./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2143145451
<...>
DUID 00:04:7c:8f:25:e4:1e:61:d4:15:b8:1c:50:2a:7f:f5:0b:01
forked to background, child pid 4646
[ 31.110629][ T4647] 8021q: adding VLAN 0 to HW filter on device bond0
[ 31.137711][ T4647] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK
syzkaller
Warning: Permanently added '10.128.0.40' (ECDSA) to the list of known hosts.
execve("./syz-executor2143145451", ["./syz-executor2143145451"], 0x7ffc23ab4000 /* 10 vars */) = 0
brk(NULL) = 0x555555daf000
brk(0x555555dafc40) = 0x555555dafc40
arch_prctl(ARCH_SET_FS, 0x555555daf300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor2143145451", 4096) = 28
brk(0x555555dd0c40) = 0x555555dd0c40
brk(0x555555dd1000) = 0x555555dd1000
mprotect(0x7f4766fec000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
getpid() = 5071
mkdir("./syzkaller.zRcGqC", 0700) = 0
chmod("./syzkaller.zRcGqC", 0777) = 0
chdir("./syzkaller.zRcGqC") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555daf5d0) = 5073
./strace-static-x86_64: Process 5073 attached
[pid 5073] chdir("./0") = 0
[pid 5073] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5073] setpgid(0, 0) = 0
[pid 5073] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5073] write(3, "1000", 4) = 4
[pid 5073] close(3) = 0
[pid 5073] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5073] memfd_create("syzkaller", 0) = 3
[pid 5073] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f475eb2b000
[pid 5073] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5073] munmap(0x7f475eb2b000, 16777216) = 0
[pid 5073] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5073] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5073] close(3) = 0
[pid 5073] mkdir("./file0", 0777) = 0
syzkaller login: [ 52.182069][ T5073] loop0: detected capacity change from 0 to 32768
[ 52.194485][ T5073] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz-executor214 (5073)
[ 52.214956][ T5073] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 52.224157][ T5073] BTRFS info (device loop0): using free space tree
[pid 5073] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0
[pid 5073] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5073] ioctl(4, LOOP_CLR_FD) = 0
[pid 5073] close(4) = 0
[pid 5073] fcntl(3, F_DUPFD, 3) = 4
[pid 5073] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5073] write(5, "17", 2) = 2
[ 52.246192][ T5073] BTRFS info (device loop0): enabling ssd optimizations
[ 52.253281][ T5073] BTRFS info (device loop0): auto enabling async discard
[ 52.277753][ T5073] FAULT_INJECTION: forcing a failure.
[ 52.277753][ T5073] name failslab, interval 1, probability 0, space 0, times 1
[ 52.291110][ T5073] CPU: 0 PID: 5073 Comm: syz-executor214 Not tainted 6.1.0-syzkaller-14587-g51094a24b85e #0
[ 52.301216][ T5073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 52.311293][ T5073] Call Trace:
[ 52.314593][ T5073]
[ 52.317544][ T5073] dump_stack_lvl+0x1b1/0x290
[ 52.322275][ T5073] ? nf_tcp_handle_invalid+0x630/0x630
[ 52.327774][ T5073] ? panic+0x710/0x710
[ 52.331866][ T5073] ? do_raw_spin_lock+0x147/0x3a0
[ 52.336932][ T5073] should_fail_ex+0x3aa/0x4e0
[ 52.341632][ T5073] ? start_transaction+0x4a3/0x10f0
[ 52.346860][ T5073] should_failslab+0x5/0x20
[ 52.351391][ T5073] kmem_cache_alloc+0x69/0x350
[ 52.356176][ T5073] ? _raw_spin_unlock+0x24/0x40
[ 52.361055][ T5073] ? btrfs_delayed_refs_rsv_refill+0x11e/0x180
[ 52.367246][ T5073] start_transaction+0x4a3/0x10f0
[ 52.372312][ T5073] ? _raw_spin_unlock+0x24/0x40
[ 52.377192][ T5073] ? btrfs_subvolume_reserve_metadata+0x239/0x290
[ 52.383638][ T5073] create_snapshot+0x43a/0x7e0
