./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3104139979
<...>
Warning: Permanently added '10.128.0.114' (ECDSA) to the list of known hosts.
execve("./syz-executor3104139979", ["./syz-executor3104139979"], 0x7fff8bf8c000 /* 10 vars */) = 0
brk(NULL) = 0x555556794000
brk(0x555556794c40) = 0x555556794c40
arch_prctl(ARCH_SET_FS, 0x555556794300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor3104139979", 4096) = 28
brk(0x5555567b5c40) = 0x5555567b5c40
brk(0x5555567b6000) = 0x5555567b6000
mprotect(0x7fd4d0d43000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
getpid() = 4995
mkdir("./syzkaller.jnQ5bS", 0700) = 0
chmod("./syzkaller.jnQ5bS", 0777) = 0
chdir("./syzkaller.jnQ5bS") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4997 attached
, child_tidptr=0x5555567945d0) = 4997
[pid 4997] chdir("./0") = 0
[pid 4997] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 4997] setpgid(0, 0) = 0
[pid 4997] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 4997] write(3, "1000", 4) = 4
[pid 4997] close(3) = 0
[pid 4997] symlink("/dev/binderfs", "./binderfs") = 0
[pid 4997] memfd_create("syzkaller", 0) = 3
[pid 4997] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd4c8882000
[ 70.388984][ T4997] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=4997 'syz-executor310'
[pid 4997] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 4997] munmap(0x7fd4c8882000, 16777216) = 0
[pid 4997] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 4997] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 4997] close(3) = 0
[pid 4997] mkdir("./bus", 0777) = 0
[ 70.615020][ T4997] loop0: detected capacity change from 0 to 32768
[ 70.627433][ T4997] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor310 (4997)
[ 70.649277][ T4997] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 70.658318][ T4997] BTRFS info (device loop0): doing ref verification
[ 70.665570][ T4997] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 70.676470][ T4997] BTRFS info (device loop0): force zlib compression, level 3
[ 70.683884][ T4997] BTRFS info (device loop0): allowing degraded mounts
[ 70.690744][ T4997] BTRFS info (device loop0): using free space tree
[pid 4997] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0
[pid 4997] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 4997] chdir("./bus") = 0
[pid 4997] ioctl(4, LOOP_CLR_FD) = 0
[pid 4997] close(4) = 0
[pid 4997] open("./file0", O_RDONLY) = 4
[pid 4997] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 4997] write(5, "32", 2) = 2
[ 70.715799][ T4997] BTRFS info (device loop0): auto enabling async discard
[ 70.759100][ T4997] FAULT_INJECTION: forcing a failure.
[ 70.759100][ T4997] name failslab, interval 1, probability 0, space 0, times 1
[ 70.772154][ T4997] CPU: 1 PID: 4997 Comm: syz-executor310 Not tainted 6.4.0-rc5-syzkaller-00016-ga4d7d7011219 #0
[ 70.782620][ T4997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[ 70.792717][ T4997] Call Trace:
[ 70.796030][ T4997]
[ 70.799014][ T4997] dump_stack_lvl+0x1e7/0x2d0
[ 70.803781][ T4997] ? nf_tcp_handle_invalid+0x650/0x650
[ 70.809299][ T4997] ? panic+0x770/0x770
[ 70.813421][ T4997] ? __might_sleep+0xc0/0xc0
[ 70.818079][ T4997] should_fail_ex+0x3aa/0x4e0
[ 70.822817][ T4997] should_failslab+0x9/0x20
[ 70.827365][ T4997] slab_pre_alloc_hook+0x59/0x2b0
[ 70.832500][ T4997] kmem_cache_alloc+0x52/0x2e0
[ 70.837360][ T4997] ? alloc_extent_state+0x25/0x2e0
[ 70.842494][ T4997] alloc_extent_state+0x25/0x2e0
[ 70.847452][ T4997] __set_extent_bit+0x1a1/0x1ac0
[ 70.852405][ T4997] ? __down_write_common+0x161/0x200
[ 70.857719][ T4997] set_extent_bit+0x42/0x60
[ 70.862243][ T4997] btrfs_alloc_tree_block+0xaf3/0x1800
[ 70.867735][ T4997] ? alloc_reserved_file_extent+0x5e0/0x5e0
[ 70.873666][ T4997] ? print_irqtrace_events+0x170/0x220
[ 70.879153][ T4997] ? percpu_counter_add_batch+0x291/0x2e0
[ 70.884981][ T4997] ? filemap_dirty_folio+0x176/0x370
[ 70.890287][ T4997] ? read_extent_buffer+0x122/0x2a0
[ 70.895506][ T4997] ? __asan_memcpy+0x40/0x70
[ 70.900208][ T4997] insert_new_root+0x296/0x990
[ 70.905001][ T4997] ? split_leaf+0x1260/0x1260
[ 70.909707][ T4997] split_leaf+0xdb1/0x1260
[ 70.914164][ T4997] ? __asan_memset+0x23/0x40
[ 70.918808][ T4997] ? btrfs_bin_search+0x683/0x920
[ 70.923869][ T4997] ? add_root_to_dirty_list+0x430/0x430
[ 70.929439][ T4997] ? btrfs_leaf_free_space+0x1c0/0x430
[ 70.934926][ T4997] btrfs_search_slot+0x269a/0x2f50
