./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3467466336 <...> DUID 00:04:92:3d:a4:bf:d8:99:95:1d:d2:9f:0e:34:7d:20:a7:e6 forked to background, child pid 4651 [ 34.745210][ T4652] 8021q: adding VLAN 0 to HW filter on device bond0 [ 34.774070][ T4652] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.52' (ECDSA) to the list of known hosts. execve("./syz-executor3467466336", ["./syz-executor3467466336"], 0x7fff491f1540 /* 10 vars */) = 0 brk(NULL) = 0x555555de8000 brk(0x555555de8c40) = 0x555555de8c40 arch_prctl(ARCH_SET_FS, 0x555555de8300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x555555de85d0) = 5076 set_robust_list(0x555555de85e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f8ec7906950, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f8ec7907020}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f8ec79069f0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8ec7907020}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3467466336", 4096) = 28 brk(0x555555e09c40) = 0x555555e09c40 brk(0x555555e0a000) = 0x555555e0a000 mprotect(0x7f8ec79ce000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 5076 mkdir("./syzkaller.Vl5qy1", 0700) = 0 chmod("./syzkaller.Vl5qy1", 0777) = 0 chdir("./syzkaller.Vl5qy1") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555de85d0) = 5077 ./strace-static-x86_64: Process 5077 attached [pid 5077] set_robust_list(0x555555de85e0, 24) = 0 [pid 5077] chdir("./0") = 0 [pid 5077] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5077] setpgid(0, 0) = 0 [pid 5077] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5077] write(3, "1000", 4) = 4 [pid 5077] close(3) = 0 [pid 5077] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5077] futex(0x7f8ec79d47ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8ec78d5000 [pid 5077] mprotect(0x7f8ec78d6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5077] clone(child_stack=0x7f8ec78f53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5079 attached , parent_tid=[5079], tls=0x7f8ec78f5700, child_tidptr=0x7f8ec78f59d0) = 5079 [pid 5079] set_robust_list(0x7f8ec78f59e0, 24 [pid 5077] futex(0x7f8ec79d47a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5079] <... set_robust_list resumed>) = 0 [pid 5077] <... futex resumed>) = 0 [pid 5077] futex(0x7f8ec79d47ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5079] memfd_create("syzkaller", 0) = 3 [pid 5079] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8ebf4d5000 syzkaller login: [ 60.200480][ T5079] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5079 'syz-executor346' [pid 5079] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5079] munmap(0x7f8ebf4d5000, 16777216) = 0 [pid 5079] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5079] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5079] close(3) = 0 [pid 5079] mkdir("./file0", 0777) = 0 [ 60.376925][ T5079] loop0: detected capacity change from 0 to 32768 [ 60.390174][ T5079] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor346 (5079) [ 60.411128][ T5079] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 60.420748][ T5079] BTRFS info (device loop0): force clearing of disk cache [ 60.428287][ T5079] BTRFS info (device loop0): setting nodatasum [ 60.434479][ T5079] BTRFS info (device loop0): allowing degraded mounts [ 60.441643][ T5079] BTRFS info (device loop0): enabling disk space caching [ 60.449009][ T5079] BTRFS info (device loop0): disk space caching is enabled [ 60.473059][ T5079] BTRFS info (device loop0): enabling ssd optimizations [ 60.480274][ T5079] BTRFS info (device loop0): auto enabling async discard [ 60.489518][ T5079] BTRFS info (device loop0): clearing free space tree [ 60.497083][ T5079] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 60.507308][ T5079] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5079] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5079] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5079] chdir("./file0") = 0 [pid 5079] ioctl(4, LOOP_CLR_FD) = 0 [pid 5079] close(4) = 0 [pid 5079] futex(0x7f8ec79d47ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5079] futex(0x7f8ec79d47a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5077] <... futex resumed>) = 0 [pid 5077] futex(0x7f8ec79d47a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5077] futex(0x7f8ec79d47ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] <... futex