./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3996305690
<...>
DUID 00:04:7c:8f:25:e4:1e:61:d4:15:b8:1c:50:2a:7f:f5:0b:01
forked to background, child pid 4645
[ 29.814611][ T4646] 8021q: adding VLAN 0 to HW filter on device bond0
[ 29.825273][ T4646] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK
syzkaller
Warning: Permanently added '10.128.1.130' (ECDSA) to the list of known hosts.
execve("./syz-executor3996305690", ["./syz-executor3996305690"], 0x7ffee57d10b0 /* 10 vars */) = 0
brk(NULL) = 0x55555646e000
brk(0x55555646ec40) = 0x55555646ec40
arch_prctl(ARCH_SET_FS, 0x55555646e300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor3996305690", 4096) = 28
brk(0x55555648fc40) = 0x55555648fc40
brk(0x555556490000) = 0x555556490000
mprotect(0x7f4d52e55000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
getpid() = 5068
mkdir("./syzkaller.Mm3E1r", 0700) = 0
chmod("./syzkaller.Mm3E1r", 0777) = 0
chdir("./syzkaller.Mm3E1r") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555646e5d0) = 5069
./strace-static-x86_64: Process 5069 attached
[pid 5069] chdir("./0") = 0
[pid 5069] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5069] setpgid(0, 0) = 0
[pid 5069] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5069] write(3, "1000", 4) = 4
[pid 5069] close(3) = 0
[pid 5069] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5069] memfd_create("syzkaller", 0) = 3
[pid 5069] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4d4a994000
[pid 5069] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5069] munmap(0x7f4d4a994000, 16777216) = 0
[pid 5069] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5069] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5069] close(3) = 0
[pid 5069] mkdir("./file0", 0777) = 0
syzkaller login: [ 48.830601][ T5069] loop0: detected capacity change from 0 to 32768
[ 48.842774][ T5069] BTRFS: device fsid d09153a9-5497-4f31-8e52-d2d02bbdf7fc devid 1 transid 8 /dev/loop0 scanned by syz-executor399 (5069)
[ 48.863555][ T5069] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm
[ 48.873157][ T5069] BTRFS info (device loop0): using free space tree
[pid 5069] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0
[pid 5069] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5069] chdir("./file0") = 0
[pid 5069] ioctl(4, LOOP_CLR_FD) = 0
[pid 5069] close(4) = 0
[pid 5069] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5069] write(4, "17", 2) = 2
[ 48.894444][ T5069] BTRFS info (device loop0): enabling ssd optimizations
[ 48.901658][ T5069] BTRFS info (device loop0): auto enabling async discard
[ 48.917642][ T5069] FAULT_INJECTION: forcing a failure.
[ 48.917642][ T5069] name failslab, interval 1, probability 0, space 0, times 1
[ 48.931030][ T5069] CPU: 0 PID: 5069 Comm: syz-executor399 Not tainted 6.1.0-syzkaller-13031-g77856d911a8c #0
[ 48.941117][ T5069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 48.951166][ T5069] Call Trace:
[ 48.954438][ T5069]
[ 48.957365][ T5069] dump_stack_lvl+0x1b1/0x290
[ 48.962065][ T5069] ? nf_tcp_handle_invalid+0x630/0x630
[ 48.967521][ T5069] ? panic+0x710/0x710
[ 48.971591][ T5069] ? __might_sleep+0xc0/0xc0
[ 48.976184][ T5069] should_fail_ex+0x3aa/0x4e0
[ 48.980858][ T5069] ? btrfs_create_new_inode+0x1c0/0x2230
[ 48.986486][ T5069] should_failslab+0x5/0x20
[ 48.990987][ T5069] kmem_cache_alloc+0x69/0x350
[ 48.995758][ T5069] btrfs_create_new_inode+0x1c0/0x2230
[ 49.001214][ T5069] ? __mutex_unlock_slowpath+0x222/0x770
[ 49.006848][ T5069] ? radix_tree_tag_set+0x2e4/0x410
[ 49.012051][ T5069] ? btrfs_new_inode_args_destroy+0x180/0x180
[ 49.018117][ T5069] ? btrfs_record_root_in_trans+0x16a/0x180
[ 49.024015][ T5069] ? start_transaction+0x3dc/0x10f0
[ 49.029222][ T5069] btrfs_create_common+0x1d2/0x2b0
[ 49.034333][ T5069] ? btrfs_tmpfile+0x480/0x480
[ 49.039109][ T5069] ? btrfs_mkdir+0x76/0x100
[ 49.043610][ T5069] vfs_mkdir+0x3b3/0x590
[ 49.047858][ T5069] do_mkdirat+0x25b/0x530
[ 49.052187][ T5069] ? 0xffffffff81000000
[ 49.056334][ T5069] ? __check_object_size+0x15a/0x210
[ 49.061622][ T5069] ? vfs_mkdir+0x590/0x590
[ 49.066037][ T5069] ? getname_flags+0x1ea/0x4e0
[ 49.070806][ T5069] __x64_sys_mkdir+0x6a/0x80
[ 49.075395][ T5069] do_syscall_64+0x3d/0xb0
[ 49.079810][ T5069] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 49.085696][ T5069] RIP: 0033:0x7f4d52de0c87
