./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1749726448

<...>
forked to background, child pid 3208
no interfaces have a carrier
[   26.626086][ T3209] 8021q: adding VLAN 0 to HW filter on device bond0
[   26.639918][ T3209] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.0.222' (ECDSA) to the list of known hosts.
execve("./syz-executor1749726448", ["./syz-executor1749726448"], 0x7ffe27b582d0 /* 10 vars */) = 0
brk(NULL)                               = 0x5555557b6000
brk(0x5555557b6c40)                     = 0x5555557b6c40
arch_prctl(ARCH_SET_FS, 0x5555557b6300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor1749726448", 4096) = 28
brk(0x5555557d7c40)                     = 0x5555557d7c40
brk(0x5555557d8000)                     = 0x5555557d8000
mprotect(0x7f2a5efcb000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
getpid()                                = 3629
openat(AT_FDCWD, "/sys/kernel/debug/x86/nmi_longest_ns", O_WRONLY|O_CLOEXEC) = 3
write(3, "10000000000", 11)             = 11
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/hung_task_check_interval_secs", O_WRONLY|O_CLOEXEC) = 3
write(3, "20", 2)                       = 2
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_kallsyms", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_harden", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/kptr_restrict", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/softlockup_all_cpu_backtrace", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3
write(3, "100", 3)                      = 3
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/vm/oom_dump_tasks", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/debug/exception-trace", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/printk", O_WRONLY|O_CLOEXEC) = 3
write(3, "7 4 1 3", 7)                  = 7
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/keys/gc_delay", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/vm/oom_kill_allocating_task", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/ctrl-alt-del", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/cad_pid", O_WRONLY|O_CLOEXEC) = 3
write(3, "3629", 4)                     = 4
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
getpid()                                = 3629
mkdir("./syzkaller.ODqceB", 0700)       = 0
chmod("./syzkaller.ODqceB", 0777)       = 0
chdir("./syzkaller.ODqceB")             = 0
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3630 attached
, child_tidptr=0x5555557b65d0) = 3630
[pid  3630] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid  3630] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3630] setsid()                    = 1
[pid  3630] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid  3630] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid  3630] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid  3630] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid  3630] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid  3630] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid  3630] unshare(CLONE_NEWNS)        = 0
[pid  3630] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid  3630] unshare(CLONE_NEWIPC)       = 0
[pid  3630] unshare(CLONE_NEWCGROUP)    = 0
[pid  3630] unshare(CLONE_NEWUTS)       = 0
[pid  3630] unshare(CLONE_SYSVSEM)      = 0
[pid  3630] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3
[pid  3630] write(3, "16777216", 8)     = 8
[pid  3630] close(3)                    = 0
[pid  3630] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3
[pid  3630] write(3, "536870912", 9)    = 9
[pid  3630] close(3)                    = 0
[pid  3630] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3
[pid  3630] write(3, "1024", 4)         = 4
[pid  3630] close(3)                    = 0
[pid  3630] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3
[pid  3630] write(3, "8192", 4)         = 4
[pid  3630] close(3)                    = 0
[pid  3630] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3
[pid  3630] write(3, "1024", 4)         = 4
[pid  3630] close(3)                    = 0
[pid  3630] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3
[pid  3630] write(3, "1024", 4)         = 4
[pid  3630] close(3)                    = 0
[pid  3630] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3
[pid  3630] write(3, "1024 1048576 500 1024", 21) = 21
[pid  3630] close(3)                    = 0
[pid  3630] getpid()                    = 1
[pid  3630] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  3630] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  3630] unshare(CLONE_NEWNET)       = 0
[pid  3630] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid  3630] write(3, "0 65535", 7)      = 7
[pid  3630] close(3)                    = 0
[pid  3630] openat(AT_FDCWD, "/dev/rfkill", O_RDWR) = 3
[pid  3630] write(3, "\x00\x00\x00\x00\x00\x03\x00\x00", 8) = 8
