./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1369978940 <...> Warning: Permanently added '10.128.1.142' (ED25519) to the list of known hosts. execve("./syz-executor1369978940", ["./syz-executor1369978940"], 0x7fffd6f54c80 /* 10 vars */) = 0 brk(NULL) = 0x5555663f8000 brk(0x5555663f8d00) = 0x5555663f8d00 arch_prctl(ARCH_SET_FS, 0x5555663f8380) = 0 set_tid_address(0x5555663f8650) = 5823 set_robust_list(0x5555663f8660, 24) = 0 rseq(0x5555663f8ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1369978940", 4096) = 28 getrandom("\x21\x92\x69\x8a\xfd\x04\x9b\xb4", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555663f8d00 brk(0x555566419d00) = 0x555566419d00 brk(0x55556641a000) = 0x55556641a000 mprotect(0x7fdbcbaef000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 openat(AT_FDCWD, "/proc/self/make-it-fail", O_WRONLY) = 3 close(3) = 0 openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_WRONLY) = 3 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 getrandom("\xae\xae\x77\x33\xe7\x73\xba\x92", 8, GRND_NONBLOCK) = 8 mkdir("./syzkaller.oagJgI", 0700) = 0 chmod("./syzkaller.oagJgI", 0777) = 0 chdir("./syzkaller.oagJgI") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5824 attached [pid 5824] set_robust_list(0x5555663f8660, 24) = 0 [pid 5824] chdir("./0") = 0 [pid 5824] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5824] setpgid(0, 0) = 0 [pid 5823] <... clone resumed>, child_tidptr=0x5555663f8650) = 5824 [pid 5824] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5824] write(3, "1000", 4) = 4 [pid 5824] close(3) = 0 [pid 5824] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5824] write(1, "executing program\n", 18executing program ) = 18 [pid 5824] memfd_create("syzkaller", 0) = 3 [pid 5824] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbc3600000 [pid 5824] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5824] munmap(0x7fdbc3600000, 138412032) = 0 [pid 5824] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5824] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5824] close(3) = 0 [pid 5824] close(4) = 0 [pid 5824] mkdir("./file1", 0777) = 0 [ 89.697643][ T5824] loop0: detected capacity change from 0 to 32768 [ 89.721735][ T5824] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor136 (5824) [ 89.758849][ T5824] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 89.769374][ T5824] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 89.779194][ T5824] BTRFS info (device loop0): using free-space-tree [pid 5824] mount("/dev/loop0", "./file1", "btrfs", 0, "compress=lzo,") = 0 [pid 5824] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5824] chdir("./file1") = 0 [pid 5824] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5824] ioctl(4, LOOP_CLR_FD) = 0 [pid 5824] close(4) = 0 [pid 5824] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5824] fallocate(4, 0, 0, 1048820) = 0 [pid 5824] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 5 [pid 5824] ioctl(5, IMADDTIMER, 0x200000001b00) = 0 [pid 5824] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6 [pid 5824] write(6, "20", 2) = 2 [pid 5824] mkdir(".", 0777) = -1 EEXIST (File exists) [ 89.934706][ T5824] FAULT_INJECTION: forcing a failure. [ 89.934706][ T5824] name failslab, interval 1, probability 0, space 0, times 1 [ 89.948938][ T5824] CPU: 0 UID: 0 PID: 5824 Comm: syz-executor136 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 89.948968][ T5824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 89.948985][ T5824] Call Trace: [ 89.948997][ T5824] [ 89.949006][ T5824] dump_stack_lvl+0x189/0x250 [ 89.949062][ T5824] ? __pfx____ratelimit+0x10/0x10 [ 89.949093][ T5824] ? __pfx_dump_stack_lvl+0x10/0x10 [ 89.949124][ T5824] ? __pfx__printk+0x10/0x10 [ 89.949145][ T5824] ? __lock_acquire+0xab9/0xd20 [ 89.949172][ T5824] should_fail_ex+0x414/0x560 [ 89.949199][ T5824] should_failslab+0xa8/0x100 [ 89.949223][ T5824] __kmalloc_cache_noprof+0x70/0x3d0 [ 89.949243][ T5824] ? bdi_split_work_to_wbs+0x4fc/0x8c0 [ 89.949274][ T5824] bdi_split_work_to_wbs+0x4fc/0x8c0 [ 89.949299][ T5824] ? register_lock_class+0x51/0x320 [ 89.949320][ T5824] ? bdi_split_work_to_wbs+0x103/0x8c0 [ 89.949353][ T5824] ? __pfx_bdi_split_work_to_wbs+0x10/0x10 [ 89.949386][ T5824] ? xas_start+0x3d4/0x770 [ 89.949416][ T5824] __writeback_inodes_sb_nr+0x1e9/0x250 [ 89.949450][ T5824] ? __pfx___writeback_inodes_sb_nr+0x10/0x10 [ 89.949478][ T5824] ? get_nr_dirty_inodes+0x1c4/0x210 [ 89.949504][ T5824] sync_filesystem+0xa3/0x230 [ 89.949529][ T5824] btrfs_reconfigure+0x2dd/0x2d30 [ 89.949562][ T5824] ? __pfx_list_lru_walk_node+0x10/0x10 [ 89.949588][ T5824] ? shrink_dentry_list+0x5c8/0x5e0 [ 89.949619][ T5824] ? __pfx_btrfs_reconfigure+0x10/0x10 [ 89.949643][ T5824] ? __pfx_shrink_dcache_sb+0x10/0x10 [ 89.949670][ T5824] ? rcu_is_watching+0x15/0xb0 [ 89.949701][ T5824] reconfigure_super+0x227/0x890 [ 89.949725][ T5824] path_mount+0xd18/0xfe0 [ 89.949746][ T5824] ? user_path_at+0x44/0x60 [ 89.949769][ T5824] __se_sys_mount+0x317/0x410 [ 89.949796][ T5824] ? __pfx___se_sys_mount+0x10/0x10 [ 89.949816][ T5824] ? rcu_is_watching+0x15/0xb0 [ 89.949844][ T5824] ? __x64_sys_mount+0x20/0xc0 [ 89.949869][ T5824] do_syscall_64+0xfa/0x3b0 [ 89.949892][ T5824] ? lockdep_hardirqs_on+0x9c/0x150 [ 89.949915][ T5824] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.949931][ T5824] ? clear_bhb_loop+0x60/0xb0 [ 89.949951][ T5824] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.949966][ T5824] RIP: 0033:0x7fdbcba7f29a [ 89.949986][ T5824] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 3e 07 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 89.950003][ T5824] RSP: 002b:00007ffe4525e3c8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 89.950021][ T5824] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fdbcba7f29a [ 89.950032][ T5824] RDX: 0000200000000180 RSI: 00002000000006c0 RDI: 0000000000000000 [ 89.950043][ T5824] RBP: 00002000000006c0 R08: 00007ffe4525e460 R09: 0000000000000000 [ 89.950053][ T5824] R10: 0000000001a4243c R11: 0000000000000286 R12: 0000200000000180 [pid 5824] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = 0 [pid 5824] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 7 [pid 5824] exit_group(0) = ? [pid 5824] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5824, si_uid=0, si_status=0, si_utime=0, si_stime=30 /* 0.30 s */} --- [ 89.950064][ T5824] R13: 00007ffe4525e460 R14: 0000000000000000 R15: 0000200000000580 [ 89.950088][ T5824] restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555663f96f0 /* 4 entries */, 32768) = 112 [ 90.338092][ T5823] BTRFS info (device loop0): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566401730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566401730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file1") = 0 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 getdents64(3, 0x5555663f96f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5843 attached [pid 5843] set_robust_list(0x5555663f8660, 24) = 0 [pid 5843] chdir("./1" [pid 5823] <... clone resumed>, child_tidptr=0x5555663f8650) = 5843 [pid 5843] <... chdir resumed>) = 0 [pid 5843] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5843] setpgid(0, 0) = 0 [pid 5843] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5843] write(3, "1000", 4) = 4 [pid 5843] close(3) = 0 [pid 5843] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5843] write(1, "executing program\n", 18executing program ) = 18 [pid 5843] memfd_create("syzkaller", 0) = 3 [pid 5843] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbc3600000 [pid 5843] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5843] munmap(0x7fdbc3600000, 138412032) = 0 [pid 5843] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5843] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5843] close(3) = 0 [pid 5843] close(4) = 0 [pid 5843] mkdir("./file1", 0777) = 0 [ 90.986773][ T5843] loop0: detected capacity change from 0 to 32768 [ 91.010045][ T5843] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor136 (5843) [pid 5843] mount("/dev/loop0", "./file1", "btrfs", 0, "compress=lzo,") = 0 [pid 5843] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [ 91.033671][ T5843] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 91.045494][ T5843] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 91.056529][ T5843] BTRFS info (device loop0): using free-space-tree [pid 5843] chdir("./file1") = 0 [pid 5843] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5843] ioctl(4, LOOP_CLR_FD) = 0 [pid 5843] close(4) = 0 [pid 5843] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5843] fallocate(4, 0, 0, 1048820) = 0 [pid 5843] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 5 [pid 5843] ioctl(5, IMADDTIMER, 0x200000001b00) = 0 [pid 5843] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6 [pid 5843] write(6, "20", 2) = 2 [pid 5843] mkdir(".", 0777) = -1 EEXIST (File exists) [ 91.225186][ T5843] FAULT_INJECTION: forcing a failure. [ 91.225186][ T5843] name failslab, interval 1, probability 0, space 0, times 0 [ 91.238354][ T5843] CPU: 1 UID: 0 PID: 5843 Comm: syz-executor136 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 91.238381][ T5843] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 