./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4139839676
<...>
DUID 00:04:7a:dc:29:a2:f4:b1:6d:28:30:de:a7:64:4f:eb:cd:90
forked to background, child pid 4645
[ 30.385345][ T4646] 8021q: adding VLAN 0 to HW filter on device bond0
[ 30.397022][ T4646] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK
syzkaller
Warning: Permanently added '10.128.1.118' (ECDSA) to the list of known hosts.
execve("./syz-executor4139839676", ["./syz-executor4139839676"], 0x7fffb114c210 /* 10 vars */) = 0
brk(NULL) = 0x555556644000
brk(0x555556644c40) = 0x555556644c40
arch_prctl(ARCH_SET_FS, 0x555556644300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor4139839676", 4096) = 28
brk(0x555556665c40) = 0x555556665c40
brk(0x555556666000) = 0x555556666000
mprotect(0x7fc9067fb000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
getpid() = 5073
mkdir("./syzkaller.NNfLCO", 0700) = 0
chmod("./syzkaller.NNfLCO", 0777) = 0
chdir("./syzkaller.NNfLCO") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566445d0) = 5074
./strace-static-x86_64: Process 5074 attached
[pid 5074] chdir("./0") = 0
[pid 5074] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5074] setpgid(0, 0) = 0
[pid 5074] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5074] write(3, "1000", 4) = 4
[pid 5074] close(3) = 0
[pid 5074] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5074] memfd_create("syzkaller", 0) = 3
[pid 5074] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc8fe33a000
syzkaller login: [ 51.683226][ T5074] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5074 'syz-executor413'
[pid 5074] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5074] munmap(0x7fc8fe33a000, 16777216) = 0
[pid 5074] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5074] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5074] close(3) = 0
[pid 5074] mkdir("./file0", 0777) = 0
[ 51.853420][ T5074] loop0: detected capacity change from 0 to 32768
[ 51.864866][ T5074] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor413 (5074)
[ 51.885232][ T5074] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm
[ 51.894828][ T5074] BTRFS info (device loop0): doing ref verification
[pid 5074] mount("/dev/loop0", "./file0", "btrfs", MS_SYNCHRONOUS|MS_STRICTATIME, "datacow,ref_verify,nodatasum,max_inline=%m-3,noautodefrag,ssd,") = 0
[pid 5074] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5074] chdir("./file0") = 0
[pid 5074] ioctl(4, LOOP_CLR_FD) = 0
[pid 5074] close(4) = 0
[pid 5074] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5074] write(4, "44", 2) = 2
[ 51.901842][ T5074] BTRFS info (device loop0): setting nodatasum
[ 51.908272][ T5074] BTRFS info (device loop0): max_inline at 0
[ 51.914650][ T5074] BTRFS info (device loop0): enabling ssd optimizations
[ 51.921801][ T5074] BTRFS info (device loop0): using free space tree
[ 51.943673][ T5074] BTRFS info (device loop0): auto enabling async discard
[ 51.965390][ T5074] FAULT_INJECTION: forcing a failure.