resumed>) = 0 [pid 5079] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5079] futex(0x7f8ec79d47ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5077] <... futex resumed>) = 0 [pid 5077] futex(0x7f8ec79d47a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] futex(0x7f8ec79d47ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] <... futex resumed>) = 1 [ 60.530403][ T5079] BTRFS info (device loop0): checking UUID tree [pid 5079] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5077] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5077] futex(0x7f8ec79d47bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8ec04b4000 [pid 5077] mprotect(0x7f8ec04b5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5077] clone(child_stack=0x7f8ec04d43f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5098], tls=0x7f8ec04d4700, child_tidptr=0x7f8ec04d49d0) = 5098 [pid 5077] futex(0x7f8ec79d47b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] futex(0x7f8ec79d47bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5098 attached [pid 5098] set_robust_list(0x7f8ec04d49e0, 24) = 0 [pid 5098] open("./file0", O_RDONLY) = 5 [pid 5098] futex(0x7f8ec79d47bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5077] <... futex resumed>) = 0 [pid 5098] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5077] futex(0x7f8ec79d47b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 60.578329][ T5079] BTRFS info (device loop0): balance: start -d -m -s [ 60.594090][ T5079] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5077] futex(0x7f8ec79d47bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5098] <... open resumed>) = 6 [pid 5098] futex(0x7f8ec79d47bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5077] <... futex resumed>) = 0 [pid 5098] ioctl(5, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5077] futex(0x7f8ec79d47b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] futex(0x7f8ec79d47bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5098] <... ioctl resumed>) = 0 [pid 5098] futex(0x7f8ec79d47bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5077] <... futex resumed>) = 0 [pid 5098] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5077] futex(0x7f8ec79d47b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 60.646012][ T27] audit: type=1800 audit(1673797128.437:2): pid=5098 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor346" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 60.686030][ T5079] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5077] futex(0x7f8ec79d47bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5098] <... open resumed>) = 7 [pid 5098] futex(0x7f8ec79d47bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5077] <... futex resumed>) = 0 [pid 5098] ioctl(5, BTRFS_IOC_SNAP_CREATE, {fd=6, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x02\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 5077] futex(0x7f8ec79d47b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 60.722956][ T27] audit: type=1800 audit(1673797128.507:3): pid=5098 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor346" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 60.742463][ T51] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 5077] futex(0x7f8ec79d47bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5098] <... ioctl resumed>) = 0 [pid 5098] futex(0x7f8ec79d47bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 60.871120][ T5079] BTRFS info (device loop0): found 6 extents, stage: move data extents [ 60.902028][ T5079] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 60.925073][ T5079] BTRFS info (device loop0): relocating block group 1048576 flags system [ 60.950681][ T5079] BTRFS info (device loop0): found 1 extents, stage: move data extents [pid 5098] futex(0x7f8ec79d47b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5079] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5079] futex(0x7f8ec79d47ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5077] exit_group(0 [pid 5079] <... futex resumed>) = 0 [pid 5079] futex(0x7f8ec79d47a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5098] <... futex resumed>) = ? [pid 5079] <... futex resumed>) = ? [pid 5077] <... exit_group resumed>) = ? [pid 5079] +++ exited with 0 +++ [pid 5098] +++ exited with 0 +++ [pid 