./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4108933923
<...>
Warning: Permanently added '10.128.0.203' (ED25519) to the list of known hosts.
execve("./syz-executor4108933923", ["./syz-executor4108933923"], 0x7ffd2620b190 /* 10 vars */) = 0
brk(NULL) = 0x555587b19000
brk(0x555587b19d00) = 0x555587b19d00
arch_prctl(ARCH_SET_FS, 0x555587b19380) = 0
set_tid_address(0x555587b19650) = 5833
set_robust_list(0x555587b19660, 24) = 0
rseq(0x555587b19ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor4108933923", 4096) = 28
getrandom("\x11\xc8\x10\x24\x04\x5f\x64\x4b", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x555587b19d00
brk(0x555587b3ad00) = 0x555587b3ad00
brk(0x555587b3b000) = 0x555587b3b000
mprotect(0x7f6bcc419000, 16384, PROT_READ) = 0
mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000
mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000
mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000
openat(AT_FDCWD, "/proc/self/make-it-fail", O_WRONLY) = 3
close(3) = 0
openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_WRONLY) = 3
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
mkdir("./syzkaller.uIcAcu", 0700) = 0
chmod("./syzkaller.uIcAcu", 0777) = 0
chdir("./syzkaller.uIcAcu") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5834 attached
, child_tidptr=0x555587b19650) = 5834
[pid 5834] set_robust_list(0x555587b19660, 24) = 0
[pid 5834] chdir("./0") = 0
[pid 5834] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5834] setpgid(0, 0) = 0
[pid 5834] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5834] write(3, "1000", 4) = 4
[pid 5834] close(3) = 0
[pid 5834] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 5834] write(1, "executing program\n", 18) = 18
[pid 5834] memfd_create("syzkaller", 0) = 3
[pid 5834] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6bc3f59000
[pid 5834] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5834] munmap(0x7f6bc3f59000, 138412032) = 0
[pid 5834] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5834] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5834] close(3) = 0
[pid 5834] close(4) = 0
[pid 5834] mkdir("./file0", 0777) = 0
[ 59.352096][ T5834] loop0: detected capacity change from 0 to 32768
[ 59.368487][ T5834] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor410 (5834)
[ 59.376216][ T5834] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[pid 5834] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,metadata_ratio=0x0000000000000000,ssd_spread,") = 0
[ 59.376286][ T5834] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[ 59.376368][ T5834] BTRFS info (device loop0): using free-space-tree
[ 59.442057][ T5834] BTRFS info (device loop0): rebuilding free space tree
[pid 5834] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5834] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid 5834] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 5834] chdir("./file0") = 0
[pid 5834] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 4
[pid 5834] ioctl(4, IMADDTIMER, 0x200000001b00) = 0
[pid 5834] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5834] write(5, "31", 2) = 2
[pid 5834] mkdir(".", 0777) = -1 EEXIST (File exists)
[ 59.514088][ T1516] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 59.550111][ T5834] FAULT_INJECTION: forcing a failure.
[pid 5834] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = 0
[pid 5834] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 6
[pid 5834] exit_group(0) = ?
[pid 5834] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5834, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=10 /* 0.10 s */} ---
umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555587b1a6f0 /* 4 entries */, 32768) = 112
[ 59.550111][ T5834] name failslab, interval 1, probability 0, space 0, times 1
[ 59.550159][ T5834] CPU: 0 UID: 0 PID: 5834 Comm: syz-executor410 Tainted: G W 6.17.0-rc1-syzkaller-00214-g99bade344cfa #0 PREEMPT_{RT,(full)}
[ 59.550184][ T5834] Tainted: [W]=WARN
[ 59.550190][ T5834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 59.550200][ T5834] Call Trace:
[ 59.550206][ T5834]
[ 59.550214][ T5834] dump_stack_lvl+0x189/0x250
[ 59.550248][ T5834] ? __pfx____ratelimit+0x10/0x10
[ 59.550269][ T5834] ? __pfx_dump_stack_lvl+0x10/0x10
[ 59.550290][ T5834] ? __pfx__printk+0x10/0x10
[ 59.550308][ T5834] ? fs_reclaim_acquire+0x7d/0x100
[ 59.550324][ T5834] ? rcu_is_watching+0x15/0xb0
[ 59.550347][ T5834] ? __pfx___might_resched+0x10/0x10
[ 59.550363][ T5834] ? lock_acquire+0x5f/0x360
[ 59.550401][ T5834] should_fail_ex+0x46c/0x600
[ 59.550424][ T5834] ? alloc_extent_state+0x22/0x2f0
[ 59.550446][ T5834] should_failslab+0xa8/0x100
[ 59.550468][ T5834] ? alloc_extent_state+0x22/0x2f0
[ 59.550496][ T5834] kmem_cache_alloc_noprof+0x6e/0x310
[ 59.550519][ T5834] alloc_extent_state+0x22/0x2f0
[ 59.550542][ T5834] set_extent_bit+0x270/0x21e0
[ 59.550568][ T5834] ? btrfs_clear_buffer_dirty+0x933/0xc20
[ 59.550586][ T5834] ? rt_mutex_pre_schedule+0x7d/0x1d0
[ 59.550603][ T5834] ? __pfx_set_extent_bit+0x10/0x10
[ 59.550623][ T5834] ? rwbase_write_lock+0x56f/0x750
[ 59.550646][ T5834] btrfs_set_extent_bit+0x38/0x50
[ 59.550670][ T5834] btrfs_alloc_tree_block+0x96e/0x1290
[ 59.550688][ T5834] ? __pfx_rt_mutex_slowunlock+0x10/0x10
umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
[ 59.550707][ T5834] ? set_extent_buffer_dirty+0x590/0x7d0
[ 59.550723][ T5834] ? __pfx_btrfs_alloc_tree_block+0x10/0x10
[ 59.550741][ T5834] ? __pfx_set_extent_buffer_dirty+0x10/0x10
[ 59.550757][ T5834] ? read_extent_buffer+0x123/0x5e0
[ 59.550781][ T5834] btrfs_force_cow_block+0x578/0x2460
[ 59.550805][ T5834] ? btrfs_qgroup_trace_subtree_after_cow+0x40b/0x930
[ 59.550824][ T5834] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 59.550845][ T5834] ? __pfx_btrfs_force_cow_block+0x10/0x10
[ 59.550866][ T5834] ? rwbase_write_lock+0x56f/0x750
umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555587b22730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555587b22730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./0/file0") = 0
umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/binderfs") = 0
getdents64(3, 0x555587b1a6f0 /* 0 entries */, 32768) = 0
close(3) = 0
[ 59.550888][ T5834] btrfs_cow_block+0x40a/0x9a0
[ 59.550911][ T5834] btrfs_search_slot+0xd17/0x2ba0
[ 59.550936][ T5834] ? rt_read_lock+0x260/0x360
[ 59.550954][ T5834] ? __pfx_btrfs_search_slot+0x10/0x10
[ 59.550972][ T5834] ? __kasan_slab_alloc+0x6c/0x80
[ 59.550992][ T5834] ? btrfs_add_to_free_space_tree+0xde/0x5b0
[ 59.551012][ T5834] ? __btrfs_free_extent+0x167b/0x4250
[ 59.551029][ T5834] ? __btrfs_run_delayed_refs+0xe7f/0x4150
[ 59.551056][ T5834] add_free_space_extent+0x3ac/0xb50
rmdir("./0") = 0
mkdir("./1", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
[ 59.551077][ T5834] ? rt_read_lock+0x1f8/0x360
[ 59.551095][ T5834] ? __pfx_add_free_space_extent+0x10/0x10
[ 59.551115][ T5834] ? rcu_is_watching+0x15/0xb0
[ 59.551143][ T5834] ? __add_block_group_free_space+0x82/0x8b0
[ 59.551165][ T5834] ? __btrfs_add_to_free_space_tree+0x1ae/0x270
[ 59.551184][ T5834] ? mutex_lock_nested+0x154/0x1d0
[ 59.551207][ T5834] btrfs_add_to_free_space_tree+0x155/0x5b0
[ 59.551228][ T5834] __btrfs_free_extent+0x167b/0x4250
[ 59.551251][ T5834] ? __pfx___btrfs_free_extent+0x10/0x10
[ 59.551269][ T5834] ? migrate_disable+0x160/0x190
[ 59.551287][ T5834] ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 59.551304][ T5834] ? lock_release+0x4b/0x3e0
[ 59.551325][ T5834] __btrfs_run_delayed_refs+0xe7f/0x4150
[ 59.551355][ T5834] ? is_bpf_text_address+0x26/0x2b0
[ 59.551384][ T5834] ? __pfx___btrfs_run_delayed_refs+0x10/0x10
[ 59.551410][ T5834] ? try_to_take_rt_mutex+0x840/0xb00
[ 59.551430][ T5834] ? rtlock_slowlock_locked+0xd8/0x4010
[ 59.551448][ T5834] ? stack_trace_save+0x9c/0xe0
[ 59.551467][ T5834] ? stack_depot_save_flags+0x41b/0x860
[ 59.551487][ T5834] ? btrfs_commit_transaction+0x161/0x3950
[ 59.551507][ T5834] ? rcu_is_watching+0x15/0xb0
[ 59.551528][ T5834] ? lock_acquire+0x5f/0x360
[ 59.551547][ T5834] ? rcu_is_watching+0x15/0xb0
[ 59.551571][ T5834] btrfs_run_delayed_refs+0xe6/0x3b0
[ 59.551595][ T5834] btrfs_commit_transaction+0x269/0x3950
[ 59.551617][ T5834] ? rcu_is_watching+0x15/0xb0
[ 59.551639][ T5834] ? btrfs_commit_transaction+0x161/0x3950
[ 59.551660][ T5834] ? lock_acquire+0x5f/0x360
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555587b19650) = 5854
./strace-static-x86_64: Process 5854 attached
[pid 5854] set_robust_list(0x555587b19660, 24) = 0
[pid 5854] chdir("./1") = 0
[pid 5854] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5854] setpgid(0, 0) = 0
[pid 5854] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5854] write(3, "1000", 4) = 4
[ 59.551679][ T5834] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 59.551701][ T5834] ? rt_mutex_slowunlock+0x493/0x8a0
[ 59.551715][ T5834] ? migrate_disable+0xd5/0x190
[ 59.551735][ T5834] ? join_transaction+0x41b/0xca0
[ 59.551755][ T5834] ? rcu_is_watching+0x15/0xb0
[ 59.551785][ T5834] ? lock_acquire+0x5f/0x360
[ 59.551806][ T5834] ? __pfx_btrfs_commit_transaction+0x10/0x10
[ 59.551829][ T5834] ? join_transaction+0x41b/0xca0
[ 59.551852][ T5834] ? btrfs_record_root_in_trans+0x91/0x180
[ 59.551873][ T5834] ? start_transaction+0x439/0x1620
[pid 5854] close(3) = 0
[pid 5854] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5854] write(1, "executing program\n", 18executing program
) = 18
[pid 5854] memfd_create("syzkaller", 0) = 3
[pid 5854] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6bc3f59000
[ 59.551899][ T5834] ? btrfs_attach_transaction_barrier+0x32/0xa0
[ 59.551919][ T5834] ? btrfs_sync_fs+0x1b2/0x6a0
[ 59.551941][ T5834] sync_filesystem+0x1ce/0x250
[ 59.551966][ T5834] btrfs_reconfigure+0x2fa/0x2160
[ 59.551986][ T5834] ? __pfx_list_lru_walk_node+0x10/0x10
[ 59.552011][ T5834] ? __pfx_btrfs_reconfigure+0x10/0x10
[ 59.552028][ T5834] ? __pfx_shrink_dcache_sb+0x10/0x10
[ 59.552053][ T5834] ? rcu_is_watching+0x15/0xb0
[ 59.552078][ T5834] reconfigure_super+0x224/0x890
[ 59.552099][ T5834] path_mount+0xd18/0xfe0
[ 59.552122][ T5834] __se_sys_mount+0x317/0x410
[ 59.552146][ T5834] ? __pfx___se_sys_mount+0x10/0x10
[ 59.552166][ T5834] ? rcu_is_watching+0x15/0xb0
[ 59.552191][ T5834] ? __x64_sys_mount+0x20/0xc0
[ 59.552214][ T5834] do_syscall_64+0xfa/0x3b0
[ 59.552239][ T5834] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 59.552256][ T5834] ? clear_bhb_loop+0x60/0xb0
[ 59.552272][ T5834] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 59.552289][ T5834] RIP: 0033:0x7f6bcc3a931a
[ 59.552312][ T5834] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 3e 07 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 59.552325][ T5834] RSP: 002b:00007ffca25590d8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 59.552343][ T5834] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6bcc3a931a
[ 59.552355][ T5834] RDX: 0000200000000180 RSI: 00002000000006c0 RDI: 0000000000000000
[ 59.552366][ T5834] RBP: 0000200000000180 R08: 00007ffca2559170 R09: 0000200000000080
[pid 5854] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[ 59.552378][ T5834] R10: 0000000001a4243c R11: 0000000000000206 R12: 00002000000006c0
[ 59.552390][ T5834] R13: 00007ffca2559170 R14: 0000000000000000 R15: 0000200000000700
[ 59.552408][ T5834]
[ 59.689328][ T5833] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[pid 5854] munmap(0x7f6bc3f59000, 138412032) = 0
[pid 5854] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5854] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5854] close(3) = 0
[pid 5854] close(4) = 0
[pid 5854] mkdir("./file0", 0777) = 0
[ 60.242595][ T5854] loop0: detected capacity change from 0 to 32768
[ 60.258115][ T5854] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor410 (5854)
[ 60.263485][ T5854] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[pid 5854] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,metadata_ratio=0x0000000000000000,ssd_spread,") = 0
[pid 5854] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5854] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[ 60.263545][ T5854] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[ 60.263599][ T5854] BTRFS info (device loop0): using free-space-tree
[ 60.327115][ T5854] BTRFS info (device loop0): rebuilding free space tree
[pid 5854] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 5854] chdir("./file0") = 0
[pid 5854] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 4
[pid 5854] ioctl(4, IMADDTIMER, 0x200000001b00) = 0
[pid 5854] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5854] write(5, "31", 2) = 2
[ 60.377769][ T13] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[pid 5854] mkdir(".", 0777) = -1 EEXIST (File exists)
[pid 5854] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument)
[pid 5854] exit_group(0) = ?
[pid 5854] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5854, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=12 /* 0.12 s */} ---
umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[ 60.448455][ T5854] FAULT_INJECTION: forcing a failure.
[ 60.448455][ T5854] name failslab, interval 1, probability 0, space 0, times 0
[ 60.448477][ T5854] CPU: 1 UID: 0 PID: 5854 Comm: syz-executor410 Tainted: G W 6.17.0-rc1-syzkaller-00214-g99bade344cfa #0 PREEMPT_{RT,(full)}
[ 60.448492][ T5854] Tainted: [W]=WARN
[ 60.448495][ T5854] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 60.448501][ T5854] Call Trace:
[ 60.448505][ T5854]
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555587b1a6f0 /* 4 entries */, 32768) = 112
[ 60.448509][ T5854] dump_stack_lvl+0x189/0x250
[ 60.448525][ T5854] ? __pfx____ratelimit+0x10/0x10
[ 60.448537][ T5854] ? __pfx_dump_stack_lvl+0x10/0x10
[ 60.448549][ T5854] ? __pfx__printk+0x10/0x10
[ 60.448559][ T5854] ? fs_reclaim_acquire+0x7d/0x100
[ 60.448568][ T5854] ? rcu_is_watching+0x15/0xb0
[ 60.448582][ T5854] ? __pfx___might_resched+0x10/0x10
[ 60.448591][ T5854] ? lock_acquire+0x5f/0x360
[ 60.448603][ T5854] should_fail_ex+0x46c/0x600
[ 60.448615][ T5854] ? add_delayed_ref+0x11a/0x1d80
[ 60.448628][ T5854] should_failslab+0xa8/0x100
[ 60.448642][ T5854] ? add_delayed_ref+0x11a/0x1d80
[ 60.448655][ T5854] kmem_cache_alloc_noprof+0x6e/0x310
[ 60.448668][ T5854] add_delayed_ref+0x11a/0x1d80
[ 60.448681][ T5854] ? btrfs_clear_buffer_dirty+0x264/0xc20
[ 60.448692][ T5854] ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 60.448703][ T5854] btrfs_free_tree_block+0x2c6/0xd00
[ 60.448713][ T5854] ? __pfx_btrfs_free_tree_block+0x10/0x10
[ 60.448722][ T5854] ? btrfs_tree_mod_log_insert_root+0xa7/0xb20
[ 60.448735][ T5854] ? __write_extent_buffer+0x27a/0x6c0
umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555587b22730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555587b22730 /* 0 entries */, 32768) = 0
[ 60.448744][ T5854] ? btrfs_force_cow_block+0x9ee/0x2460
[ 60.448755][ T5854] btrfs_force_cow_block+0xff1/0x2460
[ 60.448769][ T5854] ? __pfx_btrfs_force_cow_block+0x10/0x10
[ 60.448780][ T5854] ? rwbase_write_lock+0x56f/0x750
[ 60.448793][ T5854] btrfs_cow_block+0x40a/0x9a0
[ 60.448805][ T5854] btrfs_search_slot+0xd17/0x2ba0
[ 60.448818][ T5854] ? rt_read_lock+0x260/0x360
[ 60.448828][ T5854] ? __pfx_btrfs_search_slot+0x10/0x10
[ 60.448837][ T5854] ? __kasan_slab_alloc+0x6c/0x80
close(4) = 0
rmdir("./1/file0") = 0
umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/binderfs") = 0
getdents64(3, 0x555587b1a6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./1") = 0
mkdir("./2", 0777) = 0
[ 60.448848][ T5854] ? btrfs_add_to_free_space_tree+0xde/0x5b0
[ 60.448859][ T5854] ? __btrfs_free_extent+0x167b/0x4250
[ 60.448868][ T5854] ? __btrfs_run_delayed_refs+0xe7f/0x4150
[ 60.448882][ T5854] add_free_space_extent+0x3ac/0xb50
[ 60.448893][ T5854] ? rt_read_lock+0x1f8/0x360
[ 60.448902][ T5854] ? __pfx_add_free_space_extent+0x10/0x10
[ 60.448913][ T5854] ? rcu_is_watching+0x15/0xb0
[ 60.448928][ T5854] ? __add_block_group_free_space+0x82/0x8b0
[ 60.448940][ T5854] ? __btrfs_add_to_free_space_tree+0x1ae/0x270
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
[ 60.448950][ T5854] ? mutex_lock_nested+0x154/0x1d0
[ 60.448964][ T5854] btrfs_add_to_free_space_tree+0x155/0x5b0
[ 60.448976][ T5854] __btrfs_free_extent+0x167b/0x4250
[ 60.448988][ T5854] ? __pfx___btrfs_free_extent+0x10/0x10
[ 60.448998][ T5854] ? migrate_disable+0x160/0x190
[ 60.449008][ T5854] ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 60.449017][ T5854] ? lock_release+0x4b/0x3e0
[ 60.449029][ T5854] __btrfs_run_delayed_refs+0xe7f/0x4150
[ 60.449045][ T5854] ? is_bpf_text_address+0x26/0x2b0
[ 60.449060][ T5854] ? is_bpf_text_address+0x292/0x2b0
[ 60.449071][ T5854] ? __pfx___btrfs_run_delayed_refs+0x10/0x10
[ 60.449085][ T5854] ? try_to_take_rt_mutex+0x840/0xb00
[ 60.449093][ T5854] ? unwind_get_return_address+0x4d/0x90
[ 60.449105][ T5854] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 60.449115][ T5854] ? arch_stack_walk+0xfc/0x150
[ 60.449129][ T5854] ? rtlock_slowlock_locked+0xd8/0x4010
[ 60.449138][ T5854] ? stack_trace_save+0x9c/0xe0
[ 60.449147][ T5854] ? __pfx_stack_trace_save+0x10/0x10
[ 60.449156][ T5854] ? stack_depot_save_flags+0x40/0x860
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5871 attached
, child_tidptr=0x555587b19650) = 5871
[pid 5871] set_robust_list(0x555587b19660, 24) = 0
[pid 5871] chdir("./2") = 0
[pid 5871] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5871] setpgid(0, 0) = 0
[pid 5871] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5871] write(3, "1000", 4) = 4
[pid 5871] close(3) = 0
[ 60.449167][ T5854] ? btrfs_commit_transaction+0x161/0x3950
[ 60.449179][ T5854] ? rcu_is_watching+0x15/0xb0
[ 60.449191][ T5854] ? lock_acquire+0x5f/0x360
[ 60.449201][ T5854] ? rcu_is_watching+0x15/0xb0
[ 60.449214][ T5854] btrfs_run_delayed_refs+0xe6/0x3b0
[ 60.449228][ T5854] btrfs_commit_transaction+0x269/0x3950
[ 60.449239][ T5854] ? rcu_is_watching+0x15/0xb0
[ 60.449251][ T5854] ? btrfs_commit_transaction+0x161/0x3950
[ 60.449261][ T5854] ? lock_acquire+0x5f/0x360
[pid 5871] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 5871] write(1, "executing program\n", 18) = 18
[pid 5871] memfd_create("syzkaller", 0) = 3
[pid 5871] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6bc3f59000
[ 60.449271][ T5854] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 60.449283][ T5854] ? rt_mutex_slowunlock+0x493/0x8a0
[ 60.449291][ T5854] ? migrate_disable+0xd5/0x190
[ 60.449301][ T5854] ? join_transaction+0x41b/0xca0
[ 60.449312][ T5854] ? rcu_is_watching+0x15/0xb0
[ 60.449324][ T5854] ? lock_acquire+0x5f/0x360
[ 60.449334][ T5854] ? __pfx_btrfs_commit_transaction+0x10/0x10
[ 60.449346][ T5854] ? join_transaction+0x41b/0xca0
[ 60.449358][ T5854] ? btrfs_record_root_in_trans+0x91/0x180
[ 60.449369][ T5854] ? start_transaction+0x439/0x1620
[ 60.449382][ T5854] ? btrfs_attach_transaction_barrier+0x32/0xa0
[ 60.449401][ T5854] ? btrfs_sync_fs+0x1b2/0x6a0
[ 60.449413][ T5854] sync_filesystem+0x1ce/0x250
[ 60.449426][ T5854] btrfs_reconfigure+0x2fa/0x2160
[ 60.449437][ T5854] ? __pfx_list_lru_walk_node+0x10/0x10
[ 60.449450][ T5854] ? __pfx_btrfs_reconfigure+0x10/0x10
[ 60.449459][ T5854] ? __pfx_shrink_dcache_sb+0x10/0x10
[ 60.449473][ T5854] ? rcu_is_watching+0x15/0xb0
[ 60.449486][ T5854] reconfigure_super+0x224/0x890
[ 60.449498][ T5854] path_mount+0xd18/0xfe0
[ 60.449511][ T5854] __se_sys_mount+0x317/0x410
[ 60.449523][ T5854] ? __pfx___se_sys_mount+0x10/0x10
[ 60.449534][ T5854] ? rcu_is_watching+0x15/0xb0
[ 60.449547][ T5854] ? __x64_sys_mount+0x20/0xc0
[ 60.449559][ T5854] do_syscall_64+0xfa/0x3b0
[ 60.449570][ T5854] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 60.449579][ T5854] ? clear_bhb_loop+0x60/0xb0
[ 60.449589][ T5854] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 60.449597][ T5854] RIP: 0033:0x7f6bcc3a931a
[ 60.449606][ T5854] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 3e 07 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 60.449614][ T5854] RSP: 002b:00007ffca25590d8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 60.449625][ T5854] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6bcc3a931a
[ 60.449631][ T5854] RDX: 0000200000000180 RSI: 00002000000006c0 RDI: 0000000000000000
[ 60.449638][ T5854] RBP: 0000200000000180 R08: 00007ffca2559170 R09: 0000200000000080
[pid 5871] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5871] munmap(0x7f6bc3f59000, 138412032) = 0
[pid 5871] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 60.449646][ T5854] R10: 0000000001a4243c R11: 0000000000000206 R12: 00002000000006c0
[ 60.449652][ T5854] R13: 00007ffca2559170 R14: 0000000000000000 R15: 0000200000000700
[ 60.449661][ T5854]
[ 60.449670][ T5854] BTRFS error (device loop0 state A): Transaction aborted (error -12)
[ 60.449690][ T5854] BTRFS: error (device loop0 state A) in btrfs_force_cow_block:571: errno=-12 Out of memory
[ 60.449700][ T5854] BTRFS info (device loop0 state EA): forced readonly
[ 60.449711][ T5854] BTRFS: error (device loop0 state EA) in btrfs_add_to_free_space_tree:1051: errno=-12 Out of memory
[pid 5871] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5871] close(3) = 0
[pid 5871] close(4) = 0
[pid 5871] mkdir("./file0", 0777) = 0
[ 60.449730][ T5854] BTRFS: error (device loop0 state EA) in do_free_extent_accounting:3005: errno=-12 Out of memory
[ 60.449744][ T5854] BTRFS error (device loop0 state EA): failed to run delayed ref for logical 5382144 num_bytes 4096 type 176 action 2 ref_mod 1: -12
[ 60.449765][ T5854] BTRFS: error (device loop0 state EA) in btrfs_run_delayed_refs:2161: errno=-12 Out of memory
[ 60.449797][ T5854] BTRFS error (device loop0 state EMA): remounting read-write after error is not allowed
[ 60.557512][ T5833] BTRFS info (device loop0 state EA): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 61.090838][ T5871] loop0: detected capacity change from 0 to 32768
[ 61.118829][ T5871] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor410 (5871)
[ 61.131757][ T5871] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 61.131818][ T5871] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[ 61.131884][ T5871] BTRFS info (device loop0): using free-space-tree
[pid 5871] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,metadata_ratio=0x0000000000000000,ssd_spread,") = 0
[pid 5871] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5871] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid 5871] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[ 61.228235][ T5871] BTRFS info (device loop0): rebuilding free space tree
[pid 5871] chdir("./file0") = 0
[pid 5871] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 4
[pid 5871] ioctl(4, IMADDTIMER, 0x200000001b00) = 0
[pid 5871] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5871] write(5, "31", 2) = 2
[pid 5871] mkdir(".", 0777) = -1 EEXIST (File exists)
[pid 5871] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument)
[pid 5871] exit_group(0) = ?
[pid 5871] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5871, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=12 /* 0.12 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[ 61.278400][ T1516] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 61.309816][ T5871] FAULT_INJECTION: forcing a failure.
[ 61.309816][ T5871] name failslab, interval 1, probability 0, space 0, times 0
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555587b1a6f0 /* 4 entries */, 32768) = 112
[ 61.309838][ T5871] CPU: 0 UID: 0 PID: 5871 Comm: syz-executor410 Tainted: G W 6.17.0-rc1-syzkaller-00214-g99bade344cfa #0 PREEMPT_{RT,(full)}
[ 61.309854][ T5871] Tainted: [W]=WARN
[ 61.309857][ T5871] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 61.309863][ T5871] Call Trace:
[ 61.309866][ T5871]
[ 61.309870][ T5871] dump_stack_lvl+0x189/0x250
[ 61.309894][ T5871] ? __pfx____ratelimit+0x10/0x10
[ 61.309906][ T5871] ? __pfx_dump_stack_lvl+0x10/0x10
[ 61.309918][ T5871] ? __pfx__printk+0x10/0x10
umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555587b22730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555587b22730 /* 0 entries */, 32768) = 0
close(4) = 0
[ 61.309928][ T5871] ? fs_reclaim_acquire+0x7d/0x100
[ 61.309937][ T5871] ? rcu_is_watching+0x15/0xb0
[ 61.309951][ T5871] ? __pfx___might_resched+0x10/0x10
[ 61.309960][ T5871] ? lock_acquire+0x5f/0x360
[ 61.309972][ T5871] should_fail_ex+0x46c/0x600
[ 61.309984][ T5871] ? btrfs_add_to_free_space_tree+0xde/0x5b0
[ 61.309996][ T5871] should_failslab+0xa8/0x100
[ 61.310009][ T5871] ? btrfs_add_to_free_space_tree+0xde/0x5b0
[ 61.310019][ T5871] kmem_cache_alloc_noprof+0x6e/0x310
[ 61.310032][ T5871] btrfs_add_to_free_space_tree+0xde/0x5b0
rmdir("./2/file0") = 0
umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./2/binderfs") = 0
getdents64(3, 0x555587b1a6f0 /* 0 entries */, 32768) = 0
[ 61.310044][ T5871] __btrfs_free_extent+0x167b/0x4250
[ 61.310057][ T5871] ? __pfx___btrfs_free_extent+0x10/0x10
[ 61.310067][ T5871] ? migrate_disable+0x160/0x190
[ 61.310078][ T5871] ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 61.310087][ T5871] ? lock_release+0x4b/0x3e0
[ 61.310097][ T5871] ? __btrfs_run_delayed_refs+0x33e8/0x4150
[ 61.310112][ T5871] __btrfs_run_delayed_refs+0xe7f/0x4150
[ 61.310127][ T5871] ? is_bpf_text_address+0x26/0x2b0
[ 61.310142][ T5871] ? is_bpf_text_address+0x292/0x2b0
close(3) = 0
rmdir("./2") = 0
mkdir("./3", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[ 61.310154][ T5871] ? __pfx___btrfs_run_delayed_refs+0x10/0x10
[ 61.310167][ T5871] ? try_to_take_rt_mutex+0x840/0xb00
[ 61.310176][ T5871] ? unwind_get_return_address+0x4d/0x90
[ 61.310188][ T5871] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 61.310198][ T5871] ? arch_stack_walk+0xfc/0x150
[ 61.310212][ T5871] ? rtlock_slowlock_locked+0xd8/0x4010
[ 61.310222][ T5871] ? stack_trace_save+0x9c/0xe0
[ 61.310230][ T5871] ? __pfx_stack_trace_save+0x10/0x10
[ 61.310239][ T5871] ? stack_depot_save_flags+0x40/0x860
ioctl(3, LOOP_CLR_FD) = 0
[ 61.310250][ T5871] ? btrfs_commit_transaction+0x161/0x3950
[ 61.310263][ T5871] ? rcu_is_watching+0x15/0xb0
[ 61.310275][ T5871] ? lock_acquire+0x5f/0x360
[ 61.310285][ T5871] ? rcu_is_watching+0x15/0xb0
[ 61.310305][ T5871] btrfs_run_delayed_refs+0xe6/0x3b0
[ 61.310318][ T5871] btrfs_commit_transaction+0x269/0x3950
[ 61.310330][ T5871] ? rcu_is_watching+0x15/0xb0
[ 61.310342][ T5871] ? btrfs_commit_transaction+0x161/0x3950
[ 61.310353][ T5871] ? lock_acquire+0x5f/0x360
[ 61.310363][ T5871] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 61.310375][ T5871] ? rt_mutex_slowunlock+0x493/0x8a0
[ 61.310383][ T5871] ? migrate_disable+0xd5/0x190
[ 61.310393][ T5871] ? join_transaction+0x41b/0xca0
[ 61.310404][ T5871] ? rcu_is_watching+0x15/0xb0
[ 61.310416][ T5871] ? lock_acquire+0x5f/0x360
[ 61.310426][ T5871] ? __pfx_btrfs_commit_transaction+0x10/0x10
[ 61.310438][ T5871] ? join_transaction+0x41b/0xca0
[ 61.310451][ T5871] ? btrfs_record_root_in_trans+0x91/0x180
[ 61.310462][ T5871] ? start_transaction+0x439/0x1620
[ 61.310475][ T5871] ? btrfs_attach_transaction_barrier+0x32/0xa0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555587b19650) = 5888
./strace-static-x86_64: Process 5888 attached
[pid 5888] set_robust_list(0x555587b19660, 24) = 0
[pid 5888] chdir("./3") = 0
[pid 5888] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5888] setpgid(0, 0) = 0
[pid 5888] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[ 61.310486][ T5871] ? btrfs_sync_fs+0x1b2/0x6a0
[ 61.310498][ T5871] sync_filesystem+0x1ce/0x250
[ 61.310511][ T5871] btrfs_reconfigure+0x2fa/0x2160
[ 61.310522][ T5871] ? __pfx_list_lru_walk_node+0x10/0x10
[ 61.310535][ T5871] ? __pfx_btrfs_reconfigure+0x10/0x10
[ 61.310544][ T5871] ? __pfx_shrink_dcache_sb+0x10/0x10
[ 61.310560][ T5871] ? rcu_is_watching+0x15/0xb0
[ 61.310574][ T5871] reconfigure_super+0x224/0x890
[ 61.310585][ T5871] path_mount+0xd18/0xfe0
[ 61.310599][ T5871] __se_sys_mount+0x317/0x410
[pid 5888] write(3, "1000", 4) = 4
[pid 5888] close(3) = 0
[pid 5888] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5888] write(1, "executing program\n", 18executing program
) = 18
[pid 5888] memfd_create("syzkaller", 0) = 3
[pid 5888] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6bc3f59000
[ 61.310612][ T5871] ? __pfx___se_sys_mount+0x10/0x10
[ 61.310623][ T5871] ? rcu_is_watching+0x15/0xb0
[ 61.310636][ T5871] ? __x64_sys_mount+0x20/0xc0
[ 61.310648][ T5871] do_syscall_64+0xfa/0x3b0
[ 61.310659][ T5871] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 61.310668][ T5871] ? clear_bhb_loop+0x60/0xb0
[ 61.310677][ T5871] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 61.310686][ T5871] RIP: 0033:0x7f6bcc3a931a
[ 61.310695][ T5871] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 3e 07 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 61.310703][ T5871] RSP: 002b:00007ffca25590d8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 61.310713][ T5871] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6bcc3a931a
[ 61.310720][ T5871] RDX: 0000200000000180 RSI: 00002000000006c0 RDI: 0000000000000000
[ 61.310726][ T5871] RBP: 0000200000000180 R08: 00007ffca2559170 R09: 0000200000000080
[ 61.310733][ T5871] R10: 0000000001a4243c R11: 0000000000000206 R12: 00002000000006c0
[ 61.310739][ T5871] R13: 00007ffca2559170 R14: 0000000000000000 R15: 0000200000000700
[ 61.310748][ T5871]
[ 61.310754][ T5871] BTRFS error (device loop0 state A): Transaction aborted (error -12)
[ 61.310765][ T5871] BTRFS: error (device loop0 state A) in btrfs_add_to_free_space_tree:1035: errno=-12 Out of memory
[ 61.310774][ T5871] BTRFS info (device loop0 state EA): forced readonly
[ 61.310783][ T5871] BTRFS: error (device loop0 state EA) in do_free_extent_accounting:3005: errno=-12 Out of memory
[pid 5888] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5888] munmap(0x7f6bc3f59000, 138412032) = 0
[pid 5888] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5888] ioctl(4, LOOP_SET_FD, 3) = 0
[ 61.310796][ T5871] BTRFS error (device loop0 state EA): failed to run delayed ref for logical 5386240 num_bytes 4096 type 176 action 2 ref_mod 1: -12
[ 61.310818][ T5871] BTRFS: error (device loop0 state EA) in btrfs_run_delayed_refs:2161: errno=-12 Out of memory
[ 61.310852][ T5871] BTRFS error (device loop0 state EMA): remounting read-write after error is not allowed
[ 61.357269][ T5833] BTRFS info (device loop0 state EA): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[pid 5888] close(3) = 0
[pid 5888] close(4) = 0
[pid 5888] mkdir("./file0", 0777) = 0
[ 61.888326][ T5888] loop0: detected capacity change from 0 to 32768
[ 61.912424][ T5888] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor410 (5888)
[ 61.922929][ T5888] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 61.922991][ T5888] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[ 61.923043][ T5888] BTRFS info (device loop0): using free-space-tree
[pid 5888] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,metadata_ratio=0x0000000000000000,ssd_spread,") = 0
[pid 5888] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5888] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid 5888] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 5888] chdir("./file0") = 0
[pid 5888] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 4
[pid 5888] ioctl(4, IMADDTIMER, 0x200000001b00) = 0
[pid 5888] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[ 61.987928][ T5888] BTRFS info (device loop0): rebuilding free space tree
[pid 5888] write(5, "31", 2) = 2
[pid 5888] mkdir(".", 0777) = -1 EEXIST (File exists)
[pid 5888] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = 0
[pid 5888] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 6
[pid 5888] exit_group(0) = ?
[pid 5888] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5888, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=12 /* 0.12 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
[ 62.058349][ T12] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 62.075521][ T5888] FAULT_INJECTION: forcing a failure.
[ 62.075521][ T5888] name failslab, interval 1, probability 0, space 0, times 0
[ 62.075544][ T5888] CPU: 0 UID: 0 PID: 5888 Comm: syz-executor410 Tainted: G W 6.17.0-rc1-syzkaller-00214-g99bade344cfa #0 PREEMPT_{RT,(full)}
[ 62.075559][ T5888] Tainted: [W]=WARN
umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555587b1a6f0 /* 4 entries */, 32768) = 112
[ 62.075562][ T5888] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 62.075568][ T5888] Call Trace:
[ 62.075572][ T5888]
[ 62.075576][ T5888] dump_stack_lvl+0x189/0x250
[ 62.075594][ T5888] ? __pfx____ratelimit+0x10/0x10
[ 62.075605][ T5888] ? __pfx_dump_stack_lvl+0x10/0x10
[ 62.075617][ T5888] ? __pfx__printk+0x10/0x10
[ 62.075627][ T5888] ? fs_reclaim_acquire+0x7d/0x100
[ 62.075636][ T5888] ? rcu_is_watching+0x15/0xb0
[ 62.075649][ T5888] ? __pfx___might_resched+0x10/0x10
[ 62.075658][ T5888] ? lock_acquire+0x5f/0x360
umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555587b22730 /* 2 entries */, 32768) = 48
[ 62.075670][ T5888] should_fail_ex+0x46c/0x600
[ 62.075683][ T5888] ? alloc_extent_state+0x22/0x2f0
[ 62.075695][ T5888] should_failslab+0xa8/0x100
[ 62.075707][ T5888] ? alloc_extent_state+0x22/0x2f0
[ 62.075718][ T5888] kmem_cache_alloc_noprof+0x6e/0x310
[ 62.075731][ T5888] alloc_extent_state+0x22/0x2f0
[ 62.075744][ T5888] set_extent_bit+0x270/0x21e0
[ 62.075758][ T5888] ? rt_mutex_slowunlock+0x493/0x8a0
[ 62.075768][ T5888] ? __pfx_set_extent_bit+0x10/0x10
[ 62.075780][ T5888] ? __pfx_rt_mutex_slowunlock+0x10/0x10
getdents64(4, 0x555587b22730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./3/file0") = 0
umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./3/binderfs") = 0
getdents64(3, 0x555587b1a6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./3") = 0
[ 62.075789][ T5888] ? lock_release+0x4b/0x3e0
[ 62.075807][ T5888] btrfs_set_extent_bit+0x38/0x50
[ 62.075828][ T5888] btrfs_update_block_group+0x712/0xb00
[ 62.075854][ T5888] __btrfs_free_extent+0x16a0/0x4250
[ 62.075877][ T5888] ? __pfx___btrfs_free_extent+0x10/0x10
[ 62.075893][ T5888] ? migrate_disable+0x160/0x190
[ 62.075911][ T5888] ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 62.075928][ T5888] ? lock_release+0x4b/0x3e0
[ 62.075947][ T5888] ? rcu_is_watching+0x15/0xb0
[ 62.075972][ T5888] __btrfs_run_delayed_refs+0xe7f/0x4150
mkdir("./4", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
[ 62.076001][ T5888] ? is_bpf_text_address+0x26/0x2b0
[ 62.076019][ T5888] ? is_bpf_text_address+0x292/0x2b0
[ 62.076031][ T5888] ? __pfx___btrfs_run_delayed_refs+0x10/0x10
[ 62.076044][ T5888] ? try_to_take_rt_mutex+0x840/0xb00
[ 62.076053][ T5888] ? unwind_get_return_address+0x4d/0x90
[ 62.076065][ T5888] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 62.076075][ T5888] ? arch_stack_walk+0xfc/0x150
[ 62.076089][ T5888] ? rtlock_slowlock_locked+0xd8/0x4010
[ 62.076099][ T5888] ? stack_trace_save+0x9c/0xe0
[ 62.076107][ T5888] ? __pfx_stack_trace_save+0x10/0x10
[ 62.076116][ T5888] ? stack_depot_save_flags+0x40/0x860
[ 62.076127][ T5888] ? btrfs_commit_transaction+0x161/0x3950
[ 62.076139][ T5888] ? rcu_is_watching+0x15/0xb0
[ 62.076151][ T5888] ? lock_acquire+0x5f/0x360
[ 62.076161][ T5888] ? rcu_is_watching+0x15/0xb0
[ 62.076174][ T5888] btrfs_run_delayed_refs+0xe6/0x3b0
[ 62.076187][ T5888] btrfs_commit_transaction+0x269/0x3950
[ 62.076199][ T5888] ? rcu_is_watching+0x15/0xb0
[ 62.076211][ T5888] ? btrfs_commit_transaction+0x161/0x3950
close(3) = 0
[ 62.076222][ T5888] ? lock_acquire+0x5f/0x360
[ 62.076232][ T5888] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 62.076244][ T5888] ? rt_mutex_slowunlock+0x493/0x8a0
[ 62.076252][ T5888] ? migrate_disable+0xd5/0x190
[ 62.076263][ T5888] ? join_transaction+0x41b/0xca0
[ 62.076273][ T5888] ? rcu_is_watching+0x15/0xb0
[ 62.076291][ T5888] ? lock_acquire+0x5f/0x360
[ 62.076302][ T5888] ? __pfx_btrfs_commit_transaction+0x10/0x10
[ 62.076314][ T5888] ? join_transaction+0x41b/0xca0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555587b19650) = 5905
./strace-static-x86_64: Process 5905 attached
[pid 5905] set_robust_list(0x555587b19660, 24) = 0
[pid 5905] chdir("./4") = 0
[pid 5905] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5905] setpgid(0, 0) = 0
[pid 5905] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[ 62.076326][ T5888] ? btrfs_record_root_in_trans+0x91/0x180
[ 62.076337][ T5888] ? start_transaction+0x439/0x1620
[ 62.076350][ T5888] ? btrfs_attach_transaction_barrier+0x32/0xa0
[ 62.076361][ T5888] ? btrfs_sync_fs+0x1b2/0x6a0
[ 62.076373][ T5888] sync_filesystem+0x1ce/0x250
[ 62.076387][ T5888] btrfs_reconfigure+0x2fa/0x2160
[ 62.076398][ T5888] ? __pfx_list_lru_walk_node+0x10/0x10
[ 62.076411][ T5888] ? __pfx_btrfs_reconfigure+0x10/0x10
[ 62.076420][ T5888] ? __pfx_shrink_dcache_sb+0x10/0x10
[ 62.076434][ T5888] ? rcu_is_watching+0x15/0xb0
[pid 5905] write(3, "1000", 4) = 4
[pid 5905] close(3) = 0
[pid 5905] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5905] write(1, "executing program\n", 18executing program
) = 18
[pid 5905] memfd_create("syzkaller", 0) = 3
[ 62.076447][ T5888] reconfigure_super+0x224/0x890
[ 62.076459][ T5888] path_mount+0xd18/0xfe0
[ 62.076473][ T5888] __se_sys_mount+0x317/0x410
[ 62.076486][ T5888] ? __pfx___se_sys_mount+0x10/0x10
[ 62.076497][ T5888] ? rcu_is_watching+0x15/0xb0
[ 62.076510][ T5888] ? __x64_sys_mount+0x20/0xc0
[ 62.076521][ T5888] do_syscall_64+0xfa/0x3b0
[ 62.076532][ T5888] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 62.076541][ T5888] ? clear_bhb_loop+0x60/0xb0
[ 62.076551][ T5888] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[pid 5905] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6bc3f59000
[ 62.076560][ T5888] RIP: 0033:0x7f6bcc3a931a
[ 62.076570][ T5888] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 3e 07 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 62.076578][ T5888] RSP: 002b:00007ffca25590d8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 62.076589][ T5888] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6bcc3a931a
[ 62.076596][ T5888] RDX: 0000200000000180 RSI: 00002000000006c0 RDI: 0000000000000000
[ 62.076602][ T5888] RBP: 0000200000000180 R08: 00007ffca2559170 R09: 0000200000000080
[ 62.076608][ T5888] R10: 0000000001a4243c R11: 0000000000000206 R12: 00002000000006c0
[ 62.076615][ T5888] R13: 00007ffca2559170 R14: 0000000000000000 R15: 0000200000000700
[ 62.076624][ T5888]
[ 62.168448][ T5833] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[pid 5905] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5905] munmap(0x7f6bc3f59000, 138412032) = 0
[pid 5905] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5905] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5905] close(3) = 0
[pid 5905] close(4) = 0
[pid 5905] mkdir("./file0", 0777) = 0
[ 62.679601][ T5905] loop0: detected capacity change from 0 to 32768
[ 62.695165][ T5905] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor410 (5905)
[ 62.709300][ T5905] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 62.709344][ T5905] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[pid 5905] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,metadata_ratio=0x0000000000000000,ssd_spread,") = 0
[pid 5905] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5905] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid 5905] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[ 62.709380][ T5905] BTRFS info (device loop0): using free-space-tree
[ 62.753688][ T5905] BTRFS info (device loop0): rebuilding free space tree
[pid 5905] chdir("./file0") = 0
[pid 5905] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 4
[pid 5905] ioctl(4, IMADDTIMER, 0x200000001b00) = 0
[pid 5905] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5905] write(5, "31", 2) = 2
[pid 5905] mkdir(".", 0777) = -1 EEXIST (File exists)
[pid 5905] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = 0
[pid 5905] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 6
[ 62.820630][ T13] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 62.843403][ T5905] FAULT_INJECTION: forcing a failure.
[ 62.843403][ T5905] name failslab, interval 1, probability 0, space 0, times 0
[ 62.843425][ T5905] CPU: 0 UID: 0 PID: 5905 Comm: syz-executor410 Tainted: G W 6.17.0-rc1-syzkaller-00214-g99bade344cfa #0 PREEMPT_{RT,(full)}
[pid 5905] exit_group(0) = ?
[pid 5905] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5905, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=11 /* 0.11 s */} ---
[ 62.843440][ T5905] Tainted: [W]=WARN
[ 62.843443][ T5905] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 62.843449][ T5905] Call Trace:
[ 62.843453][ T5905]
[ 62.843457][ T5905] dump_stack_lvl+0x189/0x250
[ 62.843484][ T5905] ? __pfx____ratelimit+0x10/0x10
[ 62.843496][ T5905] ? __pfx_dump_stack_lvl+0x10/0x10
[ 62.843507][ T5905] ? __pfx__printk+0x10/0x10
[ 62.843517][ T5905] ? fs_reclaim_acquire+0x7d/0x100
[ 62.843526][ T5905] ? rcu_is_watching+0x15/0xb0
umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[ 62.843539][ T5905] ? __pfx___might_resched+0x10/0x10
[ 62.843549][ T5905] ? lock_acquire+0x5f/0x360
[ 62.843560][ T5905] should_fail_ex+0x46c/0x600
[ 62.843573][ T5905] ? alloc_extent_state+0x22/0x2f0
[ 62.843585][ T5905] should_failslab+0xa8/0x100
[ 62.843597][ T5905] ? alloc_extent_state+0x22/0x2f0
[ 62.843609][ T5905] kmem_cache_alloc_noprof+0x6e/0x310
[ 62.843621][ T5905] alloc_extent_state+0x22/0x2f0
[ 62.843633][ T5905] set_extent_bit+0x270/0x21e0
[ 62.843648][ T5905] ? rt_mutex_slowunlock+0x493/0x8a0
getdents64(3, 0x555587b1a6f0 /* 4 entries */, 32768) = 112
[ 62.843658][ T5905] ? __pfx_set_extent_bit+0x10/0x10
[ 62.843670][ T5905] ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 62.843679][ T5905] ? lock_release+0x4b/0x3e0
[ 62.843690][ T5905] btrfs_set_extent_bit+0x38/0x50
[ 62.843703][ T5905] btrfs_update_block_group+0x712/0xb00
[ 62.843718][ T5905] __btrfs_free_extent+0x16a0/0x4250
[ 62.843732][ T5905] ? __pfx___btrfs_free_extent+0x10/0x10
[ 62.843741][ T5905] ? migrate_disable+0x160/0x190
[ 62.843752][ T5905] ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 62.843761][ T5905] ? lock_release+0x4b/0x3e0
umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[ 62.843773][ T5905] __btrfs_run_delayed_refs+0xe7f/0x4150
[ 62.843789][ T5905] ? is_bpf_text_address+0x26/0x2b0
[ 62.843805][ T5905] ? is_bpf_text_address+0x292/0x2b0
[ 62.843816][ T5905] ? __pfx___btrfs_run_delayed_refs+0x10/0x10
[ 62.843830][ T5905] ? try_to_take_rt_mutex+0x840/0xb00
[ 62.843838][ T5905] ? unwind_get_return_address+0x4d/0x90
[ 62.843851][ T5905] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 62.843861][ T5905] ? arch_stack_walk+0xfc/0x150
[ 62.843875][ T5905] ? rtlock_slowlock_locked+0xd8/0x4010
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555587b22730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555587b22730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./4/file0") = 0
umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./4/binderfs") = 0
getdents64(3, 0x555587b1a6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./4") = 0
mkdir("./5", 0777) = 0
[ 62.843885][ T5905] ? stack_trace_save+0x9c/0xe0
[ 62.843893][ T5905] ? __pfx_stack_trace_save+0x10/0x10
[ 62.843903][ T5905] ? stack_depot_save_flags+0x40/0x860
[ 62.843914][ T5905] ? btrfs_commit_transaction+0x161/0x3950
[ 62.843926][ T5905] ? rcu_is_watching+0x15/0xb0
[ 62.843939][ T5905] ? lock_acquire+0x5f/0x360
[ 62.843949][ T5905] ? rcu_is_watching+0x15/0xb0
[ 62.843961][ T5905] btrfs_run_delayed_refs+0xe6/0x3b0
[ 62.843975][ T5905] btrfs_commit_transaction+0x269/0x3950
[ 62.843986][ T5905] ? rcu_is_watching+0x15/0xb0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
[ 62.843998][ T5905] ? btrfs_commit_transaction+0x161/0x3950
[ 62.844009][ T5905] ? lock_acquire+0x5f/0x360
[ 62.844019][ T5905] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 62.844031][ T5905] ? rt_mutex_slowunlock+0x493/0x8a0
[ 62.844039][ T5905] ? migrate_disable+0xd5/0x190
[ 62.844050][ T5905] ? join_transaction+0x41b/0xca0
[ 62.844060][ T5905] ? rcu_is_watching+0x15/0xb0
[ 62.844072][ T5905] ? lock_acquire+0x5f/0x360
[ 62.844083][ T5905] ? __pfx_btrfs_commit_transaction+0x10/0x10
[ 62.844095][ T5905] ? join_transaction+0x41b/0xca0
[ 62.844107][ T5905] ? btrfs_record_root_in_trans+0x91/0x180
[ 62.844118][ T5905] ? start_transaction+0x439/0x1620
[ 62.844131][ T5905] ? btrfs_attach_transaction_barrier+0x32/0xa0
[ 62.844142][ T5905] ? btrfs_sync_fs+0x1b2/0x6a0
[ 62.844154][ T5905] sync_filesystem+0x1ce/0x250
[ 62.844167][ T5905] btrfs_reconfigure+0x2fa/0x2160
[ 62.844178][ T5905] ? __pfx_list_lru_walk_node+0x10/0x10
[ 62.844190][ T5905] ? __pfx_btrfs_reconfigure+0x10/0x10
[ 62.844199][ T5905] ? __pfx_shrink_dcache_sb+0x10/0x10
[ 62.844213][ T5905] ? rcu_is_watching+0x15/0xb0
[ 62.844226][ T5905] reconfigure_super+0x224/0x890
[ 62.844238][ T5905] path_mount+0xd18/0xfe0
[ 62.844251][ T5905] __se_sys_mount+0x317/0x410
[ 62.844263][ T5905] ? __pfx___se_sys_mount+0x10/0x10
[ 62.844275][ T5905] ? rcu_is_watching+0x15/0xb0
[ 62.844288][ T5905] ? __x64_sys_mount+0x20/0xc0
[ 62.844299][ T5905] do_syscall_64+0xfa/0x3b0
[ 62.844310][ T5905] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 62.844319][ T5905] ? clear_bhb_loop+0x60/0xb0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5922 attached
, child_tidptr=0x555587b19650) = 5922
[pid 5922] set_robust_list(0x555587b19660, 24) = 0
[pid 5922] chdir("./5") = 0
[pid 5922] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[ 62.844328][ T5905] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 62.844337][ T5905] RIP: 0033:0x7f6bcc3a931a
[ 62.844347][ T5905] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 3e 07 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 62.844354][ T5905] RSP: 002b:00007ffca25590d8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 62.844365][ T5905] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6bcc3a931a
[pid 5922] setpgid(0, 0) = 0
[pid 5922] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5922] write(3, "1000", 4) = 4
[pid 5922] close(3) = 0
[pid 5922] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 5922] write(1, "executing program\n", 18) = 18
[pid 5922] memfd_create("syzkaller", 0) = 3
[pid 5922] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6bc3f59000
[ 62.844372][ T5905] RDX: 0000200000000180 RSI: 00002000000006c0 RDI: 0000000000000000
[ 62.844378][ T5905] RBP: 0000200000000180 R08: 00007ffca2559170 R09: 0000200000000080
[ 62.844385][ T5905] R10: 0000000001a4243c R11: 0000000000000206 R12: 00002000000006c0
[ 62.844391][ T5905] R13: 00007ffca2559170 R14: 0000000000000000 R15: 0000200000000700
[ 62.844400][ T5905]
[ 62.999440][ T5833] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[pid 5922] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5922] munmap(0x7f6bc3f59000, 138412032) = 0
[pid 5922] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5922] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5922] close(3) = 0
[pid 5922] close(4) = 0
[pid 5922] mkdir("./file0", 0777) = 0
[ 63.477177][ T5922] loop0: detected capacity change from 0 to 32768
[ 63.497250][ T5922] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor410 (5922)
[ 63.500303][ T5922] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[pid 5922] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,metadata_ratio=0x0000000000000000,ssd_spread,") = 0
[pid 5922] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5922] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid 5922] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 5922] chdir("./file0") = 0
[pid 5922] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 4
[pid 5922] ioctl(4, IMADDTIMER, 0x200000001b00) = 0
[pid 5922] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5922] write(5, "31", 2) = 2
[pid 5922] mkdir(".", 0777) = -1 EEXIST (File exists)
[ 63.500362][ T5922] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[ 63.500423][ T5922] BTRFS info (device loop0): using free-space-tree
[ 63.566402][ T5922] BTRFS info (device loop0): rebuilding free space tree
[pid 5922] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = 0
[pid 5922] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 6
[pid 5922] exit_group(0) = ?
[pid 5922] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5922, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=8 /* 0.08 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 63.622415][ T13] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555587b1a6f0 /* 4 entries */, 32768) = 112
umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 63.760138][ T5833] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555587b22730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555587b22730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./5/file0") = 0
umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./5/binderfs") = 0
getdents64(3, 0x555587b1a6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./5") = 0
mkdir("./6", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5939 attached
, child_tidptr=0x555587b19650) = 5939
[pid 5939] set_robust_list(0x555587b19660, 24) = 0
[pid 5939] chdir("./6") = 0
[pid 5939] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5939] setpgid(0, 0) = 0
[pid 5939] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5939] write(3, "1000", 4) = 4
[pid 5939] close(3) = 0
[pid 5939] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5939] write(1, "executing program\n", 18executing program
) = 18
[pid 5939] memfd_create("syzkaller", 0) = 3
[pid 5939] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6bc3f59000
[pid 5939] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5939] munmap(0x7f6bc3f59000, 138412032) = 0
[pid 5939] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5939] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5939] close(3) = 0
[pid 5939] close(4) = 0
[pid 5939] mkdir("./file0", 0777) = 0
[ 64.296734][ T5939] loop0: detected capacity change from 0 to 32768
[ 64.326432][ T5939] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor410 (5939)
[pid 5939] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,metadata_ratio=0x0000000000000000,ssd_spread,") = 0
[ 64.331852][ T5939] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 64.331910][ T5939] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[ 64.331962][ T5939] BTRFS info (device loop0): using free-space-tree
[ 64.350952][ T5939] BTRFS info (device loop0): rebuilding free space tree
[pid 5939] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5939] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid 5939] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 5939] chdir("./file0") = 0
[pid 5939] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 4
[pid 5939] ioctl(4, IMADDTIMER, 0x200000001b00) = 0
[pid 5939] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5939] write(5, "31", 2) = 2
[pid 5939] mkdir(".", 0777) = -1 EEXIST (File exists)
[pid 5939] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = 0
[pid 5939] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 6
[pid 5939] exit_group(0) = ?
[pid 5939] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5939, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=8 /* 0.08 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[ 64.456161][ T13] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
getdents64(3, 0x555587b1a6f0 /* 4 entries */, 32768) = 112
umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[ 64.569935][ T5833] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
getdents64(4, 0x555587b22730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555587b22730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./6/file0") = 0
umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./6/binderfs") = 0
getdents64(3, 0x555587b1a6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./6") = 0
mkdir("./7", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5956 attached
, child_tidptr=0x555587b19650) = 5956
[pid 5956] set_robust_list(0x555587b19660, 24) = 0
[pid 5956] chdir("./7") = 0
[pid 5956] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5956] setpgid(0, 0) = 0
[pid 5956] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5956] write(3, "1000", 4) = 4
[pid 5956] close(3) = 0
[pid 5956] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 5956] write(1, "executing program\n", 18) = 18
[pid 5956] memfd_create("syzkaller", 0) = 3
[pid 5956] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6bc3f59000
[pid 5956] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5956] munmap(0x7f6bc3f59000, 138412032) = 0
[pid 5956] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5956] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5956] close(3) = 0
[pid 5956] close(4) = 0
[pid 5956] mkdir("./file0", 0777) = 0
[ 65.029235][ T5956] loop0: detected capacity change from 0 to 32768
[ 65.046838][ T5956] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor410 (5956)
[ 65.050268][ T5956] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[pid 5956] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,metadata_ratio=0x0000000000000000,ssd_spread,") = 0
[pid 5956] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[ 65.050326][ T5956] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[ 65.050380][ T5956] BTRFS info (device loop0): using free-space-tree
[ 65.106214][ T5956] BTRFS info (device loop0): rebuilding free space tree
[pid 5956] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid 5956] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 5956] chdir("./file0") = 0
[pid 5956] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 4
[pid 5956] ioctl(4, IMADDTIMER, 0x200000001b00) = 0
[pid 5956] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5956] write(5, "31", 2) = 2
[pid 5956] mkdir(".", 0777) = -1 EEXIST (File exists)
[ 65.196079][ T13] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[pid 5956] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument)
[pid 5956] exit_group(0) = ?
[pid 5956] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5956, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=10 /* 0.10 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
[ 65.254456][ T5956] FAULT_INJECTION: forcing a failure.
[ 65.254456][ T5956] name failslab, interval 1, probability 0, space 0, times 0
[ 65.254498][ T5956] CPU: 0 UID: 0 PID: 5956 Comm: syz-executor410 Tainted: G W 6.17.0-rc1-syzkaller-00214-g99bade344cfa #0 PREEMPT_{RT,(full)}
[ 65.254513][ T5956] Tainted: [W]=WARN
[ 65.254516][ T5956] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 65.254522][ T5956] Call Trace:
[ 65.254526][ T5956]
umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[ 65.254530][ T5956] dump_stack_lvl+0x189/0x250
[ 65.254548][ T5956] ? __pfx____ratelimit+0x10/0x10
[ 65.254560][ T5956] ? __pfx_dump_stack_lvl+0x10/0x10
[ 65.254572][ T5956] ? __pfx__printk+0x10/0x10
[ 65.254582][ T5956] ? fs_reclaim_acquire+0x7d/0x100
[ 65.254591][ T5956] ? rcu_is_watching+0x15/0xb0
[ 65.254604][ T5956] ? __pfx___might_resched+0x10/0x10
[ 65.254614][ T5956] ? lock_acquire+0x5f/0x360
[ 65.254629][ T5956] should_fail_ex+0x46c/0x600
[ 65.254641][ T5956] ? add_delayed_ref+0x11a/0x1d80
getdents64(3, 0x555587b1a6f0 /* 4 entries */, 32768) = 112
[ 65.254654][ T5956] should_failslab+0xa8/0x100
[ 65.254666][ T5956] ? add_delayed_ref+0x11a/0x1d80
[ 65.254678][ T5956] kmem_cache_alloc_noprof+0x6e/0x310
[ 65.254691][ T5956] add_delayed_ref+0x11a/0x1d80
[ 65.254703][ T5956] ? btrfs_clear_buffer_dirty+0x264/0xc20
[ 65.254715][ T5956] ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 65.254726][ T5956] btrfs_free_tree_block+0x2c6/0xd00
[ 65.254736][ T5956] ? __pfx_btrfs_free_tree_block+0x10/0x10
[ 65.254746][ T5956] ? btrfs_tree_mod_log_insert_root+0xa7/0xb20
[ 65.254759][ T5956] ? __write_extent_buffer+0x27a/0x6c0
[ 65.254767][ T5956] ? btrfs_force_cow_block+0x9ee/0x2460
[ 65.254779][ T5956] btrfs_force_cow_block+0xff1/0x2460
[ 65.254793][ T5956] ? __pfx_btrfs_force_cow_block+0x10/0x10
[ 65.254804][ T5956] ? rwbase_write_lock+0x56f/0x750
[ 65.254817][ T5956] btrfs_cow_block+0x40a/0x9a0
[ 65.254829][ T5956] btrfs_search_slot+0xd17/0x2ba0
[ 65.254842][ T5956] ? rt_read_lock+0x260/0x360
[ 65.254851][ T5956] ? __pfx_btrfs_search_slot+0x10/0x10
[ 65.254865][ T5956] ? __kasan_slab_alloc+0x6c/0x80
umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555587b22730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555587b22730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./7/file0") = 0
umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./7/binderfs") = 0
getdents64(3, 0x555587b1a6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./7") = 0
[ 65.254875][ T5956] ? btrfs_add_to_free_space_tree+0xde/0x5b0
[ 65.254886][ T5956] ? __btrfs_free_extent+0x167b/0x4250
[ 65.254901][ T5956] ? __btrfs_run_delayed_refs+0xe7f/0x4150
[ 65.254915][ T5956] add_free_space_extent+0x3ac/0xb50
[ 65.254926][ T5956] ? rt_read_lock+0x1f8/0x360
[ 65.254936][ T5956] ? __pfx_add_free_space_extent+0x10/0x10
[ 65.254946][ T5956] ? rcu_is_watching+0x15/0xb0
[ 65.254961][ T5956] ? __add_block_group_free_space+0x82/0x8b0
[ 65.254973][ T5956] ? __btrfs_add_to_free_space_tree+0x1ae/0x270
mkdir("./8", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
[ 65.254984][ T5956] ? mutex_lock_nested+0x154/0x1d0
[ 65.254997][ T5956] btrfs_add_to_free_space_tree+0x155/0x5b0
[ 65.255009][ T5956] __btrfs_free_extent+0x167b/0x4250
[ 65.255021][ T5956] ? __pfx___btrfs_free_extent+0x10/0x10
[ 65.255031][ T5956] ? migrate_disable+0x160/0x190
[ 65.255042][ T5956] ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 65.255051][ T5956] ? lock_release+0x4b/0x3e0
[ 65.255063][ T5956] __btrfs_run_delayed_refs+0xe7f/0x4150
[ 65.255079][ T5956] ? is_bpf_text_address+0x26/0x2b0
[ 65.255095][ T5956] ? is_bpf_text_address+0x292/0x2b0
[ 65.255106][ T5956] ? __pfx___btrfs_run_delayed_refs+0x10/0x10
[ 65.255119][ T5956] ? try_to_take_rt_mutex+0x840/0xb00
[ 65.255128][ T5956] ? unwind_get_return_address+0x4d/0x90
[ 65.255140][ T5956] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 65.255153][ T5956] ? arch_stack_walk+0xfc/0x150
[ 65.255167][ T5956] ? rtlock_slowlock_locked+0xd8/0x4010
[ 65.255177][ T5956] ? stack_trace_save+0x9c/0xe0
[ 65.255185][ T5956] ? __pfx_stack_trace_save+0x10/0x10
[ 65.255194][ T5956] ? stack_depot_save_flags+0x40/0x860
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5975 attached
, child_tidptr=0x555587b19650) = 5975
[pid 5975] set_robust_list(0x555587b19660, 24) = 0
[pid 5975] chdir("./8") = 0
[pid 5975] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[ 65.255206][ T5956] ? btrfs_commit_transaction+0x161/0x3950
[ 65.255218][ T5956] ? rcu_is_watching+0x15/0xb0
[ 65.255230][ T5956] ? lock_acquire+0x5f/0x360
[ 65.255240][ T5956] ? rcu_is_watching+0x15/0xb0
[ 65.255253][ T5956] btrfs_run_delayed_refs+0xe6/0x3b0
[ 65.255266][ T5956] btrfs_commit_transaction+0x269/0x3950
[ 65.255278][ T5956] ? rcu_is_watching+0x15/0xb0
[ 65.255289][ T5956] ? btrfs_commit_transaction+0x161/0x3950
[ 65.255300][ T5956] ? lock_acquire+0x5f/0x360
[pid 5975] setpgid(0, 0) = 0
[pid 5975] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5975] write(3, "1000", 4) = 4
[pid 5975] close(3) = 0
[pid 5975] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5975] write(1, "executing program\n", 18executing program
) = 18
[ 65.255311][ T5956] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 65.255322][ T5956] ? rt_mutex_slowunlock+0x493/0x8a0
[ 65.255330][ T5956] ? migrate_disable+0xd5/0x190
[ 65.255341][ T5956] ? join_transaction+0x41b/0xca0
[ 65.255351][ T5956] ? rcu_is_watching+0x15/0xb0
[ 65.255363][ T5956] ? lock_acquire+0x5f/0x360
[ 65.255374][ T5956] ? __pfx_btrfs_commit_transaction+0x10/0x10
[ 65.255385][ T5956] ? join_transaction+0x41b/0xca0
[ 65.255398][ T5956] ? btrfs_record_root_in_trans+0x91/0x180
[ 65.255409][ T5956] ? start_transaction+0x439/0x1620
[pid 5975] memfd_create("syzkaller", 0) = 3
[pid 5975] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6bc3f59000
[ 65.255422][ T5956] ? btrfs_attach_transaction_barrier+0x32/0xa0
[ 65.255433][ T5956] ? btrfs_sync_fs+0x1b2/0x6a0
[ 65.255445][ T5956] sync_filesystem+0x1ce/0x250
[ 65.255458][ T5956] btrfs_reconfigure+0x2fa/0x2160
[ 65.255469][ T5956] ? __pfx_list_lru_walk_node+0x10/0x10
[ 65.255482][ T5956] ? __pfx_btrfs_reconfigure+0x10/0x10
[ 65.255491][ T5956] ? __pfx_shrink_dcache_sb+0x10/0x10
[ 65.255505][ T5956] ? rcu_is_watching+0x15/0xb0
[ 65.255518][ T5956] reconfigure_super+0x224/0x890
[ 65.255530][ T5956] path_mount+0xd18/0xfe0
[ 65.255543][ T5956] __se_sys_mount+0x317/0x410
[ 65.255555][ T5956] ? __pfx___se_sys_mount+0x10/0x10
[ 65.255566][ T5956] ? rcu_is_watching+0x15/0xb0
[ 65.255579][ T5956] ? __x64_sys_mount+0x20/0xc0
[ 65.255591][ T5956] do_syscall_64+0xfa/0x3b0
[ 65.255602][ T5956] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 65.255610][ T5956] ? clear_bhb_loop+0x60/0xb0
[ 65.255620][ T5956] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 65.255634][ T5956] RIP: 0033:0x7f6bcc3a931a
[ 65.255644][ T5956] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 3e 07 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 65.255651][ T5956] RSP: 002b:00007ffca25590d8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 65.255662][ T5956] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6bcc3a931a
[ 65.255669][ T5956] RDX: 0000200000000180 RSI: 00002000000006c0 RDI: 0000000000000000
[ 65.255675][ T5956] RBP: 0000200000000180 R08: 00007ffca2559170 R09: 0000200000000080
[pid 5975] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[ 65.255682][ T5956] R10: 0000000001a4243c R11: 0000000000000206 R12: 00002000000006c0
[ 65.255688][ T5956] R13: 00007ffca2559170 R14: 0000000000000000 R15: 0000200000000700
[ 65.255697][ T5956]
[ 65.255704][ T5956] BTRFS error (device loop0 state A): Transaction aborted (error -12)
[ 65.255716][ T5956] BTRFS: error (device loop0 state A) in btrfs_force_cow_block:571: errno=-12 Out of memory
[ 65.255726][ T5956] BTRFS info (device loop0 state EA): forced readonly
[ 65.255737][ T5956] BTRFS: error (device loop0 state EA) in btrfs_add_to_free_space_tree:1051: errno=-12 Out of memory
[pid 5975] munmap(0x7f6bc3f59000, 138412032) = 0
[pid 5975] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5975] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5975] close(3) = 0
[pid 5975] close(4) = 0
[pid 5975] mkdir("./file0", 0777) = 0
[ 65.255753][ T5956] BTRFS: error (device loop0 state EA) in do_free_extent_accounting:3005: errno=-12 Out of memory
[ 65.255767][ T5956] BTRFS error (device loop0 state EA): failed to run delayed ref for logical 5386240 num_bytes 4096 type 176 action 2 ref_mod 1: -12
[ 65.255788][ T5956] BTRFS: error (device loop0 state EA) in btrfs_run_delayed_refs:2161: errno=-12 Out of memory
[ 65.264250][ T5956] BTRFS error (device loop0 state EMA): remounting read-write after error is not allowed
[ 65.407345][ T5833] BTRFS info (device loop0 state EA): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 65.927365][ T5975] loop0: detected capacity change from 0 to 32768
[ 65.948446][ T5975] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor410 (5975)
[ 65.967201][ T5975] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 65.967262][ T5975] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[ 65.967340][ T5975] BTRFS info (device loop0): using free-space-tree
[pid 5975] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,metadata_ratio=0x0000000000000000,ssd_spread,") = 0
[pid 5975] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5975] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[ 66.031904][ T5975] BTRFS info (device loop0): rebuilding free space tree
[pid 5975] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 5975] chdir("./file0") = 0
[pid 5975] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 4
[pid 5975] ioctl(4, IMADDTIMER, 0x200000001b00) = 0
[pid 5975] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5975] write(5, "31", 2) = 2
[pid 5975] mkdir(".", 0777) = -1 EEXIST (File exists)
[pid 5975] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = 0
[pid 5975] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 6
[ 66.096094][ T1516] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 66.144397][ T5975] FAULT_INJECTION: forcing a failure.
[pid 5975] exit_group(0) = ?
