./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1973217818
<...>
DUID 00:04:7a:dc:29:a2:f4:b1:6d:28:30:de:a7:64:4f:eb:cd:90
forked to background, child pid 4646
[ 30.119978][ T4647] 8021q: adding VLAN 0 to HW filter on device bond0
[ 30.131566][ T4647] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK
syzkaller
Warning: Permanently added '10.128.1.136' (ECDSA) to the list of known hosts.
execve("./syz-executor1973217818", ["./syz-executor1973217818"], 0x7ffc2741f470 /* 10 vars */) = 0
brk(NULL) = 0x55555727e000
brk(0x55555727ec40) = 0x55555727ec40
arch_prctl(ARCH_SET_FS, 0x55555727e300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor1973217818", 4096) = 28
brk(0x55555729fc40) = 0x55555729fc40
brk(0x5555572a0000) = 0x5555572a0000
mprotect(0x7f0dcb3ef000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
getpid() = 5075
mkdir("./syzkaller.upUMUU", 0700) = 0
chmod("./syzkaller.upUMUU", 0777) = 0
chdir("./syzkaller.upUMUU") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5076 attached
<unfinished ...>
[pid 5076] chdir("./0") = 0
[pid 5076] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5076] setpgid(0, 0) = 0
[pid 5076] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5075] <... clone resumed>, child_tidptr=0x55555727e5d0) = 5076
[pid 5076] write(3, "1000", 4) = 4
[pid 5076] close(3) = 0
[pid 5076] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5076] memfd_create("syzkaller", 0) = 3
[pid 5076] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0dc2f2d000
syzkaller login: [ 53.630787][ T5076] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5076 'syz-executor197'
[pid 5076] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5076] munmap(0x7f0dc2f2d000, 16777216) = 0
[pid 5076] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5076] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5076] close(3) = 0
[pid 5076] mkdir("./file0", 0777) = 0
[ 53.796440][ T5076] loop0: detected capacity change from 0 to 32768
[ 53.809775][ T5076] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor197 (5076)
[ 53.830220][ T5076] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 53.839059][ T5076] BTRFS info (device loop0): using free space tree
[pid 5076] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0
[pid 5076] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5076] chdir("./file0") = 0
[pid 5076] ioctl(4, LOOP_CLR_FD) = 0
[pid 5076] close(4) = 0
[pid 5076] open("./file0", O_RDONLY) = 4
[ 53.863136][ T5076] BTRFS info (device loop0): enabling ssd optimizations
[ 53.870207][ T5076] BTRFS info (device loop0): auto enabling async discard
[pid 5076] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 5076] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 5076] write(6, "17", 2) = 2
[ 53.911772][ T27] audit: type=1800 audit(1679757259.414:2): pid=5076 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor197" name="bus" dev="loop0" ino=263 res=0 errno=0
[pid 5076] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x02\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0
[pid 5076] exit_group(0) = ?
[pid 5076] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5076, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=18 /* 0.18 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555727f620 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./0/binderfs") = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555557287660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555557287660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./0/file0") = 0
getdents64(3, 0x55555727f620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./0") = 0
mkdir("./1", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555727e5d0) = 5103
./strace-static-x86_64: Process 5103 attached
[pid 5103] chdir("./1") = 0
[pid 5103] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5103] setpgid(0, 0) = 0
[pid 5103] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5103] write(3, "1000", 4) = 4
[pid 5103] close(3) = 0
[pid 5103] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5103] memfd_create("syzkaller", 0) = 3
[pid 5103] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0dc2f2d000
[pid 5103] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5103] munmap(0x7f0dc2f2d000, 16777216) = 0
[pid 5103] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5103] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5103] close(3) = 0
[pid 5103] mkdir("./file0", 0777) = 0
[ 54.287322][ T5103] loop0: detected capacity change from 0 to 32768
[ 54.297283][ T5103] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor197 (5103)
[ 54.313512][ T5103] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 54.322283][ T5103] BTRFS info (device loop0): using free space tree
[pid 5103] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0
[pid 5103] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5103] chdir("./file0") = 0
[pid 5103] ioctl(4, LOOP_CLR_FD) = 0
[pid 5103] close(4) = 0
[pid 5103] open("./file0", O_RDONLY) = 4
[ 54.341844][ T5103] BTRFS info (device loop0): enabling ssd optimizations
[ 54.348940][ T5103] BTRFS info (device loop0): auto enabling async discard
[pid 5103] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 5103] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 5103] write(6, "17", 2) = 2
[ 54.373162][ T27] audit: type=1800 audit(1679757259.874:3): pid=5103 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor197" name="bus" dev="loop0" ino=263 res=0 errno=0
[ 54.400046][ T5103] FAULT_INJECTION: forcing a failure.
