info (device loop0): max_inline at 0
[ 53.449134][ T3659] BTRFS info (device loop0): enabling ssd optimizations
[pid 3659] mount("/dev/loop0", "./file0", "btrfs", MS_SYNCHRONOUS|MS_STRICTATIME, "datacow,ref_verify,nodatasum,max_inline=%m-3,noautodefrag,ssd,") = 0
[pid 3659] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3659] chdir("./file0") = 0
[pid 3659] ioctl(4, LOOP_CLR_FD) = 0
[pid 3659] close(4) = 0
[pid 3659] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 3659] write(4, "44", 2) = 2
[ 53.456327][ T3659] BTRFS info (device loop0): using free space tree
[ 53.485284][ T3659] FAULT_INJECTION: forcing a failure.
[ 53.485284][ T3659] name failslab, interval 1, probability 0, space 0, times 0
[ 53.498284][ T3659] CPU: 0 PID: 3659 Comm: syz-executor265 Not tainted 6.1.0-rc8-syzkaller-00045-gce19275f0103 #0
[ 53.508723][ T3659] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 53.518874][ T3659] Call Trace:
[ 53.522162][ T3659]
[ 53.525116][ T3659] dump_stack_lvl+0xd1/0x138
[ 53.529748][ T3659] should_fail_ex.cold+0x5/0xa
[ 53.534545][ T3659] should_failslab+0x9/0x20
[ 53.539069][ T3659] __kmem_cache_alloc_node+0x66/0x3e0
[ 53.544465][ T3659] ? add_block_entry+0x8f/0x8b0
[ 53.549351][ T3659] kmalloc_trace+0x26/0x60
[ 53.553803][ T3659] add_block_entry+0x8f/0x8b0
[ 53.558483][ T3659] btrfs_ref_tree_mod+0xe7b/0x1a20
[ 53.563597][ T3659] ? btrfs_alloc_tree_block+0xbc9/0x1320
[ 53.569313][ T3659] ? kmem_cache_alloc+0x1ee/0x3d0
[ 53.574336][ T3659] btrfs_alloc_tree_block+0xe29/0x1320
[ 53.579800][ T3659] ? btrfs_alloc_logged_file_extent+0x600/0x600
[ 53.586042][ T3659] ? ar9003_tx_gain_table_mode3+0x78/0x870
[ 53.591852][ T3659] ? memcpy+0x3d/0x60
[ 53.595833][ T3659] __btrfs_cow_block+0x3b2/0x1430
[ 53.600860][ T3659] ? folio_mark_accessed+0xcf/0x830
[ 53.606064][ T3659] ? update_ref_for_cow+0xb30/0xb30
[ 53.611261][ T3659] ? btrfs_qgroup_trace_subtree_after_cow+0x200/0xe30
[ 53.618027][ T3659] btrfs_cow_block+0x2fa/0x950
[ 53.622790][ T3659] btrfs_search_slot+0x11b0/0x2c70
[ 53.627907][ T3659] ? split_leaf+0x1380/0x1380
[ 53.632576][ T3659] ? find_held_lock+0x2d/0x110
[ 53.637342][ T3659] ? btrfs_create_new_inode+0x790/0x27a0
[ 53.642976][ T3659] ? lock_downgrade+0x6e0/0x6e0
[ 53.647971][ T3659] ? do_raw_spin_lock+0x124/0x2b0
[ 53.652989][ T3659] ? rwlock_bug.part.0+0x90/0x90
[ 53.658031][ T3659] btrfs_insert_empty_items+0xbd/0x1c0
[ 53.663487][ T3659] ? do_raw_spin_unlock+0x175/0x230
[ 53.668677][ T3659] btrfs_create_new_inode+0x8be/0x27a0
[ 53.674149][ T3659] ? btrfs_link+0x730/0x730
[ 53.678648][ T3659] ? radix_tree_tag_set+0x260/0x300
[ 53.683847][ T3659] ? record_root_in_trans+0x2f7/0x3e0
[ 53.689216][ T3659] ? btrfs_record_root_in_trans+0x15a/0x1b0
[ 53.695107][ T3659] ? __btrfs_end_transaction+0x3b0/0x930
[ 53.700743][ T3659] btrfs_create_common+0x1d5/0x260
[ 53.705864][ T3659] ? btrfs_tmpfile+0x420/0x420
[ 53.710624][ T3659] ? rwlock_bug.part.0+0x90/0x90
[ 53.715563][ T3659] ? do_raw_spin_unlock+0x175/0x230
[ 53.720756][ T3659] ? _raw_spin_unlock+0x28/0x40
[ 53.725601][ T3659] ? inode_init_owner+0x376/0x440
[ 53.730631][ T3659] btrfs_create+0x116/0x160
[ 53.735133][ T3659] ? btrfs_mkdir+0x100/0x100
[ 53.739807][ T3659] lookup_open.isra.0+0xf05/0x12a0
[ 53.744929][ T3659] ? link_path_walk.part.0+0xe20/0xe20
[ 53.750435][ T3659] path_openat+0x996/0x2860
[ 53.754965][ T3659] ? path_lookupat+0x840/0x840
[ 53.759747][ T3659] do_filp_open+0x1ba/0x410
[ 53.764251][ T3659] ? may_open_dev+0xf0/0xf0
[ 53.768751][ T3659] ? find_held_lock+0x2d/0x110
[ 53.773528][ T3659] ? do_raw_spin_lock+0x124/0x2b0
[ 53.778549][ T3659] ? rwlock_bug.part.0+0x90/0x90
[ 53.783488][ T3659] ? _raw_spin_unlock+0x28/0x40
[ 53.788333][ T3659] ? alloc_fd+0x2d8/0x6d0