[pid 5975] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5975, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=13 /* 0.13 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555587b1a6f0 /* 4 entries */, 32768) = 112
[ 66.144397][ T5975] name failslab, interval 1, probability 0, space 0, times 0
[ 66.144422][ T5975] CPU: 1 UID: 0 PID: 5975 Comm: syz-executor410 Tainted: G W 6.17.0-rc1-syzkaller-00214-g99bade344cfa #0 PREEMPT_{RT,(full)}
[ 66.144438][ T5975] Tainted: [W]=WARN
[ 66.144441][ T5975] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 66.144446][ T5975] Call Trace:
[ 66.144454][ T5975]
[ 66.144459][ T5975] dump_stack_lvl+0x189/0x250
[ 66.144479][ T5975] ? __pfx____ratelimit+0x10/0x10
[ 66.144491][ T5975] ? __pfx_dump_stack_lvl+0x10/0x10
[ 66.144503][ T5975] ? __pfx__printk+0x10/0x10
[ 66.144512][ T5975] ? fs_reclaim_acquire+0x7d/0x100
[ 66.144521][ T5975] ? rcu_is_watching+0x15/0xb0
[ 66.144538][ T5975] ? __pfx___might_resched+0x10/0x10
[ 66.144559][ T5975] ? lock_acquire+0x5f/0x360
[ 66.144579][ T5975] should_fail_ex+0x46c/0x600
[ 66.144592][ T5975] ? alloc_extent_state+0x22/0x2f0
[ 66.144604][ T5975] should_failslab+0xa8/0x100
[ 66.144617][ T5975] ? alloc_extent_state+0x22/0x2f0
[ 66.144634][ T5975] kmem_cache_alloc_noprof+0x6e/0x310
[ 66.144651][ T5975] alloc_extent_state+0x22/0x2f0
[ 66.144663][ T5975] set_extent_bit+0x270/0x21e0
[ 66.144678][ T5975] ? rt_mutex_slowunlock+0x493/0x8a0
[ 66.144691][ T5975] ? __pfx_set_extent_bit+0x10/0x10
[ 66.144704][ T5975] ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 66.144713][ T5975] ? lock_release+0x4b/0x3e0
[ 66.144724][ T5975] btrfs_set_extent_bit+0x38/0x50
[ 66.144736][ T5975] btrfs_update_block_group+0x712/0xb00
[ 66.144752][ T5975] __btrfs_free_extent+0x16a0/0x4250
umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[ 66.144766][ T5975] ? __pfx___btrfs_free_extent+0x10/0x10
[ 66.144775][ T5975] ? migrate_disable+0x160/0x190
[ 66.144786][ T5975] ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 66.144795][ T5975] ? lock_release+0x4b/0x3e0
[ 66.144813][ T5975] __btrfs_run_delayed_refs+0xe7f/0x4150
[ 66.144830][ T5975] ? is_bpf_text_address+0x26/0x2b0
[ 66.144845][ T5975] ? is_bpf_text_address+0x292/0x2b0
[ 66.144860][ T5975] ? __pfx___btrfs_run_delayed_refs+0x10/0x10
[ 66.144874][ T5975] ? try_to_take_rt_mutex+0x840/0xb00
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555587b22730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555587b22730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./8/file0") = 0
umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./8/binderfs") = 0
getdents64(3, 0x555587b1a6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./8") = 0
mkdir("./9", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
[ 66.144883][ T5975] ? unwind_get_return_address+0x4d/0x90
[ 66.144895][ T5975] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 66.144905][ T5975] ? arch_stack_walk+0xfc/0x150
[ 66.144922][ T5975] ? rtlock_slowlock_locked+0xd8/0x4010
[ 66.144931][ T5975] ? stack_trace_save+0x9c/0xe0
[ 66.144940][ T5975] ? __pfx_stack_trace_save+0x10/0x10
[ 66.144949][ T5975] ? stack_depot_save_flags+0x40/0x860
[ 66.144961][ T5975] ? btrfs_commit_transaction+0x161/0x3950
[ 66.144973][ T5975] ? rcu_is_watching+0x15/0xb0
[ 66.144991][ T5975] ? lock_acquire+0x5f/0x360
[ 66.145001][ T5975] ? rcu_is_watching+0x15/0xb0
[ 66.145014][ T5975] btrfs_run_delayed_refs+0xe6/0x3b0
[ 66.145027][ T5975] btrfs_commit_transaction+0x269/0x3950
[ 66.145039][ T5975] ? rcu_is_watching+0x15/0xb0
[ 66.145051][ T5975] ? btrfs_commit_transaction+0x161/0x3950
[ 66.145065][ T5975] ? lock_acquire+0x5f/0x360
[ 66.145079][ T5975] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 66.145093][ T5975] ? rt_mutex_slowunlock+0x493/0x8a0
[ 66.145102][ T5975] ? migrate_disable+0xd5/0x190
[ 66.145112][ T5975] ? join_transaction+0x41b/0xca0
[ 66.145123][ T5975] ? rcu_is_watching+0x15/0xb0
[ 66.145155][ T5975] ? lock_acquire+0x5f/0x360
[ 66.145166][ T5975] ? __pfx_btrfs_commit_transaction+0x10/0x10
[ 66.145178][ T5975] ? join_transaction+0x41b/0xca0
[ 66.145190][ T5975] ? btrfs_record_root_in_trans+0x91/0x180
[ 66.145201][ T5975] ? start_transaction+0x439/0x1620
[ 66.145215][ T5975] ? btrfs_attach_transaction_barrier+0x32/0xa0
[ 66.145225][ T5975] ? btrfs_sync_fs+0x1b2/0x6a0
[ 66.145237][ T5975] sync_filesystem+0x1ce/0x250
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5994 attached
, child_tidptr=0x555587b19650) = 5994
[pid 5994] set_robust_list(0x555587b19660, 24) = 0
[pid 5994] chdir("./9") = 0
[pid 5994] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[ 66.145252][ T5975] btrfs_reconfigure+0x2fa/0x2160
[ 66.145262][ T5975] ? __pfx_list_lru_walk_node+0x10/0x10
[ 66.145275][ T5975] ? __pfx_btrfs_reconfigure+0x10/0x10
[ 66.145284][ T5975] ? __pfx_shrink_dcache_sb+0x10/0x10
[ 66.145298][ T5975] ? rcu_is_watching+0x15/0xb0
[ 66.145315][ T5975] reconfigure_super+0x224/0x890
[ 66.145327][ T5975] path_mount+0xd18/0xfe0
[ 66.145340][ T5975] __se_sys_mount+0x317/0x410
[ 66.145353][ T5975] ? __pfx___se_sys_mount+0x10/0x10
[ 66.145364][ T5975] ? rcu_is_watching+0x15/0xb0
[pid 5994] setpgid(0, 0) = 0
[pid 5994] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5994] write(3, "1000", 4) = 4
[pid 5994] close(3) = 0
[pid 5994] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 5994] write(1, "executing program\n", 18) = 18
[pid 5994] memfd_create("syzkaller", 0) = 3
[pid 5994] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6bc3f59000
[ 66.145377][ T5975] ? __x64_sys_mount+0x20/0xc0
[ 66.145389][ T5975] do_syscall_64+0xfa/0x3b0
[ 66.145400][ T5975] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 66.145409][ T5975] ? clear_bhb_loop+0x60/0xb0
[ 66.145418][ T5975] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 66.145427][ T5975] RIP: 0033:0x7f6bcc3a931a
[ 66.145440][ T5975] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 3e 07 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 66.145448][ T5975] RSP: 002b:00007ffca25590d8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 66.145459][ T5975] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6bcc3a931a
[ 66.145466][ T5975] RDX: 0000200000000180 RSI: 00002000000006c0 RDI: 0000000000000000
[ 66.145472][ T5975] RBP: 0000200000000180 R08: 00007ffca2559170 R09: 0000200000000080
[ 66.145478][ T5975] R10: 0000000001a4243c R11: 0000000000000206 R12: 00002000000006c0
[ 66.145485][ T5975] R13: 00007ffca2559170 R14: 0000000000000000 R15: 0000200000000700
[ 66.145494][ T5975]
[ 66.301451][ T5833] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[pid 5994] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5994] munmap(0x7f6bc3f59000, 138412032) = 0
[pid 5994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5994] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5994] close(3) = 0
[pid 5994] close(4) = 0
[pid 5994] mkdir("./file0", 0777) = 0
[ 66.741768][ T5994] loop0: detected capacity change from 0 to 32768
[ 66.756772][ T5994] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor410 (5994)
[ 66.761415][ T5994] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[pid 5994] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,metadata_ratio=0x0000000000000000,ssd_spread,") = 0
[pid 5994] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[ 66.761475][ T5994] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[ 66.761528][ T5994] BTRFS info (device loop0): using free-space-tree
[ 66.799807][ T5994] BTRFS info (device loop0): rebuilding free space tree
[pid 5994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid 5994] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 5994] chdir("./file0") = 0
[pid 5994] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 4
[pid 5994] ioctl(4, IMADDTIMER, 0x200000001b00) = 0
[pid 5994] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5994] write(5, "31", 2) = 2
[pid 5994] mkdir(".", 0777) = -1 EEXIST (File exists)
[pid 5994] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = 0
[pid 5994] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 6
[pid 5994] exit_group(0) = ?
[pid 5994] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5994, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=12 /* 0.12 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[ 66.886752][ T43] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555587b1a6f0 /* 4 entries */, 32768) = 112
umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
[ 67.020116][ T5833] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555587b22730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555587b22730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./9/file0") = 0
umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./9/binderfs") = 0
getdents64(3, 0x555587b1a6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./9") = 0
mkdir("./10", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6013 attached
, child_tidptr=0x555587b19650) = 6013
[pid 6013] set_robust_list(0x555587b19660, 24) = 0
[pid 6013] chdir("./10") = 0
[pid 6013] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 6013] setpgid(0, 0) = 0
[pid 6013] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 6013] write(3, "1000", 4) = 4
[pid 6013] close(3) = 0
[pid 6013] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 6013] write(1, "executing program\n", 18) = 18
[pid 6013] memfd_create("syzkaller", 0) = 3
[pid 6013] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6bc3f59000
[pid 6013] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 6013] munmap(0x7f6bc3f59000, 138412032) = 0
[pid 6013] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 6013] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 6013] close(3) = 0
[pid 6013] close(4) = 0
[pid 6013] mkdir("./file0", 0777) = 0
[ 67.553328][ T6013] loop0: detected capacity change from 0 to 32768
[ 67.585030][ T6013] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor410 (6013)
[ 67.598887][ T6013] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 67.598956][ T6013] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[ 67.599022][ T6013] BTRFS info (device loop0): using free-space-tree
[ 67.641639][ T6013] BTRFS info (device loop0): rebuilding free space tree
[pid 6013] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,metadata_ratio=0x0000000000000000,ssd_spread,") = 0
[pid 6013] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 6013] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid 6013] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 6013] chdir("./file0") = 0
[pid 6013] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 4
[pid 6013] ioctl(4, IMADDTIMER, 0x200000001b00) = 0
[pid 6013] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 6013] write(5, "31", 2) = 2
[pid 6013] mkdir(".", 0777) = -1 EEXIST (File exists)
[pid 6013] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = 0
[pid 6013] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 6
[pid 6013] exit_group(0) = ?
[pid 6013] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6013, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=11 /* 0.11 s */} ---
umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 67.707985][ T43] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555587b1a6f0 /* 4 entries */, 32768) = 112
umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 67.850543][ T5833] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555587b22730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555587b22730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./10/file0") = 0
umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./10/binderfs") = 0
getdents64(3, 0x555587b1a6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./10") = 0
mkdir("./11", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6030 attached
, child_tidptr=0x555587b19650) = 6030
[pid 6030] set_robust_list(0x555587b19660, 24) = 0
[pid 6030] chdir("./11") = 0
[pid 6030] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 6030] setpgid(0, 0) = 0
[pid 6030] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 6030] write(3, "1000", 4) = 4
[pid 6030] close(3) = 0
[pid 6030] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 6030] write(1, "executing program\n", 18) = 18
[pid 6030] memfd_create("syzkaller", 0) = 3
[pid 6030] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6bc3f59000
[pid 6030] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 6030] munmap(0x7f6bc3f59000, 138412032) = 0
[pid 6030] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 6030] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 6030] close(3) = 0
[pid 6030] close(4) = 0
[pid 6030] mkdir("./file0", 0777) = 0
[ 68.283163][ T6030] loop0: detected capacity change from 0 to 32768
[ 68.316223][ T6030] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor410 (6030)
[ 68.321808][ T6030] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 68.321871][ T6030] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[ 68.321925][ T6030] BTRFS info (device loop0): using free-space-tree
[pid 6030] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,metadata_ratio=0x0000000000000000,ssd_spread,") = 0
[pid 6030] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 6030] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid 6030] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 6030] chdir("./file0") = 0
[pid 6030] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 4
[ 68.392816][ T6030] BTRFS info (device loop0): rebuilding free space tree
[pid 6030] ioctl(4, IMADDTIMER, 0x200000001b00) = 0
[pid 6030] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 6030] write(5, "31", 2) = 2
[pid 6030] mkdir(".", 0777) = -1 EEXIST (File exists)
[pid 6030] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = 0
[pid 6030] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 6
[pid 6030] exit_group(0) = ?
[pid 6030] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6030, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=10 /* 0.10 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555587b1a6f0 /* 4 entries */, 32768) = 112
[ 68.464242][ T1516] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[ 68.523987][ T5833] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555587b22730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555587b22730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./11/file0") = 0
umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./11/binderfs") = 0
getdents64(3, 0x555587b1a6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./11") = 0
mkdir("./12", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6048 attached
, child_tidptr=0x555587b19650) = 6048
[pid 6048] set_robust_list(0x555587b19660, 24) = 0
[pid 6048] chdir("./12") = 0
[pid 6048] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 6048] setpgid(0, 0) = 0
[pid 6048] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 6048] write(3, "1000", 4) = 4
[pid 6048] close(3) = 0
[pid 6048] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 6048] write(1, "executing program\n", 18) = 18
[pid 6048] memfd_create("syzkaller", 0) = 3
[pid 6048] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6bc3f59000
[pid 6048] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 6048] munmap(0x7f6bc3f59000, 138412032) = 0
[pid 6048] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 6048] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 6048] close(3) = 0
[pid 6048] close(4) = 0
[pid 6048] mkdir("./file0", 0777) = 0
[ 69.111257][ T6048] loop0: detected capacity change from 0 to 32768
[ 69.135628][ T6048] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor410 (6048)
[ 69.152658][ T6048] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 69.152717][ T6048] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[ 69.152767][ T6048] BTRFS info (device loop0): using free-space-tree
[pid 6048] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,metadata_ratio=0x0000000000000000,ssd_spread,") = 0
[pid 6048] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 6048] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid 6048] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 6048] chdir("./file0") = 0
[pid 6048] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 4
[pid 6048] ioctl(4, IMADDTIMER, 0x200000001b00) = 0
[pid 6048] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 6048] write(5, "31", 2) = 2
[pid 6048] mkdir(".", 0777) = -1 EEXIST (File exists)
[ 69.208913][ T6048] BTRFS info (device loop0): rebuilding free space tree
[pid 6048] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument)
[pid 6048] exit_group(0) = ?
[pid 6048] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6048, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[ 69.257889][ T43] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 69.258202][ T6048] FAULT_INJECTION: forcing a failure.
[ 69.258202][ T6048] name failslab, interval 1, probability 0, space 0, times 0
[ 69.258221][ T6048] CPU: 0 UID: 0 PID: 6048 Comm: syz-executor410 Tainted: G W 6.17.0-rc1-syzkaller-00214-g99bade344cfa #0 PREEMPT_{RT,(full)}
[ 69.258236][ T6048] Tainted: [W]=WARN
[ 69.258240][ T6048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
getdents64(3, 0x555587b1a6f0 /* 4 entries */, 32768) = 112
[ 69.258245][ T6048] Call Trace:
[ 69.258249][ T6048]
[ 69.258253][ T6048] dump_stack_lvl+0x189/0x250
[ 69.258270][ T6048] ? __pfx____ratelimit+0x10/0x10
[ 69.258282][ T6048] ? __pfx_dump_stack_lvl+0x10/0x10
[ 69.258294][ T6048] ? __pfx__printk+0x10/0x10
[ 69.258304][ T6048] ? __pfx___might_resched+0x10/0x10
[ 69.258314][ T6048] ? lock_acquire+0x5f/0x360
[ 69.258326][ T6048] should_fail_ex+0x46c/0x600
[ 69.258338][ T6048] ? __btrfs_free_extent+0x2f9/0x4250
[ 69.258348][ T6048] should_failslab+0xa8/0x100
[ 69.258361][ T6048] ? __btrfs_free_extent+0x2f9/0x4250
[ 69.258370][ T6048] kmem_cache_alloc_noprof+0x6e/0x310
[ 69.258383][ T6048] __btrfs_free_extent+0x2f9/0x4250
[ 69.258395][ T6048] ? rt_mutex_slowunlock+0x493/0x8a0
[ 69.258404][ T6048] ? __pfx___btrfs_free_extent+0x10/0x10
[ 69.258413][ T6048] ? __pfx_migrate_enable+0x10/0x10
[ 69.258424][ T6048] ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 69.258433][ T6048] ? lock_release+0x4b/0x3e0
[ 69.258444][ T6048] ? __btrfs_run_delayed_refs+0x33e8/0x4150
[ 69.258459][ T6048] __btrfs_run_delayed_refs+0xe7f/0x4150
[ 69.258474][ T6048] ? is_bpf_text_address+0x26/0x2b0
[ 69.258490][ T6048] ? is_bpf_text_address+0x292/0x2b0
[ 69.258501][ T6048] ? __pfx___btrfs_run_delayed_refs+0x10/0x10
[ 69.258515][ T6048] ? try_to_take_rt_mutex+0x840/0xb00
[ 69.258532][ T6048] ? unwind_get_return_address+0x4d/0x90
[ 69.258545][ T6048] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 69.258555][ T6048] ? arch_stack_walk+0xfc/0x150
[ 69.258569][ T6048] ? rtlock_slowlock_locked+0xd8/0x4010
[ 69.258578][ T6048] ? stack_trace_save+0x9c/0xe0
[ 69.258590][ T6048] ? __pfx_stack_trace_save+0x10/0x10
[ 69.258600][ T6048] ? stack_depot_save_flags+0x40/0x860
[ 69.258615][ T6048] ? btrfs_commit_transaction+0x161/0x3950
[ 69.258627][ T6048] ? rcu_is_watching+0x15/0xb0
[ 69.258641][ T6048] ? lock_acquire+0x5f/0x360
[ 69.258651][ T6048] ? rcu_is_watching+0x15/0xb0
[ 69.258664][ T6048] btrfs_run_delayed_refs+0xe6/0x3b0
[ 69.258677][ T6048] btrfs_commit_transaction+0x269/0x3950
[ 69.258689][ T6048] ? rcu_is_watching+0x15/0xb0
[ 69.258701][ T6048] ? btrfs_commit_transaction+0x161/0x3950
[ 69.258712][ T6048] ? lock_acquire+0x5f/0x360
[ 69.258722][ T6048] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 69.258734][ T6048] ? rt_mutex_slowunlock+0x493/0x8a0
[ 69.258742][ T6048] ? migrate_disable+0xd5/0x190
[ 69.258752][ T6048] ? join_transaction+0x41b/0xca0
[ 69.258763][ T6048] ? rcu_is_watching+0x15/0xb0
[ 69.258775][ T6048] ? lock_acquire+0x5f/0x360
[ 69.258785][ T6048] ? __pfx_btrfs_commit_transaction+0x10/0x10
[ 69.258803][ T6048] ? join_transaction+0x41b/0xca0
[ 69.258815][ T6048] ? btrfs_record_root_in_trans+0x91/0x180
[ 69.258826][ T6048] ? start_transaction+0x439/0x1620
[ 69.258839][ T6048] ? btrfs_attach_transaction_barrier+0x32/0xa0
[ 69.258850][ T6048] ? btrfs_sync_fs+0x1b2/0x6a0
[ 69.258862][ T6048] sync_filesystem+0x1ce/0x250
[ 69.258876][ T6048] btrfs_reconfigure+0x2fa/0x2160
[ 69.258887][ T6048] ? __pfx_list_lru_walk_node+0x10/0x10
[ 69.258900][ T6048] ? __pfx_btrfs_reconfigure+0x10/0x10
[ 69.258909][ T6048] ? __pfx_shrink_dcache_sb+0x10/0x10
umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555587b22730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555587b22730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./12/file0") = 0
umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./12/binderfs") = 0
getdents64(3, 0x555587b1a6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./12") = 0
mkdir("./13", 0777) = 0
[ 69.258923][ T6048] ? rcu_is_watching+0x15/0xb0
[ 69.258937][ T6048] reconfigure_super+0x224/0x890
[ 69.258948][ T6048] path_mount+0xd18/0xfe0
[ 69.258962][ T6048] __se_sys_mount+0x317/0x410
[ 69.258975][ T6048] ? __pfx___se_sys_mount+0x10/0x10
[ 69.258986][ T6048] ? rcu_is_watching+0x15/0xb0
[ 69.258999][ T6048] ? __x64_sys_mount+0x20/0xc0
[ 69.259011][ T6048] do_syscall_64+0xfa/0x3b0
[ 69.259022][ T6048] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 69.259031][ T6048] ? clear_bhb_loop+0x60/0xb0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
[ 69.259041][ T6048] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 69.259049][ T6048] RIP: 0033:0x7f6bcc3a931a
[ 69.259058][ T6048] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 3e 07 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 69.259066][ T6048] RSP: 002b:00007ffca25590d8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6065 attached
, child_tidptr=0x555587b19650) = 6065
[pid 6065] set_robust_list(0x555587b19660, 24) = 0
[pid 6065] chdir("./13") = 0
[pid 6065] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[ 69.259077][ T6048] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6bcc3a931a
[ 69.259084][ T6048] RDX: 0000200000000180 RSI: 00002000000006c0 RDI: 0000000000000000
[ 69.259090][ T6048] RBP: 0000200000000180 R08: 00007ffca2559170 R09: 0000200000000080
[ 69.259097][ T6048] R10: 0000000001a4243c R11: 0000000000000206 R12: 00002000000006c0
[ 69.259103][ T6048] R13: 00007ffca2559170 R14: 0000000000000000 R15: 0000200000000700
[ 69.259112][ T6048]
[ 69.259117][ T6048] BTRFS error (device loop0): failed to run delayed ref for logical 5394432 num_bytes 4096 type 176 action 2 ref_mod 1: -12
[pid 6065] setpgid(0, 0) = 0
[pid 6065] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 6065] write(3, "1000", 4) = 4
[pid 6065] close(3) = 0
[pid 6065] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 6065] write(1, "executing program\n", 18) = 18
[pid 6065] memfd_create("syzkaller", 0) = 3
[pid 6065] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6bc3f59000
[ 69.259139][ T6048] BTRFS error (device loop0 state A): Transaction aborted (error -12)
[ 69.259149][ T6048] BTRFS: error (device loop0 state A) in btrfs_run_delayed_refs:2161: errno=-12 Out of memory
[ 69.259159][ T6048] BTRFS info (device loop0 state EA): forced readonly
[ 69.259191][ T6048] BTRFS error (device loop0 state EMA): remounting read-write after error is not allowed
[ 69.580235][ T5833] BTRFS info (device loop0 state EA): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[pid 6065] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 6065] munmap(0x7f6bc3f59000, 138412032) = 0
[pid 6065] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 6065] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 6065] close(3) = 0
[pid 6065] close(4) = 0
[pid 6065] mkdir("./file0", 0777) = 0
[ 69.926181][ T6065] loop0: detected capacity change from 0 to 32768
[ 69.956628][ T6065] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor410 (6065)
[ 69.961687][ T6065] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 69.961749][ T6065] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[ 69.961798][ T6065] BTRFS info (device loop0): using free-space-tree
[pid 6065] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,metadata_ratio=0x0000000000000000,ssd_spread,") = 0
[pid 6065] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 6065] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid 6065] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 6065] chdir("./file0") = 0
[pid 6065] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 4
[pid 6065] ioctl(4, IMADDTIMER, 0x200000001b00) = 0
[pid 6065] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[ 70.039538][ T6065] BTRFS info (device loop0): rebuilding free space tree
[pid 6065] write(5, "31", 2) = 2
[pid 6065] mkdir(".", 0777) = -1 EEXIST (File exists)
[pid 6065] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = 0
[pid 6065] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 6
[ 70.099185][ T12] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 70.138997][ T6065] FAULT_INJECTION: forcing a failure.
[pid 6065] exit_group(0) = ?
[pid 6065] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6065, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=8 /* 0.08 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555587b1a6f0 /* 4 entries */, 32768) = 112
[ 70.138997][ T6065] name failslab, interval 1, probability 0, space 0, times 0
[ 70.139020][ T6065] CPU: 1 UID: 0 PID: 6065 Comm: syz-executor410 Tainted: G W 6.17.0-rc1-syzkaller-00214-g99bade344cfa #0 PREEMPT_{RT,(full)}
[ 70.139035][ T6065] Tainted: [W]=WARN
[ 70.139038][ T6065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 70.139044][ T6065] Call Trace:
[ 70.139047][ T6065]
[ 70.139052][ T6065] dump_stack_lvl+0x189/0x250
[ 70.139069][ T6065] ? __pfx____ratelimit+0x10/0x10
[ 70.139081][ T6065] ? __pfx_dump_stack_lvl+0x10/0x10
[ 70.139093][ T6065] ? __pfx__printk+0x10/0x10
[ 70.139103][ T6065] ? fs_reclaim_acquire+0x7d/0x100
[ 70.139112][ T6065] ? rcu_is_watching+0x15/0xb0
[ 70.139125][ T6065] ? __pfx___might_resched+0x10/0x10
[ 70.139134][ T6065] ? lock_acquire+0x5f/0x360
[ 70.139146][ T6065] should_fail_ex+0x46c/0x600
[ 70.139158][ T6065] ? alloc_extent_state+0x22/0x2f0
[ 70.139171][ T6065] should_failslab+0xa8/0x100
[ 70.139184][ T6065] ? alloc_extent_state+0x22/0x2f0
umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555587b22730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555587b22730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./13/file0") = 0
[ 70.139195][ T6065] kmem_cache_alloc_noprof+0x6e/0x310
[ 70.139208][ T6065] alloc_extent_state+0x22/0x2f0
[ 70.139220][ T6065] set_extent_bit+0x270/0x21e0
[ 70.139235][ T6065] ? rt_mutex_slowunlock+0x493/0x8a0
[ 70.139245][ T6065] ? __pfx_set_extent_bit+0x10/0x10
[ 70.139256][ T6065] ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 70.139265][ T6065] ? lock_release+0x4b/0x3e0
[ 70.139276][ T6065] btrfs_set_extent_bit+0x38/0x50
[ 70.139289][ T6065] btrfs_update_block_group+0x712/0xb00
[ 70.139305][ T6065] __btrfs_free_extent+0x16a0/0x4250
umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./13/binderfs") = 0
getdents64(3, 0x555587b1a6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./13") = 0
mkdir("./14", 0777) = 0
[ 70.139319][ T6065] ? __pfx___btrfs_free_extent+0x10/0x10
[ 70.139328][ T6065] ? migrate_disable+0x160/0x190
[ 70.139339][ T6065] ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 70.139348][ T6065] ? lock_release+0x4b/0x3e0
[ 70.139360][ T6065] __btrfs_run_delayed_refs+0xe7f/0x4150
[ 70.139376][ T6065] ? is_bpf_text_address+0x26/0x2b0
[ 70.139392][ T6065] ? is_bpf_text_address+0x292/0x2b0
[ 70.139403][ T6065] ? __pfx___btrfs_run_delayed_refs+0x10/0x10
[ 70.139423][ T6065] ? try_to_take_rt_mutex+0x840/0xb00
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
[ 70.139432][ T6065] ? unwind_get_return_address+0x4d/0x90
[ 70.139445][ T6065] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 70.139455][ T6065] ? arch_stack_walk+0xfc/0x150
[ 70.139469][ T6065] ? rtlock_slowlock_locked+0xd8/0x4010
[ 70.139478][ T6065] ? stack_trace_save+0x9c/0xe0
[ 70.139487][ T6065] ? __pfx_stack_trace_save+0x10/0x10
[ 70.139496][ T6065] ? stack_depot_save_flags+0x40/0x860
[ 70.139507][ T6065] ? btrfs_commit_transaction+0x161/0x3950
[ 70.139520][ T6065] ? rcu_is_watching+0x15/0xb0
[ 70.139532][ T6065] ? lock_acquire+0x5f/0x360
[ 70.139542][ T6065] ? rcu_is_watching+0x15/0xb0
[ 70.139555][ T6065] btrfs_run_delayed_refs+0xe6/0x3b0
[ 70.139568][ T6065] btrfs_commit_transaction+0x269/0x3950
[ 70.139588][ T6065] ? rcu_is_watching+0x15/0xb0
[ 70.139600][ T6065] ? btrfs_commit_transaction+0x161/0x3950
[ 70.139611][ T6065] ? lock_acquire+0x5f/0x360
[ 70.139621][ T6065] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 70.139633][ T6065] ? rt_mutex_slowunlock+0x493/0x8a0
[ 70.139641][ T6065] ? migrate_disable+0xd5/0x190
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6082 attached
, child_tidptr=0x555587b19650) = 6082
[pid 6082] set_robust_list(0x555587b19660, 24) = 0
[pid 6082] chdir("./14") = 0
[ 70.139652][ T6065] ? join_transaction+0x41b/0xca0
[ 70.139662][ T6065] ? rcu_is_watching+0x15/0xb0
[ 70.139677][ T6065] ? lock_acquire+0x5f/0x360
[ 70.139687][ T6065] ? __pfx_btrfs_commit_transaction+0x10/0x10
[ 70.139699][ T6065] ? join_transaction+0x41b/0xca0
[ 70.139711][ T6065] ? btrfs_record_root_in_trans+0x91/0x180
[ 70.139722][ T6065] ? start_transaction+0x439/0x1620
[ 70.139736][ T6065] ? btrfs_attach_transaction_barrier+0x32/0xa0
[ 70.139746][ T6065] ? btrfs_sync_fs+0x1b2/0x6a0
[ 70.139759][ T6065] sync_filesystem+0x1ce/0x250
[pid 6082] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 6082] setpgid(0, 0) = 0
[pid 6082] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 6082] write(3, "1000", 4) = 4
[pid 6082] close(3) = 0
[pid 6082] symlink("/dev/binderfs", "./binderfs") = 0
[pid 6082] write(1, "executing program\n", 18executing program
) = 18
[pid 6082] memfd_create("syzkaller", 0) = 3
[ 70.139772][ T6065] btrfs_reconfigure+0x2fa/0x2160
[ 70.139783][ T6065] ? __pfx_list_lru_walk_node+0x10/0x10
[ 70.139796][ T6065] ? __pfx_btrfs_reconfigure+0x10/0x10
[ 70.139805][ T6065] ? __pfx_shrink_dcache_sb+0x10/0x10
[ 70.139819][ T6065] ? rcu_is_watching+0x15/0xb0
[ 70.139833][ T6065] reconfigure_super+0x224/0x890
[ 70.139844][ T6065] path_mount+0xd18/0xfe0
[ 70.139858][ T6065] __se_sys_mount+0x317/0x410
[ 70.139870][ T6065] ? __pfx___se_sys_mount+0x10/0x10
[ 70.139881][ T6065] ? rcu_is_watching+0x15/0xb0
[pid 6082] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6bc3f59000
[ 70.139894][ T6065] ? __x64_sys_mount+0x20/0xc0
[ 70.139906][ T6065] do_syscall_64+0xfa/0x3b0
[ 70.139917][ T6065] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 70.139926][ T6065] ? clear_bhb_loop+0x60/0xb0
[ 70.139936][ T6065] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 70.139944][ T6065] RIP: 0033:0x7f6bcc3a931a
[ 70.139954][ T6065] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 3e 07 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 70.139962][ T6065] RSP: 002b:00007ffca25590d8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 70.139973][ T6065] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6bcc3a931a
[ 70.139980][ T6065] RDX: 0000200000000180 RSI: 00002000000006c0 RDI: 0000000000000000
[ 70.139986][ T6065] RBP: 0000200000000180 R08: 00007ffca2559170 R09: 0000200000000080
[ 70.139992][ T6065] R10: 0000000001a4243c R11: 0000000000000206 R12: 00002000000006c0
[ 70.139998][ T6065] R13: 00007ffca2559170 R14: 0000000000000000 R15: 0000200000000700
[ 70.140007][ T6065]
[pid 6082] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[ 70.228448][ T5833] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[pid 6082] munmap(0x7f6bc3f59000, 138412032) = 0
[pid 6082] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 6082] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 6082] close(3) = 0
[pid 6082] close(4) = 0
[pid 6082] mkdir("./file0", 0777) = 0
[ 70.731057][ T6082] loop0: detected capacity change from 0 to 32768
[ 70.755779][ T6082] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor410 (6082)
[ 70.761863][ T6082] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 70.761921][ T6082] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[ 70.761973][ T6082] BTRFS info (device loop0): using free-space-tree
[pid 6082] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,metadata_ratio=0x0000000000000000,ssd_spread,") = 0
[pid 6082] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 6082] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid 6082] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 6082] chdir("./file0") = 0
[pid 6082] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 4
[pid 6082] ioctl(4, IMADDTIMER, 0x200000001b00) = 0
[pid 6082] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 6082] write(5, "31", 2) = 2
[pid 6082] mkdir(".", 0777) = -1 EEXIST (File exists)
[ 70.829086][ T6082] BTRFS info (device loop0): rebuilding free space tree
[pid 6082] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument)
[pid 6082] exit_group(0) = ?
[pid 6082] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6082, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=10 /* 0.10 s */} ---
umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555587b1a6f0 /* 4 entries */, 32768) = 112
[ 70.887086][ T5027] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 70.889002][ T6082] FAULT_INJECTION: forcing a failure.
[ 70.889002][ T6082] name failslab, interval 1, probability 0, space 0, times 0
[ 70.889025][ T6082] CPU: 1 UID: 0 PID: 6082 Comm: syz-executor410 Tainted: G W 6.17.0-rc1-syzkaller-00214-g99bade344cfa #0 PREEMPT_{RT,(full)}
[ 70.889040][ T6082] Tainted: [W]=WARN
[ 70.889043][ T6082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 70.889049][ T6082] Call Trace:
[ 70.889053][ T6082]
[ 70.889057][ T6082] dump_stack_lvl+0x189/0x250
[ 70.889074][ T6082] ? __pfx____ratelimit+0x10/0x10
[ 70.889086][ T6082] ? __pfx_dump_stack_lvl+0x10/0x10
[ 70.889098][ T6082] ? __pfx__printk+0x10/0x10
[ 70.889108][ T6082] ? fs_reclaim_acquire+0x7d/0x100
[ 70.889117][ T6082] ? rcu_is_watching+0x15/0xb0
[ 70.889130][ T6082] ? __pfx___might_resched+0x10/0x10
[ 70.889140][ T6082] ? lock_acquire+0x5f/0x360
[ 70.889152][ T6082] should_fail_ex+0x46c/0x600
[ 70.889164][ T6082] ? btrfs_add_to_free_space_tree+0xde/0x5b0
[ 70.889176][ T6082] should_failslab+0xa8/0x100
[ 70.889188][ T6082] ? btrfs_add_to_free_space_tree+0xde/0x5b0
[ 70.889198][ T6082] kmem_cache_alloc_noprof+0x6e/0x310
[ 70.889211][ T6082] btrfs_add_to_free_space_tree+0xde/0x5b0
[ 70.889223][ T6082] __btrfs_free_extent+0x167b/0x4250
[ 70.889237][ T6082] ? __pfx___btrfs_free_extent+0x10/0x10
[ 70.889246][ T6082] ? migrate_disable+0x160/0x190
[ 70.889257][ T6082] ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 70.889266][ T6082] ? lock_release+0x4b/0x3e0
[ 70.889276][ T6082] ? __btrfs_run_delayed_refs+0x33e8/0x4150
[ 70.889291][ T6082] __btrfs_run_delayed_refs+0xe7f/0x4150
[ 70.889306][ T6082] ? is_bpf_text_address+0x26/0x2b0
[ 70.889322][ T6082] ? is_bpf_text_address+0x292/0x2b0
[ 70.889348][ T6082] ? __pfx___btrfs_run_delayed_refs+0x10/0x10
[ 70.889361][ T6082] ? try_to_take_rt_mutex+0x840/0xb00
[ 70.889371][ T6082] ? unwind_get_return_address+0x4d/0x90
[ 70.889383][ T6082] ? __pfx_stack_trace_consume_entry+0x10/0x10
umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555587b22730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555587b22730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./14/file0") = 0
umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./14/binderfs") = 0
getdents64(3, 0x555587b1a6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./14") = 0
mkdir("./15", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[ 70.889394][ T6082] ? arch_stack_walk+0xfc/0x150
[ 70.889407][ T6082] ? rtlock_slowlock_locked+0xd8/0x4010
[ 70.889417][ T6082] ? stack_trace_save+0x9c/0xe0
[ 70.889426][ T6082] ? __pfx_stack_trace_save+0x10/0x10
[ 70.889435][ T6082] ? stack_depot_save_flags+0x40/0x860
[ 70.889446][ T6082] ? btrfs_commit_transaction+0x161/0x3950
[ 70.889458][ T6082] ? rcu_is_watching+0x15/0xb0
[ 70.889470][ T6082] ? lock_acquire+0x5f/0x360
[ 70.889481][ T6082] ? rcu_is_watching+0x15/0xb0
ioctl(3, LOOP_CLR_FD) = 0
[ 70.889493][ T6082] btrfs_run_delayed_refs+0xe6/0x3b0
[ 70.889506][ T6082] btrfs_commit_transaction+0x269/0x3950
[ 70.889518][ T6082] ? rcu_is_watching+0x15/0xb0
[ 70.889530][ T6082] ? btrfs_commit_transaction+0x161/0x3950
[ 70.889541][ T6082] ? lock_acquire+0x5f/0x360
[ 70.889551][ T6082] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 70.889563][ T6082] ? rt_mutex_slowunlock+0x493/0x8a0
[ 70.889571][ T6082] ? migrate_disable+0xd5/0x190
[ 70.889585][ T6082] ? join_transaction+0x41b/0xca0
[ 70.889595][ T6082] ? rcu_is_watching+0x15/0xb0
[ 70.889607][ T6082] ? lock_acquire+0x5f/0x360
[ 70.889618][ T6082] ? __pfx_btrfs_commit_transaction+0x10/0x10
[ 70.889630][ T6082] ? join_transaction+0x41b/0xca0
[ 70.889642][ T6082] ? btrfs_record_root_in_trans+0x91/0x180
[ 70.889653][ T6082] ? start_transaction+0x439/0x1620
[ 70.889666][ T6082] ? btrfs_attach_transaction_barrier+0x32/0xa0
[ 70.889677][ T6082] ? btrfs_sync_fs+0x1b2/0x6a0
[ 70.889688][ T6082] sync_filesystem+0x1ce/0x250
[ 70.889701][ T6082] btrfs_reconfigure+0x2fa/0x2160
[ 70.889711][ T6082] ? __pfx_list_lru_walk_node+0x10/0x10
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555587b19650) = 6099
./strace-static-x86_64: Process 6099 attached
[pid 6099] set_robust_list(0x555587b19660, 24) = 0
[pid 6099] chdir("./15") = 0
[pid 6099] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 6099] setpgid(0, 0) = 0
[pid 6099] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[ 70.889724][ T6082] ? __pfx_btrfs_reconfigure+0x10/0x10
[ 70.889733][ T6082] ? __pfx_shrink_dcache_sb+0x10/0x10
[ 70.889746][ T6082] ? rcu_is_watching+0x15/0xb0
[ 70.889759][ T6082] reconfigure_super+0x224/0x890
[ 70.889771][ T6082] path_mount+0xd18/0xfe0
[ 70.889784][ T6082] __se_sys_mount+0x317/0x410
[ 70.889796][ T6082] ? __pfx___se_sys_mount+0x10/0x10
[ 70.889807][ T6082] ? rcu_is_watching+0x15/0xb0
[ 70.889820][ T6082] ? __x64_sys_mount+0x20/0xc0
[ 70.889832][ T6082] do_syscall_64+0xfa/0x3b0
[pid 6099] write(3, "1000", 4) = 4
[pid 6099] close(3) = 0
[pid 6099] symlink("/dev/binderfs", "./binderfs") = 0
[pid 6099] write(1, "executing program\n", 18executing program
) = 18
[pid 6099] memfd_create("syzkaller", 0) = 3
[pid 6099] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6bc3f59000
[ 70.889843][ T6082] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 70.889852][ T6082] ? clear_bhb_loop+0x60/0xb0
[ 70.889862][ T6082] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 70.889870][ T6082] RIP: 0033:0x7f6bcc3a931a
[ 70.889879][ T6082] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 3e 07 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 70.889887][ T6082] RSP: 002b:00007ffca25590d8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 70.889898][ T6082] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6bcc3a931a
[ 70.889904][ T6082] RDX: 0000200000000180 RSI: 00002000000006c0 RDI: 0000000000000000
[ 70.889910][ T6082] RBP: 0000200000000180 R08: 00007ffca2559170 R09: 0000200000000080
[ 70.889917][ T6082] R10: 0000000001a4243c R11: 0000000000000206 R12: 00002000000006c0
[ 70.889923][ T6082] R13: 00007ffca2559170 R14: 0000000000000000 R15: 0000200000000700
[ 70.889932][ T6082]
[ 70.889938][ T6082] BTRFS error (device loop0 state A): Transaction aborted (error -12)
[ 70.889949][ T6082] BTRFS: error (device loop0 state A) in btrfs_add_to_free_space_tree:1035: errno=-12 Out of memory
[ 70.889959][ T6082] BTRFS info (device loop0 state EA): forced readonly
[ 70.889967][ T6082] BTRFS: error (device loop0 state EA) in do_free_extent_accounting:3005: errno=-12 Out of memory
[ 70.889981][ T6082] BTRFS error (device loop0 state EA): failed to run delayed ref for logical 5386240 num_bytes 4096 type 176 action 2 ref_mod 1: -12
[pid 6099] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 6099] munmap(0x7f6bc3f59000, 138412032) = 0
[pid 6099] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 70.890001][ T6082] BTRFS: error (device loop0 state EA) in btrfs_run_delayed_refs:2161: errno=-12 Out of memory
[ 70.890036][ T6082] BTRFS error (device loop0 state EMA): remounting read-write after error is not allowed
[ 71.067791][ T5833] BTRFS info (device loop0 state EA): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[pid 6099] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 6099] close(3) = 0
[pid 6099] close(4) = 0
[pid 6099] mkdir("./file0", 0777) = 0
[ 71.516289][ T6099] loop0: detected capacity change from 0 to 32768
[ 71.556637][ T6099] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor410 (6099)
[ 71.575918][ T6099] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 71.575980][ T6099] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[ 71.576055][ T6099] BTRFS info (device loop0): using free-space-tree
[pid 6099] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,metadata_ratio=0x0000000000000000,ssd_spread,") = 0
[pid 6099] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 6099] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid 6099] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 6099] chdir("./file0") = 0
[pid 6099] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 4
[pid 6099] ioctl(4, IMADDTIMER, 0x200000001b00) = 0
[pid 6099] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 6099] write(5, "31", 2) = 2
[pid 6099] mkdir(".", 0777) = -1 EEXIST (File exists)
[pid 6099] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument)
[ 71.642753][ T6099] BTRFS info (device loop0): rebuilding free space tree
[ 71.675232][ T5027] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[pid 6099] exit_group(0) = ?
[pid 6099] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6099, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=14 /* 0.14 s */} ---
umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555587b1a6f0 /* 4 entries */, 32768) = 112
[ 71.697438][ T6099] FAULT_INJECTION: forcing a failure.
[ 71.697438][ T6099] name failslab, interval 1, probability 0, space 0, times 0
[ 71.697459][ T6099] CPU: 1 UID: 0 PID: 6099 Comm: syz-executor410 Tainted: G W 6.17.0-rc1-syzkaller-00214-g99bade344cfa #0 PREEMPT_{RT,(full)}
[ 71.697473][ T6099] Tainted: [W]=WARN
[ 71.697476][ T6099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 71.697482][ T6099] Call Trace:
[ 71.697486][ T6099]
[ 71.697490][ T6099] dump_stack_lvl+0x189/0x250
[ 71.697507][ T6099] ? __pfx____ratelimit+0x10/0x10
[ 71.697519][ T6099] ? __pfx_dump_stack_lvl+0x10/0x10
[ 71.697531][ T6099] ? __pfx__printk+0x10/0x10
[ 71.697541][ T6099] ? fs_reclaim_acquire+0x7d/0x100
[ 71.697550][ T6099] ? rcu_is_watching+0x15/0xb0
[ 71.697563][ T6099] ? __pfx___might_resched+0x10/0x10
[ 71.697573][ T6099] ? lock_acquire+0x5f/0x360
[ 71.697584][ T6099] should_fail_ex+0x46c/0x600
[ 71.697596][ T6099] ? btrfs_add_to_free_space_tree+0xde/0x5b0
umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555587b22730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555587b22730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./15/file0") = 0
umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./15/binderfs") = 0
getdents64(3, 0x555587b1a6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./15") = 0
mkdir("./16", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
[ 71.697618][ T6099] should_failslab+0xa8/0x100
[ 71.697631][ T6099] ? btrfs_add_to_free_space_tree+0xde/0x5b0
[ 71.697641][ T6099] kmem_cache_alloc_noprof+0x6e/0x310
[ 71.697654][ T6099] btrfs_add_to_free_space_tree+0xde/0x5b0
[ 71.697670][ T6099] __btrfs_free_extent+0x167b/0x4250
[ 71.697692][ T6099] ? __pfx___btrfs_free_extent+0x10/0x10
[ 71.697708][ T6099] ? migrate_disable+0x160/0x190
[ 71.697726][ T6099] ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 71.697737][ T6099] ? lock_release+0x4b/0x3e0
[ 71.697747][ T6099] ? __btrfs_run_delayed_refs+0x33e8/0x4150
[ 71.697762][ T6099] __btrfs_run_delayed_refs+0xe7f/0x4150
[ 71.697778][ T6099] ? is_bpf_text_address+0x26/0x2b0
[ 71.697793][ T6099] ? is_bpf_text_address+0x292/0x2b0
[ 71.697804][ T6099] ? __pfx___btrfs_run_delayed_refs+0x10/0x10
[ 71.697818][ T6099] ? try_to_take_rt_mutex+0x840/0xb00
[ 71.697826][ T6099] ? unwind_get_return_address+0x4d/0x90
[ 71.697839][ T6099] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 71.697848][ T6099] ? arch_stack_walk+0xfc/0x150
[ 71.697863][ T6099] ? rtlock_slowlock_locked+0xd8/0x4010
close(3) = 0
[ 71.697872][ T6099] ? stack_trace_save+0x9c/0xe0
[ 71.697881][ T6099] ? __pfx_stack_trace_save+0x10/0x10
[ 71.697890][ T6099] ? stack_depot_save_flags+0x40/0x860
[ 71.697901][ T6099] ? btrfs_commit_transaction+0x161/0x3950
[ 71.697913][ T6099] ? rcu_is_watching+0x15/0xb0
[ 71.697926][ T6099] ? lock_acquire+0x5f/0x360
[ 71.697936][ T6099] ? rcu_is_watching+0x15/0xb0
[ 71.697948][ T6099] btrfs_run_delayed_refs+0xe6/0x3b0
[ 71.697962][ T6099] btrfs_commit_transaction+0x269/0x3950
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555587b19650) = 6116
./strace-static-x86_64: Process 6116 attached
[pid 6116] set_robust_list(0x555587b19660, 24) = 0
[pid 6116] chdir("./16") = 0
[pid 6116] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 6116] setpgid(0, 0) = 0
[pid 6116] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 6116] write(3, "1000", 4) = 4
[pid 6116] close(3) = 0
[pid 6116] symlink("/dev/binderfs", "./binderfs") = 0
[pid 6116] write(1, "executing program\n", 18executing program
) = 18
[ 71.697973][ T6099] ? rcu_is_watching+0x15/0xb0
[ 71.697985][ T6099] ? btrfs_commit_transaction+0x161/0x3950
[ 71.697996][ T6099] ? lock_acquire+0x5f/0x360
[ 71.698006][ T6099] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 71.698018][ T6099] ? rt_mutex_slowunlock+0x493/0x8a0
[ 71.698026][ T6099] ? migrate_disable+0xd5/0x190
[ 71.698036][ T6099] ? join_transaction+0x41b/0xca0
[ 71.698047][ T6099] ? rcu_is_watching+0x15/0xb0
[ 71.698059][ T6099] ? lock_acquire+0x5f/0x360
[ 71.698070][ T6099] ? __pfx_btrfs_commit_transaction+0x10/0x10
[pid 6116] memfd_create("syzkaller", 0) = 3
[pid 6116] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6bc3f59000
[ 71.698082][ T6099] ? join_transaction+0x41b/0xca0
[ 71.698094][ T6099] ? btrfs_record_root_in_trans+0x91/0x180
[ 71.698105][ T6099] ? start_transaction+0x439/0x1620
[ 71.698118][ T6099] ? btrfs_attach_transaction_barrier+0x32/0xa0
[ 71.698128][ T6099] ? btrfs_sync_fs+0x1b2/0x6a0
[ 71.698140][ T6099] sync_filesystem+0x1ce/0x250
[ 71.698153][ T6099] btrfs_reconfigure+0x2fa/0x2160
[ 71.698163][ T6099] ? __pfx_list_lru_walk_node+0x10/0x10
[ 71.698176][ T6099] ? __pfx_btrfs_reconfigure+0x10/0x10
[ 71.698185][ T6099] ? __pfx_shrink_dcache_sb+0x10/0x10
[ 71.698198][ T6099] ? rcu_is_watching+0x15/0xb0
[ 71.698212][ T6099] reconfigure_super+0x224/0x890
[ 71.698223][ T6099] path_mount+0xd18/0xfe0
[ 71.698236][ T6099] __se_sys_mount+0x317/0x410
[ 71.698249][ T6099] ? __pfx___se_sys_mount+0x10/0x10
[ 71.698260][ T6099] ? rcu_is_watching+0x15/0xb0
[ 71.698273][ T6099] ? __x64_sys_mount+0x20/0xc0
[ 71.698284][ T6099] do_syscall_64+0xfa/0x3b0
[ 71.698295][ T6099] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 71.698304][ T6099] ? clear_bhb_loop+0x60/0xb0
[ 71.698314][ T6099] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 71.698322][ T6099] RIP: 0033:0x7f6bcc3a931a
[ 71.698332][ T6099] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 3e 07 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 71.698339][ T6099] RSP: 002b:00007ffca25590d8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 71.698350][ T6099] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6bcc3a931a
[pid 6116] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[ 71.698357][ T6099] RDX: 0000200000000180 RSI: 00002000000006c0 RDI: 0000000000000000
[ 71.698363][ T6099] RBP: 0000200000000180 R08: 00007ffca2559170 R09: 0000200000000080
[ 71.698370][ T6099] R10: 0000000001a4243c R11: 0000000000000206 R12: 00002000000006c0
[ 71.698376][ T6099] R13: 00007ffca2559170 R14: 0000000000000000 R15: 0000200000000700
[ 71.698385][ T6099]
[ 71.698391][ T6099] BTRFS error (device loop0 state A): Transaction aborted (error -12)
[ 71.698402][ T6099] BTRFS: error (device loop0 state A) in btrfs_add_to_free_space_tree:1035: errno=-12 Out of memory
[pid 6116] munmap(0x7f6bc3f59000, 138412032) = 0
[pid 6116] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 6116] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 6116] close(3) = 0
[pid 6116] close(4) = 0
[pid 6116] mkdir("./file0", 0777) = 0
[ 71.698412][ T6099] BTRFS info (device loop0 state EA): forced readonly
[ 71.698420][ T6099] BTRFS: error (device loop0 state EA) in do_free_extent_accounting:3005: errno=-12 Out of memory
[ 71.698435][ T6099] BTRFS error (device loop0 state EA): failed to run delayed ref for logical 5390336 num_bytes 4096 type 176 action 2 ref_mod 1: -12
[ 71.698456][ T6099] BTRFS: error (device loop0 state EA) in btrfs_run_delayed_refs:2161: errno=-12 Out of memory
[ 71.698491][ T6099] BTRFS error (device loop0 state EMA): remounting read-write after error is not allowed
[ 71.778093][ T5833] BTRFS info (device loop0 state EA): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 72.230127][ T6116] loop0: detected capacity change from 0 to 32768
[ 72.251574][ T6116] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor410 (6116)
[ 72.269810][ T6116] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 72.269871][ T6116] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[pid 6116] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,metadata_ratio=0x0000000000000000,ssd_spread,") = 0
[pid 6116] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[ 72.269923][ T6116] BTRFS info (device loop0): using free-space-tree
[ 72.325291][ T6116] BTRFS info (device loop0): rebuilding free space tree
[pid 6116] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid 6116] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 6116] chdir("./file0") = 0
[pid 6116] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 4
[pid 6116] ioctl(4, IMADDTIMER, 0x200000001b00) = 0
[pid 6116] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 6116] write(5, "31", 2) = 2
[pid 6116] mkdir(".", 0777) = -1 EEXIST (File exists)
[pid 6116] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument)
[pid 6116] exit_group(0) = ?
[pid 6116] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6116, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=16 /* 0.16 s */} ---
[ 72.397403][ T43] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 72.439198][ T6116] FAULT_INJECTION: forcing a failure.
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555587b1a6f0 /* 4 entries */, 32768) = 112
[ 72.439198][ T6116] name failslab, interval 1, probability 0, space 0, times 0
[ 72.439222][ T6116] CPU: 1 UID: 0 PID: 6116 Comm: syz-executor410 Tainted: G W 6.17.0-rc1-syzkaller-00214-g99bade344cfa #0 PREEMPT_{RT,(full)}
[ 72.439237][ T6116] Tainted: [W]=WARN
[ 72.439240][ T6116] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 72.439246][ T6116] Call Trace:
[ 72.439250][ T6116]
[ 72.439254][ T6116] dump_stack_lvl+0x189/0x250
[ 72.439271][ T6116] ? __pfx____ratelimit+0x10/0x10
[ 72.439284][ T6116] ? __pfx_dump_stack_lvl+0x10/0x10
[ 72.439295][ T6116] ? __pfx__printk+0x10/0x10
[ 72.439306][ T6116] ? __pfx___might_resched+0x10/0x10
[ 72.439316][ T6116] ? lock_acquire+0x5f/0x360
[ 72.439328][ T6116] should_fail_ex+0x46c/0x600
[ 72.439341][ T6116] ? __btrfs_free_extent+0x2f9/0x4250
[ 72.439351][ T6116] should_failslab+0xa8/0x100
[ 72.439364][ T6116] ? __btrfs_free_extent+0x2f9/0x4250
[ 72.439373][ T6116] kmem_cache_alloc_noprof+0x6e/0x310
[ 72.439386][ T6116] __btrfs_free_extent+0x2f9/0x4250
umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[ 72.439398][ T6116] ? rt_mutex_slowunlock+0x493/0x8a0
[ 72.439407][ T6116] ? __pfx___btrfs_free_extent+0x10/0x10
[ 72.439416][ T6116] ? __pfx_migrate_enable+0x10/0x10
[ 72.439427][ T6116] ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 72.439435][ T6116] ? lock_release+0x4b/0x3e0
[ 72.439454][ T6116] ? __btrfs_run_delayed_refs+0x33e8/0x4150
[ 72.439470][ T6116] __btrfs_run_delayed_refs+0xe7f/0x4150
[ 72.439485][ T6116] ? is_bpf_text_address+0x26/0x2b0
[ 72.439505][ T6116] ? is_bpf_text_address+0x292/0x2b0
umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555587b22730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555587b22730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./16/file0") = 0
umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./16/binderfs") = 0
[ 72.439517][ T6116] ? __pfx___btrfs_run_delayed_refs+0x10/0x10
[ 72.439530][ T6116] ? try_to_take_rt_mutex+0x840/0xb00
[ 72.439539][ T6116] ? unwind_get_return_address+0x4d/0x90
[ 72.439552][ T6116] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 72.439562][ T6116] ? arch_stack_walk+0xfc/0x150
[ 72.439576][ T6116] ? rtlock_slowlock_locked+0xd8/0x4010
[ 72.439586][ T6116] ? stack_trace_save+0x9c/0xe0
[ 72.439594][ T6116] ? __pfx_stack_trace_save+0x10/0x10
[ 72.439603][ T6116] ? stack_depot_save_flags+0x40/0x860
[ 72.439615][ T6116] ? btrfs_commit_transaction+0x161/0x3950
getdents64(3, 0x555587b1a6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./16") = 0
mkdir("./17", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[ 72.439627][ T6116] ? rcu_is_watching+0x15/0xb0
[ 72.439641][ T6116] ? lock_acquire+0x5f/0x360
[ 72.439651][ T6116] ? rcu_is_watching+0x15/0xb0
[ 72.439664][ T6116] btrfs_run_delayed_refs+0xe6/0x3b0
[ 72.439677][ T6116] btrfs_commit_transaction+0x269/0x3950
[ 72.439688][ T6116] ? rcu_is_watching+0x15/0xb0
[ 72.439700][ T6116] ? btrfs_commit_transaction+0x161/0x3950
[ 72.439711][ T6116] ? lock_acquire+0x5f/0x360
[ 72.439721][ T6116] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
ioctl(3, LOOP_CLR_FD) = 0
[ 72.439733][ T6116] ? rt_mutex_slowunlock+0x493/0x8a0
[ 72.439741][ T6116] ? migrate_disable+0xd5/0x190
[ 72.439752][ T6116] ? join_transaction+0x41b/0xca0
[ 72.439762][ T6116] ? rcu_is_watching+0x15/0xb0
[ 72.439774][ T6116] ? lock_acquire+0x5f/0x360
[ 72.439785][ T6116] ? __pfx_btrfs_commit_transaction+0x10/0x10
[ 72.439797][ T6116] ? join_transaction+0x41b/0xca0
[ 72.439809][ T6116] ? btrfs_record_root_in_trans+0x91/0x180
[ 72.439820][ T6116] ? start_transaction+0x439/0x1620
[ 72.439833][ T6116] ? btrfs_attach_transaction_barrier+0x32/0xa0
[ 72.439844][ T6116] ? btrfs_sync_fs+0x1b2/0x6a0
[ 72.439857][ T6116] sync_filesystem+0x1ce/0x250
[ 72.439869][ T6116] btrfs_reconfigure+0x2fa/0x2160
[ 72.439880][ T6116] ? __pfx_list_lru_walk_node+0x10/0x10
[ 72.439893][ T6116] ? __pfx_btrfs_reconfigure+0x10/0x10
[ 72.439902][ T6116] ? __pfx_shrink_dcache_sb+0x10/0x10
[ 72.439915][ T6116] ? rcu_is_watching+0x15/0xb0
[ 72.439928][ T6116] reconfigure_super+0x224/0x890
[ 72.439940][ T6116] path_mount+0xd18/0xfe0
[ 72.439953][ T6116] __se_sys_mount+0x317/0x410
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6133 attached
[pid 6133] set_robust_list(0x555587b19660, 24) = 0
[pid 6133] chdir("./17"
[pid 5833] <... clone resumed>, child_tidptr=0x555587b19650) = 6133
[pid 6133] <... chdir resumed>) = 0
[pid 6133] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[ 72.439966][ T6116] ? __pfx___se_sys_mount+0x10/0x10
[ 72.439977][ T6116] ? rcu_is_watching+0x15/0xb0
[ 72.439989][ T6116] ? __x64_sys_mount+0x20/0xc0
[ 72.440001][ T6116] do_syscall_64+0xfa/0x3b0
[ 72.440012][ T6116] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 72.440022][ T6116] ? clear_bhb_loop+0x60/0xb0
[ 72.440031][ T6116] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 72.440040][ T6116] RIP: 0033:0x7f6bcc3a931a
[pid 6133] setpgid(0, 0) = 0
[pid 6133] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 6133] write(3, "1000", 4) = 4
[pid 6133] close(3) = 0
[pid 6133] symlink("/dev/binderfs", "./binderfs") = 0
[ 72.440049][ T6116] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 3e 07 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 72.440057][ T6116] RSP: 002b:00007ffca25590d8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 72.440068][ T6116] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6bcc3a931a
[ 72.440075][ T6116] RDX: 0000200000000180 RSI: 00002000000006c0 RDI: 0000000000000000
[ 72.440081][ T6116] RBP: 0000200000000180 R08: 00007ffca2559170 R09: 0000200000000080
[pid 6133] write(1, "executing program\n", 18executing program
) = 18
[pid 6133] memfd_create("syzkaller", 0) = 3
[pid 6133] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6bc3f59000
[ 72.440087][ T6116] R10: 0000000001a4243c R11: 0000000000000206 R12: 00002000000006c0
[ 72.440093][ T6116] R13: 00007ffca2559170 R14: 0000000000000000 R15: 0000200000000700
[ 72.440102][ T6116]
[ 72.440108][ T6116] BTRFS error (device loop0): failed to run delayed ref for logical 5394432 num_bytes 4096 type 176 action 2 ref_mod 1: -12
[ 72.440130][ T6116] BTRFS error (device loop0 state A): Transaction aborted (error -12)
[ 72.440140][ T6116] BTRFS: error (device loop0 state A) in btrfs_run_delayed_refs:2161: errno=-12 Out of memory
[ 72.440150][ T6116] BTRFS info (device loop0 state EA): forced readonly
[ 72.440181][ T6116] BTRFS error (device loop0 state EMA): remounting read-write after error is not allowed
[ 72.537456][ T5833] BTRFS info (device loop0 state EA): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[pid 6133] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 6133] munmap(0x7f6bc3f59000, 138412032) = 0
[pid 6133] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 6133] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 6133] close(3) = 0
[pid 6133] close(4) = 0
[pid 6133] mkdir("./file0", 0777) = 0
[ 73.070733][ T6133] loop0: detected capacity change from 0 to 32768
[ 73.085735][ T6133] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor410 (6133)
[ 73.101483][ T6133] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 73.101543][ T6133] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[ 73.101596][ T6133] BTRFS info (device loop0): using free-space-tree
[pid 6133] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,metadata_ratio=0x0000000000000000,ssd_spread,") = 0
[pid 6133] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 6133] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid 6133] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[ 73.154137][ T6133] BTRFS info (device loop0): rebuilding free space tree
[pid 6133] chdir("./file0") = 0
[pid 6133] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 4
[pid 6133] ioctl(4, IMADDTIMER, 0x200000001b00) = 0
[pid 6133] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 6133] write(5, "31", 2) = 2
[pid 6133] mkdir(".", 0777) = -1 EEXIST (File exists)
[pid 6133] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = 0
[pid 6133] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 6
[pid 6133] exit_group(0) = ?
[pid 6133] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6133, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=11 /* 0.11 s */} ---
[ 73.216468][ T43] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 73.237983][ T6133] FAULT_INJECTION: forcing a failure.
[ 73.237983][ T6133] name failslab, interval 1, probability 0, space 0, times 0
[ 73.238015][ T6133] CPU: 1 UID: 0 PID: 6133 Comm: syz-executor410 Tainted: G W 6.17.0-rc1-syzkaller-00214-g99bade344cfa #0 PREEMPT_{RT,(full)}
umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555587b1a6f0 /* 4 entries */, 32768) = 112
[ 73.238040][ T6133] Tainted: [W]=WARN
[ 73.238046][ T6133] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 73.238056][ T6133] Call Trace:
[ 73.238063][ T6133]
[ 73.238069][ T6133] dump_stack_lvl+0x189/0x250
[ 73.238097][ T6133] ? __pfx____ratelimit+0x10/0x10
[ 73.238117][ T6133] ? __pfx_dump_stack_lvl+0x10/0x10
[ 73.238139][ T6133] ? __pfx__printk+0x10/0x10
[ 73.238156][ T6133] ? fs_reclaim_acquire+0x7d/0x100
[ 73.238171][ T6133] ? rcu_is_watching+0x15/0xb0
[ 73.238192][ T6133] ? __pfx___might_resched+0x10/0x10
[ 73.238208][ T6133] ? lock_acquire+0x5f/0x360
[ 73.238226][ T6133] should_fail_ex+0x46c/0x600
[ 73.238245][ T6133] ? alloc_extent_state+0x22/0x2f0
[ 73.238259][ T6133] should_failslab+0xa8/0x100
[ 73.238271][ T6133] ? alloc_extent_state+0x22/0x2f0
[ 73.238282][ T6133] kmem_cache_alloc_noprof+0x6e/0x310
[ 73.238295][ T6133] alloc_extent_state+0x22/0x2f0
[ 73.238307][ T6133] set_extent_bit+0x270/0x21e0
[ 73.238322][ T6133] ? rt_mutex_slowunlock+0x493/0x8a0
umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555587b22730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555587b22730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./17/file0") = 0
[ 73.238332][ T6133] ? __pfx_set_extent_bit+0x10/0x10
[ 73.238343][ T6133] ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 73.238352][ T6133] ? lock_release+0x4b/0x3e0
[ 73.238363][ T6133] btrfs_set_extent_bit+0x38/0x50
[ 73.238376][ T6133] btrfs_update_block_group+0x712/0xb00
[ 73.238398][ T6133] __btrfs_free_extent+0x16a0/0x4250
[ 73.238412][ T6133] ? __pfx___btrfs_free_extent+0x10/0x10
[ 73.238421][ T6133] ? migrate_disable+0x160/0x190
[ 73.238432][ T6133] ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 73.238441][ T6133] ? lock_release+0x4b/0x3e0
umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./17/binderfs") = 0
getdents64(3, 0x555587b1a6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./17") = 0
[ 73.238451][ T6133] ? __asan_memset+0x22/0x50
[ 73.238461][ T6133] __btrfs_run_delayed_refs+0xe7f/0x4150
[ 73.238480][ T6133] ? is_bpf_text_address+0x26/0x2b0
[ 73.238496][ T6133] ? is_bpf_text_address+0x292/0x2b0
[ 73.238507][ T6133] ? __pfx___btrfs_run_delayed_refs+0x10/0x10
[ 73.238521][ T6133] ? try_to_take_rt_mutex+0x840/0xb00
[ 73.238529][ T6133] ? unwind_get_return_address+0x4d/0x90
[ 73.238542][ T6133] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 73.238552][ T6133] ? arch_stack_walk+0xfc/0x150
mkdir("./18", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
[ 73.238566][ T6133] ? rtlock_slowlock_locked+0xd8/0x4010
[ 73.238575][ T6133] ? stack_trace_save+0x9c/0xe0
[ 73.238584][ T6133] ? __pfx_stack_trace_save+0x10/0x10
[ 73.238593][ T6133] ? stack_depot_save_flags+0x40/0x860
[ 73.238604][ T6133] ? btrfs_commit_transaction+0x161/0x3950
[ 73.238617][ T6133] ? rcu_is_watching+0x15/0xb0
[ 73.238629][ T6133] ? lock_acquire+0x5f/0x360
[ 73.238639][ T6133] ? rcu_is_watching+0x15/0xb0
[ 73.238651][ T6133] btrfs_run_delayed_refs+0xe6/0x3b0
[ 73.238665][ T6133] btrfs_commit_transaction+0x269/0x3950
[ 73.238676][ T6133] ? rcu_is_watching+0x15/0xb0
[ 73.238688][ T6133] ? btrfs_commit_transaction+0x161/0x3950
[ 73.238699][ T6133] ? lock_acquire+0x5f/0x360
[ 73.238709][ T6133] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 73.238721][ T6133] ? rt_mutex_slowunlock+0x493/0x8a0
[ 73.238729][ T6133] ? migrate_disable+0xd5/0x190
[ 73.238739][ T6133] ? join_transaction+0x41b/0xca0
[ 73.238750][ T6133] ? rcu_is_watching+0x15/0xb0
[ 73.238762][ T6133] ? lock_acquire+0x5f/0x360
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6150 attached
[pid 6150] set_robust_list(0x555587b19660, 24) = 0
[pid 6150] chdir("./18"
[pid 5833] <... clone resumed>, child_tidptr=0x555587b19650) = 6150
[pid 6150] <... chdir resumed>) = 0
[pid 6150] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 6150] setpgid(0, 0) = 0
[pid 6150] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 6150] write(3, "1000", 4) = 4
executing program
[pid 6150] close(3) = 0
[pid 6150] symlink("/dev/binderfs", "./binderfs") = 0
[pid 6150] write(1, "executing program\n", 18) = 18
[ 73.238773][ T6133] ? __pfx_btrfs_commit_transaction+0x10/0x10
[ 73.238784][ T6133] ? join_transaction+0x41b/0xca0
[ 73.238797][ T6133] ? btrfs_record_root_in_trans+0x91/0x180
[ 73.238808][ T6133] ? start_transaction+0x439/0x1620
[ 73.238821][ T6133] ? btrfs_attach_transaction_barrier+0x32/0xa0
[ 73.238832][ T6133] ? btrfs_sync_fs+0x1b2/0x6a0
[ 73.238844][ T6133] sync_filesystem+0x1ce/0x250
[ 73.238857][ T6133] btrfs_reconfigure+0x2fa/0x2160
[ 73.238868][ T6133] ? __pfx_list_lru_walk_node+0x10/0x10
[pid 6150] memfd_create("syzkaller", 0) = 3
[pid 6150] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6bc3f59000
[ 73.238881][ T6133] ? __pfx_btrfs_reconfigure+0x10/0x10
[ 73.238890][ T6133] ? __pfx_shrink_dcache_sb+0x10/0x10
[ 73.238903][ T6133] ? rcu_is_watching+0x15/0xb0
[ 73.238917][ T6133] reconfigure_super+0x224/0x890
[ 73.238929][ T6133] path_mount+0xd18/0xfe0
[ 73.238942][ T6133] __se_sys_mount+0x317/0x410
[ 73.238954][ T6133] ? __pfx___se_sys_mount+0x10/0x10
[ 73.238965][ T6133] ? rcu_is_watching+0x15/0xb0
[ 73.238978][ T6133] ? __x64_sys_mount+0x20/0xc0
[ 73.238990][ T6133] do_syscall_64+0xfa/0x3b0
[ 73.239001][ T6133] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 73.239010][ T6133] ? clear_bhb_loop+0x60/0xb0
[ 73.239020][ T6133] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 73.239029][ T6133] RIP: 0033:0x7f6bcc3a931a
[ 73.239039][ T6133] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 3e 07 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 73.239046][ T6133] RSP: 002b:00007ffca25590d8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 73.239057][ T6133] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6bcc3a931a
[ 73.239064][ T6133] RDX: 0000200000000180 RSI: 00002000000006c0 RDI: 0000000000000000
[ 73.239070][ T6133] RBP: 0000200000000180 R08: 00007ffca2559170 R09: 0000200000000080
[ 73.239077][ T6133] R10: 0000000001a4243c R11: 0000000000000206 R12: 00002000000006c0
[ 73.239083][ T6133] R13: 00007ffca2559170 R14: 0000000000000000 R15: 0000200000000700
[ 73.239092][ T6133]
[pid 6150] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 6150] munmap(0x7f6bc3f59000, 138412032) = 0
[ 73.338370][ T5833] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[pid 6150] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 6150] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 6150] close(3) = 0
[pid 6150] close(4) = 0
[pid 6150] mkdir("./file0", 0777) = 0
[ 73.822002][ T6150] loop0: detected capacity change from 0 to 32768
[ 73.845791][ T6150] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor410 (6150)
[pid 6150] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,metadata_ratio=0x0000000000000000,ssd_spread,") = 0
[pid 6150] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[ 73.853435][ T6150] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 73.853495][ T6150] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[ 73.853548][ T6150] BTRFS info (device loop0): using free-space-tree
[ 73.882222][ T6150] BTRFS info (device loop0): rebuilding free space tree
[pid 6150] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid 6150] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 6150] chdir("./file0") = 0
[pid 6150] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 4
[pid 6150] ioctl(4, IMADDTIMER, 0x200000001b00) = 0
[pid 6150] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 6150] write(5, "31", 2) = 2
[ 73.971945][ T12] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[pid 6150] mkdir(".", 0777) = -1 EEXIST (File exists)
[pid 6150] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument)
[pid 6150] exit_group(0) = ?
[pid 6150] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6150, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=13 /* 0.13 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
[ 74.045651][ T6150] FAULT_INJECTION: forcing a failure.