[ 51.965390][ T5074] name failslab, interval 1, probability 0, space 0, times 1
[ 51.981132][ T5074] CPU: 1 PID: 5074 Comm: syz-executor413 Not tainted 6.3.0-rc2-syzkaller-00235-g8d3c682a5e3d #0
[ 51.991600][ T5074] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 52.001686][ T5074] Call Trace:
[ 52.004990][ T5074]
[ 52.007952][ T5074] dump_stack_lvl+0x1e7/0x2d0
[ 52.012746][ T5074] ? nf_tcp_handle_invalid+0x650/0x650
[ 52.018251][ T5074] ? panic+0x770/0x770
[ 52.022363][ T5074] ? __might_sleep+0xc0/0xc0
[ 52.026994][ T5074] should_fail_ex+0x3aa/0x4e0
[ 52.031717][ T5074] should_failslab+0x9/0x20
[ 52.036345][ T5074] slab_pre_alloc_hook+0x59/0x2b0
[ 52.041413][ T5074] ? btrfs_ref_tree_mod+0x240/0x1510
[ 52.047046][ T5074] __kmem_cache_alloc_node+0x4b/0x290
[ 52.052463][ T5074] ? btrfs_ref_tree_mod+0x240/0x1510
[ 52.057779][ T5074] kmalloc_trace+0x2a/0xe0
[ 52.062234][ T5074] btrfs_ref_tree_mod+0x240/0x1510
[ 52.067380][ T5074] ? __kasan_slab_alloc+0x66/0x70
[ 52.072448][ T5074] ? rcu_is_watching+0x15/0xb0
[ 52.077275][ T5074] ? kmem_cache_alloc+0x14e/0x2e0
[ 52.082377][ T5074] ? btrfs_alloc_tree_block+0xbae/0x1800
[ 52.088018][ T5074] ? btrfs_alloc_tree_block+0xbdb/0x1800
[ 52.093661][ T5074] btrfs_alloc_tree_block+0xf41/0x1800
[ 52.099223][ T5074] ? alloc_reserved_file_extent+0x5e0/0x5e0
[ 52.105117][ T5074] ? lockdep_unlock+0x169/0x300
[ 52.109983][ T5074] ? read_extent_buffer+0x122/0x2a0
[ 52.115189][ T5074] ? __asan_memcpy+0x40/0x70
[ 52.119790][ T5074] __btrfs_cow_block+0x470/0x1830
[ 52.124835][ T5074] ? btrfs_qgroup_trace_subtree_after_cow+0x1a8/0x1190
[ 52.131695][ T5074] ? btrfs_cow_block+0x780/0x780
[ 52.136635][ T5074] ? btrfs_qgroup_add_swapped_blocks+0x760/0x7f0
[ 52.142968][ T5074] ? __down_write_common+0x161/0x200
[ 52.148266][ T5074] btrfs_cow_block+0x403/0x780
[ 52.153050][ T5074] btrfs_search_slot+0xc89/0x2f70
[ 52.158096][ T5074] ? btrfs_find_item+0x530/0x530
[ 52.163035][ T5074] ? btrfs_create_new_inode+0xe11/0x27f0
[ 52.168676][ T5074] ? __lock_acquire+0x1f80/0x1f80
[ 52.173704][ T5074] ? do_raw_spin_lock+0x14d/0x3a0
[ 52.178766][ T5074] ? do_raw_spin_unlock+0x13b/0x8b0
[ 52.183982][ T5074] btrfs_insert_empty_items+0x9c/0x180
[ 52.189450][ T5074] btrfs_create_new_inode+0x1149/0x27f0
[ 52.195025][ T5074] ? btrfs_new_inode_args_destroy+0x160/0x160
[ 52.201092][ T5074] ? record_root_in_trans+0x2d8/0x360
[ 52.206563][ T5074] ? start_transaction+0x3de/0x1050
[ 52.211774][ T5074] btrfs_create_common+0x1f9/0x300
[ 52.216895][ T5074] ? btrfs_tmpfile+0x4d0/0x4d0
[ 52.221659][ T5074] ? do_raw_spin_unlock+0x13b/0x8b0
[ 52.226875][ T5074] ? btrfs_create+0x75/0x140
[ 52.231472][ T5074] ? btrfs_lookup+0x40/0x40
[ 52.235999][ T5074] path_openat+0x13df/0x3170
[ 52.240639][ T5074] ? do_filp_open+0x490/0x490
[ 52.245342][ T5074] do_filp_open+0x234/0x490
[ 52.249897][ T5074] ? vfs_tmpfile+0x4a0/0x4a0
[ 52.254514][ T5074] ? _raw_spin_unlock+0x28/0x40
[ 52.259374][ T5074] ? alloc_fd+0x59c/0x640
[ 52.263720][ T5074] do_sys_openat2+0x13f/0x500
[ 52.268400][ T5074] ? print_irqtrace_events+0x220/0x220
[ 52.273862][ T5074] ? do_sys_open+0x230/0x230
[ 52.278478][ T5074] ? lockdep_hardirqs_on+0x98/0x140
[ 52.283690][ T5074] ? _raw_spin_unlock_irq+0x2e/0x50
[ 52.288900][ T5074] ? ptrace_notify+0x278/0x380
[ 52.293677][ T5074] __x64_sys_openat+0x247/0x290
[ 52.298568][ T5074] ? __ia32_sys_open+0x270/0x270
[ 52.303517][ T5074] ? syscall_enter_from_user_mode+0x32/0x260
[ 52.309552][ T5074] ? syscall_enter_from_user_mode+0x8c/0x260
[ 52.315556][ T5074] do_syscall_64+0x41/0xc0
[ 52.319992][ T5074] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 52.325892][ T5074] RIP: 0033:0x7fc906787aa9
[ 52.330308][ T5074] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 52.349915][ T5074] RSP: 002b:00007ffd0ef25bd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 52.358329][ T5074] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fc906787aa9
[pid 5074] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5
[pid 5074] exit_group(0) = ?