[ 53.792666][ T3659] do_sys_openat2+0x16d/0x4c0
[ 53.797347][ T3659] ? build_open_flags+0x6f0/0x6f0
[ 53.802370][ T3659] ? ptrace_notify+0xfe/0x140
[ 53.807049][ T3659] ? lock_downgrade+0x6e0/0x6e0
[ 53.811903][ T3659] __x64_sys_openat+0x143/0x1f0
[ 53.816752][ T3659] ? __ia32_sys_open+0x1c0/0x1c0
[ 53.821684][ T3659] ? _raw_spin_unlock_irq+0x23/0x50
[ 53.826883][ T3659] ? lockdep_hardirqs_on+0x7d/0x100
[ 53.832074][ T3659] ? _raw_spin_unlock_irq+0x2e/0x50
[ 53.837269][ T3659] ? ptrace_notify+0xfe/0x140
[ 53.841955][ T3659] do_syscall_64+0x39/0xb0
[ 53.846373][ T3659] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 53.852269][ T3659] RIP: 0033:0x7f2da3ceea89
[ 53.856681][ T3659] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 53.877454][ T3659] RSP: 002b:00007ffc7c859448 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 53.885871][ T3659] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f2da3ceea89
[ 53.893842][ T3659] RDX: 000000000000275a RSI: 0000000020000040 RDI: 00000000ffffff9c
[pid 3659] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[pid 3659] exit_group(0) = ?
[pid 3659] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3659, si_uid=0, si_status=0, si_utime=4, si_stime=18} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556353620 /* 4 entries */, 32768) = 112
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./1/binderfs") = 0
[ 53.901804][ T3659] RBP: 00007ffc7c859470 R08: 0000000000000002 R09: 00007ffc7c859480
[ 53.909769][ T3659] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[ 53.917740][ T3659] R13: 00007ffc7c8594b0 R14: 00007ffc7c859490 R15: 0000000000000001
[ 53.925734][ T3659]
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555635b660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555635b660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./1/file0") = 0
getdents64(3, 0x555556353620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./1") = 0
mkdir("./2", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563525d0) = 3678
./strace-static-x86_64: Process 3678 attached
[pid 3678] chdir("./2") = 0
[pid 3678] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3678] setpgid(0, 0) = 0
[pid 3678] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3678] write(3, "1000", 4) = 4
[pid 3678] close(3) = 0
[pid 3678] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3678] memfd_create("syzkaller", 0) = 3
[pid 3678] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2d9b8a1000
[pid 3678] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 3678] munmap(0x7f2d9b8a1000, 16777216) = 0
[pid 3678] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3678] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3678] close(3) = 0
[pid 3678] mkdir("./file0", 0777) = 0
[ 54.221243][ T3678] loop0: detected capacity change from 0 to 32768
[ 54.234423][ T3678] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm
[ 54.243763][ T3678] BTRFS info (device loop0): doing ref verification
[ 54.250367][ T3678] BTRFS info (device loop0): setting nodatasum
[ 54.256665][ T3678] BTRFS info (device loop0): max_inline at 0
[ 54.262693][ T3678] BTRFS info (device loop0): enabling ssd optimizations
[pid 3678] mount("/dev/loop0", "./file0", "btrfs", MS_SYNCHRONOUS|MS_STRICTATIME, "datacow,ref_verify,nodatasum,max_inline=%m-3,noautodefrag,ssd,") = 0
[pid 3678] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3678] chdir("./file0") = 0
[pid 3678] ioctl(4, LOOP_CLR_FD) = 0
[pid 3678] close(4) = 0
[pid 3678] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 3678] write(4, "44", 2) = 2
[ 54.269629][ T3678] BTRFS info (device loop0): using free space tree
[ 54.307802][ T3678] FAULT_INJECTION: forcing a failure.