[pid  3630] close(3)                    = 0
[pid  3630] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3
[pid  3630] sendto(3, [{nlmsg_len=40, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x13\x00\x02\x00\x4d\x41\x43\x38\x30\x32\x31\x31\x5f\x48\x57\x53\x49\x4d\x00\x00"], 40, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 40
[pid  3630] recvfrom(3, [{nlmsg_len=224, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x01\x02\x00\x00\x13\x00\x02\x00\x4d\x41\x43\x38\x30\x32\x31\x31\x5f\x48\x57\x53\x49\x4d\x00\x00\x06\x00\x01\x00\x28\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x19\x00\x00\x00\x7c\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00"...], 4096, 0, NULL, NULL) = 224
[pid  3630] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=40, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  3630] sendto(3, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid  3630] recvfrom(3, [{nlmsg_len=2476, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x01\x02\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00\x06\x00\x01\x00\x22\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x40\x01\x00\x00\xd8\x08\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 2476
[pid  3630] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  3630] sendto(3, [{nlmsg_len=36, nlmsg_type=0x28 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid  3630] recvfrom(3, [{nlmsg_len=56, nlmsg_type=NLMSG_ERROR, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, {error=2, msg=[{nlmsg_len=36, nlmsg_type=0x28 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x00\x00\x00"]}], 4096, 0, NULL, NULL) = 56
[pid  3630] access("/proc/net", R_OK)   = 0
[pid  3630] access("/proc/net/unix", R_OK) = 0
[pid  3630] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  3630] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan0", ifr_ifindex=11}) = 0
[pid  3630] close(4)                    = 0
[pid  3630] sendto(3, [{nlmsg_len=36, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x06\x00\x00\x00\x08\x00\x03\x00\x0b\x00\x00\x00\x08\x00\x05\x00\x01\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid  3630] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=36, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  3630] socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 4
[pid  3630] ioctl(4, SIOCGIFFLAGS, {ifr_name="wlan0", ifr_flags=IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid  3630] ioctl(4, SIOCSIFFLAGS, {ifr_name="wlan0", ifr_flags=IFF_UP|IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid  3630] close(4)                    = 0
[pid  3630] sendto(3, [{nlmsg_len=64, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x2b\x00\x00\x00\x08\x00\x03\x00\x0b\x00\x00\x00\x0a\x00\x34\x00\x10\x10\x10\x10\x10\x10\x00\x00\x08\x00\x26\x00\x6c\x09\x00\x00\x0a\x00\x06\x00\x50\x50\x50\x50\x50\x50\x00\x00\x04\x00\x3c\x00"], 64, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 64
[pid  3630] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=64, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  3630] sendto(3, [{nlmsg_len=36, nlmsg_type=0x28 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x01\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid  3630] recvfrom(3, [{nlmsg_len=56, nlmsg_type=NLMSG_ERROR, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, {error=3, msg=[{nlmsg_len=36, nlmsg_type=0x28 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x01\x00\x00"]}], 4096, 0, NULL, NULL) = 56
[pid  3630] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  3630] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan1", ifr_ifindex=12}) = 0
[pid  3630] close(4)                    = 0
[pid  3630] sendto(3, [{nlmsg_len=36, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x06\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x08\x00\x05\x00\x01\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid  3630] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=36, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  3630] socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 4
[pid  3630] ioctl(4, SIOCGIFFLAGS, {ifr_name="wlan1", ifr_flags=IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid  3630] ioctl(4, SIOCSIFFLAGS, {ifr_name="wlan1", ifr_flags=IFF_UP|IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid  3630] close(4)                    = 0
syzkaller login: [   45.963141][   T41] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   45.971029][   T41] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   45.979762][   T14] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[pid  3630] sendto(3, [{nlmsg_len=64, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x2b\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x0a\x00\x34\x00\x10\x10\x10\x10\x10\x10\x00\x00\x08\x00\x26\x00\x6c\x09\x00\x00\x0a\x00\x06\x00\x50\x50\x50\x50\x50\x50\x00\x00\x04\x00\x3c\x00"], 64, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 64