[ 74.045651][ T6150] name failslab, interval 1, probability 0, space 0, times 0
[ 74.045674][ T6150] CPU: 0 UID: 0 PID: 6150 Comm: syz-executor410 Tainted: G W 6.17.0-rc1-syzkaller-00214-g99bade344cfa #0 PREEMPT_{RT,(full)}
[ 74.045689][ T6150] Tainted: [W]=WARN
[ 74.045692][ T6150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 74.045698][ T6150] Call Trace:
[ 74.045702][ T6150]
umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555587b1a6f0 /* 4 entries */, 32768) = 112
[ 74.045706][ T6150] dump_stack_lvl+0x189/0x250
[ 74.045723][ T6150] ? __pfx____ratelimit+0x10/0x10
[ 74.045735][ T6150] ? __pfx_dump_stack_lvl+0x10/0x10
[ 74.045746][ T6150] ? __pfx__printk+0x10/0x10
[ 74.045756][ T6150] ? fs_reclaim_acquire+0x7d/0x100
[ 74.045765][ T6150] ? rcu_is_watching+0x15/0xb0
[ 74.045778][ T6150] ? __pfx___might_resched+0x10/0x10
[ 74.045788][ T6150] ? lock_acquire+0x5f/0x360
[ 74.045808][ T6150] should_fail_ex+0x46c/0x600
[ 74.045826][ T6150] ? btrfs_add_to_free_space_tree+0xde/0x5b0
umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555587b22730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555587b22730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./18/file0") = 0
[ 74.045844][ T6150] should_failslab+0xa8/0x100
[ 74.045864][ T6150] ? btrfs_add_to_free_space_tree+0xde/0x5b0
[ 74.045881][ T6150] kmem_cache_alloc_noprof+0x6e/0x310
[ 74.045902][ T6150] btrfs_add_to_free_space_tree+0xde/0x5b0
[ 74.045921][ T6150] __btrfs_free_extent+0x167b/0x4250
[ 74.045944][ T6150] ? __pfx___btrfs_free_extent+0x10/0x10
[ 74.045961][ T6150] ? migrate_disable+0x160/0x190
[ 74.045977][ T6150] ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 74.045995][ T6150] ? lock_release+0x4b/0x3e0
[ 74.046014][ T6150] ? __btrfs_run_delayed_refs+0x33e8/0x4150
umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./18/binderfs") = 0
getdents64(3, 0x555587b1a6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./18") = 0
mkdir("./19", 0777) = 0
[ 74.046083][ T6150] __btrfs_run_delayed_refs+0xe7f/0x4150
[ 74.046106][ T6150] ? is_bpf_text_address+0x26/0x2b0
[ 74.046127][ T6150] ? is_bpf_text_address+0x292/0x2b0
[ 74.046143][ T6150] ? __pfx___btrfs_run_delayed_refs+0x10/0x10
[ 74.046162][ T6150] ? try_to_take_rt_mutex+0x840/0xb00
[ 74.046174][ T6150] ? unwind_get_return_address+0x4d/0x90
[ 74.046191][ T6150] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 74.046205][ T6150] ? arch_stack_walk+0xfc/0x150
[ 74.046224][ T6150] ? rtlock_slowlock_locked+0xd8/0x4010
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
[ 74.046238][ T6150] ? stack_trace_save+0x9c/0xe0
[ 74.046250][ T6150] ? __pfx_stack_trace_save+0x10/0x10
[ 74.046263][ T6150] ? stack_depot_save_flags+0x40/0x860
[ 74.046280][ T6150] ? btrfs_commit_transaction+0x161/0x3950
[ 74.046297][ T6150] ? rcu_is_watching+0x15/0xb0
[ 74.046314][ T6150] ? lock_acquire+0x5f/0x360
[ 74.046328][ T6150] ? rcu_is_watching+0x15/0xb0
[ 74.046346][ T6150] btrfs_run_delayed_refs+0xe6/0x3b0
[ 74.046364][ T6150] btrfs_commit_transaction+0x269/0x3950
[ 74.046380][ T6150] ? rcu_is_watching+0x15/0xb0
[ 74.046397][ T6150] ? btrfs_commit_transaction+0x161/0x3950
[ 74.046412][ T6150] ? lock_acquire+0x5f/0x360
[ 74.046426][ T6150] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 74.046443][ T6150] ? rt_mutex_slowunlock+0x493/0x8a0
[ 74.046454][ T6150] ? migrate_disable+0xd5/0x190
[ 74.046469][ T6150] ? join_transaction+0x41b/0xca0
[ 74.046484][ T6150] ? rcu_is_watching+0x15/0xb0
[ 74.046500][ T6150] ? lock_acquire+0x5f/0x360
[ 74.046515][ T6150] ? __pfx_btrfs_commit_transaction+0x10/0x10
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555587b19650) = 6167
./strace-static-x86_64: Process 6167 attached
[pid 6167] set_robust_list(0x555587b19660, 24) = 0
[pid 6167] chdir("./19") = 0
[pid 6167] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 6167] setpgid(0, 0) = 0
[ 74.046531][ T6150] ? join_transaction+0x41b/0xca0
[ 74.046549][ T6150] ? btrfs_record_root_in_trans+0x91/0x180
[ 74.046564][ T6150] ? start_transaction+0x439/0x1620
[ 74.046583][ T6150] ? btrfs_attach_transaction_barrier+0x32/0xa0
[ 74.046598][ T6150] ? btrfs_sync_fs+0x1b2/0x6a0
[ 74.046614][ T6150] sync_filesystem+0x1ce/0x250
[ 74.046632][ T6150] btrfs_reconfigure+0x2fa/0x2160
[ 74.046648][ T6150] ? __pfx_list_lru_walk_node+0x10/0x10
[ 74.046665][ T6150] ? __pfx_btrfs_reconfigure+0x10/0x10
[pid 6167] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 6167] write(3, "1000", 4) = 4
[pid 6167] close(3) = 0
[pid 6167] symlink("/dev/binderfs", "./binderfs") = 0
[pid 6167] write(1, "executing program\n", 18executing program
) = 18
[pid 6167] memfd_create("syzkaller", 0) = 3
[ 74.046678][ T6150] ? __pfx_shrink_dcache_sb+0x10/0x10
[ 74.046697][ T6150] ? rcu_is_watching+0x15/0xb0
[ 74.046715][ T6150] reconfigure_super+0x224/0x890
[ 74.046731][ T6150] path_mount+0xd18/0xfe0
[ 74.046750][ T6150] __se_sys_mount+0x317/0x410
[ 74.046767][ T6150] ? __pfx___se_sys_mount+0x10/0x10
[ 74.046783][ T6150] ? rcu_is_watching+0x15/0xb0
[ 74.046801][ T6150] ? __x64_sys_mount+0x20/0xc0
[ 74.046817][ T6150] do_syscall_64+0xfa/0x3b0
[ 74.046833][ T6150] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 74.046845][ T6150] ? clear_bhb_loop+0x60/0xb0
[pid 6167] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6bc3f59000
[ 74.046859][ T6150] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 74.046871][ T6150] RIP: 0033:0x7f6bcc3a931a
[ 74.046884][ T6150] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 3e 07 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 74.046895][ T6150] RSP: 002b:00007ffca25590d8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 74.046909][ T6150] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6bcc3a931a
[ 74.046919][ T6150] RDX: 0000200000000180 RSI: 00002000000006c0 RDI: 0000000000000000
[ 74.046928][ T6150] RBP: 0000200000000180 R08: 00007ffca2559170 R09: 0000200000000080
[ 74.046937][ T6150] R10: 0000000001a4243c R11: 0000000000000206 R12: 00002000000006c0
[ 74.046945][ T6150] R13: 00007ffca2559170 R14: 0000000000000000 R15: 0000200000000700
[ 74.046959][ T6150]
[ 74.057076][ T6150] BTRFS error (device loop0 state A): Transaction aborted (error -12)
[ 74.057100][ T6150] BTRFS: error (device loop0 state A) in btrfs_add_to_free_space_tree:1035: errno=-12 Out of memory
[ 74.057118][ T6150] BTRFS info (device loop0 state EA): forced readonly
[ 74.057133][ T6150] BTRFS: error (device loop0 state EA) in do_free_extent_accounting:3005: errno=-12 Out of memory
[ 74.057161][ T6150] BTRFS error (device loop0 state EA): failed to run delayed ref for logical 5394432 num_bytes 4096 type 176 action 2 ref_mod 1: -12
[ 74.057200][ T6150] BTRFS: error (device loop0 state EA) in btrfs_run_delayed_refs:2161: errno=-12 Out of memory
[pid 6167] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 6167] munmap(0x7f6bc3f59000, 138412032) = 0
[pid 6167] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 74.057607][ T6150] BTRFS error (device loop0 state EMA): remounting read-write after error is not allowed
[ 74.138224][ T5833] BTRFS info (device loop0 state EA): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[pid 6167] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 6167] close(3) = 0
[pid 6167] close(4) = 0
[pid 6167] mkdir("./file0", 0777) = 0
[ 74.643074][ T6167] loop0: detected capacity change from 0 to 32768
[ 74.656867][ T6167] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor410 (6167)
[ 74.660225][ T6167] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[pid 6167] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,metadata_ratio=0x0000000000000000,ssd_spread,") = 0
[pid 6167] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 6167] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid 6167] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 6167] chdir("./file0") = 0
[pid 6167] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 4
[pid 6167] ioctl(4, IMADDTIMER, 0x200000001b00) = 0
[pid 6167] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 6167] write(5, "31", 2) = 2
[pid 6167] mkdir(".", 0777) = -1 EEXIST (File exists)
[pid 6167] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = 0
[pid 6167] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 6
[pid 6167] exit_group(0) = ?
[pid 6167] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6167, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=12 /* 0.12 s */} ---
[ 74.660283][ T6167] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[ 74.660337][ T6167] BTRFS info (device loop0): using free-space-tree
[ 74.686009][ T6167] BTRFS info (device loop0): rebuilding free space tree
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555587b1a6f0 /* 4 entries */, 32768) = 112
[ 74.736170][ T43] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 74.799715][ T5833] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
newfstatat(AT_FDCWD, "./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555587b22730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555587b22730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./19/file0") = 0
umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./19/binderfs") = 0
getdents64(3, 0x555587b1a6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./19") = 0
mkdir("./20", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6184 attached
, child_tidptr=0x555587b19650) = 6184
[pid 6184] set_robust_list(0x555587b19660, 24) = 0
[pid 6184] chdir("./20") = 0
[pid 6184] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 6184] setpgid(0, 0) = 0
[pid 6184] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 6184] write(3, "1000", 4) = 4
[pid 6184] close(3) = 0
[pid 6184] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 6184] write(1, "executing program\n", 18) = 18
[pid 6184] memfd_create("syzkaller", 0) = 3
[pid 6184] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6bc3f59000
[pid 6184] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 6184] munmap(0x7f6bc3f59000, 138412032) = 0
[pid 6184] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 6184] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 6184] close(3) = 0
[pid 6184] close(4) = 0
[pid 6184] mkdir("./file0", 0777) = 0
[ 75.285889][ T6184] loop0: detected capacity change from 0 to 32768
[ 75.320280][ T6184] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor410 (6184)
[pid 6184] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,metadata_ratio=0x0000000000000000,ssd_spread,") = 0
[ 75.323875][ T6184] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 75.323955][ T6184] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[ 75.324013][ T6184] BTRFS info (device loop0): using free-space-tree
[ 75.376197][ T6184] BTRFS info (device loop0): rebuilding free space tree
[pid 6184] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 6184] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid 6184] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 6184] chdir("./file0") = 0
[pid 6184] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 4
[pid 6184] ioctl(4, IMADDTIMER, 0x200000001b00) = 0
[pid 6184] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 6184] write(5, "31", 2) = 2
[pid 6184] mkdir(".", 0777) = -1 EEXIST (File exists)
[pid 6184] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument)
[pid 6184] exit_group(0) = ?
[pid 6184] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6184, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=8 /* 0.08 s */} ---
umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[ 75.450611][ T5027] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 75.469413][ T6184] FAULT_INJECTION: forcing a failure.
[ 75.469413][ T6184] name failslab, interval 1, probability 0, space 0, times 0
[ 75.469436][ T6184] CPU: 1 UID: 0 PID: 6184 Comm: syz-executor410 Tainted: G W 6.17.0-rc1-syzkaller-00214-g99bade344cfa #0 PREEMPT_{RT,(full)}
getdents64(3, 0x555587b1a6f0 /* 4 entries */, 32768) = 112
[ 75.469452][ T6184] Tainted: [W]=WARN
[ 75.469455][ T6184] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 75.469461][ T6184] Call Trace:
[ 75.469464][ T6184]
[ 75.469468][ T6184] dump_stack_lvl+0x189/0x250
[ 75.469486][ T6184] ? __pfx____ratelimit+0x10/0x10
[ 75.469498][ T6184] ? __pfx_dump_stack_lvl+0x10/0x10
[ 75.469510][ T6184] ? __pfx__printk+0x10/0x10
[ 75.469520][ T6184] ? fs_reclaim_acquire+0x7d/0x100
[ 75.469528][ T6184] ? rcu_is_watching+0x15/0xb0
umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 75.469542][ T6184] ? __pfx___might_resched+0x10/0x10
[ 75.469551][ T6184] ? lock_acquire+0x5f/0x360
[ 75.469563][ T6184] should_fail_ex+0x46c/0x600
[ 75.469575][ T6184] ? btrfs_add_to_free_space_tree+0xde/0x5b0
[ 75.469587][ T6184] should_failslab+0xa8/0x100
[ 75.469599][ T6184] ? btrfs_add_to_free_space_tree+0xde/0x5b0
[ 75.469609][ T6184] kmem_cache_alloc_noprof+0x6e/0x310
[ 75.469622][ T6184] btrfs_add_to_free_space_tree+0xde/0x5b0
[ 75.469633][ T6184] __btrfs_free_extent+0x167b/0x4250
[ 75.469648][ T6184] ? __pfx___btrfs_free_extent+0x10/0x10
openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555587b22730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555587b22730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./20/file0") = 0
umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./20/binderfs") = 0
getdents64(3, 0x555587b1a6f0 /* 0 entries */, 32768) = 0
[ 75.469657][ T6184] ? migrate_disable+0x160/0x190
[ 75.469668][ T6184] ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 75.469677][ T6184] ? lock_release+0x4b/0x3e0
[ 75.469687][ T6184] ? __btrfs_run_delayed_refs+0x33e8/0x4150
[ 75.469701][ T6184] __btrfs_run_delayed_refs+0xe7f/0x4150
[ 75.469717][ T6184] ? is_bpf_text_address+0x26/0x2b0
[ 75.469732][ T6184] ? is_bpf_text_address+0x292/0x2b0
[ 75.469743][ T6184] ? __pfx___btrfs_run_delayed_refs+0x10/0x10
[ 75.469757][ T6184] ? try_to_take_rt_mutex+0x840/0xb00
close(3) = 0
rmdir("./20") = 0
mkdir("./21", 0777) = 0
[ 75.469766][ T6184] ? unwind_get_return_address+0x4d/0x90
[ 75.469778][ T6184] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 75.469788][ T6184] ? arch_stack_walk+0xfc/0x150
[ 75.469802][ T6184] ? rtlock_slowlock_locked+0xd8/0x4010
[ 75.469811][ T6184] ? stack_trace_save+0x9c/0xe0
[ 75.469820][ T6184] ? __pfx_stack_trace_save+0x10/0x10
[ 75.469829][ T6184] ? stack_depot_save_flags+0x40/0x860
[ 75.469841][ T6184] ? btrfs_commit_transaction+0x161/0x3950
[ 75.469853][ T6184] ? rcu_is_watching+0x15/0xb0
[ 75.469865][ T6184] ? lock_acquire+0x5f/0x360
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
[ 75.469875][ T6184] ? rcu_is_watching+0x15/0xb0
[ 75.469888][ T6184] btrfs_run_delayed_refs+0xe6/0x3b0
[ 75.469901][ T6184] btrfs_commit_transaction+0x269/0x3950
[ 75.469912][ T6184] ? rcu_is_watching+0x15/0xb0
[ 75.469924][ T6184] ? btrfs_commit_transaction+0x161/0x3950
[ 75.469935][ T6184] ? lock_acquire+0x5f/0x360
[ 75.469945][ T6184] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 75.469966][ T6184] ? rt_mutex_slowunlock+0x493/0x8a0
[ 75.469975][ T6184] ? migrate_disable+0xd5/0x190
[ 75.469985][ T6184] ? join_transaction+0x41b/0xca0
[ 75.469996][ T6184] ? rcu_is_watching+0x15/0xb0
[ 75.470008][ T6184] ? lock_acquire+0x5f/0x360
[ 75.470018][ T6184] ? __pfx_btrfs_commit_transaction+0x10/0x10
[ 75.470030][ T6184] ? join_transaction+0x41b/0xca0
[ 75.470042][ T6184] ? btrfs_record_root_in_trans+0x91/0x180
[ 75.470053][ T6184] ? start_transaction+0x439/0x1620
[ 75.470066][ T6184] ? btrfs_attach_transaction_barrier+0x32/0xa0
[ 75.470077][ T6184] ? btrfs_sync_fs+0x1b2/0x6a0
[ 75.470090][ T6184] sync_filesystem+0x1ce/0x250
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6201 attached
, child_tidptr=0x555587b19650) = 6201
[pid 6201] set_robust_list(0x555587b19660, 24) = 0
[pid 6201] chdir("./21") = 0
[pid 6201] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 6201] setpgid(0, 0) = 0
[ 75.470103][ T6184] btrfs_reconfigure+0x2fa/0x2160
[ 75.470113][ T6184] ? __pfx_list_lru_walk_node+0x10/0x10
[ 75.470126][ T6184] ? __pfx_btrfs_reconfigure+0x10/0x10
[ 75.470135][ T6184] ? __pfx_shrink_dcache_sb+0x10/0x10
[ 75.470149][ T6184] ? rcu_is_watching+0x15/0xb0
[ 75.470163][ T6184] reconfigure_super+0x224/0x890
[ 75.470174][ T6184] path_mount+0xd18/0xfe0
[ 75.470188][ T6184] __se_sys_mount+0x317/0x410
[ 75.470200][ T6184] ? __pfx___se_sys_mount+0x10/0x10
[ 75.470214][ T6184] ? rcu_is_watching+0x15/0xb0
[pid 6201] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 6201] write(3, "1000", 4) = 4
[pid 6201] close(3) = 0
[pid 6201] symlink("/dev/binderfs", "./binderfs") = 0
[pid 6201] write(1, "executing program\n", 18executing program
) = 18
[pid 6201] memfd_create("syzkaller", 0) = 3
[pid 6201] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6bc3f59000
[ 75.470227][ T6184] ? __x64_sys_mount+0x20/0xc0
[ 75.470239][ T6184] do_syscall_64+0xfa/0x3b0
[ 75.470250][ T6184] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 75.470259][ T6184] ? clear_bhb_loop+0x60/0xb0
[ 75.470269][ T6184] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 75.470278][ T6184] RIP: 0033:0x7f6bcc3a931a
[ 75.470286][ T6184] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 3e 07 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 75.470294][ T6184] RSP: 002b:00007ffca25590d8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 75.470305][ T6184] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6bcc3a931a
[ 75.470312][ T6184] RDX: 0000200000000180 RSI: 00002000000006c0 RDI: 0000000000000000
[ 75.470318][ T6184] RBP: 0000200000000180 R08: 00007ffca2559170 R09: 0000200000000080
[ 75.470324][ T6184] R10: 0000000001a4243c R11: 0000000000000206 R12: 00002000000006c0
[ 75.470331][ T6184] R13: 00007ffca2559170 R14: 0000000000000000 R15: 0000200000000700
[ 75.470344][ T6184]
[ 75.470350][ T6184] BTRFS error (device loop0 state A): Transaction aborted (error -12)
[ 75.470365][ T6184] BTRFS: error (device loop0 state A) in btrfs_add_to_free_space_tree:1035: errno=-12 Out of memory
[ 75.470375][ T6184] BTRFS info (device loop0 state EA): forced readonly
[ 75.470383][ T6184] BTRFS: error (device loop0 state EA) in do_free_extent_accounting:3005: errno=-12 Out of memory
[ 75.470397][ T6184] BTRFS error (device loop0 state EA): failed to run delayed ref for logical 5394432 num_bytes 4096 type 176 action 2 ref_mod 1: -12
[pid 6201] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 6201] munmap(0x7f6bc3f59000, 138412032) = 0
[pid 6201] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 6201] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 6201] close(3) = 0
[ 75.470418][ T6184] BTRFS: error (device loop0 state EA) in btrfs_run_delayed_refs:2161: errno=-12 Out of memory
[ 75.470452][ T6184] BTRFS error (device loop0 state EMA): remounting read-write after error is not allowed
[ 75.527885][ T5833] BTRFS info (device loop0 state EA): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[pid 6201] close(4) = 0
[pid 6201] mkdir("./file0", 0777) = 0
[ 76.063948][ T6201] loop0: detected capacity change from 0 to 32768
[ 76.076753][ T6201] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor410 (6201)
[ 76.083083][ T6201] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[pid 6201] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,metadata_ratio=0x0000000000000000,ssd_spread,") = 0
[pid 6201] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[ 76.083154][ T6201] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[ 76.083217][ T6201] BTRFS info (device loop0): using free-space-tree
[ 76.151165][ T6201] BTRFS info (device loop0): rebuilding free space tree
[pid 6201] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid 6201] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 6201] chdir("./file0") = 0
[pid 6201] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 4
[pid 6201] ioctl(4, IMADDTIMER, 0x200000001b00) = 0
[pid 6201] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 6201] write(5, "31", 2) = 2
[pid 6201] mkdir(".", 0777) = -1 EEXIST (File exists)
[pid 6201] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument)
[pid 6201] exit_group(0) = ?
[pid 6201] +++ exited with 0 +++
[ 76.211136][ T12] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 76.212866][ T6201] FAULT_INJECTION: forcing a failure.
[ 76.212866][ T6201] name failslab, interval 1, probability 0, space 0, times 0
[ 76.212897][ T6201] CPU: 1 UID: 0 PID: 6201 Comm: syz-executor410 Tainted: G W 6.17.0-rc1-syzkaller-00214-g99bade344cfa #0 PREEMPT_{RT,(full)}
[ 76.212923][ T6201] Tainted: [W]=WARN
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6201, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=12 /* 0.12 s */} ---
umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555587b1a6f0 /* 4 entries */, 32768) = 112
[ 76.212928][ T6201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 76.212938][ T6201] Call Trace:
[ 76.212944][ T6201]
[ 76.212950][ T6201] dump_stack_lvl+0x189/0x250
[ 76.212978][ T6201] ? __pfx____ratelimit+0x10/0x10
[ 76.212998][ T6201] ? __pfx_dump_stack_lvl+0x10/0x10
[ 76.213021][ T6201] ? __pfx__printk+0x10/0x10
[ 76.213039][ T6201] ? __pfx___might_resched+0x10/0x10
[ 76.213056][ T6201] ? lock_acquire+0x5f/0x360
[ 76.213086][ T6201] should_fail_ex+0x46c/0x600
[ 76.213108][ T6201] ? __btrfs_free_extent+0x2f9/0x4250
[ 76.213126][ T6201] should_failslab+0xa8/0x100
[ 76.213148][ T6201] ? __btrfs_free_extent+0x2f9/0x4250
[ 76.213163][ T6201] kmem_cache_alloc_noprof+0x6e/0x310
[ 76.213186][ T6201] __btrfs_free_extent+0x2f9/0x4250
[ 76.213210][ T6201] ? rt_mutex_slowunlock+0x493/0x8a0
[ 76.213226][ T6201] ? __pfx___btrfs_free_extent+0x10/0x10
[ 76.213244][ T6201] ? __pfx_migrate_enable+0x10/0x10
[ 76.213263][ T6201] ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 76.213279][ T6201] ? lock_release+0x4b/0x3e0
[ 76.213298][ T6201] ? __btrfs_run_delayed_refs+0x33e8/0x4150
[ 76.213324][ T6201] __btrfs_run_delayed_refs+0xe7f/0x4150
[ 76.213354][ T6201] ? is_bpf_text_address+0x26/0x2b0
[ 76.213381][ T6201] ? is_bpf_text_address+0x292/0x2b0
[ 76.213402][ T6201] ? __pfx___btrfs_run_delayed_refs+0x10/0x10
[ 76.213426][ T6201] ? try_to_take_rt_mutex+0x840/0xb00
[ 76.213443][ T6201] ? unwind_get_return_address+0x4d/0x90
[ 76.213466][ T6201] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 76.213484][ T6201] ? arch_stack_walk+0xfc/0x150
[ 76.213508][ T6201] ? rtlock_slowlock_locked+0xd8/0x4010
[ 76.213525][ T6201] ? stack_trace_save+0x9c/0xe0
[ 76.213541][ T6201] ? __pfx_stack_trace_save+0x10/0x10
[ 76.213558][ T6201] ? stack_depot_save_flags+0x40/0x860
[ 76.213579][ T6201] ? btrfs_commit_transaction+0x161/0x3950
[ 76.213599][ T6201] ? rcu_is_watching+0x15/0xb0
[ 76.213622][ T6201] ? lock_acquire+0x5f/0x360
[ 76.213641][ T6201] ? rcu_is_watching+0x15/0xb0
[ 76.213664][ T6201] btrfs_run_delayed_refs+0xe6/0x3b0
[ 76.213688][ T6201] btrfs_commit_transaction+0x269/0x3950
[ 76.213709][ T6201] ? rcu_is_watching+0x15/0xb0
umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[ 76.213732][ T6201] ? btrfs_commit_transaction+0x161/0x3950
[ 76.213752][ T6201] ? lock_acquire+0x5f/0x360
[ 76.213771][ T6201] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 76.213792][ T6201] ? rt_mutex_slowunlock+0x493/0x8a0
[ 76.213807][ T6201] ? migrate_disable+0xd5/0x190
[ 76.213825][ T6201] ? join_transaction+0x41b/0xca0
[ 76.213845][ T6201] ? rcu_is_watching+0x15/0xb0
[ 76.213867][ T6201] ? lock_acquire+0x5f/0x360
[ 76.213887][ T6201] ? __pfx_btrfs_commit_transaction+0x10/0x10
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555587b22730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555587b22730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./21/file0") = 0
umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./21/binderfs") = 0
getdents64(3, 0x555587b1a6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./21") = 0
mkdir("./22", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
[ 76.213909][ T6201] ? join_transaction+0x41b/0xca0
[ 76.213931][ T6201] ? btrfs_record_root_in_trans+0x91/0x180
[ 76.213951][ T6201] ? start_transaction+0x439/0x1620
[ 76.213977][ T6201] ? btrfs_attach_transaction_barrier+0x32/0xa0
[ 76.213998][ T6201] ? btrfs_sync_fs+0x1b2/0x6a0
[ 76.214019][ T6201] sync_filesystem+0x1ce/0x250
[ 76.214042][ T6201] btrfs_reconfigure+0x2fa/0x2160
[ 76.214062][ T6201] ? __pfx_list_lru_walk_node+0x10/0x10
[ 76.214093][ T6201] ? __pfx_btrfs_reconfigure+0x10/0x10
[ 76.214110][ T6201] ? __pfx_shrink_dcache_sb+0x10/0x10
[ 76.214135][ T6201] ? rcu_is_watching+0x15/0xb0
[ 76.214159][ T6201] reconfigure_super+0x224/0x890
[ 76.214180][ T6201] path_mount+0xd18/0xfe0
[ 76.214206][ T6201] __se_sys_mount+0x317/0x410
[ 76.214229][ T6201] ? __pfx___se_sys_mount+0x10/0x10
[ 76.214251][ T6201] ? rcu_is_watching+0x15/0xb0
[ 76.214275][ T6201] ? __x64_sys_mount+0x20/0xc0
[ 76.214296][ T6201] do_syscall_64+0xfa/0x3b0
[ 76.214316][ T6201] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 76.214333][ T6201] ? clear_bhb_loop+0x60/0xb0
[ 76.214351][ T6201] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 76.214367][ T6201] RIP: 0033:0x7f6bcc3a931a
[ 76.214382][ T6201] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 3e 07 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 76.214395][ T6201] RSP: 002b:00007ffca25590d8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 76.214414][ T6201] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6bcc3a931a
[ 76.214426][ T6201] RDX: 0000200000000180 RSI: 00002000000006c0 RDI: 0000000000000000
[ 76.214438][ T6201] RBP: 0000200000000180 R08: 00007ffca2559170 R09: 0000200000000080
[ 76.214450][ T6201] R10: 0000000001a4243c R11: 0000000000000206 R12: 00002000000006c0
[ 76.214462][ T6201] R13: 00007ffca2559170 R14: 0000000000000000 R15: 0000200000000700
[ 76.214480][ T6201]
[ 76.214490][ T6201] BTRFS error (device loop0): failed to run delayed ref for logical 5394432 num_bytes 4096 type 176 action 2 ref_mod 1: -12
[ 76.214528][ T6201] BTRFS error (device loop0 state A): Transaction aborted (error -12)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555587b19650) = 6219
./strace-static-x86_64: Process 6219 attached
[pid 6219] set_robust_list(0x555587b19660, 24) = 0
[pid 6219] chdir("./22") = 0
[pid 6219] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[ 76.214546][ T6201] BTRFS: error (device loop0 state A) in btrfs_run_delayed_refs:2161: errno=-12 Out of memory
[ 76.214562][ T6201] BTRFS info (device loop0 state EA): forced readonly
[ 76.214931][ T6201] BTRFS error (device loop0 state EMA): remounting read-write after error is not allowed
[ 76.426561][ T5833] BTRFS info (device loop0 state EA): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 76.546437][ T1013] cfg80211: failed to load regulatory.db
[pid 6219] setpgid(0, 0) = 0
[pid 6219] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 6219] write(3, "1000", 4) = 4
[pid 6219] close(3) = 0
[pid 6219] symlink("/dev/binderfs", "./binderfs") = 0
[pid 6219] write(1, "executing program\n", 18executing program
) = 18
[pid 6219] memfd_create("syzkaller", 0) = 3
[pid 6219] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6bc3f59000
[pid 6219] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 6219] munmap(0x7f6bc3f59000, 138412032) = 0
[pid 6219] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 6219] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 6219] close(3) = 0
[pid 6219] close(4) = 0
[pid 6219] mkdir("./file0", 0777) = 0
[ 76.974561][ T6219] loop0: detected capacity change from 0 to 32768
[ 76.984290][ T6219] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor410 (6219)
[ 76.993103][ T6219] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 76.993164][ T6219] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[ 76.993242][ T6219] BTRFS info (device loop0): using free-space-tree
[pid 6219] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,metadata_ratio=0x0000000000000000,ssd_spread,") = 0
[pid 6219] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 6219] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[ 77.013822][ T6219] BTRFS info (device loop0): rebuilding free space tree
[pid 6219] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 6219] chdir("./file0") = 0
[pid 6219] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 4
[pid 6219] ioctl(4, IMADDTIMER, 0x200000001b00) = 0
[pid 6219] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 6219] write(5, "31", 2) = 2
[pid 6219] mkdir(".", 0777) = -1 EEXIST (File exists)
[pid 6219] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument)
[pid 6219] exit_group(0) = ?
[pid 6219] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6219, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=9 /* 0.09 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555587b1a6f0 /* 4 entries */, 32768) = 112
[ 77.094952][ T13] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 77.096941][ T6219] FAULT_INJECTION: forcing a failure.
[ 77.096941][ T6219] name failslab, interval 1, probability 0, space 0, times 0
[ 77.096973][ T6219] CPU: 0 UID: 0 PID: 6219 Comm: syz-executor410 Tainted: G W 6.17.0-rc1-syzkaller-00214-g99bade344cfa #0 PREEMPT_{RT,(full)}
[ 77.097007][ T6219] Tainted: [W]=WARN
[ 77.097013][ T6219] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 77.097023][ T6219] Call Trace:
[ 77.097029][ T6219]
[ 77.097036][ T6219] dump_stack_lvl+0x189/0x250
[ 77.097063][ T6219] ? __pfx____ratelimit+0x10/0x10
[ 77.097083][ T6219] ? __pfx_dump_stack_lvl+0x10/0x10
[ 77.097105][ T6219] ? __pfx__printk+0x10/0x10
[ 77.097122][ T6219] ? fs_reclaim_acquire+0x7d/0x100
[ 77.097137][ T6219] ? rcu_is_watching+0x15/0xb0
[ 77.097160][ T6219] ? __pfx___might_resched+0x10/0x10
[ 77.097178][ T6219] ? lock_acquire+0x5f/0x360
umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[ 77.097198][ T6219] should_fail_ex+0x46c/0x600
[ 77.097219][ T6219] ? btrfs_add_to_free_space_tree+0xde/0x5b0
[ 77.097240][ T6219] should_failslab+0xa8/0x100
[ 77.097262][ T6219] ? btrfs_add_to_free_space_tree+0xde/0x5b0
[ 77.097281][ T6219] kmem_cache_alloc_noprof+0x6e/0x310
[ 77.097303][ T6219] btrfs_add_to_free_space_tree+0xde/0x5b0
[ 77.097325][ T6219] __btrfs_free_extent+0x167b/0x4250
[ 77.097349][ T6219] ? __pfx___btrfs_free_extent+0x10/0x10
[ 77.097367][ T6219] ? migrate_disable+0x160/0x190
executing program
umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555587b22730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555587b22730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./22/file0") = 0
umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./22/binderfs") = 0
getdents64(3, 0x555587b1a6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./22") = 0
mkdir("./23", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555587b19650) = 6237
./strace-static-x86_64: Process 6237 attached
[pid 6237] set_robust_list(0x555587b19660, 24) = 0
[pid 6237] chdir("./23") = 0
[pid 6237] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 6237] setpgid(0, 0) = 0
[pid 6237] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 6237] write(3, "1000", 4) = 4
[pid 6237] close(3) = 0
[pid 6237] symlink("/dev/binderfs", "./binderfs") = 0
[pid 6237] write(1, "executing program\n", 18) = 18
[pid 6237] memfd_create("syzkaller", 0) = 3
[pid 6237] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6bc3f59000
[ 77.097385][ T6219] ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 77.097402][ T6219] ? lock_release+0x4b/0x3e0
[ 77.097421][ T6219] ? __btrfs_run_delayed_refs+0x33e8/0x4150
[ 77.097448][ T6219] __btrfs_run_delayed_refs+0xe7f/0x4150
[ 77.097476][ T6219] ? is_bpf_text_address+0x26/0x2b0
[ 77.097504][ T6219] ? is_bpf_text_address+0x292/0x2b0
[ 77.097525][ T6219] ? __pfx___btrfs_run_delayed_refs+0x10/0x10
[ 77.097550][ T6219] ? try_to_take_rt_mutex+0x840/0xb00
[ 77.097566][ T6219] ? unwind_get_return_address+0x4d/0x90
[ 77.097587][ T6219] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 77.097605][ T6219] ? arch_stack_walk+0xfc/0x150
[ 77.097629][ T6219] ? rtlock_slowlock_locked+0xd8/0x4010
[ 77.097646][ T6219] ? stack_trace_save+0x9c/0xe0
[ 77.097662][ T6219] ? __pfx_stack_trace_save+0x10/0x10
[ 77.097678][ T6219] ? stack_depot_save_flags+0x40/0x860
[ 77.097699][ T6219] ? btrfs_commit_transaction+0x161/0x3950
[ 77.097720][ T6219] ? rcu_is_watching+0x15/0xb0
[ 77.097742][ T6219] ? lock_acquire+0x5f/0x360
[ 77.097762][ T6219] ? rcu_is_watching+0x15/0xb0
[ 77.097785][ T6219] btrfs_run_delayed_refs+0xe6/0x3b0
[ 77.097809][ T6219] btrfs_commit_transaction+0x269/0x3950
[ 77.097830][ T6219] ? rcu_is_watching+0x15/0xb0
[ 77.097852][ T6219] ? btrfs_commit_transaction+0x161/0x3950
[ 77.097872][ T6219] ? lock_acquire+0x5f/0x360
[ 77.097890][ T6219] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 77.097912][ T6219] ? rt_mutex_slowunlock+0x493/0x8a0
[ 77.097927][ T6219] ? migrate_disable+0xd5/0x190
[ 77.097946][ T6219] ? join_transaction+0x41b/0xca0
[ 77.097966][ T6219] ? rcu_is_watching+0x15/0xb0
[ 77.098013][ T6219] ? lock_acquire+0x5f/0x360
[ 77.098033][ T6219] ? __pfx_btrfs_commit_transaction+0x10/0x10
[ 77.098055][ T6219] ? join_transaction+0x41b/0xca0
[ 77.098077][ T6219] ? btrfs_record_root_in_trans+0x91/0x180
[ 77.098098][ T6219] ? start_transaction+0x439/0x1620
[ 77.098122][ T6219] ? btrfs_attach_transaction_barrier+0x32/0xa0
[ 77.098142][ T6219] ? btrfs_sync_fs+0x1b2/0x6a0
[ 77.098164][ T6219] sync_filesystem+0x1ce/0x250
[ 77.098188][ T6219] btrfs_reconfigure+0x2fa/0x2160
[ 77.098209][ T6219] ? __pfx_list_lru_walk_node+0x10/0x10
[ 77.098233][ T6219] ? __pfx_btrfs_reconfigure+0x10/0x10
[ 77.098249][ T6219] ? __pfx_shrink_dcache_sb+0x10/0x10
[ 77.098274][ T6219] ? rcu_is_watching+0x15/0xb0
[ 77.098299][ T6219] reconfigure_super+0x224/0x890
[ 77.098320][ T6219] path_mount+0xd18/0xfe0
[ 77.098345][ T6219] __se_sys_mount+0x317/0x410
[ 77.098368][ T6219] ? __pfx___se_sys_mount+0x10/0x10
[ 77.098389][ T6219] ? rcu_is_watching+0x15/0xb0
[ 77.098413][ T6219] ? __x64_sys_mount+0x20/0xc0
[ 77.098436][ T6219] do_syscall_64+0xfa/0x3b0
[ 77.098456][ T6219] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 77.098472][ T6219] ? clear_bhb_loop+0x60/0xb0
[ 77.098490][ T6219] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 77.098506][ T6219] RIP: 0033:0x7f6bcc3a931a
[ 77.098521][ T6219] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 3e 07 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 77.098536][ T6219] RSP: 002b:00007ffca25590d8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[pid 6237] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[ 77.098554][ T6219] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6bcc3a931a
[ 77.098567][ T6219] RDX: 0000200000000180 RSI: 00002000000006c0 RDI: 0000000000000000
[ 77.098578][ T6219] RBP: 0000200000000180 R08: 00007ffca2559170 R09: 0000200000000080
[ 77.098591][ T6219] R10: 0000000001a4243c R11: 0000000000000206 R12: 00002000000006c0
[ 77.098603][ T6219] R13: 00007ffca2559170 R14: 0000000000000000 R15: 0000200000000700
[ 77.098621][ T6219]
[ 77.098630][ T6219] BTRFS error (device loop0 state A): Transaction aborted (error -12)
[pid 6237] munmap(0x7f6bc3f59000, 138412032) = 0
[pid 6237] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 6237] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 6237] close(3) = 0
[pid 6237] close(4) = 0
[pid 6237] mkdir("./file0", 0777) = 0
[ 77.098649][ T6219] BTRFS: error (device loop0 state A) in btrfs_add_to_free_space_tree:1035: errno=-12 Out of memory
[ 77.098666][ T6219] BTRFS info (device loop0 state EA): forced readonly
[ 77.098681][ T6219] BTRFS: error (device loop0 state EA) in do_free_extent_accounting:3005: errno=-12 Out of memory
[ 77.098706][ T6219] BTRFS error (device loop0 state EA): failed to run delayed ref for logical 5394432 num_bytes 4096 type 176 action 2 ref_mod 1: -12
[ 77.098742][ T6219] BTRFS: error (device loop0 state EA) in btrfs_run_delayed_refs:2161: errno=-12 Out of memory
[ 77.099121][ T6219] BTRFS error (device loop0 state EMA): remounting read-write after error is not allowed
[ 77.158030][ T5833] BTRFS info (device loop0 state EA): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 77.624582][ T6237] loop0: detected capacity change from 0 to 32768
[ 77.633597][ T6237] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor410 (6237)
[pid 6237] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,metadata_ratio=0x0000000000000000,ssd_spread,") = 0
[pid 6237] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 6237] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid 6237] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 6237] chdir("./file0") = 0
[pid 6237] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 4
[pid 6237] ioctl(4, IMADDTIMER, 0x200000001b00) = 0
[pid 6237] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 6237] write(5, "31", 2) = 2
[pid 6237] mkdir(".", 0777) = -1 EEXIST (File exists)
[ 77.649528][ T6237] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 77.649592][ T6237] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[ 77.649658][ T6237] BTRFS info (device loop0): using free-space-tree
[ 77.691950][ T6237] BTRFS info (device loop0): rebuilding free space tree
[pid 6237] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = 0
[pid 6237] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 6
[pid 6237] exit_group(0) = ?
[pid 6237] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6237, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=17 /* 0.17 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555587b1a6f0 /* 4 entries */, 32768) = 112
[ 77.772925][ T43] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555587b22730 /* 2 entries */, 32768) = 48
[ 77.819853][ T5833] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
getdents64(4, 0x555587b22730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./23/file0") = 0
umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./23/binderfs") = 0
getdents64(3, 0x555587b1a6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./23") = 0
mkdir("./24", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6254 attached
, child_tidptr=0x555587b19650) = 6254
[pid 6254] set_robust_list(0x555587b19660, 24) = 0
[pid 6254] chdir("./24") = 0
[pid 6254] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 6254] setpgid(0, 0) = 0
[pid 6254] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 6254] write(3, "1000", 4) = 4
[pid 6254] close(3) = 0
[pid 6254] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 6254] write(1, "executing program\n", 18) = 18
[pid 6254] memfd_create("syzkaller", 0) = 3
[pid 6254] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6bc3f59000
[pid 6254] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 6254] munmap(0x7f6bc3f59000, 138412032) = 0
[pid 6254] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 6254] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 6254] close(3) = 0
[pid 6254] close(4) = 0
[pid 6254] mkdir("./file0", 0777) = 0
[ 78.302408][ T6254] loop0: detected capacity change from 0 to 32768
[ 78.308695][ T6254] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor410 (6254)
[ 78.311152][ T6254] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 78.311211][ T6254] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[pid 6254] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,metadata_ratio=0x0000000000000000,ssd_spread,") = 0
[pid 6254] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 6254] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid 6254] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 6254] chdir("./file0") = 0
[pid 6254] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 4
[pid 6254] ioctl(4, IMADDTIMER, 0x200000001b00) = 0
[pid 6254] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 6254] write(5, "31", 2) = 2
[pid 6254] mkdir(".", 0777) = -1 EEXIST (File exists)
[ 78.311277][ T6254] BTRFS info (device loop0): using free-space-tree
[ 78.346812][ T6254] BTRFS info (device loop0): rebuilding free space tree
[pid 6254] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument)
[pid 6254] exit_group(0) = ?
[pid 6254] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6254, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=7 /* 0.07 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555587b1a6f0 /* 4 entries */, 32768) = 112
[ 78.416273][ T13] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 78.417603][ T6254] FAULT_INJECTION: forcing a failure.
[ 78.417603][ T6254] name failslab, interval 1, probability 0, space 0, times 0
[ 78.417634][ T6254] CPU: 0 UID: 0 PID: 6254 Comm: syz-executor410 Tainted: G W 6.17.0-rc1-syzkaller-00214-g99bade344cfa #0 PREEMPT_{RT,(full)}
[ 78.417660][ T6254] Tainted: [W]=WARN
[ 78.417666][ T6254] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 78.417676][ T6254] Call Trace:
[ 78.417682][ T6254]
[ 78.417689][ T6254] dump_stack_lvl+0x189/0x250
[ 78.417728][ T6254] ? __pfx____ratelimit+0x10/0x10
[ 78.417748][ T6254] ? __pfx_dump_stack_lvl+0x10/0x10
[ 78.417770][ T6254] ? __pfx__printk+0x10/0x10
[ 78.417789][ T6254] ? fs_reclaim_acquire+0x7d/0x100
[ 78.417804][ T6254] ? rcu_is_watching+0x15/0xb0
[ 78.417829][ T6254] ? __pfx___might_resched+0x10/0x10
[ 78.417845][ T6254] ? lock_acquire+0x5f/0x360
[ 78.417866][ T6254] should_fail_ex+0x46c/0x600
[ 78.417887][ T6254] ? btrfs_add_to_free_space_tree+0xde/0x5b0
[ 78.417907][ T6254] should_failslab+0xa8/0x100
[ 78.417929][ T6254] ? btrfs_add_to_free_space_tree+0xde/0x5b0
[ 78.417947][ T6254] kmem_cache_alloc_noprof+0x6e/0x310
[ 78.417972][ T6254] btrfs_add_to_free_space_tree+0xde/0x5b0
[ 78.417994][ T6254] __btrfs_free_extent+0x167b/0x4250
[ 78.418018][ T6254] ? __pfx___btrfs_free_extent+0x10/0x10
[ 78.418035][ T6254] ? migrate_disable+0x160/0x190
[ 78.418054][ T6254] ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 78.418072][ T6254] ? lock_release+0x4b/0x3e0
[ 78.418091][ T6254] ? __btrfs_run_delayed_refs+0x33e8/0x4150
[ 78.418118][ T6254] __btrfs_run_delayed_refs+0xe7f/0x4150
[ 78.418147][ T6254] ? is_bpf_text_address+0x26/0x2b0
[ 78.418176][ T6254] ? is_bpf_text_address+0x292/0x2b0
[ 78.418197][ T6254] ? __pfx___btrfs_run_delayed_refs+0x10/0x10
[ 78.418222][ T6254] ? try_to_take_rt_mutex+0x840/0xb00
[ 78.418239][ T6254] ? unwind_get_return_address+0x4d/0x90
[ 78.418262][ T6254] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 78.418281][ T6254] ? arch_stack_walk+0xfc/0x150
[ 78.418304][ T6254] ? rtlock_slowlock_locked+0xd8/0x4010
[ 78.418322][ T6254] ? stack_trace_save+0x9c/0xe0
[ 78.418339][ T6254] ? __pfx_stack_trace_save+0x10/0x10
[ 78.418357][ T6254] ? stack_depot_save_flags+0x40/0x860
[ 78.418377][ T6254] ? btrfs_commit_transaction+0x161/0x3950
[ 78.418399][ T6254] ? rcu_is_watching+0x15/0xb0
[ 78.418421][ T6254] ? lock_acquire+0x5f/0x360
[ 78.418440][ T6254] ? rcu_is_watching+0x15/0xb0
[ 78.418463][ T6254] btrfs_run_delayed_refs+0xe6/0x3b0
[ 78.418488][ T6254] btrfs_commit_transaction+0x269/0x3950
[ 78.418507][ T6254] ? rcu_is_watching+0x15/0xb0
[ 78.418529][ T6254] ? btrfs_commit_transaction+0x161/0x3950
[ 78.418550][ T6254] ? lock_acquire+0x5f/0x360
[ 78.418570][ T6254] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 78.418591][ T6254] ? rt_mutex_slowunlock+0x493/0x8a0
[ 78.418606][ T6254] ? migrate_disable+0xd5/0x190
[ 78.418626][ T6254] ? join_transaction+0x41b/0xca0
[ 78.418647][ T6254] ? rcu_is_watching+0x15/0xb0
[ 78.418669][ T6254] ? lock_acquire+0x5f/0x360
[ 78.418690][ T6254] ? __pfx_btrfs_commit_transaction+0x10/0x10
[ 78.418720][ T6254] ? join_transaction+0x41b/0xca0
[ 78.418743][ T6254] ? btrfs_record_root_in_trans+0x91/0x180
[ 78.418762][ T6254] ? start_transaction+0x439/0x1620
[ 78.418788][ T6254] ? btrfs_attach_transaction_barrier+0x32/0xa0
[ 78.418808][ T6254] ? btrfs_sync_fs+0x1b2/0x6a0
[ 78.418830][ T6254] sync_filesystem+0x1ce/0x250
[ 78.418856][ T6254] btrfs_reconfigure+0x2fa/0x2160
[ 78.418876][ T6254] ? __pfx_list_lru_walk_node+0x10/0x10
umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555587b22730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555587b22730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./24/file0") = 0
[ 78.418900][ T6254] ? __pfx_btrfs_reconfigure+0x10/0x10
[ 78.418918][ T6254] ? __pfx_shrink_dcache_sb+0x10/0x10
[ 78.418942][ T6254] ? rcu_is_watching+0x15/0xb0
[ 78.418966][ T6254] reconfigure_super+0x224/0x890
[ 78.418989][ T6254] path_mount+0xd18/0xfe0
[ 78.419014][ T6254] __se_sys_mount+0x317/0x410
[ 78.419037][ T6254] ? __pfx___se_sys_mount+0x10/0x10
[ 78.419059][ T6254] ? __pfx_blkcg_maybe_throttle_current+0x10/0x10
[ 78.419086][ T6254] ? __x64_sys_mount+0x20/0xc0
[ 78.419108][ T6254] do_syscall_64+0xfa/0x3b0
umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./24/binderfs") = 0
getdents64(3, 0x555587b1a6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./24") = 0
[ 78.419128][ T6254] ? rcu_is_watching+0x15/0xb0
[ 78.419149][ T6254] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 78.419166][ T6254] ? clear_bhb_loop+0x60/0xb0
[ 78.419184][ T6254] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 78.419201][ T6254] RIP: 0033:0x7f6bcc3a931a
[ 78.419215][ T6254] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 3e 07 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
mkdir("./25", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
[ 78.419230][ T6254] RSP: 002b:00007ffca25590d8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 78.419249][ T6254] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6bcc3a931a
[ 78.419261][ T6254] RDX: 0000200000000180 RSI: 00002000000006c0 RDI: 0000000000000000
[ 78.419273][ T6254] RBP: 0000200000000180 R08: 00007ffca2559170 R09: 0000200000000080
[ 78.419285][ T6254] R10: 0000000001a4243c R11: 0000000000000206 R12: 00002000000006c0
[ 78.419296][ T6254] R13: 00007ffca2559170 R14: 0000000000000000 R15: 0000200000000700
[ 78.419314][ T6254]
[ 78.419324][ T6254] BTRFS error (device loop0 state A): Transaction aborted (error -12)
[ 78.419343][ T6254] BTRFS: error (device loop0 state A) in btrfs_add_to_free_space_tree:1035: errno=-12 Out of memory
[ 78.419361][ T6254] BTRFS info (device loop0 state EA): forced readonly
[ 78.419376][ T6254] BTRFS: error (device loop0 state EA) in do_free_extent_accounting:3005: errno=-12 Out of memory
[ 78.419402][ T6254] BTRFS error (device loop0 state EA): failed to run delayed ref for logical 5386240 num_bytes 4096 type 176 action 2 ref_mod 1: -12
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6272 attached
, child_tidptr=0x555587b19650) = 6272
[pid 6272] set_robust_list(0x555587b19660, 24) = 0
[pid 6272] chdir("./25") = 0
[pid 6272] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 6272] setpgid(0, 0) = 0
[pid 6272] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 6272] write(3, "1000", 4) = 4
[pid 6272] close(3) = 0
[ 78.419440][ T6254] BTRFS: error (device loop0 state EA) in btrfs_run_delayed_refs:2161: errno=-12 Out of memory
[ 78.419825][ T6254] BTRFS error (device loop0 state EMA): remounting read-write after error is not allowed
[ 78.657512][ T5833] BTRFS info (device loop0 state EA): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[pid 6272] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 6272] write(1, "executing program\n", 18) = 18
[pid 6272] memfd_create("syzkaller", 0) = 3
[pid 6272] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6bc3f59000
[pid 6272] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 6272] munmap(0x7f6bc3f59000, 138412032) = 0
[pid 6272] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 6272] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 6272] close(3) = 0
[pid 6272] close(4) = 0
[pid 6272] mkdir("./file0", 0777) = 0
[ 79.196693][ T6272] loop0: detected capacity change from 0 to 32768
[ 79.231168][ T6272] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor410 (6272)
[ 79.238257][ T6272] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 79.238317][ T6272] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[ 79.238370][ T6272] BTRFS info (device loop0): using free-space-tree
[pid 6272] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,metadata_ratio=0x0000000000000000,ssd_spread,") = 0
[pid 6272] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 6272] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid 6272] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[ 79.303701][ T6272] BTRFS info (device loop0): rebuilding free space tree
[pid 6272] chdir("./file0") = 0
[pid 6272] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 4
[pid 6272] ioctl(4, IMADDTIMER, 0x200000001b00) = 0
[pid 6272] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 6272] write(5, "31", 2) = 2
[pid 6272] mkdir(".", 0777) = -1 EEXIST (File exists)
[pid 6272] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument)
[ 79.355567][ T13] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 79.386863][ T6272] FAULT_INJECTION: forcing a failure.
[pid 6272] exit_group(0) = ?
[pid 6272] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6272, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=10 /* 0.10 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[ 79.386863][ T6272] name failslab, interval 1, probability 0, space 0, times 0
[ 79.386888][ T6272] CPU: 1 UID: 0 PID: 6272 Comm: syz-executor410 Tainted: G W 6.17.0-rc1-syzkaller-00214-g99bade344cfa #0 PREEMPT_{RT,(full)}
[ 79.386904][ T6272] Tainted: [W]=WARN
[ 79.386907][ T6272] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 79.386913][ T6272] Call Trace:
[ 79.386917][ T6272]
[ 79.386921][ T6272] dump_stack_lvl+0x189/0x250
[ 79.386939][ T6272] ? __pfx____ratelimit+0x10/0x10
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555587b1a6f0 /* 4 entries */, 32768) = 112
[ 79.386951][ T6272] ? __pfx_dump_stack_lvl+0x10/0x10
[ 79.386963][ T6272] ? __pfx__printk+0x10/0x10
[ 79.386974][ T6272] ? __pfx___might_resched+0x10/0x10
[ 79.386984][ T6272] ? lock_acquire+0x5f/0x360
[ 79.386996][ T6272] should_fail_ex+0x46c/0x600
[ 79.387010][ T6272] ? __btrfs_free_extent+0x2f9/0x4250
[ 79.387027][ T6272] should_failslab+0xa8/0x100
[ 79.387047][ T6272] ? __btrfs_free_extent+0x2f9/0x4250
[ 79.387063][ T6272] kmem_cache_alloc_noprof+0x6e/0x310
[ 79.387082][ T6272] __btrfs_free_extent+0x2f9/0x4250
umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555587b22730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555587b22730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./25/file0") = 0
umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./25/binderfs") = 0
[ 79.387095][ T6272] ? rt_mutex_slowunlock+0x493/0x8a0
[ 79.387104][ T6272] ? __pfx___btrfs_free_extent+0x10/0x10
[ 79.387113][ T6272] ? __pfx_migrate_enable+0x10/0x10
[ 79.387125][ T6272] ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 79.387133][ T6272] ? lock_release+0x4b/0x3e0
[ 79.387144][ T6272] ? __btrfs_run_delayed_refs+0x33e8/0x4150
[ 79.387160][ T6272] __btrfs_run_delayed_refs+0xe7f/0x4150
[ 79.387175][ T6272] ? is_bpf_text_address+0x26/0x2b0
[ 79.387191][ T6272] ? is_bpf_text_address+0x292/0x2b0
getdents64(3, 0x555587b1a6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./25") = 0
mkdir("./26", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
[ 79.387202][ T6272] ? __pfx___btrfs_run_delayed_refs+0x10/0x10
[ 79.387216][ T6272] ? try_to_take_rt_mutex+0x840/0xb00
[ 79.387225][ T6272] ? unwind_get_return_address+0x4d/0x90
[ 79.387238][ T6272] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 79.387248][ T6272] ? arch_stack_walk+0xfc/0x150
[ 79.387262][ T6272] ? rtlock_slowlock_locked+0xd8/0x4010
[ 79.387272][ T6272] ? stack_trace_save+0x9c/0xe0
[ 79.387281][ T6272] ? __pfx_stack_trace_save+0x10/0x10
[ 79.387290][ T6272] ? stack_depot_save_flags+0x40/0x860
[ 79.387301][ T6272] ? btrfs_commit_transaction+0x161/0x3950
[ 79.387313][ T6272] ? rcu_is_watching+0x15/0xb0
[ 79.387326][ T6272] ? lock_acquire+0x5f/0x360
[ 79.387337][ T6272] ? rcu_is_watching+0x15/0xb0
[ 79.387350][ T6272] btrfs_run_delayed_refs+0xe6/0x3b0
[ 79.387363][ T6272] btrfs_commit_transaction+0x269/0x3950
[ 79.387375][ T6272] ? rcu_is_watching+0x15/0xb0
[ 79.387387][ T6272] ? btrfs_commit_transaction+0x161/0x3950
[ 79.387398][ T6272] ? lock_acquire+0x5f/0x360
[ 79.387408][ T6272] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
close(3) = 0
[ 79.387420][ T6272] ? rt_mutex_slowunlock+0x493/0x8a0
[ 79.387429][ T6272] ? migrate_disable+0xd5/0x190
[ 79.387439][ T6272] ? join_transaction+0x41b/0xca0
[ 79.387453][ T6272] ? rcu_is_watching+0x15/0xb0
[ 79.387466][ T6272] ? lock_acquire+0x5f/0x360
[ 79.387477][ T6272] ? __pfx_btrfs_commit_transaction+0x10/0x10
[ 79.387488][ T6272] ? join_transaction+0x41b/0xca0
[ 79.387501][ T6272] ? btrfs_record_root_in_trans+0x91/0x180
[ 79.387512][ T6272] ? start_transaction+0x439/0x1620
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555587b19650) = 6289
./strace-static-x86_64: Process 6289 attached
[pid 6289] set_robust_list(0x555587b19660, 24) = 0
[pid 6289] chdir("./26") = 0
[pid 6289] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 6289] setpgid(0, 0) = 0
[pid 6289] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 6289] write(3, "1000", 4) = 4
[pid 6289] close(3) = 0
[pid 6289] symlink("/dev/binderfs", "./binderfs") = 0
[ 79.387526][ T6272] ? btrfs_attach_transaction_barrier+0x32/0xa0
[ 79.387539][ T6272] ? btrfs_sync_fs+0x1b2/0x6a0
[ 79.387553][ T6272] sync_filesystem+0x1ce/0x250
[ 79.387567][ T6272] btrfs_reconfigure+0x2fa/0x2160
[ 79.387578][ T6272] ? __pfx_list_lru_walk_node+0x10/0x10
[ 79.387588][ T6272] ? preempt_schedule_irq+0xde/0x150
[ 79.387601][ T6272] ? __pfx_btrfs_reconfigure+0x10/0x10
[ 79.387610][ T6272] ? __pfx_shrink_dcache_sb+0x10/0x10
[ 79.387626][ T6272] reconfigure_super+0x224/0x890
[pid 6289] write(1, "executing program\n", 18executing program
) = 18
[pid 6289] memfd_create("syzkaller", 0) = 3
[pid 6289] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6bc3f59000
[ 79.387638][ T6272] path_mount+0xd18/0xfe0
[ 79.387652][ T6272] __se_sys_mount+0x317/0x410
[ 79.387665][ T6272] ? __pfx___se_sys_mount+0x10/0x10
[ 79.387676][ T6272] ? rcu_is_watching+0x15/0xb0
[ 79.387689][ T6272] ? __x64_sys_mount+0x20/0xc0
[ 79.387701][ T6272] do_syscall_64+0xfa/0x3b0
[ 79.387713][ T6272] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 79.387722][ T6272] ? clear_bhb_loop+0x60/0xb0
[ 79.387732][ T6272] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 79.387741][ T6272] RIP: 0033:0x7f6bcc3a931a
[ 79.387750][ T6272] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 3e 07 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 79.387759][ T6272] RSP: 002b:00007ffca25590d8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 79.387771][ T6272] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6bcc3a931a
[ 79.387778][ T6272] RDX: 0000200000000180 RSI: 00002000000006c0 RDI: 0000000000000000
[ 79.387791][ T6272] RBP: 0000200000000180 R08: 00007ffca2559170 R09: 0000200000000080
[ 79.387798][ T6272] R10: 0000000001a4243c R11: 0000000000000206 R12: 00002000000006c0
[ 79.387804][ T6272] R13: 00007ffca2559170 R14: 0000000000000000 R15: 0000200000000700
[ 79.387814][ T6272]
[ 79.387820][ T6272] BTRFS error (device loop0): failed to run delayed ref for logical 5394432 num_bytes 4096 type 176 action 2 ref_mod 1: -12
[ 79.387845][ T6272] BTRFS error (device loop0 state A): Transaction aborted (error -12)
[ 79.387855][ T6272] BTRFS: error (device loop0 state A) in btrfs_run_delayed_refs:2161: errno=-12 Out of memory
[pid 6289] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 6289] munmap(0x7f6bc3f59000, 138412032) = 0
[pid 6289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 79.387865][ T6272] BTRFS info (device loop0 state EA): forced readonly
[ 79.387899][ T6272] BTRFS error (device loop0 state EMA): remounting read-write after error is not allowed
[ 79.487481][ T5833] BTRFS info (device loop0 state EA): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[pid 6289] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 6289] close(3) = 0
[pid 6289] close(4) = 0
[pid 6289] mkdir("./file0", 0777) = 0
[ 79.965477][ T6289] loop0: detected capacity change from 0 to 32768
[ 79.983530][ T6289] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor410 (6289)
[ 80.006954][ T6289] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 80.006997][ T6289] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[ 80.007053][ T6289] BTRFS info (device loop0): using free-space-tree
[pid 6289] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,metadata_ratio=0x0000000000000000,ssd_spread,") = 0
[pid 6289] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 6289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid 6289] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 6289] chdir("./file0") = 0
[pid 6289] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 4
[pid 6289] ioctl(4, IMADDTIMER, 0x200000001b00) = 0
[pid 6289] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 6289] write(5, "31", 2) = 2
[pid 6289] mkdir(".", 0777) = -1 EEXIST (File exists)
[pid 6289] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = 0
[pid 6289] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 6
[pid 6289] exit_group(0) = ?
[pid 6289] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6289, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=13 /* 0.13 s */} ---
[ 80.059598][ T6289] BTRFS info (device loop0): rebuilding free space tree
[ 80.104545][ T12] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555587b1a6f0 /* 4 entries */, 32768) = 112
umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[ 80.250114][ T5833] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555587b22730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555587b22730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./26/file0") = 0
umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./26/binderfs") = 0
getdents64(3, 0x555587b1a6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./26") = 0
mkdir("./27", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6306 attached
, child_tidptr=0x555587b19650) = 6306
[pid 6306] set_robust_list(0x555587b19660, 24) = 0
[pid 6306] chdir("./27") = 0
[pid 6306] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 6306] setpgid(0, 0) = 0
[pid 6306] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 6306] write(3, "1000", 4) = 4
[pid 6306] close(3) = 0
[pid 6306] symlink("/dev/binderfs", "./binderfs") = 0
[pid 6306] write(1, "executing program\n", 18executing program
) = 18
[pid 6306] memfd_create("syzkaller", 0) = 3
[pid 6306] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6bc3f59000
[pid 6306] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 6306] munmap(0x7f6bc3f59000, 138412032) = 0
[pid 6306] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 6306] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 6306] close(3) = 0
[pid 6306] close(4) = 0
[pid 6306] mkdir("./file0", 0777) = 0
[ 80.697644][ T6306] loop0: detected capacity change from 0 to 32768
[ 80.725764][ T6306] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor410 (6306)
[pid 6306] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,metadata_ratio=0x0000000000000000,ssd_spread,") = 0
[pid 6306] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[ 80.731643][ T6306] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 80.731704][ T6306] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[ 80.731758][ T6306] BTRFS info (device loop0): using free-space-tree
[ 80.783352][ T6306] BTRFS info (device loop0): rebuilding free space tree
[pid 6306] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid 6306] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 6306] chdir("./file0") = 0
[pid 6306] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 4
[pid 6306] ioctl(4, IMADDTIMER, 0x200000001b00) = 0
[pid 6306] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 6306] write(5, "31", 2) = 2
[pid 6306] mkdir(".", 0777) = -1 EEXIST (File exists)
[pid 6306] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument)
[ 80.874634][ T13] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[pid 6306] exit_group(0) = ?
[pid 6306] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6306, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=12 /* 0.12 s */} ---
umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555587b1a6f0 /* 4 entries */, 32768) = 112
[ 80.926181][ T6306] FAULT_INJECTION: forcing a failure.
[ 80.926181][ T6306] name failslab, interval 1, probability 0, space 0, times 0
[ 80.926203][ T6306] CPU: 0 UID: 0 PID: 6306 Comm: syz-executor410 Tainted: G W 6.17.0-rc1-syzkaller-00214-g99bade344cfa #0 PREEMPT_{RT,(full)}
[ 80.926219][ T6306] Tainted: [W]=WARN
[ 80.926222][ T6306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 80.926228][ T6306] Call Trace:
[ 80.926232][ T6306]
[ 80.926236][ T6306] dump_stack_lvl+0x189/0x250
[ 80.926254][ T6306] ? __pfx____ratelimit+0x10/0x10
[ 80.926267][ T6306] ? __pfx_dump_stack_lvl+0x10/0x10
[ 80.926279][ T6306] ? __pfx__printk+0x10/0x10
[ 80.926289][ T6306] ? fs_reclaim_acquire+0x7d/0x100
[ 80.926298][ T6306] ? rcu_is_watching+0x15/0xb0
[ 80.926312][ T6306] ? __pfx___might_resched+0x10/0x10
[ 80.926321][ T6306] ? lock_acquire+0x5f/0x360
[ 80.926333][ T6306] should_fail_ex+0x46c/0x600
[ 80.926345][ T6306] ? btrfs_add_to_free_space_tree+0xde/0x5b0
[ 80.926357][ T6306] should_failslab+0xa8/0x100
[ 80.926369][ T6306] ? btrfs_add_to_free_space_tree+0xde/0x5b0
[ 80.926380][ T6306] kmem_cache_alloc_noprof+0x6e/0x310
[ 80.926392][ T6306] btrfs_add_to_free_space_tree+0xde/0x5b0
[ 80.926404][ T6306] __btrfs_free_extent+0x167b/0x4250
[ 80.926428][ T6306] ? __pfx___btrfs_free_extent+0x10/0x10
[ 80.926438][ T6306] ? migrate_disable+0x160/0x190
[ 80.926449][ T6306] ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 80.926459][ T6306] ? lock_release+0x4b/0x3e0
umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[ 80.926469][ T6306] ? __btrfs_run_delayed_refs+0x33e8/0x4150
[ 80.926484][ T6306] __btrfs_run_delayed_refs+0xe7f/0x4150
[ 80.926500][ T6306] ? is_bpf_text_address+0x26/0x2b0
[ 80.926515][ T6306] ? is_bpf_text_address+0x292/0x2b0
[ 80.926527][ T6306] ? __pfx___btrfs_run_delayed_refs+0x10/0x10
[ 80.926540][ T6306] ? try_to_take_rt_mutex+0x840/0xb00
[ 80.926549][ T6306] ? unwind_get_return_address+0x4d/0x90
[ 80.926562][ T6306] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 80.926572][ T6306] ? arch_stack_walk+0xfc/0x150
[ 80.926586][ T6306] ? rtlock_slowlock_locked+0xd8/0x4010
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555587b22730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555587b22730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./27/file0") = 0
umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./27/binderfs") = 0
getdents64(3, 0x555587b1a6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./27") = 0
[ 80.926596][ T6306] ? stack_trace_save+0x9c/0xe0
[ 80.926604][ T6306] ? __pfx_stack_trace_save+0x10/0x10
[ 80.926614][ T6306] ? stack_depot_save_flags+0x40/0x860
[ 80.926625][ T6306] ? btrfs_commit_transaction+0x161/0x3950
[ 80.926637][ T6306] ? rcu_is_watching+0x15/0xb0
[ 80.926650][ T6306] ? lock_acquire+0x5f/0x360
[ 80.926663][ T6306] ? rcu_is_watching+0x15/0xb0
[ 80.926676][ T6306] btrfs_run_delayed_refs+0xe6/0x3b0
[ 80.926689][ T6306] btrfs_commit_transaction+0x269/0x3950
mkdir("./28", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
[ 80.926701][ T6306] ? rcu_is_watching+0x15/0xb0
[ 80.926713][ T6306] ? btrfs_commit_transaction+0x161/0x3950
[ 80.926724][ T6306] ? lock_acquire+0x5f/0x360
[ 80.926734][ T6306] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 80.926746][ T6306] ? rt_mutex_slowunlock+0x493/0x8a0
[ 80.926754][ T6306] ? migrate_disable+0xd5/0x190
[ 80.926765][ T6306] ? join_transaction+0x41b/0xca0
[ 80.926775][ T6306] ? rcu_is_watching+0x15/0xb0
[ 80.926788][ T6306] ? lock_acquire+0x5f/0x360
[ 80.926798][ T6306] ? __pfx_btrfs_commit_transaction+0x10/0x10
[ 80.926810][ T6306] ? join_transaction+0x41b/0xca0
[ 80.926822][ T6306] ? btrfs_record_root_in_trans+0x91/0x180
[ 80.926833][ T6306] ? start_transaction+0x439/0x1620
[ 80.926846][ T6306] ? btrfs_attach_transaction_barrier+0x32/0xa0
[ 80.926857][ T6306] ? btrfs_sync_fs+0x1b2/0x6a0
[ 80.926869][ T6306] sync_filesystem+0x1ce/0x250
[ 80.926882][ T6306] btrfs_reconfigure+0x2fa/0x2160
[ 80.926893][ T6306] ? __pfx_list_lru_walk_node+0x10/0x10
[ 80.926905][ T6306] ? __pfx_btrfs_reconfigure+0x10/0x10
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6323 attached
, child_tidptr=0x555587b19650) = 6323
[pid 6323] set_robust_list(0x555587b19660, 24) = 0
[pid 6323] chdir("./28") = 0
[ 80.926915][ T6306] ? __pfx_shrink_dcache_sb+0x10/0x10
[ 80.926929][ T6306] ? rcu_is_watching+0x15/0xb0
[ 80.926942][ T6306] reconfigure_super+0x224/0x890
[ 80.926954][ T6306] path_mount+0xd18/0xfe0
[ 80.926968][ T6306] __se_sys_mount+0x317/0x410
[ 80.926980][ T6306] ? __pfx___se_sys_mount+0x10/0x10
[ 80.926992][ T6306] ? rcu_is_watching+0x15/0xb0
[ 80.927004][ T6306] ? __x64_sys_mount+0x20/0xc0
[ 80.927016][ T6306] do_syscall_64+0xfa/0x3b0
[ 80.927028][ T6306] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 80.927037][ T6306] ? clear_bhb_loop+0x60/0xb0
[pid 6323] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 6323] setpgid(0, 0) = 0
[pid 6323] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 6323] write(3, "1000", 4) = 4
[pid 6323] close(3) = 0
[pid 6323] symlink("/dev/binderfs", "./binderfs") = 0
[pid 6323] write(1, "executing program\n", 18executing program
) = 18
[pid 6323] memfd_create("syzkaller", 0) = 3
[ 80.927047][ T6306] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 80.927055][ T6306] RIP: 0033:0x7f6bcc3a931a
[ 80.927065][ T6306] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 3e 07 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 80.927073][ T6306] RSP: 002b:00007ffca25590d8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 80.927085][ T6306] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6bcc3a931a
[pid 6323] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6bc3f59000
[ 80.927092][ T6306] RDX: 0000200000000180 RSI: 00002000000006c0 RDI: 0000000000000000
[ 80.927098][ T6306] RBP: 0000200000000180 R08: 00007ffca2559170 R09: 0000200000000080
[ 80.927105][ T6306] R10: 0000000001a4243c R11: 0000000000000206 R12: 00002000000006c0
[ 80.927112][ T6306] R13: 00007ffca2559170 R14: 0000000000000000 R15: 0000200000000700
[ 80.927121][ T6306]
[ 80.927127][ T6306] BTRFS error (device loop0 state A): Transaction aborted (error -12)
[ 80.927138][ T6306] BTRFS: error (device loop0 state A) in btrfs_add_to_free_space_tree:1035: errno=-12 Out of memory
[ 80.927148][ T6306] BTRFS info (device loop0 state EA): forced readonly
[ 80.927157][ T6306] BTRFS: error (device loop0 state EA) in do_free_extent_accounting:3005: errno=-12 Out of memory
[ 80.927170][ T6306] BTRFS error (device loop0 state EA): failed to run delayed ref for logical 5394432 num_bytes 4096 type 176 action 2 ref_mod 1: -12
[ 80.927191][ T6306] BTRFS: error (device loop0 state EA) in btrfs_run_delayed_refs:2161: errno=-12 Out of memory
[ 80.927226][ T6306] BTRFS error (device loop0 state EMA): remounting read-write after error is not allowed
[pid 6323] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[ 81.071398][ T5833] BTRFS info (device loop0 state EA): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[pid 6323] munmap(0x7f6bc3f59000, 138412032) = 0
[pid 6323] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 6323] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 6323] close(3) = 0
[pid 6323] close(4) = 0
[pid 6323] mkdir("./file0", 0777) = 0
[ 81.561652][ T6323] loop0: detected capacity change from 0 to 32768
[ 81.586223][ T6323] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor410 (6323)
[pid 6323] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,metadata_ratio=0x0000000000000000,ssd_spread,") = 0
[pid 6323] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 6323] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid 6323] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[ 81.592780][ T6323] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 81.592839][ T6323] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[ 81.592892][ T6323] BTRFS info (device loop0): using free-space-tree
[ 81.648408][ T6323] BTRFS info (device loop0): rebuilding free space tree
[pid 6323] chdir("./file0") = 0
[pid 6323] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 4
[pid 6323] ioctl(4, IMADDTIMER, 0x200000001b00) = 0
[pid 6323] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 6323] write(5, "31", 2) = 2
[pid 6323] mkdir(".", 0777) = -1 EEXIST (File exists)
[pid 6323] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument)
[pid 6323] exit_group(0) = ?
[pid 6323] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6323, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=12 /* 0.12 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
[ 81.702819][ T43] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 81.711552][ T6323] FAULT_INJECTION: forcing a failure.