[pid 5074] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5074, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=20 /* 0.20 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556645620 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./0/binderfs") = 0
[ 52.366322][ T5074] RDX: 000000000000275a RSI: 0000000020000040 RDI: 00000000ffffff9c
[ 52.374320][ T5074] RBP: 00007ffd0ef25c00 R08: 0000000000000002 R09: 00007ffd0ef25c10
[ 52.382296][ T5074] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[ 52.390267][ T5074] R13: 00007ffd0ef25c40 R14: 00007ffd0ef25c20 R15: 0000000000000000
[ 52.398252][ T5074]
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555664d660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555664d660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./0/file0") = 0
getdents64(3, 0x555556645620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./0") = 0
mkdir("./1", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5103 attached
, child_tidptr=0x5555566445d0) = 5103
[pid 5103] chdir("./1") = 0
[pid 5103] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5103] setpgid(0, 0) = 0
[pid 5103] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5103] write(3, "1000", 4) = 4
[pid 5103] close(3) = 0
[pid 5103] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5103] memfd_create("syzkaller", 0) = 3
[pid 5103] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc8fe33a000
[pid 5103] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5103] munmap(0x7fc8fe33a000, 16777216) = 0
[pid 5103] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5103] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5103] close(3) = 0
[pid 5103] mkdir("./file0", 0777) = 0
[ 52.721562][ T5103] loop0: detected capacity change from 0 to 32768
[ 52.731478][ T5103] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor413 (5103)
[ 52.746997][ T5103] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm
[ 52.756389][ T5103] BTRFS info (device loop0): doing ref verification
[ 52.763064][ T5103] BTRFS info (device loop0): setting nodatasum
[pid 5103] mount("/dev/loop0", "./file0", "btrfs", MS_SYNCHRONOUS|MS_STRICTATIME, "datacow,ref_verify,nodatasum,max_inline=%m-3,noautodefrag,ssd,") = 0
[pid 5103] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5103] chdir("./file0") = 0
[pid 5103] ioctl(4, LOOP_CLR_FD) = 0
[pid 5103] close(4) = 0
[pid 5103] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5103] write(4, "44", 2) = 2
[ 52.769262][ T5103] BTRFS info (device loop0): max_inline at 0
[ 52.775333][ T5103] BTRFS info (device loop0): enabling ssd optimizations
[ 52.782317][ T5103] BTRFS info (device loop0): using free space tree
[ 52.801470][ T5103] BTRFS info (device loop0): auto enabling async discard
[ 52.829817][ T5103] FAULT_INJECTION: forcing a failure.
[ 52.829817][ T5103] name failslab, interval 1, probability 0, space 0, times 0
[ 52.842987][ T5103] CPU: 0 PID: 5103 Comm: syz-executor413 Not tainted 6.3.0-rc2-syzkaller-00235-g8d3c682a5e3d #0
[ 52.853437][ T5103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 52.863526][ T5103] Call Trace:
[ 52.866831][ T5103]
[ 52.869786][ T5103] dump_stack_lvl+0x1e7/0x2d0
[ 52.874509][ T5103] ? nf_tcp_handle_invalid+0x650/0x650
[ 52.880102][ T5103] ? panic+0x770/0x770
[ 52.884209][ T5103] ? __might_sleep+0xc0/0xc0
[ 52.888847][ T5103] should_fail_ex+0x3aa/0x4e0
[ 52.893568][ T5103] should_failslab+0x9/0x20