[ 49.090106][ T5069] Code: 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 49.109703][ T5069] RSP: 002b:00007fffa87c11d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 49.118113][ T5069] RAX: ffffffffffffffda RBX: 00007fffa87c1280 RCX: 00007f4d52de0c87
[ 49.126076][ T5069] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020000040
[ 49.134041][ T5069] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000020000000
[pid 5069] mkdir("./bus", 0777) = -1 ENOMEM (Cannot allocate memory)
[pid 5069] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid 5069] +++ killed by SIGSEGV +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5069, si_uid=0, si_status=SIGSEGV, si_utime=5 /* 0.05 s */, si_stime=16 /* 0.16 s */} ---
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555646f620 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./0/binderfs") = 0
[ 49.142010][ T5069] R10: 00007fffa87c1156 R11: 0000000000000246 R12: 00000000ffffffff
[ 49.149978][ T5069] R13: 0000000020000040 R14: 0000000020000140 R15: 0000000000000000
[ 49.157966][ T5069]
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556477660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556477660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./0/file0") = 0
getdents64(3, 0x55555646f620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./0") = 0
mkdir("./1", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5090 attached
, child_tidptr=0x55555646e5d0) = 5090
[pid 5090] chdir("./1") = 0
[pid 5090] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5090] setpgid(0, 0) = 0
[pid 5090] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5090] write(3, "1000", 4) = 4
[pid 5090] close(3) = 0
[pid 5090] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5090] memfd_create("syzkaller", 0) = 3
[pid 5090] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4d4a994000
[pid 5090] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5090] munmap(0x7f4d4a994000, 16777216) = 0
[pid 5090] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5090] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5090] close(3) = 0
[pid 5090] mkdir("./file0", 0777) = 0
[ 49.524239][ T5090] loop0: detected capacity change from 0 to 32768
[ 49.539660][ T5090] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm
[ 49.549115][ T5090] BTRFS info (device loop0): using free space tree
[ 49.567185][ T5090] BTRFS info (device loop0): enabling ssd optimizations
[pid 5090] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0
[pid 5090] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5090] chdir("./file0") = 0
[pid 5090] ioctl(4, LOOP_CLR_FD) = 0
[pid 5090] close(4) = 0
[pid 5090] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5090] write(4, "17", 2) = 2
[ 49.574256][ T5090] BTRFS info (device loop0): auto enabling async discard
[ 49.593717][ T5090] FAULT_INJECTION: forcing a failure.
[ 49.593717][ T5090] name failslab, interval 1, probability 0, space 0, times 0
[ 49.606536][ T5090] CPU: 1 PID: 5090 Comm: syz-executor399 Not tainted 6.1.0-syzkaller-13031-g77856d911a8c #0
[ 49.616619][ T5090] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 49.626668][ T5090] Call Trace:
[ 49.629939][ T5090]
[ 49.632865][ T5090] dump_stack_lvl+0x1b1/0x290
[ 49.637545][ T5090] ? nf_tcp_handle_invalid+0x630/0x630
[ 49.643000][ T5090] ? panic+0x710/0x710
[ 49.647067][ T5090] ? __might_sleep+0xc0/0xc0
[ 49.651663][ T5090] should_fail_ex+0x3aa/0x4e0
[ 49.656335][ T5090] ? btrfs_create_new_inode+0x1c0/0x2230
[ 49.661963][ T5090] should_failslab+0x5/0x20
[ 49.666466][ T5090] kmem_cache_alloc+0x69/0x350
[ 49.671232][ T5090] btrfs_create_new_inode+0x1c0/0x2230
[ 49.676688][ T5090] ? __mutex_unlock_slowpath+0x222/0x770
[ 49.682320][ T5090] ? radix_tree_tag_set+0x2e4/0x410
[ 49.687522][ T5090] ? btrfs_new_inode_args_destroy+0x180/0x180
[ 49.693591][ T5090] ? btrfs_record_root_in_trans+0x16a/0x180
[ 49.699483][ T5090] ? start_transaction+0x3dc/0x10f0
[ 49.704694][ T5090] btrfs_create_common+0x1d2/0x2b0
[ 49.709807][ T5090] ? btrfs_tmpfile+0x480/0x480
[ 49.714581][ T5090] ? btrfs_mkdir+0x76/0x100
[ 49.719083][ T5090] vfs_mkdir+0x3b3/0x590
[ 49.723334][ T5090] do_mkdirat+0x25b/0x530
[ 49.727661][ T5090] ? 0xffffffff81000000
[ 49.731809][ T5090] ? __check_object_size+0x15a/0x210
[ 49.737095][ T5090] ? vfs_mkdir+0x590/0x590
[ 49.741511][ T5090] ? getname_flags+0x1ea/0x4e0
[ 49.746277][ T5090] __x64_sys_mkdir+0x6a/0x80
[ 49.750866][ T5090] do_syscall_64+0x3d/0xb0