91.238392][ T5843] Call Trace: [ 91.238401][ T5843] [ 91.238409][ T5843] dump_stack_lvl+0x189/0x250 [ 91.238444][ T5843] ? __pfx____ratelimit+0x10/0x10 [ 91.238471][ T5843] ? __pfx_dump_stack_lvl+0x10/0x10 [ 91.238501][ T5843] ? __pfx__printk+0x10/0x10 [ 91.238527][ T5843] ? __lock_acquire+0xab9/0xd20 [ 91.238562][ T5843] should_fail_ex+0x414/0x560 [ 91.238592][ T5843] should_failslab+0xa8/0x100 [ 91.238621][ T5843] __kmalloc_cache_noprof+0x70/0x3d0 [ 91.238639][ T5843] ? bdi_split_work_to_wbs+0x4fc/0x8c0 [ 91.238666][ T5843] bdi_split_work_to_wbs+0x4fc/0x8c0 [ 91.238691][ T5843] ? bdi_split_work_to_wbs+0x103/0x8c0 [ 91.238720][ T5843] ? __pfx_bdi_split_work_to_wbs+0x10/0x10 [ 91.238758][ T5843] sync_inodes_sb+0x1ae/0xa10 [ 91.238791][ T5843] ? __pfx_sync_inodes_sb+0x10/0x10 [ 91.238813][ T5843] ? __pfx___writeback_inodes_sb_nr+0x10/0x10 [ 91.238848][ T5843] ? btrfs_sync_fs+0x193/0x6a0 [ 91.238867][ T5843] sync_filesystem+0x17a/0x230 [ 91.238890][ T5843] btrfs_reconfigure+0x2dd/0x2d30 [ 91.238919][ T5843] ? __pfx_list_lru_walk_node+0x10/0x10 [ 91.238943][ T5843] ? shrink_dentry_list+0x5c8/0x5e0 [ 91.238971][ T5843] ? __pfx_btrfs_reconfigure+0x10/0x10 [ 91.238993][ T5843] ? __pfx_shrink_dcache_sb+0x10/0x10 [ 91.239018][ T5843] ? rcu_is_watching+0x15/0xb0 [ 91.239045][ T5843] reconfigure_super+0x227/0x890 [ 91.239066][ T5843] path_mount+0xd18/0xfe0 [ 91.239084][ T5843] ? user_path_at+0x44/0x60 [ 91.239104][ T5843] __se_sys_mount+0x317/0x410 [ 91.239128][ T5843] ? __pfx___se_sys_mount+0x10/0x10 [ 91.239146][ T5843] ? rcu_is_watching+0x15/0xb0 [ 91.239170][ T5843] ? __x64_sys_mount+0x20/0xc0 [ 91.239191][ T5843] do_syscall_64+0xfa/0x3b0 [ 91.239211][ T5843] ? lockdep_hardirqs_on+0x9c/0x150 [ 91.239231][ T5843] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 91.239245][ T5843] ? clear_bhb_loop+0x60/0xb0 [ 91.239263][ T5843] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 91.239277][ T5843] RIP: 0033:0x7fdbcba7f29a [ 91.239290][ T5843] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 3e 07 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 91.239301][ T5843] RSP: 002b:00007ffe4525e3c8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 91.239316][ T5843] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fdbcba7f29a [ 91.239326][ T5843] RDX: 0000200000000180 RSI: 00002000000006c0 RDI: 0000000000000000 [ 91.239336][ T5843] RBP: 00002000000006c0 R08: 00007ffe4525e460 R09: 0000000000000000 [ 91.239345][ T5843] R10: 0000000001a4243c R11: 0000000000000286 R12: 0000200000000180 [ 91.239354][ T5843] R13: 00007ffe4525e460 R14: 0000000000000000 R15: 0000200000000580 [pid 5843] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = 0 [pid 5843] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 7 [pid 5843] exit_group(0) = ? [pid 5843] +++ exited with 0 +++ [ 91.239376][ T5843] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5843, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555663f96f0 /* 4 entries */, 32768) = 112 [ 91.657440][ T5823] BTRFS info (device loop0): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566401730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566401730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file1") = 0 umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 getdents64(3, 0x5555663f96f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5860 attached [pid 5860] set_robust_list(0x5555663f8660, 24 [pid 5823] <... clone resumed>, child_tidptr=0x5555663f8650) = 5860 [pid 5860] <... set_robust_list resumed>) = 0 [pid 5860] chdir("./2") = 0 [pid 5860] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5860] setpgid(0, 0) = 0 [pid 5860] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5860] write(3, "1000", 4) = 4 [pid 5860] close(3) = 0 [pid 5860] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5860] write(1, "executing program\n", 18executing program ) = 18 [pid 5860] memfd_create("syzkaller", 0) = 3 [pid 5860] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbc3600000 [ 92.079194][ T977] cfg80211: failed to load regulatory.db [pid 5860] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5860] munmap(0x7fdbc3600000, 138412032) = 0 [pid 5860] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5860] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5860] close(3) = 0 [pid 5860] close(4) = 0 [pid 5860] mkdir("./file1", 0777) = 0 [ 92.278781][ T5860] loop0: detected capacity change from 0 to 32768 [ 92.304479][ T5860] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor136 (5860) [ 92.325111][ T5860] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 