./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor569306362 <...> Warning: Permanently added '10.128.0.182' (ED25519) to the list of known hosts. execve("./syz-executor569306362", ["./syz-executor569306362"], 0x7fffeba99470 /* 10 vars */) = 0 brk(NULL) = 0x5555560e7000 brk(0x5555560e7d40) = 0x5555560e7d40 arch_prctl(ARCH_SET_FS, 0x5555560e73c0) = 0 set_tid_address(0x5555560e7690) = 5037 set_robust_list(0x5555560e76a0, 24) = 0 rseq(0x5555560e7ce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor569306362", 4096) = 27 getrandom("\x6d\xdf\x5f\x23\x9a\x2d\xe9\xce", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555560e7d40 brk(0x555556108d40) = 0x555556108d40 brk(0x555556109000) = 0x555556109000 mprotect(0x7f8fe62ae000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mkdir("./syzkaller.jJPrgd", 0700) = 0 chmod("./syzkaller.jJPrgd", 0777) = 0 chdir("./syzkaller.jJPrgd") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560e7690) = 5038 ./strace-static-x86_64: Process 5038 attached [pid 5038] set_robust_list(0x5555560e76a0, 24) = 0 [pid 5038] chdir("./0") = 0 [pid 5038] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5038] setpgid(0, 0) = 0 [pid 5038] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5038] write(3, "1000", 4) = 4 [pid 5038] close(3) = 0 [pid 5038] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5038] futex(0x7f8fe62b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5038] rt_sigaction(SIGRT_1, {sa_handler=0x7f8fe624e0f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8fe623f2a0}, NULL, 8) = 0 [pid 5038] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5038] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8fe61c4000 [pid 5038] mprotect(0x7f8fe61c5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5038] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5038] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8fe61e4990, parent_tid=0x7f8fe61e4990, exit_signal=0, stack=0x7f8fe61c4000, stack_size=0x20300, tls=0x7f8fe61e46c0}./strace-static-x86_64: Process 5039 attached [pid 5039] rseq(0x7f8fe61e4fe0, 0x20, 0, 0x53053053) = 0 [pid 5039] set_robust_list(0x7f8fe61e49a0, 24) = 0 [pid 5038] <... clone3 resumed> => {parent_tid=[5039]}, 88) = 5039 [pid 5039] rt_sigprocmask(SIG_SETMASK, [], [pid 5038] rt_sigprocmask(SIG_SETMASK, [], [pid 5039] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5039] futex(0x7f8fe62b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5038] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5038] futex(0x7f8fe62b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5039] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5038] futex(0x7f8fe62b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5039] memfd_create("syzkaller", 0) = 3 [pid 5039] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8fdddc4000 syzkaller login: [ 76.767290][ T5039] syz-executor569[5039]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [pid 5039] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5039] munmap(0x7f8fdddc4000, 138412032) = 0 [pid 5039] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5039] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5039] close(3) = 0 [pid 5039] mkdir("./bus", 0777) = 0 [ 76.982660][ T5039] loop0: detected capacity change from 0 to 32768 [ 76.996028][ T5039] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor569 (5039) [ 77.016950][ T5039] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 77.026092][ T5039] BTRFS info (device loop0): doing ref verification [ 77.033248][ T5039] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 77.044906][ T5039] BTRFS info (device loop0): force zlib compression, level 3 [ 77.052415][ T5039] BTRFS info (device loop0): allowing degraded mounts [ 77.059678][ T5039] BTRFS info (device loop0): using free space tree [pid 5039] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5039] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5039] chdir("./bus") = 0 [pid 5039] ioctl(4, LOOP_CLR_FD) = 0 [pid 5039] close(4) = 0 [pid 5039] futex(0x7f8fe62b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5038] <... futex resumed>) = 0 [pid 5039] futex(0x7f8fe62b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5038] futex(0x7f8fe62b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5039] <... futex resumed>) = 0 [pid 5038] <... futex resumed>) = 1 [pid 5039] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [ 77.092757][ T5039] BTRFS info (device loop0): auto enabling async discard [pid 5038] futex(0x7f8fe62b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5039] <... open resumed>) = 4 [pid 5039] futex(0x7f8fe62b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5038] <... futex resumed>) = 0 [pid 5039] futex(0x7f8fe62b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5038] futex(0x7f8fe62b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5039] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5038] <... futex resumed>) = 0 [pid 5039] fallocate(4, 0, 0, 1048820 [pid 5038] futex(0x7f8fe62b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5039] <... fallocate resumed>) = 0 [pid 5039] futex(0x7f8fe62b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5038] <... futex resumed>) = 0 [pid 5038] futex(0x7f8fe62b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5038] futex(0x7f8fe62b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5039] open(".", O_RDONLY) = 5 [pid 5039] futex(0x7f8fe62b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5038] <... futex resumed>) = 0 [pid 5039] futex(0x7f8fe62b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5038] futex(0x7f8fe62b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5039] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5039] open(".", O_RDONLY [pid 5038] <... futex resumed>) = 0 [pid 5038] futex(0x7f8fe62b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5039] <... open resumed>) = 6 [pid 5039] futex(0x7f8fe62b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5039] futex(0x7f8fe62b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5038] <... futex resumed>) = 0 [pid 5038] futex(0x7f8fe62b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5039] <... futex resumed>) = 0 [pid 5038] <... futex resumed>) = 1 [pid 5039] ioctl(6, FITRIM, {start=0, len=4294983680, minlen=0} [pid 5038] futex(0x7f8fe62b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5038] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8fe61a3000 [pid 5038] mprotect(0x7f8fe61a4000, 131072, PROT_READ|PROT_WRITE) = 0 [ 77.135259][ T29] audit: type=1800 audit(1696666230.946:2): pid=5039 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor569" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5038] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5038] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8fe61c3990, parent_tid=0x7f8fe61c3990, exit_signal=0, stack=0x7f8fe61a3000, stack_size=0x20300, tls=0x7f8fe61c36c0}./strace-static-x86_64: Process 5057 attached [pid 5057] rseq(0x7f8fe61c3fe0, 0x20, 0, 0x53053053) = 0 [pid 5038] <... clone3 resumed> => {parent_tid=[5057]}, 88) = 5057 [pid 5057] set_robust_list(0x7f8fe61c39a0, 24 [pid 5038] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5038] futex(0x7f8fe62b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5057] <... set_robust_list resumed>) = 0 [pid 5038] futex(0x7f8fe62b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5057] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5057] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0}) = 0 [pid 5057] futex(0x7f8fe62b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5038] <... futex resumed>) = 0 [pid 5057] futex(0x7f8fe62b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5038] futex(0x7f8fe62b46d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5057] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5038] <... futex resumed>) = 0 [pid 5057] ftruncate(-1, 0 [pid 5038] futex(0x7f8fe62b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5057] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5057] futex(0x7f8fe62b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5038] <... futex resumed>) = 0 [pid 5057] futex(0x7f8fe62b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5039] <... ioctl resumed>) = 0 [pid 5039] futex(0x7f8fe62b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5039] futex(0x7f8fe62b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5038] exit_group(0 [pid 5057] <... futex resumed>) = ? [pid 5039] <... futex resumed>) = ? [pid 5057] +++ exited with 0 +++ [pid 5039] +++ exited with 0 +++ [pid 5038] <... exit_group resumed>) = ? [pid 5038] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5038, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=32 /* 0.32 s */} --- umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560e8730 /* 4 entries */, 32768) = 104 umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555560f0770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555560f0770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/bus") = 0 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 getdents64(3, 0x5555560e8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5059 attached , child_tidptr=0x5555560e7690) = 5059 [pid 5059] set_robust_list(0x5555560e76a0, 24) = 0 [pid 5059] chdir("./1") = 0 [pid 5059] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] setpgid(0, 0) = 0 [pid 5059] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5059] write(3, "1000", 4) = 4 [pid 5059] close(3) = 0 [pid 5059] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5059] futex(0x7f8fe62b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5059] rt_sigaction(SIGRT_1, {sa_handler=0x7f8fe624e0f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8fe623f2a0}, NULL, 8) = 0 [pid 5059] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5059] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8fe61c4000 [pid 5059] mprotect(0x7f8fe61c5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5059] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5059] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8fe61e4990, parent_tid=0x7f8fe61e4990, exit_signal=0, stack=0x7f8fe61c4000, stack_size=0x20300, tls=0x7f8fe61e46c0} => {parent_tid=[5060]}, 88) = 5060 [pid 5059] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5059] futex(0x7f8fe62b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5059] futex(0x7f8fe62b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5060 attached [pid 5060] rseq(0x7f8fe61e4fe0, 0x20, 0, 0x53053053) = 0 [pid 5060] set_robust_list(0x7f8fe61e49a0, 24) = 0 [pid 5060] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5060] memfd_create("syzkaller", 0) = 3 [pid 5060] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8fdddc4000 [pid 5060] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5060] munmap(0x7f8fdddc4000, 138412032) = 0 [pid 5060] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5060] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5060] close(3) = 0 [pid 5060] mkdir("./bus", 0777) = 0 [ 77.704079][ T5060] loop0: detected capacity change from 0 to 32768 [ 77.714879][ T5060] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor569 (5060) [ 77.732220][ T5060] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 77.741207][ T5060] BTRFS info (device loop0): doing ref verification [pid 