[ 70.940057][ T4997] ? join_transaction+0xbe8/0xe80
[ 70.945118][ T4997] ? btrfs_find_item+0x5b0/0x5b0
[ 70.950067][ T4997] ? join_transaction+0xbe8/0xe80
[ 70.955108][ T4997] ? btrfs_record_root_in_trans+0x92/0x180
[ 70.960933][ T4997] ? start_transaction+0x3de/0x1080
[ 70.966176][ T4997] btrfs_insert_empty_items+0x9c/0x180
[ 70.971658][ T4997] insert_balance_item+0x2cc/0x20b0
[ 70.976880][ T4997] ? _raw_spin_unlock_irqrestore+0x8f/0x140
[ 70.982820][ T4997] ? read_seqbegin+0x2b0/0x2b0
[ 70.987629][ T4997] ? read_seqbegin+0x208/0x2b0
[ 70.992413][ T4997] ? validate_convert_profile+0x2c0/0x2c0
[ 70.998155][ T4997] ? validate_convert_profile+0x7d/0x2c0
[ 71.003807][ T4997] btrfs_balance+0x98e/0x1120
[ 71.008519][ T4997] btrfs_ioctl_balance+0x493/0x7c0
[ 71.013661][ T4997] ? btrfs_ioctl+0xb88/0xd40
[ 71.018270][ T4997] ? btrfs_ioctl_get_supported_features+0x50/0x50
[ 71.024723][ T4997] __se_sys_ioctl+0xf1/0x160
[ 71.029338][ T4997] do_syscall_64+0x41/0xc0
[ 71.033777][ T4997] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 71.039683][ T4997] RIP: 0033:0x7fd4d0ccfac9
[ 71.044108][ T4997] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 71.063808][ T4997] RSP: 002b:00007fffb9b9bc88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 71.072230][ T4997] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fd4d0ccfac9
[ 71.080210][ T4997] RDX: 00000000200003c0 RSI: 00000000c4009420 RDI: 0000000000000004
[ 71.088188][ T4997] RBP: 00007fffb9b9bcb0 R08: 0000000000000002 R09: 00007fffb9b9bcc0
[ 71.096177][ T4997] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 71.104167][ T4997] R13: 00007fffb9b9bcf0 R14: 00007fffb9b9bcd0 R15: 0000000000000000
[ 71.112207][ T4997]
[pid 4997] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=0} => {flags=0, state=0}) = 0
[pid 4997] exit_group(0) = ?
[pid 4997] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4997, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=29 /* 0.29 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556795620 /* 4 entries */, 32768) = 104
[ 71.138527][ T4997] BTRFS info (device loop0): balance: start
[ 71.146700][ T4997] BTRFS info (device loop0): balance: ended with status: 0
umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555679d660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555679d660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./0/bus") = 0
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./0/binderfs") = 0
getdents64(3, 0x555556795620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./0") = 0
mkdir("./1", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567945d0) = 5026
./strace-static-x86_64: Process 5026 attached
[pid 5026] chdir("./1") = 0
[pid 5026] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5026] setpgid(0, 0) = 0
[pid 5026] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5026] write(3, "1000", 4) = 4
[pid 5026] close(3) = 0
[pid 5026] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5026] memfd_create("syzkaller", 0) = 3
[pid 5026] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd4c8882000
[pid 5026] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5026] munmap(0x7fd4c8882000, 16777216) = 0
[pid 5026] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5026] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5026] close(3) = 0
[pid 5026] mkdir("./bus", 0777) = 0
[ 71.564967][ T5026] loop0: detected capacity change from 0 to 32768
[ 71.576780][ T5026] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor310 (5026)
[ 71.594908][ T5026] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 71.603708][ T5026] BTRFS info (device loop0): doing ref verification
[pid 5026] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0
[pid 5026] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5026] chdir("./bus") = 0
[pid 5026] ioctl(4, LOOP_CLR_FD) = 0
[pid 5026] close(4) = 0
[pid 5026] open("./file0", O_RDONLY) = 4
[pid 5026] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5026] write(5, "32", 2) = 2
[ 71.610517][ T5026] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 71.621640][ T5026] BTRFS info (device loop0): force zlib compression, level 3
[ 71.629393][ T5026] BTRFS info (device loop0): allowing degraded mounts
[ 71.636256][ T5026] BTRFS info (device loop0): using free space tree
[ 71.657164][ T5026] BTRFS info (device loop0): auto enabling async discard
[ 71.688958][ T5026] FAULT_INJECTION: forcing a failure.