92.335845][ T5860] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 92.346567][ T5860] BTRFS info (device loop0): using free-space-tree [pid 5860] mount("/dev/loop0", "./file1", "btrfs", 0, "compress=lzo,") = 0 [pid 5860] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5860] chdir("./file1") = 0 [pid 5860] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5860] ioctl(4, LOOP_CLR_FD) = 0 [pid 5860] close(4) = 0 [pid 5860] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5860] fallocate(4, 0, 0, 1048820) = 0 [pid 5860] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 5 [pid 5860] ioctl(5, IMADDTIMER, 0x200000001b00) = 0 [pid 5860] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6 [pid 5860] write(6, "20", 2) = 2 [pid 5860] mkdir(".", 0777) = -1 EEXIST (File exists) [ 92.432847][ T5860] FAULT_INJECTION: forcing a failure. [ 92.432847][ T5860] name failslab, interval 1, probability 0, space 0, times 0 [ 92.446368][ T5860] CPU: 0 UID: 0 PID: 5860 Comm: syz-executor136 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 92.446397][ T5860] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 92.446409][ T5860] Call Trace: [ 92.446417][ T5860] [ 92.446426][ T5860] dump_stack_lvl+0x189/0x250 [ 92.446463][ T5860] ? __pfx____ratelimit+0x10/0x10 [ 92.446492][ T5860] ? __pfx_dump_stack_lvl+0x10/0x10 [ 92.446521][ T5860] ? __pfx__printk+0x10/0x10 [ 92.446549][ T5860] ? __pfx___might_resched+0x10/0x10 [ 92.446578][ T5860] ? fs_reclaim_acquire+0x7d/0x100 [ 92.446612][ T5860] should_fail_ex+0x414/0x560 [ 92.446642][ T5860] should_failslab+0xa8/0x100 [ 92.446671][ T5860] kmem_cache_alloc_noprof+0x73/0x3c0 [ 92.446695][ T5860] ? __btrfs_free_extent+0x2fb/0x2eb0 [ 92.446730][ T5860] __btrfs_free_extent+0x2fb/0x2eb0 [ 92.446783][ T5860] ? __pfx___btrfs_free_extent+0x10/0x10 [ 92.446812][ T5860] ? do_raw_read_unlock+0x3d/0x80 [ 92.446856][ T5860] __btrfs_run_delayed_refs+0xe7b/0x3a50 [ 92.446928][ T5860] ? is_bpf_text_address+0x292/0x2b0 [ 92.446968][ T5860] ? __pfx___btrfs_run_delayed_refs+0x10/0x10 [ 92.446996][ T5860] ? kernel_text_address+0xa5/0xe0 [ 92.447022][ T5860] ? __kernel_text_address+0xd/0x40 [ 92.447045][ T5860] ? unwind_get_return_address+0x4d/0x90 [ 92.447074][ T5860] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 92.447095][ T5860] ? arch_stack_walk+0xfc/0x150 [ 92.447126][ T5860] ? look_up_lock_class+0x74/0x170 [ 92.447158][ T5860] ? register_lock_class+0x51/0x320 [ 92.447191][ T5860] ? __lock_acquire+0xab9/0xd20 [ 92.447230][ T5860] ? btrfs_commit_transaction+0x161/0x37f0 [ 92.447258][ T5860] ? start_transaction+0x47b/0x1620 [ 92.447291][ T5860] btrfs_run_delayed_refs+0xe6/0x300 [ 92.447328][ T5860] btrfs_commit_transaction+0x274/0x37f0 [ 92.447357][ T5860] ? btrfs_commit_transaction+0x161/0x37f0 [ 92.447398][ T5860] ? join_transaction+0x41b/0xd70 [ 92.447423][ T5860] ? __pfx_btrfs_commit_transaction+0x10/0x10 [ 92.447446][ T5860] ? do_raw_spin_unlock+0x122/0x240 [ 92.447467][ T5860] ? join_transaction+0x41b/0xd70 [ 92.447497][ T5860] ? btrfs_record_root_in_trans+0x91/0x180 [ 92.447536][ T5860] ? start_transaction+0x439/0x1620 [ 92.447588][ T5860] ? btrfs_attach_transaction_barrier+0x32/0xa0 [ 92.447620][ T5860] ? btrfs_sync_fs+0x1b2/0x6a0 [ 92.447646][ T5860] sync_filesystem+0x1cf/0x230 [ 92.447680][ T5860] btrfs_reconfigure+0x2dd/0x2d30 [ 92.447722][ T5860] ? __pfx_list_lru_walk_node+0x10/0x10 [ 92.447755][ T5860] ? shrink_dentry_list+0x5c8/0x5e0 [ 92.447795][ T5860] ? __pfx_btrfs_reconfigure+0x10/0x10 [ 92.447933][ T5860] ? __pfx_shrink_dcache_sb+0x10/0x10 [ 92.447968][ T5860] ? rcu_is_watching+0x15/0xb0 [ 92.448007][ T5860] reconfigure_super+0x227/0x890 [ 92.448038][ T5860] path_mount+0xd18/0xfe0 [ 92.448180][ T5860] ? user_path_at+0x44/0x60 [ 92.448213][ T5860] __se_sys_mount+0x317/0x410 [ 92.448247][ T5860] ? __pfx___se_sys_mount+0x10/0x10 [ 92.448270][ T5860] ? rcu_is_watching+0x15/0xb0 [ 92.448308][ T5860] ? __x64_sys_mount+0x20/0xc0 [ 92.448337][ T5860] do_syscall_64+0xfa/0x3b0 [ 92.448369][ T5860] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 92.448389][ T5860] ? asm_common_interrupt+0x26/0x40 [ 92.448406][ T5860] ? clear_bhb_loop+0x60/0xb0 [ 92.448432][ T5860] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 92.448451][ T5860] RIP: 0033:0x7fdbcba7f29a [ 92.448470][ T5860] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 3e 07 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 92.448487][ T5860] RSP: 002b:00007ffe4525e3c8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 92.448508][ T5860] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fdbcba7f29a [ 92.448522][ T5860] RDX: 