5077] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5077, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=46 /* 0.46 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555de9620 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./0/binderfs") = 0 [ 60.970953][ T5079] BTRFS info (device loop0): balance: ended with status: 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555df1660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555df1660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x555555de9620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5108 attached , child_tidptr=0x555555de85d0) = 5108 [pid 5108] set_robust_list(0x555555de85e0, 24) = 0 [pid 5108] chdir("./1") = 0 [pid 5108] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5108] setpgid(0, 0) = 0 [pid 5108] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5108] write(3, "1000", 4) = 4 [pid 5108] close(3) = 0 [pid 5108] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5108] futex(0x7f8ec79d47ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5108] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8ec78d5000 [pid 5108] mprotect(0x7f8ec78d6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5108] clone(child_stack=0x7f8ec78f53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5109], tls=0x7f8ec78f5700, child_tidptr=0x7f8ec78f59d0) = 5109 [pid 5108] futex(0x7f8ec79d47a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5109 attached [pid 5108] futex(0x7f8ec79d47ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5109] set_robust_list(0x7f8ec78f59e0, 24) = 0 [pid 5109] memfd_create("syzkaller", 0) = 3 [pid 5109] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8ebf4d5000 [pid 5109] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5109] munmap(0x7f8ebf4d5000, 16777216) = 0 [pid 5109] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5109] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5109] close(3) = 0 [pid 5109] mkdir("./file0", 0777) = 0 [ 61.376373][ T5109] loop0: detected capacity change from 0 to 32768 [ 61.405081][ T5109] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 61.414588][ T5109] BTRFS info (device loop0): force clearing of disk cache [ 61.422412][ T5109] BTRFS info (device loop0): setting nodatasum [ 61.428920][ T5109] BTRFS info (device loop0): allowing degraded mounts [ 61.435879][ T5109] BTRFS info (device loop0): enabling disk space caching [ 61.444998][ T5109] BTRFS info (device loop0): disk space caching is enabled [ 61.469009][ T5109] BTRFS info (device loop0): enabling ssd optimizations [pid 5109] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5109] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5109] chdir("./file0") = 0 [pid 5109] ioctl(4, LOOP_CLR_FD) = 0 [pid 5109] close(4) = 0 [pid 5109] futex(0x7f8ec79d47ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5109] futex(0x7f8ec79d47a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5108] <... futex resumed>) = 0 [pid 5108] futex(0x7f8ec79d47a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5109] <... futex resumed>) = 0 [pid 5108] <... futex resumed>) = 1 [pid 5109] openat(AT_FDCWD, ".", O_RDONLY [pid 5108] futex(0x7f8ec79d47ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5109] <... openat resumed>) = 4 [pid 5109] futex(0x7f8ec79d47ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5108] <... futex resumed>) = 0 [pid 5109] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5108] futex(0x7f8ec79d47a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 61.476282][ T5109] BTRFS info (device loop0): auto enabling async discard [ 61.484363][ T5109] BTRFS info (device loop0): clearing free space tree [ 61.491707][ T5109] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 61.501652][ T5109] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 61.516720][ T5109] BTRFS info (device loop0): checking UUID tree [pid 5108] futex(0x7f8ec79d47ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5108] futex(0x7f8ec79d47bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5108] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8ec04b4000 [pid 5108] mprotect(0x7f8ec04b5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5108] clone(child_stack=0x7f8ec04d43f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5128], tls=0x7f8ec04d4700, child_tidptr=0x7f8ec04d49d0) = 5128 [pid 