./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3759385452 <...> DUID 00:04:a3:03:08:15:93:78:e3:1f:4c:1c:fb:56:e6:f5:4b:05 forked to background, child pid 4653 [ 37.100199][ T4654] 8021q: adding VLAN 0 to HW filter on device bond0 [ 37.111301][ T4654] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.224' (ECDSA) to the list of known hosts. execve("./syz-executor3759385452", ["./syz-executor3759385452"], 0x7fff49baf160 /* 10 vars */) = 0 brk(NULL) = 0x55555583f000 brk(0x55555583fc40) = 0x55555583fc40 arch_prctl(ARCH_SET_FS, 0x55555583f300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x55555583f5d0) = 5087 set_robust_list(0x55555583f5e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f7a9cd3b9f0, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f7a9cd3c0c0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f7a9cd3ba90, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f7a9cd3c0c0}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3759385452", 4096) = 28 brk(0x555555860c40) = 0x555555860c40 brk(0x555555861000) = 0x555555861000 mprotect(0x7f7a9ce03000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 5087 mkdir("./syzkaller.HzDWJQ", 0700) = 0 chmod("./syzkaller.HzDWJQ", 0777) = 0 chdir("./syzkaller.HzDWJQ") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555583f5d0) = 5088 ./strace-static-x86_64: Process 5088 attached [pid 5088] set_robust_list(0x55555583f5e0, 24) = 0 [pid 5088] chdir("./0") = 0 [pid 5088] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5088] setpgid(0, 0) = 0 [pid 5088] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5088] write(3, "1000", 4) = 4 [pid 5088] close(3) = 0 [pid 5088] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5088] futex(0x7f7a9ce097ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5088] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7a9cd0a000 [pid 5088] mprotect(0x7f7a9cd0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5088] clone(child_stack=0x7f7a9cd2a3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5090], tls=0x7f7a9cd2a700, child_tidptr=0x7f7a9cd2a9d0) = 5090 [pid 5088] futex(0x7f7a9ce097e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5088] futex(0x7f7a9ce097ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5090 attached [pid 5090] set_robust_list(0x7f7a9cd2a9e0, 24) = 0 [pid 5090] memfd_create("syzkaller", 0) = 3 [pid 5090] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7a9490a000 syzkaller login: [ 59.614868][ T5090] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5090 'syz-executor375' [pid 5090] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5090] munmap(0x7f7a9490a000, 16777216) = 0 [pid 5090] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5090] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5090] close(3) = 0 [pid 5090] mkdir("./file0", 0777) = 0 [ 59.780408][ T5090] loop0: detected capacity change from 0 to 32768 [ 59.792879][ T5090] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor375 (5090) [ 59.814986][ T5090] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 59.824763][ T5090] BTRFS info (device loop0): force clearing of disk cache [ 59.832163][ T5090] BTRFS info (device loop0): setting nodatasum [ 59.838461][ T5090] BTRFS info (device loop0): allowing degraded mounts [ 59.845532][ T5090] BTRFS info (device loop0): enabling disk space caching [ 59.852576][ T5090] BTRFS info (device loop0): disk space caching is enabled [pid 5090] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [ 59.878071][ T5090] BTRFS info (device loop0): enabling ssd optimizations [ 59.885130][ T5090] BTRFS info (device loop0): auto enabling async discard [ 59.894261][ T5090] BTRFS info (device loop0): clearing free space tree [ 59.901281][ T5090] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 59.911085][ T5090] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5090] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5090] chdir("./file0") = 0 [pid 5090] ioctl(4, LOOP_CLR_FD) = 0 [pid 5090] close(4) = 0 [pid 5090] futex(0x7f7a9ce097ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5088] <... futex resumed>) = 0 [pid 5088] futex(0x7f7a9ce097e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] open("./file0", O_RDONLY) = 4 [pid 5090] futex(0x7f7a9ce097ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5088] <... futex resumed>) = 0 [pid 5088] futex(0x7f7a9ce097ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5088] futex(0x7f7a9ce097e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5088] futex(0x7f7a9ce097ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5090] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5090] futex(0x7f7a9ce097ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5090] futex(0x7f7a9ce097e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5088] <... futex resumed>) = 0 [pid 5088] futex(0x7f7a9ce097e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5088] futex(0x7f7a9ce097ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5090] <... futex resumed>) = 0 [ 59.935264][ T5090] BTRFS info (device loop0): checking UUID tree [pid 5090] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5090] futex(0x7f7a9ce097ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5090] futex(0x7f7a9ce097e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5088] <... futex resumed>) = 0 [pid 5088] futex(0x7f7a9ce097e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5090] <... futex resumed>) = 0 [pid 5090] creat("./bus", 000 [pid 5088] futex(0x7f7a9ce097ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5090] <... creat resumed>) = 6 [pid 5090] futex(0x7f7a9ce097ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5090] futex(0x7f7a9ce097e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5088] <... futex resumed>) = 0 [pid 5088] futex(0x7f7a9ce097e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] <... futex resumed>) = 0 [pid 5088] <... futex resumed>) = 1 [pid 5090] ftruncate(6, 2048) = 0 [pid 5088] futex(0x7f7a9ce097ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5090] futex(0x7f7a9ce097ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] futex(0x7f7a9ce097e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5088] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5088] futex(0x7f7a9ce097e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] <... futex resumed>) = 0 [pid 5088] <... futex resumed>) = 1 [ 59.970333][ T27] audit: type=1800 audit(1674410205.204:2): pid=5090 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor375" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 60.018709][ T47] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 5090] open("./bus", O_RDONLY) = 7 [pid 