[pid  3630] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=64, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  3630] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  3630] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan0", ifr_ifindex=11}) = 0
[pid  3630] close(4)                    = 0
[pid  3630] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4
[pid  3630] sendto(4, [{nlmsg_len=32, nlmsg_type=0x12 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid  3630] recvfrom(4, [{nlmsg_len=1412, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x00\x00\x01\x00\x0b\x00\x00\x00\x43\x10\x01\x00\x00\x00\x00\x00\x0a\x00\x03\x00\x77\x6c\x61\x6e\x30\x00\x00\x00\x08\x00\x0d\x00\xe8\x03\x00\x00\x05\x00\x10\x00\x06\x00\x00\x00\x05\x00\x11\x00\x00\x00\x00\x00\x08\x00\x04\x00\xdc\x05\x00\x00\x08\x00\x32\x00\x00\x01\x00\x00\x08\x00\x33\x00\x00\x09\x00\x00\x08\x00\x1b\x00\x00\x00\x00\x00\x08\x00\x1e\x00\x00\x00\x00\x00\x08\x00\x3d\x00\x00\x00\x00\x00"...], 4096, 0, NULL, NULL) = 1412
[pid  3630] close(4)                    = 0
[pid  3630] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  3630] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan1", ifr_ifindex=12}) = 0
[pid  3630] close(4)                    = 0
[pid  3630] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4
[pid  3630] sendto(4, [{nlmsg_len=32, nlmsg_type=0x12 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid  3630] recvfrom(4, [{nlmsg_len=1412, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x00\x00\x01\x00\x0c\x00\x00\x00\x43\x10\x01\x00\x00\x00\x00\x00\x0a\x00\x03\x00\x77\x6c\x61\x6e\x31\x00\x00\x00\x08\x00\x0d\x00\xe8\x03\x00\x00\x05\x00\x10\x00\x00\x00\x00\x00\x05\x00\x11\x00\x00\x00\x00\x00\x08\x00\x04\x00\xdc\x05\x00\x00\x08\x00\x32\x00\x00\x01\x00\x00\x08\x00\x33\x00\x00\x09\x00\x00\x08\x00\x1b\x00\x00\x00\x00\x00\x08\x00\x1e\x00\x00\x00\x00\x00\x08\x00\x3d\x00\x00\x00\x00\x00"...], 4096, 0, NULL, NULL) = 1412
[pid  3630] close(4)                    = 0
[pid  3630] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4
[pid  3630] sendto(4, [{nlmsg_len=32, nlmsg_type=0x12 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid  3630] recvfrom(4, [{nlmsg_len=1412, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x00\x00\x01\x00\x0c\x00\x00\x00\x43\x10\x01\x00\x00\x00\x00\x00\x0a\x00\x03\x00\x77\x6c\x61\x6e\x31\x00\x00\x00\x08\x00\x0d\x00\xe8\x03\x00\x00\x05\x00\x10\x00\x06\x00\x00\x00\x05\x00\x11\x00\x00\x00\x00\x00\x08\x00\x04\x00\xdc\x05\x00\x00\x08\x00\x32\x00\x00\x01\x00\x00\x08\x00\x33\x00\x00\x09\x00\x00\x08\x00\x1b\x00\x00\x00\x00\x00\x08\x00\x1e\x00\x00\x00\x00\x00\x08\x00\x3d\x00\x00\x00\x00\x00"...], 4096, 0, NULL, NULL) = 1412
[pid  3630] close(4)                    = 0
[pid  3630] close(3)                    = 0
[pid  3630] mkdir("/dev/binderfs", 0777) = 0
[pid  3630] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid  3630] memfd_create("syzkaller", 0) = 3
[pid  3630] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2a56b07000
[   46.010867][   T41] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   46.019277][   T41] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   46.028509][  T149] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[pid  3630] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3630] munmap(0x7f2a56b07000, 16777216) = 0
[pid  3630] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3630] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3630] close(3)                    = 0
[pid  3630] mkdir("./file0", 0777)      = 0
[   46.167154][ T3630] loop0: detected capacity change from 0 to 32768
[   46.177921][ T3630] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor174 (3630)
[   46.195571][ T3630] BTRFS info (device loop0): using sha256 (sha256-ni) checksum algorithm
[   46.204098][ T3630] BTRFS info (device loop0): enabling ssd optimizations
[pid  3630] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0
[pid  3630] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3630] chdir("./file0")            = 0
[pid  3630] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3630] close(4)                    = 0
[pid  3630] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[   46.211034][ T3630] BTRFS info (device loop0): using spread ssd allocation scheme
[   46.218828][ T3630] BTRFS info (device loop0): turning on sync discard
[   46.225542][ T3630] BTRFS info (device loop0): using free space tree
[pid  3630] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid  3630] creat("./file0/file0", 000) = 5
[pid  3630] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid  3630] write(6, "5", 1)            = 1
[   46.304287][   T41] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[   46.316687][ T3630] FAULT_INJECTION: forcing a failure.