[ 49.755278][ T5090] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 49.761163][ T5090] RIP: 0033:0x7f4d52de0c87
[ 49.765571][ T5090] Code: 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 49.785170][ T5090] RSP: 002b:00007fffa87c11d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 49.793578][ T5090] RAX: ffffffffffffffda RBX: 00007fffa87c1280 RCX: 00007f4d52de0c87
[ 49.801542][ T5090] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020000040
[ 49.809513][ T5090] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000020000000
[ 49.817476][ T5090] R10: 00007fffa87c1156 R11: 0000000000000246 R12: 00000000ffffffff
[pid 5090] mkdir("./bus", 0777) = -1 ENOMEM (Cannot allocate memory)
[pid 5090] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid 5090] +++ killed by SIGSEGV +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5090, si_uid=0, si_status=SIGSEGV, si_utime=5 /* 0.05 s */, si_stime=22 /* 0.22 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555646f620 /* 4 entries */, 32768) = 112
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./1/binderfs") = 0
[ 49.825530][ T5090] R13: 0000000020000040 R14: 0000000020000140 R15: 0000000000000000
[ 49.833510][ T5090]
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556477660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556477660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./1/file0") = 0
getdents64(3, 0x55555646f620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./1") = 0
mkdir("./2", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5112 attached
, child_tidptr=0x55555646e5d0) = 5112
[pid 5112] chdir("./2") = 0
[pid 5112] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5112] setpgid(0, 0) = 0
[pid 5112] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5112] write(3, "1000", 4) = 4
[pid 5112] close(3) = 0
[pid 5112] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5112] memfd_create("syzkaller", 0) = 3
[pid 5112] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4d4a994000
[pid 5112] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5112] munmap(0x7f4d4a994000, 16777216) = 0
[pid 5112] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5112] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5112] close(3) = 0
[pid 5112] mkdir("./file0", 0777) = 0
[ 50.171405][ T5112] loop0: detected capacity change from 0 to 32768
[ 50.184593][ T5112] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm
[ 50.194149][ T5112] BTRFS info (device loop0): using free space tree
[ 50.211091][ T5112] BTRFS info (device loop0): enabling ssd optimizations
[pid 5112] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0
[pid 5112] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5112] chdir("./file0") = 0
[pid 5112] ioctl(4, LOOP_CLR_FD) = 0
[pid 5112] close(4) = 0
[pid 5112] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5112] write(4, "17", 2) = 2
[ 50.218286][ T5112] BTRFS info (device loop0): auto enabling async discard
[ 50.236756][ T5112] FAULT_INJECTION: forcing a failure.
[ 50.236756][ T5112] name failslab, interval 1, probability 0, space 0, times 0
[ 50.249936][ T5112] CPU: 0 PID: 5112 Comm: syz-executor399 Not tainted 6.1.0-syzkaller-13031-g77856d911a8c #0
[ 50.260034][ T5112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 50.270107][ T5112] Call Trace:
[ 50.273407][ T5112]
[ 50.276356][ T5112] dump_stack_lvl+0x1b1/0x290
[ 50.281065][ T5112] ? nf_tcp_handle_invalid+0x630/0x630
[ 50.286556][ T5112] ? panic+0x710/0x710
[ 50.290660][ T5112] ? __might_sleep+0xc0/0xc0
[ 50.295273][ T5112] ? _raw_spin_unlock+0x24/0x40
[ 50.300147][ T5112] ? btrfs_get_delayed_node+0x219/0x590
[ 50.305716][ T5112] should_fail_ex+0x3aa/0x4e0
[ 50.310397][ T5112] ? btrfs_set_inode_index+0x237/0x580
[ 50.315853][ T5112] should_failslab+0x5/0x20
[ 50.320351][ T5112] kmem_cache_alloc+0x69/0x350
[ 50.325119][ T5112] btrfs_set_inode_index+0x237/0x580
[ 50.330403][ T5112] ? btrfs_get_free_objectid+0x30/0x180
[ 50.335953][ T5112] ? btrfs_lookup_dentry+0x1450/0x1450
[ 50.341412][ T5112] ? rcu_read_lock_sched_held+0x87/0x110
[ 50.347043][ T5112] ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 50.353036][ T5112] btrfs_create_new_inode+0x694/0x2230
[ 50.358510][ T5112] ? btrfs_new_inode_args_destroy+0x180/0x180
[ 50.364576][ T5112] ? btrfs_record_root_in_trans+0x16a/0x180
[ 50.370469][ T5112] ? start_transaction+0x3dc/0x10f0
[ 50.375678][ T5112] btrfs_create_common+0x1d2/0x2b0
[ 50.380787][ T5112] ? btrfs_tmpfile+0x480/0x480