[ 52.388440][ T5073] btrfs_mksubvol+0x71e/0x880
[ 52.393152][ T5073] ? __btrfs_ioctl_snap_create+0x450/0x450
[ 52.398980][ T5073] ? __might_fault+0xb6/0x110
[ 52.403693][ T5073] btrfs_mksnapshot+0xb5/0xf0
[ 52.408401][ T5073] __btrfs_ioctl_snap_create+0x339/0x450
[ 52.414071][ T5073] btrfs_ioctl_snap_create_v2+0x1b5/0x400
[ 52.419830][ T5073] btrfs_ioctl+0xa9f/0xc10
[ 52.424272][ T5073] ? btrfs_ioctl_get_supported_features+0x40/0x40
[ 52.430713][ T5073] __se_sys_ioctl+0xfb/0x170
[ 52.435341][ T5073] do_syscall_64+0x3d/0xb0
[ 52.439783][ T5073] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 52.445674][ T5073] RIP: 0033:0x7f4766f78a09
[ 52.450081][ T5073] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 52.469687][ T5073] RSP: 002b:00007ffc05493b08 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 52.478089][ T5073] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f4766f78a09
[ 52.486063][ T5073] RDX: 0000000020002d40 RSI: 0000000050009417 RDI: 0000000000000004
[pid 5073] ioctl(4, BTRFS_IOC_SNAP_CREATE_V2, {fd=4, flags=BTRFS_SUBVOL_QGROUP_INHERIT, size=72, qgroup_inherit={flags=0, num_qgroups=0, num_ref_copies=0, num_excl_copies=0, lim={flags=0, max_rfer=0, max_excl=0, rsv_rfer=0, rsv_excl=0}, ...}, name="\x05"}) = -1 ENOMEM (Cannot allocate memory)
[pid 5073] exit_group(0) = ?
[pid 5073] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5073, si_uid=0, si_status=0, si_utime=0, si_stime=24 /* 0.24 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555db0620 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./0/binderfs") = 0
[ 52.494041][ T5073] RBP: 00007ffc05493b30 R08: 0000000000000002 R09: 00007ffc05493b40
[ 52.502026][ T5073] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 52.509997][ T5073] R13: 00007ffc05493b70 R14: 00007ffc05493b50 R15: 0000000000000000
[ 52.517983][ T5073]
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555db8660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555db8660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./0/file0") = 0
getdents64(3, 0x555555db0620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./0") = 0
mkdir("./1", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555daf5d0) = 5095
./strace-static-x86_64: Process 5095 attached
[pid 5095] chdir("./1") = 0
[pid 5095] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5095] setpgid(0, 0) = 0
[pid 5095] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5095] write(3, "1000", 4) = 4
[pid 5095] close(3) = 0
[pid 5095] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5095] memfd_create("syzkaller", 0) = 3
[pid 5095] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f475eb2b000
[pid 5095] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5095] munmap(0x7f475eb2b000, 16777216) = 0
[pid 5095] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5095] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5095] close(3) = 0
[pid 5095] mkdir("./file0", 0777) = 0
[ 52.809997][ T5095] loop0: detected capacity change from 0 to 32768
[ 52.825045][ T5095] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 52.833765][ T5095] BTRFS info (device loop0): using free space tree
[ 52.853245][ T5095] BTRFS info (device loop0): enabling ssd optimizations
[pid 5095] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0
[pid 5095] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5095] ioctl(4, LOOP_CLR_FD) = 0
[pid 5095] close(4) = 0
[pid 5095] fcntl(3, F_DUPFD, 3) = 4
[pid 5095] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5095] write(5, "17", 2) = 2
[ 52.860527][ T5095] BTRFS info (device loop0): auto enabling async discard
[ 52.887485][ T5095] FAULT_INJECTION: forcing a failure.
