./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor759944235 <...> Warning: Permanently added '10.128.0.51' (ECDSA) to the list of known hosts. execve("./syz-executor759944235", ["./syz-executor759944235"], 0x7ffd0d00f3c0 /* 10 vars */) = 0 brk(NULL) = 0x555555aaa000 brk(0x555555aaac40) = 0x555555aaac40 arch_prctl(ARCH_SET_FS, 0x555555aaa300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor759944235", 4096) = 27 brk(0x555555acbc40) = 0x555555acbc40 brk(0x555555acc000) = 0x555555acc000 mprotect(0x7f0d98f1c000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 getpid() = 3630 mkdir("./syzkaller.gDU3bE", 0700) = 0 chmod("./syzkaller.gDU3bE", 0777) = 0 chdir("./syzkaller.gDU3bE") = 0 unshare(CLONE_NEWPID) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3631 attached , child_tidptr=0x555555aaa5d0) = 3631 [pid 3631] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy) [pid 3631] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3631] setsid() = 1 [pid 3631] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 3631] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 3631] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 3631] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 3631] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0 [pid 3631] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 3631] unshare(CLONE_NEWNS) = 0 [pid 3631] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 3631] unshare(CLONE_NEWIPC) = 0 [pid 3631] unshare(CLONE_NEWCGROUP) = 0 [pid 3631] unshare(CLONE_NEWUTS) = 0 [pid 3631] unshare(CLONE_SYSVSEM) = 0 [pid 3631] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3 [pid 3631] write(3, "16777216", 8) = 8 [pid 3631] close(3) = 0 [pid 3631] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3 [pid 3631] write(3, "536870912", 9) = 9 [pid 3631] close(3) = 0 [pid 3631] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3 [pid 3631] write(3, "1024", 4) = 4 [pid 3631] close(3) = 0 [pid 3631] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3 [pid 3631] write(3, "8192", 4) = 4 [pid 3631] close(3) = 0 [pid 3631] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3 [pid 3631] write(3, "1024", 4) = 4 [pid 3631] close(3) = 0 [pid 3631] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3 [pid 3631] write(3, "1024", 4) = 4 [pid 3631] close(3) = 0 [pid 3631] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3 [pid 3631] write(3, "1024 1048576 500 1024", 21) = 21 [pid 3631] close(3) = 0 [pid 3631] getpid() = 1 [pid 3631] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [ 55.891827][ T3632] dump_stack_lvl+0x1b1/0x28e [ 55.896529][ T3632] ? nf_tcp_handle_invalid+0x62e/0x62e [ 55.901984][ T3632] ? panic+0x710/0x710 [ 55.906050][ T3632] ? folio_memcg_lock+0x20d/0x5b0 [ 55.911072][ T3632] should_fail_ex+0x395/0x4c0 [ 55.915749][ T3632] prepare_alloc_pages+0x1d7/0x5a0 [ 55.920865][ T3632] __alloc_pages+0x161/0x560 [ 55.925459][ T3632] ? zone_statistics+0x160/0x160 [ 55.930404][ T3632] ? rcu_read_lock_sched_held+0x87/0x110 [ 55.936125][ T3632] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 55.942096][ T3632] ? mark_lock+0x9a/0x350 [ 55.946428][ T3632] __folio_alloc+0xf/0x30 [ 55.950796][ T3632] vma_alloc_folio+0x660/0xb60 [ 55.955566][ T3632] wp_page_copy+0x249/0x1610 [ 55.960164][ T3632] ? __lock_acquire+0x1f60/0x1f60 [ 55.965224][ T3632] ? rcu_lock_release+0x20/0x20 [ 55.970074][ T3632] ? _raw_spin_unlock+0x24/0x40 [ 55.974924][ T3632] ? do_wp_page+0xd7d/0x19a0 [ 55.979522][ T3632] handle_mm_fault+0x1e72/0x3630 [ 55.984503][ T3632] ? numa_migrate_prep+0x250/0x250 [ 55.989671][ T3632] ? do_user_addr_fault+0x1cc/0xcb0 [ 55.994866][ T3632] do_user_addr_fault+0x69b/0xcb0 [ 55.999910][ T3632] exc_page_fault+0x7a/0x110 [ 56.004500][ T3632] asm_exc_page_fault+0x22/0x30 [ 56.009354][ T3632] RIP: 0033:0x7f0d98e65158 [ 56.013774][ T3632] Code: 00 00 80 3d e9 d2 0b 00 00 75 2f 55 48 83 3d e6 ad 0b 00 00 48 89 e5 74 0c 48 8b 3d da af 0b 00 e8 15 f1 ff ff e8 68 ff ff ff 05 c1 d2 0b 00 01 5d c3 0f 1f 80 00 00 00 00 c3 0f 1f 80 00 00 [ 56.033376][ T3632] RSP: 002b:00007ffd32e91bd0 EFLAGS: 00010246 [ 56.039443][ T3632] RAX: 00007f0d98f21b90 RBX: 0000000000000001 RCX: 0000000000000001 [pid 3632] exit_group(0) = ? [pid 3632] +++ exited with 0 +++ [pid 3631] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2, si_uid=0, si_status=0, si_utime=6, si_stime=28} --- [pid 3631] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3631] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(3, 0x555555aab620 /* 4 entries */, 32768) = 112 [pid 3631] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 3631] unlink("./0/binderfs") = 0 [ 56.047412][ T3632] RDX: 00007f0d98e67cf0 RSI: 0000000000000000 RDI: 00007f0d98f21b90 [ 56.055386][ T3632] RBP: 00007ffd32e91bd0 R08: 0000000000000000 R09: 0000000000000000 [ 56.063348][ T3632] R10: 0000000008000000 R11: 0000000000000246 R12: 0000000000000000 [ 56.071326][ T3632] R13: 0000000000000001 R14: 00007f0d98f23180 R15: 0000000000000001 [ 56.079321][ T3632] [ 56.082755][ T3632] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [pid 3631] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 3631] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 3631] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(4, 0x555555ab3660 /* 2 entries */, 32768) = 48 [pid 3631] getdents64(4, 0x555555ab3660 /* 0 entries */, 32768) = 0 [pid 3631] close(4) = 0 [pid 3631] rmdir("./0/file0") = 0 [pid 3631] getdents64(3, 0x555555aab620 /* 0 entries */, 32768) = 0 [pid 3631] close(3) = 0 [pid 3631] rmdir("./0") = 0 [pid 3631] mkdir("./1", 0777) = 0 [pid 3631] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 3631] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 3631] close(3) = 0 [pid 3631] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555aaa5d0) = 3 ./strace-static-x86_64: Process 3654 attached [pid 3654] chdir("./1") = 0 [pid 3654] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3654] setpgid(0, 0) = 0 [pid 3654] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3654] write(3, "1000", 4) = 4 [pid 3654] close(3) = 0 [pid 3654] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3654] memfd_create("syzkaller", 0) = 3 [pid 3654] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0d90a00000 [pid 3654] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 3654] munmap(0x7f0d90a00000, 16777216) = 0 [pid 3654] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3654] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3654] close(3) = 0 [pid 3654] mkdir("./file0", 0777) = 0 [ 56.397993][ T3654] loop0: detected capacity change from 0 to 32768 [ 56.411933][ T3654] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 56.420814][ T3654] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 56.431746][ T3654] BTRFS info (device loop0): setting nodatacow, compression disabled [ 56.440109][ T3654] BTRFS info (device loop0): enabling auto defrag [pid 3654] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,datacow,noinode_cache,nodatacow,nodatasum,autodefrag,user_subvol_rm_allowed,metadata_ra"...) = 0 [pid 3654] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3654] chdir("./file0") = 0 [pid 3654] ioctl(4, LOOP_CLR_FD) = 0 [pid 3654] close(4) = 0 [ 56.446927][ T3654] BTRFS info (device loop0): metadata ratio 1 [ 56.453040][ T3654] BTRFS info (device loop0): using free space tree [ 56.472490][ T3654] BTRFS info (device loop0): enabling ssd optimizations [pid 3654] openat(AT_FDCWD, "./file2", O_RDWR|O_EXCL|O_DIRECT|O_NOATIME) = 4 [ 56.499044][ T27] audit: type=1800 audit(1669664170.739:4): pid=3654 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor759" name="file2" dev="loop0" ino=261 res=0 errno=0 [pid 3654] pwritev2(4, [{iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=4294934528}], 1, 134217728, 0) = 8388608 [pid 3654] openat(AT_FDCWD, "./file2", O_RDWR|O_EXCL|O_DIRECT|O_NOATIME) = 5 [pid 3654] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6 [pid 3654] write(6, "6", 1) = 1 [pid 3654] pwritev2(5, [{iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=4294934528}], 1, 134217728, 0) = -1 ENOSPC (No space left on device) [pid 3654] close(3) = 0 [pid 3654] close(4) = 0 [pid 3654] close(5) = 0 [pid 3654] close(6) = 0 [pid 3654] close(7) = -1 EBADF (Bad file descriptor) [pid 3654] close(8) = -1 EBADF (Bad file descriptor) [pid 3654] close(9) = -1 EBADF (Bad file descriptor) [pid 3654] close(10) = -1 EBADF (Bad file descriptor) [pid 3654] close(11) = -1 EBADF (Bad file descriptor) [pid 3654] close(12) = -1 EBADF (Bad file descriptor) [pid 3654] close(13) = -1 EBADF (Bad file descriptor) [pid 3654] close(14) = -1 EBADF (Bad file descriptor) [pid 3654] close(15) = -1 EBADF (Bad file descriptor) [pid 3654] close(16) = -1 EBADF (Bad file descriptor) [pid 3654] close(17) = -1 EBADF (Bad file descriptor) [pid 3654] close(18) = -1 EBADF (Bad file descriptor) [pid 3654] close(19) = -1 EBADF (Bad file descriptor) [pid 3654] close(20) = -1 EBADF (Bad file descriptor) [pid 3654] close(21) = -1 EBADF (Bad file descriptor) [pid 3654] close(22) = -1 EBADF (Bad file descriptor) [pid 3654] close(23) = -1 EBADF (Bad file descriptor) [pid 3654] close(24) = -1 EBADF (Bad file descriptor) [pid 3654] close(25) = -1 EBADF (Bad file descriptor) [pid 3654] close(26) = -1 EBADF (Bad file descriptor) [pid 3654] close(27) = -1 EBADF (Bad file descriptor) [pid 3654] close(28) = -1 EBADF (Bad file descriptor) [pid 3654] close(29) = -1 EBADF (Bad file descriptor) [pid 3654] exit_group(0) = ? [pid 3654] +++ exited with 0 +++ [pid 3631] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3, si_uid=0, si_status=0, si_utime=3, si_stime=21} --- [pid 3631] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3631] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(3, 0x555555aab620 /* 4 entries */, 32768) = 112 [pid 3631] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 3631] unlink("./1/binderfs") = 0 [ 56.609846][ T27] audit: type=1800 audit(1669664170.849:5): pid=3654 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor759" name="file2" dev="loop0" ino=261 res=0 errno=0 [pid 3631] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 3631] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 3631] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(4, 0x555555ab3660 /* 2 entries */, 32768) = 48 [pid 3631] getdents64(4, 0x555555ab3660 /* 0 entries */, 32768) = 0 [pid 3631] close(4) = 0 [pid 3631] rmdir("./1/file0") = 0 [pid 3631] getdents64(3, 0x555555aab620 /* 0 entries */, 32768) = 0 [pid 3631] close(3) = 0 [pid 3631] rmdir("./1") = 0 [pid 3631] mkdir("./2", 0777) = 0 [pid 3631] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 3631] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 3631] close(3) = 0 [pid 3631] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555aaa5d0) = 4 ./strace-static-x86_64: Process 3679 attached [pid 3679] chdir("./2") = 0 [pid 3679] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3679] setpgid(0, 0) = 0 [pid 3679] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3679] write(3, "1000", 4) = 4 [pid 3679] close(3) = 0 [pid 3679] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3679] memfd_create("syzkaller", 0) = 3 [pid 3679] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0d90a00000 [pid 3679] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 3679] munmap(0x7f0d90a00000, 16777216) = 0 [pid 3679] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3679] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3679] close(3) = 0 [pid 