./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3502835929 <...> Warning: Permanently added '10.128.1.28' (ECDSA) to the list of known hosts. execve("./syz-executor3502835929", ["./syz-executor3502835929"], 0x7ffd9b04a640 /* 10 vars */) = 0 brk(NULL) = 0x5555566b1000 brk(0x5555566b1c40) = 0x5555566b1c40 arch_prctl(ARCH_SET_FS, 0x5555566b1300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x5555566b15d0) = 5069 set_robust_list(0x5555566b15e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f7d83758920, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f7d83758ff0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f7d837589c0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f7d83758ff0}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3502835929", 4096) = 28 brk(0x5555566d2c40) = 0x5555566d2c40 brk(0x5555566d3000) = 0x5555566d3000 mprotect(0x7f7d83820000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 5069 mkdir("./syzkaller.31jQhv", 0700) = 0 chmod("./syzkaller.31jQhv", 0777) = 0 chdir("./syzkaller.31jQhv") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566b15d0) = 5070 ./strace-static-x86_64: Process 5070 attached [pid 5070] set_robust_list(0x5555566b15e0, 24) = 0 [pid 5070] chdir("./0") = 0 [pid 5070] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5070] setpgid(0, 0) = 0 [pid 5070] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5070] write(3, "1000", 4) = 4 [pid 5070] close(3) = 0 [pid 5070] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5070] futex(0x7f7d838267ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5070] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7d83727000 [pid 5070] mprotect(0x7f7d83728000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5070] clone(child_stack=0x7f7d837473f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5072], tls=0x7f7d83747700, child_tidptr=0x7f7d837479d0) = 5072 [pid 5070] futex(0x7f7d838267a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5070] futex(0x7f7d838267ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5072 attached [pid 5072] set_robust_list(0x7f7d837479e0, 24) = 0 [pid 5072] memfd_create("syzkaller", 0) = 3 [pid 5072] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7d7b327000 [pid 5072] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5072] munmap(0x7f7d7b327000, 16777216) = 0 [pid 5072] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5072] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5072] close(3) = 0 [pid 5072] mkdir("./file0", 0777) = 0 syzkaller login: [ 53.022645][ T5072] loop0: detected capacity change from 0 to 32768 [ 53.033285][ T5072] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor350 (5072) [ 53.052044][ T5072] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 53.061404][ T5072] BTRFS info (device loop0): force clearing of disk cache [ 53.068523][ T5072] BTRFS info (device loop0): setting nodatasum [ 53.075032][ T5072] BTRFS info (device loop0): allowing degraded mounts [ 53.081893][ T5072] BTRFS info (device loop0): enabling disk space caching [ 53.089084][ T5072] BTRFS info (device loop0): disk space caching is enabled [ 53.111221][ T5072] BTRFS info (device loop0): enabling ssd optimizations [pid 5072] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5072] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5072] chdir("./file0") = 0 [pid 5072] ioctl(4, LOOP_CLR_FD) = 0 [pid 5072] close(4) = 0 [pid 5072] futex(0x7f7d838267ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5070] <... futex resumed>) = 0 [pid 5072] futex(0x7f7d838267a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5070] futex(0x7f7d838267a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5070] <... futex resumed>) = 0 [pid 5072] openat(AT_FDCWD, ".", O_RDONLY [pid 5070] futex(0x7f7d838267ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5072] <... openat resumed>) = 4 [pid 5072] futex(0x7f7d838267ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5070] <... futex resumed>) = 0 [pid 5072] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5070] futex(0x7f7d838267a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 53.118210][ T5072] BTRFS info (device loop0): auto enabling async