[ 52.887485][ T5095] name failslab, interval 1, probability 0, space 0, times 0
[ 52.900927][ T5095] CPU: 0 PID: 5095 Comm: syz-executor214 Not tainted 6.1.0-syzkaller-14587-g51094a24b85e #0
[ 52.911030][ T5095] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 52.921110][ T5095] Call Trace:
[ 52.924409][ T5095]
[ 52.927357][ T5095] dump_stack_lvl+0x1b1/0x290
[ 52.932074][ T5095] ? nf_tcp_handle_invalid+0x630/0x630
[ 52.937570][ T5095] ? panic+0x710/0x710
[ 52.941666][ T5095] ? do_raw_spin_lock+0x147/0x3a0
[ 52.946746][ T5095] should_fail_ex+0x3aa/0x4e0
[ 52.951454][ T5095] ? start_transaction+0x4a3/0x10f0
[ 52.957377][ T5095] should_failslab+0x5/0x20
[ 52.961898][ T5095] kmem_cache_alloc+0x69/0x350
[ 52.966687][ T5095] ? _raw_spin_unlock+0x24/0x40
[ 52.971653][ T5095] ? btrfs_delayed_refs_rsv_refill+0x11e/0x180
[ 52.977839][ T5095] start_transaction+0x4a3/0x10f0
[ 52.982900][ T5095] ? _raw_spin_unlock+0x24/0x40
[ 52.987776][ T5095] ? btrfs_subvolume_reserve_metadata+0x239/0x290
[ 52.994318][ T5095] create_snapshot+0x43a/0x7e0
[ 52.999112][ T5095] btrfs_mksubvol+0x71e/0x880
[ 53.003817][ T5095] ? __btrfs_ioctl_snap_create+0x450/0x450
[ 53.009633][ T5095] ? __might_fault+0xb6/0x110
[ 53.014326][ T5095] btrfs_mksnapshot+0xb5/0xf0
[ 53.019018][ T5095] __btrfs_ioctl_snap_create+0x339/0x450
[ 53.024747][ T5095] btrfs_ioctl_snap_create_v2+0x1b5/0x400
[ 53.030481][ T5095] btrfs_ioctl+0xa9f/0xc10
[ 53.034903][ T5095] ? btrfs_ioctl_get_supported_features+0x40/0x40
[ 53.041319][ T5095] __se_sys_ioctl+0xfb/0x170
[ 53.045913][ T5095] do_syscall_64+0x3d/0xb0
[ 53.050335][ T5095] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 53.056229][ T5095] RIP: 0033:0x7f4766f78a09
[ 53.060646][ T5095] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 53.080265][ T5095] RSP: 002b:00007ffc05493b08 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 53.088703][ T5095] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f4766f78a09
[ 53.096695][ T5095] RDX: 0000000020002d40 RSI: 0000000050009417 RDI: 0000000000000004
[pid 5095] ioctl(4, BTRFS_IOC_SNAP_CREATE_V2, {fd=4, flags=BTRFS_SUBVOL_QGROUP_INHERIT, size=72, qgroup_inherit={flags=0, num_qgroups=0, num_ref_copies=0, num_excl_copies=0, lim={flags=0, max_rfer=0, max_excl=0, rsv_rfer=0, rsv_excl=0}, ...}, name="\x05"}) = -1 ENOMEM (Cannot allocate memory)
[pid 5095] exit_group(0) = ?
[pid 5095] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5095, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=17 /* 0.17 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555db0620 /* 4 entries */, 32768) = 112
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./1/binderfs") = 0
[ 53.104688][ T5095] RBP: 00007ffc05493b30 R08: 0000000000000002 R09: 00007ffc05493b40
[ 53.112670][ T5095] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 53.120642][ T5095] R13: 00007ffc05493b70 R14: 00007ffc05493b50 R15: 0000000000000001
[ 53.128643][ T5095]
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555db8660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555db8660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./1/file0") = 0
getdents64(3, 0x555555db0620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./1") = 0
mkdir("./2", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5115 attached
[pid 5115] chdir("./2") = 0
[pid 5071] <... clone resumed>, child_tidptr=0x555555daf5d0) = 5115
[pid 5115] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5115] setpgid(0, 0) = 0
[pid 5115] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5115] write(3, "1000", 4) = 4
[pid 5115] close(3) = 0
[pid 5115] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5115] memfd_create("syzkaller", 0) = 3
[pid 5115] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f475eb2b000
[pid 5115] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5115] munmap(0x7f475eb2b000, 16777216) = 0
[pid 5115] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5115] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5115] close(3) = 0
[pid 5115] mkdir("./file0", 0777) = 0
[ 53.445480][ T5115] loop0: detected capacity change from 0 to 32768
[ 53.460316][ T5115] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 53.469064][ T5115] BTRFS info (device loop0): using free space tree
[pid 5115] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0
[pid 5115] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5115] ioctl(4, LOOP_CLR_FD) = 0
[pid 5115] close(4) = 0
[pid 5115] fcntl(3, F_DUPFD, 3) = 4
[pid 5115] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5115] write(5, "17", 2) = 2
[ 53.490038][ T5115] BTRFS info (device loop0): enabling ssd optimizations
[ 53.497207][ T5115] BTRFS info (device loop0): auto enabling async discard
[ 53.510268][ T5115] FAULT_INJECTION: forcing a failure.