5060] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5060] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5060] chdir("./bus") = 0 [pid 5060] ioctl(4, LOOP_CLR_FD) = 0 [pid 5060] close(4) = 0 [pid 5060] futex(0x7f8fe62b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5060] futex(0x7f8fe62b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5059] <... futex resumed>) = 0 [pid 5059] futex(0x7f8fe62b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5060] <... futex resumed>) = 0 [pid 5059] <... futex resumed>) = 1 [pid 5060] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [ 77.747868][ T5060] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 77.758778][ T5060] BTRFS info (device loop0): force zlib compression, level 3 [ 77.766201][ T5060] BTRFS info (device loop0): allowing degraded mounts [ 77.773485][ T5060] BTRFS info (device loop0): using free space tree [ 77.796692][ T5060] BTRFS info (device loop0): auto enabling async discard [pid 5059] futex(0x7f8fe62b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5060] <... open resumed>) = 4 [pid 5060] futex(0x7f8fe62b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5059] <... futex resumed>) = 0 [pid 5060] futex(0x7f8fe62b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5059] futex(0x7f8fe62b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5060] <... futex resumed>) = 0 [pid 5059] <... futex resumed>) = 1 [pid 5060] fallocate(4, 0, 0, 1048820 [pid 5059] futex(0x7f8fe62b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5060] <... fallocate resumed>) = 0 [pid 5060] futex(0x7f8fe62b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5059] <... futex resumed>) = 0 [pid 5060] futex(0x7f8fe62b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5059] futex(0x7f8fe62b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5060] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5059] <... futex resumed>) = 0 [pid 5060] open(".", O_RDONLY [pid 5059] futex(0x7f8fe62b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5060] <... open resumed>) = 5 [pid 5060] futex(0x7f8fe62b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5059] <... futex resumed>) = 0 [pid 5059] futex(0x7f8fe62b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5059] futex(0x7f8fe62b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5060] <... futex resumed>) = 1 [pid 5060] open(".", O_RDONLY) = 6 [pid 5060] futex(0x7f8fe62b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5059] <... futex resumed>) = 0 [pid 5059] futex(0x7f8fe62b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5059] futex(0x7f8fe62b46dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5060] <... futex resumed>) = 1 [pid 5059] <... futex resumed>) = 0 [pid 5060] ioctl(6, FITRIM, {start=0, len=4294983680, minlen=0} [pid 5059] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8fe61a3000 [pid 5059] mprotect(0x7f8fe61a4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5059] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5059] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8fe61c3990, parent_tid=0x7f8fe61c3990, exit_signal=0, stack=0x7f8fe61a3000, stack_size=0x20300, tls=0x7f8fe61c36c0}./strace-static-x86_64: Process 5077 attached [pid 5077] rseq(0x7f8fe61c3fe0, 0x20, 0, 0x53053053) = 0 [pid 5077] set_robust_list(0x7f8fe61c39a0, 24 [pid 5059] <... clone3 resumed> => {parent_tid=[5077]}, 88) = 5077 [pid 5077] <... set_robust_list resumed>) = 0 [pid 5059] rt_sigprocmask(SIG_SETMASK, [], [pid 5077] rt_sigprocmask(SIG_SETMASK, [], [pid 5059] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5077] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 77.825566][ T29] audit: type=1800 audit(1696666231.636:3): pid=5060 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor569" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5059] futex(0x7f8fe62b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 5059] futex(0x7f8fe62b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5060] <... ioctl resumed>) = 0 [pid 5060] futex(0x7f8fe62b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5059] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5060] <... futex resumed>) = 0 [pid 5059] futex(0x7f8fe62b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5060] ftruncate(-1, 0 [pid 5059] <... futex resumed>) = 0 [pid 5060] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5059] futex(0x7f8fe62b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5060] futex(0x7f8fe62b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5059] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5060] <... futex resumed>) = 0 [pid 5060] futex(0x7f8fe62b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5077] <... ioctl resumed>) = 0 [pid 5077] futex(0x7f8fe62b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] futex(0x7f8fe62b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5059] exit_group(0) = ? [pid 5060] <... futex resumed>) = ? [pid 5077] <... futex resumed>) = ? [pid 5060] +++ exited with 0 +++ [pid 5077] +++ exited with 0 +++ [pid 5059] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5059, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=26 /* 0.26 s */} --- umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560e8730 /* 4 entries */, 32768) = 104 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555560f0770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555560f0770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/bus") = 0 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 getdents64(3, 0x5555560e8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5078 attached , child_tidptr=0x5555560e7690) = 5078 [pid 5078] set_robust_list(0x5555560e76a0, 24) = 0 [pid 5078] chdir("./2") = 0 [pid 5078] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5078] setpgid(0, 0) = 0 [pid 5078] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5078] write(3, "1000", 4) = 4 [pid 5078] close(3) = 0 [pid 5078] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5078] futex(0x7f8fe62b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5078] rt_sigaction(SIGRT_1, {sa_handler=0x7f8fe624e0f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8fe623f2a0}, NULL, 8) = 0 [pid 5078] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5078] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8fe61c4000 [pid 5078] mprotect(0x7f8fe61c5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5078] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5078] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8fe61e4990, parent_tid=0x7f8fe61e4990, exit_signal=0, stack=0x7f8fe61c4000, stack_size=0x20300, tls=0x7f8fe61e46c0}./strace-static-x86_64: Process 5079 attached => {parent_tid=[5079]}, 88) = 5079 [pid 5079] rseq(0x7f8fe61e4fe0, 0x20, 0, 0x53053053 [pid 5078] rt_sigprocmask(SIG_SETMASK, [], [pid 5079] <... rseq resumed>) = 0 [pid 5079] set_robust_list(0x7f8fe61e49a0, 24 [pid 5078] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5079] <... set_robust_list resumed>) = 0 [pid 5078] futex(0x7f8fe62b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5079] rt_sigprocmask(SIG_SETMASK, [], [pid 5078] <... futex resumed>) = 0 [pid 5079] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5078] futex(0x7f8fe62b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5079] memfd_create("syzkaller", 0) = 3 [pid 5079] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8fdddc4000 [pid 5079] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5079] munmap(0x7f8fdddc4000, 138412032) = 0 [pid 5079] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5079] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5079] close(3) = 0 [pid 5079] mkdir("./bus", 0777) = 0 [ 78.338995][ T5079] loop0: detected capacity change from 0 to 32768 [ 78.350109][ T5079] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor569 (5079) [ 78.366319][ T5079] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 78.375516][ T5079] BTRFS info (device loop0): doing ref verification [ 78.382261][ T5079] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 78.393199][ T5079] BTRFS info (device loop0): force zlib compression, level 3 [ 78.400722][ T5079] BTRFS info (device loop0): allowing degraded mounts [ 78.407526][ T5079] BTRFS info (device loop0): using free space tree [pid 5079] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5079] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5079] chdir("./bus") = 0 [pid 5079] ioctl(4, LOOP_CLR_FD) = 0 [pid 5079] close(4) = 0 [pid 5079] futex(0x7f8fe62b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5078] <... futex resumed>) = 0 [pid 5078] futex(0x7f8fe62b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5079] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5078] <... futex resumed>) = 0 [pid 5078] futex(0x7f8fe62b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] <... open resumed>) = 4 [pid 5079] futex(0x7f8fe62b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5079] futex(0x7f8fe62b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5078] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5078] futex(0x7f8fe62b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5079] <... futex resumed>) = 0 [pid 5079] fallocate(4, 0, 0, 1048820 [pid 5078] futex(0x7f8fe62b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] <... fallocate resumed>) = 0 [pid 5079] futex(0x7f8fe62b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5078] <... futex resumed>) = 0 [pid 5078] futex(0x7f8fe62b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5078] futex(0x7f8fe62b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] open(".", O_RDONLY) = 5 [pid 5079] futex(0x7f8fe62b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5078] <... futex resumed>) = 0 [pid 5078] futex(0x7f8fe62b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5078] futex(0x7f8fe62b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] open(".", O_RDONLY) = 6 [pid 5079] futex(0x7f8fe62b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5078] <... futex resumed>) = 0 [pid 5078] futex(0x7f8fe62b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5078] futex(0x7f8fe62b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5078] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8fe61a3000 [pid 5078] mprotect(0x7f8fe61a4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5078] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5078] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8fe61c3990, parent_tid=0x7f8fe61c3990, exit_signal=0, stack=0x7f8fe61a3000, stack_size=0x20300, tls=0x7f8fe61c36c0}./strace-static-x86_64: Process 5095 attached [pid 5079] ioctl(6, FITRIM, {start=0, len=4294983680, minlen=0} [pid 5078] <... clone3 resumed> => {parent_tid=[5095]}, 88) = 5095 [pid 5078] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5078] futex(0x7f8fe62b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5078] futex(0x7f8fe62b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5095] rseq(0x7f8fe61c3fe0, 0x20, 0, 0x53053053) = 0 [pid 5095] set_robust_list(0x7f8fe61c39a0, 24) = 0 [pid 5095] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 78.430821][ T5079] BTRFS info (device loop0): auto enabling async discard [ 78.455372][ T29] audit: type=1800 audit(1696666232.266:4): pid=5079 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor569" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5095] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 