[ 71.688958][ T5026] name failslab, interval 1, probability 0, space 0, times 0
[ 71.702232][ T5026] CPU: 1 PID: 5026 Comm: syz-executor310 Not tainted 6.4.0-rc5-syzkaller-00016-ga4d7d7011219 #0
[ 71.712704][ T5026] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[ 71.722804][ T5026] Call Trace:
[ 71.726121][ T5026]
[ 71.729132][ T5026] dump_stack_lvl+0x1e7/0x2d0
[ 71.733878][ T5026] ? nf_tcp_handle_invalid+0x650/0x650
[ 71.739400][ T5026] ? panic+0x770/0x770
[ 71.743530][ T5026] ? __might_sleep+0xc0/0xc0
[ 71.748187][ T5026] should_fail_ex+0x3aa/0x4e0
[ 71.752921][ T5026] should_failslab+0x9/0x20
[ 71.757476][ T5026] slab_pre_alloc_hook+0x59/0x2b0
[ 71.762597][ T5026] ? btrfs_ref_tree_mod+0x240/0x1510
[ 71.767946][ T5026] __kmem_cache_alloc_node+0x4b/0x290
[ 71.773376][ T5026] ? btrfs_ref_tree_mod+0x240/0x1510
[ 71.778722][ T5026] kmalloc_trace+0x2a/0xe0
[ 71.783206][ T5026] btrfs_ref_tree_mod+0x240/0x1510
[ 71.788377][ T5026] ? __kasan_slab_alloc+0x66/0x70
[ 71.793472][ T5026] ? rcu_is_watching+0x15/0xb0
[ 71.798285][ T5026] ? kmem_cache_alloc+0x14e/0x2e0
[ 71.803357][ T5026] ? btrfs_alloc_tree_block+0xbae/0x1800
[ 71.809050][ T5026] ? btrfs_alloc_tree_block+0xbdb/0x1800
[ 71.814757][ T5026] btrfs_alloc_tree_block+0xf41/0x1800
[ 71.820302][ T5026] ? alloc_reserved_file_extent+0x5e0/0x5e0
[ 71.826365][ T5026] ? print_irqtrace_events+0x170/0x220
[ 71.831898][ T5026] ? percpu_counter_add_batch+0x291/0x2e0
[ 71.837671][ T5026] ? filemap_dirty_folio+0x176/0x370
[ 71.843105][ T5026] ? read_extent_buffer+0x122/0x2a0
[ 71.848365][ T5026] ? __asan_memcpy+0x40/0x70
[ 71.853028][ T5026] insert_new_root+0x296/0x990
[ 71.857878][ T5026] ? split_leaf+0x1260/0x1260
[ 71.862638][ T5026] split_leaf+0xdb1/0x1260
[ 71.867114][ T5026] ? __asan_memset+0x23/0x40
[ 71.871775][ T5026] ? btrfs_bin_search+0x683/0x920
[ 71.877057][ T5026] ? add_root_to_dirty_list+0x430/0x430
[ 71.882666][ T5026] ? btrfs_leaf_free_space+0x1c0/0x430
[ 71.888186][ T5026] btrfs_search_slot+0x269a/0x2f50
[ 71.893329][ T5026] ? join_transaction+0xbe8/0xe80
[ 71.898413][ T5026] ? btrfs_find_item+0x5b0/0x5b0
[ 71.903370][ T5026] ? join_transaction+0xbe8/0xe80
[ 71.908430][ T5026] ? btrfs_record_root_in_trans+0x92/0x180
[ 71.914291][ T5026] ? start_transaction+0x3de/0x1080
[ 71.919534][ T5026] btrfs_insert_empty_items+0x9c/0x180
[ 71.925019][ T5026] insert_balance_item+0x2cc/0x20b0
[ 71.930288][ T5026] ? read_seqbegin+0x2b0/0x2b0
[ 71.935201][ T5026] ? read_seqbegin+0x208/0x2b0
[ 71.940075][ T5026] ? validate_convert_profile+0x2c0/0x2c0
[ 71.945938][ T5026] ? validate_convert_profile+0x7d/0x2c0
[ 71.951595][ T5026] btrfs_balance+0x98e/0x1120
[ 71.956336][ T5026] btrfs_ioctl_balance+0x493/0x7c0
[ 71.961489][ T5026] ? btrfs_ioctl+0xb88/0xd40
[ 71.966113][ T5026] ? btrfs_ioctl_get_supported_features+0x50/0x50
[ 71.972603][ T5026] __se_sys_ioctl+0xf1/0x160
[ 71.977219][ T5026] do_syscall_64+0x41/0xc0
[ 71.981672][ T5026] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 71.987696][ T5026] RIP: 0033:0x7fd4d0ccfac9
[ 71.992119][ T5026] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 72.011754][ T5026] RSP: 002b:00007fffb9b9bc88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 72.020288][ T5026] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fd4d0ccfac9
[ 72.028289][ T5026] RDX: 00000000200003c0 RSI: 00000000c4009420 RDI: 0000000000000004
[pid 5026] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=0} => {flags=0, state=0}) = 0
[pid 5026] exit_group(0) = ?