3679] mkdir("./file0", 0777) = 0 [ 56.966347][ T3679] loop0: detected capacity change from 0 to 32768 [ 56.981585][ T3679] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 56.990506][ T3679] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 57.001623][ T3679] BTRFS info (device loop0): setting nodatacow, compression disabled [ 57.010046][ T3679] BTRFS info (device loop0): enabling auto defrag [pid 3679] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,datacow,noinode_cache,nodatacow,nodatasum,autodefrag,user_subvol_rm_allowed,metadata_ra"...) = 0 [pid 3679] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3679] chdir("./file0") = 0 [pid 3679] ioctl(4, LOOP_CLR_FD) = 0 [pid 3679] close(4) = 0 [ 57.016538][ T3679] BTRFS info (device loop0): metadata ratio 1 [ 57.022696][ T3679] BTRFS info (device loop0): using free space tree [ 57.041163][ T3679] BTRFS info (device loop0): enabling ssd optimizations [pid 3679] openat(AT_FDCWD, "./file2", O_RDWR|O_EXCL|O_DIRECT|O_NOATIME) = 4 [ 57.058558][ T27] audit: type=1800 audit(1669664171.299:6): pid=3679 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor759" name="file2" dev="loop0" ino=261 res=0 errno=0 [pid 3679] pwritev2(4, [{iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=4294934528}], 1, 134217728, 0) = 8388608 [pid 3679] openat(AT_FDCWD, "./file2", O_RDWR|O_EXCL|O_DIRECT|O_NOATIME) = 5 [pid 3679] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6 [pid 3679] write(6, "6", 1) = 1 [pid 3679] pwritev2(5, [{iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=4294934528}], 1, 134217728, 0) = -1 ENOSPC (No space left on device) [pid 3679] close(3) = 0 [pid 3679] close(4) = 0 [pid 3679] close(5) = 0 [pid 3679] close(6) = 0 [pid 3679] close(7) = -1 EBADF (Bad file descriptor) [pid 3679] close(8) = -1 EBADF (Bad file descriptor) [pid 3679] close(9) = -1 EBADF (Bad file descriptor) [pid 3679] close(10) = -1 EBADF (Bad file descriptor) [pid 3679] close(11) = -1 EBADF (Bad file descriptor) [pid 3679] close(12) = -1 EBADF (Bad file descriptor) [pid 3679] close(13) = -1 EBADF (Bad file descriptor) [pid 3679] close(14) = -1 EBADF (Bad file descriptor) [pid 3679] close(15) = -1 EBADF (Bad file descriptor) [pid 3679] close(16) = -1 EBADF (Bad file descriptor) [pid 3679] close(17) = -1 EBADF (Bad file descriptor) [pid 3679] close(18) = -1 EBADF (Bad file descriptor) [pid 3679] close(19) = -1 EBADF (Bad file descriptor) [pid 3679] close(20) = -1 EBADF (Bad file descriptor) [pid 3679] close(21) = -1 EBADF (Bad file descriptor) [pid 3679] close(22) = -1 EBADF (Bad file descriptor) [pid 3679] close(23) = -1 EBADF (Bad file descriptor) [pid 3679] close(24) = -1 EBADF (Bad file descriptor) [pid 3679] close(25) = -1 EBADF (Bad file descriptor) [pid 3679] close(26) = -1 EBADF (Bad file descriptor) [pid 3679] close(27) = -1 EBADF (Bad file descriptor) [pid 3679] close(28) = -1 EBADF (Bad file descriptor) [pid 3679] close(29) = -1 EBADF (Bad file descriptor) [pid 3679] exit_group(0) = ? [pid 3679] +++ exited with 0 +++ [pid 3631] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4, si_uid=0, si_status=0, si_utime=5, si_stime=18} --- [pid 3631] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 3631] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3631] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(3, 0x555555aab620 /* 4 entries */, 32768) = 112 [pid 3631] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 3631] unlink("./2/binderfs") = 0 [ 57.187420][ T27] audit: type=1800 audit(1669664171.429:7): pid=3679 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor759" name="file2" dev="loop0" ino=261 res=0 errno=0 [pid 3631] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 3631] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 3631] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(4, 0x555555ab3660 /* 2 entries */, 