[ 54.307802][ T3678] name failslab, interval 1, probability 0, space 0, times 0
[ 54.320771][ T3678] CPU: 0 PID: 3678 Comm: syz-executor265 Not tainted 6.1.0-rc8-syzkaller-00045-gce19275f0103 #0
[ 54.331221][ T3678] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 54.341300][ T3678] Call Trace:
[ 54.344584][ T3678]
[ 54.347526][ T3678] dump_stack_lvl+0xd1/0x138
[ 54.352249][ T3678] should_fail_ex.cold+0x5/0xa
[ 54.357070][ T3678] should_failslab+0x9/0x20
[ 54.361605][ T3678] __kmem_cache_alloc_node+0x66/0x3e0
[ 54.367012][ T3678] ? btrfs_ref_tree_mod+0x5b5/0x1a20
[ 54.372336][ T3678] kmalloc_trace+0x26/0x60
[ 54.376802][ T3678] btrfs_ref_tree_mod+0x5b5/0x1a20
[ 54.381965][ T3678] btrfs_free_tree_block+0x23d/0xc90
[ 54.387292][ T3678] ? btrfs_finish_extent_commit+0x7e0/0x7e0
[ 54.393239][ T3678] ? btrfs_tree_mod_log_free_eb+0x2df/0x800
[ 54.399166][ T3678] ? btrfs_mark_buffer_dirty+0x17a/0x250
[ 54.405012][ T3678] __btrfs_cow_block+0xbc4/0x1430
[ 54.410047][ T3678] ? update_ref_for_cow+0xb30/0xb30
[ 54.415245][ T3678] ? btrfs_qgroup_trace_subtree_after_cow+0x200/0xe30
[ 54.422102][ T3678] btrfs_cow_block+0x2fa/0x950
[ 54.426867][ T3678] btrfs_search_slot+0x11b0/0x2c70
[ 54.431986][ T3678] ? split_leaf+0x1380/0x1380
[ 54.436652][ T3678] ? find_held_lock+0x2d/0x110
[ 54.441417][ T3678] ? btrfs_create_new_inode+0x790/0x27a0
[ 54.447137][ T3678] ? lock_downgrade+0x6e0/0x6e0
[ 54.451984][ T3678] ? do_raw_spin_lock+0x124/0x2b0
[ 54.456997][ T3678] ? rwlock_bug.part.0+0x90/0x90
[ 54.461926][ T3678] btrfs_insert_empty_items+0xbd/0x1c0
[ 54.467378][ T3678] ? do_raw_spin_unlock+0x175/0x230
[ 54.472568][ T3678] btrfs_create_new_inode+0x8be/0x27a0
[ 54.478040][ T3678] ? btrfs_link+0x730/0x730
[ 54.482540][ T3678] ? radix_tree_tag_set+0x260/0x300
[ 54.487742][ T3678] ? record_root_in_trans+0x2f7/0x3e0
[ 54.493111][ T3678] ? btrfs_record_root_in_trans+0x15a/0x1b0
[ 54.499000][ T3678] ? __btrfs_end_transaction+0x3b0/0x930
[ 54.504631][ T3678] btrfs_create_common+0x1d5/0x260
[ 54.509739][ T3678] ? btrfs_tmpfile+0x420/0x420
[ 54.514513][ T3678] ? rwlock_bug.part.0+0x90/0x90
[ 54.519444][ T3678] ? do_raw_spin_unlock+0x175/0x230
[ 54.524634][ T3678] ? _raw_spin_unlock+0x28/0x40
[ 54.529566][ T3678] ? inode_init_owner+0x376/0x440
[ 54.534595][ T3678] btrfs_create+0x116/0x160
[ 54.539096][ T3678] ? btrfs_mkdir+0x100/0x100
[ 54.543686][ T3678] lookup_open.isra.0+0xf05/0x12a0
[ 54.548808][ T3678] ? link_path_walk.part.0+0xe20/0xe20
[ 54.554293][ T3678] path_openat+0x996/0x2860
[ 54.558806][ T3678] ? path_lookupat+0x840/0x840
[ 54.563577][ T3678] do_filp_open+0x1ba/0x410
[ 54.568071][ T3678] ? may_open_dev+0xf0/0xf0
[ 54.572562][ T3678] ? find_held_lock+0x2d/0x110
[ 54.577334][ T3678] ? do_raw_spin_lock+0x124/0x2b0
[ 54.582349][ T3678] ? rwlock_bug.part.0+0x90/0x90
[ 54.587283][ T3678] ? _raw_spin_unlock+0x28/0x40
[ 54.592131][ T3678] ? alloc_fd+0x2d8/0x6d0
[ 54.596463][ T3678] do_sys_openat2+0x16d/0x4c0
[ 54.601141][ T3678] ? build_open_flags+0x6f0/0x6f0
[ 54.606163][ T3678] ? ptrace_notify+0xfe/0x140
[ 54.610845][ T3678] ? lock_downgrade+0x6e0/0x6e0
[ 54.615698][ T3678] __x64_sys_openat+0x143/0x1f0
[ 54.620629][ T3678] ? __ia32_sys_open+0x1c0/0x1c0
[ 54.625561][ T3678] ? _raw_spin_unlock_irq+0x23/0x50
[ 54.630850][ T3678] ? lockdep_hardirqs_on+0x7d/0x100