discard [ 53.126671][ T5072] BTRFS info (device loop0): clearing free space tree [ 53.133710][ T5072] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 53.143603][ T5072] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 53.163928][ T5072] BTRFS info (device loop0): checking UUID tree [pid 5070] futex(0x7f7d838267ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 53.197384][ T5072] BTRFS info (device loop0): balance: start -d -m -s [ 53.207955][ T5072] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5070] futex(0x7f7d838267bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5070] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7d7c306000 [pid 5070] mprotect(0x7f7d7c307000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5070] clone(child_stack=0x7f7d7c3263f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5091], tls=0x7f7d7c326700, child_tidptr=0x7f7d7c3269d0) = 5091 [pid 5070] futex(0x7f7d838267b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5070] futex(0x7f7d838267bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5091 attached [pid 5091] set_robust_list(0x7f7d7c3269e0, 24) = 0 [pid 5091] open("./file0", O_RDONLY) = 5 [pid 5091] futex(0x7f7d838267bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5070] <... futex resumed>) = 0 [pid 5070] futex(0x7f7d838267b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5070] futex(0x7f7d838267bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 53.245074][ T5072] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5091] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6 [pid 5091] futex(0x7f7d838267bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5070] <... futex resumed>) = 0 [pid 5091] futex(0x7f7d838267b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5070] futex(0x7f7d838267b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5091] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5070] <... futex resumed>) = 0 [pid 5091] ioctl(5, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5070] futex(0x7f7d838267bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] <... ioctl resumed>) = 0 [pid 5091] futex(0x7f7d838267bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5070] <... futex resumed>) = 0 [pid 5091] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5070] futex(0x7f7d838267b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 53.281234][ T26] audit: type=1800 audit(1671393814.471:2): pid=5091 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor350" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5070] futex(0x7f7d838267bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] <... open resumed>) = 7 [pid 5091] futex(0x7f7d838267bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5070] <... futex resumed>) = 0 [pid 5070] futex(0x7f7d838267b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5091] ioctl(5, BTRFS_IOC_SNAP_CREATE, {fd=6, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x02\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 5070] <... futex resumed>) = 0 [pid 5070] futex(0x7f7d838267bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] <... ioctl resumed>) = 0 [pid 5091] futex(0x7f7d838267bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5091] futex(0x7f7d838267b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5070] <... futex resumed>) = 0 [ 53.334292][ T26] audit: type=1800 audit(1671393814.511:3): pid=5091 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor350" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 53.371888][ T11] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 53.378349][ T5072] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 53.417534][ T5072] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 53.438939][ T5072] BTRFS info (device loop0): relocating block group 1048576 flags system [ 53.456950][ T5072] BTRFS info (device loop0): found 1 extents, stage: move data extents [pid 5072] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5072] futex(0x7f7d838267ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] futex(0x7f7d838267a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5070] exit_group(0 [pid 5091] <... futex resumed>) = ? [pid 5072] <... futex