0000200000000180 RSI: 00002000000006c0 RDI: 0000000000000000 [ 92.448534][ T5860] RBP: 00002000000006c0 R08: 00007ffe4525e460 R09: 0000000000000000 [ 92.448547][ T5860] R10: 0000000001a4243c R11: 0000000000000286 R12: 0000200000000180 [ 92.448560][ T5860] R13: 00007ffe4525e460 R14: 0000000000000000 R15: 0000200000000580 [ 92.448592][ T5860] [pid 5860] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument) [pid 5860] exit_group(0) = ? [pid 5860] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5860, si_uid=0, si_status=0, si_utime=0, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 92.873573][ T5860] BTRFS error (device loop0): failed to run delayed ref for logical 1052672 num_bytes 4096 type 176 action 2 ref_mod 1: -12 [ 92.887025][ T5860] BTRFS error (device loop0 state A): Transaction aborted (error -12) [ 92.895948][ T5860] BTRFS: error (device loop0 state A) in btrfs_run_delayed_refs:2159: errno=-12 Out of memory [ 92.907098][ T5860] BTRFS info (device loop0 state EA): forced readonly [ 92.914841][ T5860] BTRFS error (device loop0 state EMA): remounting read-write after error is not allowed newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555663f96f0 /* 4 entries */, 32768) = 112 [ 93.013647][ T5823] BTRFS info (device loop0 state EA): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555566401730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555566401730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file1") = 0 umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 getdents64(3, 0x5555663f96f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5880 attached [pid 5880] set_robust_list(0x5555663f8660, 24) = 0 [pid 5880] chdir("./3" [pid 5823] <... clone resumed>, child_tidptr=0x5555663f8650) = 5880 [pid 5880] <... chdir resumed>) = 0 [pid 5880] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5880] setpgid(0, 0) = 0 [pid 5880] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5880] write(3, "1000", 4) = 4 [pid 5880] close(3) = 0 [pid 5880] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5880] write(1, "executing program\n", 18) = 18 [pid 5880] memfd_create("syzkaller", 0) = 3 [pid 5880] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdbc3600000 [pid 5880] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5880] munmap(0x7fdbc3600000, 138412032) = 0 [pid 5880] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5880] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5880] close(3) = 0 [pid 5880] close(4) = 0 [pid 5880] mkdir("./file1", 0777) = 0 [ 93.652596][ T5880] loop0: detected capacity change from 0 to 32768 [ 93.673260][ T5880] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor136 (5880) [ 93.703210][ T5880] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 93.714634][ T5880] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 93.724876][ T5880] BTRFS info (device loop0): using free-space-tree [pid 5880] mount("/dev/loop0", "./file1", "btrfs", 0, "compress=lzo,") = 0 [pid 5880] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5880] chdir("./file1") = 0 [pid 5880] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5880] ioctl(4, LOOP_CLR_FD) = 0 [pid 5880] close(4) = 0 [pid 5880] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5880] fallocate(4, 0, 0, 1048820) = 0 [pid 5880] openat(AT_FDCWD, "/dev/mISDNtimer", O_RDONLY) = 5 [pid 5880] ioctl(5, IMADDTIMER, 0x200000001b00) = 0 [pid 5880] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6 [pid 5880] write(6, "20", 2) = 2 [pid 5880] mkdir(".", 0777) = -1 EEXIST (File exists) [ 93.842103][ T5880] FAULT_INJECTION: forcing a failure. [ 93.842103][ T5880] name failslab, interval 1, probability 0, space 0, times 0 [ 93.855263][ T5880] CPU: 0 UID: 0 PID: 5880 Comm: syz-executor136 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 93.855291][ T5880] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 93.855303][ T5880] Call Trace: [ 93.855314][ T5880] [ 93.855323][ T5880] dump_stack_lvl+0x189/0x250 [ 93.855360][ T5880] ? __pfx____ratelimit+0x10/0x10 [ 93.855391][ T5880] ? __pfx_dump_stack_lvl+0x10/0x10 [ 93.855423][ T5880] ? __pfx__printk+0x10/0x10 [ 93.855448][ T5880] ? __pfx___might_resched+0x10/0x10 [ 93.855479][ T5880] ? fs_reclaim_acquire+0x7d/0x100 [ 93.855514][ T5880] should_fail_ex+0x414/0x560 [ 93.855546][ T5880] should_failslab+0xa8/0x100 [ 93.855576][ T5880] kmem_cache_alloc_noprof+0x73/0x3c0 [ 93.855600][ T5880] ? add_delayed_ref+0x11a/0x1d80 [ 93.855631][ T5880] add_delayed_ref+0x11a/0x1d80 [ 93.855665][ T5880] ? btrfs_ref_tree_mod+0x113/0x15b0 [ 93.855697][ T5880] ? __pfx_set_extent_bit+0x10/0x10 [ 