./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2084270376 <...> Warning: Permanently added '10.128.1.27' (ED25519) to the list of known hosts. execve("./syz-executor2084270376", ["./syz-executor2084270376"], 0x7ffd4747c6f0 /* 10 vars */) = 0 brk(NULL) = 0x555556a19000 brk(0x555556a19d40) = 0x555556a19d40 arch_prctl(ARCH_SET_FS, 0x555556a193c0) = 0 set_tid_address(0x555556a19690) = 5024 set_robust_list(0x555556a196a0, 24) = 0 rseq(0x555556a19ce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2084270376", 4096) = 28 getrandom("\x6f\x24\xcd\xe6\xf0\x7a\x4e\xd6", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555556a19d40 brk(0x555556a3ad40) = 0x555556a3ad40 brk(0x555556a3b000) = 0x555556a3b000 mprotect(0x7fdcde1fe000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 futex(0x7fdcde20460c, FUTEX_WAKE_PRIVATE, 1000000) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7fdcde19e180, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fdcde18f830}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdcde116000 mprotect(0x7fdcde117000, 131072, PROT_READ|PROT_WRITE) = 0 rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fdcde136990, parent_tid=0x7fdcde136990, exit_signal=0, stack=0x7fdcde116000, stack_size=0x20300, tls=0x7fdcde1366c0} => {parent_tid=[5025]}, 88) = 5025 rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 futex(0x7fdcde204608, FUTEX_WAKE_PRIVATE, 1000000) = 0 futex(0x7fdcde20460c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5025 attached [pid 5025] rseq(0x7fdcde136fe0, 0x20, 0, 0x53053053) = 0 [pid 5025] set_robust_list(0x7fdcde1369a0, 24) = 0 [pid 5025] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 78.376796][ T26] audit: type=1400 audit(1691692679.710:83): avc: denied { write } for pid=5021 comm="strace-static-x" path="pipe:[30808]" dev="pipefs" ino=30808 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [pid 5025] memfd_create("syzkaller", 0) = 3 [pid 5025] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdcd5d16000 [ 78.409735][ T26] audit: type=1400 audit(1691692679.740:84): avc: denied { execmem } for pid=5024 comm="syz-executor208" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 78.422525][ T5025] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5025 'syz-executor208' [pid 5025] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5025] munmap(0x7fdcd5d16000, 16777216) = 0 [pid 5025] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5025] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5025] close(3) = 0 [pid 5025] mkdir("./file0", 0777) = 0 [ 78.630898][ T26] audit: type=1400 audit(1691692679.970:85): avc: denied { read write } for pid=5024 comm="syz-executor208" name="loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 78.634128][ T5025] loop0: detected capacity change from 0 to 32768 [ 78.656251][ T26] audit: type=1400 audit(1691692679.970:86): avc: denied { open } for pid=5024 comm="syz-executor208" path="/dev/loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 78.674816][ T5025] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor208 (5025) [ 78.688078][ T26] audit: type=1400 audit(1691692679.970:87): avc: denied { ioctl } for pid=5024 comm="syz-executor208" path="/dev/loop0" dev="devtmpfs" ino=648 ioctlcmd=0x4c00 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 78.688143][ T26] audit: type=1400 audit(1691692680.000:88): avc: denied { mounton } for pid=5024 