resumed>) = ? [pid 5070] <... exit_group resumed>) = ? [pid 5091] +++ exited with 0 +++ [pid 5072] +++ exited with 0 +++ [pid 5070] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5070, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=48 /* 0.48 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555566b2620 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./0/binderfs") = 0 [ 53.474322][ T5072] BTRFS info (device loop0): balance: ended with status: 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555566ba660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555566ba660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x5555566b2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566b15d0) = 5096 ./strace-static-x86_64: Process 5096 attached [pid 5096] set_robust_list(0x5555566b15e0, 24) = 0 [pid 5096] chdir("./1") = 0 [pid 5096] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5096] setpgid(0, 0) = 0 [pid 5096] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5096] write(3, "1000", 4) = 4 [pid 5096] close(3) = 0 [pid 5096] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5096] futex(0x7f7d838267ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5096] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7d83727000 [pid 5096] mprotect(0x7f7d83728000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5096] clone(child_stack=0x7f7d837473f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5097 attached , parent_tid=[5097], tls=0x7f7d83747700, child_tidptr=0x7f7d837479d0) = 5097 [pid 5097] set_robust_list(0x7f7d837479e0, 24 [pid 5096] futex(0x7f7d838267a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5097] <... set_robust_list resumed>) = 0 [pid 5096] <... futex resumed>) = 0 [pid 5096] futex(0x7f7d838267ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5097] memfd_create("syzkaller", 0) = 3 [pid 5097] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7d7b327000 [pid 5097] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5097] munmap(0x7f7d7b327000, 16777216) = 0 [pid 5097] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5097] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5097] close(3) = 0 [pid 5097] mkdir("./file0", 0777) = 0 [ 53.778463][ T5097] loop0: detected capacity change from 0 to 32768 [ 53.792337][ T5097] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 53.801593][ T5097] BTRFS info (device loop0): force clearing of disk cache [ 53.808745][ T5097] BTRFS info (device loop0): setting nodatasum [ 53.815172][ T5097] BTRFS info (device loop0): allowing degraded mounts [ 53.821983][ T5097] BTRFS info (device loop0): enabling disk space caching [ 53.829126][ T5097] BTRFS info (device loop0): disk space caching is enabled [ 53.846733][ T5097] BTRFS info (device loop0): enabling ssd optimizations [ 53.853726][ T5097] BTRFS info (device loop0): auto enabling async discard [ 53.861522][ T5097] BTRFS info (device loop0): clearing free space tree [ 53.868486][ T5097] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5097] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5097] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5097] chdir("./file0") = 0 [pid 5097] ioctl(4, LOOP_CLR_FD) = 0 [pid 5097] close(4) = 0 [pid 5097] futex(0x7f7d838267ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] <... futex resumed>) = 0 [pid 5096] futex(0x7f7d838267a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5096] futex(0x7f7d838267ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5097] <... futex resumed>) = 1 [pid 5097] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5097] futex(0x7f7d838267ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] <... futex resumed>) = 0 [pid 5096] futex(0x7f7d838267a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5096] futex(0x7f7d838267ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5097] <... futex resumed>) = 1 [ 53.878449][ T5097] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 53.892955][ T5097] BTRFS info (device loop0): checking UUID tree [pid 