[ 54.400046][ T5103] name failslab, interval 1, probability 0, space 0, times 1
[ 54.416134][ T5103] CPU: 1 PID: 5103 Comm: syz-executor197 Not tainted 6.3.0-rc3-syzkaller-00317-g65aca32efdcb #0
[ 54.426602][ T5103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 54.436682][ T5103] Call Trace:
[ 54.439978][ T5103] <TASK>
[ 54.442971][ T5103] dump_stack_lvl+0x1e7/0x2d0
[ 54.447703][ T5103] ? nf_tcp_handle_invalid+0x650/0x650
[ 54.453197][ T5103] ? panic+0x770/0x770
[ 54.457296][ T5103] ? __might_sleep+0xc0/0xc0
[ 54.461959][ T5103] should_fail_ex+0x3aa/0x4e0
[ 54.466674][ T5103] should_failslab+0x9/0x20
[ 54.471204][ T5103] slab_pre_alloc_hook+0x59/0x2b0
[ 54.476266][ T5103] kmem_cache_alloc+0x52/0x2e0
[ 54.481056][ T5103] ? start_transaction+0x469/0x1050
[ 54.486287][ T5103] start_transaction+0x469/0x1050
[ 54.491354][ T5103] create_snapshot+0x437/0x7e0
[ 54.496154][ T5103] btrfs_mksubvol+0x5d0/0x750
[ 54.500880][ T5103] ? __btrfs_ioctl_snap_create+0x450/0x450
[ 54.506699][ T5103] ? __might_fault+0xbe/0x120
[ 54.511389][ T5103] btrfs_mksnapshot+0xb5/0xf0
[ 54.516073][ T5103] __btrfs_ioctl_snap_create+0x338/0x450
[ 54.521711][ T5103] btrfs_ioctl_snap_create+0x136/0x190
[ 54.527186][ T5103] btrfs_ioctl+0xbbc/0xd40
[ 54.531599][ T5103] ? btrfs_ioctl_get_supported_features+0x50/0x50
[ 54.538011][ T5103] __se_sys_ioctl+0xf1/0x160
[ 54.542605][ T5103] do_syscall_64+0x41/0xc0
[ 54.547022][ T5103] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 54.552914][ T5103] RIP: 0033:0x7f0dcb37aa29
[ 54.557328][ T5103] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 54.577210][ T5103] RSP: 002b:00007ffd8c6fac58 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[pid 5103] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x02\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = -1 ENOMEM (Cannot allocate memory)
[pid 5103] exit_group(0) = ?
[pid 5103] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5103, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=17 /* 0.17 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555727f620 /* 4 entries */, 32768) = 112
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./1/binderfs") = 0
[ 54.585628][ T5103] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0dcb37aa29
[ 54.593593][ T5103] RDX: 00000000200000c0 RSI: 0000000050009401 RDI: 0000000000000004
[ 54.601557][ T5103] RBP: 00007ffd8c6fac80 R08: 0000000000000002 R09: 00007ffd8c6fac90
[ 54.609543][ T5103] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[ 54.617571][ T5103] R13: 00007ffd8c6facc0 R14: 00007ffd8c6faca0 R15: 0000000000000001
[ 54.625556][ T5103] </TASK>
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555557287660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555557287660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./1/file0") = 0
getdents64(3, 0x55555727f620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./1") = 0
mkdir("./2", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555727e5d0) = 5130
./strace-static-x86_64: Process 5130 attached
[pid 5130] chdir("./2") = 0
[pid 5130] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5130] setpgid(0, 0) = 0
[pid 5130] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5130] write(3, "1000", 4) = 4
[pid 5130] close(3) = 0
[pid 5130] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5130] memfd_create("syzkaller", 0) = 3
[pid 5130] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0dc2f2d000
[pid 5130] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5130] munmap(0x7f0dc2f2d000, 16777216) = 0
[pid 5130] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5130] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5130] close(3) = 0
[pid 5130] mkdir("./file0", 0777) = 0
[ 54.916644][ T5130] loop0: detected capacity change from 0 to 32768
[ 54.926654][ T5130] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor197 (5130)
[ 54.942916][ T5130] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 54.951688][ T5130] BTRFS info (device loop0): using free space tree
[pid 5130] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0
[pid 5130] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5130] chdir("./file0") = 0
[pid 5130] ioctl(4, LOOP_CLR_FD) = 0
[pid 5130] close(4) = 0
[pid 5130] open("./file0", O_RDONLY) = 4
[pid 5130] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid 5130] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 5130] write(6, "17", 2) = 2
[ 54.971133][ T5130] BTRFS info (device loop0): enabling ssd optimizations
[ 54.978301][ T5130] BTRFS info (device loop0): auto enabling async discard
[ 54.994847][ T27] audit: type=1800 audit(1679757260.494:4): pid=5130 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor197" name="bus" dev="loop0" ino=263 res=0 errno=0
[ 54.996772][ T5130] FAULT_INJECTION: forcing a failure.