[ 81.711552][ T6323] name failslab, interval 1, probability 0, space 0, times 0
[ 81.711596][ T6323] CPU: 0 UID: 0 PID: 6323 Comm: syz-executor410 Tainted: G W 6.17.0-rc1-syzkaller-00214-g99bade344cfa #0 PREEMPT_{RT,(full)}
[ 81.711622][ T6323] Tainted: [W]=WARN
umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555587b1a6f0 /* 4 entries */, 32768) = 112
[ 81.711628][ T6323] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 81.711638][ T6323] Call Trace:
[ 81.711645][ T6323]
[ 81.711652][ T6323] dump_stack_lvl+0x189/0x250
[ 81.711681][ T6323] ? __pfx____ratelimit+0x10/0x10
[ 81.711702][ T6323] ? __pfx_dump_stack_lvl+0x10/0x10
[ 81.711724][ T6323] ? __pfx__printk+0x10/0x10
[ 81.711743][ T6323] ? fs_reclaim_acquire+0x7d/0x100
[ 81.711759][ T6323] ? rcu_is_watching+0x15/0xb0
[ 81.711784][ T6323] ? __pfx___might_resched+0x10/0x10
[ 81.711801][ T6323] ? lock_acquire+0x5f/0x360
[ 81.711823][ T6323] should_fail_ex+0x46c/0x600
[ 81.711845][ T6323] ? btrfs_add_to_free_space_tree+0xde/0x5b0
[ 81.711866][ T6323] should_failslab+0xa8/0x100
[ 81.711889][ T6323] ? btrfs_add_to_free_space_tree+0xde/0x5b0
[ 81.711908][ T6323] kmem_cache_alloc_noprof+0x6e/0x310
[ 81.711933][ T6323] btrfs_add_to_free_space_tree+0xde/0x5b0
[ 81.711956][ T6323] __btrfs_free_extent+0x167b/0x4250
[ 81.711981][ T6323] ? __pfx___btrfs_free_extent+0x10/0x10
[ 81.711999][ T6323] ? migrate_disable+0x160/0x190
[ 81.712019][ T6323] ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 81.712037][ T6323] ? lock_release+0x4b/0x3e0
[ 81.712057][ T6323] ? __btrfs_run_delayed_refs+0x33e8/0x4150
[ 81.712084][ T6323] __btrfs_run_delayed_refs+0xe7f/0x4150
[ 81.712114][ T6323] ? is_bpf_text_address+0x26/0x2b0
[ 81.712143][ T6323] ? is_bpf_text_address+0x292/0x2b0
[ 81.712165][ T6323] ? __pfx___btrfs_run_delayed_refs+0x10/0x10
[ 81.712191][ T6323] ? try_to_take_rt_mutex+0x840/0xb00
[ 81.712208][ T6323] ? unwind_get_return_address+0x4d/0x90
[ 81.712231][ T6323] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 81.712267][ T6323] ? arch_stack_walk+0xfc/0x150
[ 81.712293][ T6323] ? rtlock_slowlock_locked+0xd8/0x4010
[ 81.712311][ T6323] ? stack_trace_save+0x9c/0xe0
[ 81.712328][ T6323] ? __pfx_stack_trace_save+0x10/0x10
[ 81.712346][ T6323] ? stack_depot_save_flags+0x40/0x860
[ 81.712368][ T6323] ? btrfs_commit_transaction+0x161/0x3950
[ 81.712389][ T6323] ? rcu_is_watching+0x15/0xb0
[ 81.712413][ T6323] ? lock_acquire+0x5f/0x360
[ 81.712432][ T6323] ? rcu_is_watching+0x15/0xb0
[ 81.712457][ T6323] btrfs_run_delayed_refs+0xe6/0x3b0
umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555587b22730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555587b22730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./28/file0") = 0
[ 81.712482][ T6323] btrfs_commit_transaction+0x269/0x3950
[ 81.712505][ T6323] ? rcu_is_watching+0x15/0xb0
[ 81.712527][ T6323] ? btrfs_commit_transaction+0x161/0x3950
[ 81.712548][ T6323] ? lock_acquire+0x5f/0x360
[ 81.712574][ T6323] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 81.712596][ T6323] ? rt_mutex_slowunlock+0x493/0x8a0
[ 81.712612][ T6323] ? migrate_disable+0xd5/0x190
[ 81.712631][ T6323] ? join_transaction+0x41b/0xca0
[ 81.712651][ T6323] ? rcu_is_watching+0x15/0xb0
umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./28/binderfs") = 0
getdents64(3, 0x555587b1a6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./28") = 0
mkdir("./29", 0777) = 0
[ 81.712674][ T6323] ? lock_acquire+0x5f/0x360
[ 81.712693][ T6323] ? __pfx_btrfs_commit_transaction+0x10/0x10
[ 81.712716][ T6323] ? join_transaction+0x41b/0xca0
[ 81.712739][ T6323] ? btrfs_record_root_in_trans+0x91/0x180
[ 81.712760][ T6323] ? start_transaction+0x439/0x1620
[ 81.712785][ T6323] ? btrfs_attach_transaction_barrier+0x32/0xa0
[ 81.712806][ T6323] ? btrfs_sync_fs+0x1b2/0x6a0
[ 81.712827][ T6323] sync_filesystem+0x1ce/0x250
[ 81.712851][ T6323] btrfs_reconfigure+0x2fa/0x2160
[ 81.712871][ T6323] ? __pfx_list_lru_walk_node+0x10/0x10
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
[ 81.712895][ T6323] ? __pfx_btrfs_reconfigure+0x10/0x10
[ 81.712912][ T6323] ? __pfx_shrink_dcache_sb+0x10/0x10
[ 81.712937][ T6323] ? rcu_is_watching+0x15/0xb0
[ 81.712963][ T6323] reconfigure_super+0x224/0x890
[ 81.712984][ T6323] path_mount+0xd18/0xfe0
[ 81.713009][ T6323] __se_sys_mount+0x317/0x410
[ 81.713032][ T6323] ? __pfx___se_sys_mount+0x10/0x10
[ 81.713053][ T6323] ? rcu_is_watching+0x15/0xb0
[ 81.713077][ T6323] ? __x64_sys_mount+0x20/0xc0
[ 81.713099][ T6323] do_syscall_64+0xfa/0x3b0
[ 81.713119][ T6323] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 81.713139][ T6323] ? clear_bhb_loop+0x60/0xb0
[ 81.713160][ T6323] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 81.713177][ T6323] RIP: 0033:0x7f6bcc3a931a
[ 81.713192][ T6323] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 3e 07 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 81.713208][ T6323] RSP: 002b:00007ffca25590d8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6340 attached
, child_tidptr=0x555587b19650) = 6340
[pid 6340] set_robust_list(0x555587b19660, 24) = 0
[pid 6340] chdir("./29") = 0
[pid 6340] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 6340] setpgid(0, 0) = 0
[pid 6340] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 6340] write(3, "1000", 4) = 4
[pid 6340] close(3) = 0
[pid 6340] symlink("/dev/binderfs", "./binderfs") = 0
[ 81.713227][ T6323] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6bcc3a931a
[ 81.713240][ T6323] RDX: 0000200000000180 RSI: 00002000000006c0 RDI: 0000000000000000
[ 81.713251][ T6323] RBP: 0000200000000180 R08: 00007ffca2559170 R09: 0000200000000080
[ 81.713264][ T6323] R10: 0000000001a4243c R11: 0000000000000206 R12: 00002000000006c0
[ 81.713275][ T6323] R13: 00007ffca2559170 R14: 0000000000000000 R15: 0000200000000700
[ 81.713293][ T6323]
[ 81.713302][ T6323] BTRFS error (device loop0 state A): Transaction aborted (error -12)
[pid 6340] write(1, "executing program\n", 18executing program
) = 18
[pid 6340] memfd_create("syzkaller", 0) = 3
[pid 6340] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6bc3f59000
[ 81.713321][ T6323] BTRFS: error (device loop0 state A) in btrfs_add_to_free_space_tree:1035: errno=-12 Out of memory
[ 81.713339][ T6323] BTRFS info (device loop0 state EA): forced readonly
[ 81.713353][ T6323] BTRFS: error (device loop0 state EA) in do_free_extent_accounting:3005: errno=-12 Out of memory
[ 81.713378][ T6323] BTRFS error (device loop0 state EA): failed to run delayed ref for logical 5390336 num_bytes 4096 type 176 action 2 ref_mod 1: -12
[ 81.713416][ T6323] BTRFS: error (device loop0 state EA) in btrfs_run_delayed_refs:2161: errno=-12 Out of memory
[ 81.713462][ T6323] BTRFS error (device loop0 state EMA): remounting read-write after error is not allowed
[ 81.938623][ T5833] BTRFS info (device loop0 state EA): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[pid 6340] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 6340] munmap(0x7f6bc3f59000, 138412032) = 0
[pid 6340] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 6340] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 6340] close(3) = 0
[pid 6340] close(4) = 0
[pid 6340] mkdir("./file0", 0777) = 0
[ 82.382573][ T6340] loop0: detected capacity change from 0 to 32768
[pid 6340] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,metadata_ratio=0x0000000000000000,ssd_spread,") = 0
[pid 6340] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 6340] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid 6340] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[ 82.426312][ T6340] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor410 (6340)
[ 82.433342][ T6340] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 82.433403][ T6340] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[ 82.433477][ T6340] BTRFS info (device loop0): using free-space-tree
[ 82.448524][ T6340] BTRFS info (device loop0): rebuilding free space tree
[pid 6340] chdir("./file0") = 0
[pid 6340] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 4
[pid 6340] ioctl(4, IMADDTIMER, 0x200000001b00) = 0
[pid 6340] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 6340] write(5, "31", 2) = 2
[pid 6340] mkdir(".", 0777) = -1 EEXIST (File exists)
[pid 6340] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument)
[pid 6340] exit_group(0) = ?
[pid 6340] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6340, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=9 /* 0.09 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555587b1a6f0 /* 4 entries */, 32768) = 112
[ 82.502747][ T13] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 82.515189][ T6340] FAULT_INJECTION: forcing a failure.
[ 82.515189][ T6340] name failslab, interval 1, probability 0, space 0, times 0
[ 82.515224][ T6340] CPU: 0 UID: 0 PID: 6340 Comm: syz-executor410 Tainted: G W 6.17.0-rc1-syzkaller-00214-g99bade344cfa #0 PREEMPT_{RT,(full)}
[ 82.515249][ T6340] Tainted: [W]=WARN
[ 82.515255][ T6340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 82.515266][ T6340] Call Trace:
[ 82.515272][ T6340]
[ 82.515279][ T6340] dump_stack_lvl+0x189/0x250
[ 82.515306][ T6340] ? __pfx____ratelimit+0x10/0x10
[ 82.515327][ T6340] ? __pfx_dump_stack_lvl+0x10/0x10
[ 82.515346][ T6340] ? __pfx__printk+0x10/0x10
[ 82.515364][ T6340] ? fs_reclaim_acquire+0x7d/0x100
[ 82.515378][ T6340] ? rcu_is_watching+0x15/0xb0
[ 82.515401][ T6340] ? __pfx___might_resched+0x10/0x10
[ 82.515419][ T6340] ? lock_acquire+0x5f/0x360
umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 82.515441][ T6340] should_fail_ex+0x46c/0x600
[ 82.515462][ T6340] ? btrfs_add_to_free_space_tree+0xde/0x5b0
[ 82.515501][ T6340] should_failslab+0xa8/0x100
[ 82.515523][ T6340] ? btrfs_add_to_free_space_tree+0xde/0x5b0
[ 82.515540][ T6340] kmem_cache_alloc_noprof+0x6e/0x310
[ 82.515562][ T6340] btrfs_add_to_free_space_tree+0xde/0x5b0
[ 82.515582][ T6340] __btrfs_free_extent+0x167b/0x4250
[ 82.515607][ T6340] ? __pfx___btrfs_free_extent+0x10/0x10
[ 82.515625][ T6340] ? migrate_disable+0x160/0x190
openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555587b22730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555587b22730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./29/file0") = 0
umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./29/binderfs") = 0
getdents64(3, 0x555587b1a6f0 /* 0 entries */, 32768) = 0
[ 82.515644][ T6340] ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 82.515660][ T6340] ? lock_release+0x4b/0x3e0
[ 82.515677][ T6340] ? __btrfs_run_delayed_refs+0x33e8/0x4150
[ 82.515708][ T6340] __btrfs_run_delayed_refs+0xe7f/0x4150
[ 82.515735][ T6340] ? is_bpf_text_address+0x26/0x2b0
[ 82.515762][ T6340] ? is_bpf_text_address+0x292/0x2b0
[ 82.515784][ T6340] ? __pfx___btrfs_run_delayed_refs+0x10/0x10
[ 82.515810][ T6340] ? try_to_take_rt_mutex+0x840/0xb00
[ 82.515824][ T6340] ? unwind_get_return_address+0x4d/0x90
close(3) = 0
rmdir("./29") = 0
mkdir("./30", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
[ 82.515844][ T6340] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 82.515864][ T6340] ? arch_stack_walk+0xfc/0x150
[ 82.515889][ T6340] ? rtlock_slowlock_locked+0xd8/0x4010
[ 82.515907][ T6340] ? stack_trace_save+0x9c/0xe0
[ 82.515923][ T6340] ? __pfx_stack_trace_save+0x10/0x10
[ 82.515940][ T6340] ? stack_depot_save_flags+0x40/0x860
[ 82.515961][ T6340] ? btrfs_commit_transaction+0x161/0x3950
[ 82.515982][ T6340] ? rcu_is_watching+0x15/0xb0
[ 82.516005][ T6340] ? lock_acquire+0x5f/0x360
[ 82.516024][ T6340] ? rcu_is_watching+0x15/0xb0
[ 82.516047][ T6340] btrfs_run_delayed_refs+0xe6/0x3b0
[ 82.516072][ T6340] btrfs_commit_transaction+0x269/0x3950
[ 82.516093][ T6340] ? rcu_is_watching+0x15/0xb0
[ 82.516114][ T6340] ? btrfs_commit_transaction+0x161/0x3950
[ 82.516133][ T6340] ? lock_acquire+0x5f/0x360
[ 82.516152][ T6340] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 82.516175][ T6340] ? rt_mutex_slowunlock+0x493/0x8a0
[ 82.516190][ T6340] ? migrate_disable+0xd5/0x190
[ 82.516208][ T6340] ? join_transaction+0x41b/0xca0
[ 82.516226][ T6340] ? rcu_is_watching+0x15/0xb0
close(3) = 0
[ 82.516245][ T6340] ? lock_acquire+0x5f/0x360
[ 82.516261][ T6340] ? __pfx_btrfs_commit_transaction+0x10/0x10
[ 82.516282][ T6340] ? join_transaction+0x41b/0xca0
[ 82.516305][ T6340] ? btrfs_record_root_in_trans+0x91/0x180
[ 82.516325][ T6340] ? start_transaction+0x439/0x1620
[ 82.516351][ T6340] ? btrfs_attach_transaction_barrier+0x32/0xa0
[ 82.516372][ T6340] ? btrfs_sync_fs+0x1b2/0x6a0
[ 82.516394][ T6340] sync_filesystem+0x1ce/0x250
[ 82.516419][ T6340] btrfs_reconfigure+0x2fa/0x2160
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555587b19650) = 6357
./strace-static-x86_64: Process 6357 attached
[pid 6357] set_robust_list(0x555587b19660, 24) = 0
[pid 6357] chdir("./30") = 0
[pid 6357] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 6357] setpgid(0, 0) = 0
[ 82.516441][ T6340] ? __pfx_list_lru_walk_node+0x10/0x10
[ 82.516465][ T6340] ? __pfx_btrfs_reconfigure+0x10/0x10
[ 82.516515][ T6340] ? __pfx_shrink_dcache_sb+0x10/0x10
[ 82.516541][ T6340] ? rcu_is_watching+0x15/0xb0
[ 82.516566][ T6340] reconfigure_super+0x224/0x890
[ 82.516589][ T6340] path_mount+0xd18/0xfe0
[ 82.516614][ T6340] __se_sys_mount+0x317/0x410
[ 82.516638][ T6340] ? __pfx___se_sys_mount+0x10/0x10
[ 82.516658][ T6340] ? rcu_is_watching+0x15/0xb0
[ 82.516683][ T6340] ? __x64_sys_mount+0x20/0xc0
[pid 6357] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 6357] write(3, "1000", 4) = 4
[pid 6357] close(3) = 0
[pid 6357] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 6357] write(1, "executing program\n", 18) = 18
[pid 6357] memfd_create("syzkaller", 0) = 3
[pid 6357] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6bc3f59000
[ 82.516706][ T6340] do_syscall_64+0xfa/0x3b0
[ 82.516725][ T6340] ? rcu_is_watching+0x15/0xb0
[ 82.516747][ T6340] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 82.516763][ T6340] ? clear_bhb_loop+0x60/0xb0
[ 82.516780][ T6340] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 82.516796][ T6340] RIP: 0033:0x7f6bcc3a931a
[ 82.516812][ T6340] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 3e 07 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 82.516828][ T6340] RSP: 002b:00007ffca25590d8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 82.516846][ T6340] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6bcc3a931a
[ 82.516859][ T6340] RDX: 0000200000000180 RSI: 00002000000006c0 RDI: 0000000000000000
[ 82.516872][ T6340] RBP: 0000200000000180 R08: 00007ffca2559170 R09: 0000200000000080
[ 82.516884][ T6340] R10: 0000000001a4243c R11: 0000000000000206 R12: 00002000000006c0
[ 82.516896][ T6340] R13: 00007ffca2559170 R14: 0000000000000000 R15: 0000200000000700
[ 82.516914][ T6340]
[ 82.522716][ T6340] BTRFS error (device loop0 state A): Transaction aborted (error -12)
[ 82.522741][ T6340] BTRFS: error (device loop0 state A) in btrfs_add_to_free_space_tree:1035: errno=-12 Out of memory
[ 82.522759][ T6340] BTRFS info (device loop0 state EA): forced readonly
[ 82.522774][ T6340] BTRFS: error (device loop0 state EA) in do_free_extent_accounting:3005: errno=-12 Out of memory
[ 82.522805][ T6340] BTRFS error (device loop0 state EA): failed to run delayed ref for logical 5394432 num_bytes 4096 type 176 action 2 ref_mod 1: -12
[pid 6357] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 6357] munmap(0x7f6bc3f59000, 138412032) = 0
[ 82.522846][ T6340] BTRFS: error (device loop0 state EA) in btrfs_run_delayed_refs:2161: errno=-12 Out of memory
[ 82.522887][ T6340] BTRFS error (device loop0 state EMA): remounting read-write after error is not allowed
[ 82.579812][ T5833] BTRFS info (device loop0 state EA): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[pid 6357] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 6357] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 6357] close(3) = 0
[pid 6357] close(4) = 0
[pid 6357] mkdir("./file0", 0777) = 0
[ 83.147827][ T6357] loop0: detected capacity change from 0 to 32768
[ 83.172287][ T6357] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor410 (6357)
[pid 6357] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,metadata_ratio=0x0000000000000000,ssd_spread,") = 0
[pid 6357] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 6357] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[ 83.197157][ T6357] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 83.197219][ T6357] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[ 83.197276][ T6357] BTRFS info (device loop0): using free-space-tree
[ 83.228841][ T6357] BTRFS info (device loop0): rebuilding free space tree
[pid 6357] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 6357] chdir("./file0") = 0
[pid 6357] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 4
[pid 6357] ioctl(4, IMADDTIMER, 0x200000001b00) = 0
[pid 6357] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 6357] write(5, "31", 2) = 2
[pid 6357] mkdir(".", 0777) = -1 EEXIST (File exists)
[pid 6357] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = 0
[pid 6357] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 6
[pid 6357] exit_group(0) = ?
[pid 6357] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6357, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=15 /* 0.15 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555587b1a6f0 /* 4 entries */, 32768) = 112
[ 83.302726][ T12] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[ 83.379969][ T5833] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555587b22730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555587b22730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./30/file0") = 0
umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./30/binderfs") = 0
getdents64(3, 0x555587b1a6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./30") = 0
mkdir("./31", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6374 attached
, child_tidptr=0x555587b19650) = 6374
[pid 6374] set_robust_list(0x555587b19660, 24) = 0
[pid 6374] chdir("./31") = 0
[pid 6374] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 6374] setpgid(0, 0) = 0
[pid 6374] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 6374] write(3, "1000", 4) = 4
[pid 6374] close(3) = 0
[pid 6374] symlink("/dev/binderfs", "./binderfs") = 0
[pid 6374] write(1, "executing program\n", 18executing program
) = 18
[pid 6374] memfd_create("syzkaller", 0) = 3
[pid 6374] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6bc3f59000
[pid 6374] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 6374] munmap(0x7f6bc3f59000, 138412032) = 0
[pid 6374] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 6374] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 6374] close(3) = 0
[pid 6374] close(4) = 0
[pid 6374] mkdir("./file0", 0777) = 0
[ 83.804261][ T6374] loop0: detected capacity change from 0 to 32768
[ 83.819675][ T6374] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor410 (6374)
[ 83.823088][ T6374] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[pid 6374] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,metadata_ratio=0x0000000000000000,ssd_spread,") = 0
[pid 6374] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 6374] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid 6374] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 6374] chdir("./file0") = 0
[pid 6374] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 4
[pid 6374] ioctl(4, IMADDTIMER, 0x200000001b00) = 0
[pid 6374] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 6374] write(5, "31", 2) = 2
[pid 6374] mkdir(".", 0777) = -1 EEXIST (File exists)
[pid 6374] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = 0
[pid 6374] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 6
[pid 6374] exit_group(0) = ?
[pid 6374] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6374, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=7 /* 0.07 s */} ---
umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555587b1a6f0 /* 4 entries */, 32768) = 112
[ 83.823148][ T6374] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[ 83.823208][ T6374] BTRFS info (device loop0): using free-space-tree
[ 83.867747][ T6374] BTRFS info (device loop0): rebuilding free space tree
umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[ 83.927159][ T12] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 83.969891][ T5833] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555587b22730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555587b22730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./31/file0") = 0
umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./31/binderfs") = 0
getdents64(3, 0x555587b1a6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./31") = 0
mkdir("./32", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6391 attached
, child_tidptr=0x555587b19650) = 6391
[pid 6391] set_robust_list(0x555587b19660, 24) = 0
[pid 6391] chdir("./32") = 0
[pid 6391] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 6391] setpgid(0, 0) = 0
[pid 6391] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 6391] write(3, "1000", 4) = 4
[pid 6391] close(3) = 0
[pid 6391] symlink("/dev/binderfs", "./binderfs"executing program
) = 0
[pid 6391] write(1, "executing program\n", 18) = 18
[pid 6391] memfd_create("syzkaller", 0) = 3
[pid 6391] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6bc3f59000
[pid 6391] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 6391] munmap(0x7f6bc3f59000, 138412032) = 0
[pid 6391] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 6391] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 6391] close(3) = 0
[pid 6391] close(4) = 0
[pid 6391] mkdir("./file0", 0777) = 0
[ 84.480645][ T6391] loop0: detected capacity change from 0 to 32768
[ 84.505259][ T6391] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor410 (6391)
[ 84.524430][ T6391] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 84.524494][ T6391] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[ 84.524547][ T6391] BTRFS info (device loop0): using free-space-tree
[pid 6391] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,metadata_ratio=0x0000000000000000,ssd_spread,") = 0
[pid 6391] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 6391] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid 6391] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 6391] chdir("./file0") = 0
[pid 6391] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 4
[pid 6391] ioctl(4, IMADDTIMER, 0x200000001b00) = 0
[pid 6391] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 6391] write(5, "31", 2) = 2
[pid 6391] mkdir(".", 0777) = -1 EEXIST (File exists)
[ 84.577374][ T6391] BTRFS info (device loop0): rebuilding free space tree
[ 84.625299][ T1516] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[pid 6391] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument)
[pid 6391] exit_group(0) = ?
[pid 6391] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6391, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=10 /* 0.10 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
[ 84.666318][ T6391] FAULT_INJECTION: forcing a failure.
[ 84.666318][ T6391] name failslab, interval 1, probability 0, space 0, times 0
[ 84.666341][ T6391] CPU: 1 UID: 0 PID: 6391 Comm: syz-executor410 Tainted: G W 6.17.0-rc1-syzkaller-00214-g99bade344cfa #0 PREEMPT_{RT,(full)}
[ 84.666357][ T6391] Tainted: [W]=WARN
[ 84.666360][ T6391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 84.666367][ T6391] Call Trace:
[ 84.666371][ T6391]
umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555587b1a6f0 /* 4 entries */, 32768) = 112
[ 84.666375][ T6391] dump_stack_lvl+0x189/0x250
[ 84.666393][ T6391] ? __pfx____ratelimit+0x10/0x10
[ 84.666405][ T6391] ? __pfx_dump_stack_lvl+0x10/0x10
[ 84.666418][ T6391] ? __pfx__printk+0x10/0x10
[ 84.666428][ T6391] ? __pfx___might_resched+0x10/0x10
[ 84.666439][ T6391] ? lock_acquire+0x5f/0x360
[ 84.666451][ T6391] should_fail_ex+0x46c/0x600
[ 84.666463][ T6391] ? __btrfs_free_extent+0x2f9/0x4250
[ 84.666473][ T6391] should_failslab+0xa8/0x100
[ 84.666486][ T6391] ? __btrfs_free_extent+0x2f9/0x4250
umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[ 84.666495][ T6391] kmem_cache_alloc_noprof+0x6e/0x310
[ 84.666508][ T6391] __btrfs_free_extent+0x2f9/0x4250
[ 84.666520][ T6391] ? rt_mutex_slowunlock+0x493/0x8a0
[ 84.666529][ T6391] ? __pfx___btrfs_free_extent+0x10/0x10
[ 84.666539][ T6391] ? __pfx_migrate_enable+0x10/0x10
[ 84.666550][ T6391] ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 84.666559][ T6391] ? lock_release+0x4b/0x3e0
[ 84.666569][ T6391] ? __btrfs_run_delayed_refs+0x33e8/0x4150
[ 84.666585][ T6391] __btrfs_run_delayed_refs+0xe7f/0x4150
[ 84.666601][ T6391] ? is_bpf_text_address+0x26/0x2b0
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555587b22730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555587b22730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./32/file0") = 0
umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./32/binderfs") = 0
[ 84.666616][ T6391] ? is_bpf_text_address+0x292/0x2b0
[ 84.666628][ T6391] ? __pfx___btrfs_run_delayed_refs+0x10/0x10
[ 84.666641][ T6391] ? try_to_take_rt_mutex+0x840/0xb00
[ 84.666650][ T6391] ? unwind_get_return_address+0x4d/0x90
[ 84.666662][ T6391] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 84.666673][ T6391] ? arch_stack_walk+0xfc/0x150
[ 84.666687][ T6391] ? rtlock_slowlock_locked+0xd8/0x4010
[ 84.666697][ T6391] ? stack_trace_save+0x9c/0xe0
[ 84.666705][ T6391] ? __pfx_stack_trace_save+0x10/0x10
getdents64(3, 0x555587b1a6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./32") = 0
mkdir("./33", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
[ 84.666715][ T6391] ? stack_depot_save_flags+0x40/0x860
[ 84.666726][ T6391] ? btrfs_commit_transaction+0x161/0x3950
[ 84.666739][ T6391] ? rcu_is_watching+0x15/0xb0
[ 84.666752][ T6391] ? lock_acquire+0x5f/0x360
[ 84.666763][ T6391] ? rcu_is_watching+0x15/0xb0
[ 84.666775][ T6391] btrfs_run_delayed_refs+0xe6/0x3b0
[ 84.666789][ T6391] btrfs_commit_transaction+0x269/0x3950
[ 84.666801][ T6391] ? rcu_is_watching+0x15/0xb0
[ 84.666813][ T6391] ? btrfs_commit_transaction+0x161/0x3950
[ 84.666824][ T6391] ? lock_acquire+0x5f/0x360
[ 84.666835][ T6391] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 84.666847][ T6391] ? rt_mutex_slowunlock+0x493/0x8a0
[ 84.666855][ T6391] ? migrate_disable+0xd5/0x190
[ 84.666866][ T6391] ? join_transaction+0x41b/0xca0
[ 84.666877][ T6391] ? rcu_is_watching+0x15/0xb0
[ 84.666889][ T6391] ? lock_acquire+0x5f/0x360
[ 84.666900][ T6391] ? __pfx_btrfs_commit_transaction+0x10/0x10
[ 84.666912][ T6391] ? join_transaction+0x41b/0xca0
[ 84.666924][ T6391] ? btrfs_record_root_in_trans+0x91/0x180
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6408 attached
[ 84.666936][ T6391] ? start_transaction+0x439/0x1620
[ 84.666949][ T6391] ? btrfs_attach_transaction_barrier+0x32/0xa0
[ 84.666960][ T6391] ? btrfs_sync_fs+0x1b2/0x6a0
[ 84.666973][ T6391] sync_filesystem+0x1ce/0x250
[ 84.666985][ T6391] btrfs_reconfigure+0x2fa/0x2160
[ 84.666997][ T6391] ? __pfx_list_lru_walk_node+0x10/0x10
[ 84.667017][ T6391] ? __pfx_btrfs_reconfigure+0x10/0x10
[ 84.667026][ T6391] ? __pfx_shrink_dcache_sb+0x10/0x10
[ 84.667041][ T6391] ? rcu_is_watching+0x15/0xb0
[ 84.667054][ T6391] reconfigure_super+0x224/0x890
, child_tidptr=0x555587b19650) = 6408
[pid 6408] set_robust_list(0x555587b19660, 24) = 0
[pid 6408] chdir("./33") = 0
[pid 6408] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 6408] setpgid(0, 0) = 0
[pid 6408] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 6408] write(3, "1000", 4) = 4
[pid 6408] close(3) = 0
[pid 6408] symlink("/dev/binderfs", "./binderfs") = 0
[pid 6408] write(1, "executing program\n", 18executing program
) = 18
[pid 6408] memfd_create("syzkaller", 0) = 3
[ 84.667066][ T6391] path_mount+0xd18/0xfe0
[ 84.667080][ T6391] __se_sys_mount+0x317/0x410
[ 84.667093][ T6391] ? __pfx___se_sys_mount+0x10/0x10
[ 84.667104][ T6391] ? rcu_is_watching+0x15/0xb0
[ 84.667117][ T6391] ? __x64_sys_mount+0x20/0xc0
[ 84.667129][ T6391] do_syscall_64+0xfa/0x3b0
[ 84.667141][ T6391] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 84.667150][ T6391] ? clear_bhb_loop+0x60/0xb0
[ 84.667160][ T6391] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 84.667169][ T6391] RIP: 0033:0x7f6bcc3a931a
[pid 6408] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6bc3f59000
[ 84.667178][ T6391] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 3e 07 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 84.667187][ T6391] RSP: 002b:00007ffca25590d8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 84.667199][ T6391] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6bcc3a931a
[ 84.667206][ T6391] RDX: 0000200000000180 RSI: 00002000000006c0 RDI: 0000000000000000
[ 84.667213][ T6391] RBP: 0000200000000180 R08: 00007ffca2559170 R09: 0000200000000080
[ 84.667219][ T6391] R10: 0000000001a4243c R11: 0000000000000206 R12: 00002000000006c0
[ 84.667226][ T6391] R13: 00007ffca2559170 R14: 0000000000000000 R15: 0000200000000700
[ 84.667235][ T6391]
[ 84.667241][ T6391] BTRFS error (device loop0): failed to run delayed ref for logical 5394432 num_bytes 4096 type 176 action 2 ref_mod 1: -12
[ 84.667264][ T6391] BTRFS error (device loop0 state A): Transaction aborted (error -12)
[pid 6408] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 6408] munmap(0x7f6bc3f59000, 138412032) = 0
[pid 6408] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 84.667274][ T6391] BTRFS: error (device loop0 state A) in btrfs_run_delayed_refs:2161: errno=-12 Out of memory
[ 84.667284][ T6391] BTRFS info (device loop0 state EA): forced readonly
[ 84.667317][ T6391] BTRFS error (device loop0 state EMA): remounting read-write after error is not allowed
[ 84.757475][ T5833] BTRFS info (device loop0 state EA): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[pid 6408] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 6408] close(3) = 0
[pid 6408] close(4) = 0
[pid 6408] mkdir("./file0", 0777) = 0
[ 85.259324][ T6408] loop0: detected capacity change from 0 to 32768
[ 85.274379][ T6408] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor410 (6408)
[ 85.282026][ T6408] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 85.282089][ T6408] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[ 85.282170][ T6408] BTRFS info (device loop0): using free-space-tree
[pid 6408] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,metadata_ratio=0x0000000000000000,ssd_spread,") = 0
[pid 6408] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 6408] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[ 85.333801][ T6408] BTRFS info (device loop0): rebuilding free space tree
[pid 6408] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 6408] chdir("./file0") = 0
[pid 6408] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 4
[pid 6408] ioctl(4, IMADDTIMER, 0x200000001b00) = 0
[pid 6408] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 6408] write(5, "31", 2) = 2
[pid 6408] mkdir(".", 0777) = -1 EEXIST (File exists)
[pid 6408] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument)
[pid 6408] exit_group(0) = ?
[pid 6408] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6408, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=12 /* 0.12 s */} ---
umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555587b1a6f0 /* 4 entries */, 32768) = 112
[ 85.404892][ T43] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 85.408607][ T6408] FAULT_INJECTION: forcing a failure.
[ 85.408607][ T6408] name failslab, interval 1, probability 0, space 0, times 0
[ 85.408642][ T6408] CPU: 1 UID: 0 PID: 6408 Comm: syz-executor410 Tainted: G W 6.17.0-rc1-syzkaller-00214-g99bade344cfa #0 PREEMPT_{RT,(full)}
[ 85.408670][ T6408] Tainted: [W]=WARN
[ 85.408676][ T6408] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 85.408686][ T6408] Call Trace:
[ 85.408693][ T6408]
[ 85.408700][ T6408] dump_stack_lvl+0x189/0x250
[ 85.408727][ T6408] ? __pfx____ratelimit+0x10/0x10
[ 85.408748][ T6408] ? __pfx_dump_stack_lvl+0x10/0x10
[ 85.408770][ T6408] ? __pfx__printk+0x10/0x10
[ 85.408788][ T6408] ? fs_reclaim_acquire+0x7d/0x100
[ 85.408804][ T6408] ? rcu_is_watching+0x15/0xb0
[ 85.408827][ T6408] ? __pfx___might_resched+0x10/0x10
[ 85.408844][ T6408] ? lock_acquire+0x5f/0x360
[ 85.408865][ T6408] should_fail_ex+0x46c/0x600
umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./33/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555587b22730 /* 2 entries */, 32768) = 48
[ 85.408887][ T6408] ? btrfs_add_to_free_space_tree+0xde/0x5b0
[ 85.408908][ T6408] should_failslab+0xa8/0x100
[ 85.408929][ T6408] ? btrfs_add_to_free_space_tree+0xde/0x5b0
[ 85.408947][ T6408] kmem_cache_alloc_noprof+0x6e/0x310
[ 85.408971][ T6408] btrfs_add_to_free_space_tree+0xde/0x5b0
[ 85.408993][ T6408] __btrfs_free_extent+0x167b/0x4250
[ 85.409018][ T6408] ? __pfx___btrfs_free_extent+0x10/0x10
[ 85.409035][ T6408] ? migrate_disable+0x160/0x190
[ 85.409055][ T6408] ? __pfx_rt_mutex_slowunlock+0x10/0x10
getdents64(4, 0x555587b22730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./33/file0") = 0
umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./33/binderfs") = 0
getdents64(3, 0x555587b1a6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./33") = 0
mkdir("./34", 0777) = 0
[ 85.409072][ T6408] ? lock_release+0x4b/0x3e0
[ 85.409091][ T6408] ? __btrfs_run_delayed_refs+0x33e8/0x4150
[ 85.409118][ T6408] __btrfs_run_delayed_refs+0xe7f/0x4150
[ 85.409147][ T6408] ? is_bpf_text_address+0x26/0x2b0
[ 85.409182][ T6408] ? is_bpf_text_address+0x292/0x2b0
[ 85.409204][ T6408] ? __pfx___btrfs_run_delayed_refs+0x10/0x10
[ 85.409229][ T6408] ? try_to_take_rt_mutex+0x840/0xb00
[ 85.409246][ T6408] ? unwind_get_return_address+0x4d/0x90
[ 85.409268][ T6408] ? __pfx_stack_trace_consume_entry+0x10/0x10
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
[ 85.409286][ T6408] ? arch_stack_walk+0xfc/0x150
[ 85.409310][ T6408] ? rtlock_slowlock_locked+0xd8/0x4010
[ 85.409328][ T6408] ? stack_trace_save+0x9c/0xe0
[ 85.409345][ T6408] ? __pfx_stack_trace_save+0x10/0x10
[ 85.409363][ T6408] ? stack_depot_save_flags+0x40/0x860
[ 85.409383][ T6408] ? btrfs_commit_transaction+0x161/0x3950
[ 85.409405][ T6408] ? rcu_is_watching+0x15/0xb0
[ 85.409427][ T6408] ? lock_acquire+0x5f/0x360
[ 85.409446][ T6408] ? rcu_is_watching+0x15/0xb0
[ 85.409470][ T6408] btrfs_run_delayed_refs+0xe6/0x3b0
[ 85.409495][ T6408] btrfs_commit_transaction+0x269/0x3950
[ 85.409516][ T6408] ? rcu_is_watching+0x15/0xb0
[ 85.409538][ T6408] ? btrfs_commit_transaction+0x161/0x3950
[ 85.409558][ T6408] ? lock_acquire+0x5f/0x360
[ 85.409577][ T6408] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 85.409599][ T6408] ? rt_mutex_slowunlock+0x493/0x8a0
[ 85.409613][ T6408] ? migrate_disable+0xd5/0x190
[ 85.409633][ T6408] ? join_transaction+0x41b/0xca0
[ 85.409653][ T6408] ? rcu_is_watching+0x15/0xb0
close(3) = 0
[ 85.409676][ T6408] ? lock_acquire+0x5f/0x360
[ 85.409696][ T6408] ? __pfx_btrfs_commit_transaction+0x10/0x10
[ 85.409718][ T6408] ? join_transaction+0x41b/0xca0
[ 85.409741][ T6408] ? btrfs_record_root_in_trans+0x91/0x180
[ 85.409762][ T6408] ? start_transaction+0x439/0x1620
[ 85.409787][ T6408] ? btrfs_attach_transaction_barrier+0x32/0xa0
[ 85.409808][ T6408] ? btrfs_sync_fs+0x1b2/0x6a0
[ 85.409828][ T6408] sync_filesystem+0x1ce/0x250
[ 85.409852][ T6408] btrfs_reconfigure+0x2fa/0x2160
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6425 attached
[pid 6425] set_robust_list(0x555587b19660, 24) = 0
[pid 5833] <... clone resumed>, child_tidptr=0x555587b19650) = 6425
[pid 6425] chdir("./34") = 0
[pid 6425] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 6425] setpgid(0, 0) = 0
[pid 6425] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[ 85.409872][ T6408] ? __pfx_list_lru_walk_node+0x10/0x10
[ 85.409896][ T6408] ? __pfx_btrfs_reconfigure+0x10/0x10
[ 85.409912][ T6408] ? __pfx_shrink_dcache_sb+0x10/0x10
[ 85.409936][ T6408] ? rcu_is_watching+0x15/0xb0
[ 85.409962][ T6408] reconfigure_super+0x224/0x890
[ 85.409983][ T6408] path_mount+0xd18/0xfe0
[ 85.410008][ T6408] __se_sys_mount+0x317/0x410
[ 85.410031][ T6408] ? __pfx___se_sys_mount+0x10/0x10
[ 85.410051][ T6408] ? rcu_is_watching+0x15/0xb0
[ 85.410075][ T6408] ? __x64_sys_mount+0x20/0xc0
[ 85.410098][ T6408] do_syscall_64+0xfa/0x3b0
[pid 6425] write(3, "1000", 4) = 4
[pid 6425] close(3) = 0
[pid 6425] symlink("/dev/binderfs", "./binderfs") = 0
[pid 6425] write(1, "executing program\n", 18executing program
) = 18
[pid 6425] memfd_create("syzkaller", 0) = 3
[pid 6425] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6bc3f59000
[ 85.410118][ T6408] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 85.410135][ T6408] ? clear_bhb_loop+0x60/0xb0
[ 85.410152][ T6408] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 85.410174][ T6408] RIP: 0033:0x7f6bcc3a931a
[ 85.410189][ T6408] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 3e 07 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 85.410204][ T6408] RSP: 002b:00007ffca25590d8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 85.410222][ T6408] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6bcc3a931a
[ 85.410235][ T6408] RDX: 0000200000000180 RSI: 00002000000006c0 RDI: 0000000000000000
[ 85.410246][ T6408] RBP: 0000200000000180 R08: 00007ffca2559170 R09: 0000200000000080
[ 85.410259][ T6408] R10: 0000000001a4243c R11: 0000000000000206 R12: 00002000000006c0
[ 85.410270][ T6408] R13: 00007ffca2559170 R14: 0000000000000000 R15: 0000200000000700
[ 85.410289][ T6408]
[ 85.410298][ T6408] BTRFS error (device loop0 state A): Transaction aborted (error -12)
[ 85.410317][ T6408] BTRFS: error (device loop0 state A) in btrfs_add_to_free_space_tree:1035: errno=-12 Out of memory
[ 85.410335][ T6408] BTRFS info (device loop0 state EA): forced readonly
[ 85.410350][ T6408] BTRFS: error (device loop0 state EA) in do_free_extent_accounting:3005: errno=-12 Out of memory
[ 85.410376][ T6408] BTRFS error (device loop0 state EA): failed to run delayed ref for logical 5394432 num_bytes 4096 type 176 action 2 ref_mod 1: -12
[pid 6425] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 6425] munmap(0x7f6bc3f59000, 138412032) = 0
[pid 6425] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 85.410414][ T6408] BTRFS: error (device loop0 state EA) in btrfs_run_delayed_refs:2161: errno=-12 Out of memory
[ 85.410457][ T6408] BTRFS error (device loop0 state EMA): remounting read-write after error is not allowed
[ 85.487474][ T5833] BTRFS info (device loop0 state EA): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[pid 6425] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 6425] close(3) = 0
[pid 6425] close(4) = 0
[pid 6425] mkdir("./file0", 0777) = 0
[ 86.023460][ T6425] loop0: detected capacity change from 0 to 32768
[ 86.057601][ T6425] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor410 (6425)
[ 86.064105][ T6425] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 86.064166][ T6425] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[ 86.064222][ T6425] BTRFS info (device loop0): using free-space-tree
[pid 6425] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,metadata_ratio=0x0000000000000000,ssd_spread,") = 0
[pid 6425] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 6425] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid 6425] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 6425] chdir("./file0") = 0
[pid 6425] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 4
[ 86.128987][ T6425] BTRFS info (device loop0): rebuilding free space tree
[pid 6425] ioctl(4, IMADDTIMER, 0x200000001b00) = 0
[pid 6425] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 6425] write(5, "31", 2) = 2
[pid 6425] mkdir(".", 0777) = -1 EEXIST (File exists)
[pid 6425] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument)
[pid 6425] exit_group(0) = ?
[pid 6425] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6425, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=13 /* 0.13 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 86.186373][ T1516] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 86.216615][ T6425] FAULT_INJECTION: forcing a failure.
[ 86.216615][ T6425] name failslab, interval 1, probability 0, space 0, times 0
openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555587b1a6f0 /* 4 entries */, 32768) = 112
[ 86.216638][ T6425] CPU: 0 UID: 0 PID: 6425 Comm: syz-executor410 Tainted: G W 6.17.0-rc1-syzkaller-00214-g99bade344cfa #0 PREEMPT_{RT,(full)}
[ 86.216653][ T6425] Tainted: [W]=WARN
[ 86.216657][ T6425] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 86.216663][ T6425] Call Trace:
[ 86.216667][ T6425]
[ 86.216672][ T6425] dump_stack_lvl+0x189/0x250
[ 86.216689][ T6425] ? __pfx____ratelimit+0x10/0x10
[ 86.216701][ T6425] ? __pfx_dump_stack_lvl+0x10/0x10
[ 86.216713][ T6425] ? __pfx__printk+0x10/0x10
[ 86.216723][ T6425] ? fs_reclaim_acquire+0x7d/0x100
[ 86.216732][ T6425] ? rcu_is_watching+0x15/0xb0
[ 86.216746][ T6425] ? __pfx___might_resched+0x10/0x10
[ 86.216755][ T6425] ? lock_acquire+0x5f/0x360
[ 86.216767][ T6425] should_fail_ex+0x46c/0x600
[ 86.216779][ T6425] ? btrfs_add_to_free_space_tree+0xde/0x5b0
[ 86.216791][ T6425] should_failslab+0xa8/0x100
[ 86.216804][ T6425] ? btrfs_add_to_free_space_tree+0xde/0x5b0
[ 86.216814][ T6425] kmem_cache_alloc_noprof+0x6e/0x310
[ 86.216827][ T6425] btrfs_add_to_free_space_tree+0xde/0x5b0
umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./34/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555587b22730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555587b22730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./34/file0") = 0
umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 86.216839][ T6425] __btrfs_free_extent+0x167b/0x4250
[ 86.216856][ T6425] ? __pfx___btrfs_free_extent+0x10/0x10
[ 86.216866][ T6425] ? migrate_disable+0x160/0x190
[ 86.216877][ T6425] ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 86.216886][ T6425] ? lock_release+0x4b/0x3e0
[ 86.216897][ T6425] ? __btrfs_run_delayed_refs+0x33e8/0x4150
[ 86.216912][ T6425] __btrfs_run_delayed_refs+0xe7f/0x4150
[ 86.216928][ T6425] ? is_bpf_text_address+0x26/0x2b0
[ 86.216944][ T6425] ? is_bpf_text_address+0x292/0x2b0
newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./34/binderfs") = 0
getdents64(3, 0x555587b1a6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./34") = 0
[ 86.216955][ T6425] ? __pfx___btrfs_run_delayed_refs+0x10/0x10
[ 86.216969][ T6425] ? try_to_take_rt_mutex+0x840/0xb00
[ 86.216978][ T6425] ? unwind_get_return_address+0x4d/0x90
[ 86.216991][ T6425] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 86.217001][ T6425] ? arch_stack_walk+0xfc/0x150
[ 86.217015][ T6425] ? rtlock_slowlock_locked+0xd8/0x4010
[ 86.217025][ T6425] ? stack_trace_save+0x9c/0xe0
[ 86.217033][ T6425] ? __pfx_stack_trace_save+0x10/0x10
[ 86.217043][ T6425] ? stack_depot_save_flags+0x40/0x860
mkdir("./35", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
[ 86.217054][ T6425] ? btrfs_commit_transaction+0x161/0x3950
[ 86.217066][ T6425] ? rcu_is_watching+0x15/0xb0
[ 86.217079][ T6425] ? lock_acquire+0x5f/0x360
[ 86.217089][ T6425] ? rcu_is_watching+0x15/0xb0
[ 86.217108][ T6425] btrfs_run_delayed_refs+0xe6/0x3b0
[ 86.217121][ T6425] btrfs_commit_transaction+0x269/0x3950
[ 86.217133][ T6425] ? rcu_is_watching+0x15/0xb0
[ 86.217144][ T6425] ? btrfs_commit_transaction+0x161/0x3950
[ 86.217155][ T6425] ? lock_acquire+0x5f/0x360
[ 86.217166][ T6425] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 86.217178][ T6425] ? rt_mutex_slowunlock+0x493/0x8a0
[ 86.217187][ T6425] ? migrate_disable+0xd5/0x190
[ 86.217197][ T6425] ? join_transaction+0x41b/0xca0
[ 86.217208][ T6425] ? rcu_is_watching+0x15/0xb0
[ 86.217220][ T6425] ? lock_acquire+0x5f/0x360
[ 86.217231][ T6425] ? __pfx_btrfs_commit_transaction+0x10/0x10
[ 86.217243][ T6425] ? join_transaction+0x41b/0xca0
[ 86.217255][ T6425] ? btrfs_record_root_in_trans+0x91/0x180
[ 86.217266][ T6425] ? start_transaction+0x439/0x1620
[ 86.217279][ T6425] ? btrfs_attach_transaction_barrier+0x32/0xa0
[ 86.217290][ T6425] ? btrfs_sync_fs+0x1b2/0x6a0
[ 86.217303][ T6425] sync_filesystem+0x1ce/0x250
[ 86.217316][ T6425] btrfs_reconfigure+0x2fa/0x2160
[ 86.217327][ T6425] ? __pfx_list_lru_walk_node+0x10/0x10
[ 86.217341][ T6425] ? __pfx_btrfs_reconfigure+0x10/0x10
[ 86.217350][ T6425] ? __pfx_shrink_dcache_sb+0x10/0x10
[ 86.217364][ T6425] ? rcu_is_watching+0x15/0xb0
[ 86.217378][ T6425] reconfigure_super+0x224/0x890
[ 86.217389][ T6425] path_mount+0xd18/0xfe0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6442 attached
, child_tidptr=0x555587b19650) = 6442
[pid 6442] set_robust_list(0x555587b19660, 24) = 0
[pid 6442] chdir("./35") = 0
[ 86.217403][ T6425] __se_sys_mount+0x317/0x410
[ 86.217416][ T6425] ? __pfx___se_sys_mount+0x10/0x10
[ 86.217427][ T6425] ? rcu_is_watching+0x15/0xb0
[ 86.217440][ T6425] ? __x64_sys_mount+0x20/0xc0
[ 86.217452][ T6425] do_syscall_64+0xfa/0x3b0
[ 86.217463][ T6425] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 86.217472][ T6425] ? clear_bhb_loop+0x60/0xb0
[ 86.217482][ T6425] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 86.217491][ T6425] RIP: 0033:0x7f6bcc3a931a
[pid 6442] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 6442] setpgid(0, 0) = 0
[pid 6442] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 6442] write(3, "1000", 4) = 4
[pid 6442] close(3) = 0
[pid 6442] symlink("/dev/binderfs", "./binderfs") = 0
[pid 6442] write(1, "executing program\n", 18executing program
) = 18
[pid 6442] memfd_create("syzkaller", 0) = 3
[ 86.217500][ T6425] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 3e 07 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 86.217508][ T6425] RSP: 002b:00007ffca25590d8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 86.217520][ T6425] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6bcc3a931a
[ 86.217527][ T6425] RDX: 0000200000000180 RSI: 00002000000006c0 RDI: 0000000000000000
[ 86.217533][ T6425] RBP: 0000200000000180 R08: 00007ffca2559170 R09: 0000200000000080
[pid 6442] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6bc3f59000
[ 86.217540][ T6425] R10: 0000000001a4243c R11: 0000000000000206 R12: 00002000000006c0
[ 86.217546][ T6425] R13: 00007ffca2559170 R14: 0000000000000000 R15: 0000200000000700
[ 86.217556][ T6425]
[ 86.217561][ T6425] BTRFS error (device loop0 state A): Transaction aborted (error -12)
[ 86.217573][ T6425] BTRFS: error (device loop0 state A) in btrfs_add_to_free_space_tree:1035: errno=-12 Out of memory
[ 86.217583][ T6425] BTRFS info (device loop0 state EA): forced readonly
[ 86.217592][ T6425] BTRFS: error (device loop0 state EA) in do_free_extent_accounting:3005: errno=-12 Out of memory
[ 86.217606][ T6425] BTRFS error (device loop0 state EA): failed to run delayed ref for logical 5394432 num_bytes 4096 type 176 action 2 ref_mod 1: -12
[ 86.217627][ T6425] BTRFS: error (device loop0 state EA) in btrfs_run_delayed_refs:2161: errno=-12 Out of memory
[ 86.217660][ T6425] BTRFS error (device loop0 state EMA): remounting read-write after error is not allowed
[ 86.308903][ T5833] BTRFS info (device loop0 state EA): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[pid 6442] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 6442] munmap(0x7f6bc3f59000, 138412032) = 0
[pid 6442] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 6442] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 6442] close(3) = 0
[pid 6442] close(4) = 0
[pid 6442] mkdir("./file0", 0777) = 0
[ 86.857390][ T6442] loop0: detected capacity change from 0 to 32768
[ 86.889149][ T6442] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor410 (6442)
[ 86.895029][ T6442] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 86.895092][ T6442] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[ 86.895147][ T6442] BTRFS info (device loop0): using free-space-tree
[pid 6442] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,metadata_ratio=0x0000000000000000,ssd_spread,") = 0
[pid 6442] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 6442] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid 6442] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 6442] chdir("./file0") = 0
[pid 6442] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 4
[pid 6442] ioctl(4, IMADDTIMER, 0x200000001b00) = 0
[pid 6442] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 6442] write(5, "31", 2) = 2
[pid 6442] mkdir(".", 0777) = -1 EEXIST (File exists)
[ 86.978549][ T6442] BTRFS info (device loop0): rebuilding free space tree
[pid 6442] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument)
[pid 6442] exit_group(0) = ?
[pid 6442] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6442, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=13 /* 0.13 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555587b1a6f0 /* 4 entries */, 32768) = 112
[ 87.027833][ T1516] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 87.028569][ T6442] FAULT_INJECTION: forcing a failure.
[ 87.028569][ T6442] name failslab, interval 1, probability 0, space 0, times 0
[ 87.028590][ T6442] CPU: 0 UID: 0 PID: 6442 Comm: syz-executor410 Tainted: G W 6.17.0-rc1-syzkaller-00214-g99bade344cfa #0 PREEMPT_{RT,(full)}
[ 87.028606][ T6442] Tainted: [W]=WARN
[ 87.028609][ T6442] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 87.028615][ T6442] Call Trace:
[ 87.028619][ T6442]
[ 87.028623][ T6442] dump_stack_lvl+0x189/0x250
[ 87.028641][ T6442] ? __pfx____ratelimit+0x10/0x10
[ 87.028654][ T6442] ? __pfx_dump_stack_lvl+0x10/0x10
[ 87.028666][ T6442] ? __pfx__printk+0x10/0x10
[ 87.028676][ T6442] ? fs_reclaim_acquire+0x7d/0x100
[ 87.028685][ T6442] ? rcu_is_watching+0x15/0xb0
[ 87.028699][ T6442] ? __pfx___might_resched+0x10/0x10
[ 87.028708][ T6442] ? lock_acquire+0x5f/0x360
[ 87.028720][ T6442] should_fail_ex+0x46c/0x600
umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./35/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555587b22730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555587b22730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./35/file0") = 0
[ 87.028734][ T6442] ? btrfs_add_to_free_space_tree+0xde/0x5b0
[ 87.028747][ T6442] should_failslab+0xa8/0x100
[ 87.028760][ T6442] ? btrfs_add_to_free_space_tree+0xde/0x5b0
[ 87.028771][ T6442] kmem_cache_alloc_noprof+0x6e/0x310
[ 87.028785][ T6442] btrfs_add_to_free_space_tree+0xde/0x5b0
[ 87.028797][ T6442] __btrfs_free_extent+0x167b/0x4250
[ 87.028811][ T6442] ? __pfx___btrfs_free_extent+0x10/0x10
[ 87.028820][ T6442] ? migrate_disable+0x160/0x190
[ 87.028832][ T6442] ? __pfx_rt_mutex_slowunlock+0x10/0x10
umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./35/binderfs") = 0
getdents64(3, 0x555587b1a6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./35") = 0
mkdir("./36", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
[ 87.028841][ T6442] ? lock_release+0x4b/0x3e0
[ 87.028851][ T6442] ? __btrfs_run_delayed_refs+0x33e8/0x4150
[ 87.028866][ T6442] __btrfs_run_delayed_refs+0xe7f/0x4150
[ 87.028882][ T6442] ? is_bpf_text_address+0x26/0x2b0
[ 87.028898][ T6442] ? is_bpf_text_address+0x292/0x2b0
[ 87.028909][ T6442] ? __pfx___btrfs_run_delayed_refs+0x10/0x10
[ 87.028923][ T6442] ? try_to_take_rt_mutex+0x840/0xb00
[ 87.028932][ T6442] ? unwind_get_return_address+0x4d/0x90
[ 87.028945][ T6442] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 87.028955][ T6442] ? arch_stack_walk+0xfc/0x150
[ 87.028969][ T6442] ? rtlock_slowlock_locked+0xd8/0x4010
[ 87.028979][ T6442] ? stack_trace_save+0x9c/0xe0
[ 87.028995][ T6442] ? __pfx_stack_trace_save+0x10/0x10
[ 87.029005][ T6442] ? stack_depot_save_flags+0x40/0x860
[ 87.029016][ T6442] ? btrfs_commit_transaction+0x161/0x3950
[ 87.029029][ T6442] ? rcu_is_watching+0x15/0xb0
[ 87.029041][ T6442] ? lock_acquire+0x5f/0x360
[ 87.029052][ T6442] ? rcu_is_watching+0x15/0xb0
[ 87.029064][ T6442] btrfs_run_delayed_refs+0xe6/0x3b0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555587b19650) = 6459
./strace-static-x86_64: Process 6459 attached
[pid 6459] set_robust_list(0x555587b19660, 24) = 0
[ 87.029078][ T6442] btrfs_commit_transaction+0x269/0x3950
[ 87.029090][ T6442] ? rcu_is_watching+0x15/0xb0
[ 87.029101][ T6442] ? btrfs_commit_transaction+0x161/0x3950
[ 87.029113][ T6442] ? lock_acquire+0x5f/0x360
[ 87.029123][ T6442] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 87.029134][ T6442] ? rt_mutex_slowunlock+0x493/0x8a0
[ 87.029143][ T6442] ? migrate_disable+0xd5/0x190
[ 87.029154][ T6442] ? join_transaction+0x41b/0xca0
[ 87.029164][ T6442] ? rcu_is_watching+0x15/0xb0
[pid 6459] chdir("./36") = 0
[pid 6459] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 6459] setpgid(0, 0) = 0
[pid 6459] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 6459] write(3, "1000", 4) = 4
[pid 6459] close(3) = 0
[pid 6459] symlink("/dev/binderfs", "./binderfs") = 0
[pid 6459] write(1, "executing program\n", 18executing program
) = 18
[ 87.029177][ T6442] ? lock_acquire+0x5f/0x360
[ 87.029187][ T6442] ? __pfx_btrfs_commit_transaction+0x10/0x10
[ 87.029199][ T6442] ? join_transaction+0x41b/0xca0
[ 87.029212][ T6442] ? btrfs_record_root_in_trans+0x91/0x180
[ 87.029223][ T6442] ? start_transaction+0x439/0x1620
[ 87.029236][ T6442] ? btrfs_attach_transaction_barrier+0x32/0xa0
[ 87.029247][ T6442] ? btrfs_sync_fs+0x1b2/0x6a0
[ 87.029260][ T6442] sync_filesystem+0x1ce/0x250
[ 87.029273][ T6442] btrfs_reconfigure+0x2fa/0x2160
[ 87.029284][ T6442] ? __pfx_list_lru_walk_node+0x10/0x10
[pid 6459] memfd_create("syzkaller", 0) = 3
[pid 6459] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6bc3f59000
[ 87.029297][ T6442] ? __pfx_btrfs_reconfigure+0x10/0x10
[ 87.029306][ T6442] ? __pfx_shrink_dcache_sb+0x10/0x10
[ 87.029320][ T6442] ? rcu_is_watching+0x15/0xb0
[ 87.029333][ T6442] reconfigure_super+0x224/0x890
[ 87.029345][ T6442] path_mount+0xd18/0xfe0
[ 87.029358][ T6442] __se_sys_mount+0x317/0x410
[ 87.029371][ T6442] ? __pfx___se_sys_mount+0x10/0x10
[ 87.029382][ T6442] ? rcu_is_watching+0x15/0xb0
[ 87.029395][ T6442] ? __x64_sys_mount+0x20/0xc0
[ 87.029406][ T6442] do_syscall_64+0xfa/0x3b0
[ 87.029418][ T6442] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 87.029428][ T6442] ? clear_bhb_loop+0x60/0xb0
[ 87.029437][ T6442] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 87.029446][ T6442] RIP: 0033:0x7f6bcc3a931a
[ 87.029455][ T6442] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 3e 07 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 87.029463][ T6442] RSP: 002b:00007ffca25590d8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 87.029475][ T6442] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6bcc3a931a
[ 87.029482][ T6442] RDX: 0000200000000180 RSI: 00002000000006c0 RDI: 0000000000000000
[ 87.029488][ T6442] RBP: 0000200000000180 R08: 00007ffca2559170 R09: 0000200000000080
[ 87.029495][ T6442] R10: 0000000001a4243c R11: 0000000000000206 R12: 00002000000006c0
[ 87.029501][ T6442] R13: 00007ffca2559170 R14: 0000000000000000 R15: 0000200000000700
[ 87.029511][ T6442]
[ 87.029516][ T6442] BTRFS error (device loop0 state A): Transaction aborted (error -12)
[pid 6459] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[ 87.029528][ T6442] BTRFS: error (device loop0 state A) in btrfs_add_to_free_space_tree:1035: errno=-12 Out of memory
[ 87.029538][ T6442] BTRFS info (device loop0 state EA): forced readonly
[ 87.029546][ T6442] BTRFS: error (device loop0 state EA) in do_free_extent_accounting:3005: errno=-12 Out of memory
[ 87.029560][ T6442] BTRFS error (device loop0 state EA): failed to run delayed ref for logical 5394432 num_bytes 4096 type 176 action 2 ref_mod 1: -12
[pid 6459] munmap(0x7f6bc3f59000, 138412032) = 0
[pid 6459] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 6459] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 6459] close(3) = 0
[pid 6459] close(4) = 0
[pid 6459] mkdir("./file0", 0777) = 0
[ 87.029581][ T6442] BTRFS: error (device loop0 state EA) in btrfs_run_delayed_refs:2161: errno=-12 Out of memory
[ 87.029614][ T6442] BTRFS error (device loop0 state EMA): remounting read-write after error is not allowed
[ 87.097546][ T5833] BTRFS info (device loop0 state EA): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 87.610832][ T6459] loop0: detected capacity change from 0 to 32768
[ 87.646102][ T6459] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor410 (6459)
[ 87.652389][ T6459] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 87.652447][ T6459] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[ 87.652500][ T6459] BTRFS info (device loop0): using free-space-tree
[pid 6459] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,metadata_ratio=0x0000000000000000,ssd_spread,") = 0
[pid 6459] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 6459] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid 6459] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 6459] chdir("./file0") = 0
[pid 6459] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 4
[pid 6459] ioctl(4, IMADDTIMER, 0x200000001b00) = 0
[pid 6459] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 6459] write(5, "31", 2) = 2
[pid 6459] mkdir(".", 0777) = -1 EEXIST (File exists)
[pid 6459] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = 0
[pid 6459] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 6
[pid 6459] exit_group(0) = ?
[ 87.732639][ T6459] BTRFS info (device loop0): rebuilding free space tree
[pid 6459] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6459, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=15 /* 0.15 s */} ---
umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555587b1a6f0 /* 4 entries */, 32768) = 112
[ 87.779849][ T12] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[ 87.842243][ T5833] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./36/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555587b22730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555587b22730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./36/file0") = 0
umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./36/binderfs") = 0
getdents64(3, 0x555587b1a6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./36") = 0
mkdir("./37", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6477 attached
, child_tidptr=0x555587b19650) = 6477
[pid 6477] set_robust_list(0x555587b19660, 24) = 0
[pid 6477] chdir("./37") = 0
[pid 6477] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 6477] setpgid(0, 0) = 0
[pid 6477] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 6477] write(3, "1000", 4) = 4
[pid 6477] close(3) = 0
[pid 6477] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 6477] write(1, "executing program\n", 18) = 18
[pid 6477] memfd_create("syzkaller", 0) = 3
[pid 6477] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6bc3f59000
[pid 6477] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 6477] munmap(0x7f6bc3f59000, 138412032) = 0
[pid 6477] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 6477] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 6477] close(3) = 0
[pid 6477] close(4) = 0
[pid 6477] mkdir("./file0", 0777) = 0
[ 88.406607][ T6477] loop0: detected capacity change from 0 to 32768
[ 88.422712][ T6477] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor410 (6477)
[ 88.427733][ T6477] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 88.427797][ T6477] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[ 88.427849][ T6477] BTRFS info (device loop0): using free-space-tree
[pid 6477] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,metadata_ratio=0x0000000000000000,ssd_spread,") = 0
[pid 6477] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[ 88.442275][ T6477] BTRFS info (device loop0): rebuilding free space tree
[pid 6477] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid 6477] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 6477] chdir("./file0") = 0
[pid 6477] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 4
[pid 6477] ioctl(4, IMADDTIMER, 0x200000001b00) = 0
[pid 6477] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 6477] write(5, "31", 2) = 2
[pid 6477] mkdir(".", 0777) = -1 EEXIST (File exists)
[pid 6477] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = 0
[pid 6477] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 6
[pid 6477] exit_group(0) = ?
[pid 6477] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6477, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=10 /* 0.10 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555587b1a6f0 /* 4 entries */, 32768) = 112
[ 88.560102][ T13] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
[ 88.652048][ T5833] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555587b22730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555587b22730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./37/file0") = 0
umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./37/binderfs") = 0
getdents64(3, 0x555587b1a6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./37") = 0
mkdir("./38", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555587b19650) = 6495
./strace-static-x86_64: Process 6495 attached
[pid 6495] set_robust_list(0x555587b19660, 24) = 0
[pid 6495] chdir("./38") = 0
[pid 6495] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 6495] setpgid(0, 0) = 0
[pid 6495] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 6495] write(3, "1000", 4) = 4
[pid 6495] close(3) = 0
[pid 6495] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 6495] write(1, "executing program\n", 18) = 18
[pid 6495] memfd_create("syzkaller", 0) = 3
[pid 6495] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6bc3f59000
[pid 6495] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 6495] munmap(0x7f6bc3f59000, 138412032) = 0
[pid 6495] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 6495] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 6495] close(3) = 0
[pid 6495] close(4) = 0
[pid 6495] mkdir("./file0", 0777) = 0
[ 89.129273][ T6495] loop0: detected capacity change from 0 to 32768
[ 89.144008][ T6495] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor410 (6495)
[ 89.156130][ T6495] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 89.156192][ T6495] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[ 89.156248][ T6495] BTRFS info (device loop0): using free-space-tree
[pid 6495] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,metadata_ratio=0x0000000000000000,ssd_spread,") = 0
[pid 6495] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 6495] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid 6495] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 6495] chdir("./file0") = 0
[pid 6495] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 4
[pid 6495] ioctl(4, IMADDTIMER, 0x200000001b00) = 0
[pid 6495] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 6495] write(5, "31", 2) = 2
[pid 6495] mkdir(".", 0777) = -1 EEXIST (File exists)
[ 89.199723][ T6495] BTRFS info (device loop0): rebuilding free space tree
[pid 6495] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = 0
[pid 6495] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 6
[pid 6495] exit_group(0) = ?
[pid 6495] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6495, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=9 /* 0.09 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 89.271388][ T13] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555587b1a6f0 /* 4 entries */, 32768) = 112
umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[ 89.419735][ T5833] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./38/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555587b22730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555587b22730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./38/file0") = 0
umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./38/binderfs") = 0
getdents64(3, 0x555587b1a6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./38") = 0
mkdir("./39", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6512 attached
, child_tidptr=0x555587b19650) = 6512
[pid 6512] set_robust_list(0x555587b19660, 24) = 0
[pid 6512] chdir("./39") = 0
[pid 6512] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 6512] setpgid(0, 0) = 0
[pid 6512] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 6512] write(3, "1000", 4) = 4
[pid 6512] close(3) = 0
[pid 6512] symlink("/dev/binderfs", "./binderfs") = 0
[pid 6512] write(1, "executing program\n", 18executing program
) = 18
[pid 6512] memfd_create("syzkaller", 0) = 3
[pid 6512] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6bc3f59000
[pid 6512] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 6512] munmap(0x7f6bc3f59000, 138412032) = 0
[pid 6512] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 6512] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 6512] close(3) = 0
[pid 6512] close(4) = 0
[pid 6512] mkdir("./file0", 0777) = 0
[ 89.901976][ T6512] loop0: detected capacity change from 0 to 32768
[ 89.926579][ T6512] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor410 (6512)
[ 89.932112][ T6512] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 89.932177][ T6512] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[ 89.932230][ T6512] BTRFS info (device loop0): using free-space-tree
[pid 6512] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,metadata_ratio=0x0000000000000000,ssd_spread,") = 0
[pid 6512] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[ 90.010611][ T6512] BTRFS info (device loop0): rebuilding free space tree
[pid 6512] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid 6512] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 6512] chdir("./file0") = 0
[pid 6512] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 4
[pid 6512] ioctl(4, IMADDTIMER, 0x200000001b00) = 0
[pid 6512] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 6512] write(5, "31", 2) = 2
[pid 6512] mkdir(".", 0777) = -1 EEXIST (File exists)
[pid 6512] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = 0
[pid 6512] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 6
[pid 6512] exit_group(0) = ?
[pid 6512] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6512, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=8 /* 0.08 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 90.092160][ T13] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555587b1a6f0 /* 4 entries */, 32768) = 112
umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
[ 90.260556][ T5833] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555587b22730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555587b22730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./39/file0") = 0
umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./39/binderfs") = 0
getdents64(3, 0x555587b1a6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./39") = 0
mkdir("./40", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6529 attached
, child_tidptr=0x555587b19650) = 6529
[pid 6529] set_robust_list(0x555587b19660, 24) = 0
[pid 6529] chdir("./40") = 0
[pid 6529] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 6529] setpgid(0, 0) = 0
[pid 6529] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 6529] write(3, "1000", 4) = 4
[pid 6529] close(3) = 0
[pid 6529] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 6529] write(1, "executing program\n", 18) = 18
[pid 6529] memfd_create("syzkaller", 0) = 3
[pid 6529] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6bc3f59000
[pid 6529] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 6529] munmap(0x7f6bc3f59000, 138412032) = 0
[pid 6529] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 6529] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 6529] close(3) = 0
[pid 6529] close(4) = 0
[pid 6529] mkdir("./file0", 0777) = 0
[ 90.743447][ T6529] loop0: detected capacity change from 0 to 32768
[ 90.776869][ T6529] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor410 (6529)
[ 90.788482][ T6529] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 90.788549][ T6529] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[ 90.788602][ T6529] BTRFS info (device loop0): using free-space-tree
[pid 6529] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,metadata_ratio=0x0000000000000000,ssd_spread,") = 0
[pid 6529] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 6529] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid 6529] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 6529] chdir("./file0") = 0
[pid 6529] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 4
[pid 6529] ioctl(4, IMADDTIMER, 0x200000001b00) = 0
[pid 6529] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[ 90.848699][ T6529] BTRFS info (device loop0): rebuilding free space tree
[pid 6529] write(5, "31", 2) = 2
[pid 6529] mkdir(".", 0777) = -1 EEXIST (File exists)
[pid 6529] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = 0
[pid 6529] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 6
[pid 6529] exit_group(0) = ?
[pid 6529] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6529, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=9 /* 0.09 s */} ---
[ 90.900120][ T12] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 90.922604][ T6529] FAULT_INJECTION: forcing a failure.
[ 90.922604][ T6529] name failslab, interval 1, probability 0, space 0, times 0
[ 90.922632][ T6529] CPU: 1 UID: 0 PID: 6529 Comm: syz-executor410 Tainted: G W 6.17.0-rc1-syzkaller-00214-g99bade344cfa #0 PREEMPT_{RT,(full)}
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555587b1a6f0 /* 4 entries */, 32768) = 112
[ 90.922648][ T6529] Tainted: [W]=WARN
[ 90.922651][ T6529] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 90.922657][ T6529] Call Trace:
[ 90.922661][ T6529]
[ 90.922665][ T6529] dump_stack_lvl+0x189/0x250
[ 90.922683][ T6529] ? __pfx____ratelimit+0x10/0x10
[ 90.922695][ T6529] ? __pfx_dump_stack_lvl+0x10/0x10
[ 90.922707][ T6529] ? __pfx__printk+0x10/0x10
[ 90.922717][ T6529] ? fs_reclaim_acquire+0x7d/0x100
[ 90.922727][ T6529] ? rcu_is_watching+0x15/0xb0
[ 90.922740][ T6529] ? __pfx___might_resched+0x10/0x10
[ 90.922750][ T6529] ? lock_acquire+0x5f/0x360
[ 90.922762][ T6529] should_fail_ex+0x46c/0x600
[ 90.922775][ T6529] ? alloc_extent_state+0x22/0x2f0
[ 90.922788][ T6529] should_failslab+0xa8/0x100
[ 90.922801][ T6529] ? alloc_extent_state+0x22/0x2f0
[ 90.922812][ T6529] kmem_cache_alloc_noprof+0x6e/0x310
[ 90.922826][ T6529] alloc_extent_state+0x22/0x2f0
[ 90.922838][ T6529] set_extent_bit+0x270/0x21e0
[ 90.922853][ T6529] ? rt_mutex_slowunlock+0x493/0x8a0
[ 90.922863][ T6529] ? __pfx_set_extent_bit+0x10/0x10
[ 90.922875][ T6529] ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 90.922884][ T6529] ? lock_release+0x4b/0x3e0
[ 90.922895][ T6529] btrfs_set_extent_bit+0x38/0x50
[ 90.922908][ T6529] btrfs_update_block_group+0x712/0xb00
[ 90.922924][ T6529] __btrfs_free_extent+0x16a0/0x4250
[ 90.922938][ T6529] ? __pfx___btrfs_free_extent+0x10/0x10
[ 90.922947][ T6529] ? migrate_disable+0x160/0x190
[ 90.922959][ T6529] ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 90.922968][ T6529] ? lock_release+0x4b/0x3e0
umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./40/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555587b22730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555587b22730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./40/file0") = 0
[ 90.922980][ T6529] __btrfs_run_delayed_refs+0xe7f/0x4150
[ 90.922996][ T6529] ? is_bpf_text_address+0x26/0x2b0
[ 90.923012][ T6529] ? is_bpf_text_address+0x292/0x2b0
[ 90.923024][ T6529] ? __pfx___btrfs_run_delayed_refs+0x10/0x10
[ 90.923038][ T6529] ? try_to_take_rt_mutex+0x840/0xb00
[ 90.923047][ T6529] ? unwind_get_return_address+0x4d/0x90
[ 90.923059][ T6529] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 90.923069][ T6529] ? arch_stack_walk+0xfc/0x150
[ 90.923083][ T6529] ? rtlock_slowlock_locked+0xd8/0x4010
umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./40/binderfs") = 0
getdents64(3, 0x555587b1a6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./40") = 0
mkdir("./41", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[ 90.923093][ T6529] ? stack_trace_save+0x9c/0xe0
[ 90.923102][ T6529] ? __pfx_stack_trace_save+0x10/0x10
[ 90.923111][ T6529] ? stack_depot_save_flags+0x40/0x860
[ 90.923123][ T6529] ? btrfs_commit_transaction+0x161/0x3950
[ 90.923135][ T6529] ? rcu_is_watching+0x15/0xb0
[ 90.923147][ T6529] ? lock_acquire+0x5f/0x360
[ 90.923158][ T6529] ? rcu_is_watching+0x15/0xb0
[ 90.923171][ T6529] btrfs_run_delayed_refs+0xe6/0x3b0
[ 90.923185][ T6529] btrfs_commit_transaction+0x269/0x3950
ioctl(3, LOOP_CLR_FD) = 0
[ 90.923196][ T6529] ? rcu_is_watching+0x15/0xb0
[ 90.923209][ T6529] ? btrfs_commit_transaction+0x161/0x3950
[ 90.923220][ T6529] ? lock_acquire+0x5f/0x360
[ 90.923230][ T6529] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 90.923242][ T6529] ? rt_mutex_slowunlock+0x493/0x8a0
[ 90.923251][ T6529] ? migrate_disable+0xd5/0x190
[ 90.923261][ T6529] ? join_transaction+0x41b/0xca0
[ 90.923272][ T6529] ? rcu_is_watching+0x15/0xb0
[ 90.923284][ T6529] ? lock_acquire+0x5f/0x360
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555587b19650) = 6546
./strace-static-x86_64: Process 6546 attached
[ 90.923295][ T6529] ? __pfx_btrfs_commit_transaction+0x10/0x10
[ 90.923306][ T6529] ? join_transaction+0x41b/0xca0
[ 90.923319][ T6529] ? btrfs_record_root_in_trans+0x91/0x180
[ 90.923330][ T6529] ? start_transaction+0x439/0x1620
[ 90.923357][ T6529] ? btrfs_attach_transaction_barrier+0x32/0xa0
[ 90.923368][ T6529] ? btrfs_sync_fs+0x1b2/0x6a0
[ 90.923381][ T6529] sync_filesystem+0x1ce/0x250
[ 90.923395][ T6529] btrfs_reconfigure+0x2fa/0x2160
[ 90.923406][ T6529] ? __pfx_list_lru_walk_node+0x10/0x10
[pid 6546] set_robust_list(0x555587b19660, 24) = 0
[pid 6546] chdir("./41") = 0
[pid 6546] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 6546] setpgid(0, 0) = 0
[ 90.923419][ T6529] ? __pfx_btrfs_reconfigure+0x10/0x10
[ 90.923428][ T6529] ? __pfx_shrink_dcache_sb+0x10/0x10
[ 90.923442][ T6529] ? rcu_is_watching+0x15/0xb0
[ 90.923455][ T6529] reconfigure_super+0x224/0x890
[ 90.923467][ T6529] path_mount+0xd18/0xfe0
[ 90.923481][ T6529] __se_sys_mount+0x317/0x410
[ 90.923493][ T6529] ? __pfx___se_sys_mount+0x10/0x10
[ 90.923505][ T6529] ? rcu_is_watching+0x15/0xb0
[ 90.923518][ T6529] ? __x64_sys_mount+0x20/0xc0
[ 90.923530][ T6529] do_syscall_64+0xfa/0x3b0
[ 90.923542][ T6529] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[pid 6546] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 6546] write(3, "1000", 4) = 4
[pid 6546] close(3) = 0
[pid 6546] symlink("/dev/binderfs", "./binderfs") = 0
[pid 6546] write(1, "executing program\n", 18executing program
) = 18
[pid 6546] memfd_create("syzkaller", 0) = 3
[pid 6546] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6bc3f59000
[ 90.923551][ T6529] ? clear_bhb_loop+0x60/0xb0
[ 90.923561][ T6529] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 90.923570][ T6529] RIP: 0033:0x7f6bcc3a931a
[ 90.923579][ T6529] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 3e 07 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 90.923588][ T6529] RSP: 002b:00007ffca25590d8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 90.923601][ T6529] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6bcc3a931a
[ 90.923608][ T6529] RDX: 0000200000000180 RSI: 00002000000006c0 RDI: 0000000000000000
[ 90.923614][ T6529] RBP: 0000200000000180 R08: 00007ffca2559170 R09: 0000200000000080
[ 90.923621][ T6529] R10: 0000000001a4243c R11: 0000000000000206 R12: 00002000000006c0
[ 90.923628][ T6529] R13: 00007ffca2559170 R14: 0000000000000000 R15: 0000200000000700
[ 90.923637][ T6529]
[ 91.080772][ T5833] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[pid 6546] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 6546] munmap(0x7f6bc3f59000, 138412032) = 0
[pid 6546] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 6546] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 6546] close(3) = 0
[pid 6546] close(4) = 0
[pid 6546] mkdir("./file0", 0777) = 0
[ 91.544014][ T6546] loop0: detected capacity change from 0 to 32768
[ 91.578762][ T6546] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor410 (6546)
[ 91.583684][ T6546] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 91.583749][ T6546] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[ 91.583818][ T6546] BTRFS info (device loop0): using free-space-tree
[pid 6546] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,metadata_ratio=0x0000000000000000,ssd_spread,") = 0
[pid 6546] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 6546] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid 6546] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 6546] chdir("./file0") = 0
[pid 6546] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 4
[pid 6546] ioctl(4, IMADDTIMER, 0x200000001b00) = 0
[ 91.641496][ T6546] BTRFS info (device loop0): rebuilding free space tree
[pid 6546] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 6546] write(5, "31", 2) = 2
[pid 6546] mkdir(".", 0777) = -1 EEXIST (File exists)
[pid 6546] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument)
[pid 6546] exit_group(0) = ?