5097] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5096] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5096] futex(0x7f7d838267ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5096] futex(0x7f7d838267bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5096] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7d7c306000 [pid 5096] mprotect(0x7f7d7c307000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5096] clone(child_stack=0x7f7d7c3263f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5116], tls=0x7f7d7c326700, child_tidptr=0x7f7d7c3269d0) = 5116 [pid 5096] futex(0x7f7d838267b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5096] futex(0x7f7d838267bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5116 attached [pid 5116] set_robust_list(0x7f7d7c3269e0, 24) = 0 [pid 5116] open("./file0", O_RDONLY) = 5 [pid 5116] futex(0x7f7d838267bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5096] <... futex resumed>) = 0 [pid 5116] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5096] futex(0x7f7d838267b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 53.920784][ T5097] BTRFS info (device loop0): balance: start -d -m -s [ 53.927932][ T5097] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 53.955253][ T5097] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5096] futex(0x7f7d838267bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5116] <... open resumed>) = 6 [pid 5116] futex(0x7f7d838267bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5096] <... futex resumed>) = 0 [pid 5116] futex(0x7f7d838267b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5096] futex(0x7f7d838267b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5096] <... futex resumed>) = 0 [pid 5116] ioctl(5, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5096] futex(0x7f7d838267bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5116] <... ioctl resumed>) = 0 [pid 5116] futex(0x7f7d838267bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5096] <... futex resumed>) = 0 [pid 5116] futex(0x7f7d838267b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5096] futex(0x7f7d838267b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5096] <... futex resumed>) = 0 [pid 5116] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5096] futex(0x7f7d838267bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5116] <... open resumed>) = 7 [ 53.981934][ T26] audit: type=1800 audit(1671393815.171:4): pid=5116 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor350" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 53.987714][ T5097] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 5116] futex(0x7f7d838267bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5096] <... futex resumed>) = 0 [pid 5116] ioctl(5, BTRFS_IOC_SNAP_CREATE, {fd=6, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x02\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 5096] futex(0x7f7d838267b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5096] futex(0x7f7d838267bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5116] <... ioctl resumed>) = 0 [pid 5116] futex(0x7f7d838267bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5096] <... futex resumed>) = 0 [ 54.027575][ T26] audit: type=1800 audit(1671393815.211:5): pid=5116 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor350" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 54.050251][ T11] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 54.062046][ T5097] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 54.101102][ T5097] BTRFS info (device loop0): relocating block group 1048576 flags system [ 54.123894][ T5097] BTRFS info (device loop0): found 1 extents, stage: move data extents [pid 5116] futex(0x7f7d838267b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5097] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5097] futex(0x7f7d838267ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5097] futex(0x7f7d838267a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5096] exit_group(0) = ? [pid 5116] <... futex resumed>) = ? [pid 5116] +++ exited with 0 +++ [pid 5097] <... futex resumed>) = ? [pid 5097] +++ exited with 0 +++ [pid 5096] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5096, si_uid=0, si_status=0, si_utime=0, si_stime=38 /* 0.38 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555566b2620 