[   46.316687][ T3630] name failslab, interval 1, probability 0, space 0, times 1
[   46.329868][ T3630] CPU: 1 PID: 3630 Comm: syz-executor174 Not tainted 6.1.0-syzkaller #0
[   46.338206][ T3630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   46.348355][ T3630] Call Trace:
[   46.351648][ T3630]  <TASK>
[   46.354593][ T3630]  dump_stack_lvl+0xd1/0x138
[   46.359236][ T3630]  should_fail_ex.cold+0x5/0xa
[   46.364042][ T3630]  ? __btrfs_free_extent+0x1d0/0x1370
[   46.369621][ T3630]  should_failslab+0x9/0x20
[   46.374149][ T3630]  kmem_cache_alloc+0x5a/0x3d0
[   46.378942][ T3630]  __btrfs_free_extent+0x1d0/0x1370
[   46.384176][ T3630]  ? lookup_extent_backref+0x110/0x110
[   46.389667][ T3630]  ? __btrfs_run_delayed_refs+0x55c/0x3760
[   46.395497][ T3630]  ? lock_downgrade+0x6e0/0x6e0
[   46.400363][ T3630]  ? _raw_read_unlock+0x28/0x40
[   46.405213][ T3630]  ? btrfs_tree_mod_log_lowest_seq+0x86/0xb0
[   46.411198][ T3630]  __btrfs_run_delayed_refs+0x1403/0x3760
[   46.416935][ T3630]  ? check_ref_cleanup+0x3e0/0x3e0
[   46.422053][ T3630]  ? __lock_acquire+0x2567/0x56d0
[   46.427082][ T3630]  ? lock_release+0x810/0x810
[   46.431760][ T3630]  btrfs_run_delayed_refs+0x19a/0x490
[   46.437137][ T3630]  btrfs_commit_transaction+0x1ea7/0x36e0
[   46.442857][ T3630]  ? find_held_lock+0x2d/0x110
[   46.447733][ T3630]  ? btrfs_apply_pending_changes+0x90/0x90
[   46.453534][ T3630]  ? lock_downgrade+0x6e0/0x6e0
[   46.458384][ T3630]  ? do_raw_spin_lock+0x124/0x2b0
[   46.463402][ T3630]  ? rwlock_bug.part.0+0x90/0x90
[   46.468357][ T3630]  btrfs_ioctl_set_fslabel+0x326/0x3a0
[   46.473823][ T3630]  ? btrfs_flush_workqueue+0x40/0x40
[   46.479127][ T3630]  ? __kmem_cache_free+0xaf/0x3b0
[   46.484155][ T3630]  btrfs_ioctl+0x4135/0x5c40
[   46.488750][ T3630]  ? tomoyo_execute_permission+0x4a0/0x4a0
[   46.494560][ T3630]  ? btrfs_ioctl_get_supported_features+0x50/0x50
[   46.500973][ T3630]  ? __sanitizer_cov_trace_switch+0x54/0x90
[   46.506865][ T3630]  ? do_vfs_ioctl+0x132/0x1600
[   46.511623][ T3630]  ? vfs_fileattr_set+0xbe0/0xbe0
[   46.516653][ T3630]  ? find_held_lock+0x2d/0x110
[   46.521415][ T3630]  ? do_one_initcall+0x563/0x780
[   46.526374][ T3630]  ? lock_downgrade+0x6e0/0x6e0
[   46.531230][ T3630]  ? bpf_lsm_file_ioctl+0x9/0x10
[   46.536349][ T3630]  ? btrfs_ioctl_get_supported_features+0x50/0x50
[   46.542837][ T3630]  __x64_sys_ioctl+0x197/0x210
[   46.547597][ T3630]  do_syscall_64+0x39/0xb0
[   46.552010][ T3630]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   46.557897][ T3630] RIP: 0033:0x7f2a5ef5c9b9
[   46.562305][ T3630] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   46.581906][ T3630] RSP: 002b:00007ffc13ba7048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   46.590398][ T3630] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f2a5ef5c9b9