[pid 5026] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5026, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=25 /* 0.25 s */} ---
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556795620 /* 4 entries */, 32768) = 104
[ 72.036273][ T5026] RBP: 00007fffb9b9bcb0 R08: 0000000000000002 R09: 00007fffb9b9bcc0
[ 72.044265][ T5026] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 72.052264][ T5026] R13: 00007fffb9b9bcf0 R14: 00007fffb9b9bcd0 R15: 0000000000000001
[ 72.060301][ T5026]
[ 72.071565][ T5026] BTRFS info (device loop0): balance: start
[ 72.078096][ T5026] BTRFS info (device loop0): balance: ended with status: 0
umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555679d660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555679d660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./1/bus") = 0
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./1/binderfs") = 0
getdents64(3, 0x555556795620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./1") = 0
mkdir("./2", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567945d0) = 5045
./strace-static-x86_64: Process 5045 attached
[pid 5045] chdir("./2") = 0
[pid 5045] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5045] setpgid(0, 0) = 0
[pid 5045] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5045] write(3, "1000", 4) = 4
[pid 5045] close(3) = 0
[pid 5045] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5045] memfd_create("syzkaller", 0) = 3
[pid 5045] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd4c8882000
[pid 5045] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5045] munmap(0x7fd4c8882000, 16777216) = 0
[pid 5045] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5045] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5045] close(3) = 0
[pid 5045] mkdir("./bus", 0777) = 0
[ 72.440009][ T5045] loop0: detected capacity change from 0 to 32768
[ 72.451175][ T5045] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor310 (5045)
[ 72.469025][ T5045] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 72.477944][ T5045] BTRFS info (device loop0): doing ref verification
[pid 5045] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0
[pid 5045] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5045] chdir("./bus") = 0
[pid 5045] ioctl(4, LOOP_CLR_FD) = 0
[pid 5045] close(4) = 0
[pid 5045] open("./file0", O_RDONLY) = 4
[pid 5045] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5045] write(5, "32", 2) = 2
[ 72.484662][ T5045] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 72.495510][ T5045] BTRFS info (device loop0): force zlib compression, level 3
[ 72.502951][ T5045] BTRFS info (device loop0): allowing degraded mounts
[ 72.509995][ T5045] BTRFS info (device loop0): using free space tree
[ 72.529417][ T5045] BTRFS info (device loop0): auto enabling async discard
[ 72.567600][ T5045] FAULT_INJECTION: forcing a failure.
[ 72.567600][ T5045] name failslab, interval 1, probability 0, space 0, times 0
[ 72.580701][ T5045] CPU: 1 PID: 5045 Comm: syz-executor310 Not tainted 6.4.0-rc5-syzkaller-00016-ga4d7d7011219 #0
[ 72.591170][ T5045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[ 72.601274][ T5045] Call Trace:
[ 72.604597][ T5045]
[ 72.607578][ T5045] dump_stack_lvl+0x1e7/0x2d0
[ 72.612327][ T5045] ? nf_tcp_handle_invalid+0x650/0x650
[ 72.617850][ T5045] ? panic+0x770/0x770
[ 72.621981][ T5045] ? __might_sleep+0xc0/0xc0
[ 72.626646][ T5045] should_fail_ex+0x3aa/0x4e0
[ 72.631384][ T5045] should_failslab+0x9/0x20
[ 72.635946][ T5045] slab_pre_alloc_hook+0x59/0x2b0
[ 72.641125][ T5045] ? add_block_entry+0x97/0x520
[ 72.646038][ T5045] __kmem_cache_alloc_node+0x4b/0x290
[ 72.651483][ T5045] ? add_block_entry+0x97/0x520
[ 72.656395][ T5045] kmalloc_trace+0x2a/0xe0
[ 72.660872][ T5045] add_block_entry+0x97/0x520
[ 72.665612][ T5045] ? btrfs_ref_tree_mod+0x39e/0x1510
[ 72.670966][ T5045] btrfs_ref_tree_mod+0x55a/0x1510
[ 72.676169][ T5045] btrfs_alloc_tree_block+0xf41/0x1800
[ 72.681712][ T5045] ? alloc_reserved_file_extent+0x5e0/0x5e0
[ 72.687667][ T5045] ? print_irqtrace_events+0x170/0x220
[ 72.693202][ T5045] ? percpu_counter_add_batch+0x291/0x2e0
[ 72.698976][ T5045] ? filemap_dirty_folio+0x176/0x370
[ 72.704327][ T5045] ? read_extent_buffer+0x122/0x2a0
[ 72.709586][ T5045] ? __asan_memcpy+0x40/0x70
[ 72.714240][ T5045] insert_new_root+0x296/0x990
[ 72.719086][ T5045] ? split_leaf+0x1260/0x1260
[ 72.723836][ T5045] split_leaf+0xdb1/0x1260
[ 72.728313][ T5045] ? __asan_memset+0x23/0x40
[ 72.732959][ T5045] ? btrfs_bin_search+0x683/0x920
[ 72.738056][ T5045] ? add_root_to_dirty_list+0x430/0x430
[ 72.743660][ T5045] ? btrfs_leaf_free_space+0x1c0/0x430
[ 72.749196][ T5045] btrfs_search_slot+0x269a/0x2f50
[ 72.754377][ T5045] ? join_transaction+0xbe8/0xe80
[ 72.759486][ T5045] ? btrfs_find_item+0x5b0/0x5b0
[ 72.764467][ T5045] ? join_transaction+0xbe8/0xe80
[ 72.769532][ T5045] ? btrfs_record_root_in_trans+0x92/0x180
[ 72.775382][ T5045] ? start_transaction+0x3de/0x1080
[ 72.780610][ T5045] btrfs_insert_empty_items+0x9c/0x180
[ 72.786092][ T5045] insert_balance_item+0x2cc/0x20b0
[ 72.791355][ T5045] ? read_seqbegin+0x2b0/0x2b0
[ 72.796172][ T5045] ? read_seqbegin+0x208/0x2b0
[ 72.800958][ T5045] ? validate_convert_profile+0x2c0/0x2c0
[ 72.806714][ T5045] ? validate_convert_profile+0x7d/0x2c0
[ 72.812392][ T5045] btrfs_balance+0x98e/0x1120
[ 72.817116][ T5045] btrfs_ioctl_balance+0x493/0x7c0
[ 72.822273][ T5045] ? btrfs_ioctl+0xb88/0xd40
[ 72.826910][ T5045] ? btrfs_ioctl_get_supported_features+0x50/0x50
[ 72.833364][ T5045] __se_sys_ioctl+0xf1/0x160
[ 72.838006][ T5045] do_syscall_64+0x41/0xc0
[ 72.842456][ T5045] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 72.848375][ T5045] RIP: 0033:0x7fd4d0ccfac9
[ 72.852812][ T5045] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 72.872452][ T5045] RSP: 002b:00007fffb9b9bc88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 72.880931][ T5045] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fd4d0ccfac9
[ 72.889024][ T5045] RDX: 00000000200003c0 RSI: 00000000c4009420 RDI: 0000000000000004
[ 72.897016][ T5045] RBP: 00007fffb9b9bcb0 R08: 0000000000000002 R09: 00007fffb9b9bcc0
[ 72.905109][ T5045] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid 5045] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=0} => {flags=0, state=0}) = 0
[pid 5045] exit_group(0) = ?