5078] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5078] futex(0x7f8fe62b46ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5078] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8fe6182000 [pid 5078] mprotect(0x7f8fe6183000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5078] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5078] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8fe61a2990, parent_tid=0x7f8fe61a2990, exit_signal=0, stack=0x7f8fe6182000, stack_size=0x20300, tls=0x7f8fe61a26c0}./strace-static-x86_64: Process 5097 attached => {parent_tid=[5097]}, 88) = 5097 [pid 5078] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5078] futex(0x7f8fe62b46e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5078] futex(0x7f8fe62b46ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5097] rseq(0x7f8fe61a2fe0, 0x20, 0, 0x53053053) = 0 [pid 5097] set_robust_list(0x7f8fe61a29a0, 24) = 0 [pid 5097] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5097] ftruncate(-1, 0) = -1 EBADF (Bad file descriptor) [pid 5097] futex(0x7f8fe62b46ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5078] <... futex resumed>) = 0 [pid 5097] futex(0x7f8fe62b46e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5095] <... ioctl resumed>) = 0 [pid 5095] futex(0x7f8fe62b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5095] futex(0x7f8fe62b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5079] <... ioctl resumed>) = 0 [pid 5079] futex(0x7f8fe62b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5079] futex(0x7f8fe62b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5078] exit_group(0 [pid 5097] <... futex resumed>) = ? [pid 5095] <... futex resumed>) = ? [pid 5079] <... futex resumed>) = ? [pid 5078] <... exit_group resumed>) = ? [pid 5097] +++ exited with 0 +++ [pid 5095] +++ exited with 0 +++ [pid 5079] +++ exited with 0 +++ [pid 5078] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5078, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=24 /* 0.24 s */} --- umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560e8730 /* 4 entries */, 32768) = 104 umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555560f0770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555560f0770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/bus") = 0 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 getdents64(3, 0x5555560e8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5098 attached , child_tidptr=0x5555560e7690) = 5098 [pid 5098] set_robust_list(0x5555560e76a0, 24) = 0 [pid 5098] chdir("./3") = 0 [pid 5098] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5098] setpgid(0, 0) = 0 [pid 5098] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5098] write(3, "1000", 4) = 4 [pid 5098] close(3) = 0 [pid 5098] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5098] futex(0x7f8fe62b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5098] rt_sigaction(SIGRT_1, {sa_handler=0x7f8fe624e0f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8fe623f2a0}, NULL, 8) = 0 [pid 5098] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5098] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8fe61c4000 [pid 5098] mprotect(0x7f8fe61c5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5098] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5098] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8fe61e4990, parent_tid=0x7f8fe61e4990, exit_signal=0, stack=0x7f8fe61c4000, stack_size=0x20300, tls=0x7f8fe61e46c0}./strace-static-x86_64: Process 5099 attached => {parent_tid=[5099]}, 88) = 5099 [pid 5099] rseq(0x7f8fe61e4fe0, 0x20, 0, 0x53053053) = 0 [pid 5098] rt_sigprocmask(SIG_SETMASK, [], [pid 5099] set_robust_list(0x7f8fe61e49a0, 24 [pid 5098] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5099] <... set_robust_list resumed>) = 0 [pid 5098] futex(0x7f8fe62b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5099] rt_sigprocmask(SIG_SETMASK, [], [pid 5098] <... futex resumed>) = 0 [pid 5099] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5098] futex(0x7f8fe62b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5099] memfd_create("syzkaller", 0) = 3 [pid 5099] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8fdddc4000 [pid 5099] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5099] munmap(0x7f8fdddc4000, 138412032) = 0 [pid 5099] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5099] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5099] close(3) = 0 [pid 5099] mkdir("./bus", 0777) = 0 [ 78.952439][ T5099] loop0: detected capacity change from 0 to 32768 [ 78.962994][ T5099] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor569 (5099) [ 78.981323][ T5099] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 78.990479][ T5099] BTRFS info (device loop0): doing ref verification [ 78.997365][ T5099] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 79.009004][ T5099] BTRFS info (device loop0): force zlib compression, level 3 [ 79.017160][ T5099] BTRFS info (device loop0): allowing degraded mounts [ 79.024494][ T5099] BTRFS info (device loop0): using free space tree [pid 5099] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5099] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5099] chdir("./bus") = 0 [pid 5099] ioctl(4, LOOP_CLR_FD) = 0 [pid 5099] close(4) = 0 [pid 5099] futex(0x7f8fe62b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5098] <... futex resumed>) = 0 [pid 5099] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5098] futex(0x7f8fe62b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5099] <... open resumed>) = 4 [pid 5099] futex(0x7f8fe62b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5099] futex(0x7f8fe62b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5098] futex(0x7f8fe62b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5098] futex(0x7f8fe62b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5099] <... futex resumed>) = 0 [pid 5099] fallocate(4, 0, 0, 1048820 [pid 5098] futex(0x7f8fe62b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5099] <... fallocate resumed>) = 0 [pid 5099] futex(0x7f8fe62b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5098] <... futex resumed>) = 0 [pid 5099] open(".", O_RDONLY [pid 5098] futex(0x7f8fe62b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5099] <... open resumed>) = 5 [pid 5098] <... futex resumed>) = 0 [pid 5099] futex(0x7f8fe62b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5098] futex(0x7f8fe62b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5099] <... futex resumed>) = 0 [pid 5098] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5099] futex(0x7f8fe62b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5098] futex(0x7f8fe62b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5099] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5098] <... futex resumed>) = 0 [pid 5099] open(".", O_RDONLY) = 6 [pid 5099] futex(0x7f8fe62b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5099] futex(0x7f8fe62b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5098] futex(0x7f8fe62b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5098] futex(0x7f8fe62b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5099] <... futex resumed>) = 0 [pid 5098] <... futex resumed>) = 1 [pid 5099] ioctl(6, FITRIM, {start=0, len=4294983680, minlen=0} [pid 5098] futex(0x7f8fe62b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5098] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8fe61a3000 [pid 5098] mprotect(0x7f8fe61a4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5098] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5098] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8fe61c3990, parent_tid=0x7f8fe61c3990, exit_signal=0, stack=0x7f8fe61a3000, stack_size=0x20300, tls=0x7f8fe61c36c0} => {parent_tid=[5116]}, 88) = 5116 [pid 5098] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5098] futex(0x7f8fe62b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5098] futex(0x7f8fe62b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5116 attached [pid 5116] rseq(0x7f8fe61c3fe0, 0x20, 0, 0x53053053) = 0 [pid 5116] set_robust_list(0x7f8fe61c39a0, 24) = 0 [pid 5116] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 79.048576][ T5099] BTRFS info (device loop0): auto enabling async discard [ 79.066271][ T29] audit: type=1800 audit(1696666232.876:5): pid=5099 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor569" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5116] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 5098] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5098] futex(0x7f8fe62b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5098] futex(0x7f8fe62b46ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5098] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8fe6182000 [pid 5098] mprotect(0x7f8fe6183000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5098] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5116] <... ioctl resumed>) = 0 [pid 5116] futex(0x7f8fe62b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5116] futex(0x7f8fe62b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5098] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8fe61a2990, parent_tid=0x7f8fe61a2990, exit_signal=0, stack=0x7f8fe6182000, stack_size=0x20300, tls=0x7f8fe61a26c0}./strace-static-x86_64: Process 5117 attached => {parent_tid=[5117]}, 88) = 5117 [pid 5098] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5098] futex(0x7f8fe62b46e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5098] futex(0x7f8fe62b46ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5117] rseq(0x7f8fe61a2fe0, 0x20, 0, 0x53053053) = 0 [pid 5117] set_robust_list(0x7f8fe61a29a0, 24) = 0 [pid 5117] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5117] ftruncate(-1, 0) = -1 EBADF (Bad file descriptor) [pid 5117] futex(0x7f8fe62b46ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5098] <... futex resumed>) = 0 [pid 5117] futex(0x7f8fe62b46e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5099] <... ioctl resumed>) = 0 [pid 5099] futex(0x7f8fe62b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5098] exit_group(0 [pid 5099] <... futex resumed>) = 231 [pid 5117] <... futex resumed>) = ? [pid 5116] <... futex resumed>) = ? [pid 5099] +++ exited with 0 +++ [pid 5098] <... exit_group resumed>) = ? [pid 5117] +++ exited with 0 +++ [pid 5116] +++ exited with 0 +++ [pid 5098] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5098, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560e8730 /* 4 entries */, 32768) = 104 umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555560f0770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555560f0770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/bus") = 0 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 getdents64(3, 0x5555560e8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560e7690) = 5118 ./strace-static-x86_64: Process 5118 attached [pid 5118] set_robust_list(0x5555560e76a0, 24) = 0 [pid 5118] chdir("./4") = 0 [pid 5118] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5118] setpgid(0, 0) = 0 [pid 5118] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5118] write(3, "1000", 4) = 4 [pid 5118] close(3) = 0 [pid 5118] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5118] futex(0x7f8fe62b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5118] rt_sigaction(SIGRT_1, {sa_handler=0x7f8fe624e0f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8fe623f2a0}, NULL, 