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./1/binderfs") = 0 [ 54.145684][ T5097] BTRFS info (device loop0): balance: ended with status: 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555566ba660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555566ba660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 getdents64(3, 0x5555566b2620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566b15d0) = 5117 ./strace-static-x86_64: Process 5117 attached [pid 5117] set_robust_list(0x5555566b15e0, 24) = 0 [pid 5117] chdir("./2") = 0 [pid 5117] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5117] setpgid(0, 0) = 0 [pid 5117] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5117] write(3, "1000", 4) = 4 [pid 5117] close(3) = 0 [pid 5117] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5117] futex(0x7f7d838267ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5117] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7d83727000 [pid 5117] mprotect(0x7f7d83728000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5117] clone(child_stack=0x7f7d837473f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5118], tls=0x7f7d83747700, child_tidptr=0x7f7d837479d0) = 5118 [pid 5117] futex(0x7f7d838267a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5117] futex(0x7f7d838267ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5118 attached [pid 5118] set_robust_list(0x7f7d837479e0, 24) = 0 [pid 5118] memfd_create("syzkaller", 0) = 3 [pid 5118] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7d7b327000 [pid 5118] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5118] munmap(0x7f7d7b327000, 16777216) = 0 [pid 5118] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5118] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5118] close(3) = 0 [pid 5118] mkdir("./file0", 0777) = 0 [ 54.406097][ T5118] loop0: detected capacity change from 0 to 32768 [ 54.420042][ T5118] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 54.429389][ T5118] BTRFS info (device loop0): force clearing of disk cache [ 54.436831][ T5118] BTRFS info (device loop0): setting nodatasum [ 54.448636][ T5118] BTRFS info (device loop0): allowing degraded mounts [ 54.455563][ T5118] BTRFS info (device loop0): enabling disk space caching [ 54.462860][ T5118] BTRFS info (device loop0): disk space caching is enabled [ 54.484970][ T5118] BTRFS info (device loop0): enabling ssd optimizations [ 54.492027][ T5118] BTRFS info (device loop0): auto enabling async discard [pid 5118] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5118] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5118] chdir("./file0") = 0 [pid 5118] ioctl(4, LOOP_CLR_FD) = 0 [pid 5118] close(4) = 0 [pid 5118] futex(0x7f7d838267ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5117] <... futex resumed>) = 0 [pid 5117] futex(0x7f7d838267a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5117] futex(0x7f7d838267ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5118] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5118] futex(0x7f7d838267ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5117] <... futex resumed>) = 0 [pid 5117] futex(0x7f7d838267a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5118] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5117] <... futex resumed>) = 0 [ 54.500534][ T5118] BTRFS info (device loop0): clearing free space tree [ 54.507406][ T5118] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 54.517108][ T5118] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 54.532482][ T5118] BTRFS info (device loop0): checking UUID tree [pid 5117] futex(0x7f7d838267ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5117] futex(0x7f7d838267bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5117] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7d7c306000 [pid 5117] mprotect(0x7f7d7c307000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5117] clone(child_stack=0x7f7d7c3263f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5137], tls=0x7f7d7c326700, child_tidptr=0x7f7d7c3269d0) = 5137 [pid 5117] futex(0x7f7d838267b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5117] futex(0x7f7d838267bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5137 