comm="syz-executor208" path="/root/file0" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 78.750148][ T26] audit: type=1400 audit(1691692680.010:89): avc: denied { append } for pid=4452 comm="syslogd" name="messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 78.772709][ T26] audit: type=1400 audit(1691692680.010:90): avc: denied { open } for pid=4452 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 78.782639][ T5025] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 78.802645][ T26] audit: type=1400 audit(1691692680.010:91): avc: denied { getattr } for pid=4452 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 78.804443][ T5025] BTRFS info (device loop0): using free space tree [ 78.849845][ T5025] BTRFS info (device loop0): enabling ssd optimizations [ 78.856863][ T5025] BTRFS info (device loop0): auto enabling async discard [pid 5025] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5025] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5025] chdir("./file0") = 0 [pid 5025] ioctl(4, LOOP_CLR_FD) = 0 [pid 5025] close(4) = 0 [pid 5025] futex(0x7fdcde20460c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5025] futex(0x7fdcde204608, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5024] <... futex resumed>) = 0 [pid 5024] futex(0x7fdcde204608, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5024] futex(0x7fdcde20460c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5025] <... futex resumed>) = 0 [pid 5025] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 5025] futex(0x7fdcde20460c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5025] futex(0x7fdcde204608, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5024] <... futex resumed>) = 0 [pid 5024] futex(0x7fdcde204608, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5025] <... futex resumed>) = 0 [pid 5025] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5024] futex(0x7fdcde20460c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5025] <... open resumed>) = 5 [pid 5025] futex(0x7fdcde20460c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5025] futex(0x7fdcde204608, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5024] <... futex resumed>) = 0 [pid 5024] futex(0x7fdcde204608, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5025] <... futex resumed>) = 0 [pid 5025] fallocate(5, 0, 0, 1048816 [pid 5024] futex(0x7fdcde20460c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5025] <... fallocate resumed>) = 0 [pid 5025] futex(0x7fdcde20460c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5024] <... futex resumed>) = 0 [pid 5024] futex(0x7fdcde204608, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5024] futex(0x7fdcde20460c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5025] <... futex resumed>) = 1 [ 78.869787][ T26] audit: type=1400 audit(1691692680.200:92): avc: denied { mount } for pid=5024 comm="syz-executor208" name="/" dev="loop0" ino=256 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [pid 5025] sendfile(4, 5, NULL, 142606348 [pid 5024] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5024] futex(0x7fdcde20461c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5024] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdcd6cf5000 [pid 5024] mprotect(0x7fdcd6cf6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5024] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5024] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fdcd6d15990, parent_tid=0x7fdcd6d15990, exit_signal=0, stack=0x7fdcd6cf5000, stack_size=0x20300, tls=0x7fdcd6d156c0} => {parent_tid=[5043]}, 