[pid 6546] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6546, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=8 /* 0.08 s */} ---
[ 91.697715][ T12] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 91.718577][ T6546] FAULT_INJECTION: forcing a failure.
[ 91.718577][ T6546] name failslab, interval 1, probability 0, space 0, times 0
[ 91.718601][ T6546] CPU: 1 UID: 0 PID: 6546 Comm: syz-executor410 Tainted: G W 6.17.0-rc1-syzkaller-00214-g99bade344cfa #0 PREEMPT_{RT,(full)}
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555587b1a6f0 /* 4 entries */, 32768) = 112
[ 91.718617][ T6546] Tainted: [W]=WARN
[ 91.718620][ T6546] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 91.718626][ T6546] Call Trace:
[ 91.718630][ T6546]
[ 91.718634][ T6546] dump_stack_lvl+0x189/0x250
[ 91.718651][ T6546] ? __pfx____ratelimit+0x10/0x10
[ 91.718670][ T6546] ? __pfx_dump_stack_lvl+0x10/0x10
[ 91.718682][ T6546] ? __pfx__printk+0x10/0x10
[ 91.718692][ T6546] ? fs_reclaim_acquire+0x7d/0x100
[ 91.718701][ T6546] ? rcu_is_watching+0x15/0xb0
[ 91.718715][ T6546] ? __pfx___might_resched+0x10/0x10
[ 91.718724][ T6546] ? lock_acquire+0x5f/0x360
[ 91.718736][ T6546] should_fail_ex+0x46c/0x600
[ 91.718748][ T6546] ? btrfs_add_to_free_space_tree+0xde/0x5b0
[ 91.718760][ T6546] should_failslab+0xa8/0x100
[ 91.718772][ T6546] ? btrfs_add_to_free_space_tree+0xde/0x5b0
[ 91.718783][ T6546] kmem_cache_alloc_noprof+0x6e/0x310
[ 91.718795][ T6546] btrfs_add_to_free_space_tree+0xde/0x5b0
[ 91.718807][ T6546] __btrfs_free_extent+0x167b/0x4250
[ 91.718821][ T6546] ? __pfx___btrfs_free_extent+0x10/0x10
umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./41/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555587b22730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555587b22730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./41/file0") = 0
umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./41/binderfs") = 0
[ 91.718831][ T6546] ? migrate_disable+0x160/0x190
[ 91.718842][ T6546] ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 91.718851][ T6546] ? lock_release+0x4b/0x3e0
[ 91.718862][ T6546] ? __btrfs_run_delayed_refs+0x33e8/0x4150
[ 91.718876][ T6546] __btrfs_run_delayed_refs+0xe7f/0x4150
[ 91.718891][ T6546] ? is_bpf_text_address+0x26/0x2b0
[ 91.718907][ T6546] ? is_bpf_text_address+0x292/0x2b0
[ 91.718919][ T6546] ? __pfx___btrfs_run_delayed_refs+0x10/0x10
[ 91.718933][ T6546] ? try_to_take_rt_mutex+0x840/0xb00
getdents64(3, 0x555587b1a6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./41") = 0
mkdir("./42", 0777) = 0
[ 91.718942][ T6546] ? unwind_get_return_address+0x4d/0x90
[ 91.718954][ T6546] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 91.718970][ T6546] ? arch_stack_walk+0xfc/0x150
[ 91.718983][ T6546] ? rtlock_slowlock_locked+0xd8/0x4010
[ 91.718993][ T6546] ? stack_trace_save+0x9c/0xe0
[ 91.719002][ T6546] ? __pfx_stack_trace_save+0x10/0x10
[ 91.719012][ T6546] ? stack_depot_save_flags+0x40/0x860
[ 91.719023][ T6546] ? btrfs_commit_transaction+0x161/0x3950
[ 91.719036][ T6546] ? rcu_is_watching+0x15/0xb0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
[ 91.719048][ T6546] ? lock_acquire+0x5f/0x360
[ 91.719059][ T6546] ? rcu_is_watching+0x15/0xb0
[ 91.719072][ T6546] btrfs_run_delayed_refs+0xe6/0x3b0
[ 91.719085][ T6546] btrfs_commit_transaction+0x269/0x3950
[ 91.719097][ T6546] ? rcu_is_watching+0x15/0xb0
[ 91.719109][ T6546] ? btrfs_commit_transaction+0x161/0x3950
[ 91.719120][ T6546] ? lock_acquire+0x5f/0x360
[ 91.719131][ T6546] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 91.719143][ T6546] ? rt_mutex_slowunlock+0x493/0x8a0
[ 91.719151][ T6546] ? migrate_disable+0xd5/0x190
[ 91.719162][ T6546] ? join_transaction+0x41b/0xca0
[ 91.719173][ T6546] ? rcu_is_watching+0x15/0xb0
[ 91.719185][ T6546] ? lock_acquire+0x5f/0x360
[ 91.719196][ T6546] ? __pfx_btrfs_commit_transaction+0x10/0x10
[ 91.719208][ T6546] ? join_transaction+0x41b/0xca0
[ 91.719220][ T6546] ? btrfs_record_root_in_trans+0x91/0x180
[ 91.719232][ T6546] ? start_transaction+0x439/0x1620
[ 91.719252][ T6546] ? btrfs_attach_transaction_barrier+0x32/0xa0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555587b19650) = 6563
./strace-static-x86_64: Process 6563 attached
[pid 6563] set_robust_list(0x555587b19660, 24) = 0
[pid 6563] chdir("./42") = 0
[ 91.719262][ T6546] ? btrfs_sync_fs+0x1b2/0x6a0
[ 91.719275][ T6546] sync_filesystem+0x1ce/0x250
[ 91.719289][ T6546] btrfs_reconfigure+0x2fa/0x2160
[ 91.719300][ T6546] ? __pfx_list_lru_walk_node+0x10/0x10
[ 91.719313][ T6546] ? __pfx_btrfs_reconfigure+0x10/0x10
[ 91.719322][ T6546] ? __pfx_shrink_dcache_sb+0x10/0x10
[ 91.719336][ T6546] ? rcu_is_watching+0x15/0xb0
[ 91.719350][ T6546] reconfigure_super+0x224/0x890
[ 91.719361][ T6546] path_mount+0xd18/0xfe0
[ 91.719375][ T6546] __se_sys_mount+0x317/0x410
[pid 6563] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 6563] setpgid(0, 0) = 0
[pid 6563] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 6563] write(3, "1000", 4) = 4
[pid 6563] close(3) = 0
[pid 6563] symlink("/dev/binderfs", "./binderfs") = 0
[ 91.719388][ T6546] ? __pfx___se_sys_mount+0x10/0x10
[ 91.719399][ T6546] ? rcu_is_watching+0x15/0xb0
[ 91.719412][ T6546] ? __x64_sys_mount+0x20/0xc0
[ 91.719425][ T6546] do_syscall_64+0xfa/0x3b0
[ 91.719436][ T6546] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 91.719445][ T6546] ? clear_bhb_loop+0x60/0xb0
[ 91.719455][ T6546] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 91.719464][ T6546] RIP: 0033:0x7f6bcc3a931a
[pid 6563] write(1, "executing program\n", 18executing program
) = 18
[pid 6563] memfd_create("syzkaller", 0) = 3
[pid 6563] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6bc3f59000
[ 91.719473][ T6546] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 3e 07 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 91.719481][ T6546] RSP: 002b:00007ffca25590d8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 91.719492][ T6546] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6bcc3a931a
[ 91.719499][ T6546] RDX: 0000200000000180 RSI: 00002000000006c0 RDI: 0000000000000000
[ 91.719506][ T6546] RBP: 0000200000000180 R08: 00007ffca2559170 R09: 0000200000000080
[ 91.719513][ T6546] R10: 0000000001a4243c R11: 0000000000000206 R12: 00002000000006c0
[ 91.719519][ T6546] R13: 00007ffca2559170 R14: 0000000000000000 R15: 0000200000000700
[ 91.719528][ T6546]
[ 91.719535][ T6546] BTRFS error (device loop0 state A): Transaction aborted (error -12)
[ 91.719547][ T6546] BTRFS: error (device loop0 state A) in btrfs_add_to_free_space_tree:1035: errno=-12 Out of memory
[ 91.719557][ T6546] BTRFS info (device loop0 state EA): forced readonly
[ 91.719565][ T6546] BTRFS: error (device loop0 state EA) in do_free_extent_accounting:3005: errno=-12 Out of memory
[ 91.719579][ T6546] BTRFS error (device loop0 state EA): failed to run delayed ref for logical 5394432 num_bytes 4096 type 176 action 2 ref_mod 1: -12
[ 91.719601][ T6546] BTRFS: error (device loop0 state EA) in btrfs_run_delayed_refs:2161: errno=-12 Out of memory
[ 91.719635][ T6546] BTRFS error (device loop0 state EMA): remounting read-write after error is not allowed
[ 91.798195][ T5833] BTRFS info (device loop0 state EA): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[pid 6563] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 6563] munmap(0x7f6bc3f59000, 138412032) = 0
[pid 6563] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 6563] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 6563] close(3) = 0
[pid 6563] close(4) = 0
[pid 6563] mkdir("./file0", 0777) = 0
[ 92.362761][ T6563] loop0: detected capacity change from 0 to 32768
[ 92.385734][ T6563] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor410 (6563)
[ 92.403460][ T6563] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 92.403541][ T6563] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[ 92.403595][ T6563] BTRFS info (device loop0): using free-space-tree
[pid 6563] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,metadata_ratio=0x0000000000000000,ssd_spread,") = 0
[pid 6563] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[ 92.456135][ T6563] BTRFS info (device loop0): rebuilding free space tree
[pid 6563] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid 6563] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 6563] chdir("./file0") = 0
[pid 6563] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 4
[pid 6563] ioctl(4, IMADDTIMER, 0x200000001b00) = 0
[pid 6563] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 6563] write(5, "31", 2) = 2
[pid 6563] mkdir(".", 0777) = -1 EEXIST (File exists)
[pid 6563] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument)
[pid 6563] exit_group(0) = ?
[pid 6563] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6563, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=13 /* 0.13 s */} ---
[ 92.542211][ T1901] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 92.564421][ T6563] FAULT_INJECTION: forcing a failure.
[ 92.564421][ T6563] name failslab, interval 1, probability 0, space 0, times 0
[ 92.564445][ T6563] CPU: 1 UID: 0 PID: 6563 Comm: syz-executor410 Tainted: G W 6.17.0-rc1-syzkaller-00214-g99bade344cfa #0 PREEMPT_{RT,(full)}
umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555587b1a6f0 /* 4 entries */, 32768) = 112
[ 92.564460][ T6563] Tainted: [W]=WARN
[ 92.564464][ T6563] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 92.564470][ T6563] Call Trace:
[ 92.564474][ T6563]
[ 92.564478][ T6563] dump_stack_lvl+0x189/0x250
[ 92.564496][ T6563] ? __pfx____ratelimit+0x10/0x10
[ 92.564508][ T6563] ? __pfx_dump_stack_lvl+0x10/0x10
[ 92.564523][ T6563] ? __pfx__printk+0x10/0x10
[ 92.564534][ T6563] ? __pfx___might_resched+0x10/0x10
[ 92.564544][ T6563] ? lock_acquire+0x5f/0x360
[ 92.564556][ T6563] should_fail_ex+0x46c/0x600
[ 92.564568][ T6563] ? __btrfs_free_extent+0x2f9/0x4250
[ 92.564579][ T6563] should_failslab+0xa8/0x100
[ 92.564592][ T6563] ? __btrfs_free_extent+0x2f9/0x4250
[ 92.564601][ T6563] kmem_cache_alloc_noprof+0x6e/0x310
[ 92.564614][ T6563] __btrfs_free_extent+0x2f9/0x4250
[ 92.564628][ T6563] ? rt_mutex_slowunlock+0x493/0x8a0
[ 92.564637][ T6563] ? __pfx___btrfs_free_extent+0x10/0x10
[ 92.564647][ T6563] ? __pfx_migrate_enable+0x10/0x10
[ 92.564658][ T6563] ? __pfx_rt_mutex_slowunlock+0x10/0x10
umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 92.564667][ T6563] ? lock_release+0x4b/0x3e0
[ 92.564677][ T6563] ? __btrfs_run_delayed_refs+0x33e8/0x4150
[ 92.564692][ T6563] __btrfs_run_delayed_refs+0xe7f/0x4150
[ 92.564708][ T6563] ? is_bpf_text_address+0x26/0x2b0
[ 92.564723][ T6563] ? is_bpf_text_address+0x292/0x2b0
[ 92.564735][ T6563] ? __pfx___btrfs_run_delayed_refs+0x10/0x10
[ 92.564748][ T6563] ? try_to_take_rt_mutex+0x840/0xb00
[ 92.564757][ T6563] ? unwind_get_return_address+0x4d/0x90
[ 92.564769][ T6563] ? __pfx_stack_trace_consume_entry+0x10/0x10
newfstatat(AT_FDCWD, "./42/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555587b22730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555587b22730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./42/file0") = 0
umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./42/binderfs") = 0
getdents64(3, 0x555587b1a6f0 /* 0 entries */, 32768) = 0
close(3) = 0
[ 92.564780][ T6563] ? arch_stack_walk+0xfc/0x150
[ 92.564793][ T6563] ? rtlock_slowlock_locked+0xd8/0x4010
[ 92.564803][ T6563] ? stack_trace_save+0x9c/0xe0
[ 92.564812][ T6563] ? __pfx_stack_trace_save+0x10/0x10
[ 92.564821][ T6563] ? stack_depot_save_flags+0x40/0x860
[ 92.564833][ T6563] ? btrfs_commit_transaction+0x161/0x3950
[ 92.564845][ T6563] ? rcu_is_watching+0x15/0xb0
[ 92.564857][ T6563] ? lock_acquire+0x5f/0x360
[ 92.564868][ T6563] ? rcu_is_watching+0x15/0xb0
[ 92.564880][ T6563] btrfs_run_delayed_refs+0xe6/0x3b0
rmdir("./42") = 0
mkdir("./43", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
[ 92.564895][ T6563] btrfs_commit_transaction+0x269/0x3950
[ 92.564906][ T6563] ? rcu_is_watching+0x15/0xb0
[ 92.564918][ T6563] ? btrfs_commit_transaction+0x161/0x3950
[ 92.564929][ T6563] ? lock_acquire+0x5f/0x360
[ 92.564939][ T6563] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 92.564951][ T6563] ? rt_mutex_slowunlock+0x493/0x8a0
[ 92.564959][ T6563] ? migrate_disable+0xd5/0x190
[ 92.564969][ T6563] ? join_transaction+0x41b/0xca0
[ 92.564980][ T6563] ? rcu_is_watching+0x15/0xb0
[ 92.564992][ T6563] ? lock_acquire+0x5f/0x360
[ 92.565002][ T6563] ? __pfx_btrfs_commit_transaction+0x10/0x10
[ 92.565014][ T6563] ? join_transaction+0x41b/0xca0
[ 92.565027][ T6563] ? btrfs_record_root_in_trans+0x91/0x180
[ 92.565038][ T6563] ? start_transaction+0x439/0x1620
[ 92.565052][ T6563] ? btrfs_attach_transaction_barrier+0x32/0xa0
[ 92.565063][ T6563] ? btrfs_sync_fs+0x1b2/0x6a0
[ 92.565074][ T6563] sync_filesystem+0x1ce/0x250
[ 92.565087][ T6563] btrfs_reconfigure+0x2fa/0x2160
[ 92.565098][ T6563] ? __pfx_list_lru_walk_node+0x10/0x10
close(3) = 0
[ 92.565110][ T6563] ? __pfx_btrfs_reconfigure+0x10/0x10
[ 92.565119][ T6563] ? __pfx_shrink_dcache_sb+0x10/0x10
[ 92.565139][ T6563] ? rcu_is_watching+0x15/0xb0
[ 92.565153][ T6563] reconfigure_super+0x224/0x890
[ 92.565165][ T6563] path_mount+0xd18/0xfe0
[ 92.565178][ T6563] __se_sys_mount+0x317/0x410
[ 92.565191][ T6563] ? __pfx___se_sys_mount+0x10/0x10
[ 92.565203][ T6563] ? rcu_is_watching+0x15/0xb0
[ 92.565216][ T6563] ? __x64_sys_mount+0x20/0xc0
[ 92.565228][ T6563] do_syscall_64+0xfa/0x3b0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6580 attached
, child_tidptr=0x555587b19650) = 6580
[pid 6580] set_robust_list(0x555587b19660, 24) = 0
[pid 6580] chdir("./43") = 0
[pid 6580] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 6580] setpgid(0, 0) = 0
[pid 6580] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 6580] write(3, "1000", 4) = 4
[pid 6580] close(3) = 0
[pid 6580] symlink("/dev/binderfs", "./binderfs") = 0
[pid 6580] write(1, "executing program\n", 18executing program
) = 18
[pid 6580] memfd_create("syzkaller", 0) = 3
[ 92.565239][ T6563] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 92.565248][ T6563] ? clear_bhb_loop+0x60/0xb0
[ 92.565258][ T6563] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 92.565291][ T6563] RIP: 0033:0x7f6bcc3a931a
[ 92.565301][ T6563] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 3e 07 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 92.565309][ T6563] RSP: 002b:00007ffca25590d8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[pid 6580] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6bc3f59000
[ 92.565321][ T6563] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6bcc3a931a
[ 92.565328][ T6563] RDX: 0000200000000180 RSI: 00002000000006c0 RDI: 0000000000000000
[ 92.565334][ T6563] RBP: 0000200000000180 R08: 00007ffca2559170 R09: 0000200000000080
[ 92.565341][ T6563] R10: 0000000001a4243c R11: 0000000000000206 R12: 00002000000006c0
[ 92.565347][ T6563] R13: 00007ffca2559170 R14: 0000000000000000 R15: 0000200000000700
[ 92.565357][ T6563]
[ 92.565364][ T6563] BTRFS error (device loop0): failed to run delayed ref for logical 5394432 num_bytes 4096 type 176 action 2 ref_mod 1: -12
[ 92.565388][ T6563] BTRFS error (device loop0 state A): Transaction aborted (error -12)
[ 92.565398][ T6563] BTRFS: error (device loop0 state A) in btrfs_run_delayed_refs:2161: errno=-12 Out of memory
[ 92.565408][ T6563] BTRFS info (device loop0 state EA): forced readonly
[ 92.565442][ T6563] BTRFS error (device loop0 state EMA): remounting read-write after error is not allowed
[ 92.668175][ T5833] BTRFS info (device loop0 state EA): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[pid 6580] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 6580] munmap(0x7f6bc3f59000, 138412032) = 0
[pid 6580] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 6580] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 6580] close(3) = 0
[pid 6580] close(4) = 0
[pid 6580] mkdir("./file0", 0777) = 0
[ 93.161943][ T6580] loop0: detected capacity change from 0 to 32768
[ 93.185655][ T6580] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor410 (6580)
[pid 6580] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,metadata_ratio=0x0000000000000000,ssd_spread,") = 0
[pid 6580] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 6580] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid 6580] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[ 93.205047][ T6580] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 93.205118][ T6580] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[ 93.205198][ T6580] BTRFS info (device loop0): using free-space-tree
[ 93.247809][ T6580] BTRFS info (device loop0): rebuilding free space tree
[pid 6580] chdir("./file0") = 0
[pid 6580] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 4
[pid 6580] ioctl(4, IMADDTIMER, 0x200000001b00) = 0
[pid 6580] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 6580] write(5, "31", 2) = 2
[pid 6580] mkdir(".", 0777) = -1 EEXIST (File exists)
[pid 6580] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument)
[pid 6580] exit_group(0) = ?
[pid 6580] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6580, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=11 /* 0.11 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
[ 93.297387][ T13] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 93.329218][ T6580] FAULT_INJECTION: forcing a failure.
[ 93.329218][ T6580] name failslab, interval 1, probability 0, space 0, times 0
umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555587b1a6f0 /* 4 entries */, 32768) = 112
[ 93.329241][ T6580] CPU: 1 UID: 0 PID: 6580 Comm: syz-executor410 Tainted: G W 6.17.0-rc1-syzkaller-00214-g99bade344cfa #0 PREEMPT_{RT,(full)}
[ 93.329256][ T6580] Tainted: [W]=WARN
[ 93.329259][ T6580] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 93.329265][ T6580] Call Trace:
[ 93.329269][ T6580]
[ 93.329274][ T6580] dump_stack_lvl+0x189/0x250
[ 93.329291][ T6580] ? __pfx____ratelimit+0x10/0x10
[ 93.329303][ T6580] ? __pfx_dump_stack_lvl+0x10/0x10
[ 93.329315][ T6580] ? __pfx__printk+0x10/0x10
[ 93.329325][ T6580] ? fs_reclaim_acquire+0x7d/0x100
[ 93.329334][ T6580] ? rcu_is_watching+0x15/0xb0
[ 93.329348][ T6580] ? __pfx___might_resched+0x10/0x10
[ 93.329364][ T6580] ? lock_acquire+0x5f/0x360
[ 93.329376][ T6580] should_fail_ex+0x46c/0x600
[ 93.329389][ T6580] ? btrfs_add_to_free_space_tree+0xde/0x5b0
[ 93.329401][ T6580] should_failslab+0xa8/0x100
[ 93.329413][ T6580] ? btrfs_add_to_free_space_tree+0xde/0x5b0
[ 93.329423][ T6580] kmem_cache_alloc_noprof+0x6e/0x310
[ 93.329437][ T6580] btrfs_add_to_free_space_tree+0xde/0x5b0
[ 93.329449][ T6580] __btrfs_free_extent+0x167b/0x4250
[ 93.329463][ T6580] ? __pfx___btrfs_free_extent+0x10/0x10
[ 93.329472][ T6580] ? migrate_disable+0x160/0x190
[ 93.329483][ T6580] ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 93.329493][ T6580] ? lock_release+0x4b/0x3e0
[ 93.329504][ T6580] ? __btrfs_run_delayed_refs+0x33e8/0x4150
[ 93.329518][ T6580] __btrfs_run_delayed_refs+0xe7f/0x4150
[ 93.329534][ T6580] ? is_bpf_text_address+0x26/0x2b0
[ 93.329549][ T6580] ? is_bpf_text_address+0x292/0x2b0
[ 93.329561][ T6580] ? __pfx___btrfs_run_delayed_refs+0x10/0x10
[ 93.329575][ T6580] ? try_to_take_rt_mutex+0x840/0xb00
[ 93.329584][ T6580] ? unwind_get_return_address+0x4d/0x90
[ 93.329596][ T6580] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 93.329606][ T6580] ? arch_stack_walk+0xfc/0x150
[ 93.329620][ T6580] ? rtlock_slowlock_locked+0xd8/0x4010
[ 93.329630][ T6580] ? stack_trace_save+0x9c/0xe0
[ 93.329639][ T6580] ? __pfx_stack_trace_save+0x10/0x10
[ 93.329648][ T6580] ? stack_depot_save_flags+0x40/0x860
[ 93.329660][ T6580] ? btrfs_commit_transaction+0x161/0x3950
[ 93.329671][ T6580] ? rcu_is_watching+0x15/0xb0
[ 93.329683][ T6580] ? lock_acquire+0x5f/0x360
[ 93.329694][ T6580] ? rcu_is_watching+0x15/0xb0
[ 93.329707][ T6580] btrfs_run_delayed_refs+0xe6/0x3b0
[ 93.329720][ T6580] btrfs_commit_transaction+0x269/0x3950
[ 93.329732][ T6580] ? rcu_is_watching+0x15/0xb0
[ 93.329744][ T6580] ? btrfs_commit_transaction+0x161/0x3950
[ 93.329755][ T6580] ? lock_acquire+0x5f/0x360
[ 93.329765][ T6580] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./43/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[ 93.329777][ T6580] ? rt_mutex_slowunlock+0x493/0x8a0
[ 93.329786][ T6580] ? migrate_disable+0xd5/0x190
[ 93.329796][ T6580] ? join_transaction+0x41b/0xca0
[ 93.329807][ T6580] ? rcu_is_watching+0x15/0xb0
[ 93.329819][ T6580] ? lock_acquire+0x5f/0x360
[ 93.329830][ T6580] ? __pfx_btrfs_commit_transaction+0x10/0x10
[ 93.329842][ T6580] ? join_transaction+0x41b/0xca0
[ 93.329854][ T6580] ? btrfs_record_root_in_trans+0x91/0x180
[ 93.329866][ T6580] ? start_transaction+0x439/0x1620
[ 93.329879][ T6580] ? btrfs_attach_transaction_barrier+0x32/0xa0
getdents64(4, 0x555587b22730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555587b22730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./43/file0") = 0
umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./43/binderfs") = 0
getdents64(3, 0x555587b1a6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./43") = 0
[ 93.329890][ T6580] ? btrfs_sync_fs+0x1b2/0x6a0
[ 93.329902][ T6580] sync_filesystem+0x1ce/0x250
[ 93.329915][ T6580] btrfs_reconfigure+0x2fa/0x2160
[ 93.329926][ T6580] ? __pfx_list_lru_walk_node+0x10/0x10
[ 93.329938][ T6580] ? __pfx_btrfs_reconfigure+0x10/0x10
[ 93.329948][ T6580] ? __pfx_shrink_dcache_sb+0x10/0x10
[ 93.329975][ T6580] ? rcu_is_watching+0x15/0xb0
[ 93.329989][ T6580] reconfigure_super+0x224/0x890
[ 93.330016][ T6580] path_mount+0xd18/0xfe0
[ 93.330030][ T6580] __se_sys_mount+0x317/0x410
mkdir("./44", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
[ 93.330042][ T6580] ? __pfx___se_sys_mount+0x10/0x10
[ 93.330054][ T6580] ? rcu_is_watching+0x15/0xb0
[ 93.330067][ T6580] ? __x64_sys_mount+0x20/0xc0
[ 93.330079][ T6580] do_syscall_64+0xfa/0x3b0
[ 93.330090][ T6580] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 93.330100][ T6580] ? clear_bhb_loop+0x60/0xb0
[ 93.330111][ T6580] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 93.330120][ T6580] RIP: 0033:0x7f6bcc3a931a
[ 93.330130][ T6580] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 3e 07 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 93.330138][ T6580] RSP: 002b:00007ffca25590d8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 93.330150][ T6580] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6bcc3a931a
[ 93.330157][ T6580] RDX: 0000200000000180 RSI: 00002000000006c0 RDI: 0000000000000000
[ 93.330163][ T6580] RBP: 0000200000000180 R08: 00007ffca2559170 R09: 0000200000000080
[ 93.330170][ T6580] R10: 0000000001a4243c R11: 0000000000000206 R12: 00002000000006c0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6597 attached
, child_tidptr=0x555587b19650) = 6597
[pid 6597] set_robust_list(0x555587b19660, 24) = 0
[ 93.330177][ T6580] R13: 00007ffca2559170 R14: 0000000000000000 R15: 0000200000000700
[ 93.330186][ T6580]
[ 93.330192][ T6580] BTRFS error (device loop0 state A): Transaction aborted (error -12)
[ 93.330204][ T6580] BTRFS: error (device loop0 state A) in btrfs_add_to_free_space_tree:1035: errno=-12 Out of memory
[ 93.330214][ T6580] BTRFS info (device loop0 state EA): forced readonly
[ 93.330223][ T6580] BTRFS: error (device loop0 state EA) in do_free_extent_accounting:3005: errno=-12 Out of memory
[pid 6597] chdir("./44") = 0
[pid 6597] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 6597] setpgid(0, 0) = 0
[pid 6597] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 6597] write(3, "1000", 4) = 4
[pid 6597] close(3) = 0
[pid 6597] symlink("/dev/binderfs", "./binderfs") = 0
[pid 6597] write(1, "executing program\n", 18executing program
) = 18
[pid 6597] memfd_create("syzkaller", 0) = 3
[pid 6597] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6bc3f59000
[ 93.330237][ T6580] BTRFS error (device loop0 state EA): failed to run delayed ref for logical 5394432 num_bytes 4096 type 176 action 2 ref_mod 1: -12
[ 93.330259][ T6580] BTRFS: error (device loop0 state EA) in btrfs_run_delayed_refs:2161: errno=-12 Out of memory
[ 93.330295][ T6580] BTRFS error (device loop0 state EMA): remounting read-write after error is not allowed
[ 93.567763][ T5833] BTRFS info (device loop0 state EA): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[pid 6597] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 6597] munmap(0x7f6bc3f59000, 138412032) = 0
[pid 6597] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 6597] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 6597] close(3) = 0
[pid 6597] close(4) = 0
[pid 6597] mkdir("./file0", 0777) = 0
[ 94.023497][ T6597] loop0: detected capacity change from 0 to 32768
[ 94.056727][ T6597] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor410 (6597)
[ 94.060436][ T6597] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 94.060496][ T6597] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[ 94.060549][ T6597] BTRFS info (device loop0): using free-space-tree
[pid 6597] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,metadata_ratio=0x0000000000000000,ssd_spread,") = 0
[pid 6597] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 6597] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid 6597] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[ 94.128455][ T6597] BTRFS info (device loop0): rebuilding free space tree
[pid 6597] chdir("./file0") = 0
[pid 6597] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 4
[pid 6597] ioctl(4, IMADDTIMER, 0x200000001b00) = 0
[pid 6597] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 6597] write(5, "31", 2) = 2
[pid 6597] mkdir(".", 0777) = -1 EEXIST (File exists)
[pid 6597] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument)
[pid 6597] exit_group(0) = ?
[pid 6597] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6597, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=9 /* 0.09 s */} ---
[ 94.195696][ T13] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555587b1a6f0 /* 4 entries */, 32768) = 112
[ 94.246234][ T6597] FAULT_INJECTION: forcing a failure.
[ 94.246234][ T6597] name failslab, interval 1, probability 0, space 0, times 0
[ 94.246257][ T6597] CPU: 1 UID: 0 PID: 6597 Comm: syz-executor410 Tainted: G W 6.17.0-rc1-syzkaller-00214-g99bade344cfa #0 PREEMPT_{RT,(full)}
[ 94.246280][ T6597] Tainted: [W]=WARN
[ 94.246283][ T6597] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 94.246289][ T6597] Call Trace:
[ 94.246293][ T6597]
[ 94.246297][ T6597] dump_stack_lvl+0x189/0x250
[ 94.246315][ T6597] ? __pfx____ratelimit+0x10/0x10
[ 94.246327][ T6597] ? __pfx_dump_stack_lvl+0x10/0x10
[ 94.246339][ T6597] ? __pfx__printk+0x10/0x10
[ 94.246349][ T6597] ? fs_reclaim_acquire+0x7d/0x100
[ 94.246358][ T6597] ? rcu_is_watching+0x15/0xb0
[ 94.246371][ T6597] ? __pfx___might_resched+0x10/0x10
[ 94.246381][ T6597] ? lock_acquire+0x5f/0x360
[ 94.246392][ T6597] should_fail_ex+0x46c/0x600
[ 94.246405][ T6597] ? btrfs_add_to_free_space_tree+0xde/0x5b0
umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./44/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
[ 94.246417][ T6597] should_failslab+0xa8/0x100
[ 94.246430][ T6597] ? btrfs_add_to_free_space_tree+0xde/0x5b0
[ 94.246440][ T6597] kmem_cache_alloc_noprof+0x6e/0x310
[ 94.246453][ T6597] btrfs_add_to_free_space_tree+0xde/0x5b0
[ 94.246465][ T6597] __btrfs_free_extent+0x167b/0x4250
[ 94.246479][ T6597] ? __pfx___btrfs_free_extent+0x10/0x10
[ 94.246488][ T6597] ? migrate_disable+0x160/0x190
[ 94.246499][ T6597] ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 94.246509][ T6597] ? lock_release+0x4b/0x3e0
[ 94.246519][ T6597] ? __btrfs_run_delayed_refs+0x33e8/0x4150
umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555587b22730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555587b22730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./44/file0") = 0
[ 94.246534][ T6597] __btrfs_run_delayed_refs+0xe7f/0x4150
[ 94.246550][ T6597] ? is_bpf_text_address+0x26/0x2b0
[ 94.246566][ T6597] ? is_bpf_text_address+0x292/0x2b0
[ 94.246577][ T6597] ? __pfx___btrfs_run_delayed_refs+0x10/0x10
[ 94.246591][ T6597] ? try_to_take_rt_mutex+0x840/0xb00
[ 94.246600][ T6597] ? unwind_get_return_address+0x4d/0x90
[ 94.246613][ T6597] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 94.246623][ T6597] ? arch_stack_walk+0xfc/0x150
[ 94.246637][ T6597] ? rtlock_slowlock_locked+0xd8/0x4010
umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./44/binderfs") = 0
getdents64(3, 0x555587b1a6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./44") = 0
[ 94.246646][ T6597] ? stack_trace_save+0x9c/0xe0
[ 94.246655][ T6597] ? __pfx_stack_trace_save+0x10/0x10
[ 94.246665][ T6597] ? stack_depot_save_flags+0x40/0x860
[ 94.246676][ T6597] ? btrfs_commit_transaction+0x161/0x3950
[ 94.246689][ T6597] ? rcu_is_watching+0x15/0xb0
[ 94.246701][ T6597] ? lock_acquire+0x5f/0x360
[ 94.246711][ T6597] ? rcu_is_watching+0x15/0xb0
[ 94.246724][ T6597] btrfs_run_delayed_refs+0xe6/0x3b0
[ 94.246737][ T6597] btrfs_commit_transaction+0x269/0x3950
mkdir("./45", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
[ 94.246749][ T6597] ? rcu_is_watching+0x15/0xb0
[ 94.246761][ T6597] ? btrfs_commit_transaction+0x161/0x3950
[ 94.246772][ T6597] ? lock_acquire+0x5f/0x360
[ 94.246783][ T6597] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 94.246794][ T6597] ? rt_mutex_slowunlock+0x493/0x8a0
[ 94.246803][ T6597] ? migrate_disable+0xd5/0x190
[ 94.246814][ T6597] ? join_transaction+0x41b/0xca0
[ 94.246824][ T6597] ? rcu_is_watching+0x15/0xb0
[ 94.246836][ T6597] ? lock_acquire+0x5f/0x360
[ 94.246847][ T6597] ? __pfx_btrfs_commit_transaction+0x10/0x10
[ 94.246859][ T6597] ? join_transaction+0x41b/0xca0
[ 94.246871][ T6597] ? btrfs_record_root_in_trans+0x91/0x180
[ 94.246883][ T6597] ? start_transaction+0x439/0x1620
[ 94.246896][ T6597] ? btrfs_attach_transaction_barrier+0x32/0xa0
[ 94.246907][ T6597] ? btrfs_sync_fs+0x1b2/0x6a0
[ 94.246919][ T6597] sync_filesystem+0x1ce/0x250
[ 94.246933][ T6597] btrfs_reconfigure+0x2fa/0x2160
[ 94.246944][ T6597] ? __pfx_list_lru_walk_node+0x10/0x10
[ 94.246958][ T6597] ? __pfx_btrfs_reconfigure+0x10/0x10
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6614 attached
[ 94.246967][ T6597] ? __pfx_shrink_dcache_sb+0x10/0x10
[ 94.246981][ T6597] ? rcu_is_watching+0x15/0xb0
[ 94.246995][ T6597] reconfigure_super+0x224/0x890
[ 94.247007][ T6597] path_mount+0xd18/0xfe0
[ 94.247023][ T6597] __se_sys_mount+0x317/0x410
[ 94.247036][ T6597] ? __pfx___se_sys_mount+0x10/0x10
[ 94.247047][ T6597] ? rcu_is_watching+0x15/0xb0
[ 94.247060][ T6597] ? __x64_sys_mount+0x20/0xc0
[ 94.247072][ T6597] do_syscall_64+0xfa/0x3b0
[ 94.247083][ T6597] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
, child_tidptr=0x555587b19650) = 6614
[pid 6614] set_robust_list(0x555587b19660, 24) = 0
[pid 6614] chdir("./45") = 0
[pid 6614] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 6614] setpgid(0, 0) = 0
[pid 6614] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 6614] write(3, "1000", 4) = 4
[pid 6614] close(3) = 0
[ 94.247092][ T6597] ? clear_bhb_loop+0x60/0xb0
[ 94.247101][ T6597] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 94.247111][ T6597] RIP: 0033:0x7f6bcc3a931a
[ 94.247120][ T6597] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 3e 07 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 94.247128][ T6597] RSP: 002b:00007ffca25590d8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 94.247140][ T6597] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6bcc3a931a
[pid 6614] symlink("/dev/binderfs", "./binderfs") = 0
[pid 6614] write(1, "executing program\n", 18executing program
) = 18
[pid 6614] memfd_create("syzkaller", 0) = 3
[pid 6614] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6bc3f59000
[ 94.247146][ T6597] RDX: 0000200000000180 RSI: 00002000000006c0 RDI: 0000000000000000
[ 94.247153][ T6597] RBP: 0000200000000180 R08: 00007ffca2559170 R09: 0000200000000080
[ 94.247159][ T6597] R10: 0000000001a4243c R11: 0000000000000206 R12: 00002000000006c0
[ 94.247166][ T6597] R13: 00007ffca2559170 R14: 0000000000000000 R15: 0000200000000700
[ 94.247175][ T6597]
[ 94.247319][ T6597] BTRFS error (device loop0 state A): Transaction aborted (error -12)
[ 94.247332][ T6597] BTRFS: error (device loop0 state A) in btrfs_add_to_free_space_tree:1035: errno=-12 Out of memory
[ 94.247345][ T6597] BTRFS info (device loop0 state EA): forced readonly
[ 94.247353][ T6597] BTRFS: error (device loop0 state EA) in do_free_extent_accounting:3005: errno=-12 Out of memory
[ 94.247368][ T6597] BTRFS error (device loop0 state EA): failed to run delayed ref for logical 5394432 num_bytes 4096 type 176 action 2 ref_mod 1: -12
[ 94.247390][ T6597] BTRFS: error (device loop0 state EA) in btrfs_run_delayed_refs:2161: errno=-12 Out of memory
[ 94.247455][ T6597] BTRFS error (device loop0 state EMA): remounting read-write after error is not allowed
[ 94.327861][ T5833] BTRFS info (device loop0 state EA): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[pid 6614] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 6614] munmap(0x7f6bc3f59000, 138412032) = 0
[pid 6614] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 6614] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 6614] close(3) = 0
[pid 6614] close(4) = 0
[pid 6614] mkdir("./file0", 0777) = 0
[ 94.888249][ T6614] loop0: detected capacity change from 0 to 32768
[ 94.915891][ T6614] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor410 (6614)
[pid 6614] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,metadata_ratio=0x0000000000000000,ssd_spread,") = 0
[pid 6614] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 6614] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[ 94.919811][ T6614] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 94.919871][ T6614] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[ 94.919926][ T6614] BTRFS info (device loop0): using free-space-tree
[ 94.980606][ T6614] BTRFS info (device loop0): rebuilding free space tree
[pid 6614] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 6614] chdir("./file0") = 0
[pid 6614] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 4
[pid 6614] ioctl(4, IMADDTIMER, 0x200000001b00) = 0
[pid 6614] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 6614] write(5, "31", 2) = 2
[pid 6614] mkdir(".", 0777) = -1 EEXIST (File exists)
[pid 6614] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = 0
[pid 6614] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 6
[pid 6614] exit_group(0) = ?
[pid 6614] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6614, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=12 /* 0.12 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555587b1a6f0 /* 4 entries */, 32768) = 112
[ 95.038430][ T13] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 95.039115][ T6614] FAULT_INJECTION: forcing a failure.
[ 95.039115][ T6614] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 95.039136][ T6614] CPU: 0 UID: 0 PID: 6614 Comm: syz-executor410 Tainted: G W 6.17.0-rc1-syzkaller-00214-g99bade344cfa #0 PREEMPT_{RT,(full)}
[ 95.039152][ T6614] Tainted: [W]=WARN
[ 95.039155][ T6614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 95.039161][ T6614] Call Trace:
[ 95.039165][ T6614]
[ 95.039169][ T6614] dump_stack_lvl+0x189/0x250
[ 95.039195][ T6614] ? __pfx____ratelimit+0x10/0x10
[ 95.039208][ T6614] ? __pfx_dump_stack_lvl+0x10/0x10
[ 95.039219][ T6614] ? __pfx__printk+0x10/0x10
[ 95.039230][ T6614] ? lock_acquire+0x5f/0x360
[ 95.039243][ T6614] should_fail_ex+0x46c/0x600
[ 95.039256][ T6614] prepare_alloc_pages+0x213/0x670
[ 95.039267][ T6614] __alloc_frozen_pages_noprof+0x123/0x370
[ 95.039277][ T6614] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 95.039288][ T6614] ? policy_nodemask+0x27c/0x720
[ 95.039300][ T6614] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 95.039311][ T6614] ? rtlock_slowlock_locked+0xd8/0x4010
[ 95.039321][ T6614] alloc_pages_mpol+0xd1/0x380
[ 95.039333][ T6614] vma_alloc_folio_noprof+0xe4/0x280
[ 95.039345][ T6614] ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[ 95.039357][ T6614] ? rcu_is_watching+0x15/0xb0
[ 95.039370][ T6614] ? lock_release+0x4b/0x3e0
[ 95.039382][ T6614] folio_prealloc+0x30/0x180
umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./45/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[ 95.039390][ T6614] do_wp_page+0x11ee/0x4910
[ 95.039410][ T6614] ? __pfx_do_wp_page+0x10/0x10
[ 95.039421][ T6614] ? rt_spin_lock+0x223/0x2c0
[ 95.039429][ T6614] ? __pfx_rt_spin_lock+0x10/0x10
[ 95.039437][ T6614] ? ___pte_offset_map+0x45/0x200
[ 95.039450][ T6614] ? pte_offset_map_rw_nolock+0xea/0x160
[ 95.039462][ T6614] handle_mm_fault+0x97c/0x3400
[ 95.039475][ T6614] ? handle_mm_fault+0xdb/0x3400
[ 95.039487][ T6614] ? mas_walk+0x232/0x2e0
[ 95.039497][ T6614] ? __pfx_handle_mm_fault+0x10/0x10
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555587b22730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555587b22730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./45/file0") = 0
umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./45/binderfs") = 0
[ 95.039508][ T6614] ? lock_vma_under_rcu+0x35a/0x3d0
[ 95.039517][ T6614] ? lock_vma_under_rcu+0xdf/0x3d0
[ 95.039527][ T6614] ? __pfx_ptrace_notify+0x10/0x10
[ 95.039538][ T6614] ? rcu_is_watching+0x15/0xb0
[ 95.039551][ T6614] do_user_addr_fault+0xa81/0x1390
[ 95.039564][ T6614] ? rcu_is_watching+0x15/0xb0
[ 95.039576][ T6614] ? trace_page_fault_user+0x84/0x1e0
[ 95.039586][ T6614] exc_page_fault+0x76/0xf0
[ 95.039598][ T6614] asm_exc_page_fault+0x26/0x30
[ 95.039607][ T6614] RIP: 0033:0x7f6bcc373680
getdents64(3, 0x555587b1a6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./45") = 0
mkdir("./46", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
[ 95.039616][ T6614] Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d 6d 99 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 0f b1 15 a0 ca 0a 00 0f 85 0f 02 00 00 4c 8d 25 93 ca 0a 00 4c
[ 95.039624][ T6614] RSP: 002b:00007ffca2559250 EFLAGS: 00010246
[ 95.039634][ T6614] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
[ 95.039640][ T6614] RDX: 0000000000000001 RSI: 00007f6bcc41d188 RDI: 0000000000000000
[ 95.039646][ T6614] RBP: 00007f6bcc41d188 R08: 00007ffca2559170 R09: 0000200000000080
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6631 attached
, child_tidptr=0x555587b19650) = 6631
[pid 6631] set_robust_list(0x555587b19660, 24) = 0
[ 95.039653][ T6614] R10: 0000000000000000 R11: 0000000000000202 R12: 0000200000000700
[ 95.039659][ T6614] R13: 000000000000002d R14: 431bde82d7b634db R15: 00007ffca2559310
[ 95.039669][ T6614]
[ 95.039923][ T6614] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[ 95.192369][ T5833] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[pid 6631] chdir("./46") = 0
[pid 6631] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 6631] setpgid(0, 0) = 0
[pid 6631] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 6631] write(3, "1000", 4) = 4
[pid 6631] close(3) = 0
[pid 6631] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 6631] write(1, "executing program\n", 18) = 18
[pid 6631] memfd_create("syzkaller", 0) = 3
[pid 6631] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6bc3f59000
[pid 6631] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 6631] munmap(0x7f6bc3f59000, 138412032) = 0
[pid 6631] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 6631] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 6631] close(3) = 0
[pid 6631] close(4) = 0
[pid 6631] mkdir("./file0", 0777) = 0
[ 95.621817][ T6631] loop0: detected capacity change from 0 to 32768
[ 95.645362][ T6631] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor410 (6631)
[ 95.663403][ T6631] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 95.663466][ T6631] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[ 95.663521][ T6631] BTRFS info (device loop0): using free-space-tree
[pid 6631] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,metadata_ratio=0x0000000000000000,ssd_spread,") = 0
[pid 6631] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 6631] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[ 95.743496][ T6631] BTRFS info (device loop0): rebuilding free space tree
[pid 6631] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 6631] chdir("./file0") = 0
[pid 6631] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 4
[pid 6631] ioctl(4, IMADDTIMER, 0x200000001b00) = 0
[pid 6631] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 6631] write(5, "31", 2) = 2
[pid 6631] mkdir(".", 0777) = -1 EEXIST (File exists)
[ 95.816128][ T1901] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[pid 6631] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument)
[pid 6631] exit_group(0) = ?
[pid 6631] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6631, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=11 /* 0.11 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
[ 95.865132][ T6631] FAULT_INJECTION: forcing a failure.
[ 95.865132][ T6631] name failslab, interval 1, probability 0, space 0, times 0
[ 95.865156][ T6631] CPU: 1 UID: 0 PID: 6631 Comm: syz-executor410 Tainted: G W 6.17.0-rc1-syzkaller-00214-g99bade344cfa #0 PREEMPT_{RT,(full)}
[ 95.865173][ T6631] Tainted: [W]=WARN
[ 95.865179][ T6631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 95.865185][ T6631] Call Trace:
[ 95.865189][ T6631]
umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555587b1a6f0 /* 4 entries */, 32768) = 112
[ 95.865194][ T6631] dump_stack_lvl+0x189/0x250
[ 95.865215][ T6631] ? __pfx____ratelimit+0x10/0x10
[ 95.865232][ T6631] ? __pfx_dump_stack_lvl+0x10/0x10
[ 95.865244][ T6631] ? __pfx__printk+0x10/0x10
[ 95.865254][ T6631] ? fs_reclaim_acquire+0x7d/0x100
[ 95.865263][ T6631] ? rcu_is_watching+0x15/0xb0
[ 95.865276][ T6631] ? __pfx___might_resched+0x10/0x10
[ 95.865286][ T6631] ? lock_acquire+0x5f/0x360
[ 95.865297][ T6631] should_fail_ex+0x46c/0x600
[ 95.865310][ T6631] ? btrfs_add_to_free_space_tree+0xde/0x5b0
umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./46/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555587b22730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555587b22730 /* 0 entries */, 32768) = 0
close(4) = 0
[ 95.865322][ T6631] should_failslab+0xa8/0x100
[ 95.865343][ T6631] ? btrfs_add_to_free_space_tree+0xde/0x5b0
[ 95.865353][ T6631] kmem_cache_alloc_noprof+0x6e/0x310
[ 95.865366][ T6631] btrfs_add_to_free_space_tree+0xde/0x5b0
[ 95.865378][ T6631] __btrfs_free_extent+0x167b/0x4250
[ 95.865392][ T6631] ? __pfx___btrfs_free_extent+0x10/0x10
[ 95.865405][ T6631] ? migrate_disable+0x160/0x190
[ 95.865416][ T6631] ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 95.865426][ T6631] ? lock_release+0x4b/0x3e0
rmdir("./46/file0") = 0
umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./46/binderfs") = 0
getdents64(3, 0x555587b1a6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./46") = 0
[ 95.865442][ T6631] ? __btrfs_run_delayed_refs+0x33e8/0x4150
[ 95.865457][ T6631] __btrfs_run_delayed_refs+0xe7f/0x4150
[ 95.865473][ T6631] ? is_bpf_text_address+0x26/0x2b0
[ 95.865488][ T6631] ? is_bpf_text_address+0x292/0x2b0
[ 95.865500][ T6631] ? __pfx___btrfs_run_delayed_refs+0x10/0x10
[ 95.865526][ T6631] ? try_to_take_rt_mutex+0x840/0xb00
[ 95.865535][ T6631] ? unwind_get_return_address+0x4d/0x90
[ 95.865547][ T6631] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 95.865557][ T6631] ? arch_stack_walk+0xfc/0x150
mkdir("./47", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
[ 95.865571][ T6631] ? rtlock_slowlock_locked+0xd8/0x4010
[ 95.865581][ T6631] ? stack_trace_save+0x9c/0xe0
[ 95.865593][ T6631] ? __pfx_stack_trace_save+0x10/0x10
[ 95.865603][ T6631] ? stack_depot_save_flags+0x40/0x860
[ 95.865615][ T6631] ? btrfs_commit_transaction+0x161/0x3950
[ 95.865627][ T6631] ? rcu_is_watching+0x15/0xb0
[ 95.865640][ T6631] ? lock_acquire+0x5f/0x360
[ 95.865655][ T6631] ? rcu_is_watching+0x15/0xb0
[ 95.865668][ T6631] btrfs_run_delayed_refs+0xe6/0x3b0
[ 95.865684][ T6631] btrfs_commit_transaction+0x269/0x3950
[ 95.865698][ T6631] ? rcu_is_watching+0x15/0xb0
[ 95.865710][ T6631] ? btrfs_commit_transaction+0x161/0x3950
[ 95.865722][ T6631] ? lock_acquire+0x5f/0x360
[ 95.865732][ T6631] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 95.865744][ T6631] ? rt_mutex_slowunlock+0x493/0x8a0
[ 95.865753][ T6631] ? migrate_disable+0xd5/0x190
[ 95.865766][ T6631] ? join_transaction+0x41b/0xca0
[ 95.865777][ T6631] ? rcu_is_watching+0x15/0xb0
[ 95.865789][ T6631] ? lock_acquire+0x5f/0x360
[ 95.865805][ T6631] ? __pfx_btrfs_commit_transaction+0x10/0x10
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6648 attached
, child_tidptr=0x555587b19650) = 6648
[pid 6648] set_robust_list(0x555587b19660, 24) = 0
[pid 6648] chdir("./47") = 0
[ 95.865820][ T6631] ? join_transaction+0x41b/0xca0
[ 95.865839][ T6631] ? btrfs_record_root_in_trans+0x91/0x180
[ 95.865853][ T6631] ? start_transaction+0x439/0x1620
[ 95.865867][ T6631] ? btrfs_attach_transaction_barrier+0x32/0xa0
[ 95.865877][ T6631] ? btrfs_sync_fs+0x1b2/0x6a0
[ 95.865895][ T6631] sync_filesystem+0x1ce/0x250
[ 95.865910][ T6631] btrfs_reconfigure+0x2fa/0x2160
[ 95.865921][ T6631] ? __pfx_list_lru_walk_node+0x10/0x10
[ 95.865951][ T6631] ? __pfx_btrfs_reconfigure+0x10/0x10
[pid 6648] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 6648] setpgid(0, 0) = 0
[pid 6648] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 6648] write(3, "1000", 4) = 4
[pid 6648] close(3) = 0
[pid 6648] symlink("/dev/binderfs", "./binderfs") = 0
[pid 6648] write(1, "executing program\n", 18executing program
) = 18
[ 95.865960][ T6631] ? __pfx_shrink_dcache_sb+0x10/0x10
[ 95.865975][ T6631] ? rcu_is_watching+0x15/0xb0
[ 95.865988][ T6631] reconfigure_super+0x224/0x890
[ 95.866001][ T6631] path_mount+0xd18/0xfe0
[ 95.866015][ T6631] __se_sys_mount+0x317/0x410
[ 95.866027][ T6631] ? __pfx___se_sys_mount+0x10/0x10
[ 95.866039][ T6631] ? rcu_is_watching+0x15/0xb0
[ 95.866051][ T6631] ? __x64_sys_mount+0x20/0xc0
[ 95.866063][ T6631] do_syscall_64+0xfa/0x3b0
[ 95.866075][ T6631] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[pid 6648] memfd_create("syzkaller", 0) = 3
[pid 6648] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6bc3f59000
[ 95.866086][ T6631] ? clear_bhb_loop+0x60/0xb0
[ 95.866097][ T6631] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 95.866106][ T6631] RIP: 0033:0x7f6bcc3a931a
[ 95.866115][ T6631] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 3e 07 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 95.866123][ T6631] RSP: 002b:00007ffca25590d8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 95.866135][ T6631] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6bcc3a931a
[ 95.866142][ T6631] RDX: 0000200000000180 RSI: 00002000000006c0 RDI: 0000000000000000
[ 95.866149][ T6631] RBP: 0000200000000180 R08: 00007ffca2559170 R09: 0000200000000080
[ 95.866155][ T6631] R10: 0000000001a4243c R11: 0000000000000206 R12: 00002000000006c0
[ 95.866162][ T6631] R13: 00007ffca2559170 R14: 0000000000000000 R15: 0000200000000700
[ 95.866176][ T6631]
[ 95.866332][ T6631] BTRFS error (device loop0 state A): Transaction aborted (error -12)
[ 95.866359][ T6631] BTRFS: error (device loop0 state A) in btrfs_add_to_free_space_tree:1035: errno=-12 Out of memory
[ 95.866377][ T6631] BTRFS info (device loop0 state EA): forced readonly
[ 95.866395][ T6631] BTRFS: error (device loop0 state EA) in do_free_extent_accounting:3005: errno=-12 Out of memory
[ 95.866425][ T6631] BTRFS error (device loop0 state EA): failed to run delayed ref for logical 5394432 num_bytes 4096 type 176 action 2 ref_mod 1: -12
[ 95.866468][ T6631] BTRFS: error (device loop0 state EA) in btrfs_run_delayed_refs:2161: errno=-12 Out of memory
[pid 6648] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 6648] munmap(0x7f6bc3f59000, 138412032) = 0
[pid 6648] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 6648] ioctl(4, LOOP_SET_FD, 3) = 0
[ 95.866505][ T6631] BTRFS error (device loop0 state EMA): remounting read-write after error is not allowed
[ 95.959712][ T5833] BTRFS info (device loop0 state EA): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[pid 6648] close(3) = 0
[pid 6648] close(4) = 0
[pid 6648] mkdir("./file0", 0777) = 0
[ 96.462747][ T6648] loop0: detected capacity change from 0 to 32768
[ 96.488850][ T6648] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor410 (6648)
[ 96.503677][ T6648] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 96.503741][ T6648] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[ 96.503796][ T6648] BTRFS info (device loop0): using free-space-tree
[pid 6648] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,metadata_ratio=0x0000000000000000,ssd_spread,") = 0
[pid 6648] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 6648] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid 6648] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 6648] chdir("./file0") = 0
[pid 6648] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 4
[ 96.558969][ T6648] BTRFS info (device loop0): rebuilding free space tree
[pid 6648] ioctl(4, IMADDTIMER, 0x200000001b00) = 0
[pid 6648] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 6648] write(5, "31", 2) = 2
[pid 6648] mkdir(".", 0777) = -1 EEXIST (File exists)
[ 96.607464][ T12] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[pid 6648] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument)
[pid 6648] exit_group(0) = ?
[pid 6648] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6648, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=15 /* 0.15 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
[ 96.667254][ T6648] FAULT_INJECTION: forcing a failure.
[ 96.667254][ T6648] name failslab, interval 1, probability 0, space 0, times 0
[ 96.667277][ T6648] CPU: 1 UID: 0 PID: 6648 Comm: syz-executor410 Tainted: G W 6.17.0-rc1-syzkaller-00214-g99bade344cfa #0 PREEMPT_{RT,(full)}
[ 96.667292][ T6648] Tainted: [W]=WARN
[ 96.667296][ T6648] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 96.667302][ T6648] Call Trace:
[ 96.667306][ T6648]
umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555587b1a6f0 /* 4 entries */, 32768) = 112
[ 96.667310][ T6648] dump_stack_lvl+0x189/0x250
[ 96.667328][ T6648] ? __pfx____ratelimit+0x10/0x10
[ 96.667341][ T6648] ? __pfx_dump_stack_lvl+0x10/0x10
[ 96.667353][ T6648] ? __pfx__printk+0x10/0x10
[ 96.667364][ T6648] ? __pfx___might_resched+0x10/0x10
[ 96.667374][ T6648] ? lock_acquire+0x5f/0x360
[ 96.667386][ T6648] should_fail_ex+0x46c/0x600
[ 96.667398][ T6648] ? __btrfs_free_extent+0x2f9/0x4250
[ 96.667409][ T6648] should_failslab+0xa8/0x100
[ 96.667422][ T6648] ? __btrfs_free_extent+0x2f9/0x4250
[ 96.667431][ T6648] kmem_cache_alloc_noprof+0x6e/0x310
[ 96.667444][ T6648] __btrfs_free_extent+0x2f9/0x4250
[ 96.667457][ T6648] ? rt_mutex_slowunlock+0x493/0x8a0
[ 96.667465][ T6648] ? __pfx___btrfs_free_extent+0x10/0x10
[ 96.667475][ T6648] ? __pfx_migrate_enable+0x10/0x10
[ 96.667486][ T6648] ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 96.667495][ T6648] ? lock_release+0x4b/0x3e0
[ 96.667505][ T6648] ? __btrfs_run_delayed_refs+0x33e8/0x4150
[ 96.667520][ T6648] __btrfs_run_delayed_refs+0xe7f/0x4150
[ 96.667536][ T6648] ? is_bpf_text_address+0x26/0x2b0
umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./47/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[ 96.667552][ T6648] ? is_bpf_text_address+0x292/0x2b0
[ 96.667564][ T6648] ? __pfx___btrfs_run_delayed_refs+0x10/0x10
[ 96.667578][ T6648] ? try_to_take_rt_mutex+0x840/0xb00
[ 96.667587][ T6648] ? unwind_get_return_address+0x4d/0x90
[ 96.667599][ T6648] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 96.667610][ T6648] ? arch_stack_walk+0xfc/0x150
[ 96.667624][ T6648] ? rtlock_slowlock_locked+0xd8/0x4010
[ 96.667634][ T6648] ? stack_trace_save+0x9c/0xe0
[ 96.667643][ T6648] ? __pfx_stack_trace_save+0x10/0x10
getdents64(4, 0x555587b22730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555587b22730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./47/file0") = 0
umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 96.667652][ T6648] ? stack_depot_save_flags+0x40/0x860
[ 96.667663][ T6648] ? btrfs_commit_transaction+0x161/0x3950
[ 96.667675][ T6648] ? rcu_is_watching+0x15/0xb0
[ 96.667688][ T6648] ? lock_acquire+0x5f/0x360
[ 96.667698][ T6648] ? rcu_is_watching+0x15/0xb0
[ 96.667711][ T6648] btrfs_run_delayed_refs+0xe6/0x3b0
[ 96.667724][ T6648] btrfs_commit_transaction+0x269/0x3950
[ 96.667736][ T6648] ? rcu_is_watching+0x15/0xb0
[ 96.667748][ T6648] ? btrfs_commit_transaction+0x161/0x3950
newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./47/binderfs") = 0
getdents64(3, 0x555587b1a6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./47") = 0
[ 96.667759][ T6648] ? lock_acquire+0x5f/0x360
[ 96.667770][ T6648] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 96.667781][ T6648] ? rt_mutex_slowunlock+0x493/0x8a0
[ 96.667790][ T6648] ? migrate_disable+0xd5/0x190
[ 96.667800][ T6648] ? join_transaction+0x41b/0xca0
[ 96.667811][ T6648] ? rcu_is_watching+0x15/0xb0
[ 96.667823][ T6648] ? lock_acquire+0x5f/0x360
[ 96.667834][ T6648] ? __pfx_btrfs_commit_transaction+0x10/0x10
[ 96.667853][ T6648] ? join_transaction+0x41b/0xca0
[ 96.667866][ T6648] ? btrfs_record_root_in_trans+0x91/0x180
mkdir("./48", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
[ 96.667877][ T6648] ? start_transaction+0x439/0x1620
[ 96.667891][ T6648] ? btrfs_attach_transaction_barrier+0x32/0xa0
[ 96.667902][ T6648] ? btrfs_sync_fs+0x1b2/0x6a0
[ 96.667916][ T6648] sync_filesystem+0x1ce/0x250
[ 96.667930][ T6648] btrfs_reconfigure+0x2fa/0x2160
[ 96.667941][ T6648] ? __pfx_list_lru_walk_node+0x10/0x10
[ 96.667954][ T6648] ? __pfx_btrfs_reconfigure+0x10/0x10
[ 96.667963][ T6648] ? __pfx_shrink_dcache_sb+0x10/0x10
[ 96.667978][ T6648] ? rcu_is_watching+0x15/0xb0
[ 96.667991][ T6648] reconfigure_super+0x224/0x890
[ 96.668003][ T6648] path_mount+0xd18/0xfe0
[ 96.668017][ T6648] __se_sys_mount+0x317/0x410
[ 96.668030][ T6648] ? __pfx___se_sys_mount+0x10/0x10
[ 96.668041][ T6648] ? rcu_is_watching+0x15/0xb0
[ 96.668054][ T6648] ? __x64_sys_mount+0x20/0xc0
[ 96.668066][ T6648] do_syscall_64+0xfa/0x3b0
[ 96.668077][ T6648] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 96.668086][ T6648] ? clear_bhb_loop+0x60/0xb0
[ 96.668096][ T6648] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 96.668105][ T6648] RIP: 0033:0x7f6bcc3a931a
[ 96.668115][ T6648] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 3e 07 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 96.668123][ T6648] RSP: 002b:00007ffca25590d8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 96.668133][ T6648] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6bcc3a931a
[ 96.668141][ T6648] RDX: 0000200000000180 RSI: 00002000000006c0 RDI: 0000000000000000
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555587b19650) = 6666
./strace-static-x86_64: Process 6666 attached
[pid 6666] set_robust_list(0x555587b19660, 24) = 0
[ 96.668147][ T6648] RBP: 0000200000000180 R08: 00007ffca2559170 R09: 0000200000000080
[ 96.668154][ T6648] R10: 0000000001a4243c R11: 0000000000000206 R12: 00002000000006c0
[ 96.668160][ T6648] R13: 00007ffca2559170 R14: 0000000000000000 R15: 0000200000000700
[ 96.668170][ T6648]
[ 96.668176][ T6648] BTRFS error (device loop0): failed to run delayed ref for logical 5394432 num_bytes 4096 type 176 action 2 ref_mod 1: -12
[ 96.668198][ T6648] BTRFS error (device loop0 state A): Transaction aborted (error -12)
[pid 6666] chdir("./48") = 0
[pid 6666] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 6666] setpgid(0, 0) = 0
[pid 6666] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 6666] write(3, "1000", 4) = 4
[pid 6666] close(3) = 0
[pid 6666] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 6666] write(1, "executing program\n", 18) = 18
[pid 6666] memfd_create("syzkaller", 0) = 3
[ 96.668208][ T6648] BTRFS: error (device loop0 state A) in btrfs_run_delayed_refs:2161: errno=-12 Out of memory
[ 96.668219][ T6648] BTRFS info (device loop0 state EA): forced readonly
[ 96.668251][ T6648] BTRFS error (device loop0 state EMA): remounting read-write after error is not allowed
[ 96.799426][ T5833] BTRFS info (device loop0 state EA): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[pid 6666] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6bc3f59000
[pid 6666] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 6666] munmap(0x7f6bc3f59000, 138412032) = 0
[pid 6666] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 6666] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 6666] close(3) = 0
[pid 6666] close(4) = 0
[pid 6666] mkdir("./file0", 0777) = 0
[ 97.392372][ T6666] loop0: detected capacity change from 0 to 32768
[ 97.428087][ T6666] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor410 (6666)
[ 97.433756][ T6666] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 97.433818][ T6666] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[ 97.433873][ T6666] BTRFS info (device loop0): using free-space-tree
[pid 6666] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,metadata_ratio=0x0000000000000000,ssd_spread,") = 0
[pid 6666] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 6666] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[ 97.502746][ T6666] BTRFS info (device loop0): rebuilding free space tree
[pid 6666] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 6666] chdir("./file0") = 0
[pid 6666] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 4
[pid 6666] ioctl(4, IMADDTIMER, 0x200000001b00) = 0
[pid 6666] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[ 97.565285][ T12] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[pid 6666] write(5, "31", 2) = 2
[pid 6666] mkdir(".", 0777) = -1 EEXIST (File exists)
[pid 6666] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument)
[pid 6666] exit_group(0) = ?
[pid 6666] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6666, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=8 /* 0.08 s */} ---
umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555587b1a6f0 /* 4 entries */, 32768) = 112
[ 97.632976][ T6666] FAULT_INJECTION: forcing a failure.
[ 97.632976][ T6666] name failslab, interval 1, probability 0, space 0, times 0
[ 97.632999][ T6666] CPU: 0 UID: 0 PID: 6666 Comm: syz-executor410 Tainted: G W 6.17.0-rc1-syzkaller-00214-g99bade344cfa #0 PREEMPT_{RT,(full)}
[ 97.633014][ T6666] Tainted: [W]=WARN
[ 97.633018][ T6666] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 97.633024][ T6666] Call Trace:
[ 97.633027][ T6666]
[ 97.633031][ T6666] dump_stack_lvl+0x189/0x250
[ 97.633049][ T6666] ? __pfx____ratelimit+0x10/0x10
[ 97.633062][ T6666] ? __pfx_dump_stack_lvl+0x10/0x10
[ 97.633074][ T6666] ? __pfx__printk+0x10/0x10
[ 97.633084][ T6666] ? fs_reclaim_acquire+0x7d/0x100
[ 97.633093][ T6666] ? rcu_is_watching+0x15/0xb0
[ 97.633106][ T6666] ? __pfx___might_resched+0x10/0x10
[ 97.633116][ T6666] ? lock_acquire+0x5f/0x360
[ 97.633127][ T6666] should_fail_ex+0x46c/0x600
[ 97.633140][ T6666] ? btrfs_add_to_free_space_tree+0xde/0x5b0
[ 97.633152][ T6666] should_failslab+0xa8/0x100
[ 97.633164][ T6666] ? btrfs_add_to_free_space_tree+0xde/0x5b0
[ 97.633174][ T6666] kmem_cache_alloc_noprof+0x6e/0x310
[ 97.633188][ T6666] btrfs_add_to_free_space_tree+0xde/0x5b0
[ 97.633200][ T6666] __btrfs_free_extent+0x167b/0x4250
[ 97.633213][ T6666] ? __pfx___btrfs_free_extent+0x10/0x10
[ 97.633223][ T6666] ? migrate_disable+0x160/0x190
[ 97.633234][ T6666] ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 97.633243][ T6666] ? lock_release+0x4b/0x3e0
umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./48/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555587b22730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555587b22730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./48/file0") = 0
umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./48/binderfs") = 0
[ 97.633253][ T6666] ? __btrfs_run_delayed_refs+0x33e8/0x4150
[ 97.633268][ T6666] __btrfs_run_delayed_refs+0xe7f/0x4150
[ 97.633284][ T6666] ? is_bpf_text_address+0x26/0x2b0
[ 97.633299][ T6666] ? is_bpf_text_address+0x292/0x2b0
[ 97.633311][ T6666] ? __pfx___btrfs_run_delayed_refs+0x10/0x10
[ 97.633325][ T6666] ? try_to_take_rt_mutex+0x840/0xb00
[ 97.633334][ T6666] ? unwind_get_return_address+0x4d/0x90
[ 97.633346][ T6666] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 97.633356][ T6666] ? arch_stack_walk+0xfc/0x150
getdents64(3, 0x555587b1a6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./48") = 0
mkdir("./49", 0777) = 0
[ 97.633370][ T6666] ? rtlock_slowlock_locked+0xd8/0x4010
[ 97.633379][ T6666] ? stack_trace_save+0x9c/0xe0
[ 97.633388][ T6666] ? __pfx_stack_trace_save+0x10/0x10
[ 97.633397][ T6666] ? stack_depot_save_flags+0x40/0x860
[ 97.633409][ T6666] ? btrfs_commit_transaction+0x161/0x3950
[ 97.633421][ T6666] ? rcu_is_watching+0x15/0xb0
[ 97.633433][ T6666] ? lock_acquire+0x5f/0x360
[ 97.633443][ T6666] ? rcu_is_watching+0x15/0xb0
[ 97.633456][ T6666] btrfs_run_delayed_refs+0xe6/0x3b0
[ 97.633469][ T6666] btrfs_commit_transaction+0x269/0x3950
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
[ 97.633481][ T6666] ? rcu_is_watching+0x15/0xb0
[ 97.633493][ T6666] ? btrfs_commit_transaction+0x161/0x3950
[ 97.633504][ T6666] ? lock_acquire+0x5f/0x360
[ 97.633514][ T6666] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 97.633526][ T6666] ? rt_mutex_slowunlock+0x493/0x8a0
[ 97.633535][ T6666] ? migrate_disable+0xd5/0x190
[ 97.633545][ T6666] ? join_transaction+0x41b/0xca0
[ 97.633556][ T6666] ? rcu_is_watching+0x15/0xb0
[ 97.633568][ T6666] ? lock_acquire+0x5f/0x360
[ 97.633579][ T6666] ? __pfx_btrfs_commit_transaction+0x10/0x10
[ 97.633591][ T6666] ? join_transaction+0x41b/0xca0
[ 97.633603][ T6666] ? btrfs_record_root_in_trans+0x91/0x180
[ 97.633614][ T6666] ? start_transaction+0x439/0x1620
[ 97.633628][ T6666] ? btrfs_attach_transaction_barrier+0x32/0xa0
[ 97.633639][ T6666] ? btrfs_sync_fs+0x1b2/0x6a0
[ 97.633651][ T6666] sync_filesystem+0x1ce/0x250
[ 97.633664][ T6666] btrfs_reconfigure+0x2fa/0x2160
[ 97.633675][ T6666] ? __pfx_list_lru_walk_node+0x10/0x10
[ 97.633688][ T6666] ? __pfx_btrfs_reconfigure+0x10/0x10
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555587b19650) = 6684
./strace-static-x86_64: Process 6684 attached
[pid 6684] set_robust_list(0x555587b19660, 24) = 0
[pid 6684] chdir("./49") = 0
[pid 6684] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 6684] setpgid(0, 0) = 0
[pid 6684] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 6684] write(3, "1000", 4) = 4
[pid 6684] close(3) = 0
[pid 6684] symlink("/dev/binderfs", "./binderfs") = 0
[ 97.633697][ T6666] ? __pfx_shrink_dcache_sb+0x10/0x10
[ 97.633718][ T6666] ? rcu_is_watching+0x15/0xb0
[ 97.633731][ T6666] reconfigure_super+0x224/0x890
[ 97.633743][ T6666] path_mount+0xd18/0xfe0
[ 97.633757][ T6666] __se_sys_mount+0x317/0x410
[ 97.633770][ T6666] ? __pfx___se_sys_mount+0x10/0x10
[ 97.633781][ T6666] ? rcu_is_watching+0x15/0xb0
[ 97.633795][ T6666] ? __x64_sys_mount+0x20/0xc0
[ 97.633807][ T6666] do_syscall_64+0xfa/0x3b0
[ 97.633818][ T6666] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[pid 6684] write(1, "executing program\n", 18executing program
) = 18
[pid 6684] memfd_create("syzkaller", 0) = 3
[pid 6684] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6bc3f59000
[ 97.633827][ T6666] ? clear_bhb_loop+0x60/0xb0
[ 97.633837][ T6666] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 97.633846][ T6666] RIP: 0033:0x7f6bcc3a931a
[ 97.633856][ T6666] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 3e 07 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 97.633864][ T6666] RSP: 002b:00007ffca25590d8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 97.633875][ T6666] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6bcc3a931a
[ 97.633882][ T6666] RDX: 0000200000000180 RSI: 00002000000006c0 RDI: 0000000000000000
[ 97.633889][ T6666] RBP: 0000200000000180 R08: 00007ffca2559170 R09: 0000200000000080
[ 97.633896][ T6666] R10: 0000000001a4243c R11: 0000000000000206 R12: 00002000000006c0
[ 97.633902][ T6666] R13: 00007ffca2559170 R14: 0000000000000000 R15: 0000200000000700
[ 97.633912][ T6666]
[ 97.633917][ T6666] BTRFS error (device loop0 state A): Transaction aborted (error -12)
[ 97.633929][ T6666] BTRFS: error (device loop0 state A) in btrfs_add_to_free_space_tree:1035: errno=-12 Out of memory
[ 97.633939][ T6666] BTRFS info (device loop0 state EA): forced readonly
[ 97.633948][ T6666] BTRFS: error (device loop0 state EA) in do_free_extent_accounting:3005: errno=-12 Out of memory
[ 97.633964][ T6666] BTRFS error (device loop0 state EA): failed to run delayed ref for logical 5390336 num_bytes 4096 type 176 action 2 ref_mod 1: -12
[ 97.633986][ T6666] BTRFS: error (device loop0 state EA) in btrfs_run_delayed_refs:2161: errno=-12 Out of memory
[pid 6684] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 6684] munmap(0x7f6bc3f59000, 138412032) = 0
[ 97.634017][ T6666] BTRFS error (device loop0 state EMA): remounting read-write after error is not allowed
[ 97.749644][ T5833] BTRFS info (device loop0 state EA): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[pid 6684] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 6684] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 6684] close(3) = 0
[pid 6684] close(4) = 0
[pid 6684] mkdir("./file0", 0777) = 0
[ 98.256538][ T6684] loop0: detected capacity change from 0 to 32768
[ 98.294737][ T6684] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor410 (6684)
[pid 6684] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,metadata_ratio=0x0000000000000000,ssd_spread,") = 0
[ 98.301262][ T6684] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 98.301323][ T6684] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[ 98.301378][ T6684] BTRFS info (device loop0): using free-space-tree
[ 98.349858][ T6684] BTRFS info (device loop0): rebuilding free space tree
[pid 6684] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 6684] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid 6684] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 6684] chdir("./file0") = 0
[pid 6684] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 4
[pid 6684] ioctl(4, IMADDTIMER, 0x200000001b00) = 0
[pid 6684] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 6684] write(5, "31", 2) = 2
[pid 6684] mkdir(".", 0777) = -1 EEXIST (File exists)
[pid 6684] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument)
[pid 6684] exit_group(0) = ?
