./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4270962228 <...> [ 102.388754][ T7] cfg80211: failed to load regulatory.db [ 102.798669][ T27] audit: type=1400 audit(1696756666.234:83): avc: denied { append } for pid=4466 comm="syslogd" name="messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 102.820919][ T27] audit: type=1400 audit(1696756666.234:84): avc: denied { open } for pid=4466 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 102.843369][ T27] audit: type=1400 audit(1696756666.234:85): avc: denied { getattr } for pid=4466 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 Warning: Permanently added '10.128.0.223' (ED25519) to the list of known hosts. [ 107.755782][ T27] audit: type=1400 audit(1696756671.184:86): avc: denied { write } for pid=5032 comm="sh" path="pipe:[3688]" dev="pipefs" ino=3688 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 execve("./syz-executor4270962228", ["./syz-executor4270962228"], 0x7ffe0379d8f0 /* 10 vars */) = 0 brk(NULL) = 0x55555670f000 brk(0x55555670fd40) = 0x55555670fd40 arch_prctl(ARCH_SET_FS, 0x55555670f3c0) = 0 set_tid_address(0x55555670f690) = 5035 set_robust_list(0x55555670f6a0, 24) = 0 rseq(0x55555670fce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor4270962228", 4096) = 28 getrandom("\x05\x42\x1a\xa9\xbe\xc1\xb4\x2d", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55555670fd40 brk(0x555556730d40) = 0x555556730d40 brk(0x555556731000) = 0x555556731000 mprotect(0x7f8b2102f000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mkdir("./syzkaller.lqJfZH", 0700) = 0 chmod("./syzkaller.lqJfZH", 0777) = 0 chdir("./syzkaller.lqJfZH") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555670f690) = 5036 ./strace-static-x86_64: Process 5036 attached [pid 5036] set_robust_list(0x55555670f6a0, 24) = 0 [pid 5036] chdir("./0") = 0 [pid 5036] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5036] setpgid(0, 0) = 0 [ 107.872021][ T27] audit: type=1400 audit(1696756671.304:87): avc: denied { execmem } for pid=5035 comm="syz-executor427" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 107.892733][ T27] audit: type=1400 audit(1696756671.304:88): avc: denied { read write } for pid=5035 comm="syz-executor427" name="loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 5036] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5036] write(3, "1000", 4) = 4 [pid 5036] close(3) = 0 [pid 5036] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5036] futex(0x7f8b210356cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5036] rt_sigaction(SIGRT_1, {sa_handler=0x7f8b20fcf2b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8b20fc0460}, NULL, 8) = 0 [pid 5036] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5036] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8b20f45000 [pid 5036] mprotect(0x7f8b20f46000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5036] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5036] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8b20f65990, parent_tid=0x7f8b20f65990, exit_signal=0, stack=0x7f8b20f45000, stack_size=0x20300, tls=0x7f8b20f656c0}./strace-static-x86_64: Process 5037 attached [pid 5037] rseq(0x7f8b20f65fe0, 0x20, 0, 0x53053053 [pid 5036] <... clone3 resumed> => {parent_tid=[5037]}, 88) = 5037 [pid 5037] <... rseq resumed>) = 0 [pid 5036] rt_sigprocmask(SIG_SETMASK, [], [pid 5037] set_robust_list(0x7f8b20f659a0, 24 [pid 5036] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5037] <... set_robust_list resumed>) = 0 [pid 5036] futex(0x7f8b210356c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5037] rt_sigprocmask(SIG_SETMASK, [], [pid 5036] <... futex resumed>) = 0 [pid 5037] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 107.921150][ T27] audit: type=1400 audit(1696756671.304:89): avc: denied { open } for pid=5035 comm="syz-executor427" path="/dev/loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 5036] futex(0x7f8b210356cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5037] memfd_create("syzkaller", 0) = 3 [pid 5037] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8b18b45000 [ 107.947944][ T27] audit: type=1400 audit(1696756671.304:90): avc: denied { ioctl } for pid=5035 comm="syz-executor427" path="/dev/loop0" dev="devtmpfs" ino=648 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 107.955930][ T5037] syz-executor427[5037]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [pid 5037] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5037] munmap(0x7f8b18b45000, 138412032) = 0 [pid 5037] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5037] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5037] close(3) = 0 [pid 5037] mkdir("./file0", 0777) = 0 [ 108.265529][ T5037] loop0: detected capacity change from 0 to 32768 [ 108.277511][ T27] audit: type=1400 audit(1696756671.714:91): avc: denied { mounton } for pid=5036 comm="syz-executor427" path="/root/syzkaller.lqJfZH/0/file0" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 108.283967][ T5037] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor427 (5037) [ 108.327160][ T5037] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 108.336457][ T5037] BTRFS info (device loop0): using free space tree [pid 5037] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5037] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5037] chdir("./file0") = 