[ 54.636039][ T3678] ? _raw_spin_unlock_irq+0x2e/0x50
[ 54.641231][ T3678] ? ptrace_notify+0xfe/0x140
[ 54.645913][ T3678] do_syscall_64+0x39/0xb0
[ 54.650329][ T3678] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 54.656224][ T3678] RIP: 0033:0x7f2da3ceea89
[ 54.660628][ T3678] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 54.680237][ T3678] RSP: 002b:00007ffc7c859448 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 54.688644][ T3678] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f2da3ceea89
[ 54.696602][ T3678] RDX: 000000000000275a RSI: 0000000020000040 RDI: 00000000ffffff9c
[pid 3678] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[pid 3678] exit_group(0) = ?
[pid 3678] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3678, si_uid=0, si_status=0, si_utime=3, si_stime=17} ---
umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556353620 /* 4 entries */, 32768) = 112
umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./2/binderfs") = 0
[ 54.704565][ T3678] RBP: 00007ffc7c859470 R08: 0000000000000002 R09: 00007ffc7c859480
[ 54.712524][ T3678] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[ 54.720484][ T3678] R13: 00007ffc7c8594b0 R14: 00007ffc7c859490 R15: 0000000000000002
[ 54.728465][ T3678]
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555635b660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555635b660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./2/file0") = 0
getdents64(3, 0x555556353620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./2") = 0
mkdir("./3", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563525d0) = 3705
./strace-static-x86_64: Process 3705 attached
[pid 3705] chdir("./3") = 0
[pid 3705] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3705] setpgid(0, 0) = 0
[pid 3705] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3705] write(3, "1000", 4) = 4
[pid 3705] close(3) = 0
[pid 3705] symlink("/dev/binderfs", "./binderfs") = 0
[pid 3705] memfd_create("syzkaller", 0) = 3
[pid 3705] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2d9b8a1000
[pid 3705] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 3705] munmap(0x7f2d9b8a1000, 16777216) = 0
[pid 3705] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 3705] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 3705] close(3) = 0
[pid 3705] mkdir("./file0", 0777) = 0
[ 55.005423][ T3705] loop0: detected capacity change from 0 to 32768
[ 55.018919][ T3705] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm
[ 55.028181][ T3705] BTRFS info (device loop0): doing ref verification
[ 55.034840][ T3705] BTRFS info (device loop0): setting nodatasum
[ 55.041062][ T3705] BTRFS info (device loop0): max_inline at 0
[ 55.047066][ T3705] BTRFS info (device loop0): enabling ssd optimizations
[pid 3705] mount("/dev/loop0", "./file0", "btrfs", MS_SYNCHRONOUS|MS_STRICTATIME, "datacow,ref_verify,nodatasum,max_inline=%m-3,noautodefrag,ssd,") = 0
[pid 3705] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 3705] chdir("./file0") = 0
[pid 3705] ioctl(4, LOOP_CLR_FD) = 0
[pid 3705] close(4) = 0
[pid 3705] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 3705] write(4, "44", 2) = 2
[ 55.054094][ T3705] BTRFS info (device loop0): using free space tree
[ 55.085785][ T3705] FAULT_INJECTION: forcing a failure.