5088] futex(0x7f7a9ce097ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5090] futex(0x7f7a9ce097ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] futex(0x7f7a9ce097e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5088] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5088] futex(0x7f7a9ce097e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] <... futex resumed>) = 0 [pid 5088] <... futex resumed>) = 1 [pid 5090] sendfile(6, 7, NULL, 65536) = 2048 [pid 5088] futex(0x7f7a9ce097ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5090] futex(0x7f7a9ce097ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] futex(0x7f7a9ce097e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5088] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5088] futex(0x7f7a9ce097e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5090] <... futex resumed>) = 0 [pid 5090] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 5088] futex(0x7f7a9ce097ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5090] futex(0x7f7a9ce097ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5088] <... futex resumed>) = 0 [pid 5090] futex(0x7f7a9ce097e8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5088] futex(0x7f7a9ce097e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5088] <... futex resumed>) = 0 [ 60.036623][ T27] audit: type=1804 audit(1674410205.274:3): pid=5090 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor375" name="/root/syzkaller.HzDWJQ/0/file0/bus" dev="loop0" ino=263 res=1 errno=0 [pid 5088] futex(0x7f7a9ce097ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5088] futex(0x7f7a9ce097fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5088] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7a958e9000 [pid 5088] mprotect(0x7f7a958ea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5088] clone(child_stack=0x7f7a959093f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5109], tls=0x7f7a95909700, child_tidptr=0x7f7a959099d0) = 5109 [pid 5088] futex(0x7f7a9ce097f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5088] futex(0x7f7a9ce097fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5109 attached [pid 5109] set_robust_list(0x7f7a959099e0, 24) = 0 [ 60.090570][ T5090] BTRFS info (device loop0): balance: start -s [ 60.109733][ T5090] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5109] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 5088] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5109] <... ioctl resumed>) = 0 [pid 5109] futex(0x7f7a9ce097fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5109] futex(0x7f7a9ce097f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5090] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5090] futex(0x7f7a9ce097ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] futex(0x7f7a9ce097e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5088] exit_group(0 [pid 5109] <... futex resumed>) = ? [pid 5088] <... exit_group resumed>) = ? [pid 5109] +++ exited with 0 +++ [pid 5090] <... futex resumed>) = ? [pid 5090] +++ exited with 0 +++ [pid 5088] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5088, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=51 /* 0.51 s */} --- umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555840620 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./0/binderfs") = 0 [ 60.236241][ T5090] BTRFS info (device loop0): balance: ended with status: 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555848660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555848660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x555555840620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555583f5d0) = 5120 ./strace-static-x86_64: Process 5120 attached [pid 5120] set_robust_list(0x55555583f5e0, 24) = 0 [pid 5120] chdir("./1") = 0 [pid 5120] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5120] setpgid(0, 0) = 0 [pid 5120] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5120] write(3, "1000", 4) = 4 [pid 5120] close(3) = 0 [pid 5120] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5120] futex(0x7f7a9ce097ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5120] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7a9cd0a000 [pid 5120] mprotect(0x7f7a9cd0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5120] clone(child_stack=0x7f7a9cd2a3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5121 attached [pid 5121] set_robust_list(0x7f7a9cd2a9e0, 24 [pid 5120] <... clone resumed>, parent_tid=[5121], tls=0x7f7a9cd2a700, child_tidptr=0x7f7a9cd2a9d0) = 5121 [pid 5121] <... set_robust_list resumed>) = 0 [pid 5120] futex(0x7f7a9ce097e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5120] futex(0x7f7a9ce097ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5121] memfd_create("syzkaller", 0) = 3 [pid 5121] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7a9490a000 [pid 5121] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5121] munmap(0x7f7a9490a000, 16777216) = 0 [pid 5121] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5121] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5121] close(3) = 0 [pid 5121] mkdir("./file0", 0777) = 0 [ 60.565087][ T5121] loop0: detected capacity change from 0 to 32768 [ 60.578996][ T5121] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 60.588348][ T5121] BTRFS info (device loop0): force clearing of disk cache [ 60.595761][ T5121] BTRFS info (device loop0): setting nodatasum [ 60.601963][ T5121] BTRFS info (device loop0): allowing degraded mounts [ 60.608951][ T5121] BTRFS info (device loop0): enabling disk space caching [ 60.616167][ T5121] BTRFS info (device loop0): disk space caching is enabled [ 60.636401][ T5121] BTRFS info (device loop0): enabling ssd optimizations [ 60.643640][ T5121] BTRFS info (device loop0): auto enabling async discard [ 60.653197][ T5121] BTRFS info (device loop0): clearing free space tree [pid 5121] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5121] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5121] chdir("./file0") = 0 [pid 5121] ioctl(4, LOOP_CLR_FD) = 0 [pid 5121] close(4) = 0 [pid 5121] futex(0x7f7a9ce097ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5121] futex(0x7f7a9ce097e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5120] <... futex resumed>) = 0 [pid 5120] futex(0x7f7a9ce097e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5120] futex(0x7f7a9ce097ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5121] <... futex resumed>) = 0 [pid 5121] open("./file0", O_RDONLY) = 4 [pid 5121] futex(0x7f7a9ce097ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] <... futex resumed>) = 0 [pid 5120] futex(0x7f7a9ce097e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5120] futex(0x7f7a9ce097ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5121] <... futex