[ 50.385561][ T5112] ? btrfs_mkdir+0x76/0x100
[ 50.390061][ T5112] vfs_mkdir+0x3b3/0x590
[ 50.394311][ T5112] do_mkdirat+0x25b/0x530
[ 50.398638][ T5112] ? 0xffffffff81000000
[ 50.402787][ T5112] ? __check_object_size+0x15a/0x210
[ 50.408073][ T5112] ? vfs_mkdir+0x590/0x590
[ 50.412491][ T5112] ? getname_flags+0x1ea/0x4e0
[ 50.417258][ T5112] __x64_sys_mkdir+0x6a/0x80
[ 50.421845][ T5112] do_syscall_64+0x3d/0xb0
[ 50.426262][ T5112] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 50.432146][ T5112] RIP: 0033:0x7f4d52de0c87
[ 50.436558][ T5112] Code: 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 50.456155][ T5112] RSP: 002b:00007fffa87c11d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 50.464563][ T5112] RAX: ffffffffffffffda RBX: 00007fffa87c1280 RCX: 00007f4d52de0c87
[pid 5112] mkdir("./bus", 0777) = -1 ENOMEM (Cannot allocate memory)
[pid 5112] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid 5112] +++ killed by SIGSEGV +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5112, si_uid=0, si_status=SIGSEGV, si_utime=5 /* 0.05 s */, si_stime=24 /* 0.24 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555646f620 /* 4 entries */, 32768) = 112
umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./2/binderfs") = 0
[ 50.472791][ T5112] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020000040
[ 50.480754][ T5112] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000020000000
[ 50.488717][ T5112] R10: 00007fffa87c1156 R11: 0000000000000246 R12: 00000000ffffffff
[ 50.496679][ T5112] R13: 0000000020000040 R14: 0000000020000140 R15: 0000000000000000
[ 50.504662][ T5112]
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556477660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556477660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./2/file0") = 0
getdents64(3, 0x55555646f620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./2") = 0
mkdir("./3", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555646e5d0) = 5135
./strace-static-x86_64: Process 5135 attached
[pid 5135] chdir("./3") = 0
[pid 5135] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5135] setpgid(0, 0) = 0
[pid 5135] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5135] write(3, "1000", 4) = 4
[pid 5135] close(3) = 0
[pid 5135] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5135] memfd_create("syzkaller", 0) = 3
[pid 5135] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4d4a994000
[pid 5135] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5135] munmap(0x7f4d4a994000, 16777216) = 0
[pid 5135] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5135] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5135] close(3) = 0
[pid 5135] mkdir("./file0", 0777) = 0
[ 50.815132][ T5135] loop0: detected capacity change from 0 to 32768
[ 50.829403][ T5135] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm
[ 50.838953][ T5135] BTRFS info (device loop0): using free space tree
[pid 5135] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0
[pid 5135] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5135] chdir("./file0") = 0
[pid 5135] ioctl(4, LOOP_CLR_FD) = 0
[pid 5135] close(4) = 0
[pid 5135] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5135] write(4, "17", 2) = 2
[ 50.859051][ T5135] BTRFS info (device loop0): enabling ssd optimizations
[ 50.866069][ T5135] BTRFS info (device loop0): auto enabling async discard
[ 50.889794][ T5135] FAULT_INJECTION: forcing a failure.
[ 50.889794][ T5135] name failslab, interval 1, probability 0, space 0, times 0
[ 50.902890][ T5135] CPU: 1 PID: 5135 Comm: syz-executor399 Not tainted 6.1.0-syzkaller-13031-g77856d911a8c #0
[ 50.912984][ T5135] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 50.923064][ T5135] Call Trace:
[ 50.926363][ T5135]
[ 50.929312][ T5135] dump_stack_lvl+0x1b1/0x290
[ 50.934027][ T5135] ? nf_tcp_handle_invalid+0x630/0x630
[ 50.939511][ T5135] ? panic+0x710/0x710
[ 50.943622][ T5135] should_fail_ex+0x3aa/0x4e0
[ 50.948326][ T5135] ? __set_extent_bit+0x130/0x1c90
[ 50.953461][ T5135] should_failslab+0x5/0x20
[ 50.957985][ T5135] kmem_cache_alloc+0x69/0x350
[ 50.962776][ T5135] ? __lock_acquire+0x1f60/0x1f60
[ 50.967847][ T5135] __set_extent_bit+0x130/0x1c90
[ 50.972829][ T5135] ? PageUptodate+0xe7/0x2b0
[ 50.977449][ T5135] set_extent_bit+0x3e/0x50
[ 50.981983][ T5135] btrfs_alloc_tree_block+0xb07/0x1820
[ 50.987484][ T5135] ? alloc_reserved_file_extent+0x6c0/0x6c0