[ 55.085785][ T3705] name failslab, interval 1, probability 0, space 0, times 0
[ 55.099266][ T3705] CPU: 0 PID: 3705 Comm: syz-executor265 Not tainted 6.1.0-rc8-syzkaller-00045-gce19275f0103 #0
[ 55.109713][ T3705] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 55.119794][ T3705] Call Trace:
[ 55.123088][ T3705]
[ 55.126038][ T3705] dump_stack_lvl+0xd1/0x138
[ 55.130653][ T3705] should_fail_ex.cold+0x5/0xa
[ 55.135450][ T3705] ? btrfs_add_delayed_tree_ref+0x23f/0x1070
[ 55.141456][ T3705] should_failslab+0x9/0x20
[ 55.145986][ T3705] kmem_cache_alloc+0x5a/0x3d0
[ 55.150796][ T3705] btrfs_add_delayed_tree_ref+0x23f/0x1070
[ 55.156634][ T3705] ? do_raw_spin_unlock+0x175/0x230
[ 55.161876][ T3705] ? btrfs_delete_ref_head+0x2c0/0x2c0
[ 55.167376][ T3705] btrfs_free_tree_block+0x24c/0xc90
[ 55.172700][ T3705] ? btrfs_finish_extent_commit+0x7e0/0x7e0
[ 55.178638][ T3705] ? btrfs_tree_mod_log_free_eb+0x2df/0x800
[ 55.184554][ T3705] ? btrfs_mark_buffer_dirty+0x17a/0x250
[ 55.190233][ T3705] __btrfs_cow_block+0xbc4/0x1430
[ 55.195299][ T3705] ? update_ref_for_cow+0xb30/0xb30
[ 55.200541][ T3705] ? btrfs_qgroup_trace_subtree_after_cow+0x200/0xe30
[ 55.207334][ T3705] btrfs_cow_block+0x2fa/0x950
[ 55.212098][ T3705] btrfs_search_slot+0x11b0/0x2c70
[ 55.217211][ T3705] ? split_leaf+0x1380/0x1380
[ 55.221873][ T3705] ? find_held_lock+0x2d/0x110
[ 55.226628][ T3705] ? btrfs_create_new_inode+0x790/0x27a0
[ 55.232251][ T3705] ? lock_downgrade+0x6e0/0x6e0
[ 55.237095][ T3705] ? do_raw_spin_lock+0x124/0x2b0
[ 55.242197][ T3705] ? rwlock_bug.part.0+0x90/0x90
[ 55.247135][ T3705] btrfs_insert_empty_items+0xbd/0x1c0
[ 55.252589][ T3705] ? do_raw_spin_unlock+0x175/0x230
[ 55.257782][ T3705] btrfs_create_new_inode+0x8be/0x27a0
[ 55.263245][ T3705] ? btrfs_link+0x730/0x730
[ 55.267738][ T3705] ? radix_tree_tag_set+0x260/0x300
[ 55.272929][ T3705] ? record_root_in_trans+0x2f7/0x3e0
[ 55.278321][ T3705] ? btrfs_record_root_in_trans+0x15a/0x1b0
[ 55.284220][ T3705] ? __btrfs_end_transaction+0x3b0/0x930
[ 55.289860][ T3705] btrfs_create_common+0x1d5/0x260
[ 55.294974][ T3705] ? btrfs_tmpfile+0x420/0x420
[ 55.299727][ T3705] ? rwlock_bug.part.0+0x90/0x90