8) = 0 [pid 5118] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5118] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8fe61c4000 [pid 5118] mprotect(0x7f8fe61c5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5118] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5118] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8fe61e4990, parent_tid=0x7f8fe61e4990, exit_signal=0, stack=0x7f8fe61c4000, stack_size=0x20300, tls=0x7f8fe61e46c0}./strace-static-x86_64: Process 5119 attached => {parent_tid=[5119]}, 88) = 5119 [pid 5118] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5118] futex(0x7f8fe62b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5118] futex(0x7f8fe62b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5119] rseq(0x7f8fe61e4fe0, 0x20, 0, 0x53053053) = 0 [pid 5119] set_robust_list(0x7f8fe61e49a0, 24) = 0 [pid 5119] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5119] memfd_create("syzkaller", 0) = 3 [pid 5119] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8fdddc4000 [pid 5119] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5119] munmap(0x7f8fdddc4000, 138412032) = 0 [pid 5119] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5119] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5119] close(3) = 0 [pid 5119] mkdir("./bus", 0777) = 0 [ 79.591790][ T5119] loop0: detected capacity change from 0 to 32768 [ 79.602522][ T5119] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor569 (5119) [ 79.618709][ T5119] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 79.627551][ T5119] BTRFS info (device loop0): doing ref verification [ 79.634252][ T5119] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 79.645233][ T5119] BTRFS info (device loop0): force zlib compression, level 3 [ 79.652729][ T5119] BTRFS info (device loop0): allowing degraded mounts [ 79.659647][ T5119] BTRFS info (device loop0): using free space tree [pid 5119] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5119] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5119] chdir("./bus") = 0 [pid 5119] ioctl(4, LOOP_CLR_FD) = 0 [pid 5119] close(4) = 0 [pid 5119] futex(0x7f8fe62b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5118] <... futex resumed>) = 0 [pid 5119] futex(0x7f8fe62b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5118] futex(0x7f8fe62b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5119] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5118] <... futex resumed>) = 0 [pid 5119] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5118] futex(0x7f8fe62b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5119] <... open resumed>) = 4 [pid 5119] futex(0x7f8fe62b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5119] futex(0x7f8fe62b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5118] <... futex resumed>) = 0 [pid 5118] futex(0x7f8fe62b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5119] <... futex resumed>) = 0 [pid 5118] <... futex resumed>) = 1 [pid 5119] fallocate(4, 0, 0, 1048820 [pid 5118] futex(0x7f8fe62b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5119] <... fallocate resumed>) = 0 [pid 5119] futex(0x7f8fe62b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5118] <... futex resumed>) = 0 [pid 5119] open(".", O_RDONLY [pid 5118] futex(0x7f8fe62b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5119] <... open resumed>) = 5 [pid 5119] futex(0x7f8fe62b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5118] <... futex resumed>) = 0 [pid 5119] <... futex resumed>) = 0 [pid 5118] futex(0x7f8fe62b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5119] futex(0x7f8fe62b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5118] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5119] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5118] futex(0x7f8fe62b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5119] open(".", O_RDONLY [pid 5118] <... futex resumed>) = 0 [pid 5119] <... open resumed>) = 6 [pid 5119] futex(0x7f8fe62b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5118] futex(0x7f8fe62b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5119] <... futex resumed>) = 0 [pid 5118] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5119] futex(0x7f8fe62b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5118] futex(0x7f8fe62b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5119] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5118] <... futex resumed>) = 0 [pid 5119] ioctl(6, FITRIM, {start=0, len=4294983680, minlen=0} [pid 5118] futex(0x7f8fe62b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5118] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8fe61a3000 [pid 5118] mprotect(0x7f8fe61a4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5118] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5118] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8fe61c3990, parent_tid=0x7f8fe61c3990, exit_signal=0, stack=0x7f8fe61a3000, stack_size=0x20300, tls=0x7f8fe61c36c0} => {parent_tid=[5136]}, 88) = 5136 [pid 5118] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5118] futex(0x7f8fe62b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5118] futex(0x7f8fe62b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5136 attached [pid 5136] rseq(0x7f8fe61c3fe0, 0x20, 0, 0x53053053) = 0 [pid 5136] set_robust_list(0x7f8fe61c39a0, 24) = 0 [pid 5136] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 79.683063][ T5119] BTRFS info (device loop0): auto enabling async discard [ 79.712016][ T29] audit: type=1800 audit(1696666233.526:6): pid=5119 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor569" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5136] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 5118] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5118] futex(0x7f8fe62b46ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5118] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8fe6182000 [pid 5118] mprotect(0x7f8fe6183000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5118] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5118] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8fe61a2990, parent_tid=0x7f8fe61a2990, exit_signal=0, stack=0x7f8fe6182000, stack_size=0x20300, tls=0x7f8fe61a26c0}./strace-static-x86_64: Process 5137 attached => {parent_tid=[5137]}, 88) = 5137 [pid 5118] rt_sigprocmask(SIG_SETMASK, [], [pid 5137] rseq(0x7f8fe61a2fe0, 0x20, 0, 0x53053053 [pid 5118] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5137] <... rseq resumed>) = 0 [pid 5118] futex(0x7f8fe62b46e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5137] set_robust_list(0x7f8fe61a29a0, 24 [pid 5118] <... futex resumed>) = 0 [pid 5118] futex(0x7f8fe62b46ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5137] <... set_robust_list resumed>) = 0 [pid 5137] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5137] ftruncate(-1, 0) = -1 EBADF (Bad file descriptor) [pid 5137] futex(0x7f8fe62b46ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5118] <... futex resumed>) = 0 [pid 5137] futex(0x7f8fe62b46e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5136] <... ioctl resumed>) = 0 [pid 5136] futex(0x7f8fe62b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5136] futex(0x7f8fe62b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5119] <... ioctl resumed>) = 0 [pid 5119] futex(0x7f8fe62b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5118] exit_group(0 [pid 5137] <... futex resumed>) = ? [pid 5136] <... futex resumed>) = ? [pid 5118] <... exit_group resumed>) = ? [pid 5137] +++ exited with 0 +++ [pid 5136] +++ exited with 0 +++ [pid 5119] <... futex resumed>) = ? [pid 5119] +++ exited with 0 +++ [pid 5118] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5118, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=30 /* 0.30 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560e8730 /* 4 entries */, 32768) = 104 umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555560f0770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555560f0770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/bus") = 0 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 getdents64(3, 0x5555560e8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5138 attached , child_tidptr=0x5555560e7690) = 5138 [pid 5138] set_robust_list(0x5555560e76a0, 24) = 0 [pid 5138] chdir("./5") = 0 [pid 5138] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5138] setpgid(0, 0) = 0 [pid 5138] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5138] write(3, "1000", 4) = 4 [pid 5138] close(3) = 0 [pid 5138] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5138] futex(0x7f8fe62b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5138] rt_sigaction(SIGRT_1, {sa_handler=0x7f8fe624e0f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8fe623f2a0}, NULL, 8) = 0 [pid 5138] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5138] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8fe61c4000 [pid 5138] mprotect(0x7f8fe61c5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5138] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5138] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8fe61e4990, parent_tid=0x7f8fe61e4990, exit_signal=0, stack=0x7f8fe61c4000, stack_size=0x20300, tls=0x7f8fe61e46c0}./strace-static-x86_64: Process 5139 attached [pid 5139] rseq(0x7f8fe61e4fe0, 0x20, 0, 0x53053053 [pid 5138] <... clone3 resumed> => {parent_tid=[5139]}, 88) = 5139 [pid 5139] <... rseq resumed>) = 0 [pid 5139] set_robust_list(0x7f8fe61e49a0, 24 [pid 5138] rt_sigprocmask(SIG_SETMASK, [], [pid 5139] <... set_robust_list resumed>) = 0 [pid 5139] rt_sigprocmask(SIG_SETMASK, [], [pid 5138] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5139] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5139] futex(0x7f8fe62b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5138] futex(0x7f8fe62b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5139] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5138] <... futex resumed>) = 0 [pid 5139] memfd_create("syzkaller", 0 [pid 5138] futex(0x7f8fe62b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5139] <... memfd_create resumed>) = 3 [pid 5139] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8fdddc4000 [pid 5139] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5139] munmap(0x7f8fdddc4000, 138412032) = 0 [pid 5139] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5139] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5139] close(3) = 0 [pid 5139] mkdir("./bus", 0777) = 0 [ 80.225046][ T5139] loop0: detected capacity change from 0 to 32768 [ 80.236163][ T5139] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor569 (5139) [ 80.253344][ T5139] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 80.262912][ T5139] BTRFS info (device loop0): doing ref verification [ 80.269663][ T5139] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 80.280600][ T5139] BTRFS info (device loop0): force zlib compression, level 3 [ 80.288023][ T5139] BTRFS info (device loop0): allowing degraded mounts [ 80.294946][ T5139] BTRFS info (device loop0): using free space tree [pid 5139] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5139] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5139] chdir("./bus") = 0 [pid 5139] ioctl(4, LOOP_CLR_FD) = 0 [pid 