[ 50.993394][ T5135] ? mark_lock+0x2a1/0x350
[ 50.997858][ T5135] ? read_extent_buffer+0x138/0x2e0
[ 51.003078][ T5135] ? memcpy+0x3c/0x60
[ 51.007090][ T5135] __btrfs_cow_block+0x446/0x1790
[ 51.012171][ T5135] ? btrfs_cow_block+0x570/0x570
[ 51.017134][ T5135] ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 51.023139][ T5135] ? down_read_non_owner+0xa0/0xa0
[ 51.028278][ T5135] btrfs_cow_block+0x3d8/0x570
[ 51.033088][ T5135] btrfs_search_slot+0xced/0x31f0
[ 51.038173][ T5135] ? btrfs_find_item+0x5b0/0x5b0
[ 51.043144][ T5135] ? btrfs_create_new_inode+0xbc4/0x2230
[ 51.048787][ T5135] ? __lock_acquire+0x1f60/0x1f60
[ 51.053810][ T5135] ? do_raw_spin_lock+0x147/0x3a0
[ 51.058837][ T5135] ? do_raw_spin_unlock+0x134/0x8a0
[ 51.064039][ T5135] btrfs_insert_empty_items+0x96/0x180
[ 51.069510][ T5135] btrfs_create_new_inode+0xf0f/0x2230
[ 51.074974][ T5135] ? btrfs_new_inode_args_destroy+0x180/0x180
[ 51.081110][ T5135] btrfs_create_common+0x1d2/0x2b0
[ 51.086235][ T5135] ? btrfs_tmpfile+0x480/0x480
[ 51.091003][ T5135] ? btrfs_mkdir+0x76/0x100
[ 51.095526][ T5135] vfs_mkdir+0x3b3/0x590
[ 51.099810][ T5135] do_mkdirat+0x25b/0x530
[ 51.104158][ T5135] ? 0xffffffff81000000
[ 51.108326][ T5135] ? __check_object_size+0x15a/0x210
[ 51.113625][ T5135] ? vfs_mkdir+0x590/0x590
[ 51.118049][ T5135] ? getname_flags+0x1ea/0x4e0
[ 51.122832][ T5135] __x64_sys_mkdir+0x6a/0x80
[ 51.127417][ T5135] do_syscall_64+0x3d/0xb0
[ 51.131838][ T5135] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 51.137739][ T5135] RIP: 0033:0x7f4d52de0c87
[ 51.142143][ T5135] Code: 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[pid 5135] mkdir("./bus", 0777) = 0
[pid 5135] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid 5135] +++ killed by SIGSEGV +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5135, si_uid=0, si_status=SIGSEGV, si_utime=4 /* 0.04 s */, si_stime=18 /* 0.18 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555646f620 /* 4 entries */, 32768) = 112
umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./3/binderfs") = 0
[ 51.161741][ T5135] RSP: 002b:00007fffa87c11d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 51.170147][ T5135] RAX: ffffffffffffffda RBX: 00007fffa87c1280 RCX: 00007f4d52de0c87
[ 51.178109][ T5135] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020000040
[ 51.186079][ T5135] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000020000000
[ 51.194055][ T5135] R10: 00007fffa87c1156 R11: 0000000000000246 R12: 00000000ffffffff
[ 51.202018][ T5135] R13: 0000000020000040 R14: 0000000020000140 R15: 0000000000000000
[ 51.209993][ T5135]
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556477660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556477660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./3/file0") = 0
getdents64(3, 0x55555646f620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./3") = 0
mkdir("./4", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555646e5d0) = 5153
./strace-static-x86_64: Process 5153 attached
[pid 5153] chdir("./4") = 0
[pid 5153] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5153] setpgid(0, 0) = 0
[pid 5153] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5153] write(3, "1000", 4) = 4
[pid 5153] close(3) = 0
[pid 5153] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5153] memfd_create("syzkaller", 0) = 3
[pid 5153] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4d4a994000
[pid 5153] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5153] munmap(0x7f4d4a994000, 16777216) = 0
[pid 5153] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5153] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5153] close(3) = 0
[pid 5153] mkdir("./file0", 0777) = 0
[ 51.502337][ T5153] loop0: detected capacity change from 0 to 32768
[ 51.516398][ T5153] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm
[ 51.526134][ T5153] BTRFS info (device loop0): using free space tree
[ 51.545601][ T5153] BTRFS info (device loop0): enabling ssd optimizations
[pid 5153] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0
[pid 5153] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5153] chdir("./file0") = 0
[pid 5153] ioctl(4, LOOP_CLR_FD) = 0
[pid 5153] close(4) = 0
[pid 5153] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5153] write(4, "17", 2) = 2
[ 51.552572][ T5153] BTRFS info (device loop0): auto enabling async discard
[ 51.576731][ T5153] FAULT_INJECTION: forcing a failure.