[pid 6684] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6684, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=13 /* 0.13 s */} ---
[ 98.416876][ T12] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./49", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555587b1a6f0 /* 4 entries */, 32768) = 112
[ 98.469846][ T6684] FAULT_INJECTION: forcing a failure.
[ 98.469846][ T6684] name failslab, interval 1, probability 0, space 0, times 0
[ 98.469869][ T6684] CPU: 0 UID: 0 PID: 6684 Comm: syz-executor410 Tainted: G W 6.17.0-rc1-syzkaller-00214-g99bade344cfa #0 PREEMPT_{RT,(full)}
[ 98.469888][ T6684] Tainted: [W]=WARN
[ 98.469891][ T6684] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 98.469897][ T6684] Call Trace:
[ 98.469901][ T6684]
[ 98.469906][ T6684] dump_stack_lvl+0x189/0x250
[ 98.469924][ T6684] ? __pfx____ratelimit+0x10/0x10
[ 98.469936][ T6684] ? __pfx_dump_stack_lvl+0x10/0x10
[ 98.469947][ T6684] ? __pfx__printk+0x10/0x10
[ 98.469957][ T6684] ? fs_reclaim_acquire+0x7d/0x100
[ 98.469966][ T6684] ? rcu_is_watching+0x15/0xb0
[ 98.469980][ T6684] ? __pfx___might_resched+0x10/0x10
[ 98.469990][ T6684] ? lock_acquire+0x5f/0x360
[ 98.470002][ T6684] should_fail_ex+0x46c/0x600
[ 98.470014][ T6684] ? btrfs_add_to_free_space_tree+0xde/0x5b0
umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./49/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555587b22730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555587b22730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./49/file0") = 0
[ 98.470026][ T6684] should_failslab+0xa8/0x100
[ 98.470039][ T6684] ? btrfs_add_to_free_space_tree+0xde/0x5b0
[ 98.470050][ T6684] kmem_cache_alloc_noprof+0x6e/0x310
[ 98.470063][ T6684] btrfs_add_to_free_space_tree+0xde/0x5b0
[ 98.470075][ T6684] __btrfs_free_extent+0x167b/0x4250
[ 98.470089][ T6684] ? __pfx___btrfs_free_extent+0x10/0x10
[ 98.470098][ T6684] ? migrate_disable+0x160/0x190
[ 98.470109][ T6684] ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 98.470119][ T6684] ? lock_release+0x4b/0x3e0
umount2("./49/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./49/binderfs") = 0
getdents64(3, 0x555587b1a6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./49") = 0
mkdir("./50", 0777) = 0
[ 98.470129][ T6684] ? __btrfs_run_delayed_refs+0x33e8/0x4150
[ 98.470144][ T6684] __btrfs_run_delayed_refs+0xe7f/0x4150
[ 98.470159][ T6684] ? is_bpf_text_address+0x26/0x2b0
[ 98.470175][ T6684] ? is_bpf_text_address+0x292/0x2b0
[ 98.470186][ T6684] ? __pfx___btrfs_run_delayed_refs+0x10/0x10
[ 98.470200][ T6684] ? try_to_take_rt_mutex+0x840/0xb00
[ 98.470209][ T6684] ? unwind_get_return_address+0x4d/0x90
[ 98.470222][ T6684] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 98.470232][ T6684] ? arch_stack_walk+0xfc/0x150
[ 98.470246][ T6684] ? rtlock_slowlock_locked+0xd8/0x4010
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
[ 98.470255][ T6684] ? stack_trace_save+0x9c/0xe0
[ 98.470264][ T6684] ? __pfx_stack_trace_save+0x10/0x10
[ 98.470274][ T6684] ? stack_depot_save_flags+0x40/0x860
[ 98.470286][ T6684] ? btrfs_commit_transaction+0x161/0x3950
[ 98.470298][ T6684] ? rcu_is_watching+0x15/0xb0
[ 98.470310][ T6684] ? lock_acquire+0x5f/0x360
[ 98.470321][ T6684] ? rcu_is_watching+0x15/0xb0
[ 98.470333][ T6684] btrfs_run_delayed_refs+0xe6/0x3b0
[ 98.470347][ T6684] btrfs_commit_transaction+0x269/0x3950
[ 98.470359][ T6684] ? rcu_is_watching+0x15/0xb0
[ 98.470371][ T6684] ? btrfs_commit_transaction+0x161/0x3950
[ 98.470382][ T6684] ? lock_acquire+0x5f/0x360
[ 98.470392][ T6684] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 98.470404][ T6684] ? rt_mutex_slowunlock+0x493/0x8a0
[ 98.470412][ T6684] ? migrate_disable+0xd5/0x190
[ 98.470428][ T6684] ? join_transaction+0x41b/0xca0
[ 98.470439][ T6684] ? rcu_is_watching+0x15/0xb0
[ 98.470452][ T6684] ? lock_acquire+0x5f/0x360
[ 98.470462][ T6684] ? __pfx_btrfs_commit_transaction+0x10/0x10
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6704 attached
, child_tidptr=0x555587b19650) = 6704
[pid 6704] set_robust_list(0x555587b19660, 24) = 0
[pid 6704] chdir("./50") = 0
[pid 6704] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 6704] setpgid(0, 0) = 0
[pid 6704] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[ 98.470474][ T6684] ? join_transaction+0x41b/0xca0
[ 98.470487][ T6684] ? btrfs_record_root_in_trans+0x91/0x180
[ 98.470498][ T6684] ? start_transaction+0x439/0x1620
[ 98.470511][ T6684] ? btrfs_attach_transaction_barrier+0x32/0xa0
[ 98.470522][ T6684] ? btrfs_sync_fs+0x1b2/0x6a0
[ 98.470534][ T6684] sync_filesystem+0x1ce/0x250
[ 98.470548][ T6684] btrfs_reconfigure+0x2fa/0x2160
[ 98.470559][ T6684] ? __pfx_list_lru_walk_node+0x10/0x10
[ 98.470572][ T6684] ? __pfx_btrfs_reconfigure+0x10/0x10
[pid 6704] write(3, "1000", 4) = 4
[pid 6704] close(3) = 0
[pid 6704] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 6704] write(1, "executing program\n", 18) = 18
[pid 6704] memfd_create("syzkaller", 0) = 3
[pid 6704] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6bc3f59000
[ 98.470581][ T6684] ? __pfx_shrink_dcache_sb+0x10/0x10
[ 98.470596][ T6684] ? rcu_is_watching+0x15/0xb0
[ 98.470609][ T6684] reconfigure_super+0x224/0x890
[ 98.470621][ T6684] path_mount+0xd18/0xfe0
[ 98.470640][ T6684] __se_sys_mount+0x317/0x410
[ 98.470653][ T6684] ? __pfx___se_sys_mount+0x10/0x10
[ 98.470664][ T6684] ? rcu_is_watching+0x15/0xb0
[ 98.470677][ T6684] ? __x64_sys_mount+0x20/0xc0
[ 98.470689][ T6684] do_syscall_64+0xfa/0x3b0
[ 98.470700][ T6684] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 98.470710][ T6684] ? clear_bhb_loop+0x60/0xb0
[ 98.470720][ T6684] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 98.470729][ T6684] RIP: 0033:0x7f6bcc3a931a
[ 98.470739][ T6684] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 3e 07 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 98.470748][ T6684] RSP: 002b:00007ffca25590d8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 98.470758][ T6684] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6bcc3a931a
[ 98.470765][ T6684] RDX: 0000200000000180 RSI: 00002000000006c0 RDI: 0000000000000000
[ 98.470772][ T6684] RBP: 0000200000000180 R08: 00007ffca2559170 R09: 0000200000000080
[ 98.470779][ T6684] R10: 0000000001a4243c R11: 0000000000000206 R12: 00002000000006c0
[ 98.470786][ T6684] R13: 00007ffca2559170 R14: 0000000000000000 R15: 0000200000000700
[ 98.470796][ T6684]
[ 98.470801][ T6684] BTRFS error (device loop0 state A): Transaction aborted (error -12)
[ 98.470813][ T6684] BTRFS: error (device loop0 state A) in btrfs_add_to_free_space_tree:1035: errno=-12 Out of memory
[ 98.470823][ T6684] BTRFS info (device loop0 state EA): forced readonly
[ 98.470831][ T6684] BTRFS: error (device loop0 state EA) in do_free_extent_accounting:3005: errno=-12 Out of memory
[ 98.470845][ T6684] BTRFS error (device loop0 state EA): failed to run delayed ref for logical 5394432 num_bytes 4096 type 176 action 2 ref_mod 1: -12
[ 98.470866][ T6684] BTRFS: error (device loop0 state EA) in btrfs_run_delayed_refs:2161: errno=-12 Out of memory
[pid 6704] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 6704] munmap(0x7f6bc3f59000, 138412032) = 0
[pid 6704] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 6704] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 6704] close(3) = 0
[pid 6704] close(4) = 0
[pid 6704] mkdir("./file0", 0777) = 0
[ 98.470899][ T6684] BTRFS error (device loop0 state EMA): remounting read-write after error is not allowed
[ 98.538545][ T5833] BTRFS info (device loop0 state EA): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 99.046799][ T6704] loop0: detected capacity change from 0 to 32768
[ 99.052541][ T6704] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor410 (6704)
[ 99.055746][ T6704] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 99.056191][ T6704] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[ 99.056248][ T6704] BTRFS info (device loop0): using free-space-tree
[pid 6704] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,metadata_ratio=0x0000000000000000,ssd_spread,") = 0
[pid 6704] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 6704] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid 6704] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 6704] chdir("./file0") = 0
[pid 6704] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 4
[pid 6704] ioctl(4, IMADDTIMER, 0x200000001b00) = 0
[pid 6704] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 6704] write(5, "31", 2) = 2
[pid 6704] mkdir(".", 0777) = -1 EEXIST (File exists)
[ 99.130932][ T6704] BTRFS info (device loop0): rebuilding free space tree
[pid 6704] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument)
[pid 6704] exit_group(0) = ?
[pid 6704] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6704, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=14 /* 0.14 s */} ---
umount2("./50", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555587b1a6f0 /* 4 entries */, 32768) = 112
[ 99.184588][ T13] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 99.187201][ T6704] FAULT_INJECTION: forcing a failure.
[ 99.187201][ T6704] name failslab, interval 1, probability 0, space 0, times 0
[ 99.187234][ T6704] CPU: 1 UID: 0 PID: 6704 Comm: syz-executor410 Tainted: G W 6.17.0-rc1-syzkaller-00214-g99bade344cfa #0 PREEMPT_{RT,(full)}
[ 99.187260][ T6704] Tainted: [W]=WARN
[ 99.187266][ T6704] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 99.187276][ T6704] Call Trace:
[ 99.187282][ T6704]
[ 99.187289][ T6704] dump_stack_lvl+0x189/0x250
[ 99.187317][ T6704] ? __pfx____ratelimit+0x10/0x10
[ 99.187337][ T6704] ? __pfx_dump_stack_lvl+0x10/0x10
[ 99.187359][ T6704] ? __pfx__printk+0x10/0x10
[ 99.187376][ T6704] ? fs_reclaim_acquire+0x7d/0x100
[ 99.187391][ T6704] ? rcu_is_watching+0x15/0xb0
[ 99.187414][ T6704] ? __pfx___might_resched+0x10/0x10
[ 99.187431][ T6704] ? lock_acquire+0x5f/0x360
[ 99.187452][ T6704] should_fail_ex+0x46c/0x600
umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./50/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555587b22730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555587b22730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./50/file0") = 0
[ 99.187473][ T6704] ? btrfs_add_to_free_space_tree+0xde/0x5b0
[ 99.187494][ T6704] should_failslab+0xa8/0x100
[ 99.187516][ T6704] ? btrfs_add_to_free_space_tree+0xde/0x5b0
[ 99.187542][ T6704] kmem_cache_alloc_noprof+0x6e/0x310
[ 99.187566][ T6704] btrfs_add_to_free_space_tree+0xde/0x5b0
[ 99.187588][ T6704] __btrfs_free_extent+0x167b/0x4250
[ 99.187613][ T6704] ? __pfx___btrfs_free_extent+0x10/0x10
[ 99.187631][ T6704] ? migrate_disable+0x160/0x190
[ 99.187650][ T6704] ? __pfx_rt_mutex_slowunlock+0x10/0x10
umount2("./50/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./50/binderfs") = 0
getdents64(3, 0x555587b1a6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./50") = 0
[ 99.187668][ T6704] ? lock_release+0x4b/0x3e0
[ 99.187686][ T6704] ? __btrfs_run_delayed_refs+0x33e8/0x4150
[ 99.187713][ T6704] __btrfs_run_delayed_refs+0xe7f/0x4150
[ 99.187742][ T6704] ? is_bpf_text_address+0x26/0x2b0
[ 99.187770][ T6704] ? is_bpf_text_address+0x292/0x2b0
[ 99.187792][ T6704] ? __pfx___btrfs_run_delayed_refs+0x10/0x10
[ 99.187816][ T6704] ? try_to_take_rt_mutex+0x840/0xb00
[ 99.187833][ T6704] ? unwind_get_return_address+0x4d/0x90
[ 99.187854][ T6704] ? __pfx_stack_trace_consume_entry+0x10/0x10
mkdir("./51", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[ 99.187873][ T6704] ? arch_stack_walk+0xfc/0x150
[ 99.187897][ T6704] ? rtlock_slowlock_locked+0xd8/0x4010
[ 99.187915][ T6704] ? stack_trace_save+0x9c/0xe0
[ 99.187932][ T6704] ? __pfx_stack_trace_save+0x10/0x10
[ 99.187948][ T6704] ? stack_depot_save_flags+0x40/0x860
[ 99.187969][ T6704] ? btrfs_commit_transaction+0x161/0x3950
[ 99.187990][ T6704] ? rcu_is_watching+0x15/0xb0
[ 99.188013][ T6704] ? lock_acquire+0x5f/0x360
[ 99.188031][ T6704] ? rcu_is_watching+0x15/0xb0
[ 99.188054][ T6704] btrfs_run_delayed_refs+0xe6/0x3b0
ioctl(3, LOOP_CLR_FD) = 0
[ 99.188079][ T6704] btrfs_commit_transaction+0x269/0x3950
[ 99.188100][ T6704] ? rcu_is_watching+0x15/0xb0
[ 99.188122][ T6704] ? btrfs_commit_transaction+0x161/0x3950
[ 99.188142][ T6704] ? lock_acquire+0x5f/0x360
[ 99.188160][ T6704] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 99.188182][ T6704] ? rt_mutex_slowunlock+0x493/0x8a0
[ 99.188197][ T6704] ? migrate_disable+0xd5/0x190
[ 99.188217][ T6704] ? join_transaction+0x41b/0xca0
[ 99.188236][ T6704] ? rcu_is_watching+0x15/0xb0
[ 99.188259][ T6704] ? lock_acquire+0x5f/0x360
[ 99.188278][ T6704] ? __pfx_btrfs_commit_transaction+0x10/0x10
[ 99.188300][ T6704] ? join_transaction+0x41b/0xca0
[ 99.188324][ T6704] ? btrfs_record_root_in_trans+0x91/0x180
[ 99.188344][ T6704] ? start_transaction+0x439/0x1620
[ 99.188370][ T6704] ? btrfs_attach_transaction_barrier+0x32/0xa0
[ 99.188389][ T6704] ? btrfs_sync_fs+0x1b2/0x6a0
[ 99.188410][ T6704] sync_filesystem+0x1ce/0x250
[ 99.188433][ T6704] btrfs_reconfigure+0x2fa/0x2160
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6721 attached
[pid 6721] set_robust_list(0x555587b19660, 24) = 0
[pid 5833] <... clone resumed>, child_tidptr=0x555587b19650) = 6721
[pid 6721] chdir("./51") = 0
[ 99.188454][ T6704] ? __pfx_list_lru_walk_node+0x10/0x10
[ 99.188477][ T6704] ? __pfx_btrfs_reconfigure+0x10/0x10
[ 99.188494][ T6704] ? __pfx_shrink_dcache_sb+0x10/0x10
[ 99.188519][ T6704] ? rcu_is_watching+0x15/0xb0
[ 99.188548][ T6704] reconfigure_super+0x224/0x890
[ 99.188566][ T6704] path_mount+0xd18/0xfe0
[ 99.188589][ T6704] __se_sys_mount+0x317/0x410
[ 99.188612][ T6704] ? __pfx___se_sys_mount+0x10/0x10
[ 99.188633][ T6704] ? rcu_is_watching+0x15/0xb0
[ 99.188657][ T6704] ? __x64_sys_mount+0x20/0xc0
[ 99.188679][ T6704] do_syscall_64+0xfa/0x3b0
[pid 6721] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 6721] setpgid(0, 0) = 0
[pid 6721] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 6721] write(3, "1000", 4) = 4
[pid 6721] close(3) = 0
[ 99.188699][ T6704] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 99.188716][ T6704] ? clear_bhb_loop+0x60/0xb0
[ 99.188734][ T6704] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 99.188750][ T6704] RIP: 0033:0x7f6bcc3a931a
[ 99.188765][ T6704] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 3e 07 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 99.188779][ T6704] RSP: 002b:00007ffca25590d8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[pid 6721] symlink("/dev/binderfs", "./binderfs") = 0
[pid 6721] write(1, "executing program\n", 18executing program
) = 18
[pid 6721] memfd_create("syzkaller", 0) = 3
[pid 6721] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6bc3f59000
[ 99.188798][ T6704] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6bcc3a931a
[ 99.188810][ T6704] RDX: 0000200000000180 RSI: 00002000000006c0 RDI: 0000000000000000
[ 99.188821][ T6704] RBP: 0000200000000180 R08: 00007ffca2559170 R09: 0000200000000080
[ 99.188834][ T6704] R10: 0000000001a4243c R11: 0000000000000206 R12: 00002000000006c0
[ 99.188846][ T6704] R13: 00007ffca2559170 R14: 0000000000000000 R15: 0000200000000700
[ 99.188863][ T6704]
[ 99.188872][ T6704] BTRFS error (device loop0 state A): Transaction aborted (error -12)
[ 99.188891][ T6704] BTRFS: error (device loop0 state A) in btrfs_add_to_free_space_tree:1035: errno=-12 Out of memory
[ 99.188909][ T6704] BTRFS info (device loop0 state EA): forced readonly
[ 99.188924][ T6704] BTRFS: error (device loop0 state EA) in do_free_extent_accounting:3005: errno=-12 Out of memory
[ 99.188949][ T6704] BTRFS error (device loop0 state EA): failed to run delayed ref for logical 5394432 num_bytes 4096 type 176 action 2 ref_mod 1: -12
[ 99.188986][ T6704] BTRFS: error (device loop0 state EA) in btrfs_run_delayed_refs:2161: errno=-12 Out of memory
[ 99.189029][ T6704] BTRFS error (device loop0 state EMA): remounting read-write after error is not allowed
[ 99.257892][ T5833] BTRFS info (device loop0 state EA): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[pid 6721] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 6721] munmap(0x7f6bc3f59000, 138412032) = 0
[pid 6721] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 6721] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 6721] close(3) = 0
[pid 6721] close(4) = 0
[pid 6721] mkdir("./file0", 0777) = 0
[ 99.818494][ T6721] loop0: detected capacity change from 0 to 32768
[ 99.835997][ T6721] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor410 (6721)
[ 99.841436][ T6721] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 99.841495][ T6721] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[ 99.841567][ T6721] BTRFS info (device loop0): using free-space-tree
[pid 6721] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,metadata_ratio=0x0000000000000000,ssd_spread,") = 0
[pid 6721] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 6721] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid 6721] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 6721] chdir("./file0") = 0
[pid 6721] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 4
[pid 6721] ioctl(4, IMADDTIMER, 0x200000001b00) = 0
[pid 6721] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 6721] write(5, "31", 2) = 2
[ 99.920071][ T6721] BTRFS info (device loop0): rebuilding free space tree
[ 99.958975][ T12] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[pid 6721] mkdir(".", 0777) = -1 EEXIST (File exists)
[pid 6721] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument)
[pid 6721] exit_group(0) = ?
[pid 6721] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6721, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=10 /* 0.10 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./51", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555587b1a6f0 /* 4 entries */, 32768) = 112
[ 100.010948][ T6721] FAULT_INJECTION: forcing a failure.
[ 100.010948][ T6721] name failslab, interval 1, probability 0, space 0, times 0
[ 100.010971][ T6721] CPU: 1 UID: 0 PID: 6721 Comm: syz-executor410 Tainted: G W 6.17.0-rc1-syzkaller-00214-g99bade344cfa #0 PREEMPT_{RT,(full)}
[ 100.010989][ T6721] Tainted: [W]=WARN
[ 100.010992][ T6721] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 100.011001][ T6721] Call Trace:
[ 100.011014][ T6721]
[ 100.011018][ T6721] dump_stack_lvl+0x189/0x250
[ 100.011036][ T6721] ? __pfx____ratelimit+0x10/0x10
[ 100.011048][ T6721] ? __pfx_dump_stack_lvl+0x10/0x10
[ 100.011060][ T6721] ? __pfx__printk+0x10/0x10
[ 100.011070][ T6721] ? fs_reclaim_acquire+0x7d/0x100
[ 100.011079][ T6721] ? rcu_is_watching+0x15/0xb0
[ 100.011093][ T6721] ? __pfx___might_resched+0x10/0x10
[ 100.011102][ T6721] ? lock_acquire+0x5f/0x360
[ 100.011113][ T6721] should_fail_ex+0x46c/0x600
[ 100.011126][ T6721] ? btrfs_add_to_free_space_tree+0xde/0x5b0
umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./51/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555587b22730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555587b22730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./51/file0") = 0
umount2("./51/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 100.011138][ T6721] should_failslab+0xa8/0x100
[ 100.011150][ T6721] ? btrfs_add_to_free_space_tree+0xde/0x5b0
[ 100.011160][ T6721] kmem_cache_alloc_noprof+0x6e/0x310
[ 100.011174][ T6721] btrfs_add_to_free_space_tree+0xde/0x5b0
[ 100.011186][ T6721] __btrfs_free_extent+0x167b/0x4250
[ 100.011200][ T6721] ? __pfx___btrfs_free_extent+0x10/0x10
[ 100.011210][ T6721] ? migrate_disable+0x160/0x190
[ 100.011220][ T6721] ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 100.011230][ T6721] ? lock_release+0x4b/0x3e0
newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./51/binderfs") = 0
getdents64(3, 0x555587b1a6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./51") = 0
mkdir("./52", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
[ 100.011240][ T6721] ? __btrfs_run_delayed_refs+0x33e8/0x4150
[ 100.011254][ T6721] __btrfs_run_delayed_refs+0xe7f/0x4150
[ 100.011270][ T6721] ? is_bpf_text_address+0x26/0x2b0
[ 100.011286][ T6721] ? is_bpf_text_address+0x292/0x2b0
[ 100.011297][ T6721] ? __pfx___btrfs_run_delayed_refs+0x10/0x10
[ 100.011311][ T6721] ? try_to_take_rt_mutex+0x840/0xb00
[ 100.011320][ T6721] ? unwind_get_return_address+0x4d/0x90
[ 100.011333][ T6721] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 100.011343][ T6721] ? arch_stack_walk+0xfc/0x150
[ 100.011356][ T6721] ? rtlock_slowlock_locked+0xd8/0x4010
[ 100.011366][ T6721] ? stack_trace_save+0x9c/0xe0
[ 100.011375][ T6721] ? __pfx_stack_trace_save+0x10/0x10
[ 100.011384][ T6721] ? stack_depot_save_flags+0x40/0x860
[ 100.011396][ T6721] ? btrfs_commit_transaction+0x161/0x3950
[ 100.011408][ T6721] ? rcu_is_watching+0x15/0xb0
[ 100.011421][ T6721] ? lock_acquire+0x5f/0x360
[ 100.011437][ T6721] ? rcu_is_watching+0x15/0xb0
[ 100.011450][ T6721] btrfs_run_delayed_refs+0xe6/0x3b0
[ 100.011463][ T6721] btrfs_commit_transaction+0x269/0x3950
[ 100.011475][ T6721] ? rcu_is_watching+0x15/0xb0
[ 100.011487][ T6721] ? btrfs_commit_transaction+0x161/0x3950
[ 100.011498][ T6721] ? lock_acquire+0x5f/0x360
[ 100.011509][ T6721] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 100.011525][ T6721] ? rt_mutex_slowunlock+0x493/0x8a0
[ 100.011533][ T6721] ? migrate_disable+0xd5/0x190
[ 100.011543][ T6721] ? join_transaction+0x41b/0xca0
[ 100.011554][ T6721] ? rcu_is_watching+0x15/0xb0
[ 100.011566][ T6721] ? lock_acquire+0x5f/0x360
[ 100.011577][ T6721] ? __pfx_btrfs_commit_transaction+0x10/0x10
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6739 attached
, child_tidptr=0x555587b19650) = 6739
[pid 6739] set_robust_list(0x555587b19660, 24) = 0
[pid 6739] chdir("./52") = 0
[pid 6739] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 6739] setpgid(0, 0) = 0
[pid 6739] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[ 100.011589][ T6721] ? join_transaction+0x41b/0xca0
[ 100.011601][ T6721] ? btrfs_record_root_in_trans+0x91/0x180
[ 100.011612][ T6721] ? start_transaction+0x439/0x1620
[ 100.011626][ T6721] ? btrfs_attach_transaction_barrier+0x32/0xa0
[ 100.011637][ T6721] ? btrfs_sync_fs+0x1b2/0x6a0
[ 100.011649][ T6721] sync_filesystem+0x1ce/0x250
[ 100.011663][ T6721] btrfs_reconfigure+0x2fa/0x2160
[ 100.011674][ T6721] ? __pfx_list_lru_walk_node+0x10/0x10
[ 100.011687][ T6721] ? __pfx_btrfs_reconfigure+0x10/0x10
[pid 6739] write(3, "1000", 4) = 4
[pid 6739] close(3) = 0
[pid 6739] symlink("/dev/binderfs", "./binderfs") = 0
[pid 6739] write(1, "executing program\n", 18executing program
) = 18
[pid 6739] memfd_create("syzkaller", 0) = 3
[pid 6739] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6bc3f59000
[ 100.011696][ T6721] ? __pfx_shrink_dcache_sb+0x10/0x10
[ 100.011711][ T6721] ? rcu_is_watching+0x15/0xb0
[ 100.011724][ T6721] reconfigure_super+0x224/0x890
[ 100.011736][ T6721] path_mount+0xd18/0xfe0
[ 100.011750][ T6721] __se_sys_mount+0x317/0x410
[ 100.011763][ T6721] ? __pfx___se_sys_mount+0x10/0x10
[ 100.011774][ T6721] ? rcu_is_watching+0x15/0xb0
[ 100.011787][ T6721] ? __x64_sys_mount+0x20/0xc0
[ 100.011798][ T6721] do_syscall_64+0xfa/0x3b0
[ 100.011810][ T6721] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 100.011819][ T6721] ? clear_bhb_loop+0x60/0xb0
[ 100.011829][ T6721] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 100.011838][ T6721] RIP: 0033:0x7f6bcc3a931a
[ 100.011847][ T6721] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 3e 07 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 100.011855][ T6721] RSP: 002b:00007ffca25590d8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 100.011867][ T6721] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6bcc3a931a
[ 100.011874][ T6721] RDX: 0000200000000180 RSI: 00002000000006c0 RDI: 0000000000000000
[ 100.011880][ T6721] RBP: 0000200000000180 R08: 00007ffca2559170 R09: 0000200000000080
[ 100.011887][ T6721] R10: 0000000001a4243c R11: 0000000000000206 R12: 00002000000006c0
[ 100.011893][ T6721] R13: 00007ffca2559170 R14: 0000000000000000 R15: 0000200000000700
[ 100.011902][ T6721]
[ 100.011908][ T6721] BTRFS error (device loop0 state A): Transaction aborted (error -12)
[ 100.011920][ T6721] BTRFS: error (device loop0 state A) in btrfs_add_to_free_space_tree:1035: errno=-12 Out of memory
[ 100.011930][ T6721] BTRFS info (device loop0 state EA): forced readonly
[ 100.011938][ T6721] BTRFS: error (device loop0 state EA) in do_free_extent_accounting:3005: errno=-12 Out of memory
[ 100.011952][ T6721] BTRFS error (device loop0 state EA): failed to run delayed ref for logical 5394432 num_bytes 4096 type 176 action 2 ref_mod 1: -12
[ 100.011973][ T6721] BTRFS: error (device loop0 state EA) in btrfs_run_delayed_refs:2161: errno=-12 Out of memory
[pid 6739] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 6739] munmap(0x7f6bc3f59000, 138412032) = 0
[pid 6739] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 100.012005][ T6721] BTRFS error (device loop0 state EMA): remounting read-write after error is not allowed
[ 100.068063][ T5833] BTRFS info (device loop0 state EA): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[pid 6739] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 6739] close(3) = 0
[pid 6739] close(4) = 0
[pid 6739] mkdir("./file0", 0777) = 0
[ 100.613361][ T6739] loop0: detected capacity change from 0 to 32768
[ 100.637579][ T6739] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor410 (6739)
[pid 6739] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,metadata_ratio=0x0000000000000000,ssd_spread,") = 0
[ 100.655889][ T6739] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 100.655955][ T6739] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[ 100.656034][ T6739] BTRFS info (device loop0): using free-space-tree
[ 100.702315][ T6739] BTRFS info (device loop0): rebuilding free space tree
[pid 6739] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 6739] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid 6739] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 6739] chdir("./file0") = 0
[pid 6739] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 4
[pid 6739] ioctl(4, IMADDTIMER, 0x200000001b00) = 0
[pid 6739] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 6739] write(5, "31", 2) = 2
[pid 6739] mkdir(".", 0777) = -1 EEXIST (File exists)
[pid 6739] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument)
[pid 6739] exit_group(0) = ?
[pid 6739] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6739, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=11 /* 0.11 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./52", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555587b1a6f0 /* 4 entries */, 32768) = 112
[ 100.776551][ T1901] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 100.796294][ T6739] FAULT_INJECTION: forcing a failure.
[ 100.796294][ T6739] name failslab, interval 1, probability 0, space 0, times 0
[ 100.796317][ T6739] CPU: 1 UID: 0 PID: 6739 Comm: syz-executor410 Tainted: G W 6.17.0-rc1-syzkaller-00214-g99bade344cfa #0 PREEMPT_{RT,(full)}
[ 100.796333][ T6739] Tainted: [W]=WARN
[ 100.796336][ T6739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 100.796342][ T6739] Call Trace:
[ 100.796346][ T6739]
[ 100.796350][ T6739] dump_stack_lvl+0x189/0x250
[ 100.796376][ T6739] ? __pfx____ratelimit+0x10/0x10
[ 100.796388][ T6739] ? __pfx_dump_stack_lvl+0x10/0x10
[ 100.796400][ T6739] ? __pfx__printk+0x10/0x10
[ 100.796410][ T6739] ? fs_reclaim_acquire+0x7d/0x100
[ 100.796419][ T6739] ? rcu_is_watching+0x15/0xb0
umount2("./52/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./52/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./52/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./52/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555587b22730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555587b22730 /* 0 entries */, 32768) = 0
close(4) = 0
[ 100.796433][ T6739] ? __pfx___might_resched+0x10/0x10
[ 100.796443][ T6739] ? lock_acquire+0x5f/0x360
[ 100.796455][ T6739] should_fail_ex+0x46c/0x600
[ 100.796467][ T6739] ? btrfs_add_to_free_space_tree+0xde/0x5b0
[ 100.796479][ T6739] should_failslab+0xa8/0x100
[ 100.796491][ T6739] ? btrfs_add_to_free_space_tree+0xde/0x5b0
[ 100.796502][ T6739] kmem_cache_alloc_noprof+0x6e/0x310
[ 100.796515][ T6739] btrfs_add_to_free_space_tree+0xde/0x5b0
[ 100.796526][ T6739] __btrfs_free_extent+0x167b/0x4250
[ 100.796541][ T6739] ? __pfx___btrfs_free_extent+0x10/0x10
rmdir("./52/file0") = 0
umount2("./52/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./52/binderfs") = 0
getdents64(3, 0x555587b1a6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./52") = 0
mkdir("./53", 0777) = 0
[ 100.796550][ T6739] ? migrate_disable+0x160/0x190
[ 100.796561][ T6739] ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 100.796570][ T6739] ? lock_release+0x4b/0x3e0
[ 100.796581][ T6739] ? __btrfs_run_delayed_refs+0x33e8/0x4150
[ 100.796595][ T6739] __btrfs_run_delayed_refs+0xe7f/0x4150
[ 100.796611][ T6739] ? is_bpf_text_address+0x26/0x2b0
[ 100.796626][ T6739] ? is_bpf_text_address+0x292/0x2b0
[ 100.796638][ T6739] ? __pfx___btrfs_run_delayed_refs+0x10/0x10
[ 100.796651][ T6739] ? try_to_take_rt_mutex+0x840/0xb00
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
[ 100.796660][ T6739] ? unwind_get_return_address+0x4d/0x90
[ 100.796673][ T6739] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 100.796683][ T6739] ? arch_stack_walk+0xfc/0x150
[ 100.796696][ T6739] ? rtlock_slowlock_locked+0xd8/0x4010
[ 100.796706][ T6739] ? stack_trace_save+0x9c/0xe0
[ 100.796715][ T6739] ? __pfx_stack_trace_save+0x10/0x10
[ 100.796725][ T6739] ? stack_depot_save_flags+0x40/0x860
[ 100.796736][ T6739] ? btrfs_commit_transaction+0x161/0x3950
[ 100.796749][ T6739] ? rcu_is_watching+0x15/0xb0
[ 100.796762][ T6739] ? lock_acquire+0x5f/0x360
[ 100.796772][ T6739] ? rcu_is_watching+0x15/0xb0
[ 100.796785][ T6739] btrfs_run_delayed_refs+0xe6/0x3b0
[ 100.796798][ T6739] btrfs_commit_transaction+0x269/0x3950
[ 100.796810][ T6739] ? rcu_is_watching+0x15/0xb0
[ 100.796822][ T6739] ? btrfs_commit_transaction+0x161/0x3950
[ 100.796833][ T6739] ? lock_acquire+0x5f/0x360
[ 100.796843][ T6739] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 100.796855][ T6739] ? rt_mutex_slowunlock+0x493/0x8a0
[ 100.796863][ T6739] ? migrate_disable+0xd5/0x190
close(3) = 0
[ 100.796874][ T6739] ? join_transaction+0x41b/0xca0
[ 100.796885][ T6739] ? rcu_is_watching+0x15/0xb0
[ 100.796897][ T6739] ? lock_acquire+0x5f/0x360
[ 100.796908][ T6739] ? __pfx_btrfs_commit_transaction+0x10/0x10
[ 100.796920][ T6739] ? join_transaction+0x41b/0xca0
[ 100.796932][ T6739] ? btrfs_record_root_in_trans+0x91/0x180
[ 100.796943][ T6739] ? start_transaction+0x439/0x1620
[ 100.796956][ T6739] ? btrfs_attach_transaction_barrier+0x32/0xa0
[ 100.796967][ T6739] ? btrfs_sync_fs+0x1b2/0x6a0
[ 100.796979][ T6739] sync_filesystem+0x1ce/0x250
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6756 attached
[pid 6756] set_robust_list(0x555587b19660, 24) = 0
[pid 5833] <... clone resumed>, child_tidptr=0x555587b19650) = 6756
[pid 6756] chdir("./53") = 0
[pid 6756] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 6756] setpgid(0, 0) = 0
[pid 6756] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[ 100.796992][ T6739] btrfs_reconfigure+0x2fa/0x2160
[ 100.797003][ T6739] ? __pfx_list_lru_walk_node+0x10/0x10
[ 100.797016][ T6739] ? __pfx_btrfs_reconfigure+0x10/0x10
[ 100.797025][ T6739] ? __pfx_shrink_dcache_sb+0x10/0x10
[ 100.797038][ T6739] ? rcu_is_watching+0x15/0xb0
[ 100.797052][ T6739] reconfigure_super+0x224/0x890
[ 100.797063][ T6739] path_mount+0xd18/0xfe0
[ 100.797077][ T6739] __se_sys_mount+0x317/0x410
[ 100.797089][ T6739] ? __pfx___se_sys_mount+0x10/0x10
[ 100.797101][ T6739] ? rcu_is_watching+0x15/0xb0
[pid 6756] write(3, "1000", 4) = 4
[pid 6756] close(3) = 0
[pid 6756] symlink("/dev/binderfs", "./binderfs") = 0
[pid 6756] write(1, "executing program\n", 18executing program
) = 18
[pid 6756] memfd_create("syzkaller", 0) = 3
[pid 6756] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6bc3f59000
[ 100.797114][ T6739] ? __x64_sys_mount+0x20/0xc0
[ 100.797126][ T6739] do_syscall_64+0xfa/0x3b0
[ 100.797137][ T6739] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 100.797146][ T6739] ? clear_bhb_loop+0x60/0xb0
[ 100.797156][ T6739] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 100.797165][ T6739] RIP: 0033:0x7f6bcc3a931a
[ 100.797174][ T6739] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 3e 07 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 100.797182][ T6739] RSP: 002b:00007ffca25590d8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 100.797193][ T6739] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6bcc3a931a
[ 100.797200][ T6739] RDX: 0000200000000180 RSI: 00002000000006c0 RDI: 0000000000000000
[ 100.797206][ T6739] RBP: 0000200000000180 R08: 00007ffca2559170 R09: 0000200000000080
[ 100.797213][ T6739] R10: 0000000001a4243c R11: 0000000000000206 R12: 00002000000006c0
[ 100.797219][ T6739] R13: 00007ffca2559170 R14: 0000000000000000 R15: 0000200000000700
[ 100.797228][ T6739]
[ 100.797234][ T6739] BTRFS error (device loop0 state A): Transaction aborted (error -12)
[ 100.797245][ T6739] BTRFS: error (device loop0 state A) in btrfs_add_to_free_space_tree:1035: errno=-12 Out of memory
[ 100.797255][ T6739] BTRFS info (device loop0 state EA): forced readonly
[ 100.797263][ T6739] BTRFS: error (device loop0 state EA) in do_free_extent_accounting:3005: errno=-12 Out of memory
[ 100.797278][ T6739] BTRFS error (device loop0 state EA): failed to run delayed ref for logical 5394432 num_bytes 4096 type 176 action 2 ref_mod 1: -12
[pid 6756] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 6756] munmap(0x7f6bc3f59000, 138412032) = 0
[pid 6756] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 100.797299][ T6739] BTRFS: error (device loop0 state EA) in btrfs_run_delayed_refs:2161: errno=-12 Out of memory
[ 100.797333][ T6739] BTRFS error (device loop0 state EMA): remounting read-write after error is not allowed
[ 100.887946][ T5833] BTRFS info (device loop0 state EA): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[pid 6756] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 6756] close(3) = 0
[pid 6756] close(4) = 0
[pid 6756] mkdir("./file0", 0777) = 0
[ 101.409510][ T6756] loop0: detected capacity change from 0 to 32768
[ 101.447925][ T6756] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor410 (6756)
[ 101.454230][ T6756] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 101.454291][ T6756] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[ 101.454368][ T6756] BTRFS info (device loop0): using free-space-tree
[pid 6756] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,metadata_ratio=0x0000000000000000,ssd_spread,") = 0
[pid 6756] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 6756] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[ 101.521532][ T6756] BTRFS info (device loop0): rebuilding free space tree
[pid 6756] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 6756] chdir("./file0") = 0
[pid 6756] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 4
[pid 6756] ioctl(4, IMADDTIMER, 0x200000001b00) = 0
[pid 6756] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 6756] write(5, "31", 2) = 2
[ 101.595728][ T13] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[pid 6756] mkdir(".", 0777) = -1 EEXIST (File exists)
[pid 6756] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument)
[pid 6756] exit_group(0) = ?
[pid 6756] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6756, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=12 /* 0.12 s */} ---
umount2("./53", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555587b1a6f0 /* 4 entries */, 32768) = 112
[ 101.665892][ T6756] FAULT_INJECTION: forcing a failure.
[ 101.665892][ T6756] name failslab, interval 1, probability 0, space 0, times 0
[ 101.665925][ T6756] CPU: 0 UID: 0 PID: 6756 Comm: syz-executor410 Tainted: G W 6.17.0-rc1-syzkaller-00214-g99bade344cfa #0 PREEMPT_{RT,(full)}
[ 101.665950][ T6756] Tainted: [W]=WARN
[ 101.665955][ T6756] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 101.665965][ T6756] Call Trace:
[ 101.665971][ T6756]
[ 101.665976][ T6756] dump_stack_lvl+0x189/0x250
[ 101.665994][ T6756] ? __pfx_dump_stack_lvl+0x10/0x10
[ 101.666007][ T6756] ? __pfx__printk+0x10/0x10
[ 101.666019][ T6756] should_fail_ex+0x46c/0x600
[ 101.666031][ T6756] ? btrfs_add_to_free_space_tree+0xde/0x5b0
[ 101.666043][ T6756] should_failslab+0xa8/0x100
[ 101.666056][ T6756] ? btrfs_add_to_free_space_tree+0xde/0x5b0
[ 101.666066][ T6756] kmem_cache_alloc_noprof+0x6e/0x310
[ 101.666080][ T6756] btrfs_add_to_free_space_tree+0xde/0x5b0
[ 101.666092][ T6756] __btrfs_free_extent+0x167b/0x4250
umount2("./53/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./53/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./53/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./53/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555587b22730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555587b22730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./53/file0") = 0
[ 101.666106][ T6756] ? __pfx___btrfs_free_extent+0x10/0x10
[ 101.666116][ T6756] ? migrate_disable+0x160/0x190
[ 101.666127][ T6756] ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 101.666137][ T6756] ? lock_release+0x4b/0x3e0
[ 101.666148][ T6756] ? __btrfs_run_delayed_refs+0x33e8/0x4150
[ 101.666163][ T6756] __btrfs_run_delayed_refs+0xe7f/0x4150
[ 101.666178][ T6756] ? is_bpf_text_address+0x26/0x2b0
[ 101.666194][ T6756] ? is_bpf_text_address+0x292/0x2b0
[ 101.666205][ T6756] ? __pfx___btrfs_run_delayed_refs+0x10/0x10
umount2("./53/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./53/binderfs") = 0
getdents64(3, 0x555587b1a6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./53") = 0
mkdir("./54", 0777) = 0
[ 101.666219][ T6756] ? try_to_take_rt_mutex+0x840/0xb00
[ 101.666228][ T6756] ? unwind_get_return_address+0x4d/0x90
[ 101.666241][ T6756] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 101.666251][ T6756] ? arch_stack_walk+0xfc/0x150
[ 101.666264][ T6756] ? rtlock_slowlock_locked+0xd8/0x4010
[ 101.666274][ T6756] ? stack_trace_save+0x9c/0xe0
[ 101.666283][ T6756] ? __pfx_stack_trace_save+0x10/0x10
[ 101.666294][ T6756] ? stack_depot_save_flags+0x40/0x860
[ 101.666311][ T6756] ? btrfs_commit_transaction+0x161/0x3950
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
[ 101.666327][ T6756] ? rcu_is_watching+0x15/0xb0
[ 101.666341][ T6756] ? lock_acquire+0x5f/0x360
[ 101.666352][ T6756] ? rcu_is_watching+0x15/0xb0
[ 101.666364][ T6756] btrfs_run_delayed_refs+0xe6/0x3b0
[ 101.666378][ T6756] btrfs_commit_transaction+0x269/0x3950
[ 101.666389][ T6756] ? rcu_is_watching+0x15/0xb0
[ 101.666401][ T6756] ? btrfs_commit_transaction+0x161/0x3950
[ 101.666412][ T6756] ? lock_acquire+0x5f/0x360
[ 101.666423][ T6756] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 101.666435][ T6756] ? rt_mutex_slowunlock+0x493/0x8a0
[ 101.666443][ T6756] ? migrate_disable+0xd5/0x190
[ 101.666454][ T6756] ? join_transaction+0x41b/0xca0
[ 101.666464][ T6756] ? rcu_is_watching+0x15/0xb0
[ 101.666477][ T6756] ? lock_acquire+0x5f/0x360
[ 101.666487][ T6756] ? __pfx_btrfs_commit_transaction+0x10/0x10
[ 101.666499][ T6756] ? join_transaction+0x41b/0xca0
[ 101.666512][ T6756] ? btrfs_record_root_in_trans+0x91/0x180
[ 101.666523][ T6756] ? start_transaction+0x439/0x1620
[ 101.666536][ T6756] ? btrfs_attach_transaction_barrier+0x32/0xa0
[ 101.666554][ T6756] ? btrfs_sync_fs+0x1b2/0x6a0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555587b19650) = 6773
./strace-static-x86_64: Process 6773 attached
[ 101.666566][ T6756] sync_filesystem+0x1ce/0x250
[ 101.666580][ T6756] btrfs_reconfigure+0x2fa/0x2160
[ 101.666591][ T6756] ? __pfx_list_lru_walk_node+0x10/0x10
[ 101.666604][ T6756] ? __pfx_btrfs_reconfigure+0x10/0x10
[ 101.666614][ T6756] ? __pfx_shrink_dcache_sb+0x10/0x10
[ 101.666627][ T6756] ? rcu_is_watching+0x15/0xb0
[ 101.666641][ T6756] reconfigure_super+0x224/0x890
[ 101.666653][ T6756] path_mount+0xd18/0xfe0
[ 101.666667][ T6756] __se_sys_mount+0x317/0x410
[ 101.666679][ T6756] ? __pfx___se_sys_mount+0x10/0x10
[pid 6773] set_robust_list(0x555587b19660, 24) = 0
[pid 6773] chdir("./54") = 0
[pid 6773] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 6773] setpgid(0, 0) = 0
[pid 6773] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 6773] write(3, "1000", 4) = 4
[pid 6773] close(3) = 0
[pid 6773] symlink("/dev/binderfs", "./binderfs") = 0
[ 101.666691][ T6756] ? rcu_is_watching+0x15/0xb0
[ 101.666704][ T6756] ? __x64_sys_mount+0x20/0xc0
[ 101.666716][ T6756] do_syscall_64+0xfa/0x3b0
[ 101.666727][ T6756] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 101.666736][ T6756] ? clear_bhb_loop+0x60/0xb0
[ 101.666746][ T6756] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 101.666755][ T6756] RIP: 0033:0x7f6bcc3a931a
[pid 6773] write(1, "executing program\n", 18executing program
) = 18
[pid 6773] memfd_create("syzkaller", 0) = 3
[pid 6773] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6bc3f59000
[ 101.666764][ T6756] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 3e 07 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 101.666772][ T6756] RSP: 002b:00007ffca25590d8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 101.666783][ T6756] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6bcc3a931a
[ 101.666791][ T6756] RDX: 0000200000000180 RSI: 00002000000006c0 RDI: 0000000000000000
[ 101.666797][ T6756] RBP: 0000200000000180 R08: 00007ffca2559170 R09: 0000200000000080
[ 101.666804][ T6756] R10: 0000000001a4243c R11: 0000000000000206 R12: 00002000000006c0
[ 101.666812][ T6756] R13: 00007ffca2559170 R14: 0000000000000000 R15: 0000200000000700
[ 101.666822][ T6756]
[ 101.666830][ T6756] BTRFS error (device loop0 state A): Transaction aborted (error -12)
[ 101.666842][ T6756] BTRFS: error (device loop0 state A) in btrfs_add_to_free_space_tree:1035: errno=-12 Out of memory
[ 101.666853][ T6756] BTRFS info (device loop0 state EA): forced readonly
[ 101.666861][ T6756] BTRFS: error (device loop0 state EA) in do_free_extent_accounting:3005: errno=-12 Out of memory
[pid 6773] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[ 101.666876][ T6756] BTRFS error (device loop0 state EA): failed to run delayed ref for logical 5386240 num_bytes 4096 type 176 action 2 ref_mod 1: -12
[ 101.666899][ T6756] BTRFS: error (device loop0 state EA) in btrfs_run_delayed_refs:2161: errno=-12 Out of memory
[ 101.666933][ T6756] BTRFS error (device loop0 state EMA): remounting read-write after error is not allowed
[ 101.748405][ T5833] BTRFS info (device loop0 state EA): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[pid 6773] munmap(0x7f6bc3f59000, 138412032) = 0
[pid 6773] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 6773] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 6773] close(3) = 0
[pid 6773] close(4) = 0
[pid 6773] mkdir("./file0", 0777) = 0
[ 102.271278][ T6773] loop0: detected capacity change from 0 to 32768
[ 102.295351][ T6773] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor410 (6773)
[ 102.315673][ T6773] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 102.315732][ T6773] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[ 102.316083][ T6773] BTRFS info (device loop0): using free-space-tree
[pid 6773] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,metadata_ratio=0x0000000000000000,ssd_spread,") = 0
[pid 6773] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 6773] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[ 102.366588][ T6773] BTRFS info (device loop0): rebuilding free space tree
[pid 6773] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 6773] chdir("./file0") = 0
[pid 6773] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 4
[pid 6773] ioctl(4, IMADDTIMER, 0x200000001b00) = 0
[pid 6773] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 6773] write(5, "31", 2) = 2
[pid 6773] mkdir(".", 0777) = -1 EEXIST (File exists)
[pid 6773] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument)
[pid 6773] exit_group(0) = ?
[pid 6773] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6773, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=12 /* 0.12 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
[ 102.447411][ T12] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 102.490176][ T6773] FAULT_INJECTION: forcing a failure.
umount2("./54", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555587b1a6f0 /* 4 entries */, 32768) = 112
[ 102.490176][ T6773] name failslab, interval 1, probability 0, space 0, times 0
[ 102.490200][ T6773] CPU: 1 UID: 0 PID: 6773 Comm: syz-executor410 Tainted: G W 6.17.0-rc1-syzkaller-00214-g99bade344cfa #0 PREEMPT_{RT,(full)}
[ 102.490216][ T6773] Tainted: [W]=WARN
[ 102.490221][ T6773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 102.490229][ T6773] Call Trace:
[ 102.490232][ T6773]
[ 102.490237][ T6773] dump_stack_lvl+0x189/0x250
[ 102.490255][ T6773] ? __pfx____ratelimit+0x10/0x10
[ 102.490267][ T6773] ? __pfx_dump_stack_lvl+0x10/0x10
[ 102.490279][ T6773] ? __pfx__printk+0x10/0x10
[ 102.490289][ T6773] ? fs_reclaim_acquire+0x7d/0x100
[ 102.490298][ T6773] ? rcu_is_watching+0x15/0xb0
[ 102.490312][ T6773] ? __pfx___might_resched+0x10/0x10
[ 102.490321][ T6773] ? lock_acquire+0x5f/0x360
[ 102.490333][ T6773] should_fail_ex+0x46c/0x600
[ 102.490346][ T6773] ? btrfs_add_to_free_space_tree+0xde/0x5b0
[ 102.490358][ T6773] should_failslab+0xa8/0x100
[ 102.490370][ T6773] ? btrfs_add_to_free_space_tree+0xde/0x5b0
umount2("./54/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./54/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./54/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./54/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555587b22730 /* 2 entries */, 32768) = 48
[ 102.490381][ T6773] kmem_cache_alloc_noprof+0x6e/0x310
[ 102.490394][ T6773] btrfs_add_to_free_space_tree+0xde/0x5b0
[ 102.490406][ T6773] __btrfs_free_extent+0x167b/0x4250
[ 102.490420][ T6773] ? __pfx___btrfs_free_extent+0x10/0x10
[ 102.490429][ T6773] ? migrate_disable+0x160/0x190
[ 102.490440][ T6773] ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 102.490450][ T6773] ? lock_release+0x4b/0x3e0
[ 102.490460][ T6773] ? __btrfs_run_delayed_refs+0x33e8/0x4150
[ 102.490501][ T6773] __btrfs_run_delayed_refs+0xe7f/0x4150
getdents64(4, 0x555587b22730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./54/file0") = 0
umount2("./54/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./54/binderfs") = 0
getdents64(3, 0x555587b1a6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./54") = 0
mkdir("./55", 0777) = 0
[ 102.490517][ T6773] ? is_bpf_text_address+0x26/0x2b0
[ 102.490533][ T6773] ? is_bpf_text_address+0x292/0x2b0
[ 102.490544][ T6773] ? __pfx___btrfs_run_delayed_refs+0x10/0x10
[ 102.490558][ T6773] ? try_to_take_rt_mutex+0x840/0xb00
[ 102.490567][ T6773] ? unwind_get_return_address+0x4d/0x90
[ 102.490579][ T6773] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 102.490589][ T6773] ? arch_stack_walk+0xfc/0x150
[ 102.490603][ T6773] ? rtlock_slowlock_locked+0xd8/0x4010
[ 102.490614][ T6773] ? stack_trace_save+0x9c/0xe0
[ 102.490622][ T6773] ? __pfx_stack_trace_save+0x10/0x10
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
[ 102.490632][ T6773] ? stack_depot_save_flags+0x40/0x860
[ 102.490643][ T6773] ? btrfs_commit_transaction+0x161/0x3950
[ 102.490656][ T6773] ? rcu_is_watching+0x15/0xb0
[ 102.490668][ T6773] ? lock_acquire+0x5f/0x360
[ 102.490678][ T6773] ? rcu_is_watching+0x15/0xb0
[ 102.490691][ T6773] btrfs_run_delayed_refs+0xe6/0x3b0
[ 102.490705][ T6773] btrfs_commit_transaction+0x269/0x3950
[ 102.490717][ T6773] ? rcu_is_watching+0x15/0xb0
[ 102.490729][ T6773] ? btrfs_commit_transaction+0x161/0x3950
[ 102.490739][ T6773] ? lock_acquire+0x5f/0x360
[ 102.490750][ T6773] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 102.490762][ T6773] ? rt_mutex_slowunlock+0x493/0x8a0
[ 102.490770][ T6773] ? migrate_disable+0xd5/0x190
[ 102.490781][ T6773] ? join_transaction+0x41b/0xca0
[ 102.490792][ T6773] ? rcu_is_watching+0x15/0xb0
[ 102.490804][ T6773] ? lock_acquire+0x5f/0x360
[ 102.490815][ T6773] ? __pfx_btrfs_commit_transaction+0x10/0x10
[ 102.490827][ T6773] ? join_transaction+0x41b/0xca0
[ 102.490839][ T6773] ? btrfs_record_root_in_trans+0x91/0x180
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555587b19650) = 6790
./strace-static-x86_64: Process 6790 attached
[ 102.490850][ T6773] ? start_transaction+0x439/0x1620
[ 102.490864][ T6773] ? btrfs_attach_transaction_barrier+0x32/0xa0
[ 102.490875][ T6773] ? btrfs_sync_fs+0x1b2/0x6a0
[ 102.490887][ T6773] sync_filesystem+0x1ce/0x250
[ 102.490900][ T6773] btrfs_reconfigure+0x2fa/0x2160
[ 102.490912][ T6773] ? __pfx_list_lru_walk_node+0x10/0x10
[ 102.490924][ T6773] ? __pfx_btrfs_reconfigure+0x10/0x10
[ 102.490933][ T6773] ? __pfx_shrink_dcache_sb+0x10/0x10
[ 102.490947][ T6773] ? rcu_is_watching+0x15/0xb0
[pid 6790] set_robust_list(0x555587b19660, 24) = 0
[pid 6790] chdir("./55") = 0
[pid 6790] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 6790] setpgid(0, 0) = 0
[pid 6790] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 6790] write(3, "1000", 4) = 4
[pid 6790] close(3) = 0
[ 102.490960][ T6773] reconfigure_super+0x224/0x890
[ 102.490972][ T6773] path_mount+0xd18/0xfe0
[ 102.490985][ T6773] __se_sys_mount+0x317/0x410
[ 102.490998][ T6773] ? __pfx___se_sys_mount+0x10/0x10
[ 102.491009][ T6773] ? rcu_is_watching+0x15/0xb0
[ 102.491023][ T6773] ? __x64_sys_mount+0x20/0xc0
[ 102.491034][ T6773] do_syscall_64+0xfa/0x3b0
[ 102.491046][ T6773] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 102.491055][ T6773] ? clear_bhb_loop+0x60/0xb0
[ 102.491064][ T6773] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 102.491073][ T6773] RIP: 0033:0x7f6bcc3a931a
[pid 6790] symlink("/dev/binderfs", "./binderfs") = 0
[pid 6790] write(1, "executing program\n", 18executing program
) = 18
[pid 6790] memfd_create("syzkaller", 0) = 3
[pid 6790] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6bc3f59000
[ 102.491083][ T6773] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 3e 07 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 102.491091][ T6773] RSP: 002b:00007ffca25590d8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 102.491102][ T6773] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6bcc3a931a
[ 102.491110][ T6773] RDX: 0000200000000180 RSI: 00002000000006c0 RDI: 0000000000000000
[ 102.491116][ T6773] RBP: 0000200000000180 R08: 00007ffca2559170 R09: 0000200000000080
[ 102.491123][ T6773] R10: 0000000001a4243c R11: 0000000000000206 R12: 00002000000006c0
[ 102.491129][ T6773] R13: 00007ffca2559170 R14: 0000000000000000 R15: 0000200000000700
[ 102.491138][ T6773]
[ 102.491144][ T6773] BTRFS error (device loop0 state A): Transaction aborted (error -12)
[ 102.491156][ T6773] BTRFS: error (device loop0 state A) in btrfs_add_to_free_space_tree:1035: errno=-12 Out of memory
[ 102.491166][ T6773] BTRFS info (device loop0 state EA): forced readonly
[ 102.491174][ T6773] BTRFS: error (device loop0 state EA) in do_free_extent_accounting:3005: errno=-12 Out of memory
[ 102.491193][ T6773] BTRFS error (device loop0 state EA): failed to run delayed ref for logical 5394432 num_bytes 4096 type 176 action 2 ref_mod 1: -12
[ 102.491215][ T6773] BTRFS: error (device loop0 state EA) in btrfs_run_delayed_refs:2161: errno=-12 Out of memory
[ 102.491314][ T6773] BTRFS error (device loop0 state EMA): remounting read-write after error is not allowed
[pid 6790] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 6790] munmap(0x7f6bc3f59000, 138412032) = 0
[pid 6790] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 102.609408][ T5833] BTRFS info (device loop0 state EA): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[pid 6790] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 6790] close(3) = 0
[pid 6790] close(4) = 0
[pid 6790] mkdir("./file0", 0777) = 0
[ 103.099684][ T6790] loop0: detected capacity change from 0 to 32768
[ 103.103379][ T6790] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor410 (6790)
[ 103.116350][ T6790] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 103.116411][ T6790] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[ 103.116481][ T6790] BTRFS info (device loop0): using free-space-tree
[pid 6790] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,metadata_ratio=0x0000000000000000,ssd_spread,") = 0
[pid 6790] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[ 103.175323][ T6790] BTRFS info (device loop0): rebuilding free space tree
[pid 6790] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid 6790] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 6790] chdir("./file0") = 0
[pid 6790] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 4
[pid 6790] ioctl(4, IMADDTIMER, 0x200000001b00) = 0
[pid 6790] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 6790] write(5, "31", 2) = 2
[pid 6790] mkdir(".", 0777) = -1 EEXIST (File exists)
[pid 6790] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = 0
[pid 6790] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 6
[pid 6790] exit_group(0) = ?
[pid 6790] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6790, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=12 /* 0.12 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./55", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[ 103.253814][ T12] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555587b1a6f0 /* 4 entries */, 32768) = 112
umount2("./55/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./55/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 103.379992][ T5833] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
newfstatat(AT_FDCWD, "./55/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./55/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555587b22730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555587b22730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./55/file0") = 0
umount2("./55/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./55/binderfs") = 0
getdents64(3, 0x555587b1a6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./55") = 0
mkdir("./56", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6807 attached
, child_tidptr=0x555587b19650) = 6807
[pid 6807] set_robust_list(0x555587b19660, 24) = 0
[pid 6807] chdir("./56") = 0
[pid 6807] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 6807] setpgid(0, 0) = 0
[pid 6807] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 6807] write(3, "1000", 4) = 4
[pid 6807] close(3) = 0
[pid 6807] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 6807] write(1, "executing program\n", 18) = 18
[pid 6807] memfd_create("syzkaller", 0) = 3
[pid 6807] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6bc3f59000
[pid 6807] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 6807] munmap(0x7f6bc3f59000, 138412032) = 0
[pid 6807] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 6807] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 6807] close(3) = 0
[pid 6807] close(4) = 0
[pid 6807] mkdir("./file0", 0777) = 0
[ 103.920220][ T6807] loop0: detected capacity change from 0 to 32768
[ 103.925920][ T6807] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor410 (6807)
[ 103.946459][ T6807] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 103.946523][ T6807] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[ 103.946602][ T6807] BTRFS info (device loop0): using free-space-tree
[pid 6807] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,metadata_ratio=0x0000000000000000,ssd_spread,") = 0
[pid 6807] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 6807] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid 6807] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 6807] chdir("./file0") = 0
[pid 6807] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 4
[pid 6807] ioctl(4, IMADDTIMER, 0x200000001b00) = 0
[pid 6807] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 6807] write(5, "31", 2) = 2
[pid 6807] mkdir(".", 0777) = -1 EEXIST (File exists)
[ 104.016713][ T6807] BTRFS info (device loop0): rebuilding free space tree
[pid 6807] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = 0
[pid 6807] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 6
[pid 6807] exit_group(0) = ?
[pid 6807] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6807, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=9 /* 0.09 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
[ 104.083470][ T69] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
umount2("./56", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555587b1a6f0 /* 4 entries */, 32768) = 112
umount2("./56/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./56/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 104.199922][ T5833] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
newfstatat(AT_FDCWD, "./56/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./56/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./56/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555587b22730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555587b22730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./56/file0") = 0
umount2("./56/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./56/binderfs") = 0
getdents64(3, 0x555587b1a6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./56") = 0
mkdir("./57", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6825 attached
, child_tidptr=0x555587b19650) = 6825
[pid 6825] set_robust_list(0x555587b19660, 24) = 0
[pid 6825] chdir("./57") = 0
[pid 6825] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 6825] setpgid(0, 0) = 0
[pid 6825] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 6825] write(3, "1000", 4) = 4
[pid 6825] close(3) = 0
[pid 6825] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 6825] write(1, "executing program\n", 18) = 18
[pid 6825] memfd_create("syzkaller", 0) = 3
[pid 6825] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6bc3f59000
[pid 6825] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 6825] munmap(0x7f6bc3f59000, 138412032) = 0
[pid 6825] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 6825] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 6825] close(3) = 0
[pid 6825] close(4) = 0
[pid 6825] mkdir("./file0", 0777) = 0
[ 104.678275][ T6825] loop0: detected capacity change from 0 to 32768
[ 104.692394][ T6825] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor410 (6825)
[ 104.697966][ T6825] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 104.698026][ T6825] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[ 104.698116][ T6825] BTRFS info (device loop0): using free-space-tree
[pid 6825] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,metadata_ratio=0x0000000000000000,ssd_spread,") = 0
[pid 6825] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 6825] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[ 104.747580][ T6825] BTRFS info (device loop0): rebuilding free space tree
[pid 6825] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 6825] chdir("./file0") = 0
[pid 6825] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 4
[pid 6825] ioctl(4, IMADDTIMER, 0x200000001b00) = 0
[pid 6825] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 6825] write(5, "31", 2) = 2
[pid 6825] mkdir(".", 0777) = -1 EEXIST (File exists)
[ 104.822220][ T12] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[pid 6825] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = 0
[pid 6825] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 6
[pid 6825] exit_group(0) = ?
[pid 6825] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6825, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=8 /* 0.08 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./57", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555587b1a6f0 /* 4 entries */, 32768) = 112
[ 104.872736][ T6825] FAULT_INJECTION: forcing a failure.
[ 104.872736][ T6825] name failslab, interval 1, probability 0, space 0, times 0
[ 104.872773][ T6825] CPU: 1 UID: 0 PID: 6825 Comm: syz-executor410 Tainted: G W 6.17.0-rc1-syzkaller-00214-g99bade344cfa #0 PREEMPT_{RT,(full)}
[ 104.872800][ T6825] Tainted: [W]=WARN
[ 104.872806][ T6825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 104.872816][ T6825] Call Trace:
[ 104.872822][ T6825]
[ 104.872830][ T6825] dump_stack_lvl+0x189/0x250
[ 104.872857][ T6825] ? __pfx____ratelimit+0x10/0x10
[ 104.872878][ T6825] ? __pfx_dump_stack_lvl+0x10/0x10
[ 104.872899][ T6825] ? __pfx__printk+0x10/0x10
[ 104.872917][ T6825] ? fs_reclaim_acquire+0x7d/0x100
[ 104.872932][ T6825] ? rcu_is_watching+0x15/0xb0
[ 104.872954][ T6825] ? __pfx___might_resched+0x10/0x10
[ 104.872972][ T6825] ? lock_acquire+0x5f/0x360
[ 104.872993][ T6825] should_fail_ex+0x46c/0x600
[ 104.873015][ T6825] ? alloc_extent_state+0x22/0x2f0
[ 104.873036][ T6825] should_failslab+0xa8/0x100
[ 104.873060][ T6825] ? alloc_extent_state+0x22/0x2f0
[ 104.873080][ T6825] kmem_cache_alloc_noprof+0x6e/0x310
[ 104.873103][ T6825] alloc_extent_state+0x22/0x2f0
[ 104.873126][ T6825] set_extent_bit+0x270/0x21e0
[ 104.873154][ T6825] ? rt_mutex_slowunlock+0x493/0x8a0
[ 104.873171][ T6825] ? __pfx_set_extent_bit+0x10/0x10
[ 104.873203][ T6825] ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 104.873220][ T6825] ? lock_release+0x4b/0x3e0
[ 104.873241][ T6825] btrfs_set_extent_bit+0x38/0x50
umount2("./57/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[ 104.873265][ T6825] btrfs_update_block_group+0x712/0xb00
[ 104.873293][ T6825] __btrfs_free_extent+0x16a0/0x4250
[ 104.873319][ T6825] ? __pfx___btrfs_free_extent+0x10/0x10
[ 104.873337][ T6825] ? migrate_disable+0x160/0x190
[ 104.873357][ T6825] ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 104.873374][ T6825] ? lock_release+0x4b/0x3e0
[ 104.873398][ T6825] __btrfs_run_delayed_refs+0xe7f/0x4150
[ 104.873429][ T6825] ? is_bpf_text_address+0x26/0x2b0
[ 104.873457][ T6825] ? is_bpf_text_address+0x292/0x2b0
[ 104.873479][ T6825] ? __pfx___btrfs_run_delayed_refs+0x10/0x10
umount2("./57/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./57/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./57/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./57/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555587b22730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555587b22730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./57/file0") = 0
umount2("./57/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./57/binderfs") = 0
[ 104.873504][ T6825] ? try_to_take_rt_mutex+0x840/0xb00
[ 104.873520][ T6825] ? unwind_get_return_address+0x4d/0x90
[ 104.873542][ T6825] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 104.873559][ T6825] ? arch_stack_walk+0xfc/0x150
[ 104.873585][ T6825] ? rtlock_slowlock_locked+0xd8/0x4010
[ 104.873602][ T6825] ? stack_trace_save+0x9c/0xe0
[ 104.873619][ T6825] ? __pfx_stack_trace_save+0x10/0x10
[ 104.873637][ T6825] ? stack_depot_save_flags+0x40/0x860
[ 104.873658][ T6825] ? btrfs_commit_transaction+0x161/0x3950
getdents64(3, 0x555587b1a6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./57") = 0
mkdir("./58", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
[ 104.873679][ T6825] ? rcu_is_watching+0x15/0xb0
[ 104.873701][ T6825] ? lock_acquire+0x5f/0x360
[ 104.873721][ T6825] ? rcu_is_watching+0x15/0xb0
[ 104.873745][ T6825] btrfs_run_delayed_refs+0xe6/0x3b0
[ 104.873770][ T6825] btrfs_commit_transaction+0x269/0x3950
[ 104.873792][ T6825] ? rcu_is_watching+0x15/0xb0
[ 104.873815][ T6825] ? btrfs_commit_transaction+0x161/0x3950
[ 104.873836][ T6825] ? lock_acquire+0x5f/0x360
[ 104.873854][ T6825] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 104.873876][ T6825] ? rt_mutex_slowunlock+0x493/0x8a0
[ 104.873891][ T6825] ? migrate_disable+0xd5/0x190
[ 104.873911][ T6825] ? join_transaction+0x41b/0xca0
[ 104.873931][ T6825] ? rcu_is_watching+0x15/0xb0
[ 104.873953][ T6825] ? lock_acquire+0x5f/0x360
[ 104.873974][ T6825] ? __pfx_btrfs_commit_transaction+0x10/0x10
[ 104.873996][ T6825] ? join_transaction+0x41b/0xca0
[ 104.874020][ T6825] ? btrfs_record_root_in_trans+0x91/0x180
[ 104.874041][ T6825] ? start_transaction+0x439/0x1620
[ 104.874067][ T6825] ? btrfs_attach_transaction_barrier+0x32/0xa0
close(3) = 0
[ 104.874086][ T6825] ? btrfs_sync_fs+0x1b2/0x6a0
[ 104.874109][ T6825] sync_filesystem+0x1ce/0x250
[ 104.874133][ T6825] btrfs_reconfigure+0x2fa/0x2160
[ 104.874154][ T6825] ? __pfx_list_lru_walk_node+0x10/0x10
[ 104.874179][ T6825] ? __pfx_btrfs_reconfigure+0x10/0x10
[ 104.874203][ T6825] ? __pfx_shrink_dcache_sb+0x10/0x10
[ 104.874228][ T6825] ? rcu_is_watching+0x15/0xb0
[ 104.874253][ T6825] reconfigure_super+0x224/0x890
[ 104.874275][ T6825] path_mount+0xd18/0xfe0
[ 104.874300][ T6825] __se_sys_mount+0x317/0x410
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555587b19650) = 6843
./strace-static-x86_64: Process 6843 attached
[pid 6843] set_robust_list(0x555587b19660, 24) = 0
[pid 6843] chdir("./58") = 0
[pid 6843] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 6843] setpgid(0, 0) = 0
[pid 6843] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 6843] write(3, "1000", 4) = 4
[pid 6843] close(3) = 0
[pid 6843] symlink("/dev/binderfs", "./binderfs") = 0
[pid 6843] write(1, "executing program\n", 18executing program
) = 18
[ 104.874324][ T6825] ? __pfx___se_sys_mount+0x10/0x10
[ 104.874345][ T6825] ? rcu_is_watching+0x15/0xb0
[ 104.874370][ T6825] ? __x64_sys_mount+0x20/0xc0
[ 104.874391][ T6825] do_syscall_64+0xfa/0x3b0
[ 104.874413][ T6825] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 104.874430][ T6825] ? clear_bhb_loop+0x60/0xb0
[ 104.874448][ T6825] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 104.874465][ T6825] RIP: 0033:0x7f6bcc3a931a
[pid 6843] memfd_create("syzkaller", 0) = 3
[pid 6843] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6bc3f59000
[ 104.874480][ T6825] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 3e 07 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 104.874496][ T6825] RSP: 002b:00007ffca25590d8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 104.874516][ T6825] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6bcc3a931a
[ 104.874529][ T6825] RDX: 0000200000000180 RSI: 00002000000006c0 RDI: 0000000000000000
[ 104.874541][ T6825] RBP: 0000200000000180 R08: 00007ffca2559170 R09: 0000200000000080
[ 104.874554][ T6825] R10: 0000000001a4243c R11: 0000000000000206 R12: 00002000000006c0
[ 104.874566][ T6825] R13: 00007ffca2559170 R14: 0000000000000000 R15: 0000200000000700
[ 104.874584][ T6825]
[ 105.018608][ T5833] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[pid 6843] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 6843] munmap(0x7f6bc3f59000, 138412032) = 0
[pid 6843] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 6843] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 6843] close(3) = 0
[pid 6843] close(4) = 0
[pid 6843] mkdir("./file0", 0777) = 0
[ 105.479233][ T6843] loop0: detected capacity change from 0 to 32768
[ 105.495449][ T6843] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor410 (6843)
[ 105.516596][ T6843] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[pid 6843] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,metadata_ratio=0x0000000000000000,ssd_spread,") = 0
[ 105.516657][ T6843] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[ 105.516711][ T6843] BTRFS info (device loop0): using free-space-tree
[ 105.570917][ T6843] BTRFS info (device loop0): rebuilding free space tree
[pid 6843] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 6843] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid 6843] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 6843] chdir("./file0") = 0
[pid 6843] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 4
[pid 6843] ioctl(4, IMADDTIMER, 0x200000001b00) = 0
[pid 6843] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 6843] write(5, "31", 2) = 2
[pid 6843] mkdir(".", 0777) = -1 EEXIST (File exists)
[pid 6843] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument)
[pid 6843] exit_group(0) = ?