[ 52.898110][ T5103] slab_pre_alloc_hook+0x59/0x2b0
[ 52.903178][ T5103] kmem_cache_alloc+0x52/0x2e0
[ 52.907972][ T5103] ? btrfs_add_delayed_tree_ref+0x231/0xfc0
[ 52.913906][ T5103] btrfs_add_delayed_tree_ref+0x231/0xfc0
[ 52.919663][ T5103] ? btrfs_ref_tree_mod+0x39e/0x1510
[ 52.925120][ T5103] ? _raw_spin_unlock+0x28/0x40
[ 52.930016][ T5103] ? btrfs_delete_ref_head+0x270/0x270
[ 52.935519][ T5103] btrfs_alloc_tree_block+0xf56/0x1800
[ 52.941025][ T5103] ? alloc_reserved_file_extent+0x5e0/0x5e0
[ 52.946971][ T5103] ? read_extent_buffer+0x122/0x2a0
[ 52.952203][ T5103] ? __asan_memcpy+0x40/0x70
[ 52.956831][ T5103] __btrfs_cow_block+0x470/0x1830
[ 52.961879][ T5103] ? btrfs_qgroup_trace_subtree_after_cow+0x1a8/0x1190
[ 52.968730][ T5103] ? btrfs_cow_block+0x780/0x780
[ 52.973659][ T5103] ? btrfs_qgroup_add_swapped_blocks+0x760/0x7f0
[ 52.979989][ T5103] ? __down_write_common+0x161/0x200
[ 52.985271][ T5103] btrfs_cow_block+0x403/0x780
[ 52.990032][ T5103] btrfs_search_slot+0xc89/0x2f70
[ 52.995073][ T5103] ? btrfs_find_item+0x530/0x530
[ 53.000001][ T5103] ? btrfs_create_new_inode+0xe11/0x27f0
[ 53.005661][ T5103] ? __lock_acquire+0x1f80/0x1f80
[ 53.010676][ T5103] ? do_raw_spin_lock+0x14d/0x3a0
[ 53.015698][ T5103] ? do_raw_spin_unlock+0x13b/0x8b0
[ 53.020888][ T5103] btrfs_insert_empty_items+0x9c/0x180
[ 53.026433][ T5103] btrfs_create_new_inode+0x1149/0x27f0
[ 53.031989][ T5103] ? btrfs_new_inode_args_destroy+0x160/0x160
[ 53.038085][ T5103] ? record_root_in_trans+0x2d8/0x360
[ 53.043487][ T5103] ? start_transaction+0x3de/0x1050
[ 53.048685][ T5103] btrfs_create_common+0x1f9/0x300
[ 53.053822][ T5103] ? btrfs_tmpfile+0x4d0/0x4d0
[ 53.058583][ T5103] ? do_raw_spin_unlock+0x13b/0x8b0
[ 53.063805][ T5103] ? btrfs_create+0x75/0x140
[ 53.068386][ T5103] ? btrfs_lookup+0x40/0x40
[ 53.072898][ T5103] path_openat+0x13df/0x3170
[ 53.077500][ T5103] ? do_filp_open+0x490/0x490
[ 53.082175][ T5103] do_filp_open+0x234/0x490
[ 53.086671][ T5103] ? vfs_tmpfile+0x4a0/0x4a0
[ 53.091279][ T5103] ? _raw_spin_unlock+0x28/0x40
[ 53.096142][ T5103] ? alloc_fd+0x59c/0x640
[ 53.100490][ T5103] do_sys_openat2+0x13f/0x500
[ 53.105173][ T5103] ? print_irqtrace_events+0x220/0x220
[ 53.110625][ T5103] ? do_sys_open+0x230/0x230
[ 53.115206][ T5103] ? lockdep_hardirqs_on+0x98/0x140
[ 53.120402][ T5103] ? _raw_spin_unlock_irq+0x2e/0x50
[ 53.125621][ T5103] ? ptrace_notify+0x278/0x380
[ 53.130396][ T5103] __x64_sys_openat+0x247/0x290
[ 53.135251][ T5103] ? __ia32_sys_open+0x270/0x270
[ 53.140186][ T5103] ? syscall_enter_from_user_mode+0x32/0x260
[ 53.146183][ T5103] ? syscall_enter_from_user_mode+0x8c/0x260
[ 53.152198][ T5103] do_syscall_64+0x41/0xc0
[ 53.156623][ T5103] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 53.162600][ T5103] RIP: 0033:0x7fc906787aa9
[ 53.167011][ T5103] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 53.186630][ T5103] RSP: 002b:00007ffd0ef25bd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 53.195081][ T5103] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fc906787aa9
[ 53.203052][ T5103] RDX: 000000000000275a RSI: 0000000020000040 RDI: 00000000ffffff9c
[ 53.211046][ T5103] RBP: 00007ffd0ef25c00 R08: 0000000000000002 R09: 00007ffd0ef25c10
[ 53.219025][ T5103] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[pid 5103] openat(AT_FDCWD, "memory.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = -1 ENOMEM (Cannot allocate memory)
[pid 5103] exit_group(0) = ?