[ 51.576731][ T5153] name failslab, interval 1, probability 0, space 0, times 0
[ 51.589832][ T5153] CPU: 0 PID: 5153 Comm: syz-executor399 Not tainted 6.1.0-syzkaller-13031-g77856d911a8c #0
[ 51.599931][ T5153] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 51.610001][ T5153] Call Trace:
[ 51.613277][ T5153]
[ 51.616211][ T5153] dump_stack_lvl+0x1b1/0x290
[ 51.620889][ T5153] ? nf_tcp_handle_invalid+0x630/0x630
[ 51.626340][ T5153] ? panic+0x710/0x710
[ 51.630405][ T5153] ? __might_sleep+0xc0/0xc0
[ 51.634991][ T5153] should_fail_ex+0x3aa/0x4e0
[ 51.639677][ T5153] ? btrfs_alloc_tree_block+0xb65/0x1820
[ 51.645320][ T5153] should_failslab+0x5/0x20
[ 51.649831][ T5153] kmem_cache_alloc+0x69/0x350
[ 51.654594][ T5153] ? set_extent_bit+0x3e/0x50
[ 51.659285][ T5153] btrfs_alloc_tree_block+0xb65/0x1820
[ 51.664757][ T5153] ? alloc_reserved_file_extent+0x6c0/0x6c0
[ 51.670643][ T5153] ? mark_lock+0x9a/0x350
[ 51.674982][ T5153] ? read_extent_buffer+0x138/0x2e0
[ 51.680179][ T5153] ? memcpy+0x3c/0x60
[ 51.684165][ T5153] __btrfs_cow_block+0x446/0x1790
[ 51.689211][ T5153] ? btrfs_cow_block+0x570/0x570
[ 51.694149][ T5153] ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 51.700126][ T5153] ? down_read_non_owner+0xa0/0xa0
[ 51.705253][ T5153] btrfs_cow_block+0x3d8/0x570
[ 51.710031][ T5153] btrfs_search_slot+0xced/0x31f0
[ 51.715077][ T5153] ? btrfs_find_item+0x5b0/0x5b0
[ 51.720011][ T5153] ? btrfs_create_new_inode+0xbc4/0x2230
[ 51.725641][ T5153] ? __lock_acquire+0x1f60/0x1f60
[ 51.730657][ T5153] ? do_raw_spin_lock+0x147/0x3a0
[ 51.735686][ T5153] ? do_raw_spin_unlock+0x134/0x8a0
[ 51.740885][ T5153] btrfs_insert_empty_items+0x96/0x180
[ 51.746349][ T5153] btrfs_create_new_inode+0xf0f/0x2230
[ 51.751825][ T5153] ? btrfs_new_inode_args_destroy+0x180/0x180
[ 51.757917][ T5153] btrfs_create_common+0x1d2/0x2b0
[ 51.763027][ T5153] ? btrfs_tmpfile+0x480/0x480
[ 51.767802][ T5153] ? btrfs_mkdir+0x76/0x100
[ 51.772303][ T5153] vfs_mkdir+0x3b3/0x590
[ 51.776555][ T5153] do_mkdirat+0x25b/0x530
[ 51.780880][ T5153] ? 0xffffffff81000000
[ 51.785027][ T5153] ? __check_object_size+0x15a/0x210
[ 51.790313][ T5153] ? vfs_mkdir+0x590/0x590
[ 51.794730][ T5153] ? getname_flags+0x1ea/0x4e0
[ 51.799498][ T5153] __x64_sys_mkdir+0x6a/0x80
[ 51.804089][ T5153] do_syscall_64+0x3d/0xb0
[ 51.808504][ T5153] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 51.814390][ T5153] RIP: 0033:0x7f4d52de0c87
[ 51.818803][ T5153] Code: 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 51.838402][ T5153] RSP: 002b:00007fffa87c11d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 51.846810][ T5153] RAX: ffffffffffffffda RBX: 00007fffa87c1280 RCX: 00007f4d52de0c87
[ 51.854775][ T5153] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020000040
[ 51.862738][ T5153] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000020000000
[ 51.870700][ T5153] R10: 00007fffa87c1156 R11: 0000000000000246 R12: 00000000ffffffff
[ 51.878665][ T5153] R13: 0000000020000040 R14: 0000000020000140 R15: 0000000000000000
[ 51.886644][ T5153]
[pid 5153] mkdir("./bus", 0777) = -1 ENOMEM (Cannot allocate memory)
[pid 5153] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid 5153] +++ killed by SIGSEGV +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5153, si_uid=0, si_status=SIGSEGV, si_utime=2 /* 0.02 s */, si_stime=21 /* 0.21 s */} ---
umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555646f620 /* 4 entries */, 32768) = 112
umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./4/binderfs") = 0
[ 51.903696][ T5153] BTRFS error (device loop0: state A): Transaction aborted (error -12)
[ 51.912110][ T5153] BTRFS: error (device loop0: state A) in btrfs_create_new_inode:6484: errno=-12 Out of memory
[ 51.923649][ T5153] BTRFS info (device loop0: state EA): forced readonly
[ 51.978982][ T5068] ------------[ cut here ]------------
[ 51.984620][ T5068] WARNING: CPU: 1 PID: 5068 at fs/btrfs/space-info.h:199 btrfs_block_rsv_release+0x5d1/0x730