0 [pid 5037] ioctl(4, LOOP_CLR_FD) = 0 [pid 5037] close(4) = 0 [pid 5037] futex(0x7f8b210356cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5036] <... futex resumed>) = 0 [pid 5036] futex(0x7f8b210356c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5036] futex(0x7f8b210356cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5037] <... futex resumed>) = 1 [pid 5037] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 4 [pid 5037] futex(0x7f8b210356cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5036] <... futex resumed>) = 0 [pid 5036] futex(0x7f8b210356c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5036] futex(0x7f8b210356cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5037] <... futex resumed>) = 1 [ 108.376502][ T5037] BTRFS info (device loop0): enabling ssd optimizations [ 108.383513][ T5037] BTRFS info (device loop0): auto enabling async discard [ 108.400175][ T27] audit: type=1400 audit(1696756671.834:92): avc: denied { mount } for pid=5036 comm="syz-executor427" name="/" dev="loop0" ino=256 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [pid 5037] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5036] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5036] futex(0x7f8b210356dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5036] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8b20f24000 [ 108.445966][ T27] audit: type=1400 audit(1696756671.844:93): avc: denied { write } for pid=5036 comm="syz-executor427" name="/" dev="loop0" ino=256 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 108.469646][ T27] audit: type=1400 audit(1696756671.844:94): avc: denied { add_name } for pid=5036 comm="syz-executor427" name=".log" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [pid 5036] mprotect(0x7f8b20f25000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5036] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5036] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8b20f44990, parent_tid=0x7f8b20f44990, exit_signal=0, stack=0x7f8b20f24000, stack_size=0x20300, tls=0x7f8b20f446c0}./strace-static-x86_64: Process 5053 attached => {parent_tid=[5053]}, 88) = 5053 [pid 5053] rseq(0x7f8b20f44fe0, 0x20, 0, 0x53053053) = 0 [pid 5036] rt_sigprocmask(SIG_SETMASK, [], [pid 5053] set_robust_list(0x7f8b20f449a0, 24 [pid 5036] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5053] <... set_robust_list resumed>) = 0 [pid 5036] futex(0x7f8b210356d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5053] rt_sigprocmask(SIG_SETMASK, [], [pid 5036] <... futex resumed>) = 0 [pid 5053] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5053] openat(AT_FDCWD, ".", O_RDONLY [pid 5036] futex(0x7f8b210356dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5053] <... openat resumed>) = 5 [pid 5053] futex(0x7f8b210356dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5036] <... futex resumed>) = 0 [pid 5053] <... futex resumed>) = 1 [pid 5036] futex(0x7f8b210356d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5053] ioctl(5, FITRIM, {start=0, len=18014398509481984, minlen=0} [pid 5036] <... futex resumed>) = 0 [ 108.496754][ T27] audit: type=1400 audit(1696756671.844:95): avc: denied { create } for pid=5036 comm="syz-executor427" name=".log" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 108.520113][ T5037] BTRFS info (device loop0): balance: start -s [pid 5036] futex(0x7f8b210356dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 108.546313][ T27] audit: type=1400 audit(1696756671.864:96): avc: denied { write open } for pid=5036 comm="syz-executor427" path="/root/syzkaller.lqJfZH/0/file0/.log" dev="loop0" ino=263 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 108.572999][ T5037] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5036] exit_group(0) = ? [pid 5053] <... ioctl resumed>) = ? [pid 5053] +++ exited with 0 +++ [ 108.792408][ T5053] BTRFS warning (device loop0): failed to trim 1 block group(s), last error -512 [pid 5037] <... ioctl resumed> ) = ? [pid 5037] +++ exited with 0 +++ [pid 5036] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5036, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=56 /* 0.56 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556710730 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 [ 108.844203][ T5037] BTRFS info (device loop0): balance: ended with status: 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556718770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556718770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x555556710730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5056 attached , child_tidptr=0x55555670f690) = 5056 [pid 5056] set_robust_list(0x55555670f6a0, 24) = 0 [pid 5056] chdir("./1") = 0 [pid 5056] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5056] setpgid(0, 0) = 0 [pid 5056] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5056] write(3, "1000", 4) = 4 [pid 5056] close(3) = 0 [pid 5056] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5056] futex(0x7f8b210356cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5056] rt_sigaction(SIGRT_1, {sa_handler=0x7f8b20fcf2b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8b20fc0460}, NULL, 8) = 0 [pid 5056] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5056] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8b20f45000 [pid 5056] mprotect(0x7f8b20f46000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5056] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5056] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8b20f65990, parent_tid=0x7f8b20f65990, exit_signal=0, stack=0x7f8b20f45000, stack_size=0x20300, tls=0x7f8b20f656c0}./strace-static-x86_64: Process 5057 attached [pid 5057] rseq(0x7f8b20f65fe0, 0x20, 0, 0x53053053 [pid 5056] <... clone3 resumed> => {parent_tid=[5057]}, 88) = 5057 [pid 5057] <... rseq resumed>) = 0 [pid 5056] rt_sigprocmask(SIG_SETMASK, [], [pid 5057] set_robust_list(0x7f8b20f659a0, 24) = 0 [pid 5056] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5057] rt_sigprocmask(SIG_SETMASK, [], [pid 5056] futex(0x7f8b210356c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5057] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5056] <... futex resumed>) = 0 [pid 5057] memfd_create("syzkaller", 0 [pid 5056] futex(0x7f8b210356cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5057] <... memfd_create resumed>) = 3 [pid 5057] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8b18b45000 [pid 5057] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5057] munmap(0x7f8b18b45000, 138412032) = 0 [pid 5057] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5057] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5057] close(3) = 0 [pid 5057] mkdir("./file0", 0777) = 0 [ 109.367555][ T5057] loop0: detected capacity change from 0 to 32768 [ 109.380203][ T5057] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor427 (5057) [ 109.401505][ T5057] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 109.410396][ T5057] BTRFS info (device loop0): using free space tree [pid 5057] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5057] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5057] chdir("./file0") = 0 [pid 5057] ioctl(4, LOOP_CLR_FD) = 0 [pid 5057] close(4) = 0 [pid 5057] futex(0x7f8b210356cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5057] futex(0x7f8b210356c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5056] <... futex resumed>) = 0 [pid 5056] futex(0x7f8b210356c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5057] <... futex resumed>) = 0 [pid 5056] futex(0x7f8b210356cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5057] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 4 [pid 5057] futex(0x7f8b210356cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5057] futex(0x7f8b210356c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5056] <... futex resumed>) = 0 [pid 5056] futex(0x7f8b210356c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5057] <... futex resumed>) = 0 [pid 5056] <... futex resumed>) = 1 [pid 5057] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 109.443006][ T5057] BTRFS info (device loop0): enabling ssd optimizations [ 109.450251][ T5057] BTRFS info (device loop0): auto enabling async discard [pid 5056] futex(0x7f8b210356cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5056] futex(0x7f8b210356dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5056] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8b20f24000 [pid 5056] mprotect(0x7f8b20f25000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5056] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5056] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8b20f44990, parent_tid=0x7f8b20f44990, exit_signal=0, stack=0x7f8b20f24000, stack_size=0x20300, tls=0x7f8b20f446c0} => {parent_tid=[5074]}, 88) = 5074 [pid 5056] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 5074 attached [pid 5056] futex(0x7f8b210356d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5074] rseq(0x7f8b20f44fe0, 0x20, 0, 0x53053053 [pid 5056] <... futex resumed>) = 0 [pid 5074] <... rseq resumed>) = 0 [pid 5056] futex(0x7f8b210356dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5074] set_robust_list(0x7f8b20f449a0, 24) = 0 [pid 5074] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5074] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5074] futex(0x7f8b210356dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5056] <... futex resumed>) = 0 [pid 5056] futex(0x7f8b210356d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5074] ioctl(5, FITRIM, {start=0, len=18014398509481984, minlen=0} [pid 5056] <... futex resumed>) = 0 [ 109.507452][ T5057] BTRFS info (device loop0): balance: start -s [ 109.520624][ T5057] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5056] futex(0x7f8b210356dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5074] <... ioctl resumed>) = 0 [pid 5074] futex(0x7f8b210356dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5074] futex(0x7f8b210356d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5057] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5057] futex(0x7f8b210356cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5056] exit_group(0 [pid 5074] <... futex resumed>) = ? [pid 5056] <... exit_group resumed>) = ? [pid 5074] +++ exited with 0 +++ [pid 5057] +++ exited with 0 +++ [pid 5056] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5056, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=43 /* 0.43 s */} --- umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556710730 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 [ 109.769741][ T5057] BTRFS info (device loop0): balance: ended with status: 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556718770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556718770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 getdents64(3, 0x555556710730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5075 attached , child_tidptr=0x55555670f690) = 5075 [pid 5075] set_robust_list(0x55555670f6a0, 24) = 0 [pid 5075] chdir("./2") = 0 [pid 5075] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5075] setpgid(0, 0) = 0 [pid 5075] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5075] write(3, "1000", 4) = 4 [pid 5075] close(3) = 0 [pid 5075] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5075] futex(0x7f8b210356cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5075] rt_sigaction(SIGRT_1, {sa_handler=0x7f8b20fcf2b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8b20fc0460}, NULL, 8) = 0 [pid 5075] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5075] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8b20f45000 [pid 5075] mprotect(0x7f8b20f46000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5075] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5075] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8b20f65990, parent_tid=0x7f8b20f65990, exit_signal=0, stack=0x7f8b20f45000, stack_size=0x20300, tls=0x7f8b20f656c0} => {parent_tid=[5076]}, 88) = 5076 [pid 5075] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5075] futex(0x7f8b210356c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5075] futex(0x7f8b210356cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5076 attached [pid 5076] rseq(0x7f8b20f65fe0, 0x20, 0, 0x53053053) = 0 [pid 5076] set_robust_list(0x7f8b20f659a0, 24) = 0 [pid 5076] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5076] memfd_create("syzkaller", 0) = 3 [pid 5076] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8b18b45000 [pid 5076] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5076] munmap(0x7f8b18b45000, 138412032) = 0 [pid 5076] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5076] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5076] close(3) = 0 [pid 5076] mkdir("./file0", 0777) = 0 [ 110.246379][ T5076] loop0: detected capacity change from 0 to 32768 [ 110.258573][ T5076] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor427 (5076) [ 110.276887][ T5076] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 110.285664][ T5076] BTRFS info (device loop0): using free space tree [pid 5076] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5076] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5076] chdir("./file0") = 0 [pid 5076] ioctl(4, LOOP_CLR_FD) = 0 [pid 5076] close(4) = 0 [pid 5076] futex(0x7f8b210356cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5075] <... futex resumed>) = 0 [pid 5076] futex(0x7f8b210356c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5075] futex(0x7f8b210356c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5076] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5075] <... futex resumed>) = 0 [pid 5076] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 5075] futex(0x7f8b210356cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5076] <... openat resumed>) = 4 [pid 5076] futex(0x7f8b210356cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] <... futex resumed>) = 0 [pid 5075] futex(0x7f8b210356c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5075] futex(0x7f8b210356cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5076] <... futex resumed>) = 1 [ 110.317666][ T5076] BTRFS info (device loop0): enabling ssd optimizations [ 110.324771][ T5076] BTRFS info (device loop0): auto enabling async discard [pid 5076] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5075] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5075] futex(0x7f8b210356cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5075] futex(0x7f8b210356dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5075] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8b20f24000 [pid 5075] mprotect(0x7f8b20f25000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5075] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5075] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8b20f44990, parent_tid=0x7f8b20f44990, exit_signal=0, stack=0x7f8b20f24000, stack_size=0x20300, tls=0x7f8b20f446c0}./strace-static-x86_64: Process 5092 attached => {parent_tid=[5092]}, 88) = 5092 [pid 5092] rseq(0x7f8b20f44fe0, 0x20, 0, 0x53053053) = 0 [pid 5075] rt_sigprocmask(SIG_SETMASK, [], [pid 5092] set_robust_list(0x7f8b20f449a0, 24 [pid 5075] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5092] <... set_robust_list resumed>) = 0 [pid 5075] futex(0x7f8b210356d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5092] rt_sigprocmask(SIG_SETMASK, [], [pid 5075] <... futex resumed>) = 0 [pid 5092] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5075] futex(0x7f8b210356dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5092] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5092] futex(0x7f8b210356dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5075] <... futex resumed>) = 0 [pid 