[ 53.510268][ T5115] name failslab, interval 1, probability 0, space 0, times 0
[ 53.523479][ T5115] CPU: 0 PID: 5115 Comm: syz-executor214 Not tainted 6.1.0-syzkaller-14587-g51094a24b85e #0
[ 53.533653][ T5115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 53.543825][ T5115] Call Trace:
[ 53.547136][ T5115]
[ 53.550090][ T5115] dump_stack_lvl+0x1b1/0x290
[ 53.554906][ T5115] ? nf_tcp_handle_invalid+0x630/0x630
[ 53.560496][ T5115] ? panic+0x710/0x710
[ 53.564603][ T5115] ? __might_sleep+0xc0/0xc0
[ 53.569233][ T5115] should_fail_ex+0x3aa/0x4e0
[ 53.573949][ T5115] ? create_snapshot+0x247/0x7e0
[ 53.578920][ T5115] should_failslab+0x5/0x20
[ 53.583457][ T5115] kmem_cache_alloc+0x69/0x350
[ 53.588261][ T5115] create_snapshot+0x247/0x7e0
[ 53.593066][ T5115] btrfs_mksubvol+0x71e/0x880
[ 53.597780][ T5115] ? __btrfs_ioctl_snap_create+0x450/0x450
[ 53.603621][ T5115] ? __might_fault+0xb6/0x110
[ 53.608345][ T5115] btrfs_mksnapshot+0xb5/0xf0
[ 53.613061][ T5115] __btrfs_ioctl_snap_create+0x339/0x450
[ 53.618740][ T5115] btrfs_ioctl_snap_create_v2+0x1b5/0x400
[ 53.624500][ T5115] btrfs_ioctl+0xa9f/0xc10
[ 53.628944][ T5115] ? btrfs_ioctl_get_supported_features+0x40/0x40
[ 53.635367][ T5115] __se_sys_ioctl+0xfb/0x170
[ 53.639964][ T5115] do_syscall_64+0x3d/0xb0
[ 53.644387][ T5115] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 53.650284][ T5115] RIP: 0033:0x7f4766f78a09
[ 53.654704][ T5115] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 53.674308][ T5115] RSP: 002b:00007ffc05493b08 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 53.682818][ T5115] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f4766f78a09
[pid 5115] ioctl(4, BTRFS_IOC_SNAP_CREATE_V2, {fd=4, flags=BTRFS_SUBVOL_QGROUP_INHERIT, size=72, qgroup_inherit={flags=0, num_qgroups=0, num_ref_copies=0, num_excl_copies=0, lim={flags=0, max_rfer=0, max_excl=0, rsv_rfer=0, rsv_excl=0}, ...}, name="\x05"}) = -1 ENOMEM (Cannot allocate memory)
[pid 5115] exit_group(0) = ?