resumed>) = 1 [ 60.660346][ T5121] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 60.670857][ T5121] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 60.686432][ T5121] BTRFS info (device loop0): checking UUID tree [pid 5121] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5121] futex(0x7f7a9ce097ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] <... futex resumed>) = 0 [pid 5120] futex(0x7f7a9ce097e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5120] futex(0x7f7a9ce097ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5121] <... futex resumed>) = 1 [pid 5121] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5121] futex(0x7f7a9ce097ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] <... futex resumed>) = 0 [pid 5120] futex(0x7f7a9ce097e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5120] futex(0x7f7a9ce097ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5121] <... futex resumed>) = 1 [pid 5121] creat("./bus", 000) = 6 [pid 5121] futex(0x7f7a9ce097ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] <... futex resumed>) = 0 [pid 5120] futex(0x7f7a9ce097e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5120] futex(0x7f7a9ce097ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5121] <... futex resumed>) = 1 [pid 5121] ftruncate(6, 2048) = 0 [pid 5121] futex(0x7f7a9ce097ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] <... futex resumed>) = 0 [pid 5120] futex(0x7f7a9ce097e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5120] futex(0x7f7a9ce097ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5121] <... futex resumed>) = 1 [pid 5121] open("./bus", O_RDONLY) = 7 [pid 5121] futex(0x7f7a9ce097ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] <... futex resumed>) = 0 [pid 5120] futex(0x7f7a9ce097e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5120] futex(0x7f7a9ce097ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5121] <... futex resumed>) = 1 [pid 5121] sendfile(6, 7, NULL, 65536) = 2048 [ 60.716561][ T27] audit: type=1800 audit(1674410205.954:4): pid=5121 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor375" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5121] futex(0x7f7a9ce097ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] <... futex resumed>) = 0 [pid 5120] futex(0x7f7a9ce097e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5120] futex(0x7f7a9ce097ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5121] <... futex resumed>) = 1 [pid 5121] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 5121] futex(0x7f7a9ce097ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5120] <... futex resumed>) = 0 [pid 5121] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5120] futex(0x7f7a9ce097e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 60.776356][ T47] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 60.794199][ T27] audit: type=1804 audit(1674410206.014:5): pid=5121 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor375" name="/root/syzkaller.HzDWJQ/1/file0/bus" dev="loop0" ino=263 res=1 errno=0 [pid 5120] futex(0x7f7a9ce097ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5120] futex(0x7f7a9ce097fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5120] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7a958e9000 [pid 5120] mprotect(0x7f7a958ea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5120] clone(child_stack=0x7f7a959093f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5140], tls=0x7f7a95909700, child_tidptr=0x7f7a959099d0) = 5140 [pid 5120] futex(0x7f7a9ce097f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5120] futex(0x7f7a9ce097fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5140 attached [pid 5140] set_robust_list(0x7f7a959099e0, 24) = 0 [ 60.829362][ T5121] BTRFS info (device loop0): balance: start -s [ 60.839375][ T5121] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5140] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 5121] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5140] <... ioctl resumed>) = 0 [pid 5121] futex(0x7f7a9ce097ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5121] futex(0x7f7a9ce097e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5140] futex(0x7f7a9ce097fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5140] futex(0x7f7a9ce097f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5120] <... futex resumed>) = 0 [pid 5120] exit_group(0 [pid 5121] <... futex resumed>) = ? [pid 5120] <... exit_group resumed>) = ? [pid 5121] +++ exited with 0 +++ [pid 5140] <... futex resumed>) = ? [pid 5140] +++ exited with 0 +++ [pid 5120] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5120, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=37 /* 0.37 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555840620 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./1/binderfs") = 0 [ 60.875616][ T5121] BTRFS info (device loop0): balance: ended with status: 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555848660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555848660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 getdents64(3, 0x555555840620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555583f5d0) = 5144 ./strace-static-x86_64: Process 5144 attached [pid 5144] set_robust_list(0x55555583f5e0, 24) = 0 [pid 5144] chdir("./2") = 0 [pid 5144] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5144] setpgid(0, 0) = 0 [pid 5144] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5144] write(3, "1000", 4) = 4 [pid 5144] close(3) = 0 [pid 5144] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5144] futex(0x7f7a9ce097ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7a9cd0a000 [pid 5144] mprotect(0x7f7a9cd0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5144] clone(child_stack=0x7f7a9cd2a3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5145 attached , parent_tid=[5145], tls=0x7f7a9cd2a700, child_tidptr=0x7f7a9cd2a9d0) = 5145 [pid 5144] futex(0x7f7a9ce097e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] futex(0x7f7a9ce097ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5145] set_robust_list(0x7f7a9cd2a9e0, 24) = 0 [pid 5145] memfd_create("syzkaller", 0) = 3 [pid 5145] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7a9490a000 [pid 5145] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5145] munmap(0x7f7a9490a000, 16777216) = 0 [pid 5145] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5145] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5145] close(3) = 0 [pid 5145] mkdir("./file0", 0777) = 0 [ 61.232031][ T5145] loop0: detected capacity change from 0 to 32768 [ 61.245828][ T5145] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 61.255118][ T5145] BTRFS info (device loop0): force clearing of disk cache [ 61.262247][ T5145] BTRFS info (device loop0): setting nodatasum [ 61.268502][ T5145] BTRFS info (device loop0): allowing degraded mounts [ 61.275305][ T5145] BTRFS info (device loop0): enabling disk space caching [ 61.282324][ T5145] BTRFS info (device loop0): disk space caching is enabled [ 61.302782][ T5145] BTRFS info (device loop0): enabling ssd optimizations [ 61.309861][ T5145] BTRFS info (device loop0): auto enabling async discard [ 61.318160][ T5145] BTRFS info (device loop0): clearing free space tree [pid 5145] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5145] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5145] chdir("./file0") = 0 [pid 5145] ioctl(4, LOOP_CLR_FD) = 0 [pid 5145] close(4) = 0 [pid 5145] futex(0x7f7a9ce097ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5144] <... futex resumed>) = 0 [pid 5144] futex(0x7f7a9ce097e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] futex(0x7f7a9ce097ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] <... futex resumed>) = 1 [pid 5145] open("./file0", O_RDONLY) = 4 [pid 5145] futex(0x7f7a9ce097ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5144] <... futex resumed>) = 0 [pid 5144] futex(0x7f7a9ce097e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] futex(0x7f7a9ce097ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] <... futex resumed>) = 1 [ 61.325337][ T5145] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 61.335548][ T5145] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 61.351157][ T5145] BTRFS info (device loop0): checking UUID tree [pid 5145] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5145] futex(0x7f7a9ce097ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5144] <... futex resumed>) = 0 [pid 5145] futex(0x7f7a9ce097e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5144] futex(0x7f7a9ce097e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5145] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5144] <... futex resumed>) = 0 [pid 5145] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5144] futex(0x7f7a9ce097ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] <... ioctl resumed>) = 0 [pid 5145] futex(0x7f7a9ce097ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5144] <... futex resumed>) = 0 [pid 5145] creat("./bus", 000 [pid 5144] futex(0x7f7a9ce097e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5145] <... creat resumed>) = 6 [pid 5144] futex(0x7f7a9ce097ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] futex(0x7f7a9ce097ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5144] <... futex resumed>) = 0 [pid 5144] futex(0x7f7a9ce097e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5145] <... futex resumed>) = 1 [pid 5144] futex(0x7f7a9ce097ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] ftruncate(6, 2048) = 0 [pid 5145] futex(0x7f7a9ce097ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5144] <... futex resumed>) = 0 [pid 5145] open("./bus", O_RDONLY [ 61.369959][ T27] audit: type=1800 audit(1674410206.604:6): pid=5145 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor375" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5144] futex(0x7f7a9ce097e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5145] <... open resumed>) = 7 [pid 5144] <... futex resumed>) = 0 [pid 5144] futex(0x7f7a9ce097ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] futex(0x7f7a9ce097ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5144] <... futex resumed>) = 0 [pid 5145] sendfile(6, 7, NULL, 65536 [pid 5144] futex(0x7f7a9ce097e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5145] <... sendfile resumed>) = 2048 [pid 5144] <... futex resumed>) = 0 [pid 5145] futex(0x7f7a9ce097ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5144] futex(0x7f7a9ce097ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] <... futex resumed>) = 0 [pid 5144] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5145] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 5144] futex(0x7f7a9ce097e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5145] <... openat resumed>) = 8 [pid 5144] <... futex resumed>) = 0 [pid 5144] futex(0x7f7a9ce097ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] futex(0x7f7a9ce097ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5144] <... futex resumed>) = 0 [pid 5144] futex(0x7f7a9ce097e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] futex(0x7f7a9ce097ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] <... futex resumed>) = 1 [ 61.429432][ T27] audit: type=1804 audit(1674410206.664:7): pid=5145 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor375" name="/root/syzkaller.HzDWJQ/2/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 61.456048][ T75] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 61.470354][ T5145] BTRFS info (device loop0): balance: start -s [pid 5145] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5144] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5144] futex(0x7f7a9ce097fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7a958e9000 [pid 5144] mprotect(0x7f7a958ea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5144] clone(child_stack=0x7f7a959093f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5164], tls=0x7f7a95909700, child_tidptr=0x7f7a959099d0) = 5164 ./strace-static-x86_64: Process 5164 attached [pid 5164] set_robust_list(0x7f7a959099e0, 24 [pid 5144] futex(0x7f7a9ce097f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5164] <... set_robust_list resumed>) = 0 [pid 5164] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 5144] futex(0x7f7a9ce097fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5145] futex(0x7f7a9ce097ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 61.480023][ T5145] BTRFS info (device loop0): relocating block group 1048576 flags system [ 61.518089][ T5145] BTRFS info (device loop0): balance: ended with status: 0 [pid 5145] futex(0x7f7a9ce097e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5144] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5164] <... ioctl resumed>) = 0 [pid 5164] futex(0x7f7a9ce097fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] exit_group(0) = ? [pid 5145] <... futex resumed>) = ? [pid 5145] +++ exited with 0 +++ [pid 5164] +++ exited with 0 +++ [pid 5144] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5144, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=36 /* 0.36 s */} --- umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555840620 