5108] futex(0x7f8ec79d47b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5108] futex(0x7f8ec79d47bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5128 attached [pid 5128] set_robust_list(0x7f8ec04d49e0, 24) = 0 [pid 5128] open("./file0", O_RDONLY) = 5 [pid 5128] futex(0x7f8ec79d47bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5108] <... futex resumed>) = 0 [pid 5128] futex(0x7f8ec79d47b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5108] futex(0x7f8ec79d47b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5128] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5108] <... futex resumed>) = 0 [pid 5128] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [ 61.539598][ T5109] BTRFS info (device loop0): balance: start -d -m -s [ 61.547588][ T5109] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 61.569702][ T5109] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5108] futex(0x7f8ec79d47bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5128] <... open resumed>) = 6 [pid 5128] futex(0x7f8ec79d47bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5108] <... futex resumed>) = 0 [pid 5128] futex(0x7f8ec79d47b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5108] futex(0x7f8ec79d47b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5128] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5108] <... futex resumed>) = 0 [pid 5128] ioctl(5, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5108] futex(0x7f8ec79d47bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5128] <... ioctl resumed>) = 0 [pid 5128] futex(0x7f8ec79d47bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5108] <... futex resumed>) = 0 [pid 5128] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5108] futex(0x7f8ec79d47b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 61.609316][ T27] audit: type=1800 audit(1673797129.397:4): pid=5128 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor346" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 61.613244][ T5109] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 5108] futex(0x7f8ec79d47bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5128] <... open resumed>) = 7 [pid 5128] futex(0x7f8ec79d47bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5108] <... futex resumed>) = 0 [pid 5108] futex(0x7f8ec79d47b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5128] ioctl(5, BTRFS_IOC_SNAP_CREATE, {fd=6, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x02\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 5108] <... futex resumed>) = 0 [ 61.663665][ T27] audit: type=1800 audit(1673797129.447:5): pid=5128 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor346" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5108] futex(0x7f8ec79d47bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5128] <... ioctl resumed>) = 0 [pid 5128] futex(0x7f8ec79d47bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5108] <... futex resumed>) = 0 [ 61.704087][ T2431] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 61.716195][ T5109] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 61.763096][ T5109] BTRFS info (device loop0): relocating block group 1048576 flags system [ 61.798416][ T5109] BTRFS info (device loop0): found 1 extents, stage: move data extents [pid 5128] futex(0x7f8ec79d47b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5109] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5109] futex(0x7f8ec79d47ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5109] futex(0x7f8ec79d47a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5108] exit_group(0 [pid 5128] <... futex resumed>) = ? [pid 5108] <... exit_group resumed>) = ? [pid 5128] +++ exited with 0 +++ [pid 5109] <... futex resumed>) = ? [pid 5109] +++ exited with 0 +++ [pid 5108] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5108, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=42 /* 0.42 s */} --- umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555de9620 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./1/binderfs") = 0 [ 61.816801][ T5109] BTRFS info (device loop0): balance: ended with status: 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555df1660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555df1660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 getdents64(3, 0x555555de9620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555de85d0) = 