88) = 5043 [pid 5024] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5024] futex(0x7fdcde204618, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5024] futex(0x7fdcde20461c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5043 attached [pid 5043] rseq(0x7fdcd6d15fe0, 0x20, 0, 0x53053053) = 0 [pid 5043] set_robust_list(0x7fdcd6d159a0, 24) = 0 [pid 5043] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5043] open(".", O_RDONLY) = 6 [pid 5043] futex(0x7fdcde20461c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5024] <... futex resumed>) = 0 [pid 5043] <... futex resumed>) = 1 [pid 5024] futex(0x7fdcde204618, FUTEX_WAKE_PRIVATE, 1000000 [pid 5043] ioctl(6, BTRFS_IOC_BALANCE_V2, {flags=0} [pid 5024] <... futex resumed>) = 0 [pid 5024] futex(0x7fdcde20461c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 79.034512][ T5043] BTRFS info (device loop0): balance: start [ 79.042696][ T5043] BTRFS info (device loop0): balance: ended with status: 0 [ 79.051191][ T32] ------------[ cut here ]------------ [ 79.056933][ T32] BTRFS: Transaction aborted (error -28) [ 79.063889][ T32] WARNING: CPU: 1 PID: 32 at fs/btrfs/inode.c:3279 btrfs_finish_one_ordered+0x1d42/0x2240 [ 79.074065][ T32] Modules linked in: [ 79.078016][ T32] CPU: 1 PID: 32 Comm: kworker/u4:2 Not tainted 6.5.0-rc5-syzkaller-00063-g374a7f47bf40 #0 [ 79.088168][ T32] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023 [ 79.098349][ T32] Workqueue: btrfs-endio-write btrfs_work_helper [ 79.104831][ T32] RIP: 0010:btrfs_finish_one_ordered+0x1d42/0x2240 [ 79.111492][ T32] Code: c6 80 af b5 8a 48 c7 c7 00 9a b5 8a e8 67 3a f6 fd 0f 0b e8 80 d8 12 fe 8b b5 10 ff ff ff 48 c7 c7 00 ab b5 8a e8 ce 99 d9 fd <0f> 0b e9 b1 fc ff ff e8 62 d8 12 fe 8b b5 10 ff ff ff 48 c7 c7 00 [ 79.131220][ T32] RSP: 0018:ffffc90000c9fad8 EFLAGS: 00010286 [ 79.137360][ T32] RAX: 0000000000000000 RBX: ffff888079be3c20 RCX: 0000000000000000 [ 79.145453][ T32] RDX: ffff888013af0140 RSI: ffffffff814be3c6 RDI: 0000000000000001 [ 79.153538][ T32] RBP: ffffc90000c9fc58 R08: 0000000000000001 R09: 0000000000000000 [ 79.161645][ T32] R10: 0000000000000001 R11: 0000000000000001 R12: ffff888071f926e0 [ 79.169767][ T32] R13: 0000000000000001 R14: ffff888071f92690 R15: ffff888079be3c68 [ 79.177804][ T32] FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 79.186844][ T32] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 79.193552][ T32] CR2: 00007f2c26c23060 CR3: 000000002a825000 CR4: 00000000003506e0 [ 79.201686][ T32] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 79.209784][ T32] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 79.217799][ T32] Call Trace: [ 79.221146][ T32] [ 79.224123][ T32] ? __warn+0xe6/0x380 [ 79.228255][ T32] ? preempt_schedule_notrace+0x5f/0xe0 [pid 5024] exit_group(0) = ? [ 79.233932][ T32] ? btrfs_finish_one_ordered+0x1d42/0x2240 [ 79.239929][ T32] ? report_bug+0x3bc/0x580 [ 79.244480][ T32] ? handle_bug+0x3c/0x70 [ 79.248832][ T32] ? exc_invalid_op+0x17/0x40 [ 79.253633][ T32] ? asm_exc_invalid_op+0x1a/0x20 [ 79.258740][ T32] ? __warn_printk+0x1a6/0x350 [ 79.263597][ T32] ? btrfs_finish_one_ordered+0x1d42/0x2240 [ 79.269625][ T32] ? btrfs_finish_one_ordered+0x1d42/0x2240 [ 79.275614][ T32] ? btrfs_unlink_subvol+0xed0/0xed0 [ 79.281035][ T32] ? lock_sync+0x190/0x190 [ 