[pid 6843] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6843, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=9 /* 0.09 s */} ---
umount2("./58", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555587b1a6f0 /* 4 entries */, 32768) = 112
[ 105.628823][ T69] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 105.633261][ T6843] FAULT_INJECTION: forcing a failure.
[ 105.633261][ T6843] name failslab, interval 1, probability 0, space 0, times 0
[ 105.633294][ T6843] CPU: 1 UID: 0 PID: 6843 Comm: syz-executor410 Tainted: G W 6.17.0-rc1-syzkaller-00214-g99bade344cfa #0 PREEMPT_{RT,(full)}
[ 105.633322][ T6843] Tainted: [W]=WARN
[ 105.633329][ T6843] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 105.633340][ T6843] Call Trace:
[ 105.633347][ T6843]
[ 105.633354][ T6843] dump_stack_lvl+0x189/0x250
[ 105.633381][ T6843] ? __pfx____ratelimit+0x10/0x10
[ 105.633400][ T6843] ? __pfx_dump_stack_lvl+0x10/0x10
[ 105.633422][ T6843] ? __pfx__printk+0x10/0x10
[ 105.633438][ T6843] ? fs_reclaim_acquire+0x7d/0x100
[ 105.633452][ T6843] ? rcu_is_watching+0x15/0xb0
[ 105.633468][ T6843] ? __pfx___might_resched+0x10/0x10
[ 105.633478][ T6843] ? lock_acquire+0x5f/0x360
[ 105.633490][ T6843] should_fail_ex+0x46c/0x600
[ 105.633502][ T6843] ? btrfs_add_to_free_space_tree+0xde/0x5b0
[ 105.633514][ T6843] should_failslab+0xa8/0x100
[ 105.633527][ T6843] ? btrfs_add_to_free_space_tree+0xde/0x5b0
[ 105.633537][ T6843] kmem_cache_alloc_noprof+0x6e/0x310
[ 105.633550][ T6843] btrfs_add_to_free_space_tree+0xde/0x5b0
[ 105.633562][ T6843] __btrfs_free_extent+0x167b/0x4250
[ 105.633576][ T6843] ? __pfx___btrfs_free_extent+0x10/0x10
[ 105.633586][ T6843] ? migrate_disable+0x160/0x190
[ 105.633597][ T6843] ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 105.633607][ T6843] ? lock_release+0x4b/0x3e0
[ 105.633617][ T6843] ? __btrfs_run_delayed_refs+0x33e8/0x4150
[ 105.633632][ T6843] __btrfs_run_delayed_refs+0xe7f/0x4150
[ 105.633648][ T6843] ? is_bpf_text_address+0x26/0x2b0
[ 105.633664][ T6843] ? is_bpf_text_address+0x292/0x2b0
[ 105.633675][ T6843] ? __pfx___btrfs_run_delayed_refs+0x10/0x10
[ 105.633689][ T6843] ? try_to_take_rt_mutex+0x840/0xb00
[ 105.633698][ T6843] ? unwind_get_return_address+0x4d/0x90
umount2("./58/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./58/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./58/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./58/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./58/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555587b22730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555587b22730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./58/file0") = 0
umount2("./58/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./58/binderfs") = 0
getdents64(3, 0x555587b1a6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./58") = 0
[ 105.633710][ T6843] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 105.633721][ T6843] ? arch_stack_walk+0xfc/0x150
[ 105.633735][ T6843] ? rtlock_slowlock_locked+0xd8/0x4010
[ 105.633745][ T6843] ? stack_trace_save+0x9c/0xe0
[ 105.633753][ T6843] ? __pfx_stack_trace_save+0x10/0x10
[ 105.633763][ T6843] ? stack_depot_save_flags+0x40/0x860
[ 105.633775][ T6843] ? btrfs_commit_transaction+0x161/0x3950
[ 105.633787][ T6843] ? rcu_is_watching+0x15/0xb0
[ 105.633799][ T6843] ? lock_acquire+0x5f/0x360
[ 105.633809][ T6843] ? rcu_is_watching+0x15/0xb0
mkdir("./59", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
[ 105.633822][ T6843] btrfs_run_delayed_refs+0xe6/0x3b0
[ 105.633836][ T6843] btrfs_commit_transaction+0x269/0x3950
[ 105.633847][ T6843] ? rcu_is_watching+0x15/0xb0
[ 105.633859][ T6843] ? btrfs_commit_transaction+0x161/0x3950
[ 105.633878][ T6843] ? lock_acquire+0x5f/0x360
[ 105.633888][ T6843] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 105.633900][ T6843] ? rt_mutex_slowunlock+0x493/0x8a0
[ 105.633909][ T6843] ? migrate_disable+0xd5/0x190
[ 105.633919][ T6843] ? join_transaction+0x41b/0xca0
[ 105.633930][ T6843] ? rcu_is_watching+0x15/0xb0
[ 105.633942][ T6843] ? lock_acquire+0x5f/0x360
[ 105.633953][ T6843] ? __pfx_btrfs_commit_transaction+0x10/0x10
[ 105.633965][ T6843] ? join_transaction+0x41b/0xca0
[ 105.633978][ T6843] ? btrfs_record_root_in_trans+0x91/0x180
[ 105.633989][ T6843] ? start_transaction+0x439/0x1620
[ 105.634002][ T6843] ? btrfs_attach_transaction_barrier+0x32/0xa0
[ 105.634013][ T6843] ? btrfs_sync_fs+0x1b2/0x6a0
[ 105.634026][ T6843] sync_filesystem+0x1ce/0x250
[ 105.634039][ T6843] btrfs_reconfigure+0x2fa/0x2160
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6861 attached
, child_tidptr=0x555587b19650) = 6861
[pid 6861] set_robust_list(0x555587b19660, 24) = 0
[pid 6861] chdir("./59") = 0
[pid 6861] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 6861] setpgid(0, 0) = 0
[ 105.634050][ T6843] ? __pfx_list_lru_walk_node+0x10/0x10
[ 105.634063][ T6843] ? __pfx_btrfs_reconfigure+0x10/0x10
[ 105.634073][ T6843] ? __pfx_shrink_dcache_sb+0x10/0x10
[ 105.634087][ T6843] ? rcu_is_watching+0x15/0xb0
[ 105.634100][ T6843] reconfigure_super+0x224/0x890
[ 105.634112][ T6843] path_mount+0xd18/0xfe0
[ 105.634128][ T6843] __se_sys_mount+0x317/0x410
[ 105.634141][ T6843] ? __pfx___se_sys_mount+0x10/0x10
[ 105.634154][ T6843] ? __x64_sys_mount+0x20/0xc0
[ 105.634166][ T6843] do_syscall_64+0xfa/0x3b0
[pid 6861] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 6861] write(3, "1000", 4) = 4
[pid 6861] close(3) = 0
[pid 6861] symlink("/dev/binderfs", "./binderfs") = 0
[pid 6861] write(1, "executing program\n", 18executing program
) = 18
[pid 6861] memfd_create("syzkaller", 0) = 3
[pid 6861] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6bc3f59000
[ 105.634177][ T6843] ? rcu_is_watching+0x15/0xb0
[ 105.634189][ T6843] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 105.634198][ T6843] ? clear_bhb_loop+0x60/0xb0
[ 105.634208][ T6843] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 105.634217][ T6843] RIP: 0033:0x7f6bcc3a931a
[ 105.634227][ T6843] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 3e 07 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 105.634240][ T6843] RSP: 002b:00007ffca25590d8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 105.634251][ T6843] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6bcc3a931a
[ 105.634258][ T6843] RDX: 0000200000000180 RSI: 00002000000006c0 RDI: 0000000000000000
[ 105.634265][ T6843] RBP: 0000200000000180 R08: 00007ffca2559170 R09: 0000200000000080
[ 105.634272][ T6843] R10: 0000000001a4243c R11: 0000000000000206 R12: 00002000000006c0
[ 105.634278][ T6843] R13: 00007ffca2559170 R14: 0000000000000000 R15: 0000200000000700
[ 105.634288][ T6843]
[ 105.634294][ T6843] BTRFS error (device loop0 state A): Transaction aborted (error -12)
[ 105.634306][ T6843] BTRFS: error (device loop0 state A) in btrfs_add_to_free_space_tree:1035: errno=-12 Out of memory
[ 105.634316][ T6843] BTRFS info (device loop0 state EA): forced readonly
[ 105.634325][ T6843] BTRFS: error (device loop0 state EA) in do_free_extent_accounting:3005: errno=-12 Out of memory
[ 105.634340][ T6843] BTRFS error (device loop0 state EA): failed to run delayed ref for logical 5394432 num_bytes 4096 type 176 action 2 ref_mod 1: -12
[pid 6861] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 6861] munmap(0x7f6bc3f59000, 138412032) = 0
[pid 6861] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 6861] ioctl(4, LOOP_SET_FD, 3) = 0
[ 105.634361][ T6843] BTRFS: error (device loop0 state EA) in btrfs_run_delayed_refs:2161: errno=-12 Out of memory
[ 105.634392][ T6843] BTRFS error (device loop0 state EMA): remounting read-write after error is not allowed
[ 105.699681][ T5833] BTRFS info (device loop0 state EA): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[pid 6861] close(3) = 0
[pid 6861] close(4) = 0
[pid 6861] mkdir("./file0", 0777) = 0
[ 106.237811][ T6861] loop0: detected capacity change from 0 to 32768
[ 106.262958][ T6861] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor410 (6861)
[ 106.276859][ T6861] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[pid 6861] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,metadata_ratio=0x0000000000000000,ssd_spread,") = 0
[pid 6861] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 6861] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[ 106.276928][ T6861] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[ 106.276984][ T6861] BTRFS info (device loop0): using free-space-tree
[ 106.326301][ T6861] BTRFS info (device loop0): rebuilding free space tree
[pid 6861] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 6861] chdir("./file0") = 0
[pid 6861] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 4
[pid 6861] ioctl(4, IMADDTIMER, 0x200000001b00) = 0
[pid 6861] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 6861] write(5, "31", 2) = 2
[pid 6861] mkdir(".", 0777) = -1 EEXIST (File exists)
[pid 6861] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument)
[pid 6861] exit_group(0) = ?
[pid 6861] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6861, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=11 /* 0.11 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./59", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[ 106.385787][ T12] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 106.387692][ T6861] FAULT_INJECTION: forcing a failure.
[ 106.387692][ T6861] name failslab, interval 1, probability 0, space 0, times 0
[ 106.387715][ T6861] CPU: 1 UID: 0 PID: 6861 Comm: syz-executor410 Tainted: G W 6.17.0-rc1-syzkaller-00214-g99bade344cfa #0 PREEMPT_{RT,(full)}
[ 106.387731][ T6861] Tainted: [W]=WARN
[ 106.387734][ T6861] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555587b1a6f0 /* 4 entries */, 32768) = 112
[ 106.387741][ T6861] Call Trace:
[ 106.387745][ T6861]
[ 106.387749][ T6861] dump_stack_lvl+0x189/0x250
[ 106.387767][ T6861] ? __pfx____ratelimit+0x10/0x10
[ 106.387780][ T6861] ? __pfx_dump_stack_lvl+0x10/0x10
[ 106.387792][ T6861] ? __pfx__printk+0x10/0x10
[ 106.387802][ T6861] ? fs_reclaim_acquire+0x7d/0x100
[ 106.387814][ T6861] ? rcu_is_watching+0x15/0xb0
[ 106.387829][ T6861] ? __pfx___might_resched+0x10/0x10
[ 106.387839][ T6861] ? lock_acquire+0x5f/0x360
[ 106.387851][ T6861] should_fail_ex+0x46c/0x600
umount2("./59/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[ 106.387863][ T6861] ? btrfs_add_to_free_space_tree+0xde/0x5b0
[ 106.387875][ T6861] should_failslab+0xa8/0x100
[ 106.387888][ T6861] ? btrfs_add_to_free_space_tree+0xde/0x5b0
[ 106.387898][ T6861] kmem_cache_alloc_noprof+0x6e/0x310
[ 106.387911][ T6861] btrfs_add_to_free_space_tree+0xde/0x5b0
[ 106.387923][ T6861] __btrfs_free_extent+0x167b/0x4250
[ 106.387937][ T6861] ? __pfx___btrfs_free_extent+0x10/0x10
[ 106.387946][ T6861] ? migrate_disable+0x160/0x190
[ 106.387957][ T6861] ? __pfx_rt_mutex_slowunlock+0x10/0x10
umount2("./59/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./59/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./59/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./59/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555587b22730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555587b22730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./59/file0") = 0
[ 106.387967][ T6861] ? lock_release+0x4b/0x3e0
[ 106.387977][ T6861] ? __btrfs_run_delayed_refs+0x33e8/0x4150
[ 106.387992][ T6861] __btrfs_run_delayed_refs+0xe7f/0x4150
[ 106.388008][ T6861] ? is_bpf_text_address+0x26/0x2b0
[ 106.388024][ T6861] ? is_bpf_text_address+0x292/0x2b0
[ 106.388036][ T6861] ? __pfx___btrfs_run_delayed_refs+0x10/0x10
[ 106.388050][ T6861] ? try_to_take_rt_mutex+0x840/0xb00
[ 106.388068][ T6861] ? unwind_get_return_address+0x4d/0x90
[ 106.388081][ T6861] ? __pfx_stack_trace_consume_entry+0x10/0x10
umount2("./59/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./59/binderfs") = 0
[ 106.388091][ T6861] ? arch_stack_walk+0xfc/0x150
[ 106.388105][ T6861] ? rtlock_slowlock_locked+0xd8/0x4010
[ 106.388114][ T6861] ? stack_trace_save+0x9c/0xe0
[ 106.388123][ T6861] ? __pfx_stack_trace_save+0x10/0x10
[ 106.388132][ T6861] ? stack_depot_save_flags+0x40/0x860
[ 106.388144][ T6861] ? btrfs_commit_transaction+0x161/0x3950
[ 106.388156][ T6861] ? rcu_is_watching+0x15/0xb0
[ 106.388168][ T6861] ? lock_acquire+0x5f/0x360
[ 106.388179][ T6861] ? rcu_is_watching+0x15/0xb0
getdents64(3, 0x555587b1a6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./59") = 0
mkdir("./60", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
[ 106.388192][ T6861] btrfs_run_delayed_refs+0xe6/0x3b0
[ 106.388205][ T6861] btrfs_commit_transaction+0x269/0x3950
[ 106.388217][ T6861] ? rcu_is_watching+0x15/0xb0
[ 106.388229][ T6861] ? btrfs_commit_transaction+0x161/0x3950
[ 106.388240][ T6861] ? lock_acquire+0x5f/0x360
[ 106.388251][ T6861] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 106.388263][ T6861] ? rt_mutex_slowunlock+0x493/0x8a0
[ 106.388271][ T6861] ? migrate_disable+0xd5/0x190
[ 106.388282][ T6861] ? join_transaction+0x41b/0xca0
[ 106.388292][ T6861] ? rcu_is_watching+0x15/0xb0
[ 106.388305][ T6861] ? lock_acquire+0x5f/0x360
[ 106.388316][ T6861] ? __pfx_btrfs_commit_transaction+0x10/0x10
[ 106.388328][ T6861] ? join_transaction+0x41b/0xca0
[ 106.388340][ T6861] ? btrfs_record_root_in_trans+0x91/0x180
[ 106.388351][ T6861] ? start_transaction+0x439/0x1620
[ 106.388365][ T6861] ? btrfs_attach_transaction_barrier+0x32/0xa0
[ 106.388376][ T6861] ? btrfs_sync_fs+0x1b2/0x6a0
[ 106.388389][ T6861] sync_filesystem+0x1ce/0x250
[ 106.388402][ T6861] btrfs_reconfigure+0x2fa/0x2160
[ 106.388412][ T6861] ? __pfx_list_lru_walk_node+0x10/0x10
[ 106.388425][ T6861] ? __pfx_btrfs_reconfigure+0x10/0x10
[ 106.388434][ T6861] ? __pfx_shrink_dcache_sb+0x10/0x10
[ 106.388448][ T6861] ? rcu_is_watching+0x15/0xb0
[ 106.388462][ T6861] reconfigure_super+0x224/0x890
[ 106.388474][ T6861] path_mount+0xd18/0xfe0
[ 106.388488][ T6861] __se_sys_mount+0x317/0x410
[ 106.388500][ T6861] ? __pfx___se_sys_mount+0x10/0x10
[ 106.388512][ T6861] ? rcu_is_watching+0x15/0xb0
[ 106.388525][ T6861] ? __x64_sys_mount+0x20/0xc0
[ 106.388537][ T6861] do_syscall_64+0xfa/0x3b0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6878 attached
, child_tidptr=0x555587b19650) = 6878
[pid 6878] set_robust_list(0x555587b19660, 24) = 0
[pid 6878] chdir("./60") = 0
[pid 6878] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 6878] setpgid(0, 0) = 0
[ 106.388549][ T6861] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 106.388558][ T6861] ? clear_bhb_loop+0x60/0xb0
[ 106.388568][ T6861] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 106.388577][ T6861] RIP: 0033:0x7f6bcc3a931a
[ 106.388586][ T6861] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 3e 07 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 106.388595][ T6861] RSP: 002b:00007ffca25590d8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[pid 6878] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 6878] write(3, "1000", 4) = 4
[pid 6878] close(3) = 0
[pid 6878] symlink("/dev/binderfs", "./binderfs") = 0
[pid 6878] write(1, "executing program\n", 18executing program
) = 18
[pid 6878] memfd_create("syzkaller", 0) = 3
[ 106.388606][ T6861] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6bcc3a931a
[ 106.388613][ T6861] RDX: 0000200000000180 RSI: 00002000000006c0 RDI: 0000000000000000
[ 106.388619][ T6861] RBP: 0000200000000180 R08: 00007ffca2559170 R09: 0000200000000080
[ 106.388626][ T6861] R10: 0000000001a4243c R11: 0000000000000206 R12: 00002000000006c0
[ 106.388632][ T6861] R13: 00007ffca2559170 R14: 0000000000000000 R15: 0000200000000700
[ 106.388642][ T6861]
[ 106.388662][ T6861] BTRFS error (device loop0 state A): Transaction aborted (error -12)
[pid 6878] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6bc3f59000
[ 106.388674][ T6861] BTRFS: error (device loop0 state A) in btrfs_add_to_free_space_tree:1035: errno=-12 Out of memory
[ 106.388684][ T6861] BTRFS info (device loop0 state EA): forced readonly
[ 106.388693][ T6861] BTRFS: error (device loop0 state EA) in do_free_extent_accounting:3005: errno=-12 Out of memory
[ 106.388709][ T6861] BTRFS error (device loop0 state EA): failed to run delayed ref for logical 5386240 num_bytes 4096 type 176 action 2 ref_mod 1: -12
[ 106.388730][ T6861] BTRFS: error (device loop0 state EA) in btrfs_run_delayed_refs:2161: errno=-12 Out of memory
[ 106.388765][ T6861] BTRFS error (device loop0 state EMA): remounting read-write after error is not allowed
[ 106.487405][ T5833] BTRFS info (device loop0 state EA): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[pid 6878] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 6878] munmap(0x7f6bc3f59000, 138412032) = 0
[pid 6878] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 6878] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 6878] close(3) = 0
[pid 6878] close(4) = 0
[pid 6878] mkdir("./file0", 0777) = 0
[ 107.050981][ T6878] loop0: detected capacity change from 0 to 32768
[ 107.066657][ T6878] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor410 (6878)
[ 107.070727][ T6878] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[pid 6878] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,metadata_ratio=0x0000000000000000,ssd_spread,") = 0
[pid 6878] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 6878] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid 6878] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 6878] chdir("./file0") = 0
[pid 6878] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 4
[pid 6878] ioctl(4, IMADDTIMER, 0x200000001b00) = 0
[pid 6878] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 6878] write(5, "31", 2) = 2
[pid 6878] mkdir(".", 0777) = -1 EEXIST (File exists)
[ 107.070789][ T6878] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[ 107.070829][ T6878] BTRFS info (device loop0): using free-space-tree
[ 107.133287][ T6878] BTRFS info (device loop0): rebuilding free space tree
[pid 6878] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = 0
[pid 6878] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 6
[pid 6878] exit_group(0) = ?
[pid 6878] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6878, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=10 /* 0.10 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./60", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[ 107.184616][ T69] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555587b1a6f0 /* 4 entries */, 32768) = 112
umount2("./60/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./60/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./60/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
[ 107.320117][ T5833] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
umount2("./60/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./60/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555587b22730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555587b22730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./60/file0") = 0
umount2("./60/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./60/binderfs") = 0
getdents64(3, 0x555587b1a6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./60") = 0
mkdir("./61", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6895 attached
, child_tidptr=0x555587b19650) = 6895
[pid 6895] set_robust_list(0x555587b19660, 24) = 0
[pid 6895] chdir("./61") = 0
[pid 6895] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 6895] setpgid(0, 0) = 0
[pid 6895] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 6895] write(3, "1000", 4) = 4
[pid 6895] close(3) = 0
[pid 6895] symlink("/dev/binderfs", "./binderfs") = 0
[pid 6895] write(1, "executing program\n", 18executing program
) = 18
[pid 6895] memfd_create("syzkaller", 0) = 3
[pid 6895] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6bc3f59000
[pid 6895] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 6895] munmap(0x7f6bc3f59000, 138412032) = 0
[pid 6895] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 6895] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 6895] close(3) = 0
[pid 6895] close(4) = 0
[pid 6895] mkdir("./file0", 0777) = 0
[ 107.807086][ T6895] loop0: detected capacity change from 0 to 32768
[ 107.836401][ T6895] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor410 (6895)
[ 107.841757][ T6895] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 107.841819][ T6895] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[ 107.841874][ T6895] BTRFS info (device loop0): using free-space-tree
[pid 6895] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,metadata_ratio=0x0000000000000000,ssd_spread,") = 0
[pid 6895] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 6895] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[ 107.907066][ T6895] BTRFS info (device loop0): rebuilding free space tree
[pid 6895] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 6895] chdir("./file0") = 0
[pid 6895] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 4
[pid 6895] ioctl(4, IMADDTIMER, 0x200000001b00) = 0
[pid 6895] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 6895] write(5, "31", 2) = 2
[pid 6895] mkdir(".", 0777) = -1 EEXIST (File exists)
[pid 6895] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument)
[pid 6895] exit_group(0) = ?
[pid 6895] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6895, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=7 /* 0.07 s */} ---
[ 107.974868][ T1901] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./61", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555587b1a6f0 /* 4 entries */, 32768) = 112
[ 108.019828][ T6895] FAULT_INJECTION: forcing a failure.
[ 108.019828][ T6895] name failslab, interval 1, probability 0, space 0, times 0
[ 108.019852][ T6895] CPU: 0 UID: 0 PID: 6895 Comm: syz-executor410 Tainted: G W 6.17.0-rc1-syzkaller-00214-g99bade344cfa #0 PREEMPT_{RT,(full)}
[ 108.019868][ T6895] Tainted: [W]=WARN
[ 108.019871][ T6895] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 108.019877][ T6895] Call Trace:
[ 108.019881][ T6895]
[ 108.019885][ T6895] dump_stack_lvl+0x189/0x250
[ 108.019904][ T6895] ? __pfx____ratelimit+0x10/0x10
[ 108.019925][ T6895] ? __pfx_dump_stack_lvl+0x10/0x10
[ 108.019939][ T6895] ? __pfx__printk+0x10/0x10
[ 108.019950][ T6895] ? fs_reclaim_acquire+0x7d/0x100
[ 108.019959][ T6895] ? rcu_is_watching+0x15/0xb0
[ 108.019972][ T6895] ? __pfx___might_resched+0x10/0x10
[ 108.019982][ T6895] ? lock_acquire+0x5f/0x360
[ 108.019994][ T6895] should_fail_ex+0x46c/0x600
[ 108.020007][ T6895] ? btrfs_add_to_free_space_tree+0xde/0x5b0
[ 108.020019][ T6895] should_failslab+0xa8/0x100
[ 108.020032][ T6895] ? btrfs_add_to_free_space_tree+0xde/0x5b0
[ 108.020042][ T6895] kmem_cache_alloc_noprof+0x6e/0x310
[ 108.020055][ T6895] btrfs_add_to_free_space_tree+0xde/0x5b0
[ 108.020067][ T6895] __btrfs_free_extent+0x167b/0x4250
[ 108.020081][ T6895] ? __pfx___btrfs_free_extent+0x10/0x10
[ 108.020091][ T6895] ? migrate_disable+0x160/0x190
[ 108.020102][ T6895] ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 108.020111][ T6895] ? lock_release+0x4b/0x3e0
[ 108.020121][ T6895] ? __btrfs_run_delayed_refs+0x33e8/0x4150
umount2("./61/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./61/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./61/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./61/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./61/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555587b22730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555587b22730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./61/file0") = 0
umount2("./61/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./61/binderfs") = 0
getdents64(3, 0x555587b1a6f0 /* 0 entries */, 32768) = 0
close(3) = 0
[ 108.020136][ T6895] __btrfs_run_delayed_refs+0xe7f/0x4150
[ 108.020152][ T6895] ? is_bpf_text_address+0x26/0x2b0
[ 108.020167][ T6895] ? is_bpf_text_address+0x292/0x2b0
[ 108.020179][ T6895] ? __pfx___btrfs_run_delayed_refs+0x10/0x10
[ 108.020193][ T6895] ? try_to_take_rt_mutex+0x840/0xb00
[ 108.020201][ T6895] ? unwind_get_return_address+0x4d/0x90
[ 108.020214][ T6895] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 108.020224][ T6895] ? arch_stack_walk+0xfc/0x150
[ 108.020238][ T6895] ? rtlock_slowlock_locked+0xd8/0x4010
rmdir("./61") = 0
mkdir("./62", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
[ 108.020248][ T6895] ? stack_trace_save+0x9c/0xe0
[ 108.020257][ T6895] ? __pfx_stack_trace_save+0x10/0x10
[ 108.020266][ T6895] ? stack_depot_save_flags+0x40/0x860
[ 108.020277][ T6895] ? btrfs_commit_transaction+0x161/0x3950
[ 108.020289][ T6895] ? rcu_is_watching+0x15/0xb0
[ 108.020301][ T6895] ? lock_acquire+0x5f/0x360
[ 108.020312][ T6895] ? rcu_is_watching+0x15/0xb0
[ 108.020324][ T6895] btrfs_run_delayed_refs+0xe6/0x3b0
[ 108.020338][ T6895] btrfs_commit_transaction+0x269/0x3950
[ 108.020349][ T6895] ? rcu_is_watching+0x15/0xb0
[ 108.020361][ T6895] ? btrfs_commit_transaction+0x161/0x3950
[ 108.020373][ T6895] ? lock_acquire+0x5f/0x360
[ 108.020383][ T6895] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 108.020395][ T6895] ? rt_mutex_slowunlock+0x493/0x8a0
[ 108.020403][ T6895] ? migrate_disable+0xd5/0x190
[ 108.020413][ T6895] ? join_transaction+0x41b/0xca0
[ 108.020424][ T6895] ? rcu_is_watching+0x15/0xb0
[ 108.020436][ T6895] ? lock_acquire+0x5f/0x360
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6912 attached
, child_tidptr=0x555587b19650) = 6912
[pid 6912] set_robust_list(0x555587b19660, 24) = 0
[pid 6912] chdir("./62") = 0
[pid 6912] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 6912] setpgid(0, 0) = 0
[pid 6912] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[ 108.020447][ T6895] ? __pfx_btrfs_commit_transaction+0x10/0x10
[ 108.020459][ T6895] ? join_transaction+0x41b/0xca0
[ 108.020471][ T6895] ? btrfs_record_root_in_trans+0x91/0x180
[ 108.020482][ T6895] ? start_transaction+0x439/0x1620
[ 108.020496][ T6895] ? btrfs_attach_transaction_barrier+0x32/0xa0
[ 108.020506][ T6895] ? btrfs_sync_fs+0x1b2/0x6a0
[ 108.020519][ T6895] sync_filesystem+0x1ce/0x250
[ 108.020532][ T6895] btrfs_reconfigure+0x2fa/0x2160
[ 108.020542][ T6895] ? __pfx_list_lru_walk_node+0x10/0x10
[pid 6912] write(3, "1000", 4) = 4
[pid 6912] close(3) = 0
[pid 6912] symlink("/dev/binderfs", "./binderfs") = 0
[pid 6912] write(1, "executing program\n", 18executing program
) = 18
[pid 6912] memfd_create("syzkaller", 0) = 3
[pid 6912] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6bc3f59000
[ 108.020555][ T6895] ? __pfx_btrfs_reconfigure+0x10/0x10
[ 108.020565][ T6895] ? __pfx_shrink_dcache_sb+0x10/0x10
[ 108.020579][ T6895] ? rcu_is_watching+0x15/0xb0
[ 108.020592][ T6895] reconfigure_super+0x224/0x890
[ 108.020604][ T6895] path_mount+0xd18/0xfe0
[ 108.020617][ T6895] __se_sys_mount+0x317/0x410
[ 108.020630][ T6895] ? __pfx___se_sys_mount+0x10/0x10
[ 108.020641][ T6895] ? rcu_is_watching+0x15/0xb0
[ 108.020655][ T6895] ? __x64_sys_mount+0x20/0xc0
[ 108.020667][ T6895] do_syscall_64+0xfa/0x3b0
[ 108.020678][ T6895] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 108.020692][ T6895] ? clear_bhb_loop+0x60/0xb0
[ 108.020702][ T6895] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 108.020711][ T6895] RIP: 0033:0x7f6bcc3a931a
[ 108.020721][ T6895] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 3e 07 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 108.020729][ T6895] RSP: 002b:00007ffca25590d8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 108.020741][ T6895] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6bcc3a931a
[ 108.020748][ T6895] RDX: 0000200000000180 RSI: 00002000000006c0 RDI: 0000000000000000
[ 108.020754][ T6895] RBP: 0000200000000180 R08: 00007ffca2559170 R09: 0000200000000080
[ 108.020761][ T6895] R10: 0000000001a4243c R11: 0000000000000206 R12: 00002000000006c0
[ 108.020767][ T6895] R13: 00007ffca2559170 R14: 0000000000000000 R15: 0000200000000700
[ 108.020777][ T6895]
[ 108.020783][ T6895] BTRFS error (device loop0 state A): Transaction aborted (error -12)
[ 108.020795][ T6895] BTRFS: error (device loop0 state A) in btrfs_add_to_free_space_tree:1035: errno=-12 Out of memory
[ 108.020805][ T6895] BTRFS info (device loop0 state EA): forced readonly
[ 108.020814][ T6895] BTRFS: error (device loop0 state EA) in do_free_extent_accounting:3005: errno=-12 Out of memory
[ 108.020828][ T6895] BTRFS error (device loop0 state EA): failed to run delayed ref for logical 5394432 num_bytes 4096 type 176 action 2 ref_mod 1: -12
[ 108.020849][ T6895] BTRFS: error (device loop0 state EA) in btrfs_run_delayed_refs:2161: errno=-12 Out of memory
[pid 6912] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 6912] munmap(0x7f6bc3f59000, 138412032) = 0
[pid 6912] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 6912] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 6912] close(3) = 0
[pid 6912] close(4) = 0
[pid 6912] mkdir("./file0", 0777) = 0
[ 108.020885][ T6895] BTRFS error (device loop0 state EMA): remounting read-write after error is not allowed
[ 108.117396][ T5833] BTRFS info (device loop0 state EA): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 108.612687][ T6912] loop0: detected capacity change from 0 to 32768
[ 108.629217][ T6912] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor410 (6912)
[ 108.632845][ T6912] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 108.632919][ T6912] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[ 108.632974][ T6912] BTRFS info (device loop0): using free-space-tree
[pid 6912] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,metadata_ratio=0x0000000000000000,ssd_spread,") = 0
[pid 6912] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 6912] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[ 108.698217][ T6912] BTRFS info (device loop0): rebuilding free space tree
[pid 6912] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 6912] chdir("./file0") = 0
[pid 6912] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 4
[pid 6912] ioctl(4, IMADDTIMER, 0x200000001b00) = 0
[pid 6912] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 6912] write(5, "31", 2) = 2
[pid 6912] mkdir(".", 0777) = -1 EEXIST (File exists)
[pid 6912] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = 0
[pid 6912] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 6
[pid 6912] exit_group(0) = ?
[pid 6912] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6912, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=16 /* 0.16 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./62", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555587b1a6f0 /* 4 entries */, 32768) = 112
[ 108.796247][ T1516] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
umount2("./62/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./62/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./62/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
[ 108.869935][ T5833] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
umount2("./62/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./62/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555587b22730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555587b22730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./62/file0") = 0
umount2("./62/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./62/binderfs") = 0
getdents64(3, 0x555587b1a6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./62") = 0
mkdir("./63", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6930 attached
, child_tidptr=0x555587b19650) = 6930
[pid 6930] set_robust_list(0x555587b19660, 24) = 0
[pid 6930] chdir("./63") = 0
[pid 6930] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 6930] setpgid(0, 0) = 0
[pid 6930] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 6930] write(3, "1000", 4) = 4
[pid 6930] close(3) = 0
[pid 6930] symlink("/dev/binderfs", "./binderfs") = 0
[pid 6930] write(1, "executing program\n", 18executing program
) = 18
[pid 6930] memfd_create("syzkaller", 0) = 3
[pid 6930] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6bc3f59000
[pid 6930] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 6930] munmap(0x7f6bc3f59000, 138412032) = 0
[pid 6930] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 6930] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 6930] close(3) = 0
[pid 6930] close(4) = 0
[pid 6930] mkdir("./file0", 0777) = 0
[ 109.361870][ T6930] loop0: detected capacity change from 0 to 32768
[ 109.386510][ T6930] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor410 (6930)
[ 109.394753][ T6930] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 109.394815][ T6930] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[ 109.394871][ T6930] BTRFS info (device loop0): using free-space-tree
[pid 6930] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,metadata_ratio=0x0000000000000000,ssd_spread,") = 0
[pid 6930] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 6930] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[ 109.472336][ T6930] BTRFS info (device loop0): rebuilding free space tree
[pid 6930] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 6930] chdir("./file0") = 0
[pid 6930] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 4
[pid 6930] ioctl(4, IMADDTIMER, 0x200000001b00) = 0
[pid 6930] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 6930] write(5, "31", 2) = 2
[pid 6930] mkdir(".", 0777) = -1 EEXIST (File exists)
[pid 6930] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument)
[pid 6930] exit_group(0) = ?
[pid 6930] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6930, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=13 /* 0.13 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./63", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 109.533693][ T1901] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 109.542512][ T6930] FAULT_INJECTION: forcing a failure.
[ 109.542512][ T6930] name failslab, interval 1, probability 0, space 0, times 0
[ 109.542557][ T6930] CPU: 1 UID: 0 PID: 6930 Comm: syz-executor410 Tainted: G W 6.17.0-rc1-syzkaller-00214-g99bade344cfa #0 PREEMPT_{RT,(full)}
[ 109.542585][ T6930] Tainted: [W]=WARN
[ 109.542591][ T6930] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555587b1a6f0 /* 4 entries */, 32768) = 112
[ 109.542601][ T6930] Call Trace:
[ 109.542608][ T6930]
[ 109.542614][ T6930] dump_stack_lvl+0x189/0x250
[ 109.542642][ T6930] ? __pfx____ratelimit+0x10/0x10
[ 109.542663][ T6930] ? __pfx_dump_stack_lvl+0x10/0x10
[ 109.542685][ T6930] ? __pfx__printk+0x10/0x10
[ 109.542704][ T6930] ? __pfx___might_resched+0x10/0x10
[ 109.542722][ T6930] ? lock_acquire+0x5f/0x360
[ 109.542744][ T6930] should_fail_ex+0x46c/0x600
[ 109.542765][ T6930] ? __btrfs_free_extent+0x2f9/0x4250
[ 109.542783][ T6930] should_failslab+0xa8/0x100
umount2("./63/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./63/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./63/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./63/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 109.542806][ T6930] ? __btrfs_free_extent+0x2f9/0x4250
[ 109.542822][ T6930] kmem_cache_alloc_noprof+0x6e/0x310
[ 109.542845][ T6930] __btrfs_free_extent+0x2f9/0x4250
[ 109.542868][ T6930] ? rt_mutex_slowunlock+0x493/0x8a0
[ 109.542883][ T6930] ? __pfx___btrfs_free_extent+0x10/0x10
[ 109.542901][ T6930] ? __pfx_migrate_enable+0x10/0x10
[ 109.542919][ T6930] ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 109.542936][ T6930] ? lock_release+0x4b/0x3e0
[ 109.542955][ T6930] ? __btrfs_run_delayed_refs+0x33e8/0x4150
openat(AT_FDCWD, "./63/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555587b22730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555587b22730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./63/file0") = 0
[ 109.542982][ T6930] __btrfs_run_delayed_refs+0xe7f/0x4150
[ 109.543013][ T6930] ? is_bpf_text_address+0x26/0x2b0
[ 109.543039][ T6930] ? is_bpf_text_address+0x292/0x2b0
[ 109.543061][ T6930] ? __pfx___btrfs_run_delayed_refs+0x10/0x10
[ 109.543086][ T6930] ? try_to_take_rt_mutex+0x840/0xb00
[ 109.543103][ T6930] ? unwind_get_return_address+0x4d/0x90
[ 109.543125][ T6930] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 109.543142][ T6930] ? arch_stack_walk+0xfc/0x150
[ 109.543167][ T6930] ? rtlock_slowlock_locked+0xd8/0x4010
umount2("./63/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./63/binderfs") = 0
getdents64(3, 0x555587b1a6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./63") = 0
mkdir("./64", 0777) = 0
[ 109.543185][ T6930] ? stack_trace_save+0x9c/0xe0
[ 109.543201][ T6930] ? __pfx_stack_trace_save+0x10/0x10
[ 109.543218][ T6930] ? stack_depot_save_flags+0x40/0x860
[ 109.543239][ T6930] ? btrfs_commit_transaction+0x161/0x3950
[ 109.543260][ T6930] ? rcu_is_watching+0x15/0xb0
[ 109.543282][ T6930] ? lock_acquire+0x5f/0x360
[ 109.543300][ T6930] ? rcu_is_watching+0x15/0xb0
[ 109.543324][ T6930] btrfs_run_delayed_refs+0xe6/0x3b0
[ 109.543348][ T6930] btrfs_commit_transaction+0x269/0x3950
[ 109.543369][ T6930] ? rcu_is_watching+0x15/0xb0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
[ 109.543391][ T6930] ? btrfs_commit_transaction+0x161/0x3950
[ 109.543410][ T6930] ? lock_acquire+0x5f/0x360
[ 109.543429][ T6930] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 109.543451][ T6930] ? rt_mutex_slowunlock+0x493/0x8a0
[ 109.543466][ T6930] ? migrate_disable+0xd5/0x190
[ 109.543486][ T6930] ? join_transaction+0x41b/0xca0
[ 109.543505][ T6930] ? rcu_is_watching+0x15/0xb0
[ 109.543527][ T6930] ? lock_acquire+0x5f/0x360
[ 109.543554][ T6930] ? __pfx_btrfs_commit_transaction+0x10/0x10
[ 109.543576][ T6930] ? join_transaction+0x41b/0xca0
[ 109.543599][ T6930] ? btrfs_record_root_in_trans+0x91/0x180
[ 109.543620][ T6930] ? start_transaction+0x439/0x1620
[ 109.543644][ T6930] ? btrfs_attach_transaction_barrier+0x32/0xa0
[ 109.543665][ T6930] ? btrfs_sync_fs+0x1b2/0x6a0
[ 109.543686][ T6930] sync_filesystem+0x1ce/0x250
[ 109.543710][ T6930] btrfs_reconfigure+0x2fa/0x2160
[ 109.543731][ T6930] ? __pfx_list_lru_walk_node+0x10/0x10
[ 109.543754][ T6930] ? __pfx_btrfs_reconfigure+0x10/0x10
[ 109.543772][ T6930] ? __pfx_shrink_dcache_sb+0x10/0x10
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555587b19650) = 6947
./strace-static-x86_64: Process 6947 attached
[pid 6947] set_robust_list(0x555587b19660, 24) = 0
[pid 6947] chdir("./64") = 0
[pid 6947] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 6947] setpgid(0, 0) = 0
[pid 6947] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[ 109.543797][ T6930] ? rcu_is_watching+0x15/0xb0
[ 109.543821][ T6930] reconfigure_super+0x224/0x890
[ 109.543843][ T6930] path_mount+0xd18/0xfe0
[ 109.543867][ T6930] __se_sys_mount+0x317/0x410
[ 109.543890][ T6930] ? __pfx___se_sys_mount+0x10/0x10
[ 109.543910][ T6930] ? rcu_is_watching+0x15/0xb0
[ 109.543935][ T6930] ? __x64_sys_mount+0x20/0xc0
[ 109.543957][ T6930] do_syscall_64+0xfa/0x3b0
[ 109.543977][ T6930] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 109.543993][ T6930] ? clear_bhb_loop+0x60/0xb0
[pid 6947] write(3, "1000", 4) = 4
[pid 6947] close(3) = 0
[pid 6947] symlink("/dev/binderfs", "./binderfs") = 0
[pid 6947] write(1, "executing program\n", 18executing program
) = 18
[pid 6947] memfd_create("syzkaller", 0) = 3
[pid 6947] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6bc3f59000
[ 109.544011][ T6930] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 109.544027][ T6930] RIP: 0033:0x7f6bcc3a931a
[ 109.544042][ T6930] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 3e 07 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 109.544058][ T6930] RSP: 002b:00007ffca25590d8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 109.544077][ T6930] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6bcc3a931a
[ 109.544090][ T6930] RDX: 0000200000000180 RSI: 00002000000006c0 RDI: 0000000000000000
[ 109.544101][ T6930] RBP: 0000200000000180 R08: 00007ffca2559170 R09: 0000200000000080
[ 109.544114][ T6930] R10: 0000000001a4243c R11: 0000000000000206 R12: 00002000000006c0
[ 109.544125][ T6930] R13: 00007ffca2559170 R14: 0000000000000000 R15: 0000200000000700
[ 109.544143][ T6930]
[ 109.544153][ T6930] BTRFS error (device loop0): failed to run delayed ref for logical 5394432 num_bytes 4096 type 176 action 2 ref_mod 1: -12
[ 109.544192][ T6930] BTRFS error (device loop0 state A): Transaction aborted (error -12)
[ 109.544210][ T6930] BTRFS: error (device loop0 state A) in btrfs_run_delayed_refs:2161: errno=-12 Out of memory
[ 109.544227][ T6930] BTRFS info (device loop0 state EA): forced readonly
[ 109.544266][ T6930] BTRFS error (device loop0 state EMA): remounting read-write after error is not allowed
[ 109.626450][ T5833] BTRFS info (device loop0 state EA): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[pid 6947] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 6947] munmap(0x7f6bc3f59000, 138412032) = 0
[pid 6947] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 6947] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 6947] close(3) = 0
[pid 6947] close(4) = 0
[pid 6947] mkdir("./file0", 0777) = 0
[ 110.125239][ T6947] loop0: detected capacity change from 0 to 32768
[ 110.140041][ T6947] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor410 (6947)
[ 110.143610][ T6947] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[pid 6947] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,metadata_ratio=0x0000000000000000,ssd_spread,") = 0
[pid 6947] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 6947] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid 6947] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 6947] chdir("./file0") = 0
[pid 6947] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 4
[pid 6947] ioctl(4, IMADDTIMER, 0x200000001b00) = 0
[pid 6947] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 6947] write(5, "31", 2) = 2
[pid 6947] mkdir(".", 0777) = -1 EEXIST (File exists)
[ 110.143672][ T6947] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[ 110.143735][ T6947] BTRFS info (device loop0): using free-space-tree
[ 110.198267][ T6947] BTRFS info (device loop0): rebuilding free space tree
[pid 6947] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = 0
[pid 6947] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 6
[pid 6947] exit_group(0) = ?
[pid 6947] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6947, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=10 /* 0.10 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./64", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555587b1a6f0 /* 4 entries */, 32768) = 112
[ 110.256128][ T1516] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
umount2("./64/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./64/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./64/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
[ 110.349960][ T5833] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
umount2("./64/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./64/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555587b22730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555587b22730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./64/file0") = 0
umount2("./64/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./64/binderfs") = 0
getdents64(3, 0x555587b1a6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./64") = 0
mkdir("./65", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6964 attached
, child_tidptr=0x555587b19650) = 6964
[pid 6964] set_robust_list(0x555587b19660, 24) = 0
[pid 6964] chdir("./65") = 0
[pid 6964] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 6964] setpgid(0, 0) = 0
[pid 6964] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 6964] write(3, "1000", 4) = 4
[pid 6964] close(3) = 0
[pid 6964] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 6964] write(1, "executing program\n", 18) = 18
[pid 6964] memfd_create("syzkaller", 0) = 3
[pid 6964] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6bc3f59000
[pid 6964] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 6964] munmap(0x7f6bc3f59000, 138412032) = 0
[pid 6964] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 6964] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 6964] close(3) = 0
[pid 6964] close(4) = 0
[pid 6964] mkdir("./file0", 0777) = 0
[ 110.855715][ T6964] loop0: detected capacity change from 0 to 32768
[ 110.876526][ T6964] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor410 (6964)
[pid 6964] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,metadata_ratio=0x0000000000000000,ssd_spread,") = 0
[pid 6964] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[ 110.880789][ T6964] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 110.880849][ T6964] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[ 110.880905][ T6964] BTRFS info (device loop0): using free-space-tree
[ 110.931792][ T6964] BTRFS info (device loop0): rebuilding free space tree
[pid 6964] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid 6964] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 6964] chdir("./file0") = 0
[pid 6964] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 4
[pid 6964] ioctl(4, IMADDTIMER, 0x200000001b00) = 0
[pid 6964] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 6964] write(5, "31", 2) = 2
[pid 6964] mkdir(".", 0777) = -1 EEXIST (File exists)
[pid 6964] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument)
[ 111.005517][ T1516] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 111.029692][ T6964] FAULT_INJECTION: forcing a failure.
[ 111.029692][ T6964] name failslab, interval 1, probability 0, space 0, times 0
[pid 6964] exit_group(0) = ?
[pid 6964] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6964, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./65", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555587b1a6f0 /* 4 entries */, 32768) = 112
[ 111.029726][ T6964] CPU: 1 UID: 0 PID: 6964 Comm: syz-executor410 Tainted: G W 6.17.0-rc1-syzkaller-00214-g99bade344cfa #0 PREEMPT_{RT,(full)}
[ 111.029754][ T6964] Tainted: [W]=WARN
[ 111.029761][ T6964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 111.029771][ T6964] Call Trace:
[ 111.029778][ T6964]
[ 111.029786][ T6964] dump_stack_lvl+0x189/0x250
[ 111.029813][ T6964] ? __pfx____ratelimit+0x10/0x10
[ 111.029834][ T6964] ? __pfx_dump_stack_lvl+0x10/0x10
[ 111.029856][ T6964] ? __pfx__printk+0x10/0x10
[ 111.029874][ T6964] ? fs_reclaim_acquire+0x7d/0x100
[ 111.029890][ T6964] ? rcu_is_watching+0x15/0xb0
[ 111.029913][ T6964] ? __pfx___might_resched+0x10/0x10
[ 111.029930][ T6964] ? lock_acquire+0x5f/0x360
[ 111.029950][ T6964] should_fail_ex+0x46c/0x600
[ 111.029971][ T6964] ? btrfs_add_to_free_space_tree+0xde/0x5b0
[ 111.029992][ T6964] should_failslab+0xa8/0x100
[ 111.030014][ T6964] ? btrfs_add_to_free_space_tree+0xde/0x5b0
[ 111.030033][ T6964] kmem_cache_alloc_noprof+0x6e/0x310
[ 111.030057][ T6964] btrfs_add_to_free_space_tree+0xde/0x5b0
[ 111.030078][ T6964] __btrfs_free_extent+0x167b/0x4250
[ 111.030103][ T6964] ? __pfx___btrfs_free_extent+0x10/0x10
[ 111.030121][ T6964] ? migrate_disable+0x160/0x190
[ 111.030140][ T6964] ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 111.030158][ T6964] ? lock_release+0x4b/0x3e0
[ 111.030176][ T6964] ? __btrfs_run_delayed_refs+0x33e8/0x4150
[ 111.030203][ T6964] __btrfs_run_delayed_refs+0xe7f/0x4150
[ 111.030232][ T6964] ? is_bpf_text_address+0x26/0x2b0
[ 111.030261][ T6964] ? is_bpf_text_address+0x292/0x2b0
[ 111.030281][ T6964] ? __pfx___btrfs_run_delayed_refs+0x10/0x10
[ 111.030306][ T6964] ? try_to_take_rt_mutex+0x840/0xb00
[ 111.030322][ T6964] ? unwind_get_return_address+0x4d/0x90
[ 111.030345][ T6964] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 111.030363][ T6964] ? arch_stack_walk+0xfc/0x150
[ 111.030388][ T6964] ? rtlock_slowlock_locked+0xd8/0x4010
[ 111.030405][ T6964] ? stack_trace_save+0x9c/0xe0
[ 111.030421][ T6964] ? __pfx_stack_trace_save+0x10/0x10
[ 111.030438][ T6964] ? stack_depot_save_flags+0x40/0x860
umount2("./65/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[ 111.030458][ T6964] ? btrfs_commit_transaction+0x161/0x3950
[ 111.030479][ T6964] ? rcu_is_watching+0x15/0xb0
[ 111.030501][ T6964] ? lock_acquire+0x5f/0x360
[ 111.030520][ T6964] ? rcu_is_watching+0x15/0xb0
[ 111.030544][ T6964] btrfs_run_delayed_refs+0xe6/0x3b0
[ 111.030568][ T6964] btrfs_commit_transaction+0x269/0x3950
[ 111.030590][ T6964] ? rcu_is_watching+0x15/0xb0
[ 111.030612][ T6964] ? btrfs_commit_transaction+0x161/0x3950
[ 111.030633][ T6964] ? lock_acquire+0x5f/0x360
[ 111.030659][ T6964] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
umount2("./65/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./65/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./65/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 111.030682][ T6964] ? rt_mutex_slowunlock+0x493/0x8a0
[ 111.030697][ T6964] ? migrate_disable+0xd5/0x190
[ 111.030717][ T6964] ? join_transaction+0x41b/0xca0
[ 111.030737][ T6964] ? rcu_is_watching+0x15/0xb0
[ 111.030760][ T6964] ? lock_acquire+0x5f/0x360
[ 111.030781][ T6964] ? __pfx_btrfs_commit_transaction+0x10/0x10
[ 111.030803][ T6964] ? join_transaction+0x41b/0xca0
[ 111.030827][ T6964] ? btrfs_record_root_in_trans+0x91/0x180
[ 111.030848][ T6964] ? start_transaction+0x439/0x1620
openat(AT_FDCWD, "./65/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555587b22730 /* 2 entries */, 32768) = 48
[ 111.030873][ T6964] ? btrfs_attach_transaction_barrier+0x32/0xa0
[ 111.030894][ T6964] ? btrfs_sync_fs+0x1b2/0x6a0
[ 111.030916][ T6964] sync_filesystem+0x1ce/0x250
[ 111.030940][ T6964] btrfs_reconfigure+0x2fa/0x2160
[ 111.030961][ T6964] ? __pfx_list_lru_walk_node+0x10/0x10
[ 111.030985][ T6964] ? __pfx_btrfs_reconfigure+0x10/0x10
[ 111.031003][ T6964] ? __pfx_shrink_dcache_sb+0x10/0x10
[ 111.031028][ T6964] ? rcu_is_watching+0x15/0xb0
[ 111.031054][ T6964] reconfigure_super+0x224/0x890
[ 111.031076][ T6964] path_mount+0xd18/0xfe0
getdents64(4, 0x555587b22730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./65/file0") = 0
umount2("./65/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./65/binderfs") = 0
[ 111.031102][ T6964] __se_sys_mount+0x317/0x410
[ 111.031125][ T6964] ? __pfx___se_sys_mount+0x10/0x10
[ 111.031145][ T6964] ? rcu_is_watching+0x15/0xb0
[ 111.031170][ T6964] ? __x64_sys_mount+0x20/0xc0
[ 111.031192][ T6964] do_syscall_64+0xfa/0x3b0
[ 111.031213][ T6964] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 111.031231][ T6964] ? clear_bhb_loop+0x60/0xb0
[ 111.031249][ T6964] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 111.031264][ T6964] RIP: 0033:0x7f6bcc3a931a
getdents64(3, 0x555587b1a6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./65") = 0
mkdir("./66", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[ 111.031279][ T6964] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 3e 07 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 111.031295][ T6964] RSP: 002b:00007ffca25590d8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 111.031315][ T6964] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6bcc3a931a
[ 111.031328][ T6964] RDX: 0000200000000180 RSI: 00002000000006c0 RDI: 0000000000000000
[ 111.031340][ T6964] RBP: 0000200000000180 R08: 00007ffca2559170 R09: 0000200000000080
ioctl(3, LOOP_CLR_FD) = 0
[ 111.031353][ T6964] R10: 0000000001a4243c R11: 0000000000000206 R12: 00002000000006c0
[ 111.031366][ T6964] R13: 00007ffca2559170 R14: 0000000000000000 R15: 0000200000000700
[ 111.031384][ T6964]
[ 111.031394][ T6964] BTRFS error (device loop0 state A): Transaction aborted (error -12)
[ 111.031414][ T6964] BTRFS: error (device loop0 state A) in btrfs_add_to_free_space_tree:1035: errno=-12 Out of memory
[ 111.031432][ T6964] BTRFS info (device loop0 state EA): forced readonly
[ 111.031448][ T6964] BTRFS: error (device loop0 state EA) in do_free_extent_accounting:3005: errno=-12 Out of memory
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6982 attached
, child_tidptr=0x555587b19650) = 6982
[pid 6982] set_robust_list(0x555587b19660, 24) = 0
[pid 6982] chdir("./66") = 0
[ 111.031474][ T6964] BTRFS error (device loop0 state EA): failed to run delayed ref for logical 5386240 num_bytes 4096 type 176 action 2 ref_mod 1: -12
[ 111.031513][ T6964] BTRFS: error (device loop0 state EA) in btrfs_run_delayed_refs:2161: errno=-12 Out of memory
[ 111.031558][ T6964] BTRFS error (device loop0 state EMA): remounting read-write after error is not allowed
[ 111.248438][ T5833] BTRFS info (device loop0 state EA): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[pid 6982] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 6982] setpgid(0, 0) = 0
[pid 6982] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 6982] write(3, "1000", 4) = 4
[pid 6982] close(3) = 0
[pid 6982] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 6982] write(1, "executing program\n", 18) = 18
[pid 6982] memfd_create("syzkaller", 0) = 3
[pid 6982] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6bc3f59000
[pid 6982] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 6982] munmap(0x7f6bc3f59000, 138412032) = 0
[pid 6982] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 6982] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 6982] close(3) = 0
[pid 6982] close(4) = 0
[pid 6982] mkdir("./file0", 0777) = 0
[ 111.821384][ T6982] loop0: detected capacity change from 0 to 32768
[ 111.847124][ T6982] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor410 (6982)
[ 111.853187][ T6982] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 111.853250][ T6982] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[ 111.853306][ T6982] BTRFS info (device loop0): using free-space-tree
[pid 6982] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,metadata_ratio=0x0000000000000000,ssd_spread,") = 0
[pid 6982] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[ 111.932194][ T6982] BTRFS info (device loop0): rebuilding free space tree
[pid 6982] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid 6982] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 6982] chdir("./file0") = 0
[pid 6982] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 4
[pid 6982] ioctl(4, IMADDTIMER, 0x200000001b00) = 0
[pid 6982] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 6982] write(5, "31", 2) = 2
[pid 6982] mkdir(".", 0777) = -1 EEXIST (File exists)
[pid 6982] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument)
[pid 6982] exit_group(0) = ?
[pid 6982] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6982, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=6 /* 0.06 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./66", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[ 112.018231][ T12] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 112.038406][ T6982] FAULT_INJECTION: forcing a failure.
[ 112.038406][ T6982] name failslab, interval 1, probability 0, space 0, times 0
[ 112.038428][ T6982] CPU: 1 UID: 0 PID: 6982 Comm: syz-executor410 Tainted: G W 6.17.0-rc1-syzkaller-00214-g99bade344cfa #0 PREEMPT_{RT,(full)}
getdents64(3, 0x555587b1a6f0 /* 4 entries */, 32768) = 112
[ 112.038444][ T6982] Tainted: [W]=WARN
[ 112.038448][ T6982] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 112.038454][ T6982] Call Trace:
[ 112.038457][ T6982]
[ 112.038462][ T6982] dump_stack_lvl+0x189/0x250
[ 112.038479][ T6982] ? __pfx____ratelimit+0x10/0x10
[ 112.038491][ T6982] ? __pfx_dump_stack_lvl+0x10/0x10
[ 112.038503][ T6982] ? __pfx__printk+0x10/0x10
[ 112.038513][ T6982] ? fs_reclaim_acquire+0x7d/0x100
[ 112.038523][ T6982] ? rcu_is_watching+0x15/0xb0
umount2("./66/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./66/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./66/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./66/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./66/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[ 112.038536][ T6982] ? __pfx___might_resched+0x10/0x10
[ 112.038546][ T6982] ? lock_acquire+0x5f/0x360
[ 112.038557][ T6982] should_fail_ex+0x46c/0x600
[ 112.038570][ T6982] ? btrfs_add_to_free_space_tree+0xde/0x5b0
[ 112.038582][ T6982] should_failslab+0xa8/0x100
[ 112.038594][ T6982] ? btrfs_add_to_free_space_tree+0xde/0x5b0
[ 112.038604][ T6982] kmem_cache_alloc_noprof+0x6e/0x310
[ 112.038617][ T6982] btrfs_add_to_free_space_tree+0xde/0x5b0
[ 112.038629][ T6982] __btrfs_free_extent+0x167b/0x4250
[ 112.038643][ T6982] ? __pfx___btrfs_free_extent+0x10/0x10
getdents64(4, 0x555587b22730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555587b22730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./66/file0") = 0
[ 112.038652][ T6982] ? migrate_disable+0x160/0x190
[ 112.038663][ T6982] ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 112.038672][ T6982] ? lock_release+0x4b/0x3e0
[ 112.038683][ T6982] ? __btrfs_run_delayed_refs+0x33e8/0x4150
[ 112.038697][ T6982] __btrfs_run_delayed_refs+0xe7f/0x4150
[ 112.038713][ T6982] ? is_bpf_text_address+0x26/0x2b0
[ 112.038728][ T6982] ? is_bpf_text_address+0x292/0x2b0
[ 112.038740][ T6982] ? __pfx___btrfs_run_delayed_refs+0x10/0x10
[ 112.038753][ T6982] ? try_to_take_rt_mutex+0x840/0xb00
umount2("./66/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./66/binderfs") = 0
getdents64(3, 0x555587b1a6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./66") = 0
mkdir("./67", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
[ 112.038762][ T6982] ? unwind_get_return_address+0x4d/0x90
[ 112.038775][ T6982] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 112.038786][ T6982] ? arch_stack_walk+0xfc/0x150
[ 112.038799][ T6982] ? rtlock_slowlock_locked+0xd8/0x4010
[ 112.038809][ T6982] ? stack_trace_save+0x9c/0xe0
[ 112.038818][ T6982] ? __pfx_stack_trace_save+0x10/0x10
[ 112.038827][ T6982] ? stack_depot_save_flags+0x40/0x860
[ 112.038839][ T6982] ? btrfs_commit_transaction+0x161/0x3950
[ 112.038851][ T6982] ? rcu_is_watching+0x15/0xb0
[ 112.038863][ T6982] ? lock_acquire+0x5f/0x360
[ 112.038873][ T6982] ? rcu_is_watching+0x15/0xb0
[ 112.038886][ T6982] btrfs_run_delayed_refs+0xe6/0x3b0
[ 112.038899][ T6982] btrfs_commit_transaction+0x269/0x3950
[ 112.038911][ T6982] ? rcu_is_watching+0x15/0xb0
[ 112.038923][ T6982] ? btrfs_commit_transaction+0x161/0x3950
[ 112.038934][ T6982] ? lock_acquire+0x5f/0x360
[ 112.038944][ T6982] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 112.038956][ T6982] ? rt_mutex_slowunlock+0x493/0x8a0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555587b19650) = 6999
./strace-static-x86_64: Process 6999 attached
[ 112.038964][ T6982] ? migrate_disable+0xd5/0x190
[ 112.038975][ T6982] ? join_transaction+0x41b/0xca0
[ 112.038985][ T6982] ? rcu_is_watching+0x15/0xb0
[ 112.038997][ T6982] ? lock_acquire+0x5f/0x360
[ 112.039008][ T6982] ? __pfx_btrfs_commit_transaction+0x10/0x10
[ 112.039020][ T6982] ? join_transaction+0x41b/0xca0
[ 112.039032][ T6982] ? btrfs_record_root_in_trans+0x91/0x180
[ 112.039044][ T6982] ? start_transaction+0x439/0x1620
[ 112.039057][ T6982] ? btrfs_attach_transaction_barrier+0x32/0xa0
[pid 6999] set_robust_list(0x555587b19660, 24) = 0
[pid 6999] chdir("./67") = 0
[pid 6999] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 6999] setpgid(0, 0) = 0
[pid 6999] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 6999] write(3, "1000", 4) = 4
[pid 6999] close(3) = 0
[pid 6999] symlink("/dev/binderfs", "./binderfs") = 0
[pid 6999] write(1, "executing program\n", 18executing program
) = 18
[pid 6999] memfd_create("syzkaller", 0) = 3
[pid 6999] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6bc3f59000
[ 112.039068][ T6982] ? btrfs_sync_fs+0x1b2/0x6a0
[ 112.039080][ T6982] sync_filesystem+0x1ce/0x250
[ 112.039092][ T6982] btrfs_reconfigure+0x2fa/0x2160
[ 112.039104][ T6982] ? __pfx_list_lru_walk_node+0x10/0x10
[ 112.039116][ T6982] ? __pfx_btrfs_reconfigure+0x10/0x10
[ 112.039125][ T6982] ? __pfx_shrink_dcache_sb+0x10/0x10
[ 112.039139][ T6982] ? rcu_is_watching+0x15/0xb0
[ 112.039152][ T6982] reconfigure_super+0x224/0x890
[ 112.039164][ T6982] path_mount+0xd18/0xfe0
[ 112.039178][ T6982] __se_sys_mount+0x317/0x410
[ 112.039190][ T6982] ? __pfx___se_sys_mount+0x10/0x10
[ 112.039202][ T6982] ? rcu_is_watching+0x15/0xb0
[ 112.039215][ T6982] ? __x64_sys_mount+0x20/0xc0
[ 112.039227][ T6982] do_syscall_64+0xfa/0x3b0
[ 112.039238][ T6982] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 112.039247][ T6982] ? clear_bhb_loop+0x60/0xb0
[ 112.039257][ T6982] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 112.039271][ T6982] RIP: 0033:0x7f6bcc3a931a
[ 112.039280][ T6982] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 3e 07 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 112.039289][ T6982] RSP: 002b:00007ffca25590d8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 112.039301][ T6982] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6bcc3a931a
[ 112.039308][ T6982] RDX: 0000200000000180 RSI: 00002000000006c0 RDI: 0000000000000000
[ 112.039314][ T6982] RBP: 0000200000000180 R08: 00007ffca2559170 R09: 0000200000000080
[ 112.039321][ T6982] R10: 0000000001a4243c R11: 0000000000000206 R12: 00002000000006c0
[ 112.039327][ T6982] R13: 00007ffca2559170 R14: 0000000000000000 R15: 0000200000000700
[ 112.039338][ T6982]
[ 112.039343][ T6982] BTRFS error (device loop0 state A): Transaction aborted (error -12)
[ 112.039355][ T6982] BTRFS: error (device loop0 state A) in btrfs_add_to_free_space_tree:1035: errno=-12 Out of memory
[ 112.039365][ T6982] BTRFS info (device loop0 state EA): forced readonly
[ 112.039373][ T6982] BTRFS: error (device loop0 state EA) in do_free_extent_accounting:3005: errno=-12 Out of memory
[pid 6999] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 6999] munmap(0x7f6bc3f59000, 138412032) = 0
[pid 6999] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 6999] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 6999] close(3) = 0
[pid 6999] close(4) = 0
[pid 6999] mkdir("./file0", 0777) = 0
[ 112.039388][ T6982] BTRFS error (device loop0 state EA): failed to run delayed ref for logical 5394432 num_bytes 4096 type 176 action 2 ref_mod 1: -12
[ 112.039409][ T6982] BTRFS: error (device loop0 state EA) in btrfs_run_delayed_refs:2161: errno=-12 Out of memory
[ 112.039442][ T6982] BTRFS error (device loop0 state EMA): remounting read-write after error is not allowed
[ 112.128202][ T5833] BTRFS info (device loop0 state EA): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 112.619546][ T6999] loop0: detected capacity change from 0 to 32768
[ 112.635932][ T6999] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor410 (6999)
[ 112.640776][ T6999] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 112.640843][ T6999] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[pid 6999] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,metadata_ratio=0x0000000000000000,ssd_spread,") = 0
[pid 6999] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 6999] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[ 112.640897][ T6999] BTRFS info (device loop0): using free-space-tree
[ 112.707739][ T6999] BTRFS info (device loop0): rebuilding free space tree
[pid 6999] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 6999] chdir("./file0") = 0
[pid 6999] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 4
[pid 6999] ioctl(4, IMADDTIMER, 0x200000001b00) = 0
[pid 6999] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 6999] write(5, "31", 2) = 2
[pid 6999] mkdir(".", 0777) = -1 EEXIST (File exists)
[pid 6999] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = 0
[pid 6999] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 6
[pid 6999] exit_group(0) = ?
[pid 6999] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6999, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=12 /* 0.12 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./67", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555587b1a6f0 /* 4 entries */, 32768) = 112
[ 112.773197][ T1516] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
umount2("./67/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./67/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./67/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
[ 112.869755][ T5833] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
umount2("./67/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./67/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555587b22730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555587b22730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./67/file0") = 0
umount2("./67/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./67/binderfs") = 0
getdents64(3, 0x555587b1a6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./67") = 0
mkdir("./68", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7017 attached
, child_tidptr=0x555587b19650) = 7017
[pid 7017] set_robust_list(0x555587b19660, 24) = 0
[pid 7017] chdir("./68") = 0
[pid 7017] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 7017] setpgid(0, 0) = 0
[pid 7017] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 7017] write(3, "1000", 4) = 4
[pid 7017] close(3) = 0
[pid 7017] symlink("/dev/binderfs", "./binderfs") = 0
[pid 7017] write(1, "executing program\n", 18executing program
) = 18
[pid 7017] memfd_create("syzkaller", 0) = 3
[pid 7017] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6bc3f59000
[pid 7017] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 7017] munmap(0x7f6bc3f59000, 138412032) = 0
[pid 7017] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 7017] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 7017] close(3) = 0
[pid 7017] close(4) = 0
[pid 7017] mkdir("./file0", 0777) = 0
[ 113.399978][ T7017] loop0: detected capacity change from 0 to 32768
[ 113.415048][ T7017] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor410 (7017)
[ 113.422202][ T7017] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 113.422264][ T7017] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[ 113.422340][ T7017] BTRFS info (device loop0): using free-space-tree
[pid 7017] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,metadata_ratio=0x0000000000000000,ssd_spread,") = 0
[pid 7017] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 7017] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid 7017] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 7017] chdir("./file0") = 0
[pid 7017] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 4
[pid 7017] ioctl(4, IMADDTIMER, 0x200000001b00) = 0
[pid 7017] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[ 113.488910][ T7017] BTRFS info (device loop0): rebuilding free space tree
[pid 7017] write(5, "31", 2) = 2
[pid 7017] mkdir(".", 0777) = -1 EEXIST (File exists)
[pid 7017] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument)
[pid 7017] exit_group(0) = ?
[pid 7017] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7017, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=10 /* 0.10 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
[ 113.537123][ T1901] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 113.551000][ T7017] FAULT_INJECTION: forcing a failure.