[pid 5045] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5045, si_uid=0, si_status=0, si_utime=0, si_stime=31 /* 0.31 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556795620 /* 4 entries */, 32768) = 104
[ 72.913117][ T5045] R13: 00007fffb9b9bcf0 R14: 00007fffb9b9bcd0 R15: 0000000000000002
[ 72.921140][ T5045]
[ 72.932353][ T5045] BTRFS info (device loop0): balance: start
[ 72.938500][ T5045] BTRFS info (device loop0): balance: ended with status: 0
umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555679d660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555679d660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./2/bus") = 0
umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./2/binderfs") = 0
getdents64(3, 0x555556795620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./2") = 0
mkdir("./3", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567945d0) = 5064
./strace-static-x86_64: Process 5064 attached
[pid 5064] chdir("./3") = 0
[pid 5064] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5064] setpgid(0, 0) = 0
[pid 5064] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5064] write(3, "1000", 4) = 4
[pid 5064] close(3) = 0
[pid 5064] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5064] memfd_create("syzkaller", 0) = 3
[pid 5064] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd4c8882000
[pid 5064] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5064] munmap(0x7fd4c8882000, 16777216) = 0
[pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5064] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5064] close(3) = 0
[pid 5064] mkdir("./bus", 0777) = 0
[ 73.286298][ T5064] loop0: detected capacity change from 0 to 32768
[ 73.297728][ T5064] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor310 (5064)
[ 73.315597][ T5064] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[ 73.324670][ T5064] BTRFS info (device loop0): doing ref verification
[pid 5064] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0
[pid 5064] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5064] chdir("./bus") = 0
[pid 5064] ioctl(4, LOOP_CLR_FD) = 0
[pid 5064] close(4) = 0
[pid 5064] open("./file0", O_RDONLY) = 4
[pid 5064] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5064] write(5, "32", 2) = 2
[ 73.331538][ T5064] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11
[ 73.342776][ T5064] BTRFS info (device loop0): force zlib compression, level 3
[ 73.350534][ T5064] BTRFS info (device loop0): allowing degraded mounts
[ 73.358157][ T5064] BTRFS info (device loop0): using free space tree
[ 73.377928][ T5064] BTRFS info (device loop0): auto enabling async discard
[ 73.408618][ T5064] FAULT_INJECTION: forcing a failure.
[ 73.408618][ T5064] name failslab, interval 1, probability 0, space 0, times 0
[ 73.421595][ T5064] CPU: 1 PID: 5064 Comm: syz-executor310 Not tainted 6.4.0-rc5-syzkaller-00016-ga4d7d7011219 #0
[ 73.432057][ T5064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[ 73.442232][ T5064] Call Trace:
[ 73.445550][ T5064]
[ 73.448579][ T5064] dump_stack_lvl+0x1e7/0x2d0
[ 73.453337][ T5064] ? nf_tcp_handle_invalid+0x650/0x650
[ 73.458875][ T5064] ? panic+0x770/0x770
[ 73.463002][ T5064] ? __might_sleep+0xc0/0xc0
[ 73.467669][ T5064] should_fail_ex+0x3aa/0x4e0
[ 73.472498][ T5064] should_failslab+0x9/0x20
[ 73.477061][ T5064] slab_pre_alloc_hook+0x59/0x2b0
[ 73.482144][ T5064] kmem_cache_alloc+0x52/0x2e0
[ 73.486955][ T5064] ? btrfs_add_delayed_tree_ref+0x22c/0xfb0
[ 73.492907][ T5064] btrfs_add_delayed_tree_ref+0x22c/0xfb0
[ 73.498684][ T5064] ? btrfs_ref_tree_mod+0x39e/0x1510
[ 73.504033][ T5064] ? _raw_spin_unlock+0x28/0x40
[ 73.508964][ T5064] ? btrfs_delete_ref_head+0x270/0x270
[ 73.514492][ T5064] btrfs_alloc_tree_block+0xf56/0x1800
[ 73.520122][ T5064] ? alloc_reserved_file_extent+0x5e0/0x5e0
[ 73.526080][ T5064] ? print_irqtrace_events+0x170/0x220