79.285516][ T32] btrfs_work_helper+0x20b/0xba0 [ 79.290578][ T32] ? spin_bug+0x1d0/0x1d0 [ 79.294974][ T32] process_one_work+0xaa2/0x16f0 [ 79.299987][ T32] ? lock_sync+0x190/0x190 [ 79.304455][ T32] ? pwq_dec_nr_in_flight+0x2a0/0x2a0 [ 79.309923][ T32] ? spin_bug+0x1d0/0x1d0 [ 79.314309][ T32] worker_thread+0x687/0x1110 [ 79.319011][ T32] ? __kthread_parkme+0x152/0x220 [ 79.324119][ T32] ? process_one_work+0x16f0/0x16f0 [ 79.329363][ T32] kthread+0x33a/0x430 [ 79.333521][ T32] ? kthread_complete_and_exit+0x40/0x40 [ 79.339177][ T32] ret_from_fork+0x2c/0x70 [ 79.343703][ T32] ? kthread_complete_and_exit+0x40/0x40 [ 79.349448][ T32] ret_from_fork_asm+0x11/0x20 [ 79.354272][ T32] [ 79.357309][ T32] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 79.364606][ T32] CPU: 1 PID: 32 Comm: kworker/u4:2 Not tainted 6.5.0-rc5-syzkaller-00063-g374a7f47bf40 #0 [ 79.374625][ T32] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023 [ 79.384720][ T32] Workqueue: btrfs-endio-write btrfs_work_helper [ 79.391108][ T32] Call Trace: [ 79.394402][ T32] [ 79.397349][ T32] dump_stack_lvl+0xd9/0x1b0 [ 79.401971][ T32] panic+0x6a4/0x750 [ 79.405899][ T32] ? panic_smp_self_stop+0xa0/0xa0 [ 79.411086][ T32] ? show_trace_log_lvl+0x29d/0x3c0 [ 79.416327][ T32] ? btrfs_finish_one_ordered+0x1d42/0x2240 [ 79.422255][ T32] check_panic_on_warn+0xab/0xb0 [ 79.427224][ T32] __warn+0xf2/0x380 [ 79.431149][ T32] ? preempt_schedule_notrace+0x5f/0xe0 [ 79.436737][ T32] ? btrfs_finish_one_ordered+0x1d42/0x2240 [ 79.442698][ T32] report_bug+0x3bc/0x580 [ 79.447053][ T32] handle_bug+0x3c/0x70 [ 79.451237][ T32] exc_invalid_op+0x17/0x40 [ 79.455771][ T32] asm_exc_invalid_op+0x1a/0x20 [ 79.460649][ T32] RIP: 0010:btrfs_finish_one_ordered+0x1d42/0x2240 [ 79.467202][ T32] Code: c6 80 af b5 8a 48 c7 c7 00 9a b5 8a e8 67 3a f6 fd 0f 0b e8 80 d8 12 fe 8b b5 10 ff ff ff 48 c7 c7 00 ab b5 8a e8 ce 99 d9 fd <0f> 0b e9 b1 fc ff ff e8 62 d8 12 fe 8b b5 10 ff ff ff 48 c7 c7 00 [ 79.486858][ T32] RSP: 0018:ffffc90000c9fad8 EFLAGS: 00010286 [ 79.492980][ T32] RAX: 0000000000000000 RBX: ffff888079be3c20 RCX: 0000000000000000 [ 79.500976][ T32] RDX: ffff888013af0140 RSI: ffffffff814be3c6 RDI: 0000000000000001 [ 79.508975][ T32] RBP: ffffc90000c9fc58 R08: 0000000000000001 R09: 0000000000000000 [ 79.516972][ T32] R10: 0000000000000001 R11: 0000000000000001 R12: ffff888071f926e0 [ 79.524970][ T32] R13: 0000000000000001 R14: ffff888071f92690 R15: ffff888079be3c68 [ 79.532977][ T32] ? __warn_printk+0x1a6/0x350 [ 79.537777][ T32] ? btrfs_finish_one_ordered+0x1d42/0x2240 [ 79.543710][ T32] ? btrfs_unlink_subvol+0xed0/0xed0 [ 79.549032][ T32] ? lock_sync+0x190/0x190 [ 79.553485][ T32] btrfs_work_helper+0x20b/0xba0 [ 79.558460][ T32] ? spin_bug+0x1d0/0x1d0 [ 79.562855][ T32] process_one_work+0xaa2/0x16f0 [ 79.567875][ T32] ? lock_sync+0x190/0x190 [ 79.572327][ T32] ? pwq_dec_nr_in_flight+0x2a0/0x2a0 [ 79.577741][ T32] ? spin_bug+0x1d0/0x1d0 [ 79.582108][ T32] worker_thread+0x687/0x1110 [ 79.586823][ T32] ? __kthread_parkme+0x152/0x220 [ 79.591891][ T32] ? process_one_work+0x16f0/0x16f0 [ 79.597125][ T32] kthread+0x33a/0x430 [ 79.601223][ T32] ? kthread_complete_and_exit+0x40/0x40 [ 79.606886][ T32] ret_from_fork+0x2c/0x70 [ 79.611339][ T32] ? kthread_complete_and_exit+0x40/0x40 [ 79.617001][ T32] ret_from_fork_asm+0x11/0x20 [ 79.621808][ T32] [ 79.625065][ T32] Kernel Offset: disabled [ 79.629528][ T32] Rebooting in 86400 seconds..