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./2/binderfs") = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555848660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555848660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 getdents64(3, 0x555555840620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555583f5d0) = 5165 ./strace-static-x86_64: Process 5165 attached [pid 5165] set_robust_list(0x55555583f5e0, 24) = 0 [pid 5165] chdir("./3") = 0 [pid 5165] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5165] setpgid(0, 0) = 0 [pid 5165] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5165] write(3, "1000", 4) = 4 [pid 5165] close(3) = 0 [pid 5165] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5165] futex(0x7f7a9ce097ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5165] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7a9cd0a000 [pid 5165] mprotect(0x7f7a9cd0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5165] clone(child_stack=0x7f7a9cd2a3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5166 attached , parent_tid=[5166], tls=0x7f7a9cd2a700, child_tidptr=0x7f7a9cd2a9d0) = 5166 [pid 5165] futex(0x7f7a9ce097e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5165] futex(0x7f7a9ce097ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5166] set_robust_list(0x7f7a9cd2a9e0, 24) = 0 [pid 5166] memfd_create("syzkaller", 0) = 3 [pid 5166] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7a9490a000 [pid 5166] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5166] munmap(0x7f7a9490a000, 16777216) = 0 [pid 5166] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5166] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5166] close(3) = 0 [pid 5166] mkdir("./file0", 0777) = 0 [ 61.910964][ T5166] loop0: detected capacity change from 0 to 32768 [ 61.923770][ T5166] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 61.933360][ T5166] BTRFS info (device loop0): force clearing of disk cache [ 61.940566][ T5166] BTRFS info (device loop0): setting nodatasum [ 61.946844][ T5166] BTRFS info (device loop0): allowing degraded mounts [ 61.953723][ T5166] BTRFS info (device loop0): enabling disk space caching [ 61.960757][ T5166] BTRFS info (device loop0): disk space caching is enabled [ 61.980750][ T5166] BTRFS info (device loop0): enabling ssd optimizations [ 61.987957][ T5166] BTRFS info (device loop0): auto enabling async discard [ 61.996317][ T5166] BTRFS info (device loop0): clearing free space tree [pid 5166] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5166] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5166] chdir("./file0") = 0 [pid 5166] ioctl(4, LOOP_CLR_FD) = 0 [pid 5166] close(4) = 0 [pid 5166] futex(0x7f7a9ce097ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5165] <... futex resumed>) = 0 [pid 5166] open("./file0", O_RDONLY [pid 5165] futex(0x7f7a9ce097e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5166] <... open resumed>) = 4 [pid 5165] <... futex resumed>) = 0 [pid 5166] futex(0x7f7a9ce097ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5165] futex(0x7f7a9ce097ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5166] <... futex resumed>) = 0 [pid 5165] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5166] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5165] futex(0x7f7a9ce097e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5165] futex(0x7f7a9ce097ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5166] <... open resumed>) = 5 [pid 5166] futex(0x7f7a9ce097ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5165] <... futex resumed>) = 0 [pid 5165] futex(0x7f7a9ce097e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5166] <... futex resumed>) = 1 [pid 5165] futex(0x7f7a9ce097ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 62.003138][ T5166] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 62.013520][ T5166] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 62.029334][ T5166] BTRFS info (device loop0): checking UUID tree [pid 5166] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5166] futex(0x7f7a9ce097ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5165] <... futex resumed>) = 0 [pid 5166] creat("./bus", 000 [pid 5165] futex(0x7f7a9ce097e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5166] <... creat resumed>) = 6 [pid 5165] <... futex resumed>) = 0 [pid 5165] futex(0x7f7a9ce097ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5166] futex(0x7f7a9ce097ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5165] <... futex resumed>) = 0 [pid 5165] futex(0x7f7a9ce097e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5165] futex(0x7f7a9ce097ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5166] ftruncate(6, 2048) = 0 [pid 5166] futex(0x7f7a9ce097ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5165] <... futex resumed>) = 0 [pid 5165] futex(0x7f7a9ce097e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5165] futex(0x7f7a9ce097ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5166] <... futex resumed>) = 1 [pid 5166] open("./bus", O_RDONLY) = 7 [pid 5166] futex(0x7f7a9ce097ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5165] <... futex resumed>) = 0 [pid 5165] futex(0x7f7a9ce097e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5165] futex(0x7f7a9ce097ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5166] <... futex resumed>) = 1 [pid 5166] sendfile(6, 7, NULL, 65536) = 2048 [pid 5166] futex(0x7f7a9ce097ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5165] <... futex resumed>) = 0 [pid 5166] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 5165] futex(0x7f7a9ce097e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 62.043361][ T27] audit: type=1800 audit(1674410207.274:8): pid=5166 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor375" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5165] futex(0x7f7a9ce097ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5166] <... openat resumed>) = 8 [pid 5166] futex(0x7f7a9ce097ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5165] <... futex resumed>) = 0 [pid 5165] futex(0x7f7a9ce097e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5165] futex(0x7f7a9ce097ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5166] <... futex resumed>) = 1 [ 62.083599][ T27] audit: type=1804 audit(1674410207.314:9): pid=5166 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor375" name="/root/syzkaller.HzDWJQ/3/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 62.090177][ T75] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 62.124929][ T5166] BTRFS info (device loop0): balance: start -s [pid 5166] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5165] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5165] futex(0x7f7a9ce097fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5165] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7a958e9000 [pid 5165] mprotect(0x7f7a958ea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5165] clone(child_stack=0x7f7a959093f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5185], tls=0x7f7a95909700, child_tidptr=0x7f7a959099d0) = 5185 [pid 5165] futex(0x7f7a9ce097f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5165] futex(0x7f7a9ce097fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5185 attached [pid 5185] set_robust_list(0x7f7a959099e0, 24) = 0 [pid 5185] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 5166] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5166] futex(0x7f7a9ce097ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5166] futex(0x7f7a9ce097e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5185] <... ioctl resumed>) = 0 [pid 5185] futex(0x7f7a9ce097fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5165] <... futex resumed>) = 0 [pid 5165] exit_group(0) = ? [pid 5166] <... futex resumed>) = ? [pid 5166] +++ exited with 0 +++ [pid 5185] +++ exited with 0 +++ [pid 5165] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5165, si_uid=0, si_status=0, si_utime=0, si_stime=33 /* 0.33 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555840620 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./3/binderfs") = 0 [ 62.134172][ T5166] BTRFS info (device loop0): relocating block group 1048576 flags system [ 62.165741][ T5166] BTRFS info (device loop0): balance: ended with status: 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555848660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555848660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 getdents64(3, 0x555555840620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555583f5d0) = 5186 ./strace-static-x86_64: Process 5186 attached [pid 5186] set_robust_list(0x55555583f5e0, 24) = 0 [pid 5186] chdir("./4") = 0 [pid 5186] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5186] setpgid(0, 0) = 0 [pid 5186] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5186] write(3, "1000", 4) = 4 [pid 5186] close(3) = 0 [pid 5186] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5186] futex(0x7f7a9ce097ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5186] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7a9cd0a000 [pid 5186] mprotect(0x7f7a9cd0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5186] clone(child_stack=0x7f7a9cd2a3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5187], tls=0x7f7a9cd2a700, child_tidptr=0x7f7a9cd2a9d0) = 5187 [pid 5186] futex(0x7f7a9ce097e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5186] futex(0x7f7a9ce097ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5187 attached [pid 5187] set_robust_list(0x7f7a9cd2a9e0, 24) = 0 [pid 5187] memfd_create("syzkaller", 0) = 3 [pid 5187] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7a9490a000 [pid 5187] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5187] munmap(0x7f7a9490a000, 16777216) = 0 [pid 5187] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5187] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5187] close(3) = 0 [pid 5187] mkdir("./file0", 0777) = 0 [ 62.522712][ T5187] loop0: detected capacity change from 0 to 32768 [ 62.537274][ T5187] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 62.546919][ T5187] BTRFS info (device loop0): force clearing of disk cache [ 62.554493][ T5187] BTRFS info (device loop0): setting nodatasum [ 62.560678][ T5187] BTRFS info (device loop0): allowing degraded mounts [ 62.567902][ T5187] BTRFS info (device loop0): enabling disk space caching [ 62.575126][ T5187] BTRFS info (device loop0): disk space caching is enabled [ 62.604623][ T5187] BTRFS info (device loop0): enabling ssd optimizations [ 62.612213][ T5187] BTRFS info (device loop0): auto enabling async discard [pid 5187] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5187] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5187] chdir("./file0") = 0 [pid 5187] ioctl(4, LOOP_CLR_FD) = 0 [pid 5187] close(4) = 0 [pid 5187] futex(0x7f7a9ce097ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5186] <... futex resumed>) = 0 [pid 5186] futex(0x7f7a9ce097e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5186] futex(0x7f7a9ce097ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5187] <... futex resumed>) = 1 [pid 5187] open("./file0", O_RDONLY) = 4 [pid 5187] futex(0x7f7a9ce097ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5186] <... futex resumed>) = 0 [pid 5186] futex(0x7f7a9ce097e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5186] futex(0x7f7a9ce097ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5187] <... futex resumed>) = 1 [ 62.620544][ T5187] BTRFS info (device loop0): clearing free space tree [ 62.627537][ T5187] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 62.638717][ T5187] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 62.654755][ T5187] BTRFS info (device loop0): checking UUID tree [pid 5187] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5187] futex(0x7f7a9ce097ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5186] <... futex resumed>) = 0 [pid 5186] futex(0x7f7a9ce097e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5186] futex(0x7f7a9ce097ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5187] <... futex resumed>) = 1 [pid 5187] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5187] futex(0x7f7a9ce097ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5186] <... futex resumed>) = 0 [pid 5186] futex(0x7f7a9ce097e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5186] futex(0x7f7a9ce097ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5187] creat("./bus", 000) = 6 [pid 5187] futex(0x7f7a9ce097ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5186] <... futex resumed>) = 0 [pid 5186] futex(0x7f7a9ce097e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5186] futex(0x7f7a9ce097ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5187] <... futex resumed>) = 1 [pid 5187] ftruncate(6, 2048) = 0 [pid 5187] futex(0x7f7a9ce097ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5186] <... futex resumed>) = 0 [pid 5186] futex(0x7f7a9ce097e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5187] open("./bus", O_RDONLY [pid 5186] <... futex resumed>) = 0 [pid 5187] <... open resumed>) = 7 [pid 5186] futex(0x7f7a9ce097ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5187] futex(0x7f7a9ce097ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5186] <... futex resumed>) = 0 [pid 5187] sendfile(6, 7, NULL, 65536 [pid 5186] futex(0x7f7a9ce097e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5187] <... sendfile resumed>) = 2048 [pid 5186] <... futex resumed>) = 