[ 113.551000][ T7017] name failslab, interval 1, probability 0, space 0, times 0
[ 113.551035][ T7017] CPU: 1 UID: 0 PID: 7017 Comm: syz-executor410 Tainted: G W 6.17.0-rc1-syzkaller-00214-g99bade344cfa #0 PREEMPT_{RT,(full)}
[ 113.551062][ T7017] Tainted: [W]=WARN
[ 113.551076][ T7017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
umount2("./68", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555587b1a6f0 /* 4 entries */, 32768) = 112
[ 113.551087][ T7017] Call Trace:
[ 113.551094][ T7017]
[ 113.551101][ T7017] dump_stack_lvl+0x189/0x250
[ 113.551129][ T7017] ? __pfx____ratelimit+0x10/0x10
[ 113.551149][ T7017] ? __pfx_dump_stack_lvl+0x10/0x10
[ 113.551171][ T7017] ? __pfx__printk+0x10/0x10
[ 113.551188][ T7017] ? fs_reclaim_acquire+0x7d/0x100
[ 113.551203][ T7017] ? rcu_is_watching+0x15/0xb0
[ 113.551227][ T7017] ? __pfx___might_resched+0x10/0x10
[ 113.551244][ T7017] ? lock_acquire+0x5f/0x360
[ 113.551264][ T7017] should_fail_ex+0x46c/0x600
[ 113.551286][ T7017] ? btrfs_add_to_free_space_tree+0xde/0x5b0
[ 113.551306][ T7017] should_failslab+0xa8/0x100
[ 113.551327][ T7017] ? btrfs_add_to_free_space_tree+0xde/0x5b0
[ 113.551346][ T7017] kmem_cache_alloc_noprof+0x6e/0x310
[ 113.551370][ T7017] btrfs_add_to_free_space_tree+0xde/0x5b0
[ 113.551392][ T7017] __btrfs_free_extent+0x167b/0x4250
[ 113.551417][ T7017] ? __pfx___btrfs_free_extent+0x10/0x10
[ 113.551435][ T7017] ? migrate_disable+0x160/0x190
[ 113.551454][ T7017] ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 113.551471][ T7017] ? lock_release+0x4b/0x3e0
[ 113.551490][ T7017] ? __btrfs_run_delayed_refs+0x33e8/0x4150
[ 113.551516][ T7017] __btrfs_run_delayed_refs+0xe7f/0x4150
[ 113.551546][ T7017] ? is_bpf_text_address+0x26/0x2b0
[ 113.551573][ T7017] ? is_bpf_text_address+0x292/0x2b0
[ 113.551594][ T7017] ? __pfx___btrfs_run_delayed_refs+0x10/0x10
[ 113.551619][ T7017] ? try_to_take_rt_mutex+0x840/0xb00
[ 113.551635][ T7017] ? unwind_get_return_address+0x4d/0x90
[ 113.551657][ T7017] ? __pfx_stack_trace_consume_entry+0x10/0x10
umount2("./68/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./68/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./68/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./68/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./68/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[ 113.551675][ T7017] ? arch_stack_walk+0xfc/0x150
[ 113.551699][ T7017] ? rtlock_slowlock_locked+0xd8/0x4010
[ 113.551717][ T7017] ? stack_trace_save+0x9c/0xe0
[ 113.551733][ T7017] ? __pfx_stack_trace_save+0x10/0x10
[ 113.551750][ T7017] ? stack_depot_save_flags+0x40/0x860
[ 113.551770][ T7017] ? btrfs_commit_transaction+0x161/0x3950
[ 113.551791][ T7017] ? rcu_is_watching+0x15/0xb0
[ 113.551813][ T7017] ? lock_acquire+0x5f/0x360
[ 113.551832][ T7017] ? rcu_is_watching+0x15/0xb0
[ 113.551855][ T7017] btrfs_run_delayed_refs+0xe6/0x3b0
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555587b22730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555587b22730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./68/file0") = 0
[ 113.551879][ T7017] btrfs_commit_transaction+0x269/0x3950
[ 113.551907][ T7017] ? rcu_is_watching+0x15/0xb0
[ 113.551928][ T7017] ? btrfs_commit_transaction+0x161/0x3950
[ 113.551948][ T7017] ? lock_acquire+0x5f/0x360
[ 113.551967][ T7017] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 113.551988][ T7017] ? rt_mutex_slowunlock+0x493/0x8a0
[ 113.552004][ T7017] ? migrate_disable+0xd5/0x190
[ 113.552023][ T7017] ? join_transaction+0x41b/0xca0
[ 113.552043][ T7017] ? rcu_is_watching+0x15/0xb0
umount2("./68/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./68/binderfs") = 0
[ 113.552069][ T7017] ? lock_acquire+0x5f/0x360
[ 113.552089][ T7017] ? __pfx_btrfs_commit_transaction+0x10/0x10
[ 113.552110][ T7017] ? join_transaction+0x41b/0xca0
[ 113.552134][ T7017] ? btrfs_record_root_in_trans+0x91/0x180
[ 113.552154][ T7017] ? start_transaction+0x439/0x1620
[ 113.552179][ T7017] ? btrfs_attach_transaction_barrier+0x32/0xa0
[ 113.552199][ T7017] ? btrfs_sync_fs+0x1b2/0x6a0
[ 113.552221][ T7017] sync_filesystem+0x1ce/0x250
[ 113.552244][ T7017] btrfs_reconfigure+0x2fa/0x2160
[ 113.552265][ T7017] ? __pfx_list_lru_walk_node+0x10/0x10
getdents64(3, 0x555587b1a6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./68") = 0
mkdir("./69", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
[ 113.552289][ T7017] ? __pfx_btrfs_reconfigure+0x10/0x10
[ 113.552306][ T7017] ? __pfx_shrink_dcache_sb+0x10/0x10
[ 113.552330][ T7017] ? rcu_is_watching+0x15/0xb0
[ 113.552355][ T7017] reconfigure_super+0x224/0x890
[ 113.552376][ T7017] path_mount+0xd18/0xfe0
[ 113.552400][ T7017] __se_sys_mount+0x317/0x410
[ 113.552424][ T7017] ? __pfx___se_sys_mount+0x10/0x10
[ 113.552445][ T7017] ? rcu_is_watching+0x15/0xb0
[ 113.552468][ T7017] ? __x64_sys_mount+0x20/0xc0
[ 113.552490][ T7017] do_syscall_64+0xfa/0x3b0
[ 113.552510][ T7017] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 113.552527][ T7017] ? clear_bhb_loop+0x60/0xb0
[ 113.552545][ T7017] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 113.552561][ T7017] RIP: 0033:0x7f6bcc3a931a
[ 113.552577][ T7017] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 3e 07 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 113.552591][ T7017] RSP: 002b:00007ffca25590d8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
close(3) = 0
[ 113.552611][ T7017] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6bcc3a931a
[ 113.552624][ T7017] RDX: 0000200000000180 RSI: 00002000000006c0 RDI: 0000000000000000
[ 113.552635][ T7017] RBP: 0000200000000180 R08: 00007ffca2559170 R09: 0000200000000080
[ 113.552647][ T7017] R10: 0000000001a4243c R11: 0000000000000206 R12: 00002000000006c0
[ 113.552659][ T7017] R13: 00007ffca2559170 R14: 0000000000000000 R15: 0000200000000700
[ 113.552677][ T7017]
[ 113.552687][ T7017] BTRFS error (device loop0 state A): Transaction aborted (error -12)
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7034 attached
, child_tidptr=0x555587b19650) = 7034
[pid 7034] set_robust_list(0x555587b19660, 24) = 0
[pid 7034] chdir("./69") = 0
[pid 7034] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 7034] setpgid(0, 0) = 0
[pid 7034] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[ 113.552707][ T7017] BTRFS: error (device loop0 state A) in btrfs_add_to_free_space_tree:1035: errno=-12 Out of memory
[ 113.552725][ T7017] BTRFS info (device loop0 state EA): forced readonly
[ 113.552740][ T7017] BTRFS: error (device loop0 state EA) in do_free_extent_accounting:3005: errno=-12 Out of memory
[ 113.552766][ T7017] BTRFS error (device loop0 state EA): failed to run delayed ref for logical 5394432 num_bytes 4096 type 176 action 2 ref_mod 1: -12
[ 113.552805][ T7017] BTRFS: error (device loop0 state EA) in btrfs_run_delayed_refs:2161: errno=-12 Out of memory
[pid 7034] write(3, "1000", 4) = 4
[pid 7034] close(3) = 0
[pid 7034] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 7034] write(1, "executing program\n", 18) = 18
[pid 7034] memfd_create("syzkaller", 0) = 3
[pid 7034] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6bc3f59000
[ 113.553178][ T7017] BTRFS error (device loop0 state EMA): remounting read-write after error is not allowed
[ 113.717968][ T5833] BTRFS info (device loop0 state EA): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[pid 7034] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 7034] munmap(0x7f6bc3f59000, 138412032) = 0
[pid 7034] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 7034] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 7034] close(3) = 0
[pid 7034] close(4) = 0
[pid 7034] mkdir("./file0", 0777) = 0
[ 114.257505][ T7034] loop0: detected capacity change from 0 to 32768
[ 114.281085][ T7034] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor410 (7034)
[ 114.296000][ T7034] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[pid 7034] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,metadata_ratio=0x0000000000000000,ssd_spread,") = 0
[pid 7034] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[ 114.296065][ T7034] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[ 114.296140][ T7034] BTRFS info (device loop0): using free-space-tree
[ 114.342479][ T7034] BTRFS info (device loop0): rebuilding free space tree
[pid 7034] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid 7034] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 7034] chdir("./file0") = 0
[pid 7034] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 4
[pid 7034] ioctl(4, IMADDTIMER, 0x200000001b00) = 0
[pid 7034] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 7034] write(5, "31", 2) = 2
[pid 7034] mkdir(".", 0777) = -1 EEXIST (File exists)
[pid 7034] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = 0
[pid 7034] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 6
[pid 7034] exit_group(0) = ?
[pid 7034] +++ exited with 0 +++
[ 114.433540][ T12] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 114.463833][ T7034] FAULT_INJECTION: forcing a failure.
[ 114.463833][ T7034] name failslab, interval 1, probability 0, space 0, times 0
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7034, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=10 /* 0.10 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./69", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555587b1a6f0 /* 4 entries */, 32768) = 112
[ 114.463856][ T7034] CPU: 0 UID: 0 PID: 7034 Comm: syz-executor410 Tainted: G W 6.17.0-rc1-syzkaller-00214-g99bade344cfa #0 PREEMPT_{RT,(full)}
[ 114.463871][ T7034] Tainted: [W]=WARN
[ 114.463875][ T7034] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 114.463881][ T7034] Call Trace:
[ 114.463884][ T7034]
[ 114.463889][ T7034] dump_stack_lvl+0x189/0x250
[ 114.463906][ T7034] ? __pfx____ratelimit+0x10/0x10
[ 114.463918][ T7034] ? __pfx_dump_stack_lvl+0x10/0x10
[ 114.463930][ T7034] ? __pfx__printk+0x10/0x10
[ 114.463940][ T7034] ? fs_reclaim_acquire+0x7d/0x100
[ 114.463949][ T7034] ? rcu_is_watching+0x15/0xb0
[ 114.463962][ T7034] ? __pfx___might_resched+0x10/0x10
[ 114.463971][ T7034] ? lock_acquire+0x5f/0x360
[ 114.463983][ T7034] should_fail_ex+0x46c/0x600
[ 114.463996][ T7034] ? alloc_extent_state+0x22/0x2f0
[ 114.464009][ T7034] should_failslab+0xa8/0x100
[ 114.464022][ T7034] ? alloc_extent_state+0x22/0x2f0
[ 114.464033][ T7034] kmem_cache_alloc_noprof+0x6e/0x310
[ 114.464046][ T7034] alloc_extent_state+0x22/0x2f0
umount2("./69/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./69/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./69/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./69/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./69/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555587b22730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555587b22730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./69/file0") = 0
umount2("./69/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 114.464059][ T7034] set_extent_bit+0x270/0x21e0
[ 114.464088][ T7034] ? rt_mutex_slowunlock+0x493/0x8a0
[ 114.464098][ T7034] ? __pfx_set_extent_bit+0x10/0x10
[ 114.464110][ T7034] ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 114.464119][ T7034] ? lock_release+0x4b/0x3e0
[ 114.464131][ T7034] btrfs_set_extent_bit+0x38/0x50
[ 114.464143][ T7034] btrfs_update_block_group+0x712/0xb00
[ 114.464159][ T7034] __btrfs_free_extent+0x16a0/0x4250
[ 114.464174][ T7034] ? __pfx___btrfs_free_extent+0x10/0x10
[ 114.464183][ T7034] ? migrate_disable+0x160/0x190
newfstatat(AT_FDCWD, "./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./69/binderfs") = 0
getdents64(3, 0x555587b1a6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./69") = 0
mkdir("./70", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[ 114.464194][ T7034] ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 114.464203][ T7034] ? lock_release+0x4b/0x3e0
[ 114.464215][ T7034] __btrfs_run_delayed_refs+0xe7f/0x4150
[ 114.464232][ T7034] ? is_bpf_text_address+0x26/0x2b0
[ 114.464247][ T7034] ? is_bpf_text_address+0x292/0x2b0
[ 114.464258][ T7034] ? __pfx___btrfs_run_delayed_refs+0x10/0x10
[ 114.464272][ T7034] ? try_to_take_rt_mutex+0x840/0xb00
[ 114.464281][ T7034] ? unwind_get_return_address+0x4d/0x90
[ 114.464293][ T7034] ? __pfx_stack_trace_consume_entry+0x10/0x10
ioctl(3, LOOP_CLR_FD) = 0
[ 114.464303][ T7034] ? arch_stack_walk+0xfc/0x150
[ 114.464317][ T7034] ? rtlock_slowlock_locked+0xd8/0x4010
[ 114.464328][ T7034] ? stack_trace_save+0x9c/0xe0
[ 114.464337][ T7034] ? __pfx_stack_trace_save+0x10/0x10
[ 114.464347][ T7034] ? stack_depot_save_flags+0x40/0x860
[ 114.464358][ T7034] ? btrfs_commit_transaction+0x161/0x3950
[ 114.464369][ T7034] ? rcu_is_watching+0x15/0xb0
[ 114.464382][ T7034] ? lock_acquire+0x5f/0x360
[ 114.464392][ T7034] ? rcu_is_watching+0x15/0xb0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7051 attached
[pid 7051] set_robust_list(0x555587b19660, 24) = 0
[pid 7051] chdir("./70"
[pid 5833] <... clone resumed>, child_tidptr=0x555587b19650) = 7051
[pid 7051] <... chdir resumed>) = 0
[pid 7051] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 7051] setpgid(0, 0) = 0
[pid 7051] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 7051] write(3, "1000", 4) = 4
[pid 7051] close(3) = 0
[pid 7051] symlink("/dev/binderfs", "./binderfs"executing program
) = 0
[pid 7051] write(1, "executing program\n", 18) = 18
[ 114.464405][ T7034] btrfs_run_delayed_refs+0xe6/0x3b0
[ 114.464418][ T7034] btrfs_commit_transaction+0x269/0x3950
[ 114.464430][ T7034] ? rcu_is_watching+0x15/0xb0
[ 114.464442][ T7034] ? btrfs_commit_transaction+0x161/0x3950
[ 114.464453][ T7034] ? lock_acquire+0x5f/0x360
[ 114.464463][ T7034] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 114.464475][ T7034] ? rt_mutex_slowunlock+0x493/0x8a0
[ 114.464483][ T7034] ? migrate_disable+0xd5/0x190
[pid 7051] memfd_create("syzkaller", 0) = 3
[pid 7051] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6bc3f59000
[ 114.464493][ T7034] ? join_transaction+0x41b/0xca0
[ 114.464504][ T7034] ? rcu_is_watching+0x15/0xb0
[ 114.464516][ T7034] ? lock_acquire+0x5f/0x360
[ 114.464527][ T7034] ? __pfx_btrfs_commit_transaction+0x10/0x10
[ 114.464538][ T7034] ? join_transaction+0x41b/0xca0
[ 114.464551][ T7034] ? btrfs_record_root_in_trans+0x91/0x180
[ 114.464562][ T7034] ? start_transaction+0x439/0x1620
[ 114.464575][ T7034] ? btrfs_attach_transaction_barrier+0x32/0xa0
[ 114.464586][ T7034] ? btrfs_sync_fs+0x1b2/0x6a0
[ 114.464597][ T7034] sync_filesystem+0x1ce/0x250
[ 114.464610][ T7034] btrfs_reconfigure+0x2fa/0x2160
[ 114.464623][ T7034] ? __pfx_list_lru_walk_node+0x10/0x10
[ 114.464636][ T7034] ? __pfx_btrfs_reconfigure+0x10/0x10
[ 114.464645][ T7034] ? __pfx_shrink_dcache_sb+0x10/0x10
[ 114.464659][ T7034] ? rcu_is_watching+0x15/0xb0
[ 114.464672][ T7034] reconfigure_super+0x224/0x890
[ 114.464684][ T7034] path_mount+0xd18/0xfe0
[ 114.464697][ T7034] __se_sys_mount+0x317/0x410
[ 114.464710][ T7034] ? __pfx___se_sys_mount+0x10/0x10
[ 114.464722][ T7034] ? rcu_is_watching+0x15/0xb0
[ 114.464734][ T7034] ? __x64_sys_mount+0x20/0xc0
[ 114.464746][ T7034] do_syscall_64+0xfa/0x3b0
[ 114.464758][ T7034] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 114.464767][ T7034] ? clear_bhb_loop+0x60/0xb0
[ 114.464777][ T7034] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 114.464786][ T7034] RIP: 0033:0x7f6bcc3a931a
[ 114.464795][ T7034] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 3e 07 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[pid 7051] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[ 114.464803][ T7034] RSP: 002b:00007ffca25590d8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 114.464814][ T7034] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6bcc3a931a
[ 114.464821][ T7034] RDX: 0000200000000180 RSI: 00002000000006c0 RDI: 0000000000000000
[ 114.464828][ T7034] RBP: 0000200000000180 R08: 00007ffca2559170 R09: 0000200000000080
[ 114.464834][ T7034] R10: 0000000001a4243c R11: 0000000000000206 R12: 00002000000006c0
[ 114.464841][ T7034] R13: 00007ffca2559170 R14: 0000000000000000 R15: 0000200000000700
[ 114.464850][ T7034]
[pid 7051] munmap(0x7f6bc3f59000, 138412032) = 0
[pid 7051] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 7051] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 7051] close(3) = 0
[pid 7051] close(4) = 0
[pid 7051] mkdir("./file0", 0777) = 0
[ 114.549176][ T5833] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 115.013267][ T7051] loop0: detected capacity change from 0 to 32768
[ 115.030710][ T7051] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor410 (7051)
[ 115.036562][ T7051] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 115.036622][ T7051] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[ 115.036700][ T7051] BTRFS info (device loop0): using free-space-tree
[pid 7051] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,metadata_ratio=0x0000000000000000,ssd_spread,") = 0
[pid 7051] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 7051] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid 7051] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 7051] chdir("./file0") = 0
[pid 7051] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 4
[pid 7051] ioctl(4, IMADDTIMER, 0x200000001b00) = 0
[pid 7051] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 7051] write(5, "31", 2) = 2
[pid 7051] mkdir(".", 0777) = -1 EEXIST (File exists)
[pid 7051] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = 0
[pid 7051] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 6
[pid 7051] exit_group(0) = ?
[pid 7051] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7051, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=12 /* 0.12 s */} ---
[ 115.102878][ T7051] BTRFS info (device loop0): rebuilding free space tree
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./70", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555587b1a6f0 /* 4 entries */, 32768) = 112
[ 115.159406][ T1901] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
umount2("./70/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./70/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 115.239922][ T5833] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
newfstatat(AT_FDCWD, "./70/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./70/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./70/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555587b22730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555587b22730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./70/file0") = 0
umount2("./70/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./70/binderfs") = 0
getdents64(3, 0x555587b1a6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./70") = 0
mkdir("./71", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7068 attached
, child_tidptr=0x555587b19650) = 7068
[pid 7068] set_robust_list(0x555587b19660, 24) = 0
[pid 7068] chdir("./71") = 0
[pid 7068] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 7068] setpgid(0, 0) = 0
[pid 7068] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 7068] write(3, "1000", 4) = 4
[pid 7068] close(3) = 0
[pid 7068] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 7068] write(1, "executing program\n", 18) = 18
[pid 7068] memfd_create("syzkaller", 0) = 3
[pid 7068] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6bc3f59000
[pid 7068] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 7068] munmap(0x7f6bc3f59000, 138412032) = 0
[pid 7068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 7068] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 7068] close(3) = 0
[pid 7068] close(4) = 0
[pid 7068] mkdir("./file0", 0777) = 0
[ 115.778276][ T7068] loop0: detected capacity change from 0 to 32768
[ 115.784675][ T7068] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor410 (7068)
[ 115.789737][ T7068] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 115.789800][ T7068] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[ 115.789880][ T7068] BTRFS info (device loop0): using free-space-tree
[pid 7068] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,metadata_ratio=0x0000000000000000,ssd_spread,") = 0
[pid 7068] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 7068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid 7068] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 7068] chdir("./file0") = 0
[pid 7068] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 4
[pid 7068] ioctl(4, IMADDTIMER, 0x200000001b00) = 0
[pid 7068] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 7068] write(5, "31", 2) = 2
[pid 7068] mkdir(".", 0777) = -1 EEXIST (File exists)
[ 115.856571][ T7068] BTRFS info (device loop0): rebuilding free space tree
[pid 7068] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = 0
[pid 7068] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = -1 EFAULT (Bad address)
[pid 7068] exit_group(0) = ?
[pid 7068] +++ exited with 0 +++
[ 115.922482][ T12] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 115.936528][ T7068] FAULT_INJECTION: forcing a failure.
[ 115.936528][ T7068] name fail_usercopy, interval 1, probability 0, space 0, times 1
[ 115.936561][ T7068] CPU: 1 UID: 0 PID: 7068 Comm: syz-executor410 Tainted: G W 6.17.0-rc1-syzkaller-00214-g99bade344cfa #0 PREEMPT_{RT,(full)}
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7068, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=13 /* 0.13 s */} ---
[ 115.936586][ T7068] Tainted: [W]=WARN
[ 115.936592][ T7068] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 115.936602][ T7068] Call Trace:
[ 115.936609][ T7068]
[ 115.936615][ T7068] dump_stack_lvl+0x189/0x250
[ 115.936643][ T7068] ? __pfx____ratelimit+0x10/0x10
[ 115.936663][ T7068] ? __pfx_dump_stack_lvl+0x10/0x10
[ 115.936686][ T7068] ? __pfx__printk+0x10/0x10
[ 115.936708][ T7068] should_fail_ex+0x46c/0x600
[ 115.936731][ T7068] strncpy_from_user+0x36/0x290
umount2("./71", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555587b1a6f0 /* 4 entries */, 32768) = 112
[ 115.936752][ T7068] getname_flags+0xf3/0x540
[ 115.936778][ T7068] do_sys_openat2+0xbc/0x1c0
[ 115.936794][ T7068] ? __pfx_do_sys_openat2+0x10/0x10
[ 115.936812][ T7068] ? rcu_is_watching+0x15/0xb0
[ 115.936837][ T7068] __x64_sys_openat+0x138/0x170
[ 115.936856][ T7068] do_syscall_64+0xfa/0x3b0
[ 115.936875][ T7068] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 115.936891][ T7068] ? clear_bhb_loop+0x60/0xb0
[ 115.936909][ T7068] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 115.936925][ T7068] RIP: 0033:0x7f6bcc3a6e91
[ 115.936940][ T7068] Code: 75 57 89 f0 25 00 00 41 00 3d 00 00 41 00 74 49 80 3d 5a 72 07 00 00 74 6d 89 da 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 93 00 00 00 48 8b 54 24 28 64 48 2b 14 25
[ 115.936954][ T7068] RSP: 002b:00007ffca2559060 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[ 115.936973][ T7068] RAX: ffffffffffffffda RBX: 0000000000010000 RCX: 00007f6bcc3a6e91
[ 115.936986][ T7068] RDX: 0000000000010000 RSI: 00002000000006c0 RDI: 00000000ffffff9c
umount2("./71/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./71/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./71/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./71/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 115.936999][ T7068] RBP: 00002000000006c0 R08: 00007ffca2559170 R09: 0000200000000080
[ 115.937012][ T7068] R10: 0000000000000000 R11: 0000000000000202 R12: 00002000000006c0
[ 115.937024][ T7068] R13: 00007ffca2559170 R14: 0000000000000000 R15: 0000200000000700
[ 115.937042][ T7068]
[ 116.118862][ T5833] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
openat(AT_FDCWD, "./71/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555587b22730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555587b22730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./71/file0") = 0
umount2("./71/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./71/binderfs") = 0
getdents64(3, 0x555587b1a6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./71") = 0
mkdir("./72", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7086 attached
, child_tidptr=0x555587b19650) = 7086
[pid 7086] set_robust_list(0x555587b19660, 24) = 0
[pid 7086] chdir("./72") = 0
[pid 7086] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 7086] setpgid(0, 0) = 0
[pid 7086] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 7086] write(3, "1000", 4) = 4
[pid 7086] close(3) = 0
[pid 7086] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 7086] write(1, "executing program\n", 18) = 18
[pid 7086] memfd_create("syzkaller", 0) = 3
[pid 7086] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6bc3f59000
[pid 7086] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 7086] munmap(0x7f6bc3f59000, 138412032) = 0
[pid 7086] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 7086] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 7086] close(3) = 0
[pid 7086] close(4) = 0
[pid 7086] mkdir("./file0", 0777) = 0
[ 116.633838][ T7086] loop0: detected capacity change from 0 to 32768
[ 116.648653][ T7086] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor410 (7086)
[ 116.652684][ T7086] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[pid 7086] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,metadata_ratio=0x0000000000000000,ssd_spread,") = 0
[ 116.652748][ T7086] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[ 116.652810][ T7086] BTRFS info (device loop0): using free-space-tree
[ 116.720179][ T7086] BTRFS info (device loop0): rebuilding free space tree
[pid 7086] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 7086] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid 7086] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 7086] chdir("./file0") = 0
[pid 7086] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 4
[pid 7086] ioctl(4, IMADDTIMER, 0x200000001b00) = 0
[pid 7086] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 7086] write(5, "31", 2) = 2
[pid 7086] mkdir(".", 0777) = -1 EEXIST (File exists)
[pid 7086] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument)
[ 116.805887][ T12] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 116.854699][ T7086] FAULT_INJECTION: forcing a failure.
[pid 7086] exit_group(0) = ?
[pid 7086] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7086, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=10 /* 0.10 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
[ 116.854699][ T7086] name failslab, interval 1, probability 0, space 0, times 0
[ 116.854723][ T7086] CPU: 1 UID: 0 PID: 7086 Comm: syz-executor410 Tainted: G W 6.17.0-rc1-syzkaller-00214-g99bade344cfa #0 PREEMPT_{RT,(full)}
[ 116.854738][ T7086] Tainted: [W]=WARN
[ 116.854741][ T7086] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 116.854764][ T7086] Call Trace:
[ 116.854768][ T7086]
[ 116.854772][ T7086] dump_stack_lvl+0x189/0x250
[ 116.854789][ T7086] ? __pfx____ratelimit+0x10/0x10
umount2("./72", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555587b1a6f0 /* 4 entries */, 32768) = 112
[ 116.854802][ T7086] ? __pfx_dump_stack_lvl+0x10/0x10
[ 116.854814][ T7086] ? __pfx__printk+0x10/0x10
[ 116.854824][ T7086] ? fs_reclaim_acquire+0x7d/0x100
[ 116.854832][ T7086] ? rcu_is_watching+0x15/0xb0
[ 116.854846][ T7086] ? __pfx___might_resched+0x10/0x10
[ 116.854856][ T7086] ? lock_acquire+0x5f/0x360
[ 116.854867][ T7086] should_fail_ex+0x46c/0x600
[ 116.854879][ T7086] ? btrfs_add_to_free_space_tree+0xde/0x5b0
[ 116.854891][ T7086] should_failslab+0xa8/0x100
[ 116.854904][ T7086] ? btrfs_add_to_free_space_tree+0xde/0x5b0
umount2("./72/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./72/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./72/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./72/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./72/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555587b22730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555587b22730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./72/file0") = 0
[ 116.854914][ T7086] kmem_cache_alloc_noprof+0x6e/0x310
[ 116.854927][ T7086] btrfs_add_to_free_space_tree+0xde/0x5b0
[ 116.854943][ T7086] __btrfs_free_extent+0x167b/0x4250
[ 116.854957][ T7086] ? __pfx___btrfs_free_extent+0x10/0x10
[ 116.854966][ T7086] ? migrate_disable+0x160/0x190
[ 116.854978][ T7086] ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 116.854987][ T7086] ? lock_release+0x4b/0x3e0
[ 116.854998][ T7086] ? __btrfs_run_delayed_refs+0x33e8/0x4150
[ 116.855014][ T7086] __btrfs_run_delayed_refs+0xe7f/0x4150
umount2("./72/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./72/binderfs") = 0
getdents64(3, 0x555587b1a6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./72") = 0
mkdir("./73", 0777) = 0
[ 116.855044][ T7086] ? is_bpf_text_address+0x26/0x2b0
[ 116.855063][ T7086] ? is_bpf_text_address+0x292/0x2b0
[ 116.855075][ T7086] ? __pfx___btrfs_run_delayed_refs+0x10/0x10
[ 116.855088][ T7086] ? try_to_take_rt_mutex+0x840/0xb00
[ 116.855097][ T7086] ? unwind_get_return_address+0x4d/0x90
[ 116.855110][ T7086] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 116.855120][ T7086] ? arch_stack_walk+0xfc/0x150
[ 116.855133][ T7086] ? rtlock_slowlock_locked+0xd8/0x4010
[ 116.855143][ T7086] ? stack_trace_save+0x9c/0xe0
[ 116.855152][ T7086] ? __pfx_stack_trace_save+0x10/0x10
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
[ 116.855162][ T7086] ? stack_depot_save_flags+0x40/0x860
[ 116.855173][ T7086] ? btrfs_commit_transaction+0x161/0x3950
[ 116.855185][ T7086] ? rcu_is_watching+0x15/0xb0
[ 116.855198][ T7086] ? lock_acquire+0x5f/0x360
[ 116.855208][ T7086] ? rcu_is_watching+0x15/0xb0
[ 116.855221][ T7086] btrfs_run_delayed_refs+0xe6/0x3b0
[ 116.855234][ T7086] btrfs_commit_transaction+0x269/0x3950
[ 116.855246][ T7086] ? rcu_is_watching+0x15/0xb0
[ 116.855258][ T7086] ? btrfs_commit_transaction+0x161/0x3950
[ 116.855269][ T7086] ? lock_acquire+0x5f/0x360
[ 116.855280][ T7086] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 116.855291][ T7086] ? rt_mutex_slowunlock+0x493/0x8a0
[ 116.855300][ T7086] ? migrate_disable+0xd5/0x190
[ 116.855310][ T7086] ? join_transaction+0x41b/0xca0
[ 116.855321][ T7086] ? rcu_is_watching+0x15/0xb0
[ 116.855333][ T7086] ? lock_acquire+0x5f/0x360
[ 116.855344][ T7086] ? __pfx_btrfs_commit_transaction+0x10/0x10
[ 116.855356][ T7086] ? join_transaction+0x41b/0xca0
[ 116.855368][ T7086] ? btrfs_record_root_in_trans+0x91/0x180
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7103 attached
[pid 7103] set_robust_list(0x555587b19660, 24) = 0
[pid 7103] chdir("./73"
[pid 5833] <... clone resumed>, child_tidptr=0x555587b19650) = 7103
[pid 7103] <... chdir resumed>) = 0
[pid 7103] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[ 116.855379][ T7086] ? start_transaction+0x439/0x1620
[ 116.855393][ T7086] ? btrfs_attach_transaction_barrier+0x32/0xa0
[ 116.855404][ T7086] ? btrfs_sync_fs+0x1b2/0x6a0
[ 116.855416][ T7086] sync_filesystem+0x1ce/0x250
[ 116.855428][ T7086] btrfs_reconfigure+0x2fa/0x2160
[ 116.855439][ T7086] ? __pfx_list_lru_walk_node+0x10/0x10
[ 116.855452][ T7086] ? __pfx_btrfs_reconfigure+0x10/0x10
[ 116.855461][ T7086] ? __pfx_shrink_dcache_sb+0x10/0x10
[ 116.855475][ T7086] ? rcu_is_watching+0x15/0xb0
[pid 7103] setpgid(0, 0) = 0
[pid 7103] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 7103] write(3, "1000", 4) = 4
[pid 7103] close(3) = 0
[pid 7103] symlink("/dev/binderfs", "./binderfs") = 0
[pid 7103] write(1, "executing program\n", 18executing program
[ 116.855489][ T7086] reconfigure_super+0x224/0x890
[ 116.855500][ T7086] path_mount+0xd18/0xfe0
[ 116.855514][ T7086] __se_sys_mount+0x317/0x410
[ 116.855527][ T7086] ? __pfx___se_sys_mount+0x10/0x10
[ 116.855538][ T7086] ? rcu_is_watching+0x15/0xb0
[ 116.855551][ T7086] ? __x64_sys_mount+0x20/0xc0
[ 116.855563][ T7086] do_syscall_64+0xfa/0x3b0
[ 116.855574][ T7086] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 116.855583][ T7086] ? clear_bhb_loop+0x60/0xb0
[ 116.855593][ T7086] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 116.855602][ T7086] RIP: 0033:0x7f6bcc3a931a
) = 18
[pid 7103] memfd_create("syzkaller", 0) = 3
[pid 7103] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6bc3f59000
[ 116.855612][ T7086] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 3e 07 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 116.855620][ T7086] RSP: 002b:00007ffca25590d8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 116.855631][ T7086] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6bcc3a931a
[ 116.855638][ T7086] RDX: 0000200000000180 RSI: 00002000000006c0 RDI: 0000000000000000
[ 116.855645][ T7086] RBP: 0000200000000180 R08: 00007ffca2559170 R09: 0000200000000080
[ 116.855652][ T7086] R10: 0000000001a4243c R11: 0000000000000206 R12: 00002000000006c0
[ 116.855658][ T7086] R13: 00007ffca2559170 R14: 0000000000000000 R15: 0000200000000700
[ 116.855668][ T7086]
[ 116.855673][ T7086] BTRFS error (device loop0 state A): Transaction aborted (error -12)
[ 116.855685][ T7086] BTRFS: error (device loop0 state A) in btrfs_add_to_free_space_tree:1035: errno=-12 Out of memory
[ 116.855695][ T7086] BTRFS info (device loop0 state EA): forced readonly
[ 116.855704][ T7086] BTRFS: error (device loop0 state EA) in do_free_extent_accounting:3005: errno=-12 Out of memory
[ 116.855718][ T7086] BTRFS error (device loop0 state EA): failed to run delayed ref for logical 5394432 num_bytes 4096 type 176 action 2 ref_mod 1: -12
[ 116.855740][ T7086] BTRFS: error (device loop0 state EA) in btrfs_run_delayed_refs:2161: errno=-12 Out of memory
[ 116.855779][ T7086] BTRFS error (device loop0 state EMA): remounting read-write after error is not allowed
[pid 7103] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 7103] munmap(0x7f6bc3f59000, 138412032) = 0
[ 116.937836][ T5833] BTRFS info (device loop0 state EA): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[pid 7103] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 7103] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 7103] close(3) = 0
[pid 7103] close(4) = 0
[pid 7103] mkdir("./file0", 0777) = 0
[ 117.470190][ T7103] loop0: detected capacity change from 0 to 32768
[ 117.495942][ T7103] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor410 (7103)
[pid 7103] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,metadata_ratio=0x0000000000000000,ssd_spread,") = 0
[pid 7103] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[ 117.500009][ T7103] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 117.500073][ T7103] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[ 117.500130][ T7103] BTRFS info (device loop0): using free-space-tree
[ 117.559118][ T7103] BTRFS info (device loop0): rebuilding free space tree
[pid 7103] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid 7103] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 7103] chdir("./file0") = 0
[pid 7103] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 4
[pid 7103] ioctl(4, IMADDTIMER, 0x200000001b00) = 0
[pid 7103] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 7103] write(5, "31", 2) = 2
[pid 7103] mkdir(".", 0777) = -1 EEXIST (File exists)
[pid 7103] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument)
[pid 7103] exit_group(0) = ?
[pid 7103] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7103, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=12 /* 0.12 s */} ---
[ 117.626121][ T1901] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 117.655554][ T7103] FAULT_INJECTION: forcing a failure.
[ 117.655554][ T7103] name failslab, interval 1, probability 0, space 0, times 0
[ 117.655576][ T7103] CPU: 1 UID: 0 PID: 7103 Comm: syz-executor410 Tainted: G W 6.17.0-rc1-syzkaller-00214-g99bade344cfa #0 PREEMPT_{RT,(full)}
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./73", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555587b1a6f0 /* 4 entries */, 32768) = 112
[ 117.655592][ T7103] Tainted: [W]=WARN
[ 117.655596][ T7103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 117.655602][ T7103] Call Trace:
[ 117.655605][ T7103]
[ 117.655610][ T7103] dump_stack_lvl+0x189/0x250
[ 117.655627][ T7103] ? __pfx____ratelimit+0x10/0x10
[ 117.655639][ T7103] ? __pfx_dump_stack_lvl+0x10/0x10
[ 117.655651][ T7103] ? __pfx__printk+0x10/0x10
[ 117.655663][ T7103] ? __pfx___might_resched+0x10/0x10
[ 117.655674][ T7103] ? lock_acquire+0x5f/0x360
[ 117.655686][ T7103] should_fail_ex+0x46c/0x600
[ 117.655698][ T7103] ? __btrfs_free_extent+0x2f9/0x4250
[ 117.655708][ T7103] should_failslab+0xa8/0x100
[ 117.655721][ T7103] ? __btrfs_free_extent+0x2f9/0x4250
[ 117.655730][ T7103] kmem_cache_alloc_noprof+0x6e/0x310
[ 117.655743][ T7103] __btrfs_free_extent+0x2f9/0x4250
[ 117.655756][ T7103] ? rt_mutex_slowunlock+0x493/0x8a0
[ 117.655765][ T7103] ? __pfx___btrfs_free_extent+0x10/0x10
[ 117.655774][ T7103] ? __pfx_migrate_enable+0x10/0x10
[ 117.655785][ T7103] ? __pfx_rt_mutex_slowunlock+0x10/0x10
umount2("./73/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./73/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./73/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./73/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./73/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[ 117.655799][ T7103] ? lock_release+0x4b/0x3e0
[ 117.655816][ T7103] ? __btrfs_run_delayed_refs+0x33e8/0x4150
[ 117.655840][ T7103] __btrfs_run_delayed_refs+0xe7f/0x4150
[ 117.655866][ T7103] ? is_bpf_text_address+0x26/0x2b0
[ 117.655892][ T7103] ? is_bpf_text_address+0x292/0x2b0
[ 117.655922][ T7103] ? __pfx___btrfs_run_delayed_refs+0x10/0x10
[ 117.655948][ T7103] ? try_to_take_rt_mutex+0x840/0xb00
[ 117.655964][ T7103] ? unwind_get_return_address+0x4d/0x90
[ 117.655986][ T7103] ? __pfx_stack_trace_consume_entry+0x10/0x10
getdents64(4, 0x555587b22730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555587b22730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./73/file0") = 0
[ 117.656004][ T7103] ? arch_stack_walk+0xfc/0x150
[ 117.656029][ T7103] ? rtlock_slowlock_locked+0xd8/0x4010
[ 117.656048][ T7103] ? stack_trace_save+0x9c/0xe0
[ 117.656064][ T7103] ? __pfx_stack_trace_save+0x10/0x10
[ 117.656081][ T7103] ? stack_depot_save_flags+0x40/0x860
[ 117.656102][ T7103] ? btrfs_commit_transaction+0x161/0x3950
[ 117.656124][ T7103] ? rcu_is_watching+0x15/0xb0
[ 117.656148][ T7103] ? lock_acquire+0x5f/0x360
[ 117.656166][ T7103] ? rcu_is_watching+0x15/0xb0
umount2("./73/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./73/binderfs") = 0
getdents64(3, 0x555587b1a6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./73") = 0
[ 117.656190][ T7103] btrfs_run_delayed_refs+0xe6/0x3b0
[ 117.656215][ T7103] btrfs_commit_transaction+0x269/0x3950
[ 117.656236][ T7103] ? rcu_is_watching+0x15/0xb0
[ 117.656256][ T7103] ? btrfs_commit_transaction+0x161/0x3950
[ 117.656275][ T7103] ? lock_acquire+0x5f/0x360
[ 117.656287][ T7103] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 117.656299][ T7103] ? rt_mutex_slowunlock+0x493/0x8a0
[ 117.656308][ T7103] ? migrate_disable+0xd5/0x190
[ 117.656318][ T7103] ? join_transaction+0x41b/0xca0
[ 117.656329][ T7103] ? rcu_is_watching+0x15/0xb0
mkdir("./74", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
[ 117.656342][ T7103] ? lock_acquire+0x5f/0x360
[ 117.656353][ T7103] ? __pfx_btrfs_commit_transaction+0x10/0x10
[ 117.656364][ T7103] ? join_transaction+0x41b/0xca0
[ 117.656377][ T7103] ? btrfs_record_root_in_trans+0x91/0x180
[ 117.656388][ T7103] ? start_transaction+0x439/0x1620
[ 117.656402][ T7103] ? btrfs_attach_transaction_barrier+0x32/0xa0
[ 117.656412][ T7103] ? btrfs_sync_fs+0x1b2/0x6a0
[ 117.656425][ T7103] sync_filesystem+0x1ce/0x250
[ 117.656439][ T7103] btrfs_reconfigure+0x2fa/0x2160
[ 117.656450][ T7103] ? __pfx_list_lru_walk_node+0x10/0x10
[ 117.656464][ T7103] ? __pfx_btrfs_reconfigure+0x10/0x10
[ 117.656473][ T7103] ? __pfx_shrink_dcache_sb+0x10/0x10
[ 117.656487][ T7103] ? rcu_is_watching+0x15/0xb0
[ 117.656500][ T7103] reconfigure_super+0x224/0x890
[ 117.656512][ T7103] path_mount+0xd18/0xfe0
[ 117.656526][ T7103] __se_sys_mount+0x317/0x410
[ 117.656539][ T7103] ? __pfx___se_sys_mount+0x10/0x10
[ 117.656550][ T7103] ? rcu_is_watching+0x15/0xb0
[ 117.656566][ T7103] ? __x64_sys_mount+0x20/0xc0
[ 117.656578][ T7103] do_syscall_64+0xfa/0x3b0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555587b19650) = 7120
./strace-static-x86_64: Process 7120 attached
[ 117.656590][ T7103] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 117.656599][ T7103] ? clear_bhb_loop+0x60/0xb0
[ 117.656609][ T7103] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 117.656619][ T7103] RIP: 0033:0x7f6bcc3a931a
[ 117.656628][ T7103] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 3e 07 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 117.656637][ T7103] RSP: 002b:00007ffca25590d8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[pid 7120] set_robust_list(0x555587b19660, 24) = 0
[pid 7120] chdir("./74") = 0
[pid 7120] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 7120] setpgid(0, 0) = 0
[pid 7120] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 7120] write(3, "1000", 4) = 4
[pid 7120] close(3) = 0
[pid 7120] symlink("/dev/binderfs", "./binderfs") = 0
[pid 7120] write(1, "executing program\n", 18executing program
) = 18
[ 117.656648][ T7103] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6bcc3a931a
[ 117.656655][ T7103] RDX: 0000200000000180 RSI: 00002000000006c0 RDI: 0000000000000000
[ 117.656665][ T7103] RBP: 0000200000000180 R08: 00007ffca2559170 R09: 0000200000000080
[ 117.656674][ T7103] R10: 0000000001a4243c R11: 0000000000000206 R12: 00002000000006c0
[ 117.656684][ T7103] R13: 00007ffca2559170 R14: 0000000000000000 R15: 0000200000000700
[ 117.656698][ T7103]
[pid 7120] memfd_create("syzkaller", 0) = 3
[pid 7120] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6bc3f59000
[ 117.656961][ T7103] BTRFS error (device loop0): failed to run delayed ref for logical 5394432 num_bytes 4096 type 176 action 2 ref_mod 1: -12
[ 117.657002][ T7103] BTRFS error (device loop0 state A): Transaction aborted (error -12)
[ 117.657020][ T7103] BTRFS: error (device loop0 state A) in btrfs_run_delayed_refs:2161: errno=-12 Out of memory
[ 117.657035][ T7103] BTRFS info (device loop0 state EA): forced readonly
[ 117.657066][ T7103] BTRFS error (device loop0 state EMA): remounting read-write after error is not allowed
[ 117.786618][ T5833] BTRFS info (device loop0 state EA): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[pid 7120] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 7120] munmap(0x7f6bc3f59000, 138412032) = 0
[pid 7120] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 7120] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 7120] close(3) = 0
[pid 7120] close(4) = 0
[pid 7120] mkdir("./file0", 0777) = 0
[ 118.273447][ T7120] loop0: detected capacity change from 0 to 32768
[ 118.287418][ T7120] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor410 (7120)
[ 118.290250][ T7120] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[pid 7120] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,metadata_ratio=0x0000000000000000,ssd_spread,") = 0
[pid 7120] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 7120] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[ 118.290313][ T7120] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[ 118.290362][ T7120] BTRFS info (device loop0): using free-space-tree
[ 118.342413][ T7120] BTRFS info (device loop0): rebuilding free space tree
[pid 7120] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 7120] chdir("./file0") = 0
[pid 7120] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 4
[pid 7120] ioctl(4, IMADDTIMER, 0x200000001b00) = 0
[pid 7120] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 7120] write(5, "31", 2) = 2
[pid 7120] mkdir(".", 0777) = -1 EEXIST (File exists)
[pid 7120] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument)
[pid 7120] exit_group(0) = ?
[pid 7120] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7120, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=11 /* 0.11 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
[ 118.414653][ T13] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 118.426059][ T7120] FAULT_INJECTION: forcing a failure.
[ 118.426059][ T7120] name failslab, interval 1, probability 0, space 0, times 0
[ 118.426084][ T7120] CPU: 1 UID: 0 PID: 7120 Comm: syz-executor410 Tainted: G W 6.17.0-rc1-syzkaller-00214-g99bade344cfa #0 PREEMPT_{RT,(full)}
umount2("./74", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[ 118.426100][ T7120] Tainted: [W]=WARN
[ 118.426103][ T7120] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 118.426110][ T7120] Call Trace:
[ 118.426114][ T7120]
[ 118.426118][ T7120] dump_stack_lvl+0x189/0x250
[ 118.426136][ T7120] ? __pfx____ratelimit+0x10/0x10
[ 118.426148][ T7120] ? __pfx_dump_stack_lvl+0x10/0x10
[ 118.426161][ T7120] ? __pfx__printk+0x10/0x10
[ 118.426171][ T7120] ? __pfx___might_resched+0x10/0x10
[ 118.426181][ T7120] ? lock_acquire+0x5f/0x360
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555587b1a6f0 /* 4 entries */, 32768) = 112
[ 118.426193][ T7120] should_fail_ex+0x46c/0x600
[ 118.426206][ T7120] ? __btrfs_free_extent+0x2f9/0x4250
[ 118.426217][ T7120] should_failslab+0xa8/0x100
[ 118.426230][ T7120] ? __btrfs_free_extent+0x2f9/0x4250
[ 118.426238][ T7120] kmem_cache_alloc_noprof+0x6e/0x310
[ 118.426252][ T7120] __btrfs_free_extent+0x2f9/0x4250
[ 118.426264][ T7120] ? rt_mutex_slowunlock+0x493/0x8a0
[ 118.426273][ T7120] ? __pfx___btrfs_free_extent+0x10/0x10
[ 118.426283][ T7120] ? __pfx_migrate_enable+0x10/0x10
[ 118.426294][ T7120] ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 118.426303][ T7120] ? lock_release+0x4b/0x3e0
[ 118.426313][ T7120] ? __btrfs_run_delayed_refs+0x33e8/0x4150
[ 118.426328][ T7120] __btrfs_run_delayed_refs+0xe7f/0x4150
[ 118.426344][ T7120] ? is_bpf_text_address+0x26/0x2b0
[ 118.426360][ T7120] ? is_bpf_text_address+0x292/0x2b0
[ 118.426371][ T7120] ? __pfx___btrfs_run_delayed_refs+0x10/0x10
[ 118.426385][ T7120] ? try_to_take_rt_mutex+0x840/0xb00
[ 118.426394][ T7120] ? unwind_get_return_address+0x4d/0x90
[ 118.426407][ T7120] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 118.426418][ T7120] ? arch_stack_walk+0xfc/0x150
[ 118.426432][ T7120] ? rtlock_slowlock_locked+0xd8/0x4010
[ 118.426443][ T7120] ? stack_trace_save+0x9c/0xe0
[ 118.426451][ T7120] ? __pfx_stack_trace_save+0x10/0x10
[ 118.426461][ T7120] ? stack_depot_save_flags+0x40/0x860
[ 118.426472][ T7120] ? btrfs_commit_transaction+0x161/0x3950
[ 118.426484][ T7120] ? rcu_is_watching+0x15/0xb0
[ 118.426497][ T7120] ? lock_acquire+0x5f/0x360
[ 118.426508][ T7120] ? rcu_is_watching+0x15/0xb0
umount2("./74/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./74/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./74/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./74/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./74/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555587b22730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555587b22730 /* 0 entries */, 32768) = 0
close(4) = 0
[ 118.426521][ T7120] btrfs_run_delayed_refs+0xe6/0x3b0
[ 118.426534][ T7120] btrfs_commit_transaction+0x269/0x3950
[ 118.426546][ T7120] ? rcu_is_watching+0x15/0xb0
[ 118.426558][ T7120] ? btrfs_commit_transaction+0x161/0x3950
[ 118.426569][ T7120] ? lock_acquire+0x5f/0x360
[ 118.426579][ T7120] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 118.426591][ T7120] ? rt_mutex_slowunlock+0x493/0x8a0
[ 118.426601][ T7120] ? migrate_disable+0xd5/0x190
[ 118.426613][ T7120] ? join_transaction+0x41b/0xca0
[ 118.426624][ T7120] ? rcu_is_watching+0x15/0xb0
rmdir("./74/file0") = 0
umount2("./74/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./74/binderfs") = 0
getdents64(3, 0x555587b1a6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./74") = 0
mkdir("./75", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
[ 118.426636][ T7120] ? lock_acquire+0x5f/0x360
[ 118.426646][ T7120] ? __pfx_btrfs_commit_transaction+0x10/0x10
[ 118.426658][ T7120] ? join_transaction+0x41b/0xca0
[ 118.426671][ T7120] ? btrfs_record_root_in_trans+0x91/0x180
[ 118.426682][ T7120] ? start_transaction+0x439/0x1620
[ 118.426696][ T7120] ? btrfs_attach_transaction_barrier+0x32/0xa0
[ 118.426706][ T7120] ? btrfs_sync_fs+0x1b2/0x6a0
[ 118.426718][ T7120] sync_filesystem+0x1ce/0x250
[ 118.426732][ T7120] btrfs_reconfigure+0x2fa/0x2160
[ 118.426743][ T7120] ? __pfx_list_lru_walk_node+0x10/0x10
[ 118.426755][ T7120] ? __pfx_btrfs_reconfigure+0x10/0x10
[ 118.426765][ T7120] ? __pfx_shrink_dcache_sb+0x10/0x10
[ 118.426778][ T7120] ? rcu_is_watching+0x15/0xb0
[ 118.426792][ T7120] reconfigure_super+0x224/0x890
[ 118.426804][ T7120] path_mount+0xd18/0xfe0
[ 118.426818][ T7120] __se_sys_mount+0x317/0x410
[ 118.426830][ T7120] ? __pfx___se_sys_mount+0x10/0x10
[ 118.426842][ T7120] ? rcu_is_watching+0x15/0xb0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7137 attached
[ 118.426862][ T7120] ? __x64_sys_mount+0x20/0xc0
[ 118.426874][ T7120] do_syscall_64+0xfa/0x3b0
[ 118.426885][ T7120] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 118.426895][ T7120] ? clear_bhb_loop+0x60/0xb0
[ 118.426904][ T7120] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 118.426914][ T7120] RIP: 0033:0x7f6bcc3a931a
[ 118.426923][ T7120] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 3e 07 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
, child_tidptr=0x555587b19650) = 7137
[pid 7137] set_robust_list(0x555587b19660, 24) = 0
[pid 7137] chdir("./75") = 0
[pid 7137] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 7137] setpgid(0, 0) = 0
[pid 7137] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[ 118.426931][ T7120] RSP: 002b:00007ffca25590d8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 118.426943][ T7120] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6bcc3a931a
[ 118.426950][ T7120] RDX: 0000200000000180 RSI: 00002000000006c0 RDI: 0000000000000000
[ 118.426956][ T7120] RBP: 0000200000000180 R08: 00007ffca2559170 R09: 0000200000000080
[ 118.426964][ T7120] R10: 0000000001a4243c R11: 0000000000000206 R12: 00002000000006c0
[ 118.426970][ T7120] R13: 00007ffca2559170 R14: 0000000000000000 R15: 0000200000000700
[ 118.426980][ T7120]
[pid 7137] write(3, "1000", 4) = 4
[pid 7137] close(3) = 0
[pid 7137] symlink("/dev/binderfs", "./binderfs") = 0
[pid 7137] write(1, "executing program\n", 18executing program
) = 18
[pid 7137] memfd_create("syzkaller", 0) = 3
[pid 7137] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6bc3f59000
[ 118.426986][ T7120] BTRFS error (device loop0): failed to run delayed ref for logical 5394432 num_bytes 4096 type 176 action 2 ref_mod 1: -12
[ 118.427009][ T7120] BTRFS error (device loop0 state A): Transaction aborted (error -12)
[ 118.427019][ T7120] BTRFS: error (device loop0 state A) in btrfs_run_delayed_refs:2161: errno=-12 Out of memory
[ 118.427029][ T7120] BTRFS info (device loop0 state EA): forced readonly
[ 118.427246][ T7120] BTRFS error (device loop0 state EMA): remounting read-write after error is not allowed
[ 118.617090][ T5833] BTRFS info (device loop0 state EA): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[pid 7137] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 7137] munmap(0x7f6bc3f59000, 138412032) = 0
[pid 7137] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 7137] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 7137] close(3) = 0
[pid 7137] close(4) = 0
[pid 7137] mkdir("./file0", 0777) = 0
[ 119.080815][ T7137] loop0: detected capacity change from 0 to 32768
[ 119.098525][ T7137] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor410 (7137)
[ 119.101238][ T7137] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[pid 7137] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,metadata_ratio=0x0000000000000000,ssd_spread,") = 0
[pid 7137] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 7137] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[ 119.101299][ T7137] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[ 119.101352][ T7137] BTRFS info (device loop0): using free-space-tree
[ 119.168438][ T7137] BTRFS info (device loop0): rebuilding free space tree
[pid 7137] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 7137] chdir("./file0") = 0
[pid 7137] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 4
[pid 7137] ioctl(4, IMADDTIMER, 0x200000001b00) = 0
[pid 7137] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 7137] write(5, "31", 2) = 2
[pid 7137] mkdir(".", 0777) = -1 EEXIST (File exists)
[pid 7137] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument)
[ 119.232970][ T7137] FAULT_INJECTION: forcing a failure.
[ 119.232970][ T7137] name failslab, interval 1, probability 0, space 0, times 0
[ 119.233004][ T7137] CPU: 0 UID: 0 PID: 7137 Comm: syz-executor410 Tainted: G W 6.17.0-rc1-syzkaller-00214-g99bade344cfa #0 PREEMPT_{RT,(full)}
[ 119.233031][ T7137] Tainted: [W]=WARN
[ 119.233037][ T7137] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 119.233048][ T7137] Call Trace:
[ 119.233055][ T7137]
[pid 7137] exit_group(0) = ?
[pid 7137] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7137, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=9 /* 0.09 s */} ---
umount2("./75", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555587b1a6f0 /* 4 entries */, 32768) = 112
[ 119.233062][ T7137] dump_stack_lvl+0x189/0x250
[ 119.233090][ T7137] ? __pfx____ratelimit+0x10/0x10
[ 119.233112][ T7137] ? __pfx_dump_stack_lvl+0x10/0x10
[ 119.233133][ T7137] ? __pfx__printk+0x10/0x10
[ 119.233150][ T7137] ? fs_reclaim_acquire+0x7d/0x100
[ 119.233166][ T7137] ? rcu_is_watching+0x15/0xb0
[ 119.233189][ T7137] ? __pfx___might_resched+0x10/0x10
[ 119.233206][ T7137] ? lock_acquire+0x5f/0x360
[ 119.233227][ T7137] should_fail_ex+0x46c/0x600
[ 119.233249][ T7137] ? add_delayed_ref+0x11a/0x1d80
[ 119.233272][ T7137] should_failslab+0xa8/0x100
[ 119.233294][ T7137] ? add_delayed_ref+0x11a/0x1d80
[ 119.233315][ T7137] kmem_cache_alloc_noprof+0x6e/0x310
[ 119.233338][ T7137] add_delayed_ref+0x11a/0x1d80
[ 119.233361][ T7137] ? btrfs_clear_buffer_dirty+0x933/0xc20
[ 119.233378][ T7137] ? rt_mutex_pre_schedule+0x7d/0x1d0
[ 119.233396][ T7137] ? __pfx_set_extent_bit+0x10/0x10
[ 119.233418][ T7137] ? rwbase_write_lock+0x56f/0x750
[ 119.233446][ T7137] btrfs_alloc_tree_block+0xd4b/0x1290
[ 119.233464][ T7137] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 119.233491][ T7137] ? __pfx_btrfs_alloc_tree_block+0x10/0x10
[ 119.233512][ T7137] ? __pfx_rcu_preempt_deferred_qs_irqrestore+0x10/0x10
[ 119.233534][ T7137] ? read_extent_buffer+0x123/0x5e0
[ 119.233551][ T7137] btrfs_force_cow_block+0x578/0x2460
[ 119.233585][ T7137] ? btrfs_qgroup_trace_subtree_after_cow+0x40b/0x930
[ 119.233604][ T7137] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 119.233625][ T7137] ? __pfx_[ 119.233625][ T7137] ? __pfx_btrfs_force_cow_block+0x10/0x10
[ 119.233646][ T7137] ? rwbase_write_lock+0x56f/0x750
[ 119.233669][ T7137] btrfs_cow_block+0x40a/0x9a0
[ 119.233692][ T7137] btrfs_search_slot+0xd17/0x2ba0
[ 119.233718][ T7137] ? rt_read_lock+0x260/0x360
[ 119.233736][ T7137] ? __pfx_btrfs_search_slot+0x10/0x10
[ 119.233755][ T7137] ? __kasan_slab_alloc+0x6c/0x80
[ 119.233774][ T7137] ? btrfs_add_to_free_space_tree+0xde/0x5b0
[ 119.233794][ T7137] ? __btrfs_free_extent+0x167b/0x4250
[ 119.233810][ T7137] ? __btrfs_run_delayed_refs+0xe7f/0x4150
[ 119.233836][ T7137] add_free_space_extent+0x3ac/0xb50
[ 119.233856][ T7137] ? rt_read_lock+0x1f8/0x360
[ 119.233875][ T7137] ? __pfx_add_free_space_extent+0x10/0x10
[ 119.233895][ T7137] ? rcu_is_watching+0x15/0xb0
[ 119.233923][ T7137] ? __add_block_group_free_space+0x82/0x8b0
[ 119.233946][ T7137] ? __btrfs_add_to_free_space_tree+0x1ae/0x270
[ 119.233967][ T7137] ? mutex_lock_nested+0x154/0x1d0
[ 119.233992][ T7137] btrfs_add_to_free_space_tree+0x155/0x5b0
[ 119.234014][ T7137] __btrfs_free_extent+0x167b/0x4250
[ 119.234039][ T7137] ? __pfx___btrfs_free_extent+0x10/0x10
[ 119.234056][ T7137] ? migrate_disable+0x160/0x190
[ 119.234076][ T7137] ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 119.234093][ T7137] ? lock_release+0x4b/0x3e0
[ 119.234116][ T7137] __btrfs_run_delayed_refs+0xe7f/0x4150
[ 119.234147][ T7137] ? kasan_save_track+0x3e/0x80
[ 119.234165][ T7137] ? btrfs_commit_transaction+0xf07/0x3950
[ 119.234191][ T7137] ? __pfx___btrfs_run_delayed_refs+0x10/0x10
[ 119.234224][ T7137] ? rcu_is_watching+0x15/0xb0
[ 119.234249][ T7137] ? __btrfs_run_delayed_items+0x28c/0x540
[ 119.234269][ T7137] ? kmem_cache_free+0x195/0x510
[ 119.234294][ T7137] btrfs_run_delayed_refs+0xe6/0x3b0
[ 119.234319][ T7137] btrfs_commit_transaction+0xf2b/0x3950
[ 119.234341][ T7137] ? btrfs_commit_transaction+0x161/0x3950
[ 119.234369][ T7137] ? lock_acquire+0x5f/0x360
[ 119.234389][ T7137] ? __pfx_btrfs_commit_transaction+0x10/0x10
[ 119.234411][ T7137] ? join_transaction+0x41b/0xca0
[ 119.234434][ T7137] ? btrfs_record_root_in_trans+0x91/0x180
[ 119.234455][ T7137] ? __pfx_autoremove_wake_function+0x10/0x10
[ 119.234475][ T7137] ? start_transaction+0x439/0x1620
[ 119.234501][ T7137] ? btrfs_attach_transaction_barrier+0x32/0xa0
[ 119.234521][ T7137] ? btrfs_sync_fs+0x1b2/0x6a0
[ 119.234543][ T7137] sync_filesystem+0x1ce/0x250
[ 119.234567][ T7137] btrfs_reconfigure+0x2fa/0x2160
[ 119.234594][ T7137] ? __pfx_list_lru_walk_node+0x10/0x10
[ 119.234622][ T7137] ? __pfx_btrfs_reconfigure+0x10/0x10
[ 119.234640][ T7137] ? __pfx_shrink_dcache_sb+0x10/0x10
[ 119.234666][ T7137] ? rcu_is_watching+0x15/0xb0
[ 119.234691][ T7137] reconfigure_super+0x224/0x890
[ 119.234712][ T7137] path_mount+0xd18/0xfe0
[ 119.234738][ T7137] __se_sys_mount+0x317/0x410
[ 119.234761][ T7137] ? __pfx___se_sys_mount+0x10/0x10
[ 119.234780][ T7137] ? rcu_is_watching+0x15/0xb0
[ 119.234803][ T7137] ? __x64_sys_mount+0x20/0xc0
[ 119.234824][ T7137] do_syscall_64+0xfa/0x3b0
[ 119.234844][ T7137] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 119.234861][ T7137] ? clear_bhb_loop+0x60/0xb0
[ 119.234880][ T7137] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 119.234897][ T7137] RIP: 0033:0x7f6bcc3a931a
[ 119.234913][ T7137] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 3e 07 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 119.234928][ T7137] RSP: 002b:00007ffca25590d8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 119.234948][ T7137] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6bcc3a931a
[ 119.234960][ T7137] RDX: 0000200000000180 RSI: 00002000000006c0 RDI: 0000000000000000
[ 119.234971][ T7137] RBP: 0000200000000180 R08: 00007ffca2559170 R09: 0000200000000080
[ 119.234983][ T7137] R10: 0000000001a4243c R11: 0000000000000206 R12: 00002000000006c0
[ 119.234995][ T7137] R13: 00007ffca2559170 R14: 0000000000000000 R15: 0000200000000700
[ 119.235013][ T7137]
[ 119.235143][ T7137] BTRFS error (device loop0 state A): Transaction aborted (error -12)
[ 119.235164][ T7137] BTRFS: error (device loop0 state A) in btrfs_add_to_free_space_tree:1051: errno=-12 Out of memory
[ 119.235182][ T7137] BTRFS info (device loop0 state EA): forced readonly
[ 119.235205][ T7137] BTRFS: error (device loop0 state EA) in do_free_extent_accounting:3005: errno=-12 Out of memory
[ 119.235229][ T7137] BTRFS error (device loop0 state EA): failed to run delayed ref for logical 5382144 num_bytes 4096 type 176 action 2 ref_mod 1: -12
[ 119.235267][ T7137] BTRFS: error (device loop0 state EA) in btrfs_run_delayed_refs:2161: errno=-12 Out of memory
[ 119.235286][ T7137] BTRFS warning (device loop0 state EA): Skipping commit of aborted transaction.
[ 119.235303][ T7137] BTRFS: error (device loop0 state EA) in cleanup_transaction:2023: errno=-12 Out of memory
[ 119.235565][ T7137] BTRFS error (device loop0 state EMA): remounting read-write after error is not allowed
[ 119.235681][ T12] BTRFS info (device loop0 state EA): qgroup scan completed (inconsistency flag cleared)
[ 119.418684][ T5833] BTRFS info (device loop0 state EA): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 119.423825][ T5833] ------------[ cut here ]------------
[ 119.423842][ T5833] WARNING: CPU: 1 PID: 5833 at fs/btrfs/space-info.h:265 btrfs_space_info_update_bytes_may_use+0x35a/0x640
[ 119.423878][ T5833] Modules linked in:
[ 119.423896][ T5833] CPU: 1 UID: 0 PID: 5833 Comm: syz-executor410 Tainted: G W 6.17.0-rc1-syzkaller-00214-g99bade344cfa #0 PREEMPT_{RT,(full)}
[ 119.423922][ T5833] Tainted: [W]=WARN
[ 119.423929][ T5833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 119.423939][ T5833] RIP: 0010:btrfs_space_info_update_bytes_may_use+0x35a/0x640
[ 119.423959][ T5833] Code: 00 00 74 08 4c 89 ff e8 04 70 3d fe 4d 8b 27 4c 89 e7 48 8b 6c 24 18 48 89 ee e8 71 3f de fd 49 39 ec 73 1c e8 c7 3c de fd 90 <0f> 0b 90 31 db 43 80 7c 35 00 00 0f 85 2e ff ff ff e9 31 ff ff ff
[ 119.423973][ T5833] RSP: 0018:ffffc9000493f910 EFLAGS: 00010293
[ 119.423988][ T5833] RAX: ffffffff83e01e79 RBX: ffffffffffea1000 RCX: ffff88802d1d0000
[ 119.424002][ T5833] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 119.424013][ T5833] RBP: 000000000015f000 R08: 0000000000000000 R09: 0000000000000000
[ 119.424023][ T5833] R10: dffffc0000000000 R11: fffffbfff1e3a787 R12: 000000000015e000
[ 119.424035][ T5833] R13: 1ffff11004973018 R14: dffffc0000000000 R15: ffff888024b980c0
[ 119.424047][ T5833] FS: 0000555587b19380(0000) GS:ffff8881269c5000(0000) knlGS:0000000000000000
[ 119.424060][ T5833] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 119.424071][ T5833] CR2: 000056285f5ac420 CR3: 0000000036326000 CR4: 00000000003526f0
[ 119.424086][ T5833] Call Trace:
[ 119.424093][ T5833]
[ 119.424103][ T5833] btrfs_block_rsv_release+0x4c5/0x5f0
[ 119.424123][ T5833] btrfs_release_global_block_rsv+0x33/0x270
[ 119.424141][ T5833] btrfs_free_block_groups+0xc2c/0xf40
[ 119.424166][ T5833] close_ctree+0x7bc/0x1380
[ 119.424186][ T5833] ? __pfx__btrfs_printk+0x10/0x10
[ 119.424205][ T5833] ? hook_sb_delete+0xa98/0xbe0
[ 119.424227][ T5833] ? __pfx_close_ctree+0x10/0x10
[ 119.424254][ T5833] ? btrfs_put_super+0x48/0x1b0
[ 119.424272][ T5833] ? rcu_is_watching+0x15/0xb0
[ 119.424296][ T5833] ? rcu_is_watching+0x15/0xb0
[ 119.424318][ T5833] ? lock_release+0x4b/0x3e0
[ 119.424340][ T5833] ? btrfs_put_super+0x48/0x1b0
[ 119.424357][ T5833] ? __pfx_btrfs_put_super+0x10/0x10
[ 119.424373][ T5833] generic_shutdown_super+0x132/0x2c0
[ 119.424393][ T5833] kill_anon_super+0x3b/0x70
[ 119.424411][ T5833] btrfs_kill_super+0x41/0x50
[ 119.424427][ T5833] deactivate_locked_super+0xbc/0x130
[ 119.424445][ T5833] cleanup_mnt+0x425/0x4c0
[ 119.424462][ T5833] task_work_run+0x1d1/0x260
[ 119.424486][ T5833] ? __pfx_task_work_run+0x10/0x10
[ 119.424503][ T5833] ? path_umount+0x1ea/0xb70
[ 119.424523][ T5833] ptrace_notify+0x281/0x2c0
[ 119.424543][ T5833] ? __pfx_ptrace_notify+0x10/0x10
[ 119.424562][ T5833] ? __x64_sys_umount+0x122/0x160
[ 119.424582][ T5833] ? __pfx___x64_sys_umount+0x10/0x10
[ 119.424603][ T5833] syscall_exit_work+0xc6/0x1d0
[ 119.424631][ T5833] do_syscall_64+0x2ad/0x3b0
[ 119.424653][ T5833] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 119.424670][ T5833] ? clear_bhb_loop+0x60/0xb0
[ 119.424688][ T5833] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 119.424704][ T5833] RIP: 0033:0x7f6bcc3a91b7
[ 119.424719][ T5833] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8
[ 119.424741][ T5833] RSP: 002b:00007ffca25581b8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6
[ 119.424758][ T5833] RAX: 0000000000000000 RBX: 000000000001cfa8 RCX: 00007f6bcc3a91b7
[ 119.424770][ T5833] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffca2558270
[ 119.424781][ T5833] RBP: 00007ffca2558270 R08: 0000000000000000 R09: 0000000000000000
[ 119.424792][ T5833] R10: 00000000ffffffff R11: 0000000000000206 R12: 00007ffca25592f0
[ 119.424804][ T5833] R13: 0000555587b1a6c0 R14: 431bde82d7b634db R15: 00007ffca2559310
[ 119.424823][ T5833]
[ 119.424832][ T5833] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 119.424846][ T5833] CPU: 1 UID: 0 PID: 5833 Comm: syz-executor410 Tainted: G W 6.17.0-rc1-syzkaller-00214-g99bade344cfa #0 PREEMPT_{RT,(full)}
[ 119.424872][ T5833] Tainted: [W]=WARN
[ 119.424878][ T5833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 119.424888][ T5833] Call Trace:
[ 119.424894][ T5833]
[ 119.424901][ T5833] dump_stack_lvl+0x99/0x250
[ 119.424924][ T5833] ? __asan_memcpy+0x40/0x70
[ 119.424941][ T5833] ? __pfx_dump_stack_lvl+0x10/0x10
[ 119.424963][ T5833] ? __pfx__printk+0x10/0x10
[ 119.424985][ T5833] vpanic+0x281/0x750
[ 119.425006][ T5833] ? __pfx__printk+0x10/0x10
[ 119.425023][ T5833] ? __pfx_vpanic+0x10/0x10
[ 119.425045][ T5833] ? is_bpf_text_address+0x292/0x2b0
[ 119.425071][ T5833] panic+0xb9/0xc0
[ 119.425092][ T5833] ? __pfx_panic+0x10/0x10
[ 119.425119][ T5833] __warn+0x31b/0x4b0
[ 119.425140][ T5833] ? btrfs_space_info_update_bytes_may_use+0x35a/0x640
[ 119.425159][ T5833] ? btrfs_space_info_update_bytes_may_use+0x35a/0x640
[ 119.425177][ T5833] report_bug+0x2be/0x4f0
[ 119.425195][ T5833] ? btrfs_space_info_update_bytes_may_use+0x35a/0x640
[ 119.425213][ T5833] ? btrfs_space_info_update_bytes_may_use+0x35a/0x640
[ 119.425231][ T5833] ? btrfs_space_info_update_bytes_may_use+0x35c/0x640
[ 119.425249][ T5833] handle_bug+0x84/0x160
[ 119.425271][ T5833] exc_invalid_op+0x1a/0x50
[ 119.425292][ T5833] asm_exc_invalid_op+0x1a/0x20
[ 119.425307][ T5833] RIP: 0010:btrfs_space_info_update_bytes_may_use+0x35a/0x640
[ 119.425326][ T5833] Code: 00 00 74 08 4c 89 ff e8 04 70 3d fe 4d 8b 27 4c 89 e7 48 8b 6c 24 18 48 89 ee e8 71 3f de fd 49 39 ec 73 1c e8 c7 3c de fd 90 <0f> 0b 90 31 db 43 80 7c 35 00 00 0f 85 2e ff ff ff e9 31 ff ff ff
[ 119.425340][ T5833] RSP: 0018:ffffc9000493f910 EFLAGS: 00010293
[ 119.425355][ T5833] RAX: ffffffff83e01e79 RBX: ffffffffffea1000 RCX: ffff88802d1d0000
[ 119.425368][ T5833] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 119.425379][ T5833] RBP: 000000000015f000 R08: 0000000000000000 R09: 0000000000000000
[ 119.425390][ T5833] R10: dffffc0000000000 R11: fffffbfff1e3a787 R12: 000000000015e000
[ 119.425402][ T5833] R13: 1ffff11004973018 R14: dffffc0000000000 R15: ffff888024b980c0
[ 119.425419][ T5833] ? btrfs_space_info_update_bytes_may_use+0x359/0x640
[ 119.425442][ T5833] btrfs_block_rsv_release+0x4c5/0x5f0
[ 119.425462][ T5833] btrfs_release_global_block_rsv+0x33/0x270
[ 119.425552][ T5833] btrfs_free_block_groups+0xc2c/0xf40
[ 119.425578][ T5833] close_ctree+0x7bc/0x1380
[ 119.425597][ T5833] ? __pfx__btrfs_printk+0x10/0x10
[ 119.425616][ T5833] ? hook_sb_delete+0xa98/0xbe0
[ 119.425638][ T5833] ? __pfx_close_ctree+0x10/0x10
[ 119.425657][ T5833] ? btrfs_put_super+0x48/0x1b0
[ 119.425673][ T5833] ? rcu_is_watching+0x15/0xb0
[ 119.425696][ T5833] ? rcu_is_watching+0x15/0xb0
[ 119.425719][ T5833] ? lock_release+0x4b/0x3e0
[ 119.425739][ T5833] ? btrfs_put_super+0x48/0x1b0
[ 119.425753][ T5833] ? __pfx_btrfs_put_super+0x10/0x10
[ 119.425770][ T5833] generic_shutdown_super+0x132/0x2c0
[ 119.425789][ T5833] kill_anon_super+0x3b/0x70
[ 119.425809][ T5833] btrfs_kill_super+0x41/0x50
[ 119.425823][ T5833] deactivate_locked_super+0xbc/0x130
[ 119.425838][ T5833] cleanup_mnt+0x425/0x4c0
[ 119.425853][ T5833] task_work_run+0x1d1/0x260
[ 119.425868][ T5833] ? __pfx_task_work_run+0x10/0x10
[ 119.425883][ T5833] ? path_umount+0x1ea/0xb70
[ 119.425900][ T5833] ptrace_notify+0x281/0x2c0
[ 119.425918][ T5833] ? __pfx_ptrace_notify+0x10/0x10
[ 119.425935][ T5833] ? __x64_sys_umount+0x122/0x160
[ 119.425953][ T5833] ? __pfx___x64_sys_umount+0x10/0x10
[ 119.425976][ T5833] syscall_exit_work+0xc6/0x1d0
[ 119.425999][ T5833] do_syscall_64+0x2ad/0x3b0
[ 119.426020][ T5833] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 119.426037][ T5833] ? clear_bhb_loop+0x60/0xb0
[ 119.426055][ T5833] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 119.426070][ T5833] RIP: 0033:0x7f6bcc3a91b7
[ 119.426084][ T5833] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8
[ 119.426097][ T5833] RSP: 002b:00007ffca25581b8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6
[ 119.426115][ T5833] RAX: 0000000000000000 RBX: 000000000001cfa8 RCX: 00007f6bcc3a91b7
[ 119.426127][ T5833] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffca2558270
[ 119.426138][ T5833] RBP: 00007ffca2558270 R08: 0000000000000000 R09: 0000000000000000
[ 119.426149][ T5833] R10: 00000000ffffffff R11: 0000000000000206 R12: 00007ffca25592f0
[ 119.426161][ T5833] R13: 0000555587b1a6c0 R14: 431bde82d7b634db R15: 00007ffca2559310
[ 119.426180][ T5833]
[ 119.426464][ T5833] Kernel Offset: disabled