[pid 5103] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5103, si_uid=0, si_status=0, si_utime=0, si_stime=23 /* 0.23 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556645620 /* 4 entries */, 32768) = 112
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./1/binderfs") = 0
[ 53.227007][ T5103] R13: 00007ffd0ef25c40 R14: 00007ffd0ef25c20 R15: 0000000000000001
[ 53.235001][ T5103]
[ 53.238846][ T5103] BTRFS: error (device loop0: state A) in btrfs_create_new_inode:6329: errno=-12 Out of memory
[ 53.249770][ T5103] BTRFS info (device loop0: state EA): forced readonly
[ 53.296435][ T5073] ------------[ cut here ]------------
[ 53.302158][ T5073] WARNING: CPU: 1 PID: 5073 at fs/btrfs/space-info.h:199 btrfs_space_info_update_bytes_may_use+0x29f/0x600
[ 53.313620][ T5073] Modules linked in:
[ 53.317532][ T5073] CPU: 1 PID: 5073 Comm: syz-executor413 Not tainted 6.3.0-rc2-syzkaller-00235-g8d3c682a5e3d #0
[ 53.327988][ T5073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 53.338100][ T5073] RIP: 0010:btrfs_space_info_update_bytes_may_use+0x29f/0x600
[ 53.345608][ T5073] Code: 25 00 00 74 08 4c 89 ff e8 2e 55 38 fe 49 8b 1f 48 89 df 48 8b 6c 24 20 48 89 ee e8 4b a6 e2 fd 48 39 eb 73 14 e8 31 a4 e2 fd <0f> 0b 45 31 f6 43 80 7c 25 00 00 75 ac eb b2 e8 1d a4 e2 fd 43 80
[ 53.365256][ T5073] RSP: 0018:ffffc90003b4f910 EFLAGS: 00010293
[ 53.371412][ T5073] RAX: ffffffff83a7c8ef RBX: 00000000000df000 RCX: ffff888018ce1d40
[ 53.379410][ T5073] RDX: 0000000000000000 RSI: 00000000000e0000 RDI: 00000000000df000
[ 53.387474][ T5073] RBP: 00000000000e0000 R08: ffffffff83a7c8e5 R09: fffffbfff1ca6f2e
[ 53.395492][ T5073] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
[ 53.403530][ T5073] R13: 1ffff11004fe470c R14: fffffffffff20000 R15: ffff888027f23860
[ 53.411568][ T5073] FS: 0000555556644300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[ 53.420508][ T5073] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 53.427131][ T5073] CR2: 000055555664d628 CR3: 0000000079697000 CR4: 00000000003506e0
[ 53.435165][ T5073] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 53.443172][ T5073] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 53.451208][ T5073] Call Trace:
[ 53.454530][ T5073]
[ 53.457495][ T5073] ? do_raw_write_lock+0x147/0x4f0
[ 53.462657][ T5073] btrfs_block_rsv_release+0x441/0x520
[ 53.468139][ T5073] btrfs_release_global_block_rsv+0x33/0x260
[ 53.474261][ T5073] btrfs_free_block_groups+0xb3e/0xe80
[ 53.479769][ T5073] close_ctree+0x742/0xd30
[ 53.484239][ T5073] ? init_tree_roots+0x1f80/0x1f80
[ 53.489360][ T5073] ? hook_inode_free_security+0xb0/0xb0
[ 53.494951][ T5073] ? __fsnotify_vfsmount_delete+0x20/0x20
[ 53.500688][ T5073] ? clear_inode+0x150/0x150
[ 53.505322][ T5073] ? dput+0x403/0x420
[ 53.509319][ T5073] ? fscrypt_destroy_keyring+0x273/0x290
[ 53.514999][ T5073] ? btrfs_fill_super+0x2d0/0x2d0
[ 53.520040][ T5073] generic_shutdown_super+0x134/0x340
[ 53.525455][ T5073] kill_anon_super+0x3b/0x60