0 [pid 5186] futex(0x7f7a9ce097ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5187] futex(0x7f7a9ce097ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5186] <... futex resumed>) = 0 [pid 5187] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [ 62.672923][ T27] audit: type=1800 audit(1674410207.904:10): pid=5187 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor375" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5186] futex(0x7f7a9ce097e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5186] futex(0x7f7a9ce097ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5187] <... openat resumed>) = 8 [pid 5187] futex(0x7f7a9ce097ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5186] <... futex resumed>) = 0 [pid 5186] futex(0x7f7a9ce097e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5186] futex(0x7f7a9ce097ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5187] <... futex resumed>) = 1 [ 62.719380][ T27] audit: type=1804 audit(1674410207.954:11): pid=5187 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor375" name="/root/syzkaller.HzDWJQ/4/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 62.732038][ T47] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 5187] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5186] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5186] futex(0x7f7a9ce097fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5186] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7a958e9000 [pid 5186] mprotect(0x7f7a958ea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5186] clone(child_stack=0x7f7a959093f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5206], tls=0x7f7a95909700, child_tidptr=0x7f7a959099d0) = 5206 [pid 5186] futex(0x7f7a9ce097f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5186] futex(0x7f7a9ce097fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5206 attached [pid 5206] set_robust_list(0x7f7a959099e0, 24) = 0 [ 62.766501][ T5187] BTRFS info (device loop0): balance: start -s [ 62.783167][ T5187] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5206] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 5186] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5186] futex(0x7f7a9ce097fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [ 62.850344][ T5187] ------------[ cut here ]------------ [ 62.880192][ T5187] WARNING: CPU: 0 PID: 5187 at fs/btrfs/extent-tree.c:871 lookup_inline_extent_backref+0xd28/0x10e0 [ 62.913846][ T5187] Modules linked in: [ 62.924834][ T5187] CPU: 1 PID: 5187 Comm: syz-executor375 Not tainted 6.2.0-rc4-next-20230120-syzkaller #0 [ 62.935516][ T5187] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 [ 62.946520][ T5187] RIP: 0010:lookup_inline_extent_backref+0xd28/0x10e0 [ 62.953343][ T5187] Code: f9 ff ff e8 9a 16 24 fe 8b b4 24 40 01 00 00 31 ff e8 3c 13 24 fe 8b b4 24 40 01 00 00 85 f6 0f 84 10 02 00 00 e8 78 16 24 fe <0f> 0b 41 bd fb ff ff ff e8 6b 16 24 fe 48 8b 44 24 18 48 8d 78 6a [ 62.983728][ T5187] RSP: 0018:ffffc9000408ee00 EFLAGS: 00010293 [ 62.989856][ T5187] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 62.998168][ T5187] RDX: ffff88801ee0ba80 RSI: ffffffff835de368 RDI: 0000000000000005 [pid 5186] exit_group(0) = ? [ 63.007139][ T5187] RBP: ffffc9000408ee90 R08: 0000000000000005 R09: 0000000000000000 [ 63.016010][ T5187] R10: 0000000000000001 R11: 0000000000000000 R12: ffff88801cda9790 [ 63.024881][ T5187] R13: 0000000000000001 R14: 0000000000001000 R15: ffff888072cace70 [ 63.033738][ T5187] FS: 00007f7a9cd2a700(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 63.043106][ T5187] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 63.049935][ T5187] CR2: 00007f7a9cdc0170 CR3: 000000007b3db000 CR4: 00000000003506f0 [ 63.058466][ T5187] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 63.066900][ T5187] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 63.075049][ T5187] Call Trace: [ 63.078344][ T5187] [ 63.081284][ T5187] ? hash_extent_data_ref+0xf0/0xf0 [ 63.086673][ T5187] ? find_held_lock+0x2d/0x110 [ 63.091648][ T5187] insert_inline_extent_backref+0xb3/0x1b0 [ 63.097598][ T5187] ? lookup_inline_extent_backref+0x10e0/0x10e0 [ 63.104003][ T5187] ? rcu_read_lock_sched_held+0x3e/0x70 [ 63.109589][ T5187] __btrfs_inc_extent_ref.isra.0+0xdb/0x3e0 [ 63.115687][ T5187] ? insert_extent_data_ref+0x7b0/0x7b0 [ 63.121279][ T5187] ? lock_downgrade+0x6e0/0x6e0 [ 63.126399][ T5187] ? _raw_read_unlock+0x28/0x40 [ 63.131406][ T5187] ? btrfs_tree_mod_log_lowest_seq+0x86/0xb0 [ 63.137602][ T5187] __btrfs_run_delayed_refs+0x1383/0x39f0 [ 63.143397][ T5187] ? check_ref_cleanup+0x3e0/0x3e0 [ 63.148774][ T5187] ? __mutex_unlock_slowpath+0x157/0x5e0 [ 63.154492][ T5187] ? wait_for_completion_io_timeout+0x20/0x20 [ 63.160629][ T5187] btrfs_run_delayed_refs+0x19a/0x490 [ 63.166192][ T5187] create_pending_snapshot+0x11ce/0x2110 [ 63.171890][ T5187] ? btrfs_clean_one_deleted_snapshot+0x390/0x390 [ 63.178585][ T5187] ? rcu_read_lock_sched_held+0x3e/0x70 [ 63.184241][ T5187] ? trace_contention_end+0x173/0x1e0 [ 63.189683][ T5187] ? __mutex_lock+0x231/0x1350 [ 63.194537][ T5187] ? btrfs_commit_transaction+0xaa0/0x3780 [ 63.200400][ T5187] ? lock_sync+0x190/0x190 [ 63.204899][ T5187] ? btrfs_commit_transaction+0x987/0x3780 [ 63.210739][ T5187] ? rcu_read_lock_sched_held+0x3e/0x70 [ 63.216373][ T5187] ? trace_lock_acquire+0x1f1/0x290 [ 63.221623][ T5187] create_pending_snapshots+0x174/0x2c0 [ 63.227230][ T5187] btrfs_commit_transaction+0xaa8/0x3780 [ 63.232895][ T5187] ? trace_lock_acquire+0x1f1/0x290 [ 63.238199][ T5187] ? create_pending_snapshots+0x2c0/0x2c0 [ 63.244086][ T5187] ? prepare_to_wait_exclusive+0x2c0/0x2c0 [ 63.249963][ T5187] prepare_to_relocate+0x41d/0x6b0 [ 63.255184][ T5187] relocate_block_group+0x123/0xd60 [ 63.260425][ T5187] ? btrfs_relocate_block_group+0x512/0xda0 [ 63.266395][ T5187] ? mutex_lock_io_nested+0x11a0/0x11a0 [ 63.271974][ T5187] ? relocate_data_extent+0x4b0/0x4b0 [ 63.277422][ T5187] ? btrfs_wait_ordered_extents+0xe20/0xe20 [ 63.283534][ T5187] btrfs_relocate_block_group+0x51a/0xda0 [ 63.289319][ T5187] btrfs_relocate_chunk+0x14a/0x350 [ 63.294628][ T5187] btrfs_balance+0x1caf/0x3b50 [ 63.299470][ T5187] ? find_held_lock+0x2d/0x110 [ 63.304343][ T5187] ? btrfs_relocate_chunk+0x350/0x350 [ 63.309795][ T5187] btrfs_ioctl+0xfda/0x5950 [ 63.314397][ T5187] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 63.320246][ T5187] ? btrfs_ioctl_get_supported_features+0x50/0x50 [ 63.326729][ T5187] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 63.332688][ T5187] ? do_vfs_ioctl+0x132/0x1600 [ 63.337536][ T5187] ? vfs_fileattr_set+0xc40/0xc40 [ 63.342863][ T5187] ? trace_lock_acquire+0x1f1/0x290 [ 63.348120][ T5187] ? do_one_initcall+0x402/0x7d0 [ 63.353094][ T5187] ? receive_fd+0x110/0x110 [ 63.357759][ T5187] ? __fget_files+0x26a/0x480 [ 63.362508][ T5187] ? bpf_lsm_file_ioctl+0x9/0x10 [ 63.367564][ T5187] ? btrfs_ioctl_get_supported_features+0x50/0x50 [ 63.374069][ T5187] __x64_sys_ioctl+0x197/0x210 [ 63.378870][ T5187] do_syscall_64+0x39/0xb0 [ 63.383296][ T5187] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 63.389327][ T5187] RIP: 0033:0x7f7a9cd7ea99 [ 63.393795][ T5187] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 63.413497][ T5187] RSP: 002b:00007f7a9cd2a2f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 63.421959][ T5187] RAX: ffffffffffffffda RBX: 00007f7a9ce097e0 RCX: 00007f7a9cd7ea99 [ 63.430069][ T5187] RDX: 0000000020000480 RSI: 00000000c4009420 RDI: 0000000000000008 [ 63.438117][ T5187] RBP: 00007f7a9cdd626c R08: 0000000000000000 R09: 0000000000000000 [ 63.446202][ T5187] R10: 0000000000000000 R11: 0000000000000246 R12: 8000000000000000 [ 63.454237][ T5187] R13: 00007f7a9cdd5270 R14: 0000000100000000 R15: 00007f7a9ce097e8 [ 63.462270][ T5187] [ 63.465377][ T5187] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 63.472661][ T5187] CPU: 1 PID: 5187 Comm: syz-executor375 Not tainted 6.2.0-rc4-next-20230120-syzkaller #0 [ 63.482546][ T5187] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 [ 63.492593][ T5187] Call Trace: [ 63.495866][ T5187] [ 63.498792][ T5187] dump_stack_lvl+0xd1/0x138 [ 63.503388][ T5187] panic+0x2cc/0x626 [ 63.507294][ T5187] ? panic_print_sys_info.part.0+0x110/0x110 [ 63.513313][ T5187] ? lookup_inline_extent_backref+0xd28/0x10e0 [ 63.519483][ T5187] check_panic_on_warn.cold+0x19/0x35 [ 63.524869][ T5187] __warn+0xf2/0x1a0 [ 63.528817][ T5187] ? lookup_inline_extent_backref+0xd28/0x10e0 [ 63.534970][ T5187] report_bug+0x1c0/0x210 [ 63.539303][ T5187] handle_bug+0x3c/0x70 [ 63.543471][ T5187] exc_invalid_op+0x18/0x50 [ 63.548010][ T5187] asm_exc_invalid_op+0x1a/0x20 [ 63.552881][ T5187] RIP: 0010:lookup_inline_extent_backref+0xd28/0x10e0 [ 63.559670][ T5187] Code: f9 ff ff e8 9a 16 24 fe 8b b4 24 40 01 00 00 31 ff e8 3c 13 24 fe 8b b4 24 40 01 00 00 85 f6 0f 84 10 02 00 00 e8 78 16 24 fe <0f> 0b 41 bd fb ff ff ff e8 6b 16 24 fe 48 8b 44 24 18 48 8d 78 6a [ 63.579296][ T5187] RSP: 0018:ffffc9000408ee00 EFLAGS: 00010293 [ 63.585407][ T5187] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 63.593391][ T5187] RDX: ffff88801ee0ba80 RSI: ffffffff835de368 RDI: 0000000000000005 [ 63.601380][ T5187] RBP: ffffc9000408ee90 R08: 0000000000000005 R09: 0000000000000000 [ 63.609362][ T5187] R10: 0000000000000001 R11: 0000000000000000 R12: ffff88801cda9790 [ 63.617344][ T5187] R13: 0000000000000001 R14: 0000000000001000 R15: ffff888072cace70 [ 63.625356][ T5187] ? lookup_inline_extent_backref+0xd28/0x10e0 [ 63.631564][ T5187] ? hash_extent_data_ref+0xf0/0xf0 [ 63.636817][ T5187] ? find_held_lock+0x2d/0x110 [ 63.641627][ T5187] insert_inline_extent_backref+0xb3/0x1b0 [ 63.647469][ T5187] ? lookup_inline_extent_backref+0x10e0/0x10e0 [ 63.653744][ T5187] ? rcu_read_lock_sched_held+0x3e/0x70 [ 63.659335][ T5187] __btrfs_inc_extent_ref.isra.0+0xdb/0x3e0 [ 63.665260][ T5187] ? insert_extent_data_ref+0x7b0/0x7b0 [ 63.670824][ T5187] ? lock_downgrade+0x6e0/0x6e0 [ 63.675690][ T5187] ? _raw_read_unlock+0x28/0x40 [ 63.680564][ T5187] ? btrfs_tree_mod_log_lowest_seq+0x86/0xb0 [ 63.686578][ T5187] __btrfs_run_delayed_refs+0x1383/0x39f0 [ 63.692359][ T5187] ? check_ref_cleanup+0x3e0/0x3e0 [ 63.697492][ T5187] ? __mutex_unlock_slowpath+0x157/0x5e0 [ 63.703150][ T5187] ? wait_for_completion_io_timeout+0x20/0x20 [ 63.709282][ T5187] btrfs_run_delayed_refs+0x19a/0x490 [ 63.714701][ T5187] create_pending_snapshot+0x11ce/0x2110 [ 63.720382][ T5187] ? btrfs_clean_one_deleted_snapshot+0x390/0x390 [ 63.726826][ T5187] ? rcu_read_lock_sched_held+0x3e/0x70 [ 63.732388][ T5187] ? trace_contention_end+0x173/0x1e0 [ 63.737791][ T5187] ? __mutex_lock+0x231/0x1350 [ 63.742577][ T5187] ? btrfs_commit_transaction+0xaa0/0x3780 [ 63.748410][ T5187] ? lock_sync+0x190/0x190 [ 63.752848][ T5187] ? btrfs_commit_transaction+0x987/0x3780 [ 63.758678][ T5187] ? rcu_read_lock_sched_held+0x3e/0x70 [ 63.764243][ T5187] ? trace_lock_acquire+0x1f1/0x290 [ 63.769480][ T5187] create_pending_snapshots+0x174/0x2c0 [ 63.775052][ T5187] btrfs_commit_transaction+0xaa8/0x3780 [ 63.780701][ T5187] ? trace_lock_acquire+0x1f1/0x290 [ 63.785940][ T5187] ? create_pending_snapshots+0x2c0/0x2c0 [ 63.791685][ T5187] ? prepare_to_wait_exclusive+0x2c0/0x2c0 [ 63.797526][ T5187] prepare_to_relocate+0x41d/0x6b0 [ 63.802672][ T5187] relocate_block_group+0x123/0xd60 [ 63.807900][ T5187] ? btrfs_relocate_block_group+0x512/0xda0 [ 63.813822][ T5187] ? mutex_lock_io_nested+0x11a0/0x11a0 [ 63.819390][ T5187] ? relocate_data_extent+0x4b0/0x4b0 [ 63.824785][ T5187] ? btrfs_wait_ordered_extents+0xe20/0xe20 [ 63.830722][ T5187] btrfs_relocate_block_group+0x51a/0xda0 [ 63.836476][ T5187] btrfs_relocate_chunk+0x14a/0x350 [ 63.841695][ T5187] btrfs_balance+0x1caf/0x3b50 [ 63.846495][ T5187] ? find_held_lock+0x2d/0x110 [ 63.851306][ T5187] ? btrfs_relocate_chunk+0x350/0x350 [ 63.856724][ T5187] btrfs_ioctl+0xfda/0x5950 [ 63.861258][ T5187] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 63.867091][ T5187] ? btrfs_ioctl_get_supported_features+0x50/0x50 [ 63.873536][ T5187] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 63.879462][ T5187] ? do_vfs_ioctl+0x132/0x1600 [ 63.884245][ T5187] ? vfs_fileattr_set+0xc40/0xc40 [ 63.889305][ T5187] ? trace_lock_acquire+0x1f1/0x290 [ 63.894527][ T5187] ? do_one_initcall+0x402/0x7d0 [ 63.899486][ T5187] ? receive_fd+0x110/0x110 [ 63.904020][ T5187] ? __fget_files+0x26a/0x480 [ 63.908723][ T5187] ? bpf_lsm_file_ioctl+0x9/0x10 [ 63.913684][ T5187] ? btrfs_ioctl_get_supported_features+0x50/0x50 [ 63.920125][ T5187] __x64_sys_ioctl+0x197/0x210 [ 63.924916][ T5187] do_syscall_64+0x39/0xb0 [ 63.929360][ T5187] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 63.935271][ T5187] RIP: 0033:0x7f7a9cd7ea99 [ 63.939698][ T5187] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 63.959319][ T5187] RSP: 002b:00007f7a9cd2a2f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 63.967752][ T5187] RAX: ffffffffffffffda RBX: 00007f7a9ce097e0 RCX: 00007f7a9cd7ea99 [ 63.975732][ T5187] RDX: 0000000020000480 RSI: 00000000c4009420 RDI: 0000000000000008 [ 63.983712][ T5187] RBP: 00007f7a9cdd626c R08: 0000000000000000 R09: 0000000000000000 [ 63.991692][ T5187] R10: 0000000000000000 R11: 0000000000000246 R12: 8000000000000000 [ 63.999671][ T5187] R13: 00007f7a9cdd5270 R14: 0000000100000000 R15: 00007f7a9ce097e8 [ 64.007677][ T5187] [ 64.010903][ T5187] Kernel Offset: disabled [ 64.015343][ T5187] Rebooting in 86400 seconds..