5131 ./strace-static-x86_64: Process 5131 attached [pid 5131] set_robust_list(0x555555de85e0, 24) = 0 [pid 5131] chdir("./2") = 0 [pid 5131] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5131] setpgid(0, 0) = 0 [pid 5131] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5131] write(3, "1000", 4) = 4 [pid 5131] close(3) = 0 [pid 5131] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5131] futex(0x7f8ec79d47ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8ec78d5000 [pid 5131] mprotect(0x7f8ec78d6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5131] clone(child_stack=0x7f8ec78f53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5132], tls=0x7f8ec78f5700, child_tidptr=0x7f8ec78f59d0) = 5132 [pid 5131] futex(0x7f8ec79d47a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] futex(0x7f8ec79d47ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5132 attached [pid 5132] set_robust_list(0x7f8ec78f59e0, 24) = 0 [pid 5132] memfd_create("syzkaller", 0) = 3 [pid 5132] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8ebf4d5000 [pid 5132] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5132] munmap(0x7f8ebf4d5000, 16777216) = 0 [pid 5132] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5132] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5132] close(3) = 0 [pid 5132] mkdir("./file0", 0777) = 0 [ 62.136417][ T5132] loop0: detected capacity change from 0 to 32768 [ 62.151094][ T5132] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 62.160448][ T5132] BTRFS info (device loop0): force clearing of disk cache [ 62.167663][ T5132] BTRFS info (device loop0): setting nodatasum [ 62.173859][ T5132] BTRFS info (device loop0): allowing degraded mounts [ 62.180746][ T5132] BTRFS info (device loop0): enabling disk space caching [ 62.187826][ T5132] BTRFS info (device loop0): disk space caching is enabled [ 62.209387][ T5132] BTRFS info (device loop0): enabling ssd optimizations [ 62.216458][ T5132] BTRFS info (device loop0): auto enabling async discard [ 62.224810][ T5132] BTRFS info (device loop0): clearing free space tree [pid 5132] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5132] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5132] chdir("./file0") = 0 [pid 5132] ioctl(4, LOOP_CLR_FD) = 0 [pid 5132] close(4) = 0 [pid 5132] futex(0x7f8ec79d47ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5131] <... futex resumed>) = 0 [pid 5131] futex(0x7f8ec79d47a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] futex(0x7f8ec79d47ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5132] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5132] futex(0x7f8ec79d47ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5131] <... futex resumed>) = 0 [pid 5131] futex(0x7f8ec79d47a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] futex(0x7f8ec79d47ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 62.231746][ T5132] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 62.241512][ T5132] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 62.256473][ T5132] BTRFS info (device loop0): checking UUID tree [pid 5132] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5131] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5131] futex(0x7f8ec79d47bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8ec04b4000 [pid 5131] mprotect(0x7f8ec04b5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5131] clone(child_stack=0x7f8ec04d43f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5151], tls=0x7f8ec04d4700, child_tidptr=0x7f8ec04d49d0) = 5151 [pid 5131] futex(0x7f8ec79d47b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] futex(0x7f8ec79d47bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5151 attached [pid 5151] set_robust_list(0x7f8ec04d49e0, 24) = 0 [pid 5151] open("./file0", O_RDONLY) = 5 [pid 5151] futex(0x7f8ec79d47bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5131] <... futex resumed>) = 0 [pid 5151] futex(0x7f8ec79d47b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5131] futex(0x7f8ec79d47b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5151] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5131] <... futex resumed>) = 0 [pid 5151] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [ 62.293614][ T5132] BTRFS info (device loop0): balance: start -d -m -s [ 62.301642][ T5132] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 