[pid 5115] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5115, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=18 /* 0.18 s */} ---
umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555db0620 /* 4 entries */, 32768) = 112
umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./2/binderfs") = 0
[ 53.690788][ T5115] RDX: 0000000020002d40 RSI: 0000000050009417 RDI: 0000000000000004
[ 53.698753][ T5115] RBP: 00007ffc05493b30 R08: 0000000000000002 R09: 00007ffc05493b40
[ 53.706721][ T5115] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 53.714717][ T5115] R13: 00007ffc05493b70 R14: 00007ffc05493b50 R15: 0000000000000002
[ 53.722706][ T5115]
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555db8660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555db8660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./2/file0") = 0
getdents64(3, 0x555555db0620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./2") = 0
mkdir("./3", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555daf5d0) = 5138
./strace-static-x86_64: Process 5138 attached
[pid 5138] chdir("./3") = 0
[pid 5138] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5138] setpgid(0, 0) = 0
[pid 5138] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5138] write(3, "1000", 4) = 4
[pid 5138] close(3) = 0
[pid 5138] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5138] memfd_create("syzkaller", 0) = 3
[pid 5138] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f475eb2b000
[pid 5138] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5138] munmap(0x7f475eb2b000, 16777216) = 0
[pid 5138] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5138] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5138] close(3) = 0
[pid 5138] mkdir("./file0", 0777) = 0
[ 54.038059][ T5138] loop0: detected capacity change from 0 to 32768
[ 54.060966][ T5138] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 54.069914][ T5138] BTRFS info (device loop0): using free space tree
[pid 5138] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0
[pid 5138] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5138] ioctl(4, LOOP_CLR_FD) = 0
[pid 5138] close(4) = 0
[pid 5138] fcntl(3, F_DUPFD, 3) = 4
[pid 5138] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5138] write(5, "17", 2) = 2
[ 54.089098][ T5138] BTRFS info (device loop0): enabling ssd optimizations
[ 54.096192][ T5138] BTRFS info (device loop0): auto enabling async discard
[ 54.125068][ T5138] FAULT_INJECTION: forcing a failure.
[ 54.125068][ T5138] name failslab, interval 1, probability 0, space 0, times 0
[ 54.138245][ T5138] CPU: 0 PID: 5138 Comm: syz-executor214 Not tainted 6.1.0-syzkaller-14587-g51094a24b85e #0
[ 54.148355][ T5138] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 54.158441][ T5138] Call Trace:
[ 54.161757][ T5138]
[ 54.164721][ T5138] dump_stack_lvl+0x1b1/0x290
[ 54.169440][ T5138] ? nf_tcp_handle_invalid+0x630/0x630
[ 54.174944][ T5138] ? panic+0x710/0x710
[ 54.179044][ T5138] ? __might_sleep+0xc0/0xc0
[ 54.183668][ T5138] ? _raw_spin_unlock+0x24/0x40
[ 54.188552][ T5138] ? btrfs_get_delayed_node+0x219/0x590
[ 54.194146][ T5138] should_fail_ex+0x3aa/0x4e0
[ 54.198867][ T5138] ? btrfs_set_inode_index+0x237/0x580
[ 54.204356][ T5138] should_failslab+0x5/0x20
[ 54.208971][ T5138] kmem_cache_alloc+0x69/0x350
[ 54.213772][ T5138] btrfs_set_inode_index+0x237/0x580
[ 54.219080][ T5138] ? btrfs_lookup_dentry+0x1450/0x1450
[ 54.224547][ T5138] ? current_time+0x1c8/0x300
[ 54.229254][ T5138] ? atime_needs_update+0x780/0x780