[ 51.994889][ T5068] Modules linked in:
[ 51.998906][ T5068] CPU: 1 PID: 5068 Comm: syz-executor399 Not tainted 6.1.0-syzkaller-13031-g77856d911a8c #0
[ 52.009064][ T5068] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 52.019181][ T5068] RIP: 0010:btrfs_block_rsv_release+0x5d1/0x730
[ 52.025493][ T5068] Code: 8b 7c 24 10 74 08 4c 89 f7 e8 3b 2b 31 fe 49 8b 1e 48 89 df 48 8b 2c 24 48 89 ee e8 69 91 db fd 48 39 eb 73 0b e8 1f 8f db fd <0f> 0b 31 db eb 25 e8 14 8f db fd 48 b8 00 00 00 00 00 fc ff df 41
[ 52.045164][ T5068] RSP: 0018:ffffc90003c7f948 EFLAGS: 00010293
[ 52.051326][ T5068] RAX: ffffffff83b046a1 RBX: 00000000000df000 RCX: ffff8880243f9d40
[ 52.059467][ T5068] RDX: 0000000000000000 RSI: 00000000000e0000 RDI: 00000000000df000
[ 52.067510][ T5068] RBP: 00000000000e0000 R08: ffffffff83b04697 R09: fffffbfff1d2c9e6
[ 52.075542][ T5068] R10: fffffbfff1d2c9e6 R11: 1ffffffff1d2c9e5 R12: 1ffff110045b000c
[ 52.083502][ T5068] R13: 00000000000e0000 R14: ffff888022d80060 R15: 0000000000000000
[ 52.091509][ T5068] FS: 000055555646e300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[ 52.100520][ T5068] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 52.107179][ T5068] CR2: 00007fffa87bfb88 CR3: 000000002bdab000 CR4: 00000000003506e0
[ 52.115188][ T5068] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 52.123221][ T5068] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 52.131283][ T5068] Call Trace:
[ 52.134568][ T5068]
[ 52.137549][ T5068] btrfs_release_global_block_rsv+0x2f/0x250
[ 52.143545][ T5068] btrfs_free_block_groups+0xbed/0xf60
[ 52.149083][ T5068] close_ctree+0x732/0xce0
[ 52.153522][ T5068] ? do_raw_spin_unlock+0x134/0x8a0
[ 52.158809][ T5068] ? hook_sb_delete+0x988/0xab0
[ 52.163676][ T5068] ? init_tree_roots+0x1ee0/0x1ee0
[ 52.168846][ T5068] ? hook_inode_free_security+0xa0/0xa0
[ 52.174399][ T5068] ? __fsnotify_vfsmount_delete+0x20/0x20
[ 52.180161][ T5068] ? clear_inode+0x150/0x150
[ 52.184763][ T5068] ? fscrypt_destroy_keyring+0x285/0x2a0
[ 52.190454][ T5068] ? btrfs_fill_super+0x2d0/0x2d0
[ 52.195513][ T5068] generic_shutdown_super+0x130/0x310
[ 52.200880][ T5068] kill_anon_super+0x36/0x60
[ 52.205518][ T5068] btrfs_kill_super+0x3d/0x50
[ 52.210206][ T5068] deactivate_locked_super+0xa7/0xf0
[ 52.215554][ T5068] cleanup_mnt+0x494/0x520
[ 52.219976][ T5068] ? lockdep_hardirqs_on+0x8d/0x130
[ 52.225174][ T5068] task_work_run+0x243/0x300
[ 52.229824][ T5068] ? task_work_cancel+0x290/0x290
[ 52.234873][ T5068] ? path_umount+0x1e0/0xf90
[ 52.239535][ T5068] ptrace_notify+0x29a/0x340
[ 52.244139][ T5068] ? do_notify_parent+0xe00/0xe00
[ 52.249238][ T5068] ? user_path_at_empty+0x149/0x1a0
[ 52.254453][ T5068] ? __x64_sys_umount+0x113/0x150
[ 52.259534][ T5068] syscall_exit_work+0x8c/0xe0
[ 52.264398][ T5068] syscall_exit_to_user_mode_prepare+0x63/0xc0
[ 52.270597][ T5068] syscall_exit_to_user_mode+0xa/0x60
[ 52.276030][ T5068] do_syscall_64+0x49/0xb0
[ 52.280453][ T5068] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 52.286379][ T5068] RIP: 0033:0x7f4d52de2e47
[ 52.290812][ T5068] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 52.310487][ T5068] RSP: 002b:00007fffa87c02c8 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[ 52.318935][ T5068] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f4d52de2e47
[ 52.326952][ T5068] RDX: 00007fffa87c0389 RSI: 000000000000000a RDI: 00007fffa87c0380
[ 52.334924][ T5068] RBP: 00007fffa87c0380 R08: 00000000ffffffff R09: 00007fffa87c0160
[ 52.342930][ T5068] R10: 000055555646f653 R11: 0000000000000202 R12: 00007fffa87c1400
[ 52.350931][ T5068] R13: 000055555646f5f0 R14: 00007fffa87c02f0 R15: 0000000000000005
[ 52.358957][ T5068]
[ 52.361982][ T5068] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 52.369245][ T5068] CPU: 1 PID: 5068 Comm: syz-executor399 Not tainted 6.1.0-syzkaller-13031-g77856d911a8c #0
[ 52.379288][ T5068] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 52.389327][ T5068] Call Trace:
[ 52.392593][ T5068]