62.328360][ T5132] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5131] futex(0x7f8ec79d47bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5151] <... open resumed>) = 6 [pid 5151] futex(0x7f8ec79d47bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5131] <... futex resumed>) = 0 [pid 5151] futex(0x7f8ec79d47b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5131] futex(0x7f8ec79d47b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5151] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5131] <... futex resumed>) = 0 [pid 5151] ioctl(5, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5131] futex(0x7f8ec79d47bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5151] <... ioctl resumed>) = 0 [pid 5151] futex(0x7f8ec79d47bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5131] <... futex resumed>) = 0 [pid 5151] futex(0x7f8ec79d47b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5131] futex(0x7f8ec79d47b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5151] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5131] <... futex resumed>) = 0 [pid 5151] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [ 62.361521][ T27] audit: type=1800 audit(1673797130.147:6): pid=5151 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor346" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5131] futex(0x7f8ec79d47bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5151] <... open resumed>) = 7 [pid 5151] futex(0x7f8ec79d47bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5131] <... futex resumed>) = 0 [pid 5151] futex(0x7f8ec79d47b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5131] futex(0x7f8ec79d47b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5151] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5131] <... futex resumed>) = 0 [pid 5151] ioctl(5, BTRFS_IOC_SNAP_CREATE, {fd=6, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x02\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [ 62.400063][ T27] audit: type=1800 audit(1673797130.187:7): pid=5151 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor346" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 62.427243][ T51] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 62.432595][ T5132] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 62.451295][ T5151] ------------[ cut here ]------------ [ 62.457387][ T5151] WARNING: CPU: 1 PID: 5151 at fs/btrfs/extent-tree.c:872 lookup_inline_extent_backref+0xd28/0x10e0 [ 62.468825][ T5151] Modules linked in: [ 62.472852][ T5151] CPU: 1 PID: 5151 Comm: syz-executor346 Not tainted 6.2.0-rc3-next-20230112-syzkaller #0 [ 62.483238][ T5151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 62.493709][ T5151] RIP: 0010:lookup_inline_extent_backref+0xd28/0x10e0 [pid 5131] futex(0x7f8ec79d47bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 62.500873][ T5151] Code: f9 ff ff e8 5a f6 23 fe 8b b4 24 40 01 00 00 31 ff e8 fc f2 23 fe 8b b4 24 40 01 00 00 85 f6 0f 84 10 02 00 00 e8 38 f6 23 fe <0f> 0b 41 bd fb ff ff ff e8 2b f6 23 fe 48 8b 44 24 18 48 8d 78 6a [ 62.520873][ T5151] RSP: 0018:ffffc90003f3f078 EFLAGS: 00010293 [ 62.527235][ T5151] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 62.535485][ T5151] RDX: ffff88807d5b8000 RSI: ffffffff835dc6a8 RDI: 0000000000000005 [ 62.543505][ T5151] RBP: ffffc90003f3f108 R08: 0000000000000005 R09: 0000000000000000 [ 62.551874][ T5151] R10: 0000000000000001 R11: 0000000000000000 R12: ffff888025f4cd10 [ 62.559934][ T5151] R13: 0000000000000001 R14: 0000000000001000 R15: ffff888073504a80 [ 62.568018][ T5151] FS: 00007f8ec04d4700(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 62.577212][ T5151] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 62.583824][ T5151] CR2: 00007f8ec798b0d0 CR3: 000000002a36e000 CR4: 00000000003506e0 [ 62.591904][ T5151] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 62.599955][ T5151] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 62.608038][ T5151] Call Trace: [ 62.611331][ T5151] [ 62.614272][ T5151] ? hash_extent_data_ref+0xf0/0xf0 [ 62.619547][ T5151] ? find_held_lock+0x2d/0x110 [ 62.624357][ T5151] insert_inline_extent_backref+0xb3/0x1b0 [ 62.630247][ T5151] ? lookup_inline_extent_backref+0x10e0/0x10e0 [ 62.636566][ T5151] ? rcu_read_lock_sched_held+0x3e/0x70 [ 62.642152][ T5151] __btrfs_inc_extent_ref.isra.0+0xdb/0x3e0 [ 