[ 54.234471][ T5138] ? record_root_in_trans+0x111/0x350
[ 54.239859][ T5138] ? trace_btrfs_space_reservation+0x107/0x320
[ 54.246035][ T5138] create_pending_snapshot+0x745/0x25c0
[ 54.251633][ T5138] ? rcu_read_lock_sched_held+0x87/0x110
[ 54.257277][ T5138] ? trace_btrfs_space_reservation+0x320/0x320
[ 54.263444][ T5138] ? trace_contention_end+0x72/0x1d0
[ 54.268731][ T5138] ? __mutex_lock_common+0x45f/0x26e0
[ 54.274122][ T5138] ? do_raw_spin_lock+0x147/0x3a0
[ 54.279151][ T5138] ? __might_sleep+0xc0/0xc0
[ 54.283750][ T5138] create_pending_snapshots+0x1a8/0x1e0
[ 54.289329][ T5138] btrfs_commit_transaction+0x12c1/0x3340
[ 54.295093][ T5138] ? btrfs_commit_transaction_async+0x440/0x440
[ 54.301368][ T5138] ? btrfs_record_root_in_trans+0x16a/0x180
[ 54.307279][ T5138] ? start_transaction+0x3dc/0x10f0
[ 54.312503][ T5138] create_snapshot+0x4aa/0x7e0
[ 54.317282][ T5138] btrfs_mksubvol+0x71e/0x880
[ 54.321967][ T5138] ? __btrfs_ioctl_snap_create+0x450/0x450
[ 54.327776][ T5138] ? __might_fault+0xb6/0x110
[ 54.332462][ T5138] btrfs_mksnapshot+0xb5/0xf0
[ 54.337146][ T5138] __btrfs_ioctl_snap_create+0x339/0x450
[ 54.342793][ T5138] btrfs_ioctl_snap_create_v2+0x1b5/0x400
[ 54.348524][ T5138] btrfs_ioctl+0xa9f/0xc10
[ 54.352945][ T5138] ? btrfs_ioctl_get_supported_features+0x40/0x40
[ 54.359359][ T5138] __se_sys_ioctl+0xfb/0x170
[ 54.363953][ T5138] do_syscall_64+0x3d/0xb0
[ 54.368374][ T5138] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 54.374270][ T5138] RIP: 0033:0x7f4766f78a09
[ 54.378691][ T5138] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 54.398296][ T5138] RSP: 002b:00007ffc05493b08 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 54.406714][ T5138] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f4766f78a09
[ 54.414690][ T5138] RDX: 0000000020002d40 RSI: 0000000050009417 RDI: 0000000000000004
[ 54.422662][ T5138] RBP: 00007ffc05493b30 R08: 0000000000000002 R09: 00007ffc05493b40
[ 54.430724][ T5138] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 54.438696][ T5138] R13: 00007ffc05493b70 R14: 00007ffc05493b50 R15: 0000000000000003
[ 54.446690][ T5138]
[ 54.457792][ T5138] ------------[ cut here ]------------
[ 54.463751][ T5138] kernel BUG at fs/btrfs/transaction.c:1697!
[ 54.470336][ T5138] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[ 54.476425][ T5138] CPU: 1 PID: 5138 Comm: syz-executor214 Not tainted 6.1.0-syzkaller-14587-g51094a24b85e #0
[ 54.486502][ T5138] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 54.496562][ T5138] RIP: 0010:create_pending_snapshot+0x25ab/0x25c0
[ 54.502971][ T5138] Code: ec ff ff e8 67 a1 ff fd 48 c7 c7 40 95 39 8b 44 89 f6 31 c0 e8 16 91 c6 fd 0f 0b e9 a5 f9 ff ff e8 3a 95 24 07 e8 45 a1 ff fd <0f> 0b e8 3e a1 ff fd 0f 0b e8 37 a1 ff fd 0f 0b 0f 1f 44 00 00 55
[ 54.522561][ T5138] RSP: 0018:ffffc90003f3f600 EFLAGS: 00010293
[ 54.528611][ T5138] RAX: ffffffff838c3a2b RBX: 0000000016136be6 RCX: ffff8880759dba80
[ 54.536567][ T5138] RDX: 0000000000000000 RSI: 00000000fffffff4 RDI: 0000000000000000
[ 54.544520][ T5138] RBP: ffffc90003f3f8f0 R08: ffffffff838c1bd1 R09: fffffbfff1a83313
[ 54.552473][ T5138] R10: fffffbfff1a83313 R11: 1ffffffff1a83312 R12: 00000000fffffff4
[ 54.560426][ T5138] R13: dffffc0000000000 R14: ffff8880757c4360 R15: ffff8880757c47f0
[ 54.568379][ T5138] FS: 0000555555daf300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[ 54.577288][ T5138] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 54.583874][ T5138] CR2: 000055a785e21668 CR3: 0000000021061000 CR4: 00000000003506e0