[ 53.530058][ T5073] btrfs_kill_super+0x41/0x50
[ 53.534779][ T5073] deactivate_locked_super+0xa4/0x110
[ 53.540183][ T5073] cleanup_mnt+0x426/0x4c0
[ 53.544641][ T5073] ? _raw_spin_unlock_irq+0x23/0x50
[ 53.549857][ T5073] task_work_run+0x24a/0x300
[ 53.554491][ T5073] ? dput+0x3a1/0x420
[ 53.558496][ T5073] ? task_work_cancel+0x2b0/0x2b0
[ 53.563563][ T5073] ? __x64_sys_umount+0x126/0x170
[ 53.568600][ T5073] ptrace_notify+0x2cd/0x380
[ 53.573232][ T5073] ? do_notify_parent+0xf50/0xf50
[ 53.578269][ T5073] ? user_path_at_empty+0x12f/0x180
[ 53.583505][ T5073] ? __x64_sys_umount+0x126/0x170
[ 53.588541][ T5073] ? path_umount+0xea0/0xea0
[ 53.593164][ T5073] ? syscall_enter_from_user_mode+0x32/0x260
[ 53.599152][ T5073] syscall_exit_to_user_mode+0x157/0x280
[ 53.604871][ T5073] do_syscall_64+0x4d/0xc0
[ 53.609345][ T5073] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 53.615291][ T5073] RIP: 0033:0x7fc906788e47
[ 53.619717][ T5073] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 53.639383][ T5073] RSP: 002b:00007ffd0ef24ae8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6
[ 53.647858][ T5073] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fc906788e47
[ 53.655866][ T5073] RDX: 00007ffd0ef24ba9 RSI: 000000000000000a RDI: 00007ffd0ef24ba0
[ 53.663877][ T5073] RBP: 00007ffd0ef24ba0 R08: 00000000ffffffff R09: 00007ffd0ef24980
[ 53.671884][ T5073] R10: 0000555556645653 R11: 0000000000000206 R12: 00007ffd0ef25c20
[ 53.679868][ T5073] R13: 00005555566455f0 R14: 00007ffd0ef24b10 R15: 0000000000000002
[ 53.687890][ T5073]
[ 53.690933][ T5073] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 53.698201][ T5073] CPU: 1 PID: 5073 Comm: syz-executor413 Not tainted 6.3.0-rc2-syzkaller-00235-g8d3c682a5e3d #0
[ 53.708596][ T5073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 53.718664][ T5073] Call Trace:
[ 53.721933][ T5073]
[ 53.724852][ T5073] dump_stack_lvl+0x1e7/0x2d0
[ 53.729538][ T5073] ? nf_tcp_handle_invalid+0x650/0x650
[ 53.734986][ T5073] ? panic+0x770/0x770
[ 53.739046][ T5073] ? vscnprintf+0x5d/0x80
[ 53.743366][ T5073] panic+0x31c/0x770
[ 53.747250][ T5073] ? __warn+0x171/0x4a0
[ 53.751656][ T5073] ? memcpy_page_flushcache+0x100/0x100
[ 53.757220][ T5073] __warn+0x314/0x4a0
[ 53.761190][ T5073] ? btrfs_space_info_update_bytes_may_use+0x29f/0x600
[ 53.768117][ T5073] report_bug+0x2b3/0x500
[ 53.772437][ T5073] ? btrfs_space_info_update_bytes_may_use+0x29f/0x600
[ 53.779282][ T5073] handle_bug+0x3d/0x70
[ 53.783431][ T5073] exc_invalid_op+0x1a/0x50
[ 53.787941][ T5073] asm_exc_invalid_op+0x1a/0x20
[ 53.792786][ T5073] RIP: 0010:btrfs_space_info_update_bytes_may_use+0x29f/0x600
[ 53.800237][ T5073] Code: 25 00 00 74 08 4c 89 ff e8 2e 55 38 fe 49 8b 1f 48 89 df 48 8b 6c 24 20 48 89 ee e8 4b a6 e2 fd 48 39 eb 73 14 e8 31 a4 e2 fd <0f> 0b 45 31 f6 43 80 7c 25 00 00 75 ac eb b2 e8 1d a4 e2 fd 43 80
[ 53.819858][ T5073] RSP: 0018:ffffc90003b4f910 EFLAGS: 00010293