[ 73.531622][ T5064] ? percpu_counter_add_batch+0x291/0x2e0
[ 73.537403][ T5064] ? read_extent_buffer+0x122/0x2a0
[ 73.542672][ T5064] ? __asan_memcpy+0x40/0x70
[ 73.547342][ T5064] insert_new_root+0x296/0x990
[ 73.552204][ T5064] ? split_leaf+0x1260/0x1260
[ 73.556962][ T5064] split_leaf+0xdb1/0x1260
[ 73.561448][ T5064] ? __asan_memset+0x23/0x40
[ 73.566102][ T5064] ? btrfs_bin_search+0x683/0x920
[ 73.571200][ T5064] ? add_root_to_dirty_list+0x430/0x430
[ 73.576812][ T5064] ? btrfs_leaf_free_space+0x1c0/0x430
[ 73.582345][ T5064] btrfs_search_slot+0x269a/0x2f50
[ 73.587523][ T5064] ? join_transaction+0xbe8/0xe80
[ 73.592645][ T5064] ? btrfs_find_item+0x5b0/0x5b0
[ 73.597642][ T5064] ? join_transaction+0xbe8/0xe80
[ 73.602731][ T5064] ? btrfs_record_root_in_trans+0x92/0x180
[ 73.608616][ T5064] ? start_transaction+0x3de/0x1080
[ 73.613889][ T5064] btrfs_insert_empty_items+0x9c/0x180
[ 73.619496][ T5064] insert_balance_item+0x2cc/0x20b0
[ 73.624792][ T5064] ? read_seqbegin+0x2b0/0x2b0
[ 73.629622][ T5064] ? read_seqbegin+0x208/0x2b0
[ 73.634407][ T5064] ? validate_convert_profile+0x2c0/0x2c0
[ 73.640149][ T5064] ? validate_convert_profile+0x7d/0x2c0
[ 73.645804][ T5064] btrfs_balance+0x98e/0x1120
[ 73.650519][ T5064] btrfs_ioctl_balance+0x493/0x7c0
[ 73.655643][ T5064] ? btrfs_ioctl+0xb88/0xd40
[ 73.660255][ T5064] ? btrfs_ioctl_get_supported_features+0x50/0x50
[ 73.666695][ T5064] __se_sys_ioctl+0xf1/0x160
[ 73.671316][ T5064] do_syscall_64+0x41/0xc0
[ 73.675786][ T5064] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 73.681726][ T5064] RIP: 0033:0x7fd4d0ccfac9
[ 73.686182][ T5064] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[pid 5064] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=0}) = -1 ENOMEM (Cannot allocate memory)
[pid 5064] exit_group(0) = ?
[pid 5064] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5064, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=22 /* 0.22 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556795620 /* 4 entries */, 32768) = 104
[ 73.705809][ T5064] RSP: 002b:00007fffb9b9bc88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 73.714273][ T5064] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fd4d0ccfac9
[ 73.722269][ T5064] RDX: 00000000200003c0 RSI: 00000000c4009420 RDI: 0000000000000004
[ 73.730262][ T5064] RBP: 00007fffb9b9bcb0 R08: 0000000000000002 R09: 00007fffb9b9bcc0
[ 73.738253][ T5064] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 73.746233][ T5064] R13: 00007fffb9b9bcf0 R14: 00007fffb9b9bcd0 R15: 0000000000000003
[ 73.754256][ T5064]
[ 73.813618][ T4995] ------------[ cut here ]------------
[ 73.819324][ T4995] WARNING: CPU: 0 PID: 4995 at fs/btrfs/space-info.h:198 btrfs_space_info_update_bytes_may_use+0x29f/0x600
[ 73.830794][ T4995] Modules linked in:
[ 73.834785][ T4995] CPU: 0 PID: 4995 Comm: syz-executor310 Not tainted 6.4.0-rc5-syzkaller-00016-ga4d7d7011219 #0
[ 73.845285][ T4995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[ 73.855392][ T4995] RIP: 0010:btrfs_space_info_update_bytes_may_use+0x29f/0x600
[ 73.862957][ T4995] Code: 25 00 00 74 08 4c 89 ff e8 be 3e 38 fe 49 8b 1f 48 89 df 48 8b 6c 24 20 48 89 ee e8 bb 6b e0 fd 48 39 eb 73 14 e8 a1 69 e0 fd <0f> 0b 45 31 f6 43 80 7c 25 00 00 75 ac eb b2 e8 8d 69 e0 fd 43 80
[ 73.882757][ T4995] RSP: 0018:ffffc90003aff928 EFLAGS: 00010293
[ 73.888919][ T4995] RAX: ffffffff83ab158f RBX: 000000000015f000 RCX: ffff88807d839dc0
[ 73.897001][ T4995] RDX: 0000000000000000 RSI: 0000000000160000 RDI: 000000000015f000
[ 73.905049][ T4995] RBP: 0000000000160000 R08: ffffffff83ab1585 R09: fffffbfff1cab9ae
[ 73.913049][ T4995] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
[ 73.921101][ T4995] R13: 1ffff110033d820c R14: ffffffffffea0000 R15: ffff888019ec1060