5139] close(4) = 0 [pid 5139] futex(0x7f8fe62b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5139] futex(0x7f8fe62b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5138] <... futex resumed>) = 0 [pid 5138] futex(0x7f8fe62b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5139] <... futex resumed>) = 0 [pid 5138] <... futex resumed>) = 1 [pid 5139] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5138] futex(0x7f8fe62b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5139] <... open resumed>) = 4 [pid 5139] futex(0x7f8fe62b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5138] <... futex resumed>) = 0 [pid 5139] fallocate(4, 0, 0, 1048820 [pid 5138] futex(0x7f8fe62b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5138] futex(0x7f8fe62b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5139] <... fallocate resumed>) = 0 [pid 5139] futex(0x7f8fe62b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5138] <... futex resumed>) = 0 [pid 5139] futex(0x7f8fe62b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5138] futex(0x7f8fe62b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5139] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5138] <... futex resumed>) = 0 [pid 5139] open(".", O_RDONLY [pid 5138] futex(0x7f8fe62b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5139] <... open resumed>) = 5 [pid 5139] futex(0x7f8fe62b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5138] <... futex resumed>) = 0 [pid 5139] open(".", O_RDONLY [pid 5138] futex(0x7f8fe62b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5138] futex(0x7f8fe62b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5139] <... open resumed>) = 6 [pid 5139] futex(0x7f8fe62b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5138] <... futex resumed>) = 0 [pid 5138] futex(0x7f8fe62b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5138] futex(0x7f8fe62b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5138] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8fe61a3000 [pid 5138] mprotect(0x7f8fe61a4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5138] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5139] <... futex resumed>) = 1 [pid 5138] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8fe61c3990, parent_tid=0x7f8fe61c3990, exit_signal=0, stack=0x7f8fe61a3000, stack_size=0x20300, tls=0x7f8fe61c36c0} [pid 5139] ioctl(6, FITRIM, {start=0, len=4294983680, minlen=0}./strace-static-x86_64: Process 5155 attached [pid 5138] <... clone3 resumed> => {parent_tid=[5155]}, 88) = 5155 [pid 5138] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5138] futex(0x7f8fe62b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5138] futex(0x7f8fe62b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5155] rseq(0x7f8fe61c3fe0, 0x20, 0, 0x53053053) = 0 [pid 5155] set_robust_list(0x7f8fe61c39a0, 24) = 0 [pid 5155] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 80.318391][ T5139] BTRFS info (device loop0): auto enabling async discard [ 80.339407][ T29] audit: type=1800 audit(1696666234.156:7): pid=5139 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor569" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5155] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 5138] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5138] futex(0x7f8fe62b46ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5138] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8fe6182000 [pid 5138] mprotect(0x7f8fe6183000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5138] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5138] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8fe61a2990, parent_tid=0x7f8fe61a2990, exit_signal=0, stack=0x7f8fe6182000, stack_size=0x20300, tls=0x7f8fe61a26c0}./strace-static-x86_64: Process 5157 attached => {parent_tid=[5157]}, 88) = 5157 [pid 5138] rt_sigprocmask(SIG_SETMASK, [], [pid 5157] rseq(0x7f8fe61a2fe0, 0x20, 0, 0x53053053 [pid 5138] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5138] futex(0x7f8fe62b46e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5157] <... rseq resumed>) = 0 [pid 5138] futex(0x7f8fe62b46ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5157] set_robust_list(0x7f8fe61a29a0, 24) = 0 [pid 5157] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5157] ftruncate(-1, 0) = -1 EBADF (Bad file descriptor) [pid 5157] futex(0x7f8fe62b46ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5138] <... futex resumed>) = 0 [pid 5157] futex(0x7f8fe62b46e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5139] <... ioctl resumed>) = 0 [pid 5139] futex(0x7f8fe62b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5139] futex(0x7f8fe62b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5155] <... ioctl resumed>) = 0 [pid 5155] futex(0x7f8fe62b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5155] futex(0x7f8fe62b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5138] exit_group(0 [pid 5157] <... futex resumed>) = ? [pid 5138] <... exit_group resumed>) = ? [pid 5155] <... futex resumed>) = ? [pid 5139] <... futex resumed>) = ? [pid 5155] +++ exited with 0 +++ [pid 5139] +++ exited with 0 +++ [pid 5157] +++ exited with 0 +++ [pid 5138] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5138, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=25 /* 0.25 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560e8730 /* 4 entries */, 32768) = 104 umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555560f0770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555560f0770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/bus") = 0 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 getdents64(3, 0x5555560e8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560e7690) = 5158 ./strace-static-x86_64: Process 5158 attached [pid 5158] set_robust_list(0x5555560e76a0, 24) = 0 [pid 5158] chdir("./6") = 0 [pid 5158] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5158] setpgid(0, 0) = 0 [pid 5158] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5158] write(3, "1000", 4) = 4 [pid 5158] close(3) = 0 [pid 5158] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5158] futex(0x7f8fe62b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5158] rt_sigaction(SIGRT_1, {sa_handler=0x7f8fe624e0f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8fe623f2a0}, NULL, 8) = 0 [pid 5158] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5158] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8fe61c4000 [pid 5158] mprotect(0x7f8fe61c5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5158] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5158] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8fe61e4990, parent_tid=0x7f8fe61e4990, exit_signal=0, stack=0x7f8fe61c4000, stack_size=0x20300, tls=0x7f8fe61e46c0} => {parent_tid=[5159]}, 88) = 5159 [pid 5158] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5158] futex(0x7f8fe62b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5158] futex(0x7f8fe62b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5159 attached [pid 5159] rseq(0x7f8fe61e4fe0, 0x20, 0, 0x53053053) = 0 [pid 5159] set_robust_list(0x7f8fe61e49a0, 24) = 0 [pid 5159] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5159] memfd_create("syzkaller", 0) = 3 [pid 5159] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8fdddc4000 [pid 5159] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5159] munmap(0x7f8fdddc4000, 138412032) = 0 [pid 5159] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5159] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5159] close(3) = 0 [pid 5159] mkdir("./bus", 0777) = 0 [ 80.846374][ T5159] loop0: detected capacity change from 0 to 32768 [ 80.857003][ T5159] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor569 (5159) [ 80.874907][ T5159] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 80.883935][ T5159] BTRFS info (device loop0): doing ref verification [ 80.890641][ T5159] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 80.901716][ T5159] BTRFS info (device loop0): force zlib compression, level 3 [ 80.909267][ T5159] BTRFS info (device loop0): allowing degraded mounts [ 80.916272][ T5159] BTRFS info (device loop0): using free space tree [pid 5159] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5159] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5159] chdir("./bus") = 0 [pid 5159] ioctl(4, LOOP_CLR_FD) = 0 [pid 5159] close(4) = 0 [pid 5159] futex(0x7f8fe62b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5158] <... futex resumed>) = 0 [pid 5159] futex(0x7f8fe62b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5158] futex(0x7f8fe62b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5159] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5158] <... futex resumed>) = 0 [pid 5159] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [ 80.940719][ T5159] BTRFS info (device loop0): auto enabling async discard [pid 5158] futex(0x7f8fe62b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5159] <... open resumed>) = 4 [pid 5159] futex(0x7f8fe62b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5159] futex(0x7f8fe62b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5158] <... futex resumed>) = 0 [pid 5158] futex(0x7f8fe62b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5159] <... futex resumed>) = 0 [pid 5159] fallocate(4, 0, 0, 1048820 [pid 5158] futex(0x7f8fe62b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5159] <... fallocate resumed>) = 0 [pid 5159] futex(0x7f8fe62b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5158] <... futex resumed>) = 0 [pid 5158] futex(0x7f8fe62b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5158] futex(0x7f8fe62b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5159] open(".", O_RDONLY) = 5 [pid 5159] futex(0x7f8fe62b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5158] <... futex resumed>) = 0 [pid 5158] futex(0x7f8fe62b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5158] futex(0x7f8fe62b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5159] open(".", O_RDONLY) = 6 [pid 5159] futex(0x7f8fe62b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5158] <... futex resumed>) = 0 [pid 5159] <... futex resumed>) = 1 [pid 5158] futex(0x7f8fe62b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5159] ioctl(6, FITRIM, {start=0, len=4294983680, minlen=0} [pid 5158] futex(0x7f8fe62b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5158] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8fe61a3000 [pid 5158] mprotect(0x7f8fe61a4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5158] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5158] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8fe61c3990, parent_tid=0x7f8fe61c3990, exit_signal=0, stack=0x7f8fe61a3000, stack_size=0x20300, tls=0x7f8fe61c36c0} => {parent_tid=[5175]}, 88) = 5175 [pid 5158] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 5175 attached [pid 5158] futex(0x7f8fe62b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5175] rseq(0x7f8fe61c3fe0, 0x20, 0, 0x53053053 [pid 5158] futex(0x7f8fe62b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5175] <... rseq resumed>) = 0 [pid 5175] set_robust_list(0x7f8fe61c39a0, 24) = 0 [pid 5175] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 80.968228][ T29] audit: type=1800 audit(1696666234.776:8): pid=5159 