[ 55.304657][ T3705] ? do_raw_spin_unlock+0x175/0x230
[ 55.309838][ T3705] ? _raw_spin_unlock+0x28/0x40
[ 55.314674][ T3705] ? inode_init_owner+0x376/0x440
[ 55.319693][ T3705] btrfs_create+0x116/0x160
[ 55.324191][ T3705] ? btrfs_mkdir+0x100/0x100
[ 55.328774][ T3705] lookup_open.isra.0+0xf05/0x12a0
[ 55.333885][ T3705] ? link_path_walk.part.0+0xe20/0xe20
[ 55.339354][ T3705] path_openat+0x996/0x2860
[ 55.344046][ T3705] ? path_lookupat+0x840/0x840
[ 55.348806][ T3705] do_filp_open+0x1ba/0x410
[ 55.353293][ T3705] ? may_open_dev+0xf0/0xf0
[ 55.357778][ T3705] ? find_held_lock+0x2d/0x110
[ 55.362541][ T3705] ? do_raw_spin_lock+0x124/0x2b0
[ 55.367548][ T3705] ? rwlock_bug.part.0+0x90/0x90
[ 55.372474][ T3705] ? _raw_spin_unlock+0x28/0x40
[ 55.377318][ T3705] ? alloc_fd+0x2d8/0x6d0
[ 55.381650][ T3705] do_sys_openat2+0x16d/0x4c0
[ 55.386322][ T3705] ? build_open_flags+0x6f0/0x6f0
[ 55.391349][ T3705] ? ptrace_notify+0xfe/0x140
[ 55.396014][ T3705] ? lock_downgrade+0x6e0/0x6e0
[ 55.400861][ T3705] __x64_sys_openat+0x143/0x1f0
[ 55.405722][ T3705] ? __ia32_sys_open+0x1c0/0x1c0
[ 55.410645][ T3705] ? _raw_spin_unlock_irq+0x23/0x50
[ 55.415848][ T3705] ? lockdep_hardirqs_on+0x7d/0x100
[ 55.421037][ T3705] ? _raw_spin_unlock_irq+0x2e/0x50
[ 55.426224][ T3705] ? ptrace_notify+0xfe/0x140
[ 55.430895][ T3705] do_syscall_64+0x39/0xb0
[ 55.435302][ T3705] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 55.441182][ T3705] RIP: 0033:0x7f2da3ceea89
[ 55.445597][ T3705] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 55.465230][ T3705] RSP: 002b:00007ffc7c859448 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 55.473635][ T3705] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f2da3ceea89
[ 55.481594][ T3705] RDX: 000000000000275a RSI: 0000000020000040 RDI: 00000000ffffff9c
[ 55.489548][ T3705] RBP: 00007ffc7c859470 R08: 0000000000000002 R09: 00007ffc7c859480
[ 55.497505][ T3705] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[ 55.505468][ T3705] R13: 00007ffc7c8594b0 R14: 00007ffc7c859490 R15: 0000000000000003
[ 55.513439][ T3705]
[ 55.517321][ T3705] ------------[ cut here ]------------
[ 55.522827][ T3705] kernel BUG at fs/btrfs/extent-tree.c:3274!