32768) = 48 [pid 3631] getdents64(4, 0x555555ab3660 /* 0 entries */, 32768) = 0 [pid 3631] close(4) = 0 [pid 3631] rmdir("./2/file0") = 0 [pid 3631] getdents64(3, 0x555555aab620 /* 0 entries */, 32768) = 0 [pid 3631] close(3) = 0 [pid 3631] rmdir("./2") = 0 [pid 3631] mkdir("./3", 0777) = 0 [pid 3631] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 3631] ioctl(3, LOOP_CLR_FD) = 0 [pid 3631] close(3) = 0 [pid 3631] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555aaa5d0) = 5 ./strace-static-x86_64: Process 3699 attached [pid 3699] chdir("./3") = 0 [pid 3699] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3699] setpgid(0, 0) = 0 [pid 3699] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3699] write(3, "1000", 4) = 4 [pid 3699] close(3) = 0 [pid 3699] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3699] memfd_create("syzkaller", 0) = 3 [pid 3699] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0d90a00000 [pid 3699] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 3699] munmap(0x7f0d90a00000, 16777216) = 0 [pid 3699] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3699] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3699] close(3) = 0 [pid 3699] mkdir("./file0", 0777) = 0 [ 57.510071][ T3699] loop0: detected capacity change from 0 to 32768 [ 57.525216][ T3699] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 57.534050][ T3699] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 57.544906][ T3699] BTRFS info (device loop0): setting nodatacow, compression disabled [ 57.553067][ T3699] BTRFS info (device loop0): enabling auto defrag [pid 3699] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,datacow,noinode_cache,nodatacow,nodatasum,autodefrag,user_subvol_rm_allowed,metadata_ra"...) = 0 [pid 3699] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3699] chdir("./file0") = 0 [pid 3699] ioctl(4, LOOP_CLR_FD) = 0 [pid 3699] close(4) = 0 [ 57.559596][ T3699] BTRFS info (device loop0): metadata ratio 1 [ 57.565673][ T3699] BTRFS info (device loop0): using free space tree [ 57.585382][ T3699] BTRFS info (device loop0): enabling ssd optimizations [pid 3699] openat(AT_FDCWD, "./file2", O_RDWR|O_EXCL|O_DIRECT|O_NOATIME) = 4 [ 57.612103][ T27] audit: type=1800 audit(1669664171.849:8): pid=3699 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor759" name="file2" dev="loop0" ino=261 res=0 errno=0 [pid 3699] pwritev2(4, [{iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=4294934528}], 1, 134217728, 0) = 8388608 [pid 3699] openat(AT_FDCWD, "./file2", O_RDWR|O_EXCL|O_DIRECT|O_NOATIME) = 5 [pid 3699] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6 [pid 3699] write(6, "6", 1) = 1 [pid 3699] pwritev2(5, [{iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=4294934528}], 1, 134217728, 0) = -1 ENOSPC (No space left on device) [pid 3699] close(3) = 0 [pid 3699] close(4) = 0 [pid 3699] close(5) = 0 [pid 3699] close(6) = 0 [pid 3699] close(7) = -1 EBADF (Bad file descriptor) [pid 3699] close(8) = -1 EBADF (Bad file descriptor) [pid 3699] close(9) = -1 EBADF (Bad file descriptor) [pid 3699] close(10) = -1 EBADF (Bad file descriptor) [pid 3699] close(11) = -1 EBADF (Bad file descriptor) [pid 3699] close(12) = -1 EBADF (Bad file descriptor) [pid 3699] close(13) = -1 EBADF (Bad file descriptor) [pid 3699] close(14) = -1 EBADF (Bad file descriptor) [pid 3699] close(15) = -1 EBADF (Bad file descriptor) [pid 3699] close(16) = -1 EBADF (Bad file descriptor) [pid 3699] close(17) = -1 EBADF (Bad file descriptor) [pid 3699] close(18) = -1 EBADF (Bad file descriptor) [pid 3699] close(19) = -1 EBADF (Bad file descriptor) [pid 3699] close(20) = -1 EBADF (Bad file descriptor) [pid 3699] close(21) = -1 EBADF (Bad file descriptor) [pid 3699] close(22) = -1 EBADF (Bad file descriptor) [pid 3699] close(23) = -1 EBADF (Bad file descriptor) [pid 3699] close(24) = -1 