[ 54.996772][ T5130] name failslab, interval 1, probability 0, space 0, times 0
[ 55.028336][ T5130] CPU: 0 PID: 5130 Comm: syz-executor197 Not tainted 6.3.0-rc3-syzkaller-00317-g65aca32efdcb #0
[ 55.038791][ T5130] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 55.048871][ T5130] Call Trace:
[ 55.052174][ T5130] <TASK>
[ 55.055124][ T5130] dump_stack_lvl+0x1e7/0x2d0
[ 55.059843][ T5130] ? nf_tcp_handle_invalid+0x650/0x650
[ 55.065346][ T5130] ? panic+0x770/0x770
[ 55.069445][ T5130] ? __might_sleep+0xc0/0xc0
[ 55.074066][ T5130] ? btrfs_mksnapshot+0xb5/0xf0
[ 55.079052][ T5130] ? btrfs_ioctl_snap_create+0x136/0x190
[ 55.084729][ T5130] ? __se_sys_ioctl+0xf1/0x160
[ 55.089522][ T5130] ? do_syscall_64+0x41/0xc0
[ 55.094141][ T5130] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 55.100247][ T5130] should_fail_ex+0x3aa/0x4e0
[ 55.105163][ T5130] should_failslab+0x9/0x20
[ 55.109788][ T5130] slab_pre_alloc_hook+0x59/0x2b0
[ 55.114856][ T5130] kmem_cache_alloc+0x52/0x2e0
[ 55.119666][ T5130] ? btrfs_add_delayed_tree_ref+0x231/0xfc0
[ 55.125602][ T5130] btrfs_add_delayed_tree_ref+0x231/0xfc0
[ 55.131376][ T5130] ? btrfs_delete_ref_head+0x270/0x270
[ 55.136878][ T5130] ? btrfs_alloc_tree_block+0xbae/0x1800
[ 55.142546][ T5130] ? btrfs_alloc_tree_block+0xbdb/0x1800
[ 55.148219][ T5130] btrfs_alloc_tree_block+0xf56/0x1800
[ 55.153729][ T5130] ? alloc_reserved_file_extent+0x5e0/0x5e0
[ 55.159745][ T5130] ? mark_lock+0x9a/0x340
[ 55.164142][ T5130] ? read_extent_buffer+0x122/0x2a0
[ 55.169416][ T5130] ? __asan_memcpy+0x40/0x70
[ 55.174058][ T5130] __btrfs_cow_block+0x470/0x1830
[ 55.179132][ T5130] ? btrfs_qgroup_trace_subtree_after_cow+0x1a8/0x1190
[ 55.186029][ T5130] ? btrfs_cow_block+0x780/0x780
[ 55.190998][ T5130] ? btrfs_qgroup_add_swapped_blocks+0x7e0/0x7f0
[ 55.197388][ T5130] ? rcu_is_watching+0x15/0xb0
[ 55.202281][ T5130] btrfs_cow_block+0x403/0x780
[ 55.207100][ T5130] btrfs_search_slot+0xc89/0x2f70
[ 55.212147][ T5130] ? validate_chain+0x119/0x58e0
[ 55.217111][ T5130] ? kasan_set_track+0x61/0x70
[ 55.221893][ T5130] ? btrfs_find_item+0x530/0x530
[ 55.226843][ T5130] ? btrfs_extent_root+0x2a6/0x3b0
[ 55.232032][ T5130] ? btrfs_ioctl_snap_create+0x136/0x190
[ 55.237661][ T5130] ? btrfs_ioctl+0xbbc/0xd40
[ 55.242335][ T5130] ? btrfs_csum_root+0x3b0/0x3b0
[ 55.247289][ T5130] lookup_inline_extent_backref+0x3f2/0x1470
[ 55.253280][ T5130] ? insert_extent_data_ref+0xa30/0xa30
[ 55.258908][ T5130] ? __kasan_slab_alloc+0x66/0x70
[ 55.263932][ T5130] ? slab_post_alloc_hook+0x83/0x3a0
[ 55.269240][ T5130] ? kmem_cache_alloc+0x14e/0x2e0