[pid  3630] ioctl(5, FS_IOC_SETFSLABEL, "\x81\xb3\xde\x25\x34\x83\x1d\xeb\x49\x60\x7b\x06\x03\xf5\xb5\x27\x60\x4b\x34\xb8\xc5\x7a\xa0\x99\xf4\xe8\xaf\xa5\x56\xb5\x42\x72\x9f\xc5\x90\xb6\x82\x1c\x6d\x50\x58\xb4\xd8\xe3\x40\x22\xeb\xa5\x6a\x71\x18\x8f\xc9\x01\xa5\xb7\x80\xa0\xcb\xec\x86\xb5\x2e\xd2\xc4\xeb\x32\x88\x98\xbe\x74\xce\xed\x81\x6b\x79\x57\xd9\xc6\xd8\xb5\x9b\x97\x48\x60\x51\x39\x67\xae\xe2\xc9\xaa\x33\x9d\x8e\xde\x28\x96\x65\xd6\xe9\x4e\x20\x1c\xd2\x48\x05\xd2\x5c\xd0\xf6\x3e\x48\xb4\xdd\x5e\xa8\xf1\x01\x57\x35\x2f\x59\x48\xec\x81\x4a\xc7\xda\x25\x05\x4e\x12\x90\x69\x19\xe7\x14\x3e\x2a\x60\x3e\xc6\x49") = -1 ENOMEM (Cannot allocate memory)
[pid  3630] close(3)                    = 0
[pid  3630] close(4)                    = 0
[pid  3630] close(5)                    = 0
[pid  3630] close(6)                    = 0
[pid  3630] close(7)                    = -1 EBADF (Bad file descriptor)
[pid  3630] close(8)                    = -1 EBADF (Bad file descriptor)
[   46.598362][ T3630] RDX: 00000000200001c0 RSI: 0000000041009432 RDI: 0000000000000005
[   46.606413][ T3630] RBP: 00007ffc13ba7090 R08: 0000000000000001 R09: 000000000000000c
[   46.614377][ T3630] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[   46.622337][ T3630] R13: 00007ffc13ba707a R14: 0000000000000003 R15: 00007f2a5efd17b0
[   46.630404][ T3630]  </TASK>
[   46.634580][ T3630] BTRFS: error (device loop0: state A) in btrfs_run_delayed_refs:2141: errno=-12 Out of memory
[   46.645116][ T3630] BTRFS info (device loop0: state EA): forced readonly
[pid  3630] close(9)                    = -1 EBADF (Bad file descriptor)
[pid  3630] close(10)                   = -1 EBADF (Bad file descriptor)
[pid  3630] close(11)                   = -1 EBADF (Bad file descriptor)
[pid  3630] close(12)                   = -1 EBADF (Bad file descriptor)
[pid  3630] close(13)                   = -1 EBADF (Bad file descriptor)
[pid  3630] close(14)                   = -1 EBADF (Bad file descriptor)
[pid  3630] close(15)                   = -1 EBADF (Bad file descriptor)
[pid  3630] close(16)                   = -1 EBADF (Bad file descriptor)
[pid  3630] close(17)                   = -1 EBADF (Bad file descriptor)
[pid  3630] close(18)                   = -1 EBADF (Bad file descriptor)
[pid  3630] close(19)                   = -1 EBADF (Bad file descriptor)
[pid  3630] close(20)                   = -1 EBADF (Bad file descriptor)
[pid  3630] close(21)                   = -1 EBADF (Bad file descriptor)
[pid  3630] close(22)                   = -1 EBADF (Bad file descriptor)
[pid  3630] close(23)                   = -1 EBADF (Bad file descriptor)
[pid  3630] close(24)                   = -1 EBADF (Bad file descriptor)
[pid  3630] close(25)                   = -1 EBADF (Bad file descriptor)
[pid  3630] close(26)                   = -1 EBADF (Bad file descriptor)
[pid  3630] close(27)                   = -1 EBADF (Bad file descriptor)
[pid  3630] close(28)                   = -1 EBADF (Bad file descriptor)
[pid  3630] close(29)                   = -1 EBADF (Bad file descriptor)
[pid  3630] exit_group(1)               = ?