62.648134][ T5151] ? insert_extent_data_ref+0x7b0/0x7b0 [ 62.653705][ T5151] ? lock_downgrade+0x6e0/0x6e0 [pid 5131] exit_group(0) = ? [ 62.658645][ T5151] ? _raw_read_unlock+0x28/0x40 [ 62.663538][ T5151] ? btrfs_tree_mod_log_lowest_seq+0x86/0xb0 [ 62.669679][ T5151] __btrfs_run_delayed_refs+0x1383/0x39f0 [ 62.675496][ T5151] ? check_ref_cleanup+0x3e0/0x3e0 [ 62.680616][ T5151] ? __mutex_unlock_slowpath+0x157/0x5e0 [ 62.686354][ T5151] ? wait_for_completion_io_timeout+0x20/0x20 [ 62.692469][ T5151] btrfs_run_delayed_refs+0x19a/0x490 [ 62.697908][ T5151] create_pending_snapshot+0x11ce/0x2110 [ 62.703597][ T5151] ? btrfs_clean_one_deleted_snapshot+0x390/0x390 [ 62.710135][ T5151] ? rcu_read_lock_sched_held+0x3e/0x70 [ 62.715751][ T5151] ? trace_contention_end+0x173/0x1e0 [ 62.721180][ T5151] ? __mutex_lock+0x231/0x1360 [ 62.726071][ T5151] ? btrfs_commit_transaction+0xa9e/0x36e0 [ 62.731944][ T5151] ? lock_release+0x810/0x810 [ 62.736727][ T5151] ? btrfs_commit_transaction+0x985/0x36e0 [ 62.742580][ T5151] ? rcu_read_lock_sched_held+0x3e/0x70 [ 62.748228][ T5151] ? trace_lock_acquire+0x1f1/0x290 [ 62.753458][ T5151] create_pending_snapshots+0x174/0x2c0 [ 62.759175][ T5151] btrfs_commit_transaction+0xaa6/0x36e0 [ 62.764848][ T5151] ? trace_lock_acquire+0x1f1/0x290 [ 62.770137][ T5151] ? join_transaction+0x43e/0x10e0 [ 62.775343][ T5151] ? create_pending_snapshots+0x2c0/0x2c0 [ 62.781131][ T5151] ? start_transaction+0x2aa/0x1450 [ 62.786459][ T5151] btrfs_mksubvol+0xbe8/0x14f0 [ 62.791259][ T5151] ? create_subvol+0x13f0/0x13f0 [ 62.796684][ T5151] btrfs_mksnapshot+0xaf/0xf0 [ 62.801385][ T5151] __btrfs_ioctl_snap_create+0x3c1/0x430 [ 62.807214][ T5151] btrfs_ioctl_snap_create+0x148/0x1b0 [ 62.812711][ T5151] btrfs_ioctl+0x35b/0x5900 [ 62.817278][ T5151] ? tomoyo_path_number_perm+0x166/0x570 [ 62.822945][ T5151] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 62.828864][ T5151] ? btrfs_ioctl_get_supported_features+0x50/0x50 [ 62.835376][ T5151] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 62.841295][ T5151] ? do_vfs_ioctl+0x132/0x15b0 [ 62.846153][ T5151] ? vfs_fileattr_set+0xc40/0xc40 [ 62.851242][ T5151] ? trace_lock_acquire+0x1f1/0x290 [ 62.856643][ T5151] ? do_one_initcall+0x500/0x7d0 [ 62.861620][ T5151] ? receive_fd+0x110/0x110 [ 62.866217][ T5151] ? __fget_files+0x26a/0x480 [ 62.870969][ T5151] ? bpf_lsm_file_ioctl+0x9/0x10 [ 62.876017][ T5151] ? btrfs_ioctl_get_supported_features+0x50/0x50 [ 62.882466][ T5151] __x64_sys_ioctl+0x197/0x210 [ 62.887332][ T5151] do_syscall_64+0x39/0xb0 [ 62.891800][ T5151] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 62.897781][ T5151] RIP: 0033:0x7f8ec79499f9 [ 62.902218][ T5151] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 62.921923][ T5151] RSP: 002b:00007f8ec04d42f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 62.930408][ T5151] RAX: ffffffffffffffda RBX: 00007f8ec79d47b0 RCX: 00007f8ec79499f9 [ 62.938456][ T5151] RDX: 00000000200000c0 RSI: 0000000050009401 RDI: 0000000000000005 [ 62.946473][ T5151] RBP: 00007f8ec79a126c R08: 0000000000000000 R09: 0000000000000000 [ 62.954460][ T5151] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e [ 62.962545][ T5151] R13: 00007f8ec79a0270 R14: 61635f7261656c63 R15: 00007f8ec79d47b8 [ 62.970706][ T5151] [ 62.973760][ T5151] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 62.981061][ T5151] CPU: 1 PID: 5151 Comm: syz-executor346 Not tainted 6.2.0-rc3-next-20230112-syzkaller #0 [ 62.990984][ T5151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 63.001055][ T5151] Call Trace: [ 63.004346][ T5151] [ 63.007289][ T5151] dump_stack_lvl+0xd1/0x138 [ 63.011901][ T5151] panic+0x2cc/0x626 [ 63.015832][ T5151] ? panic_print_sys_info.part.0+0x112/0x112 [ 63.021864][ T5151] ? lookup_inline_extent_backref+0xd28/0x10e0 [ 63.028040][ T5151] check_panic_on_warn.cold+0x19/0x35 [ 63.033457][ T5151] __warn+0xf2/0x1a0 [ 63.037377][ T5151] ? lookup_inline_extent_backref+0xd28/0x10e0 [ 63.043569][ T5151] report_bug+0x1c0/0x210 [ 63.047944][ T5151] handle_bug+0x3c/0x70 [ 63.052132][ T5151] exc_invalid_op+0x18/0x50 [ 63.056667][ T5151] asm_exc_invalid_op+0x1a/0x20 [ 63.061557][ T5151] RIP: 0010:lookup_inline_extent_backref+0xd28/0x10e0 [ 63.068352][ T5151] Code: f9 ff ff e8 5a f6 23 fe 8b b4 24 40 01 00 00 31 ff e8 fc f2 23 fe 8b b4 24 40 01 00 00 85 f6 0f 84 10 02 00 00 e8 38 f6 23 fe <0f> 0b 