[ 52.395512][ T5068] dump_stack_lvl+0x1b1/0x290
[ 52.400182][ T5068] ? nf_tcp_handle_invalid+0x630/0x630
[ 52.405630][ T5068] ? panic+0x710/0x710
[ 52.409689][ T5068] ? vscnprintf+0x59/0x80
[ 52.414008][ T5068] ? btrfs_block_rsv_release+0x530/0x730
[ 52.420679][ T5068] panic+0x2d6/0x710
[ 52.424580][ T5068] ? __warn+0x16d/0x2d0
[ 52.428730][ T5068] ? memcpy_page_flushcache+0x100/0x100
[ 52.434370][ T5068] ? btrfs_block_rsv_release+0x5d1/0x730
[ 52.440000][ T5068] __warn+0x284/0x2d0
[ 52.443989][ T5068] ? btrfs_block_rsv_release+0x5d1/0x730
[ 52.449635][ T5068] report_bug+0x1b3/0x2d0
[ 52.453967][ T5068] handle_bug+0x3d/0x70
[ 52.458115][ T5068] exc_invalid_op+0x16/0x40
[ 52.462615][ T5068] asm_exc_invalid_op+0x16/0x20
[ 52.467457][ T5068] RIP: 0010:btrfs_block_rsv_release+0x5d1/0x730
[ 52.473695][ T5068] Code: 8b 7c 24 10 74 08 4c 89 f7 e8 3b 2b 31 fe 49 8b 1e 48 89 df 48 8b 2c 24 48 89 ee e8 69 91 db fd 48 39 eb 73 0b e8 1f 8f db fd <0f> 0b 31 db eb 25 e8 14 8f db fd 48 b8 00 00 00 00 00 fc ff df 41
[ 52.493295][ T5068] RSP: 0018:ffffc90003c7f948 EFLAGS: 00010293
[ 52.499359][ T5068] RAX: ffffffff83b046a1 RBX: 00000000000df000 RCX: ffff8880243f9d40
[ 52.507323][ T5068] RDX: 0000000000000000 RSI: 00000000000e0000 RDI: 00000000000df000
[ 52.515285][ T5068] RBP: 00000000000e0000 R08: ffffffff83b04697 R09: fffffbfff1d2c9e6
[ 52.523249][ T5068] R10: fffffbfff1d2c9e6 R11: 1ffffffff1d2c9e5 R12: 1ffff110045b000c
[ 52.531216][ T5068] R13: 00000000000e0000 R14: ffff888022d80060 R15: 0000000000000000
[ 52.539184][ T5068] ? btrfs_block_rsv_release+0x5c7/0x730
[ 52.544818][ T5068] ? btrfs_block_rsv_release+0x5d1/0x730
[ 52.552013][ T5068] ? btrfs_block_rsv_release+0x5d1/0x730
[ 52.557648][ T5068] btrfs_release_global_block_rsv+0x2f/0x250
[ 52.563628][ T5068] btrfs_free_block_groups+0xbed/0xf60
[ 52.569091][ T5068] close_ctree+0x732/0xce0
[ 52.573506][ T5068] ? do_raw_spin_unlock+0x134/0x8a0
[ 52.578706][ T5068] ? hook_sb_delete+0x988/0xab0
[ 52.583550][ T5068] ? init_tree_roots+0x1ee0/0x1ee0
[ 52.588660][ T5068] ? hook_inode_free_security+0xa0/0xa0
[ 52.594202][ T5068] ? __fsnotify_vfsmount_delete+0x20/0x20
[ 52.599916][ T5068] ? clear_inode+0x150/0x150
[ 52.604499][ T5068] ? fscrypt_destroy_keyring+0x285/0x2a0
[ 52.610128][ T5068] ? btrfs_fill_super+0x2d0/0x2d0
[ 52.615159][ T5068] generic_shutdown_super+0x130/0x310
[ 52.620534][ T5068] kill_anon_super+0x36/0x60
[ 52.625124][ T5068] btrfs_kill_super+0x3d/0x50
[ 52.629797][ T5068] deactivate_locked_super+0xa7/0xf0
[ 52.635079][ T5068] cleanup_mnt+0x494/0x520
[ 52.639497][ T5068] ? lockdep_hardirqs_on+0x8d/0x130
[ 52.644696][ T5068] task_work_run+0x243/0x300
[ 52.649292][ T5068] ? task_work_cancel+0x290/0x290
[ 52.654342][ T5068] ? path_umount+0x1e0/0xf90
[ 52.658933][ T5068] ptrace_notify+0x29a/0x340
[ 52.663518][ T5068] ? do_notify_parent+0xe00/0xe00
[ 52.668537][ T5068] ? user_path_at_empty+0x149/0x1a0
[ 52.673735][ T5068] ? __x64_sys_umount+0x113/0x150
[ 52.678763][ T5068] syscall_exit_work+0x8c/0xe0
[ 52.683525][ T5068] syscall_exit_to_user_mode_prepare+0x63/0xc0
[ 52.689679][ T5068] syscall_exit_to_user_mode+0xa/0x60
[ 52.695066][ T5068] do_syscall_64+0x49/0xb0
[ 52.699494][ T5068] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 52.705380][ T5068] RIP: 0033:0x7f4d52de2e47
[ 52.709793][ T5068] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 52.729389][ T5068] RSP: 002b:00007fffa87c02c8 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[ 52.737797][ T5068] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f4d52de2e47
[ 52.745760][ T5068] RDX: 00007fffa87c0389 RSI: 000000000000000a RDI: 00007fffa87c0380
[ 52.753725][ T5068] RBP: 00007fffa87c0380 R08: 00000000ffffffff R09: 00007fffa87c0160
[ 52.761689][ T5068] R10: 000055555646f653 R11: 0000000000000202 R12: 00007fffa87c1400
[ 52.769654][ T5068] R13: 000055555646f5f0 R14: 00007fffa87c02f0 R15: 0000000000000005
[ 52.777629][ T5068]
[ 52.780785][ T5068] Kernel Offset: disabled
[ 52.785200][ T5068] Rebooting in 86400 seconds..