[ 73.929129][ T4995] FS: 0000555556794300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[ 73.938139][ T4995] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 73.944807][ T4995] CR2: 000055cf9b043c70 CR3: 000000007ca47000 CR4: 00000000003506f0
[ 73.952784][ T4995] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 73.960836][ T4995] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 73.968863][ T4995] Call Trace:
[ 73.972144][ T4995]
[ 73.975201][ T4995] ? __warn+0x162/0x4a0
[ 73.979395][ T4995] ? btrfs_space_info_update_bytes_may_use+0x29f/0x600
[ 73.986353][ T4995] ? report_bug+0x2b3/0x500
[ 73.990884][ T4995] ? btrfs_space_info_update_bytes_may_use+0x29f/0x600
[ 73.997832][ T4995] ? handle_bug+0x3d/0x70
[ 74.002182][ T4995] ? exc_invalid_op+0x1a/0x50
[ 74.006922][ T4995] ? asm_exc_invalid_op+0x1a/0x20
[ 74.011977][ T4995] ? btrfs_space_info_update_bytes_may_use+0x295/0x600
[ 74.018930][ T4995] ? btrfs_space_info_update_bytes_may_use+0x29f/0x600
[ 74.025931][ T4995] ? btrfs_space_info_update_bytes_may_use+0x29f/0x600
[ 74.032812][ T4995] ? btrfs_space_info_update_bytes_may_use+0x29f/0x600
[ 74.039754][ T4995] ? __lock_acquire+0x2070/0x2070
[ 74.045837][ T4995] btrfs_block_rsv_release+0x47b/0x560
[ 74.051343][ T4995] btrfs_release_global_block_rsv+0x33/0x260
[ 74.057412][ T4995] btrfs_free_block_groups+0xa35/0xe40
[ 74.062910][ T4995] close_ctree+0x6df/0xc60
[ 74.067406][ T4995] ? hook_sb_delete+0xa07/0xb30
[ 74.072290][ T4995] ? init_tree_roots+0x1f80/0x1f80
[ 74.077503][ T4995] ? hook_inode_free_security+0xb0/0xb0
[ 74.083087][ T4995] ? __fsnotify_vfsmount_delete+0x20/0x20
[ 74.088893][ T4995] ? clear_inode+0x150/0x150
[ 74.093521][ T4995] ? fscrypt_destroy_keyring+0x273/0x290
[ 74.099269][ T4995] ? btrfs_fill_super+0x2f0/0x2f0
[ 74.104391][ T4995] generic_shutdown_super+0x134/0x340
[ 74.109776][ T4995] kill_anon_super+0x3b/0x60
[ 74.114480][ T4995] btrfs_kill_super+0x41/0x50
[ 74.119207][ T4995] deactivate_locked_super+0xa4/0x110
[ 74.124751][ T4995] cleanup_mnt+0x426/0x4c0
[ 74.129203][ T4995] ? _raw_spin_unlock_irq+0x23/0x50
[ 74.134509][ T4995] task_work_run+0x24a/0x300
[ 74.139142][ T4995] ? dput+0x3a1/0x420
[ 74.143165][ T4995] ? task_work_cancel+0x2b0/0x2b0
[ 74.148305][ T4995] ? __x64_sys_umount+0x126/0x170
[ 74.153398][ T4995] ptrace_notify+0x2cd/0x380
[ 74.158159][ T4995] ? do_notify_parent+0xf50/0xf50
[ 74.163249][ T4995] ? user_path_at_empty+0x12f/0x180
[ 74.168553][ T4995] ? __x64_sys_umount+0x126/0x170
[ 74.173620][ T4995] ? path_umount+0xea0/0xea0
[ 74.178341][ T4995] ? syscall_enter_from_user_mode+0x32/0x230
[ 74.184413][ T4995] syscall_exit_to_user_mode+0x157/0x280
[ 74.190238][ T4995] do_syscall_64+0x4d/0xc0
[ 74.194759][ T4995] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 74.200681][ T4995] RIP: 0033:0x7fd4d0cd0e67
[ 74.205190][ T4995] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 74.224872][ T4995] RSP: 002b:00007fffb9b9ab98 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[ 74.233301][ T4995] RAX: 0000000000000000 RBX: 0000000000011d59 RCX: 00007fd4d0cd0e67
[ 74.241329][ T4995] RDX: 00007fffb9b9ac57 RSI: 000000000000000a RDI: 00007fffb9b9ac50
[ 74.249380][ T4995] RBP: 00007fffb9b9ac50 R08: 00000000ffffffff R09: 00007fffb9b9aa30
[ 74.257438][ T4995] R10: 0000555556795633 R11: 0000000000000202 R12: 00007fffb9b9bcd0
[ 74.265518][ T4995] R13: 00005555567955f0 R14: 00007fffb9b9abc0 R15: 0000000000000004
[ 74.273510][ T4995]
[ 74.276590][ T4995] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 74.283885][ T4995] CPU: 0 PID: 4995 Comm: syz-executor310 Not tainted 6.4.0-rc5-syzkaller-00016-ga4d7d7011219 #0
[ 74.294301][ T4995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[ 74.304372][ T4995] Call Trace:
[ 74.307651][ T4995]
[ 74.310580][ T4995] dump_stack_lvl+0x1e7/0x2d0
[ 74.315272][ T4995] ? nf_tcp_handle_invalid+0x650/0x650
[ 74.320742][ T4995] ? panic+0x770/0x770
[ 74.324825][ T4995] ? vscnprintf+0x5d/0x80
[ 74.329194][ T4995] panic+0x30f/0x770