[ 54.591828][ T5138] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 54.599801][ T5138] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 54.607754][ T5138] Call Trace:
[ 54.611014][ T5138]
[ 54.613933][ T5138] ? rcu_read_lock_sched_held+0x87/0x110
[ 54.619563][ T5138] ? trace_btrfs_space_reservation+0x320/0x320
[ 54.625711][ T5138] ? trace_contention_end+0x72/0x1d0
[ 54.630980][ T5138] ? __mutex_lock_common+0x45f/0x26e0
[ 54.636337][ T5138] ? do_raw_spin_lock+0x147/0x3a0
[ 54.641345][ T5138] ? __might_sleep+0xc0/0xc0
[ 54.645921][ T5138] create_pending_snapshots+0x1a8/0x1e0
[ 54.651486][ T5138] btrfs_commit_transaction+0x12c1/0x3340
[ 54.657195][ T5138] ? btrfs_commit_transaction_async+0x440/0x440
[ 54.663421][ T5138] ? btrfs_record_root_in_trans+0x16a/0x180
[ 54.669319][ T5138] ? start_transaction+0x3dc/0x10f0
[ 54.674513][ T5138] create_snapshot+0x4aa/0x7e0
[ 54.679271][ T5138] btrfs_mksubvol+0x71e/0x880
[ 54.683933][ T5138] ? __btrfs_ioctl_snap_create+0x450/0x450
[ 54.689722][ T5138] ? __might_fault+0xb6/0x110
[ 54.694385][ T5138] btrfs_mksnapshot+0xb5/0xf0
[ 54.699046][ T5138] __btrfs_ioctl_snap_create+0x339/0x450
[ 54.704667][ T5138] btrfs_ioctl_snap_create_v2+0x1b5/0x400
[ 54.710394][ T5138] btrfs_ioctl+0xa9f/0xc10
[ 54.714792][ T5138] ? btrfs_ioctl_get_supported_features+0x40/0x40
[ 54.721187][ T5138] __se_sys_ioctl+0xfb/0x170
[ 54.725767][ T5138] do_syscall_64+0x3d/0xb0
[ 54.730169][ T5138] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 54.736054][ T5138] RIP: 0033:0x7f4766f78a09
[ 54.740455][ T5138] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 54.760070][ T5138] RSP: 002b:00007ffc05493b08 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 54.768463][ T5138] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f4766f78a09
[ 54.776415][ T5138] RDX: 0000000020002d40 RSI: 0000000050009417 RDI: 0000000000000004
[ 54.784379][ T5138] RBP: 00007ffc05493b30 R08: 0000000000000002 R09: 00007ffc05493b40
[ 54.792329][ T5138] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 54.800281][ T5138] R13: 00007ffc05493b70 R14: 00007ffc05493b50 R15: 0000000000000003
[ 54.808236][ T5138]
[ 54.811236][ T5138] Modules linked in:
[ 54.815851][ T5138] ---[ end trace 0000000000000000 ]---
[ 54.821515][ T5138] RIP: 0010:create_pending_snapshot+0x25ab/0x25c0
[ 54.828452][ T5138] Code: ec ff ff e8 67 a1 ff fd 48 c7 c7 40 95 39 8b 44 89 f6 31 c0 e8 16 91 c6 fd 0f 0b e9 a5 f9 ff ff e8 3a 95 24 07 e8 45 a1 ff fd <0f> 0b e8 3e a1 ff fd 0f 0b e8 37 a1 ff fd 0f 0b 0f 1f 44 00 00 55
[ 54.848244][ T5138] RSP: 0018:ffffc90003f3f600 EFLAGS: 00010293
[ 54.854304][ T5138] RAX: ffffffff838c3a2b RBX: 0000000016136be6 RCX: ffff8880759dba80
[ 54.862506][ T5138] RDX: 0000000000000000 RSI: 00000000fffffff4 RDI: 0000000000000000
[ 54.870778][ T5138] RBP: ffffc90003f3f8f0 R08: ffffffff838c1bd1 R09: fffffbfff1a83313
[ 54.878957][ T5138] R10: fffffbfff1a83313 R11: 1ffffffff1a83312 R12: 00000000fffffff4
[ 54.886922][ T5138] R13: dffffc0000000000 R14: ffff8880757c4360 R15: ffff8880757c47f0
[ 54.895128][ T5138] FS: 0000555555daf300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[ 54.904199][ T5138] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 54.910917][ T5138] CR2: 0000557826cdf230 CR3: 0000000021061000 CR4: 00000000003506f0
[ 54.919200][ T5138] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 54.927322][ T5138] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 54.935289][ T5138] Kernel panic - not syncing: Fatal exception
[ 54.941518][ T5138] Kernel Offset: disabled
[ 54.945848][ T5138] Rebooting in 86400 seconds..