[ 55.528928][ T3705] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[ 55.535024][ T3705] CPU: 0 PID: 3705 Comm: syz-executor265 Not tainted 6.1.0-rc8-syzkaller-00045-gce19275f0103 #0
[ 55.545594][ T3705] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 55.555896][ T3705] RIP: 0010:btrfs_free_tree_block+0x266/0xc90
[ 55.561983][ T3705] Code: 00 48 8b 74 24 10 31 d2 4c 89 e7 e8 a4 48 17 00 31 ff 89 c6 89 44 24 10 e8 e7 af 23 fe 8b 44 24 10 85 c0 74 26 e8 2a b3 23 fe <0f> 0b e8 23 b3 23 fe 48 89 ee 48 c7 c7 fa ff ff ff c6 44 24 58 01
[ 55.581588][ T3705] RSP: 0018:ffffc90003f3f1a8 EFLAGS: 00010293
[ 55.587662][ T3705] RAX: 0000000000000000 RBX: ffff888077ff5550 RCX: 0000000000000000
[ 55.595618][ T3705] RDX: ffff888079823a80 RSI: ffffffff835c6ad6 RDI: 0000000000000005
[ 55.603593][ T3705] RBP: 0000000000000005 R08: 0000000000000005 R09: 0000000000000000
[ 55.611550][ T3705] R10: 00000000fffffff4 R11: 0000000000000000 R12: ffff888070c82498
[ 55.619596][ T3705] R13: 1ffff920007e7e39 R14: 0000000000000001 R15: ffff88807988c000
[ 55.627554][ T3705] FS: 0000555556352300(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
[ 55.636487][ T3705] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 55.643076][ T3705] CR2: 0000563fb2999ac0 CR3: 0000000027d0e000 CR4: 0000000000350ef0
[ 55.651035][ T3705] Call Trace:
[ 55.654322][ T3705]
[ 55.657250][ T3705] ? btrfs_finish_extent_commit+0x7e0/0x7e0
[ 55.663141][ T3705] ? btrfs_tree_mod_log_free_eb+0x2df/0x800
[ 55.669024][ T3705] ? btrfs_mark_buffer_dirty+0x17a/0x250
[ 55.674641][ T3705] __btrfs_cow_block+0xbc4/0x1430
[ 55.679656][ T3705] ? update_ref_for_cow+0xb30/0xb30
[ 55.684840][ T3705] ? btrfs_qgroup_trace_subtree_after_cow+0x200/0xe30
[ 55.691592][ T3705] btrfs_cow_block+0x2fa/0x950
[ 55.696343][ T3705] btrfs_search_slot+0x11b0/0x2c70
[ 55.701442][ T3705] ? split_leaf+0x1380/0x1380
[ 55.706102][ T3705] ? find_held_lock+0x2d/0x110
[ 55.710855][ T3705] ? btrfs_create_new_inode+0x790/0x27a0
[ 55.716478][ T3705] ? lock_downgrade+0x6e0/0x6e0
[ 55.721319][ T3705] ? do_raw_spin_lock+0x124/0x2b0
[ 55.726326][ T3705] ? rwlock_bug.part.0+0x90/0x90
[ 55.731246][ T3705] btrfs_insert_empty_items+0xbd/0x1c0
[ 55.736690][ T3705] ? do_raw_spin_unlock+0x175/0x230
[ 55.741875][ T3705] btrfs_create_new_inode+0x8be/0x27a0
[ 55.747330][ T3705] ? btrfs_link+0x730/0x730
[ 55.751822][ T3705] ? radix_tree_tag_set+0x260/0x300
[ 55.757015][ T3705] ? record_root_in_trans+0x2f7/0x3e0
[ 55.762376][ T3705] ? btrfs_record_root_in_trans+0x15a/0x1b0
[ 55.768254][ T3705] ? __btrfs_end_transaction+0x3b0/0x930
[ 55.773873][ T3705] btrfs_create_common+0x1d5/0x260
[ 55.779002][ T3705] ? btrfs_tmpfile+0x420/0x420
[ 55.783759][ T3705] ? rwlock_bug.part.0+0x90/0x90
[ 55.788685][ T3705] ? do_raw_spin_unlock+0x175/0x230
[ 55.793869][ T3705] ? _raw_spin_unlock+0x28/0x40
[ 55.798704][ T3705] ? inode_init_owner+0x376/0x440
[ 55.803732][ T3705] btrfs_create+0x116/0x160
[ 55.808241][ T3705] ? btrfs_mkdir+0x100/0x100
[ 55.812822][ T3705] lookup_open.isra.0+0xf05/0x12a0