5092] futex(0x7f8b210356d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5075] futex(0x7f8b210356d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5092] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5075] <... futex resumed>) = 0 [pid 5092] ioctl(5, FITRIM, {start=0, len=18014398509481984, minlen=0} [ 110.374148][ T5076] BTRFS info (device loop0): balance: start -s [ 110.386907][ T5076] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5075] futex(0x7f8b210356dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5092] <... ioctl resumed>) = 0 [pid 5092] futex(0x7f8b210356dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5092] futex(0x7f8b210356d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5075] exit_group(0) = ? [pid 5092] <... futex resumed>) = ? [pid 5092] +++ exited with 0 +++ [pid 5076] <... ioctl resumed> ) = ? [pid 5076] +++ exited with 0 +++ [pid 5075] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5075, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=38 /* 0.38 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556710730 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 [ 110.643254][ T5076] BTRFS info (device loop0): balance: ended with status: 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556718770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556718770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 getdents64(3, 0x555556710730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5094 attached , child_tidptr=0x55555670f690) = 5094 [pid 5094] set_robust_list(0x55555670f6a0, 24) = 0 [pid 5094] chdir("./3") = 0 [pid 5094] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5094] setpgid(0, 0) = 0 [pid 5094] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5094] write(3, "1000", 4) = 4 [pid 5094] close(3) = 0 [pid 5094] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5094] futex(0x7f8b210356cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5094] rt_sigaction(SIGRT_1, {sa_handler=0x7f8b20fcf2b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8b20fc0460}, NULL, 8) = 0 [pid 5094] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5094] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8b20f45000 [pid 5094] mprotect(0x7f8b20f46000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5094] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5094] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8b20f65990, parent_tid=0x7f8b20f65990, exit_signal=0, stack=0x7f8b20f45000, stack_size=0x20300, tls=0x7f8b20f656c0} => {parent_tid=[5095]}, 88) = 5095 ./strace-static-x86_64: Process 5095 attached [pid 5095] rseq(0x7f8b20f65fe0, 0x20, 0, 0x53053053 [pid 5094] rt_sigprocmask(SIG_SETMASK, [], [pid 5095] <... rseq resumed>) = 0 [pid 5095] set_robust_list(0x7f8b20f659a0, 24 [pid 5094] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5094] futex(0x7f8b210356c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5095] <... set_robust_list resumed>) = 0 [pid 5095] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5094] futex(0x7f8b210356cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5095] memfd_create("syzkaller", 0) = 3 [pid 5095] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8b18b45000 [pid 5095] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5095] munmap(0x7f8b18b45000, 138412032) = 0 [pid 5095] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5095] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5095] close(3) = 0 [pid 5095] mkdir("./file0", 0777) = 0 [ 111.114740][ T5095] loop0: detected capacity change from 0 to 32768 [ 111.127172][ T5095] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor427 (5095) [ 111.145838][ T5095] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 111.154907][ T5095] BTRFS info (device loop0): using free space tree [pid 5095] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5095] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5095] chdir("./file0") = 0 [pid 5095] ioctl(4, LOOP_CLR_FD) = 0 [pid 5095] close(4) = 0 [pid 5095] futex(0x7f8b210356cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5094] <... futex resumed>) = 0 [pid 5094] futex(0x7f8b210356c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5095] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 4 [pid 5094] <... futex resumed>) = 0 [pid 5094] futex(0x7f8b210356cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5095] futex(0x7f8b210356cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5094] <... futex resumed>) = 0 [pid 5094] futex(0x7f8b210356c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5094] futex(0x7f8b210356cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5095] <... futex resumed>) = 1 [ 111.186400][ T5095] BTRFS info (device loop0): enabling ssd optimizations [ 111.193445][ T5095] BTRFS info (device loop0): auto enabling async discard [pid 5095] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5094] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5094] futex(0x7f8b210356dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5094] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8b20f24000 [pid 5094] mprotect(0x7f8b20f25000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5094] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5094] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8b20f44990, parent_tid=0x7f8b20f44990, exit_signal=0, stack=0x7f8b20f24000, stack_size=0x20300, tls=0x7f8b20f446c0}./strace-static-x86_64: Process 5112 attached => {parent_tid=[5112]}, 88) = 5112 [pid 5112] rseq(0x7f8b20f44fe0, 0x20, 0, 0x53053053 [pid 5094] rt_sigprocmask(SIG_SETMASK, [], [pid 5112] <... rseq resumed>) = 0 [pid 5094] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5112] set_robust_list(0x7f8b20f449a0, 24 [pid 5094] futex(0x7f8b210356d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5112] <... set_robust_list resumed>) = 0 [pid 5094] <... futex resumed>) = 0 [pid 5112] rt_sigprocmask(SIG_SETMASK, [], [pid 5094] futex(0x7f8b210356dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5112] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5112] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5112] futex(0x7f8b210356dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5094] <... futex resumed>) = 0 [pid 5112] futex(0x7f8b210356d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5094] futex(0x7f8b210356d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5112] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5094] <... futex resumed>) = 0 [pid 5112] ioctl(5, FITRIM, {start=0, len=18014398509481984, minlen=0} [ 111.243228][ T5095] BTRFS info (device loop0): balance: start -s [ 111.253491][ T5095] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5094] futex(0x7f8b210356dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5112] <... ioctl resumed>) = 0 [pid 5112] futex(0x7f8b210356dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5112] futex(0x7f8b210356d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5095] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5095] futex(0x7f8b210356cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5095] futex(0x7f8b210356c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5094] exit_group(0 [pid 5112] <... futex resumed>) = ? [pid 5095] <... futex resumed>) = ? [pid 5112] +++ exited with 0 +++ [pid 5095] +++ exited with 0 +++ [pid 5094] <... exit_group resumed>) = ? [pid 5094] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5094, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=40 /* 0.40 s */} --- umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556710730 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 [ 111.541404][ T5095] BTRFS info (device loop0): balance: ended with status: 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556718770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556718770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 getdents64(3, 0x555556710730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5113 attached , child_tidptr=0x55555670f690) = 5113 [pid 5113] set_robust_list(0x55555670f6a0, 24) = 0 [pid 5113] chdir("./4") = 0 [pid 5113] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5113] setpgid(0, 0) = 0 [pid 5113] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5113] write(3, "1000", 4) = 4 [pid 5113] close(3) = 0 [pid 5113] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5113] futex(0x7f8b210356cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5113] rt_sigaction(SIGRT_1, {sa_handler=0x7f8b20fcf2b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8b20fc0460}, NULL, 8) = 0 [pid 5113] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5113] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8b20f45000 [pid 5113] mprotect(0x7f8b20f46000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5113] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5113] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8b20f65990, parent_tid=0x7f8b20f65990, exit_signal=0, stack=0x7f8b20f45000, stack_size=0x20300, tls=0x7f8b20f656c0}./strace-static-x86_64: Process 5114 attached => {parent_tid=[5114]}, 88) = 5114 [pid 5114] rseq(0x7f8b20f65fe0, 0x20, 0, 0x53053053 [pid 5113] rt_sigprocmask(SIG_SETMASK, [], [pid 5114] <... rseq resumed>) = 0 [pid 5114] set_robust_list(0x7f8b20f659a0, 24 [pid 5113] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5114] <... set_robust_list resumed>) = 0 [pid 5113] futex(0x7f8b210356c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5114] rt_sigprocmask(SIG_SETMASK, [], [pid 5113] <... futex resumed>) = 0 [pid 5114] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5113] futex(0x7f8b210356cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5114] memfd_create("syzkaller", 0) = 3 [pid 5114] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8b18b45000 [pid 5114] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5114] munmap(0x7f8b18b45000, 138412032) = 0 [pid 5114] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5114] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5114] close(3) = 0 [pid 5114] mkdir("./file0", 0777) = 0 [ 112.011592][ T5114] loop0: detected capacity change from 0 to 32768 [ 112.022890][ T5114] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor427 (5114) [ 112.040110][ T5114] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 112.049114][ T5114] BTRFS info (device loop0): using free space tree [pid 5114] mount("/dev/loop0", "./file0", "btrfs", 0, "") = 0 [pid 5114] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5114] chdir("./file0") = 0 [pid 5114] ioctl(4, LOOP_CLR_FD) = 0 [pid 5114] close(4) = 0 [pid 5114] futex(0x7f8b210356cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5114] futex(0x7f8b210356c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5113] <... futex