[   46.653695][ T3648] ------------[ cut here ]------------
[   46.659515][ T3648] WARNING: CPU: 1 PID: 3648 at fs/btrfs/transaction.c:131 btrfs_put_transaction+0x3a0/0x470
[   46.671821][ T3648] Modules linked in:
[   46.676217][ T3648] CPU: 0 PID: 3648 Comm: btrfs-transacti Not tainted 6.1.0-syzkaller #0
[   46.685495][ T3648] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   46.696164][ T3648] RIP: 0010:btrfs_put_transaction+0x3a0/0x470
[   46.702741][ T3648] Code: fc ff ff 48 89 df e8 5f 06 6d fe e9 73 fd ff ff e8 65 2d 20 fe 0f 0b eb a1 e8 5c 2d 20 fe 0f 0b e9 a2 fd ff ff e8 50 2d 20 fe <0f> 0b e9 cd fd ff ff 48 89 df e8 d1 06 6d fe e9 01 ff ff ff 4c 89
[   46.722635][ T3648] RSP: 0018:ffffc90003ddfcb8 EFLAGS: 00010293
[   46.728757][ T3648] RAX: 0000000000000000 RBX: ffff888140b3e028 RCX: 0000000000000000
[   46.736943][ T3648] RDX: ffff888023263a80 RSI: ffffffff835ff0b0 RDI: ffff888140b3e330
[   46.745027][ T3648] RBP: ffff888140b3e000 R08: 0000000000000005 R09: 0000000000000001
[   46.753157][ T3648] R10: 0000000000000001 R11: 0000000000000000 R12: ffff888140b3e010
[   46.761127][ T3648] R13: dffffc0000000000 R14: ffff888078090c18 R15: ffff888078090000
[   46.769135][ T3648] FS:  0000000000000000(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
[   46.778115][ T3648] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   46.784968][ T3648] CR2: 00007f59eda5b000 CR3: 000000007e0ff000 CR4: 0000000000350ee0
[   46.793216][ T3648] Call Trace:
[   46.796627][ T3648]  <TASK>
[   46.799564][ T3648]  btrfs_cleanup_transaction.isra.0+0x223/0x1310
[   46.805945][ T3648]  ? btrfs_cleanup_one_transaction+0x1980/0x1980
[   46.812328][ T3648]  ? __mutex_unlock_slowpath+0x157/0x5e0
[   46.817957][ T3648]  ? wait_for_completion_io_timeout+0x20/0x20
[   46.824057][ T3648]  ? do_raw_spin_lock+0x124/0x2b0
[   46.829115][ T3648]  ? sched_core_balance+0xac0/0xac0
[   46.834334][ T3648]  ? rwlock_bug.part.0+0x90/0x90
[   46.839282][ T3648]  ? do_raw_spin_unlock+0x175/0x230
[   46.844510][ T3648]  transaction_kthread+0x3cb/0x4e0
[   46.849635][ T3648]  ? btrfs_cleanup_transaction.isra.0+0x1310/0x1310
[   46.856268][ T3648]  kthread+0x2e8/0x3a0
[   46.860392][ T3648]  ? kthread_complete_and_exit+0x40/0x40
[   46.866336][ T3648]  ret_from_fork+0x1f/0x30
[   46.870972][ T3648]  </TASK>
[   46.874044][ T3648] Kernel panic - not syncing: panic_on_warn set ...