41 bd fb ff ff ff e8 2b f6 23 fe 48 8b 44 24 18 48 8d 78 6a [ 63.087979][ T5151] RSP: 0018:ffffc90003f3f078 EFLAGS: 00010293 [ 63.094073][ T5151] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 63.102054][ T5151] RDX: ffff88807d5b8000 RSI: ffffffff835dc6a8 RDI: 0000000000000005 [ 63.110055][ T5151] RBP: ffffc90003f3f108 R08: 0000000000000005 R09: 0000000000000000 [ 63.118055][ T5151] R10: 0000000000000001 R11: 0000000000000000 R12: ffff888025f4cd10 [ 63.126049][ T5151] R13: 0000000000000001 R14: 0000000000001000 R15: ffff888073504a80 [ 63.134053][ T5151] ? lookup_inline_extent_backref+0xd28/0x10e0 [ 63.140243][ T5151] ? lookup_inline_extent_backref+0xd28/0x10e0 [ 63.146437][ T5151] ? hash_extent_data_ref+0xf0/0xf0 [ 63.151663][ T5151] ? find_held_lock+0x2d/0x110 [ 63.156466][ T5151] insert_inline_extent_backref+0xb3/0x1b0 [ 63.162304][ T5151] ? lookup_inline_extent_backref+0x10e0/0x10e0 [ 63.168571][ T5151] ? rcu_read_lock_sched_held+0x3e/0x70 [ 63.174146][ T5151] __btrfs_inc_extent_ref.isra.0+0xdb/0x3e0 [ 63.180069][ T5151] ? insert_extent_data_ref+0x7b0/0x7b0 [ 63.185699][ T5151] ? lock_downgrade+0x6e0/0x6e0 [ 63.190614][ T5151] ? _raw_read_unlock+0x28/0x40 [ 63.195494][ T5151] ? btrfs_tree_mod_log_lowest_seq+0x86/0xb0 [ 63.201512][ T5151] __btrfs_run_delayed_refs+0x1383/0x39f0 [ 63.207303][ T5151] ? check_ref_cleanup+0x3e0/0x3e0 [ 63.212432][ T5151] ? __mutex_unlock_slowpath+0x157/0x5e0 [ 63.218100][ T5151] ? wait_for_completion_io_timeout+0x20/0x20 [ 63.224221][ T5151] btrfs_run_delayed_refs+0x19a/0x490 [ 63.229712][ T5151] create_pending_snapshot+0x11ce/0x2110 [ 63.235407][ T5151] ? btrfs_clean_one_deleted_snapshot+0x390/0x390 [ 63.241866][ T5151] ? rcu_read_lock_sched_held+0x3e/0x70 [ 63.247474][ T5151] ? trace_contention_end+0x173/0x1e0 [ 63.252876][ T5151] ? __mutex_lock+0x231/0x1360 [ 63.257674][ T5151] ? btrfs_commit_transaction+0xa9e/0x36e0 [ 63.263520][ T5151] ? lock_release+0x810/0x810 [ 63.268215][ T5151] ? btrfs_commit_transaction+0x985/0x36e0 [ 63.274058][ T5151] ? rcu_read_lock_sched_held+0x3e/0x70 [ 63.279620][ T5151] ? trace_lock_acquire+0x1f1/0x290 [ 63.284853][ T5151] create_pending_snapshots+0x174/0x2c0 [ 63.290447][ T5151] btrfs_commit_transaction+0xaa6/0x36e0 [ 63.296110][ T5151] ? trace_lock_acquire+0x1f1/0x290 [ 63.301340][ T5151] ? join_transaction+0x43e/0x10e0 [ 63.306484][ T5151] ? create_pending_snapshots+0x2c0/0x2c0 [ 63.312240][ T5151] ? start_transaction+0x2aa/0x1450 [ 63.317487][ T5151] btrfs_mksubvol+0xbe8/0x14f0 [ 63.322287][ T5151] ? create_subvol+0x13f0/0x13f0 [ 63.327258][ T5151] btrfs_mksnapshot+0xaf/0xf0 [ 63.331966][ T5151] __btrfs_ioctl_snap_create+0x3c1/0x430 [ 63.337632][ T5151] btrfs_ioctl_snap_create+0x148/0x1b0 [ 63.343118][ T5151] btrfs_ioctl+0x35b/0x5900 [ 63.347646][ T5151] ? tomoyo_path_number_perm+0x166/0x570 [ 63.353392][ T5151] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 63.359223][ T5151] ? btrfs_ioctl_get_supported_features+0x50/0x50 [ 63.365665][ T5151] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 63.371595][ T5151] ? do_vfs_ioctl+0x132/0x15b0 [ 63.376380][ T5151] ? vfs_fileattr_set+0xc40/0xc40 [ 63.381444][ T5151] ? trace_lock_acquire+0x1f1/0x290 [ 63.386665][ T5151] ? do_one_initcall+0x500/0x7d0 [ 63.391626][ T5151] ? receive_fd+0x110/0x110 [ 63.396155][ T5151] ? __fget_files+0x26a/0x480 [ 63.400860][ T5151] ? bpf_lsm_file_ioctl+0x9/0x10 [ 63.405823][ T5151] ? btrfs_ioctl_get_supported_features+0x50/0x50 [ 63.412271][ T5151] __x64_sys_ioctl+0x197/0x210 [ 63.417148][ T5151] do_syscall_64+0x39/0xb0 [ 63.421588][ T5151] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 63.427511][ T5151] RIP: 0033:0x7f8ec79499f9 [ 63.431947][ T5151] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 63.451574][ T5151] RSP: 002b:00007f8ec04d42f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 63.460006][ T5151] RAX: ffffffffffffffda RBX: 00007f8ec79d47b0 RCX: 00007f8ec79499f9 [ 63.467997][ T5151] RDX: 00000000200000c0 RSI: 0000000050009401 RDI: 0000000000000005 [ 63.476068][ T5151] RBP: 00007f8ec79a126c R08: 0000000000000000 R09: 0000000000000000 [ 63.484056][ T5151] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e [ 63.492044][ T5151] R13: 00007f8ec79a0270 R14: 61635f7261656c63 R15: 00007f8ec79d47b8 [ 63.500056][ T5151] [ 63.503243][ T5151] Kernel Offset: disabled [ 63.507674][ T5151] Rebooting in 86400 seconds..