resumed>) = 0 [pid 5113] futex(0x7f8b210356c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5114] <... futex resumed>) = 0 [pid 5113] futex(0x7f8b210356cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5114] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 4 [pid 5114] futex(0x7f8b210356cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5113] <... futex resumed>) = 0 [pid 5113] futex(0x7f8b210356c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5113] futex(0x7f8b210356cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5114] <... futex resumed>) = 1 [ 112.080198][ T5114] BTRFS info (device loop0): enabling ssd optimizations [ 112.087269][ T5114] BTRFS info (device loop0): auto enabling async discard [pid 5114] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5113] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5113] futex(0x7f8b210356dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5113] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8b20f24000 [pid 5113] mprotect(0x7f8b20f25000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5113] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5113] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8b20f44990, parent_tid=0x7f8b20f44990, exit_signal=0, stack=0x7f8b20f24000, stack_size=0x20300, tls=0x7f8b20f446c0}./strace-static-x86_64: Process 5131 attached [pid 5131] rseq(0x7f8b20f44fe0, 0x20, 0, 0x53053053) = 0 [pid 5131] set_robust_list(0x7f8b20f449a0, 24) = 0 [pid 5131] rt_sigprocmask(SIG_SETMASK, [], [pid 5113] <... clone3 resumed> => {parent_tid=[5131]}, 88) = 5131 [pid 5131] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5131] futex(0x7f8b210356d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5113] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5113] futex(0x7f8b210356d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5131] <... futex resumed>) = 0 [pid 5131] openat(AT_FDCWD, ".", O_RDONLY [pid 5113] futex(0x7f8b210356dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5131] <... openat resumed>) = 5 [pid 5131] futex(0x7f8b210356dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5113] <... futex resumed>) = 0 [pid 5131] futex(0x7f8b210356d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5113] futex(0x7f8b210356d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5131] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5113] <... futex resumed>) = 0 [pid 5131] ioctl(5, FITRIM, {start=0, len=18014398509481984, minlen=0} [ 112.144108][ T5114] BTRFS info (device loop0): balance: start -s [ 112.156081][ T5114] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5113] futex(0x7f8b210356dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 112.353386][ T5114] ------------[ cut here ]------------ [ 112.359293][ T5114] BTRFS: Transaction aborted (error -28) [ 112.378105][ T5114] WARNING: CPU: 1 PID: 5114 at fs/btrfs/volumes.c:3190 btrfs_remove_chunk+0x19f5/0x1a00 [ 112.388090][ T5114] Modules linked in: [ 112.392061][ T5114] CPU: 1 PID: 5114 Comm: syz-executor427 Not tainted 6.6.0-rc4-syzkaller-00284-gb9ddbb0cde2a #0 [ 112.402771][ T5114] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 112.412974][ T5114] RIP: 0010:btrfs_remove_chunk+0x19f5/0x1a00 [ 112.419157][ T5114] Code: e8 b0 68 5b fe e9 5c ef ff ff 4c 89 f7 e8 a3 68 5b fe e9 5d fd ff ff e8 09 77 06 fe 89 de 48 c7 c7 00 31 d7 8a e8 5b a0 cc fd <0f> 0b e9 5a fd ff ff 0f 1f 40 00 66 0f 1f 00 41 56 41 55 41 54 49 [ 112.438956][ T5114] RSP: 0018:ffffc9000366f800 EFLAGS: 00010282 [ 112.445087][ T5114] RAX: 0000000000000000 RBX: ffffffffffffffe4 RCX: 0000000000000000 [ 112.453169][ T5114] RDX: ffff888019346000 RSI: ffffffff814cf016 RDI: 0000000000000001 [ 112.461332][ T5114] RBP: ffff888063f68d00 R08: 0000000000000001 R09: 0000000000000000 [ 112.469520][ T5114] R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000001 [ 112.477664][ T5114] R13: dffffc0000000000 R14: ffff888073f21590 R15: ffff888073f21540 [ 112.485760][ T5114] FS: 00007f8b20f656c0(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 112.494744][ T5114] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 112.501512][ T5114] CR2: 00007f8b20f44d58 CR3: 000000007f03e000 CR4: 00000000003506e0 [ 112.509597][ T5114] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 112.517707][ T5114] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 112.525818][ T5114] Call Trace: [ 112.529152][ T5114] [ 112.532137][ T5114] ? show_regs+0x8f/0xa0 [ 112.536498][ T5114] ? __warn+0xe6/0x380 [ 112.540631][ T5114] ? btrfs_remove_chunk+0x19f5/0x1a00 [ 112.546135][ T5114] ? report_bug+0x3bc/0x580 [ 112.550697][ T5114] ? handle_bug+0x3c/0x70 [ 112.555072][ T5114] ? exc_invalid_op+0x17/0x40 [ 112.559917][ T5114] ? asm_exc_invalid_op+0x1a/0x20 [ 112.565015][ T5114] ? __warn_printk+0x1a6/0x350 [ 112.569904][ T5114] ? btrfs_remove_chunk+0x19f5/0x1a00 [ 112.575366][ T5114] ? btrfs_chunk_alloc_add_chunk_item+0x1080/0x1080 [ 112.582255][ T5114] ? btrfs_record_root_in_trans+0xa0/0x1b0 [ 112.588193][ T5114] btrfs_relocate_chunk+0x2b6/0x440 [ 112.593549][ T5114] btrfs_balance+0x20fc/0x3ef0 [ 112.598511][ T5114] ? btrfs_relocate_chunk+0x440/0x440 [pid 5113] exit_group(0) = ? [pid 5131] <... ioctl resumed>) = ? [pid 5131] +++ exited with 0 +++ [ 112.603965][ T5114] btrfs_ioctl+0x1362/0x5d00 [ 112.608686][ T5114] ? btrfs_ioctl_get_supported_features+0x40/0x40 [ 112.609686][ T5131] BTRFS warning (device loop0: state A): failed to trim 1 device(s), last error -4 [ 112.615156][ T5114] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 112.630590][ T5114] ? do_vfs_ioctl+0x379/0x1920 [ 112.635805][ T5114] ? vfs_fileattr_set+0xbf0/0xbf0 [ 112.640915][ T5114] ? ioctl_has_perm.constprop.0.isra.0+0x2f0/0x460 [ 112.647579][ T5114] ? ioctl_has_perm.constprop.0.isra.0+0x2f9/0x460 [ 112.654267][ T5114] ? selinux_bprm_creds_for_exec+0xb30/0xb30 [ 112.660364][ T5114] ? reacquire_held_locks+0x4b0/0x4b0 [ 112.665889][ T5114] ? selinux_file_ioctl+0x17d/0x270 [ 112.671154][ T5114] ? selinux_file_ioctl+0xb5/0x270 [ 112.676379][ T5114] ? btrfs_ioctl_get_supported_features+0x40/0x40 [ 112.682860][ T5114] __x64_sys_ioctl+0x18f/0x210 [ 112.687777][ T5114] do_syscall_64+0x38/0xb0 [ 112.692259][ T5114] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 112.698265][ T5114] RIP: 0033:0x7f8b20fa8e99 [ 112.702728][ T5114] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 112.722488][ T5114] RSP: 002b:00007f8b20f65218 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 112.731001][ T5114] RAX: ffffffffffffffda RBX: 00007f8b210356c8 RCX: 00007f8b20fa8e99 [ 112.739089][ T5114] RDX: 0000000020000480 RSI: 00000000c4009420 RDI: 0000000000000004 [ 112.747193][ T5114] RBP: 00007f8b210356c0 R08: 0000000000000000 R09: 0000000000000000 [ 112.755225][ T5114] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8b21002198 [ 112.763350][ T5114] R13: f8a86047d2558a04 R14: 0030656c69662f2e R15: 0040000000000000 [ 112.771452][ T5114] [ 112.774523][ T5114] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 112.781836][ T5114] CPU: 1 PID: 5114 Comm: syz-executor427 Not tainted 6.6.0-rc4-syzkaller-00284-gb9ddbb0cde2a #0 [ 112.792284][ T5114] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 112.802369][ T5114] Call Trace: [ 112.805669][ T5114] [ 112.808622][ T5114] dump_stack_lvl+0xd9/0x1b0 [ 112.813256][ T5114] panic+0x6a6/0x750 [ 112.817197][ T5114] ? panic_smp_self_stop+0xa0/0xa0 [ 112.822353][ T5114] ? btrfs_remove_chunk+0x19f5/0x1a00 [ 112.827778][ T5114] check_panic_on_warn+0xab/0xb0 [ 112.832760][ T5114] __warn+0xf2/0x380 [ 112.836689][ T5114] ? btrfs_remove_chunk+0x19f5/0x1a00 [ 112.842113][ T5114] report_bug+0x3bc/0x580 [ 112.846481][ T5114] handle_bug+0x3c/0x70 [ 112.850705][ T5114] exc_invalid_op+0x17/0x40 [ 112.855270][ T5114] asm_exc_invalid_op+0x1a/0x20 [ 112.860158][ T5114] RIP: 0010:btrfs_remove_chunk+0x19f5/0x1a00 [ 112.866189][ T5114] Code: e8 b0 68 5b fe e9 5c ef ff ff 4c 89 f7 e8 a3 68 5b fe e9 5d fd ff ff e8 09 77 06 fe 89 de 48 c7 c7 00 31 d7 8a e8 5b a0 cc fd <0f> 0b e9 5a fd ff ff 0f 1f 40 00 66 0f 1f 00 41 56 41 55 41 54 49 [ 112.885871][ T5114] RSP: 0018:ffffc9000366f800 EFLAGS: 00010282 [ 112.891969][ T5114] RAX: 0000000000000000 RBX: ffffffffffffffe4 RCX: 0000000000000000 [ 112.899971][ T5114] RDX: ffff888019346000 RSI: ffffffff814cf016 RDI: 0000000000000001 [ 112.907975][ T5114] RBP: ffff888063f68d00 R08: 0000000000000001 R09: 0000000000000000 [ 112.915982][ T5114] R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000001 [ 112.924000][ T5114] R13: dffffc0000000000 R14: ffff888073f21590 R15: ffff888073f21540 [ 112.932016][ T5114] ? __warn_printk+0x1a6/0x350 [ 112.936828][ T5114] ? btrfs_chunk_alloc_add_chunk_item+0x1080/0x1080 [ 112.943473][ T5114] ? btrfs_record_root_in_trans+0xa0/0x1b0 [ 112.949333][ T5114] btrfs_relocate_chunk+0x2b6/0x440 [ 112.954589][ T5114] btrfs_balance+0x20fc/0x3ef0 [ 112.959414][ T5114] ? btrfs_relocate_chunk+0x440/0x440 [ 112.964850][ T5114] btrfs_ioctl+0x1362/0x5d00 [ 112.969483][ T5114] ? btrfs_ioctl_get_supported_features+0x40/0x40 [ 112.975946][ T5114] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 112.981898][ T5114] ? do_vfs_ioctl+0x379/0x1920 [ 112.986699][ T5114] ? vfs_fileattr_set+0xbf0/0xbf0 [ 112.991762][ T5114] ? ioctl_has_perm.constprop.0.isra.0+0x2f0/0x460 [ 112.998312][ T5114] ? ioctl_has_perm.constprop.0.isra.0+0x2f9/0x460 [ 113.004862][ T5114] ? selinux_bprm_creds_for_exec+0xb30/0xb30 [ 113.010883][ T5114] ? reacquire_held_locks+0x4b0/0x4b0 [ 113.016648][ T5114] ? selinux_file_ioctl+0x17d/0x270 [ 113.021891][ T5114] ? selinux_file_ioctl+0xb5/0x270 [ 113.027045][ T5114] ? btrfs_ioctl_get_supported_features+0x40/0x40 [ 113.033505][ T5114] __x64_sys_ioctl+0x18f/0x210 [ 113.038317][ T5114] do_syscall_64+0x38/0xb0 [ 113.042802][ T5114] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 113.048740][ T5114] RIP: 0033:0x7f8b20fa8e99 [ 113.053181][ T5114] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 113.072828][ T5114] RSP: 002b:00007f8b20f65218 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 113.081303][ T5114] RAX: ffffffffffffffda RBX: 00007f8b210356c8 RCX: 00007f8b20fa8e99 [ 113.089301][ T5114] RDX: 0000000020000480 RSI: 00000000c4009420 RDI: 0000000000000004 [ 113.097303][ T5114] RBP: 00007f8b210356c0 R08: 0000000000000000 R09: 0000000000000000 [ 113.105303][ T5114] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8b21002198 [ 113.113303][ T5114] R13: f8a86047d2558a04 R14: 0030656c69662f2e R15: 0040000000000000 [ 113.121311][ T5114] [ 113.124615][ T5114] Kernel Offset: disabled [ 113.129082][ T5114] Rebooting in 86400 seconds..