[ 55.274298][ T5130] __btrfs_free_extent+0x28c/0x2ef0
[ 55.279512][ T5130] ? __btrfs_inc_extent_ref+0x5f0/0x5f0
[ 55.285065][ T5130] ? _raw_read_unlock+0x28/0x40
[ 55.289922][ T5130] ? do_raw_spin_unlock+0x13b/0x8b0
[ 55.295121][ T5130] __btrfs_run_delayed_refs+0x10c6/0x4100
[ 55.300871][ T5130] ? reacquire_held_locks+0x660/0x660
[ 55.306263][ T5130] ? __lock_acquire+0x125b/0x1f80
[ 55.311295][ T5130] ? btrfs_run_delayed_refs+0x480/0x480
[ 55.316869][ T5130] ? read_lock_is_recursive+0x20/0x20
[ 55.322321][ T5130] ? mark_lock+0x9a/0x340
[ 55.326654][ T5130] btrfs_run_delayed_refs+0x140/0x480
[ 55.332017][ T5130] ? btrfs_trans_release_metadata+0x158/0x1c0
[ 55.338110][ T5130] btrfs_commit_transaction+0x42c/0x3440
[ 55.343876][ T5130] ? read_lock_is_recursive+0x20/0x20
[ 55.349270][ T5130] ? join_transaction+0xbfd/0xe80
[ 55.354308][ T5130] ? __lock_acquire+0x1f80/0x1f80
[ 55.359326][ T5130] ? btrfs_commit_transaction_async+0x450/0x450
[ 55.365573][ T5130] ? do_raw_spin_unlock+0x13b/0x8b0
[ 55.370890][ T5130] ? join_transaction+0xc52/0xe80
[ 55.375939][ T5130] ? join_transaction+0xc28/0xe80
[ 55.381135][ T5130] ? btrfs_record_root_in_trans+0x12d/0x180
[ 55.387044][ T5130] ? start_transaction+0x3de/0x1050
[ 55.392264][ T5130] create_snapshot+0x4a5/0x7e0
[ 55.397029][ T5130] btrfs_mksubvol+0x5d0/0x750
[ 55.401706][ T5130] ? __btrfs_ioctl_snap_create+0x450/0x450
[ 55.407610][ T5130] ? __might_fault+0xbe/0x120
[ 55.412318][ T5130] btrfs_mksnapshot+0xb5/0xf0
[ 55.417006][ T5130] __btrfs_ioctl_snap_create+0x338/0x450
[ 55.422661][ T5130] btrfs_ioctl_snap_create+0x136/0x190
[ 55.428114][ T5130] btrfs_ioctl+0xbbc/0xd40
[ 55.432526][ T5130] ? btrfs_ioctl_get_supported_features+0x50/0x50
[ 55.439022][ T5130] __se_sys_ioctl+0xf1/0x160
[ 55.443612][ T5130] do_syscall_64+0x41/0xc0
[ 55.448035][ T5130] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 55.453944][ T5130] RIP: 0033:0x7f0dcb37aa29
[ 55.458373][ T5130] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 55.478081][ T5130] RSP: 002b:00007ffd8c6fac58 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 55.486506][ T5130] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0dcb37aa29
[ 55.494473][ T5130] RDX: 00000000200000c0 RSI: 0000000050009401 RDI: 0000000000000004
[ 55.502444][ T5130] RBP: 00007ffd8c6fac80 R08: 0000000000000002 R09: 00007ffd8c6fac90
[ 55.510444][ T5130] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[pid 5130] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x02\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = -1 ENOMEM (Cannot allocate memory)
[pid 5130] exit_group(0) = ?