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor569" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5175] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 5158] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5158] futex(0x7f8fe62b46ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5158] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8fe6182000 [pid 5158] mprotect(0x7f8fe6183000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5158] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5158] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8fe61a2990, parent_tid=0x7f8fe61a2990, exit_signal=0, stack=0x7f8fe6182000, stack_size=0x20300, tls=0x7f8fe61a26c0}./strace-static-x86_64: Process 5176 attached [pid 5176] rseq(0x7f8fe61a2fe0, 0x20, 0, 0x53053053) = 0 [pid 5158] <... clone3 resumed> => {parent_tid=[5176]}, 88) = 5176 [pid 5158] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5158] futex(0x7f8fe62b46e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5158] futex(0x7f8fe62b46ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5176] set_robust_list(0x7f8fe61a29a0, 24) = 0 [pid 5176] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5176] ftruncate(-1, 0) = -1 EBADF (Bad file descriptor) [pid 5176] futex(0x7f8fe62b46ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5158] <... futex resumed>) = 0 [pid 5176] futex(0x7f8fe62b46e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5175] <... ioctl resumed>) = 0 [pid 5175] futex(0x7f8fe62b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5175] futex(0x7f8fe62b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5159] <... ioctl resumed>) = 0 [pid 5159] futex(0x7f8fe62b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5159] futex(0x7f8fe62b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5158] exit_group(0 [pid 5176] <... futex resumed>) = ? [pid 5175] <... futex resumed>) = ? [pid 5159] <... futex resumed>) = ? [pid 5158] <... exit_group resumed>) = ? [pid 5176] +++ exited with 0 +++ [pid 5175] +++ exited with 0 +++ [pid 5159] +++ exited with 0 +++ [pid 5158] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5158, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560e8730 /* 4 entries */, 32768) = 104 umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555560f0770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555560f0770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/bus") = 0 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 getdents64(3, 0x5555560e8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5178 attached , child_tidptr=0x5555560e7690) = 5178 [pid 5178] set_robust_list(0x5555560e76a0, 24) = 0 [pid 5178] chdir("./7") = 0 [pid 5178] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5178] setpgid(0, 0) = 0 [pid 5178] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5178] write(3, "1000", 4) = 4 [pid 5178] close(3) = 0 [pid 5178] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5178] futex(0x7f8fe62b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5178] rt_sigaction(SIGRT_1, {sa_handler=0x7f8fe624e0f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8fe623f2a0}, NULL, 8) = 0 [pid 5178] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5178] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8fe61c4000 [pid 5178] mprotect(0x7f8fe61c5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5178] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5178] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8fe61e4990, parent_tid=0x7f8fe61e4990, exit_signal=0, stack=0x7f8fe61c4000, stack_size=0x20300, tls=0x7f8fe61e46c0}./strace-static-x86_64: Process 5179 attached => {parent_tid=[5179]}, 88) = 5179 [pid 5178] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5178] futex(0x7f8fe62b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5178] futex(0x7f8fe62b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5179] rseq(0x7f8fe61e4fe0, 0x20, 0, 0x53053053) = 0 [pid 5179] set_robust_list(0x7f8fe61e49a0, 24) = 0 [pid 5179] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5179] memfd_create("syzkaller", 0) = 3 [pid 5179] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8fdddc4000 [pid 5179] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5179] munmap(0x7f8fdddc4000, 138412032) = 0 [pid 5179] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5179] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5179] close(3) = 0 [pid 5179] mkdir("./bus", 0777) = 0 [ 81.492324][ T5179] loop0: detected capacity change from 0 to 32768 [ 81.502577][ T5179] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor569 (5179) [ 81.519253][ T5179] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 81.528323][ T5179] BTRFS info (device loop0): doing ref verification [ 81.535581][ T5179] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 81.547010][ T5179] BTRFS info (device loop0): force zlib compression, level 3 [ 81.555192][ T5179] BTRFS info (device loop0): allowing degraded mounts [ 81.564190][ T5179] BTRFS info (device loop0): using free space tree [pid 5179] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5179] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5179] chdir("./bus") = 0 [pid 5179] ioctl(4, LOOP_CLR_FD) = 0 [pid 5179] close(4) = 0 [pid 5179] futex(0x7f8fe62b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5178] <... futex resumed>) = 0 [pid 5179] futex(0x7f8fe62b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5178] futex(0x7f8fe62b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5179] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5178] <... futex resumed>) = 0 [pid 5179] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [ 81.588644][ T5179] BTRFS info (device loop0): auto enabling async discard [pid 5178] futex(0x7f8fe62b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5179] <... open resumed>) = 4 [pid 5179] futex(0x7f8fe62b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5178] <... futex resumed>) = 0 [pid 5178] futex(0x7f8fe62b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5179] <... futex resumed>) = 1 [pid 5178] <... futex resumed>) = 0 [pid 5179] fallocate(4, 0, 0, 1048820 [pid 5178] futex(0x7f8fe62b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5179] <... fallocate resumed>) = 0 [pid 5179] futex(0x7f8fe62b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5178] <... futex resumed>) = 0 [pid 5179] futex(0x7f8fe62b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5178] futex(0x7f8fe62b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5179] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5178] <... futex resumed>) = 0 [pid 5179] open(".", O_RDONLY [pid 5178] futex(0x7f8fe62b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5179] <... open resumed>) = 5 [pid 5179] futex(0x7f8fe62b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5178] <... futex resumed>) = 0 [pid 5179] futex(0x7f8fe62b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5178] futex(0x7f8fe62b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5179] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5178] <... futex resumed>) = 0 [pid 5179] open(".", O_RDONLY [pid 5178] futex(0x7f8fe62b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5179] <... open resumed>) = 6 [pid 5179] futex(0x7f8fe62b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5178] <... futex resumed>) = 0 [pid 5179] futex(0x7f8fe62b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5178] futex(0x7f8fe62b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5179] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5178] <... futex resumed>) = 0 [pid 5179] ioctl(6, FITRIM, {start=0, len=4294983680, minlen=0} [pid 5178] futex(0x7f8fe62b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5178] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8fe61a3000 [pid 5178] mprotect(0x7f8fe61a4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5178] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5178] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8fe61c3990, parent_tid=0x7f8fe61c3990, exit_signal=0, stack=0x7f8fe61a3000, stack_size=0x20300, tls=0x7f8fe61c36c0}./strace-static-x86_64: Process 5196 attached => {parent_tid=[5196]}, 88) = 5196 [pid 5196] rseq(0x7f8fe61c3fe0, 0x20, 0, 0x53053053 [pid 5178] rt_sigprocmask(SIG_SETMASK, [], [pid 5196] <... rseq resumed>) = 0 [pid 5178] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5178] futex(0x7f8fe62b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5178] futex(0x7f8fe62b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5196] set_robust_list(0x7f8fe61c39a0, 24) = 0 [pid 5196] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 81.617715][ T29] audit: type=1800 audit(1696666235.426:9): pid=5179 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor569" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5196] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 5178] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5178] futex(0x7f8fe62b46ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5178] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8fe6182000 [pid 5178] mprotect(0x7f8fe6183000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5178] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5178] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8fe61a2990, parent_tid=0x7f8fe61a2990, exit_signal=0, stack=0x7f8fe6182000, stack_size=0x20300, tls=0x7f8fe61a26c0}./strace-static-x86_64: Process 5197 attached [pid 5197] rseq(0x7f8fe61a2fe0, 0x20, 0, 0x53053053) = 0 [pid 5197] set_robust_list(0x7f8fe61a29a0, 24) = 0 [pid 5197] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5197] futex(0x7f8fe62b46e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5178] <... clone3 resumed> => {parent_tid=[5197]}, 88) = 5197 [pid 5178] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5178] futex(0x7f8fe62b46e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5178] futex(0x7f8fe62b46ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5197] <... futex resumed>) = 0 [pid 5197] ftruncate(-1, 0) = -1 EBADF (Bad file descriptor) [pid 5197] futex(0x7f8fe62b46ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5178] <... futex resumed>) = 0 [pid 5197] <... futex resumed>) = 1 [pid 5197] futex(0x7f8fe62b46e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5179] <... ioctl resumed>) = 0 [pid 5179] futex(0x7f8fe62b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5179] futex(0x7f8fe62b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5196] <... ioctl resumed>) = 0 [pid 5196] futex(0x7f8fe62b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5178] exit_group(0 [pid 5197] <... futex resumed>) = ? [pid 5179] <... futex resumed>) = ? [pid 5178] <... exit_group resumed>) = ? [pid 5197] +++ exited with 0 +++ [pid 5196] +++ exited with 0 +++ [pid 5179] +++ exited with 0 +++ [pid 5178] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5178, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=26 /* 0.26 s */} --- umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560e8730 /* 4 entries */, 32768) = 104 umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555560f0770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555560f0770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/bus") = 0 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 getdents64(3, 0x5555560e8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5198 attached , child_tidptr=0x5555560e7690) = 5198 [pid 5198] set_robust_list(0x5555560e76a0, 24) = 0 [pid 5198] chdir("./8") = 0 [pid 5198] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5198] setpgid(0, 0) = 0 [pid 5198] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5198] write(3, "1000", 4) = 4 [pid 5198] close(3) = 0 [pid 5198] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5198] futex(0x7f8fe62b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5198] rt_sigaction(SIGRT_1, {sa_handler=0x7f8fe624e0f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8fe623f2a0}, NULL, 8) = 0 [pid 5198] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5198] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8fe61c4000 [pid 5198] mprotect(0x7f8fe61c5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5198] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5198] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8fe61e4990, parent_tid=0x7f8fe61e4990, exit_signal=0, stack=0x7f8fe61c4000, stack_size=0x20300, tls=0x7f8fe61e46c0}./strace-static-x86_64: Process 5199 attached [pid 5199] rseq(0x7f8fe61e4fe0, 0x20, 0, 0x53053053 [pid 5198] <... clone3 resumed> => {parent_tid=[5199]}, 88) = 5199 [pid 5199] <... rseq resumed>) = 0 [pid 5198] rt_sigprocmask(SIG_SETMASK, [], [pid 5199] set_robust_list(0x7f8fe61e49a0, 24 [pid 5198] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5199] <... set_robust_list resumed>) = 0 [pid 5198] futex(0x7f8fe62b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5199] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5198] <... futex resumed>) = 0 [pid 5199] memfd_create("syzkaller", 0 [pid 5198] futex(0x7f8fe62b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5199] <... memfd_create resumed>) = 3 [pid 5199] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8fdddc4000 [pid 5199] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5199] munmap(0x7f8fdddc4000, 138412032) = 0 [pid 5199] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5199] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5199] close(3) = 0 [pid 5199] mkdir("./bus", 0777) = 0 [ 82.262763][ T5199] loop0: detected capacity change from 0 to 32768 [ 82.277619][ T5199] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor569 (5199) [ 82.303934][ T5199] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 82.313541][ T5199] BTRFS info (device loop0): doing ref verification [ 82.320741][ T5199] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 82.333312][ T5199] BTRFS info (device loop0): force zlib compression, level 3 [ 82.345221][ T5199] BTRFS info (device loop0): allowing degraded mounts [ 82.352634][ T5199] BTRFS info (device loop0): using free space tree [pid 5199] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5199] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5199] chdir("./bus") = 0 [pid 5199] ioctl(4, LOOP_CLR_FD) = 0 [pid 5199] close(4) = 0 [pid 5199] futex(0x7f8fe62b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5198] <... futex resumed>) = 0 [pid 5198] futex(0x7f8fe62b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5198] futex(0x7f8fe62b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5199] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5199] futex(0x7f8fe62b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5199] futex(0x7f8fe62b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5198] <... futex resumed>) = 0 [pid 5198] futex(0x7f8fe62b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5199] <... futex resumed>) = 0 [pid 5198] <... futex resumed>) = 1 [pid 5198] futex(0x7f8fe62b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5199] fallocate(4, 0, 0, 1048820) = 0 [pid 5199] futex(0x7f8fe62b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5198] <... futex resumed>) = 0 [pid 5198] futex(0x7f8fe62b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5199] <... futex resumed>) = 1 [pid 5198] <... futex resumed>) = 0 [pid 5199] open(".", O_RDONLY) = 5 [pid 5198] futex(0x7f8fe62b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5199] futex(0x7f8fe62b46cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5198] <... futex resumed>) = 0 [pid 5199] <... futex resumed>) = 1 [pid 5198] futex(0x7f8fe62b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5199] open(".", O_RDONLY [pid 5198] <... futex resumed>) = 0 [pid 5199] <... open resumed>) = 6 [pid 5198] futex(0x7f8fe62b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5199] futex(0x7f8fe62b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5198] <... futex resumed>) = 0 [pid 5199] futex(0x7f8fe62b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5198] futex(0x7f8fe62b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5199] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5198] <... futex resumed>) = 0 [pid 5199] ioctl(6, FITRIM, {start=0, len=4294983680, minlen=0} [pid 5198] futex(0x7f8fe62b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5198] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8fe61a3000 [pid 5198] mprotect(0x7f8fe61a4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5198] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5198] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8fe61c3990, parent_tid=0x7f8fe61c3990, exit_signal=0, stack=0x7f8fe61a3000, stack_size=0x20300, tls=0x7f8fe61c36c0}./strace-static-x86_64: Process 5215 attached => {parent_tid=[5215]}, 88) = 5215 [pid 5198] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5198] futex(0x7f8fe62b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5198] futex(0x7f8fe62b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5215] rseq(0x7f8fe61c3fe0, 0x20, 0, 0x53053053) = 0 [ 82.392534][ T5199] BTRFS info (device loop0): auto enabling async discard [ 82.419281][ T29] audit: type=1800 audit(1696666236.236:10): pid=5199 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor569" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5215] set_robust_list(0x7f8fe61c39a0, 24) = 0 [pid 5215] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5215] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 5198] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5198] futex(0x7f8fe62b46ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5198] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8fe6182000 [pid 5198] mprotect(0x7f8fe6183000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5198] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5198] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8fe61a2990, parent_tid=0x7f8fe61a2990, exit_signal=0, stack=0x7f8fe6182000, stack_size=0x20300, tls=0x7f8fe61a26c0}./strace-static-x86_64: Process 5216 attached => {parent_tid=[5216]}, 88) = 5216 [pid 5198] rt_sigprocmask(SIG_SETMASK, [], [pid 5216] rseq(0x7f8fe61a2fe0, 0x20, 0, 0x53053053) = 0 [pid 5198] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5216] set_robust_list(0x7f8fe61a29a0, 24) = 0 [pid 5198] futex(0x7f8fe62b46e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5216] rt_sigprocmask(SIG_SETMASK, [], [pid 5198] <... futex resumed>) = 0 [pid 5216] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5198] futex(0x7f8fe62b46ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5216] ftruncate(-1, 0) = -1 EBADF (Bad file descriptor) [pid 5216] futex(0x7f8fe62b46ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5198] <... futex resumed>) = 0 [pid 5216] futex(0x7f8fe62b46e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5199] <... ioctl resumed>) = 0 [pid 5199] futex(0x7f8fe62b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5199] futex(0x7f8fe62b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5215] <... ioctl resumed>) = 0 [pid 5215] futex(0x7f8fe62b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5215] futex(0x7f8fe62b46d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5198] exit_group(0 [pid 5216] <... futex resumed>) = ? [pid 5215] <... futex resumed>) = ? [pid 5199] <... futex resumed>) = ? [pid 5198] <... exit_group resumed>) = ? [pid 5216] +++ exited with 0 +++ [pid 5215] +++ exited with 0 +++ [pid 5199] +++ exited with 0 +++ [pid 5198] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5198, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=41 /* 0.41 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560e8730 /* 4 entries */, 32768) = 104 umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555560f0770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555560f0770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/bus") = 0 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 getdents64(3, 0x5555560e8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5217 attached , child_tidptr=0x5555560e7690) = 5217 [pid 5217] set_robust_list(0x5555560e76a0, 24) = 0 [pid 5217] chdir("./9") = 0 [pid 5217] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5217] setpgid(0, 0) = 0 [pid 5217] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5217] write(3, "1000", 4) = 4 [pid 5217] close(3) = 0 [pid 5217] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5217] futex(0x7f8fe62b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5217] rt_sigaction(SIGRT_1, {sa_handler=0x7f8fe624e0f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8fe623f2a0}, NULL, 8) = 0 [pid 5217] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5217] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8fe61c4000 [pid 5217] mprotect(0x7f8fe61c5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5217] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5217] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8fe61e4990, parent_tid=0x7f8fe61e4990, exit_signal=0, stack=0x7f8fe61c4000, stack_size=0x20300, tls=0x7f8fe61e46c0}./strace-static-x86_64: Process 5218 attached [pid 5218] rseq(0x7f8fe61e4fe0, 0x20, 0, 0x53053053) = 0 [pid 5217] <... clone3 resumed> => {parent_tid=[5218]}, 88) = 5218 [pid 5218] set_robust_list(0x7f8fe61e49a0, 24 [pid 5217] rt_sigprocmask(SIG_SETMASK, [], [pid 5218] <... set_robust_list resumed>) = 0 [pid 5217] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5218] rt_sigprocmask(SIG_SETMASK, [], [pid 5217] futex(0x7f8fe62b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5218] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5217] <... futex resumed>) = 0 [pid 5218] memfd_create("syzkaller", 0 [pid 5217] futex(0x7f8fe62b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5218] <... memfd_create resumed>) = 3 [pid 5218] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8fdddc4000 [pid 5218] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5218] munmap(0x7f8fdddc4000, 138412032) = 0 [pid 5218] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5218] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5218] close(3) = 0 [pid 5218] mkdir("./bus", 0777) = 0 [ 82.893798][ T5218] loop0: detected capacity change from 0 to 32768 [ 82.904654][ T5218] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor569 (5218) [ 82.925096][ T5218] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 82.934529][ T5218] BTRFS info (device loop0): doing ref verification [ 82.941379][ T5218] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 82.953018][ T5218] BTRFS info (device loop0): force zlib compression, level 3 [ 82.960470][ T5218] BTRFS info (device loop0): allowing degraded mounts [ 82.967298][ T5218] BTRFS info (device loop0): using free space tree [pid 