[ 53.825916][ T5073] RAX: ffffffff83a7c8ef RBX: 00000000000df000 RCX: ffff888018ce1d40
[ 53.833876][ T5073] RDX: 0000000000000000 RSI: 00000000000e0000 RDI: 00000000000df000
[ 53.841835][ T5073] RBP: 00000000000e0000 R08: ffffffff83a7c8e5 R09: fffffbfff1ca6f2e
[ 53.849792][ T5073] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
[ 53.857752][ T5073] R13: 1ffff11004fe470c R14: fffffffffff20000 R15: ffff888027f23860
[ 53.865739][ T5073] ? btrfs_space_info_update_bytes_may_use+0x295/0x600
[ 53.872585][ T5073] ? btrfs_space_info_update_bytes_may_use+0x29f/0x600
[ 53.879434][ T5073] ? do_raw_write_lock+0x147/0x4f0
[ 53.884541][ T5073] btrfs_block_rsv_release+0x441/0x520
[ 53.889997][ T5073] btrfs_release_global_block_rsv+0x33/0x260
[ 53.895990][ T5073] btrfs_free_block_groups+0xb3e/0xe80
[ 53.901462][ T5073] close_ctree+0x742/0xd30
[ 53.905879][ T5073] ? init_tree_roots+0x1f80/0x1f80
[ 53.910980][ T5073] ? hook_inode_free_security+0xb0/0xb0
[ 53.916532][ T5073] ? __fsnotify_vfsmount_delete+0x20/0x20
[ 53.922242][ T5073] ? clear_inode+0x150/0x150
[ 53.926825][ T5073] ? dput+0x403/0x420
[ 53.930797][ T5073] ? fscrypt_destroy_keyring+0x273/0x290
[ 53.936421][ T5073] ? btrfs_fill_super+0x2d0/0x2d0
[ 53.941438][ T5073] generic_shutdown_super+0x134/0x340
[ 53.946798][ T5073] kill_anon_super+0x3b/0x60
[ 53.951392][ T5073] btrfs_kill_super+0x41/0x50
[ 53.956058][ T5073] deactivate_locked_super+0xa4/0x110
[ 53.961437][ T5073] cleanup_mnt+0x426/0x4c0
[ 53.965844][ T5073] ? _raw_spin_unlock_irq+0x23/0x50
[ 53.971050][ T5073] task_work_run+0x24a/0x300
[ 53.975644][ T5073] ? dput+0x3a1/0x420
[ 53.979617][ T5073] ? task_work_cancel+0x2b0/0x2b0
[ 53.984631][ T5073] ? __x64_sys_umount+0x126/0x170
[ 53.989647][ T5073] ptrace_notify+0x2cd/0x380
[ 53.994252][ T5073] ? do_notify_parent+0xf50/0xf50
[ 53.999267][ T5073] ? user_path_at_empty+0x12f/0x180
[ 54.004453][ T5073] ? __x64_sys_umount+0x126/0x170
[ 54.009463][ T5073] ? path_umount+0xea0/0xea0
[ 54.014041][ T5073] ? syscall_enter_from_user_mode+0x32/0x260
[ 54.020008][ T5073] syscall_exit_to_user_mode+0x157/0x280
[ 54.025633][ T5073] do_syscall_64+0x4d/0xc0
[ 54.030042][ T5073] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 54.035926][ T5073] RIP: 0033:0x7fc906788e47
[ 54.040364][ T5073] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 54.059963][ T5073] RSP: 002b:00007ffd0ef24ae8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6
[ 54.068476][ T5073] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fc906788e47
[ 54.076442][ T5073] RDX: 00007ffd0ef24ba9 RSI: 000000000000000a RDI: 00007ffd0ef24ba0
[ 54.084403][ T5073] RBP: 00007ffd0ef24ba0 R08: 00000000ffffffff R09: 00007ffd0ef24980
[ 54.092361][ T5073] R10: 0000555556645653 R11: 0000000000000206 R12: 00007ffd0ef25c20
[ 54.100322][ T5073] R13: 00005555566455f0 R14: 00007ffd0ef24b10 R15: 0000000000000002
[ 54.108315][ T5073]
[ 54.111391][ T5073] Kernel Offset: disabled
[ 54.115803][ T5073] Rebooting in 86400 seconds..