[pid 5130] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5130, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=24 /* 0.24 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555727f620 /* 4 entries */, 32768) = 112
umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./2/binderfs") = 0
[ 55.518433][ T5130] R13: 00007ffd8c6facc0 R14: 00007ffd8c6faca0 R15: 0000000000000002
[ 55.526430][ T5130] </TASK>
[ 55.530153][ T5130] BTRFS: error (device loop0: state A) in __btrfs_free_extent:3076: errno=-12 Out of memory
[ 55.540601][ T5130] BTRFS info (device loop0: state EA): forced readonly
[ 55.547703][ T5130] BTRFS error (device loop0: state EA): failed to run delayed ref for logical 5255168 num_bytes 4096 type 176 action 2 ref_mod 1: -12
[ 55.561548][ T5130] BTRFS: error (device loop0: state EA) in btrfs_run_delayed_refs:2150: errno=-12 Out of memory
[ 55.609572][ T5075] ------------[ cut here ]------------
[ 55.615172][ T5075] WARNING: CPU: 0 PID: 5075 at fs/btrfs/space-info.h:197 btrfs_space_info_update_bytes_may_use+0x29f/0x600
[ 55.626797][ T5075] Modules linked in:
[ 55.630735][ T5075] CPU: 0 PID: 5075 Comm: syz-executor197 Not tainted 6.3.0-rc3-syzkaller-00317-g65aca32efdcb #0
[ 55.641235][ T5075] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 55.651355][ T5075] RIP: 0010:btrfs_space_info_update_bytes_may_use+0x29f/0x600
[ 55.658858][ T5075] Code: 25 00 00 74 08 4c 89 ff e8 fe 52 38 fe 49 8b 1f 48 89 df 48 8b 6c 24 20 48 89 ee e8 4b 9e e2 fd 48 39 eb 73 14 e8 31 9c e2 fd <0f> 0b 45 31 f6 43 80 7c 25 00 00 75 ac eb b2 e8 1d 9c e2 fd 43 80
[ 55.678526][ T5075] RSP: 0018:ffffc90003c6f910 EFLAGS: 00010293
[ 55.684598][ T5075] RAX: ffffffff83a7d0ef RBX: 00000000000df000 RCX: ffff8880283157c0
[ 55.692803][ T5075] RDX: 0000000000000000 RSI: 00000000000e0000 RDI: 00000000000df000
[ 55.700834][ T5075] RBP: 00000000000e0000 R08: ffffffff83a7d0e5 R09: fffffbfff1ca6f0e
[ 55.708868][ T5075] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
[ 55.716877][ T5075] R13: 1ffff11004af6c0c R14: fffffffffff20000 R15: ffff8880257b6060
[ 55.724925][ T5075] FS: 000055555727e300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[ 55.733898][ T5075] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 55.740522][ T5075] CR2: 0000555557287628 CR3: 000000001ec5e000 CR4: 00000000003506f0
[ 55.748537][ T5075] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 55.756542][ T5075] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 55.764506][ T5075] Call Trace:
[ 55.767822][ T5075] <TASK>
[ 55.770759][ T5075] ? do_raw_write_lock+0x147/0x4f0
[ 55.775887][ T5075] btrfs_block_rsv_release+0x441/0x520
[ 55.781406][ T5075] btrfs_release_global_block_rsv+0x33/0x260
[ 55.787428][ T5075] btrfs_free_block_groups+0xb3e/0xe80
[ 55.792890][ T5075] close_ctree+0x742/0xd30
[ 55.797368][ T5075] ? init_tree_roots+0x1f80/0x1f80
[ 55.802502][ T5075] ? hook_inode_free_security+0xb0/0xb0
[ 55.808116][ T5075] ? __fsnotify_vfsmount_delete+0x20/0x20
[ 55.813843][ T5075] ? clear_inode+0x150/0x150
[ 55.818530][ T5075] ? dput+0x403/0x420