[ 55.817948][ T3705] ? link_path_walk.part.0+0xe20/0xe20
[ 55.823409][ T3705] path_openat+0x996/0x2860
[ 55.827908][ T3705] ? path_lookupat+0x840/0x840
[ 55.832665][ T3705] do_filp_open+0x1ba/0x410
[ 55.837151][ T3705] ? may_open_dev+0xf0/0xf0
[ 55.841656][ T3705] ? find_held_lock+0x2d/0x110
[ 55.846415][ T3705] ? do_raw_spin_lock+0x124/0x2b0
[ 55.851424][ T3705] ? rwlock_bug.part.0+0x90/0x90
[ 55.856346][ T3705] ? _raw_spin_unlock+0x28/0x40
[ 55.861182][ T3705] ? alloc_fd+0x2d8/0x6d0
[ 55.865500][ T3705] do_sys_openat2+0x16d/0x4c0
[ 55.870162][ T3705] ? build_open_flags+0x6f0/0x6f0
[ 55.875176][ T3705] ? ptrace_notify+0xfe/0x140
[ 55.879846][ T3705] ? lock_downgrade+0x6e0/0x6e0
[ 55.884865][ T3705] __x64_sys_openat+0x143/0x1f0
[ 55.889704][ T3705] ? __ia32_sys_open+0x1c0/0x1c0
[ 55.894631][ T3705] ? _raw_spin_unlock_irq+0x23/0x50
[ 55.899816][ T3705] ? lockdep_hardirqs_on+0x7d/0x100
[ 55.904999][ T3705] ? _raw_spin_unlock_irq+0x2e/0x50
[ 55.910202][ T3705] ? ptrace_notify+0xfe/0x140
[ 55.914967][ T3705] do_syscall_64+0x39/0xb0
[ 55.919470][ T3705] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 55.926752][ T3705] RIP: 0033:0x7f2da3ceea89
[ 55.931293][ T3705] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 55.950932][ T3705] RSP: 002b:00007ffc7c859448 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 55.959332][ T3705] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f2da3ceea89
[ 55.967289][ T3705] RDX: 000000000000275a RSI: 0000000020000040 RDI: 00000000ffffff9c
[ 55.975245][ T3705] RBP: 00007ffc7c859470 R08: 0000000000000002 R09: 00007ffc7c859480
[ 55.983200][ T3705] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[ 55.991158][ T3705] R13: 00007ffc7c8594b0 R14: 00007ffc7c859490 R15: 0000000000000003
[ 55.999123][ T3705]
[ 56.002124][ T3705] Modules linked in:
[ 56.006373][ T3705] ---[ end trace 0000000000000000 ]---
[ 56.012245][ T3705] RIP: 0010:btrfs_free_tree_block+0x266/0xc90
[ 56.018342][ T3705] Code: 00 48 8b 74 24 10 31 d2 4c 89 e7 e8 a4 48 17 00 31 ff 89 c6 89 44 24 10 e8 e7 af 23 fe 8b 44 24 10 85 c0 74 26 e8 2a b3 23 fe <0f> 0b e8 23 b3 23 fe 48 89 ee 48 c7 c7 fa ff ff ff c6 44 24 58 01
[ 56.038089][ T3705] RSP: 0018:ffffc90003f3f1a8 EFLAGS: 00010293
[ 56.044181][ T3705] RAX: 0000000000000000 RBX: ffff888077ff5550 RCX: 0000000000000000
[ 56.052179][ T3705] RDX: ffff888079823a80 RSI: ffffffff835c6ad6 RDI: 0000000000000005
[ 56.060165][ T3705] RBP: 0000000000000005 R08: 0000000000000005 R09: 0000000000000000
[ 56.068171][ T3705] R10: 00000000fffffff4 R11: 0000000000000000 R12: ffff888070c82498
[ 56.076182][ T3705] R13: 1ffff920007e7e39 R14: 0000000000000001 R15: ffff88807988c000
[ 56.084210][ T3705] FS: 0000555556352300(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
[ 56.093188][ T3705] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 56.099772][ T3705] CR2: 0000563fb299cfd0 CR3: 0000000027d0e000 CR4: 0000000000350ee0
[ 56.107821][ T3705] Kernel panic - not syncing: Fatal exception
[ 56.114671][ T3705] Kernel Offset: disabled
[ 56.118983][ T3705] Rebooting in 86400 seconds..