5218] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5218] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5218] chdir("./bus") = 0 [pid 5218] ioctl(4, LOOP_CLR_FD) = 0 [pid 5218] close(4) = 0 [pid 5218] futex(0x7f8fe62b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5217] <... futex resumed>) = 0 [pid 5218] futex(0x7f8fe62b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5217] futex(0x7f8fe62b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5218] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5217] <... futex resumed>) = 0 [pid 5218] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5217] futex(0x7f8fe62b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5218] <... open resumed>) = 4 [pid 5218] futex(0x7f8fe62b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5218] futex(0x7f8fe62b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5217] <... futex resumed>) = 0 [pid 5217] futex(0x7f8fe62b46c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5218] <... futex resumed>) = 0 [pid 5218] fallocate(4, 0, 0, 1048820 [pid 5217] futex(0x7f8fe62b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5218] <... fallocate resumed>) = 0 [pid 5218] futex(0x7f8fe62b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5217] <... futex resumed>) = 0 [pid 5218] futex(0x7f8fe62b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5217] futex(0x7f8fe62b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5218] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5217] <... futex resumed>) = 0 [pid 5218] open(".", O_RDONLY [pid 5217] futex(0x7f8fe62b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5218] <... open resumed>) = 5 [pid 5218] futex(0x7f8fe62b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5217] <... futex resumed>) = 0 [pid 5218] futex(0x7f8fe62b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5217] futex(0x7f8fe62b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5218] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5217] <... futex resumed>) = 0 [pid 5218] open(".", O_RDONLY [pid 5217] futex(0x7f8fe62b46cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5218] <... open resumed>) = 6 [pid 5218] futex(0x7f8fe62b46cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5217] <... futex resumed>) = 0 [pid 5218] futex(0x7f8fe62b46c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5217] futex(0x7f8fe62b46c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5218] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5217] <... futex resumed>) = 0 [pid 5218] ioctl(6, FITRIM, {start=0, len=4294983680, minlen=0} [pid 5217] futex(0x7f8fe62b46dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5217] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8fe61a3000 [pid 5217] mprotect(0x7f8fe61a4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5217] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5217] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8fe61c3990, parent_tid=0x7f8fe61c3990, exit_signal=0, stack=0x7f8fe61a3000, stack_size=0x20300, tls=0x7f8fe61c36c0} => {parent_tid=[5235]}, 88) = 5235 [pid 5217] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5217] futex(0x7f8fe62b46d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5217] futex(0x7f8fe62b46dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5235 attached [pid 5235] rseq(0x7f8fe61c3fe0, 0x20, 0, 0x53053053) = 0 [pid 5235] set_robust_list(0x7f8fe61c39a0, 24) = 0 [pid 5235] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 82.992875][ T5218] BTRFS info (device loop0): auto enabling async discard [ 83.022370][ T29] audit: type=1800 audit(1696666236.836:11): pid=5218 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor569" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 83.077240][ T1049] ------------[ cut here ]------------ [ 83.083206][ T1049] BTRFS: Transaction aborted (error -28) [ 83.103625][ T1049] WARNING: CPU: 0 PID: 1049 at fs/btrfs/block-group.c:3853 btrfs_chunk_alloc+0xedb/0xfa0 [ 83.113648][ T1049] Modules linked in: [ 83.117598][ T1049] CPU: 0 PID: 1049 Comm: kworker/u4:8 Not tainted 6.6.0-rc4-syzkaller-00229-g82714078aee4 #0 [ 83.127923][ T1049] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 83.138144][ T1049] Workqueue: events_unbound btrfs_async_reclaim_metadata_space [ 83.145788][ T1049] RIP: 0010:btrfs_chunk_alloc+0xedb/0xfa0 [ 83.151662][ T1049] Code: fd 48 c7 c7 20 fc 4c 8b 44 89 e6 e8 3f af 9e fd 0f 0b e9 1d fe ff ff e8 53 88 d8 fd 48 c7 c7 20 fc 4c 8b 89 ee e8 25 af 9e fd <0f> 0b e9 28 fe ff ff e8 39 88 d8 fd 48 c7 c7 20 fc 4c 8b 44 89 e6 [ 83.171541][ T1049] RSP: 0018:ffffc90004267968 EFLAGS: 00010246 [pid 5235] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 5217] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5217] futex(0x7f8fe62b46ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5217] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8fe6182000 [pid 5217] mprotect(0x7f8fe6183000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5217] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5217] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8fe61a2990, parent_tid=0x7f8fe61a2990, exit_signal=0, stack=0x7f8fe6182000, stack_size=0x20300, tls=0x7f8fe61a26c0} => {parent_tid=[5236]}, 88) = 5236 [pid 5217] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5217] futex(0x7f8fe62b46e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5217] futex(0x7f8fe62b46ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5236 attached [pid 5236] rseq(0x7f8fe61a2fe0, 0x20, 0, 0x53053053) = 0 [pid 5236] set_robust_list(0x7f8fe61a29a0, 24) = 0 [pid 5236] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5236] ftruncate(-1, 0) = -1 EBADF (Bad file descriptor) [pid 5236] futex(0x7f8fe62b46ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5217] <... futex resumed>) = 0 [pid 5236] <... futex resumed>) = 1 [ 83.177755][ T1049] RAX: 7dee088fc515c400 RBX: ffff888022e78001 RCX: ffff88801e305940 [ 83.185857][ T1049] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 83.194058][ T1049] RBP: ffffffffffffffe4 R08: ffffffff81543302 R09: 1ffff9200084ce80 [ 83.203196][ T1049] R10: dffffc0000000000 R11: fffff5200084ce81 R12: ffff8880799d6800 [ 83.211487][ T1049] R13: dffffc0000000000 R14: ffff888029276800 R15: 0000000000000000 [ 83.219639][ T1049] FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 83.228976][ T1049] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 83.235987][ T1049] CR2: 00007ffc9c7e2ac4 CR3: 000000002539e000 CR4: 00000000003506f0 [ 83.244121][ T1049] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 83.252283][ T1049] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 83.260404][ T1049] Call Trace: [ 83.263760][ T1049] [ 83.266761][ T1049] ? __warn+0x162/0x4a0 [ 83.271032][ T1049] ? btrfs_chunk_alloc+0xedb/0xfa0 [ 83.276214][ T1049] ? report_bug+0x2b3/0x500 [ 83.280853][ T1049] ? btrfs_chunk_alloc+0xedb/0xfa0 [ 83.286041][ T1049] ? handle_bug+0x3d/0x70 [ 83.290532][ T1049] ? exc_invalid_op+0x1a/0x50 [ 83.295283][ T1049] ? asm_exc_invalid_op+0x1a/0x20 [ 83.300792][ T1049] ? __warn_printk+0x292/0x360 [ 83.305799][ T1049] ? btrfs_chunk_alloc+0xedb/0xfa0 [ 83.311478][ T1049] ? btrfs_chunk_alloc+0xedb/0xfa0 [ 83.316779][ T1049] flush_space+0x581/0xde0 [ 83.321624][ T1049] ? btrfs_async_reclaim_metadata_space+0x288/0x350 [ 83.329102][ T1049] ? do_raw_spin_lock+0x14d/0x3a0 [ 83.334860][ T1049] ? btrfs_calc_reclaim_metadata_size+0x2b0/0x2b0 [ 83.342299][ T1049] ? do_raw_spin_unlock+0x13b/0x8b0 [ 83.347981][ T1049] ? btrfs_calc_reclaim_metadata_size+0x11f/0x2b0 [ 83.358328][ T1049] btrfs_async_reclaim_metadata_space+0x29f/0x350 [ 83.367793][ T1049] ? process_scheduled_works+0x825/0x1400 [pid 5236] futex(0x7f8fe62b46e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5217] exit_group(0 [pid 5236] <... futex resumed>) = ? [pid 5217] <... exit_group resumed>) = ? [pid 5236] +++ exited with 0 +++ [ 83.373783][ T1049] process_scheduled_works+0x90f/0x1400 [ 83.379574][ T1049] ? assign_work+0x3d0/0x3d0 [ 83.384332][ T1049] ? assign_work+0x364/0x3d0 [ 83.392708][ T1049] worker_thread+0xa5f/0xff0 [ 83.397427][ T1049] kthread+0x2d3/0x370 [ 83.401644][ T1049] ? pr_cont_work+0x5e0/0x5e0 [ 83.406378][ T1049] ? kthread_blkcg+0xd0/0xd0 [ 83.412367][ T1049] ret_from_fork+0x48/0x80 [ 83.416857][ T1049] ? kthread_blkcg+0xd0/0xd0 [ 83.421599][ T1049] ret_from_fork_asm+0x11/0x20 [ 83.426728][ T1049] [ 83.430062][ T1049] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 83.437743][ T1049] CPU: 0 PID: 1049 Comm: kworker/u4:8 Not tainted 6.6.0-rc4-syzkaller-00229-g82714078aee4 #0 [ 83.447943][ T1049] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 83.458033][ T1049] Workqueue: events_unbound btrfs_async_reclaim_metadata_space [ 83.465632][ T1049] Call Trace: [ 83.468938][ T1049] [ 83.471881][ T1049] dump_stack_lvl+0x1e7/0x2d0 [ 83.476639][ T1049] ? nf_tcp_handle_invalid+0x650/0x650 [ 83.482234][ T1049] ? panic+0x770/0x770 [ 83.486428][ T1049] ? vscnprintf+0x5d/0x80 [ 83.490794][ T1049] panic+0x30f/0x770 [ 83.494716][ T1049] ? __warn+0x171/0x4a0 [ 83.498911][ T1049] ? __memcpy_flushcache+0x2b0/0x2b0 [ 83.504832][ T1049] ? ret_from_fork_asm+0x11/0x20 [ 83.510515][ T1049] __warn+0x314/0x4a0 [ 83.514811][ T1049] ? btrfs_chunk_alloc+0xedb/0xfa0 [ 83.520168][ T1049] report_bug+0x2b3/0x500 [ 83.524723][ T1049] ? btrfs_chunk_alloc+0xedb/0xfa0 [ 83.529981][ T1049] handle_bug+0x3d/0x70 [ 83.534164][ T1049] exc_invalid_op+0x1a/0x50 [ 83.538685][ T1049] asm_exc_invalid_op+0x1a/0x20 [ 83.544026][ T1049] RIP: 0010:btrfs_chunk_alloc+0xedb/0xfa0 [ 83.549866][ T1049] Code: fd 48 c7 c7 20 fc 4c 8b 44 89 e6 e8 3f af 9e fd 0f 0b e9 1d fe ff ff e8 53 88 d8 fd 48 c7 c7 20 fc 4c 8b 89 ee e8 25 af 9e fd <0f> 0b e9 28 fe ff ff e8 39 88 d8 fd 48 c7 c7 20 fc 4c 8b 44 89 e6 [ 83.569496][ T1049] RSP: 0018:ffffc90004267968 EFLAGS: 00010246 [ 83.575580][ T1049] RAX: 7dee088fc515c400 RBX: ffff888022e78001 RCX: ffff88801e305940 [ 83.583583][ T1049] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 83.591960][ T1049] RBP: ffffffffffffffe4 R08: ffffffff81543302 R09: 1ffff9200084ce80 [ 83.600147][ T1049] R10: dffffc0000000000 R11: fffff5200084ce81 R12: ffff8880799d6800 [ 83.608165][ T1049] R13: dffffc0000000000 R14: ffff888029276800 R15: 0000000000000000 [ 83.616254][ T1049] ? __warn_printk+0x292/0x360 [ 83.621064][ T1049] ? btrfs_chunk_alloc+0xedb/0xfa0 [ 83.626322][ T1049] flush_space+0x581/0xde0 [ 83.630785][ T1049] ? btrfs_async_reclaim_metadata_space+0x288/0x350 [ 83.637523][ T1049] ? do_raw_spin_lock+0x14d/0x3a0 [ 83.642763][ T1049] ? btrfs_calc_reclaim_metadata_size+0x2b0/0x2b0 [ 83.649324][ T1049] ? do_raw_spin_unlock+0x13b/0x8b0 [ 83.654632][ T1049] ? btrfs_calc_reclaim_metadata_size+0x11f/0x2b0 [ 83.661069][ T1049] btrfs_async_reclaim_metadata_space+0x29f/0x350 [ 83.667509][ T1049] ? process_scheduled_works+0x825/0x1400 [ 83.673243][ T1049] process_scheduled_works+0x90f/0x1400 [ 83.678834][ T1049] ? assign_work+0x3d0/0x3d0 [ 83.683477][ T1049] ? assign_work+0x364/0x3d0 [ 83.688098][ T1049] worker_thread+0xa5f/0xff0 [ 83.695018][ T1049] kthread+0x2d3/0x370 [ 83.699208][ T1049] ? pr_cont_work+0x5e0/0x5e0 [ 83.703912][ T1049] ? kthread_blkcg+0xd0/0xd0 [ 83.708541][ T1049] ret_from_fork+0x48/0x80 [ 83.712985][ T1049] ? kthread_blkcg+0xd0/0xd0 [ 83.717592][ T1049] ret_from_fork_asm+0x11/0x20 [ 83.722389][ T1049] [ 83.725663][ T1049] Kernel Offset: disabled [ 83.730094][ T1049] Rebooting in 86400 seconds..