[ 55.822531][ T5075] ? fscrypt_destroy_keyring+0x273/0x290
[ 55.828234][ T5075] ? btrfs_fill_super+0x2d0/0x2d0
[ 55.833281][ T5075] generic_shutdown_super+0x134/0x340
[ 55.838700][ T5075] kill_anon_super+0x3b/0x60
[ 55.843300][ T5075] btrfs_kill_super+0x41/0x50
[ 55.848049][ T5075] deactivate_locked_super+0xa4/0x110
[ 55.853457][ T5075] cleanup_mnt+0x426/0x4c0
[ 55.857935][ T5075] ? _raw_spin_unlock_irq+0x23/0x50
[ 55.863148][ T5075] task_work_run+0x24a/0x300
[ 55.867780][ T5075] ? dput+0x3a1/0x420
[ 55.871780][ T5075] ? task_work_cancel+0x2b0/0x2b0
[ 55.876843][ T5075] ? __x64_sys_umount+0x126/0x170
[ 55.881879][ T5075] ptrace_notify+0x2cd/0x380
[ 55.886529][ T5075] ? do_notify_parent+0xf50/0xf50
[ 55.891564][ T5075] ? user_path_at_empty+0x12f/0x180
[ 55.896803][ T5075] ? __x64_sys_umount+0x126/0x170
[ 55.901833][ T5075] ? path_umount+0xea0/0xea0
[ 55.906469][ T5075] ? syscall_enter_from_user_mode+0x32/0x260
[ 55.912464][ T5075] syscall_exit_to_user_mode+0x157/0x280
[ 55.918156][ T5075] do_syscall_64+0x4d/0xc0
[ 55.922588][ T5075] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 55.928531][ T5075] RIP: 0033:0x7f0dcb37bdc7
[ 55.932951][ T5075] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 55.952602][ T5075] RSP: 002b:00007ffd8c6f9b68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[ 55.961092][ T5075] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f0dcb37bdc7
[ 55.969112][ T5075] RDX: 00007ffd8c6f9c29 RSI: 000000000000000a RDI: 00007ffd8c6f9c20
[ 55.977150][ T5075] RBP: 00007ffd8c6f9c20 R08: 00000000ffffffff R09: 00007ffd8c6f9a00
[ 55.985149][ T5075] R10: 000055555727f653 R11: 0000000000000202 R12: 00007ffd8c6faca0
[ 55.994055][ T5075] R13: 000055555727f5f0 R14: 00007ffd8c6f9b90 R15: 0000000000000003
[ 56.002087][ T5075] </TASK>
[ 56.005098][ T5075] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 56.012456][ T5075] CPU: 0 PID: 5075 Comm: syz-executor197 Not tainted 6.3.0-rc3-syzkaller-00317-g65aca32efdcb #0
[ 56.022876][ T5075] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 56.032932][ T5075] Call Trace:
[ 56.036210][ T5075] <TASK>
[ 56.039151][ T5075] dump_stack_lvl+0x1e7/0x2d0
[ 56.043832][ T5075] ? nf_tcp_handle_invalid+0x650/0x650
[ 56.049293][ T5075] ? panic+0x770/0x770
[ 56.053368][ T5075] ? vscnprintf+0x5d/0x80
[ 56.057692][ T5075] panic+0x31c/0x770
[ 56.061597][ T5075] ? __warn+0x171/0x4a0
[ 56.065743][ T5075] ? memcpy_page_flushcache+0x100/0x100
[ 56.071286][ T5075] __warn+0x314/0x4a0
[ 56.075254][ T5075] ? btrfs_space_info_update_bytes_may_use+0x29f/0x600
[ 56.082092][ T5075] report_bug+0x2b3/0x500
[ 56.086422][ T5075] ? btrfs_space_info_update_bytes_may_use+0x29f/0x600
[ 56.093284][ T5075] handle_bug+0x3d/0x70
[ 56.097435][ T5075] exc_invalid_op+0x1a/0x50
[ 56.101930][ T5075] asm_exc_invalid_op+0x1a/0x20
[ 56.106777][ T5075] RIP: 0010:btrfs_space_info_update_bytes_may_use+0x29f/0x600
[ 56.114262][ T5075] Code: 25 00 00 74 08 4c 89 ff e8 fe 52 38 fe 49 8b 1f 48 89 df 48 8b 6c 24 20 48 89 ee e8 4b 9e e2 fd 48 39 eb 73 14 e8 31 9c e2 fd <0f> 0b 45 31 f6 43 80 7c 25 00 00 75 ac eb b2 e8 1d 9c e2 fd 43 80