attached [pid 5137] set_robust_list(0x7f7d7c3269e0, 24) = 0 [pid 5137] open("./file0", O_RDONLY) = 5 [pid 5137] futex(0x7f7d838267bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5117] <... futex resumed>) = 0 [pid 5117] futex(0x7f7d838267b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5117] futex(0x7f7d838267bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5137] <... futex resumed>) = 1 [ 54.589561][ T5118] BTRFS info (device loop0): balance: start -d -m -s [ 54.596602][ T5118] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5137] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6 [pid 5137] futex(0x7f7d838267bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5117] <... futex resumed>) = 0 [pid 5117] futex(0x7f7d838267b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5117] futex(0x7f7d838267bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5137] <... futex resumed>) = 1 [pid 5137] ioctl(5, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5137] futex(0x7f7d838267bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5117] <... futex resumed>) = 0 [pid 5117] futex(0x7f7d838267b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5117] futex(0x7f7d838267bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5137] <... futex resumed>) = 1 [ 54.637057][ T5118] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 54.647355][ T26] audit: type=1800 audit(1671393815.831:6): pid=5137 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor350" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5137] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 7 [pid 5137] futex(0x7f7d838267bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5117] <... futex resumed>) = 0 [pid 5117] futex(0x7f7d838267b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5117] futex(0x7f7d838267bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5137] <... futex resumed>) = 1 [pid 5137] ioctl(5, BTRFS_IOC_SNAP_CREATE, {fd=6, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x02\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 5117] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 54.673757][ T26] audit: type=1800 audit(1671393815.861:7): pid=5137 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor350" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 54.700164][ T5137] ------------[ cut here ]------------ [ 54.705698][ T5137] WARNING: CPU: 1 PID: 5137 at fs/btrfs/extent-tree.c:872 lookup_inline_extent_backref+0xd28/0x10e0 [ 54.717073][ T5137] Modules linked in: [ 54.721176][ T5137] CPU: 1 PID: 5137 Comm: syz-executor350 Not tainted 6.1.0-syzkaller-13139-gf9ff5644bcc0 #0 [ 54.731570][ T5137] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 54.742006][ T5137] RIP: 0010:lookup_inline_extent_backref+0xd28/0x10e0 [ 54.749096][ T5137] Code: f9 ff ff e8 9a ff 21 fe 8b b4 24 40 01 00 00 31 ff e8 3c fc 21 fe 8b b4 24 40 01 00 00 85 f6 0f 84 10 02 00 00 e8 78 ff 21 fe <0f> 0b 41 bd fb ff ff ff e8 6b ff 21 fe 48 8b 44 24 18 48 8d 78 6a [ 54.768936][ T5137] RSP: 0018:ffffc90003fcf080 EFLAGS: 00010293 [ 54.775113][ T5137] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 54.783217][ T5137] RDX: ffff88807e8d8000 RSI: ffffffff835f5188 RDI: 0000000000000005 [ 54.791512][ T5137] RBP: ffffc90003fcf110 R08: 0000000000000005 R09: 0000000000000000 [ 54.799550][ T5137] R10: 0000000000000001 R11: 0000000000000000 R12: ffff888027155bb0 [ 54.807668][ T5137] R13: 0000000000000001 R14: 0000000000001000 R15: ffff8880739dc738 [ 54.815712][ T5137] FS: 00007f7d7c326700(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000 [ 54.825165][ T5137] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 54.831861][ T5137] CR2: 00007f7d837dd0a0 CR3: 000000002ad78000 CR4: 0000000000350ee0 [ 54.839887][ T5137] Call Trace: [ 54.843181][ T5137] [ 54.846146][ T5137] ? hash_extent_data_ref+0xf0/0xf0 [ 54.851457][ T5137] ? find_held_lock+0x2d/0x110 [ 54.856258][ T5137] insert_inline_extent_backref+0xb3/0x1b0 [ 54.862130][ T5137] ? lookup_inline_extent_backref+0x10e0/0x10e0 [ 54.868409][ T5137] ? rcu_read_lock_sched_held+0x3e/0x70 [ 54.874057][ T5137] __btrfs_inc_extent_ref.isra.0+0xdb/0x3e0 [ 54.880001][ T5137] ? insert_extent_data_ref+0x7b0/0x7b0 [pid 5117] exit_group(0) = ? [ 54.885554][ T5137] ? lock_downgrade+0x6e0/0x6e0 [ 54.890481][ T5137] ? _raw_read_unlock+0x28/0x40 [ 54.895357][ T5137] ? btrfs_tree_mod_log_lowest_seq+0x86/0xb0 [ 54.901390][ T5137] __btrfs_run_delayed_refs+0x2017/0x3760 [ 54.907154][ T5137] ? check_ref_cleanup+0x3e0/0x3e0 [ 54.912325][ T5137] ? __add_reloc_root+0x3f1/0x520 [ 54.917372][ T5137] ? btrfs_init_reloc_root+0x191/0x660 [ 54.922876][ T5137] ? find_reloc_root+0x380/0x380 [ 54.927856][ T5137] ? rwlock_bug.part.0+0x90/0x90 [ 54.932895][ T5137] btrfs_run_delayed_refs+0x19a/0x490 [ 54.938316][ T5137] create_pending_snapshot+0x11ce/0x2110 [ 54.944065][ T5137] ? btrfs_write_and_wait_transaction+0x280/0x280 [ 54.950572][ T5137] ? rcu_read_lock_sched_held+0x3e/0x70 [ 54.956163][ T5137] ? trace_contention_end+0x153/0x1e0 [ 54.961616][ T5137] ? __mutex_lock+0x231/0x1360 [ 54.966418][ T5137] ? btrfs_commit_transaction+0xa9e/0x36c0 [ 54.972320][ T5137] ? lock_release+0x810/0x810 [ 54.977014][ T5137] ? btrfs_commit_transaction+0x7ba/0x36c0 [ 54.982888][ T5137] create_pending_snapshots+0x174/0x2c0 [ 54.988458][ T5137] btrfs_commit_transaction+0xaa6/0x36c0 [ 54.994152][ T5137] ? do_raw_spin_lock+0x124/0x2b0 [ 54.999232][ T5137] ? btrfs_commit_transaction_async+0x3f0/0x3f0 [ 55.005470][ T5137] ? start_transaction+0x2aa/0x1410 [ 55.010733][ T5137] btrfs_mksubvol+0xc09/0x1550 [ 55.015547][ T5137] ? create_subvol+0x13f0/0x13f0 [ 55.020571][ T5137] btrfs_mksnapshot+0xaf/0xf0 [ 55.025298][ T5137] __btrfs_ioctl_snap_create+0x3c1/0x430 [ 55.031011][ T5137] btrfs_ioctl_snap_create+0x148/0x1b0 [ 55.036505][ T5137] btrfs_ioctl+0x35b/0x5830 [ 55.041057][ T5137] ? tomoyo_path_number_perm+0x166/0x570 [ 55.046717][ T5137] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 55.052571][ T5137] ? btrfs_ioctl_get_supported_features+0x50/0x50 [ 55.059041][ T5137] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 55.064938][ T5137] ? do_vfs_ioctl+0x132/0x15b0 [ 55.069768][ T5137] ? vfs_fileattr_set+0xbe0/0xbe0 [ 55.074844][ T5137] ? find_held_lock+0x2d/0x110 [ 55.079703][ T5137] ? do_one_initcall+0x470/0x790 [ 55.084675][ T5137] ? __fget_files+0x26a/0x440 [ 55.089399][ T5137] ? bpf_lsm_file_ioctl+0x9/0x10 [ 55.094380][ T5137] ? btrfs_ioctl_get_supported_features+0x50/0x50 [ 55.100900][ T5137] __x64_sys_ioctl+0x197/0x210 [ 55.105692][ T5137] do_syscall_64+0x39/0xb0 [ 55.110154][ T5137] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 55.116071][ T5137] RIP: 0033:0x7f7d8379b9c9 [ 55.120523][ T5137] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 55.140243][ T5137] RSP: 002b:00007f7d7c3262f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 55.148747][ T5137] RAX: ffffffffffffffda RBX: 00007f7d838267b0 RCX: 00007f7d8379b9c9 [ 55.156743][ T5137] RDX: 00000000200000c0 RSI: 0000000050009401 RDI: 0000000000000005 [ 55.164752][ T5137] RBP: 00007f7d837f326c R08: 0000000000000000 R09: 0000000000000000 [ 55.172781][ T5137] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e [ 55.180830][ T5137] R13: 00007f7d837f2270 R14: 61635f7261656c63 R15: 00007f7d838267b8 [ 55.188870][ T5137] [ 55.191935][ T5137] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 55.199223][ T5137] CPU: 1 PID: 5137 Comm: syz-executor350 Not tainted 6.1.0-syzkaller-13139-gf9ff5644bcc0 #0 [ 55.209276][ T5137] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 55.219320][ T5137] Call Trace: [ 55.222586][ T5137] [ 55.225507][ T5137] dump_stack_lvl+0xd1/0x138 [ 55.230100][ T5137] panic+0x2cc/0x626 [ 55.233987][ T5137] ? panic_print_sys_info.part.0+0x110/0x110 [ 55.239975][ T5137] ? lookup_inline_extent_backref+0xd28/0x10e0 [ 55.246128][ T5137] check_panic_on_warn.cold+0x19/0x35 [ 55.251493][ T5137] __warn+0xf2/0x1a0 [ 55.255386][ T5137] ? lookup_inline_extent_backref+0xd28/0x10e0 [ 55.261535][ T5137] report_bug+0x1c0/0x210 [ 55.265866][ T5137] handle_bug+0x3c/0x70 [ 55.270026][ T5137] exc_invalid_op+0x18/0x50 [ 55.274528][ T5137] asm_exc_invalid_op+0x1a/0x20 [ 55.279391][ T5137] RIP: 0010:lookup_inline_extent_backref+0xd28/0x10e0 [ 55.286148][ T5137] Code: f9 ff ff e8 9a ff 21 fe 8b b4 24 40 01 00 00 31 ff e8 3c fc 21 fe 8b b4 24 40 01 00 00 85 f6 0f 84 10 02 00 