93.855740][ T5880] btrfs_alloc_tree_block+0xcfc/0x12b0 [ 93.855770][ T5880] ? __lock_acquire+0xab9/0xd20 [ 93.855820][ T5880] ? __pfx_btrfs_alloc_tree_block+0x10/0x10 [ 93.855869][ T5880] ? read_extent_buffer+0x120/0x680 [ 93.855901][ T5880] btrfs_force_cow_block+0x575/0x1e10 [ 93.855966][ T5880] ? btrfs_tree_lock_nested+0x31/0x230 [ 93.856003][ T5880] ? __pfx_btrfs_force_cow_block+0x10/0x10 [ 93.856042][ T5880] ? down_write_nested+0x169/0x200 [ 93.856064][ T5880] ? __pfx_down_write_nested+0x10/0x10 [ 93.856091][ T5880] btrfs_cow_block+0x40a/0x830 [ 93.856140][ T5880] btrfs_search_slot+0xcd7/0x2d90 [ 93.856195][ T5880] ? __pfx_btrfs_search_slot+0x10/0x10 [ 93.856221][ T5880] ? kasan_save_track+0x4f/0x80 [ 93.856243][ T5880] ? __kasan_slab_alloc+0x6c/0x80 [ 93.856265][ T5880] ? kmem_cache_alloc_noprof+0x1c1/0x3c0 [ 93.856287][ T5880] ? __btrfs_free_extent+0x2fb/0x2eb0 [ 93.856315][ T5880] ? __btrfs_run_delayed_refs+0xe7b/0x3a50 [ 93.856346][ T5880] lookup_inline_extent_backref+0x33e/0x15c0 [ 93.856378][ T5880] ? do_syscall_64+0xfa/0x3b0 [ 93.856406][ T5880] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.856459][ T5880] ? __pfx_lookup_inline_extent_backref+0x10/0x10 [ 93.856514][ T5880] ? rcu_is_watching+0x15/0xb0 [ 93.856547][ T5880] ? trace_kmem_cache_alloc+0x1f/0xc0 [ 93.856568][ T5880] ? kmem_cache_alloc_noprof+0x21a/0x3c0 [ 93.856597][ T5880] __btrfs_free_extent+0x40d/0x2eb0 [ 93.856657][ T5880] ? __pfx___btrfs_free_extent+0x10/0x10 [ 93.856714][ T5880] __btrfs_run_delayed_refs+0xe7b/0x3a50 [ 93.856791][ T5880] ? is_bpf_text_address+0x292/0x2b0 [ 93.856824][ T5880] ? __pfx___btrfs_run_delayed_refs+0x10/0x10 [ 93.856852][ T5880] ? kernel_text_address+0xa5/0xe0 [ 93.856879][ T5880] ? __kernel_text_address+0xd/0x40 [ 93.856902][ T5880] ? unwind_get_return_address+0x4d/0x90 [ 93.856944][ T5880] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 93.856966][ T5880] ? arch_stack_walk+0xfc/0x150 [ 93.856999][ T5880] ? look_up_lock_class+0x74/0x170 [ 93.857031][ T5880] ? register_lock_class+0x51/0x320 [ 93.857067][ T5880] ? __lock_acquire+0xab9/0xd20 [ 93.857108][ T5880] ? btrfs_commit_transaction+0x161/0x37f0 [ 93.857133][ T5880] ? start_transaction+0x47b/0x1620 [ 93.857168][ T5880] btrfs_run_delayed_refs+0xe6/0x300 [ 93.857201][ T5880] btrfs_commit_transaction+0x274/0x37f0 [ 93.857230][ T5880] ? btrfs_commit_transaction+0x161/0x37f0 [ 93.857274][ T5880] ? join_transaction+0x41b/0xd70 [ 93.857300][ T5880] ? __pfx_btrfs_commit_transaction+0x10/0x10 [ 93.857322][ T5880] ? do_raw_spin_unlock+0x122/0x240 [ 93.857344][ T5880] ? join_transaction+0x41b/0xd70 [ 93.857376][ T5880] ? btrfs_record_root_in_trans+0x91/0x180 [ 93.857415][ T5880] ? start_transaction+0x439/0x1620 [ 93.857471][ T5880] ? btrfs_attach_transaction_barrier+0x32/0xa0 [ 93.857505][ T5880] ? btrfs_sync_fs+0x1b2/0x6a0 [ 93.857532][ T5880] sync_filesystem+0x1cf/0x230 [ 93.857567][ T5880] btrfs_reconfigure+0x2dd/0x2d30 [ 93.857632][ T5880] ? __pfx_list_lru_walk_node+0x10/0x10 [ 93.857666][ T5880] ? shrink_dentry_list+0x5c8/0x5e0 [ 93.857710][ T5880] ? __pfx_btrfs_reconfigure+0x10/0x10 [ 93.857742][ T5880] ? __pfx_shrink_dcache_sb+0x10/0x10 [ 93.857788][ T5880] ? rcu_is_watching+0x15/0xb0 [ 93.857826][ T5880] reconfigure_super+0x227/0x890 [ 93.857860][ T5880] path_mount+0xd18/0xfe0 [ 93.857885][ T5880] ? user_path_at+0x44/0x60 [ 93.857922][ T5880] __se_sys_mount+0x317/0x410 [ 93.857958][ T5880] ? __pfx___se_sys_mount+0x10/0x10 [ 93.857982][ T5880] ? rcu_is_watching+0x15/0xb0 [ 93.858019][ T5880] ? __x64_sys_mount+0x20/0xc0 [ 93.858049][ T5880] do_syscall_64+0xfa/0x3b0 [ 93.858078][ T5880] ? lockdep_hardirqs_on+0x9c/0x150 [ 93.858106][ T5880] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.858126][ T5880] ? clear_bhb_loop+0x60/0xb0 [ 93.858152][ T5880] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.858172][ T5880] RIP: 0033:0x7fdbcba7f29a [ 93.858193][ T5880] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 3e 07 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 93.858210][ T5880] RSP: 002b:00007ffe4525e3c8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 93.858232][ T5880] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fdbcba7f29a [ 93.858246][ T5880] RDX: 0000200000000180 RSI: 00002000000006c0 RDI: 0000000000000000 [ 93.858259][ T5880] RBP: 00002000000006c0 R08: 00007ffe4525e460 R09: 0000000000000000 [ 93.858272][ T5880] R10: 0000000001a4243c R11: 0000000000000286 R12: 0000200000000180 [ 93.858286][ T5880] R13: 00007ffe4525e460 R14: 0000000000000000 R15: 0000200000000580 [ 93.858320][ T5880] [ 94.416052][ T5880] BTRFS error (device loop0 state