[   46.880627][ T3648] CPU: 1 PID: 3648 Comm: btrfs-transacti Not tainted 6.1.0-syzkaller #0
[   46.888937][ T3648] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   46.898993][ T3648] Call Trace:
[   46.902289][ T3648]  <TASK>
[   46.905230][ T3648]  dump_stack_lvl+0xd1/0x138
[   46.909811][ T3648]  panic+0x2cc/0x626
[   46.913714][ T3648]  ? panic_print_sys_info.part.0+0x110/0x110
[   46.919689][ T3648]  ? __warn.cold+0x24b/0x350
[   46.924274][ T3648]  ? btrfs_put_transaction+0x3a0/0x470
[   46.929717][ T3648]  __warn.cold+0x25c/0x350
[   46.934125][ T3648]  ? btrfs_put_transaction+0x3a0/0x470
[   46.939584][ T3648]  report_bug+0x1c0/0x210
[   46.943919][ T3648]  handle_bug+0x3c/0x70
[   46.948062][ T3648]  exc_invalid_op+0x18/0x50
[   46.952552][ T3648]  asm_exc_invalid_op+0x1a/0x20
[   46.957408][ T3648] RIP: 0010:btrfs_put_transaction+0x3a0/0x470
[   46.963476][ T3648] Code: fc ff ff 48 89 df e8 5f 06 6d fe e9 73 fd ff ff e8 65 2d 20 fe 0f 0b eb a1 e8 5c 2d 20 fe 0f 0b e9 a2 fd ff ff e8 50 2d 20 fe <0f> 0b e9 cd fd ff ff 48 89 df e8 d1 06 6d fe e9 01 ff ff ff 4c 89
[   46.983158][ T3648] RSP: 0018:ffffc90003ddfcb8 EFLAGS: 00010293
[   46.989228][ T3648] RAX: 0000000000000000 RBX: ffff888140b3e028 RCX: 0000000000000000
[   46.997192][ T3648] RDX: ffff888023263a80 RSI: ffffffff835ff0b0 RDI: ffff888140b3e330
[   47.005161][ T3648] RBP: ffff888140b3e000 R08: 0000000000000005 R09: 0000000000000001
[   47.013127][ T3648] R10: 0000000000000001 R11: 0000000000000000 R12: ffff888140b3e010
[   47.021085][ T3648] R13: dffffc0000000000 R14: ffff888078090c18 R15: ffff888078090000
[   47.029053][ T3648]  ? btrfs_put_transaction+0x3a0/0x470
[   47.034510][ T3648]  ? btrfs_put_transaction+0x3a0/0x470
[   47.039968][ T3648]  btrfs_cleanup_transaction.isra.0+0x223/0x1310
[   47.046296][ T3648]  ? btrfs_cleanup_one_transaction+0x1980/0x1980
[   47.052634][ T3648]  ? __mutex_unlock_slowpath+0x157/0x5e0
[   47.058273][ T3648]  ? wait_for_completion_io_timeout+0x20/0x20
[   47.064339][ T3648]  ? do_raw_spin_lock+0x124/0x2b0
[   47.069443][ T3648]  ? sched_core_balance+0xac0/0xac0
[   47.074716][ T3648]  ? rwlock_bug.part.0+0x90/0x90
[   47.079730][ T3648]  ? do_raw_spin_unlock+0x175/0x230
[   47.084925][ T3648]  transaction_kthread+0x3cb/0x4e0
[   47.090034][ T3648]  ? btrfs_cleanup_transaction.isra.0+0x1310/0x1310
[   47.096618][ T3648]  kthread+0x2e8/0x3a0
[   47.100792][ T3648]  ? kthread_complete_and_exit+0x40/0x40
[   47.106422][ T3648]  ret_from_fork+0x1f/0x30
[   47.110843][ T3648]  </TASK>
[   47.114424][ T3648] Kernel Offset: disabled
[   47.118819][ T3648] Rebooting in 86400 seconds..