00 e8 78 ff 21 fe <0f> 0b 41 bd fb ff ff ff e8 6b ff 21 fe 48 8b 44 24 18 48 8d 78 6a [ 55.305834][ T5137] RSP: 0018:ffffc90003fcf080 EFLAGS: 00010293 [ 55.311894][ T5137] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 55.319857][ T5137] RDX: ffff88807e8d8000 RSI: ffffffff835f5188 RDI: 0000000000000005 [ 55.327819][ T5137] RBP: ffffc90003fcf110 R08: 0000000000000005 R09: 0000000000000000 [ 55.335780][ T5137] R10: 0000000000000001 R11: 0000000000000000 R12: ffff888027155bb0 [ 55.343741][ T5137] R13: 0000000000000001 R14: 0000000000001000 R15: ffff8880739dc738 [ 55.351726][ T5137] ? lookup_inline_extent_backref+0xd28/0x10e0 [ 55.357896][ T5137] ? hash_extent_data_ref+0xf0/0xf0 [ 55.363096][ T5137] ? find_held_lock+0x2d/0x110 [ 55.367870][ T5137] insert_inline_extent_backref+0xb3/0x1b0 [ 55.373769][ T5137] ? lookup_inline_extent_backref+0x10e0/0x10e0 [ 55.380011][ T5137] ? rcu_read_lock_sched_held+0x3e/0x70 [ 55.385581][ T5137] __btrfs_inc_extent_ref.isra.0+0xdb/0x3e0 [ 55.391478][ T5137] ? insert_extent_data_ref+0x7b0/0x7b0 [ 55.397022][ T5137] ? lock_downgrade+0x6e0/0x6e0 [ 55.401883][ T5137] ? _raw_read_unlock+0x28/0x40 [ 55.406731][ T5137] ? btrfs_tree_mod_log_lowest_seq+0x86/0xb0 [ 55.412716][ T5137] __btrfs_run_delayed_refs+0x2017/0x3760 [ 55.418457][ T5137] ? check_ref_cleanup+0x3e0/0x3e0 [ 55.423581][ T5137] ? __add_reloc_root+0x3f1/0x520 [ 55.428615][ T5137] ? btrfs_init_reloc_root+0x191/0x660 [ 55.434083][ T5137] ? find_reloc_root+0x380/0x380 [ 55.439020][ T5137] ? rwlock_bug.part.0+0x90/0x90 [ 55.443959][ T5137] btrfs_run_delayed_refs+0x19a/0x490 [ 55.449336][ T5137] create_pending_snapshot+0x11ce/0x2110 [ 55.454977][ T5137] ? btrfs_write_and_wait_transaction+0x280/0x280 [ 55.461409][ T5137] ? rcu_read_lock_sched_held+0x3e/0x70 [ 55.466952][ T5137] ? trace_contention_end+0x153/0x1e0 [ 55.472323][ T5137] ? __mutex_lock+0x231/0x1360 [ 55.477084][ T5137] ? btrfs_commit_transaction+0xa9e/0x36c0 [ 55.482887][ T5137] ? lock_release+0x810/0x810 [ 55.487552][ T5137] ? btrfs_commit_transaction+0x7ba/0x36c0 [ 55.493447][ T5137] create_pending_snapshots+0x174/0x2c0 [ 55.498992][ T5137] btrfs_commit_transaction+0xaa6/0x36c0 [ 55.504618][ T5137] ? do_raw_spin_lock+0x124/0x2b0 [ 55.509649][ T5137] ? btrfs_commit_transaction_async+0x3f0/0x3f0 [ 55.515885][ T5137] ? start_transaction+0x2aa/0x1410 [ 55.521089][ T5137] btrfs_mksubvol+0xc09/0x1550 [ 55.525857][ T5137] ? create_subvol+0x13f0/0x13f0 [ 55.530799][ T5137] btrfs_mksnapshot+0xaf/0xf0 [ 55.535478][ T5137] __btrfs_ioctl_snap_create+0x3c1/0x430 [ 55.541118][ T5137] btrfs_ioctl_snap_create+0x148/0x1b0 [ 55.546593][ T5137] btrfs_ioctl+0x35b/0x5830 [ 55.551095][ T5137] ? tomoyo_path_number_perm+0x166/0x570 [ 55.556733][ T5137] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 55.562540][ T5137] ? btrfs_ioctl_get_supported_features+0x50/0x50 [ 55.568954][ T5137] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 55.574849][ T5137] ? do_vfs_ioctl+0x132/0x15b0 [ 55.579607][ T5137] ? vfs_fileattr_set+0xbe0/0xbe0 [ 55.584634][ T5137] ? find_held_lock+0x2d/0x110 [ 55.589401][ T5137] ? do_one_initcall+0x470/0x790 [ 55.594340][ T5137] ? __fget_files+0x26a/0x440 [ 55.599013][ T5137] ? bpf_lsm_file_ioctl+0x9/0x10 [ 55.603949][ T5137] ? btrfs_ioctl_get_supported_features+0x50/0x50 [ 55.610388][ T5137] __x64_sys_ioctl+0x197/0x210 [ 55.615146][ T5137] do_syscall_64+0x39/0xb0 [ 55.619587][ T5137] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 55.625492][ T5137] RIP: 0033:0x7f7d8379b9c9 [ 55.629901][ T5137] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 55.649502][ T5137] RSP: 002b:00007f7d7c3262f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 55.657909][ T5137] RAX: ffffffffffffffda RBX: 00007f7d838267b0 RCX: 00007f7d8379b9c9 [ 55.665873][ T5137] RDX: 00000000200000c0 RSI: 0000000050009401 RDI: 0000000000000005 [ 55.673834][ T5137] RBP: 00007f7d837f326c R08: 0000000000000000 R09: 0000000000000000 [ 55.681795][ T5137] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e [ 55.689757][ T5137] R13: 00007f7d837f2270 R14: 61635f7261656c63 R15: 00007f7d838267b8 [ 55.697733][ T5137] [ 55.701510][ T5137] Kernel Offset: disabled [ 55.705934][ T5137] Rebooting in 86400 seconds..