A): Transaction aborted (error -12) [ 94.424787][ T5880] BTRFS: error (device loop0 state A) in __btrfs_free_extent:3235: errno=-12 Out of memory [ 94.437390][ T5880] BTRFS info (device loop0 state EA): forced readonly [ 94.444310][ T5880] BTRFS error (device loop0 state EA): failed to run delayed ref for logical 1052672 num_bytes 4096 type 176 action 2 ref_mod 1: -12 [pid 5880] mount(NULL, ".", 0x200000000180, MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_MOVE|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument) [pid 5880] exit_group(0) = ? [pid 5880] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5880, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=31 /* 0.31 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555663f96f0 /* 4 entries */, 32768) = 112 [ 94.460724][ T5880] BTRFS: error (device loop0 state EA) in btrfs_run_delayed_refs:2159: errno=-12 Out of memory [ 94.471694][ T5880] BTRFS error (device loop0 state EMA): remounting read-write after error is not allowed [ 94.498918][ T5823] BTRFS info (device loop0 state EA): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 94.529039][ T5823] ------------[ cut here ]------------ [ 94.534726][ T5823] WARNING: CPU: 0 PID: 5823 at fs/btrfs/space-info.h:265 btrfs_space_info_update_bytes_may_use+0x35a/0x640 [ 94.546778][ T5823] Modules linked in: [ 94.551468][ T5823] CPU: 0 UID: 0 PID: 5823 Comm: syz-executor136 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 94.563978][ T5823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 94.574120][ T5823] RIP: 0010:btrfs_space_info_update_bytes_may_use+0x35a/0x640 [ 94.581664][ T5823] Code: 00 00 74 08 4c 89 ff e8 f4 5b 3d fe 4d 8b 27 4c 89 e7 48 8b 6c 24 18 48 89 ee e8 31 06 dc fd 49 39 ec 73 1c e8 c7 03 dc fd 90 <0f> 0b 90 31 db 43 80 7c 35 00 00 0f 85 2e ff ff ff e9 31 ff ff ff [ 94.601352][ T5823] RSP: 0018:ffffc900040ff910 EFLAGS: 00010293 [ 94.607519][ T5823] RAX: ffffffff83e449c9 RBX: ffffffffffea0000 RCX: ffff888078315a00 [ 94.615537][ T5823] RDX: 0000000000000000 RSI: 0000000000160000 RDI: 000000000015f000 [ 94.623644][ T5823] RBP: 0000000000160000 R08: ffffffff8f9fdaf7 R09: 1ffffffff1f3fb5e [ 94.631705][ T5823] R10: dffffc0000000000 R11: fffffbfff1f3fb5f R12: 000000000015f000 [ 94.639782][ T5823] R13: 1ffff1100ac16410 R14: dffffc0000000000 R15: ffff8880560b2080 [ 94.647844][ T5823] FS: 00005555663f8380(0000) GS:ffff888125c84000(0000) knlGS:0000000000000000 [ 94.656802][ T5823] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 94.663467][ T5823] CR2: 000055b926323168 CR3: 000000005691c000 CR4: 00000000003526f0 [ 94.671539][ T5823] Call Trace: [ 94.674835][ T5823] [ 94.677857][ T5823] btrfs_block_rsv_release+0x4b3/0x5e0 [ 94.683363][ T5823] btrfs_release_global_block_rsv+0x33/0x270 [ 94.689457][ T5823] btrfs_free_block_groups+0xc2c/0xf40 [ 94.694965][ T5823] close_ctree+0x7f0/0xd60 [ 94.699469][ T5823] ? do_raw_spin_unlock+0x122/0x240 [ 94.704716][ T5823] ? __pfx_close_ctree+0x10/0x10 [ 94.709721][ T5823] ? hook_sb_delete+0x1a8/0xbd0 [ 94.714620][ T5823] ? __pfx_hook_sb_delete+0x10/0x10 [ 94.719923][ T5823] ? __pfx_evict_inodes+0x10/0x10 [ 94.724995][ T5823] ? __pfx_btrfs_put_super+0x10/0x10 [ 94.730344][ T5823] generic_shutdown_super+0x135/0x2c0 [ 94.735760][ T5823] kill_anon_super+0x3b/0x70 [ 94.740877][ T5823] btrfs_kill_super+0x41/0x50 [ 94.745619][ T5823] deactivate_locked_super+0xb9/0x130 [ 94.751407][ T5823] cleanup_mnt+0x425/0x4c0 [ 94.755869][ T5823] ? lockdep_hardirqs_on+0x9c/0x150 [ 94.761186][ T5823] task_work_run+0x1d4/0x260 [ 94.765835][ T5823] ? __pfx_task_work_run+0x10/0x10 [ 94.771019][ T5823] ? __x64_sys_umount+0x122/0x160 [ 94.776106][ T5823] ptrace_notify+0x281/0x2c0 [ 94.780805][ T5823] ? __pfx_ptrace_notify+0x10/0x10 [ 94.786007][ T5823] ? __x64_sys_umount+0x122/0x160 [ 94.791152][ T5823] ? __pfx___x64_sys_umount+0x10/0x10 [ 94.796605][ T5823] syscall_exit_work+0xc6/0x1d0 [ 94.801600][ T5823] do_syscall_64+0x2ad/0x3b0 [ 94.806263][ T5823] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 94.812402][ T5823] ? asm_common_interrupt+0x26/0x40 [ 94.817675][ T5823] ? clear_bhb_loop+0x60/0xb0 [ 94.822372][ T5823] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 94.828334][ T5823] RIP: 0033:0x7fdbcba7f137 [ 94.832785][ T5823] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 [ 94.852917][ T5823] RSP: 002b:00007ffe4525d4b8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 [ 94.861419][ T5823] RAX: 0000000000000000 RBX: 0000000000016cc1 RCX: 00007fdbcba7f137 [ 94.869474][ T5823] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe4525d570 [ 94.877555][ T5823] RBP: 00007ffe4525d570 