[ 74.333095][ T4995] ? __warn+0x171/0x4a0
[ 74.337266][ T4995] ? __memcpy_flushcache+0x2b0/0x2b0
[ 74.342586][ T4995] __warn+0x314/0x4a0
[ 74.346588][ T4995] ? btrfs_space_info_update_bytes_may_use+0x29f/0x600
[ 74.353552][ T4995] report_bug+0x2b3/0x500
[ 74.357896][ T4995] ? btrfs_space_info_update_bytes_may_use+0x29f/0x600
[ 74.364771][ T4995] handle_bug+0x3d/0x70
[ 74.368937][ T4995] exc_invalid_op+0x1a/0x50
[ 74.373446][ T4995] asm_exc_invalid_op+0x1a/0x20
[ 74.378308][ T4995] RIP: 0010:btrfs_space_info_update_bytes_may_use+0x29f/0x600
[ 74.385792][ T4995] Code: 25 00 00 74 08 4c 89 ff e8 be 3e 38 fe 49 8b 1f 48 89 df 48 8b 6c 24 20 48 89 ee e8 bb 6b e0 fd 48 39 eb 73 14 e8 a1 69 e0 fd <0f> 0b 45 31 f6 43 80 7c 25 00 00 75 ac eb b2 e8 8d 69 e0 fd 43 80
[ 74.405532][ T4995] RSP: 0018:ffffc90003aff928 EFLAGS: 00010293
[ 74.411612][ T4995] RAX: ffffffff83ab158f RBX: 000000000015f000 RCX: ffff88807d839dc0
[ 74.419593][ T4995] RDX: 0000000000000000 RSI: 0000000000160000 RDI: 000000000015f000
[ 74.427572][ T4995] RBP: 0000000000160000 R08: ffffffff83ab1585 R09: fffffbfff1cab9ae
[ 74.435566][ T4995] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
[ 74.443544][ T4995] R13: 1ffff110033d820c R14: ffffffffffea0000 R15: ffff888019ec1060
[ 74.451619][ T4995] ? btrfs_space_info_update_bytes_may_use+0x295/0x600
[ 74.458490][ T4995] ? btrfs_space_info_update_bytes_may_use+0x29f/0x600
[ 74.465370][ T4995] ? btrfs_space_info_update_bytes_may_use+0x29f/0x600
[ 74.472236][ T4995] ? __lock_acquire+0x2070/0x2070
[ 74.477374][ T4995] btrfs_block_rsv_release+0x47b/0x560
[ 74.482868][ T4995] btrfs_release_global_block_rsv+0x33/0x260
[ 74.488869][ T4995] btrfs_free_block_groups+0xa35/0xe40
[ 74.494355][ T4995] close_ctree+0x6df/0xc60
[ 74.498792][ T4995] ? hook_sb_delete+0xa07/0xb30
[ 74.503652][ T4995] ? init_tree_roots+0x1f80/0x1f80
[ 74.508781][ T4995] ? hook_inode_free_security+0xb0/0xb0
[ 74.514339][ T4995] ? __fsnotify_vfsmount_delete+0x20/0x20
[ 74.520084][ T4995] ? clear_inode+0x150/0x150
[ 74.524689][ T4995] ? fscrypt_destroy_keyring+0x273/0x290
[ 74.530331][ T4995] ? btrfs_fill_super+0x2f0/0x2f0
[ 74.535379][ T4995] generic_shutdown_super+0x134/0x340
[ 74.540764][ T4995] kill_anon_super+0x3b/0x60
[ 74.545368][ T4995] btrfs_kill_super+0x41/0x50
[ 74.550054][ T4995] deactivate_locked_super+0xa4/0x110
[ 74.555439][ T4995] cleanup_mnt+0x426/0x4c0
[ 74.559894][ T4995] ? _raw_spin_unlock_irq+0x23/0x50
[ 74.565106][ T4995] task_work_run+0x24a/0x300
[ 74.569703][ T4995] ? dput+0x3a1/0x420
[ 74.573698][ T4995] ? task_work_cancel+0x2b0/0x2b0
[ 74.578733][ T4995] ? __x64_sys_umount+0x126/0x170
[ 74.583773][ T4995] ptrace_notify+0x2cd/0x380
[ 74.588383][ T4995] ? do_notify_parent+0xf50/0xf50
[ 74.593425][ T4995] ? user_path_at_empty+0x12f/0x180
[ 74.598637][ T4995] ? __x64_sys_umount+0x126/0x170
[ 74.603675][ T4995] ? path_umount+0xea0/0xea0
[ 74.608281][ T4995] ? syscall_enter_from_user_mode+0x32/0x230
[ 74.614279][ T4995] syscall_exit_to_user_mode+0x157/0x280
[ 74.619931][ T4995] do_syscall_64+0x4d/0xc0
[ 74.624370][ T4995] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 74.630276][ T4995] RIP: 0033:0x7fd4d0cd0e67
[ 74.634705][ T4995] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 74.654323][ T4995] RSP: 002b:00007fffb9b9ab98 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[ 74.662762][ T4995] RAX: 0000000000000000 RBX: 0000000000011d59 RCX: 00007fd4d0cd0e67
[ 74.670752][ T4995] RDX: 00007fffb9b9ac57 RSI: 000000000000000a RDI: 00007fffb9b9ac50
[ 74.678730][ T4995] RBP: 00007fffb9b9ac50 R08: 00000000ffffffff R09: 00007fffb9b9aa30
[ 74.686711][ T4995] R10: 0000555556795633 R11: 0000000000000202 R12: 00007fffb9b9bcd0
[ 74.694689][ T4995] R13: 00005555567955f0 R14: 00007fffb9b9abc0 R15: 0000000000000004
[ 74.702681][ T4995]
[ 74.705889][ T4995] Kernel Offset: disabled
[ 74.710403][ T4995] Rebooting in 86400 seconds..