[ 56.134042][ T5075] RSP: 0018:ffffc90003c6f910 EFLAGS: 00010293
[ 56.140107][ T5075] RAX: ffffffff83a7d0ef RBX: 00000000000df000 RCX: ffff8880283157c0
[ 56.148071][ T5075] RDX: 0000000000000000 RSI: 00000000000e0000 RDI: 00000000000df000
[ 56.156038][ T5075] RBP: 00000000000e0000 R08: ffffffff83a7d0e5 R09: fffffbfff1ca6f0e
[ 56.164141][ T5075] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
[ 56.172109][ T5075] R13: 1ffff11004af6c0c R14: fffffffffff20000 R15: ffff8880257b6060
[ 56.180097][ T5075] ? btrfs_space_info_update_bytes_may_use+0x295/0x600
[ 56.186955][ T5075] ? btrfs_space_info_update_bytes_may_use+0x29f/0x600
[ 56.193807][ T5075] ? do_raw_write_lock+0x147/0x4f0
[ 56.198921][ T5075] btrfs_block_rsv_release+0x441/0x520
[ 56.204406][ T5075] btrfs_release_global_block_rsv+0x33/0x260
[ 56.210411][ T5075] btrfs_free_block_groups+0xb3e/0xe80
[ 56.215888][ T5075] close_ctree+0x742/0xd30
[ 56.220326][ T5075] ? init_tree_roots+0x1f80/0x1f80
[ 56.225545][ T5075] ? hook_inode_free_security+0xb0/0xb0
[ 56.231110][ T5075] ? __fsnotify_vfsmount_delete+0x20/0x20
[ 56.236859][ T5075] ? clear_inode+0x150/0x150
[ 56.241469][ T5075] ? dput+0x403/0x420
[ 56.245470][ T5075] ? fscrypt_destroy_keyring+0x273/0x290
[ 56.251125][ T5075] ? btrfs_fill_super+0x2d0/0x2d0
[ 56.256175][ T5075] generic_shutdown_super+0x134/0x340
[ 56.261549][ T5075] kill_anon_super+0x3b/0x60
[ 56.266154][ T5075] btrfs_kill_super+0x41/0x50
[ 56.270830][ T5075] deactivate_locked_super+0xa4/0x110
[ 56.276203][ T5075] cleanup_mnt+0x426/0x4c0
[ 56.280616][ T5075] ? _raw_spin_unlock_irq+0x23/0x50
[ 56.285840][ T5075] task_work_run+0x24a/0x300
[ 56.290496][ T5075] ? dput+0x3a1/0x420
[ 56.294497][ T5075] ? task_work_cancel+0x2b0/0x2b0
[ 56.299526][ T5075] ? __x64_sys_umount+0x126/0x170
[ 56.304583][ T5075] ptrace_notify+0x2cd/0x380
[ 56.309223][ T5075] ? do_notify_parent+0xf50/0xf50
[ 56.314247][ T5075] ? user_path_at_empty+0x12f/0x180
[ 56.319447][ T5075] ? __x64_sys_umount+0x126/0x170
[ 56.324559][ T5075] ? path_umount+0xea0/0xea0
[ 56.329153][ T5075] ? syscall_enter_from_user_mode+0x32/0x260
[ 56.335134][ T5075] syscall_exit_to_user_mode+0x157/0x280
[ 56.340767][ T5075] do_syscall_64+0x4d/0xc0
[ 56.345187][ T5075] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 56.351082][ T5075] RIP: 0033:0x7f0dcb37bdc7
[ 56.355512][ T5075] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 56.375115][ T5075] RSP: 002b:00007ffd8c6f9b68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[ 56.383527][ T5075] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f0dcb37bdc7
[ 56.391496][ T5075] RDX: 00007ffd8c6f9c29 RSI: 000000000000000a RDI: 00007ffd8c6f9c20
[ 56.399481][ T5075] RBP: 00007ffd8c6f9c20 R08: 00000000ffffffff R09: 00007ffd8c6f9a00
[ 56.407449][ T5075] R10: 000055555727f653 R11: 0000000000000202 R12: 00007ffd8c6faca0
[ 56.415414][ T5075] R13: 000055555727f5f0 R14: 00007ffd8c6f9b90 R15: 0000000000000003
[ 56.423393][ T5075] </TASK>
[ 56.426558][ T5075] Kernel Offset: disabled
[ 56.431006][ T5075] Rebooting in 86400 seconds..