R08: 0000000000000000 R09: 0000000000000000 [ 94.885597][ T5823] R10: 00000000ffffffff R11: 0000000000000206 R12: 00007ffe4525e5f0 [ 94.893731][ T5823] R13: 00005555663f96c0 R14: 431bde82d7b634db R15: 00007ffe4525e610 [ 94.901827][ T5823] [ 94.904895][ T5823] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 94.912195][ T5823] CPU: 0 UID: 0 PID: 5823 Comm: syz-executor136 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 94.924627][ T5823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 94.934730][ T5823] Call Trace: [ 94.938029][ T5823] [ 94.941003][ T5823] dump_stack_lvl+0x99/0x250 [ 94.945651][ T5823] ? __asan_memcpy+0x40/0x70 [ 94.950271][ T5823] ? __pfx_dump_stack_lvl+0x10/0x10 [ 94.955529][ T5823] ? __pfx__printk+0x10/0x10 [ 94.960154][ T5823] panic+0x2db/0x790 [ 94.964080][ T5823] ? __pfx_panic+0x10/0x10 [ 94.968660][ T5823] __warn+0x31b/0x4b0 [ 94.972688][ T5823] ? btrfs_space_info_update_bytes_may_use+0x35a/0x640 [ 94.979581][ T5823] ? btrfs_space_info_update_bytes_may_use+0x35a/0x640 [ 94.987005][ T5823] report_bug+0x2be/0x4f0 [ 94.991383][ T5823] ? btrfs_space_info_update_bytes_may_use+0x35a/0x640 [ 94.998262][ T5823] ? btrfs_space_info_update_bytes_may_use+0x35a/0x640 [ 95.005135][ T5823] ? btrfs_space_info_update_bytes_may_use+0x35c/0x640 [ 95.012052][ T5823] handle_bug+0x84/0x160 [ 95.016320][ T5823] exc_invalid_op+0x1a/0x50 [ 95.020851][ T5823] asm_exc_invalid_op+0x1a/0x20 [ 95.025724][ T5823] RIP: 0010:btrfs_space_info_update_bytes_may_use+0x35a/0x640 [ 95.033222][ T5823] Code: 00 00 74 08 4c 89 ff e8 f4 5b 3d fe 4d 8b 27 4c 89 e7 48 8b 6c 24 18 48 89 ee e8 31 06 dc fd 49 39 ec 73 1c e8 c7 03 dc fd 90 <0f> 0b 90 31 db 43 80 7c 35 00 00 0f 85 2e ff ff ff e9 31 ff ff ff [ 95.052863][ T5823] RSP: 0018:ffffc900040ff910 EFLAGS: 00010293 [ 95.058960][ T5823] RAX: ffffffff83e449c9 RBX: ffffffffffea0000 RCX: ffff888078315a00 [ 95.066962][ T5823] RDX: 0000000000000000 RSI: 0000000000160000 RDI: 000000000015f000 [ 95.074956][ T5823] RBP: 0000000000160000 R08: ffffffff8f9fdaf7 R09: 1ffffffff1f3fb5e [ 95.082953][ T5823] R10: dffffc0000000000 R11: fffffbfff1f3fb5f R12: 000000000015f000 [ 95.090947][ T5823] R13: 1ffff1100ac16410 R14: dffffc0000000000 R15: ffff8880560b2080 [ 95.098948][ T5823] ? btrfs_space_info_update_bytes_may_use+0x359/0x640 [ 95.105850][ T5823] btrfs_block_rsv_release+0x4b3/0x5e0 [ 95.111346][ T5823] btrfs_release_global_block_rsv+0x33/0x270 [ 95.117357][ T5823] btrfs_free_block_groups+0xc2c/0xf40 [ 95.122876][ T5823] close_ctree+0x7f0/0xd60 [ 95.127325][ T5823] ? do_raw_spin_unlock+0x122/0x240 [ 95.132660][ T5823] ? __pfx_close_ctree+0x10/0x10 [ 95.137634][ T5823] ? hook_sb_delete+0x1a8/0xbd0 [ 95.142538][ T5823] ? __pfx_hook_sb_delete+0x10/0x10 [ 95.147781][ T5823] ? __pfx_evict_inodes+0x10/0x10 [ 95.152838][ T5823] ? __pfx_btrfs_put_super+0x10/0x10 [ 95.158151][ T5823] generic_shutdown_super+0x135/0x2c0 [ 95.163549][ T5823] kill_anon_super+0x3b/0x70 [ 95.168165][ T5823] btrfs_kill_super+0x41/0x50 [ 95.172878][ T5823] deactivate_locked_super+0xb9/0x130 [ 95.178279][ T5823] cleanup_mnt+0x425/0x4c0 [ 95.182734][ T5823] ? lockdep_hardirqs_on+0x9c/0x150 [ 95.187979][ T5823] task_work_run+0x1d4/0x260 [ 95.192604][ T5823] ? __pfx_task_work_run+0x10/0x10 [ 95.197744][ T5823] ? __x64_sys_umount+0x122/0x160 [ 95.202817][ T5823] ptrace_notify+0x281/0x2c0 [ 95.207437][ T5823] ? __pfx_ptrace_notify+0x10/0x10 [ 95.212579][ T5823] ? __x64_sys_umount+0x122/0x160 [ 95.217631][ T5823] ? __pfx___x64_sys_umount+0x10/0x10 [ 95.223035][ T5823] syscall_exit_work+0xc6/0x1d0 [ 95.227918][ T5823] do_syscall_64+0x2ad/0x3b0 [ 95.232547][ T5823] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 95.238639][ T5823] ? asm_common_interrupt+0x26/0x40 [ 95.243861][ T5823] ? clear_bhb_loop+0x60/0xb0 [ 95.248561][ T5823] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 95.254476][ T5823] RIP: 0033:0x7fdbcba7f137 [ 95.258910][ T5823] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 [ 95.278550][ T5823] RSP: 002b:00007ffe4525d4b8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 [ 95.286999][ T5823] RAX: 0000000000000000 RBX: 0000000000016cc1 RCX: 00007fdbcba7f137 [ 95.294996][ T5823] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe4525d570 [ 95.302991][ T5823] RBP: 00007ffe4525d570 R08: 0000000000000000 R09: 0000000000000000 [ 95.311001][ T5823] R10: 00000000ffffffff R11: 0000000000000206 R12: 00007ffe4525e5f0 [ 95.318997][ T5823] R13: 00005555663f96c0 R14: 431bde82d7b634db R15: 00007ffe4525e610 [ 95.327008][ T5823] [ 95.330482][ T5823] Kernel Offset: disabled [ 95.334831][ T5823] Rebooting in 86400 seconds..