EBADF (Bad file descriptor) [pid 3699] close(25) = -1 EBADF (Bad file descriptor) [pid 3699] close(26) = -1 EBADF (Bad file descriptor) [pid 3699] close(27) = -1 EBADF (Bad file descriptor) [pid 3699] close(28) = -1 EBADF (Bad file descriptor) [pid 3699] close(29) = -1 EBADF (Bad file descriptor) [pid 3699] exit_group(0) = ? [pid 3699] +++ exited with 0 +++ [pid 3631] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5, si_uid=0, si_status=0, si_utime=4, si_stime=17} --- [pid 3631] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 3631] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3631] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(3, 0x555555aab620 /* 4 entries */, 32768) = 112 [pid 3631] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 3631] unlink("./3/binderfs") = 0 [ 57.735783][ T27] audit: type=1800 audit(1669664171.969:9): pid=3699 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor759" name="file2" dev="loop0" ino=261 res=0 errno=0 [pid 3631] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 3631] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 3631] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(4, 0x555555ab3660 /* 2 entries */, 32768) = 48 [pid 3631] getdents64(4, 0x555555ab3660 /* 0 entries */, 32768) = 0 [pid 3631] close(4) = 0 [pid 3631] rmdir("./3/file0") = 0 [pid 3631] getdents64(3, 0x555555aab620 /* 0 entries */, 32768) = 0 [pid 3631] close(3) = 0 [pid 3631] rmdir("./3") = 0 [pid 3631] mkdir("./4", 0777) = 0 [pid 3631] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 3631] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 3631] close(3) = 0 [pid 3631] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3726 attached , child_tidptr=0x555555aaa5d0) = 6 [pid 3726] chdir("./4") = 0 [pid 3726] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3726] setpgid(0, 0) = 0 [pid 3726] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3726] write(3, "1000", 4) = 4 [pid 3726] close(3) = 0 [pid 3726] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3726] memfd_create("syzkaller", 0) = 3 [pid 3726] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0d90a00000 [pid 3726] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 3726] munmap(0x7f0d90a00000, 16777216) = 0 [pid 3726] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3726] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3726] close(3) = 0 [pid 3726] mkdir("./file0", 0777) = 0 [ 58.096495][ T3726] loop0: detected capacity change from 0 to 32768 [ 58.111735][ T3726] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 58.120504][ T3726] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 58.131833][ T3726] BTRFS info (device loop0): setting nodatacow, compression disabled [ 58.140205][ T3726] BTRFS info (device loop0): enabling auto defrag [pid 3726] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,datacow,noinode_cache,nodatacow,nodatasum,autodefrag,user_subvol_rm_allowed,metadata_ra"...) = 0 [pid 3726] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3726] chdir("./file0") = 0 [pid 3726] ioctl(4, LOOP_CLR_FD) = 0 [pid 3726] close(4) = 0 [ 58.146673][ T3726] BTRFS info (device loop0): metadata ratio 1 [ 58.154172][ T3726] BTRFS info (device loop0): using free space tree [ 58.171282][ T3726] BTRFS info (device loop0): enabling ssd optimizations [pid 3726] openat(AT_FDCWD, "./file2", O_RDWR|O_EXCL|O_DIRECT|O_NOATIME) = 4 [ 58.192886][ T27] audit: type=1800 audit(1669664172.429:10): pid=3726 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor759" name="file2" dev="loop0" ino=261 res=0 errno=0 [pid 3726] pwritev2(4, [{iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=4294934528}], 1, 134217728, 0) = 8388608 [pid 3726] openat(AT_FDCWD, "./file2", O_RDWR|O_EXCL|O_DIRECT|O_NOATIME) = 5 [pid 3726] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6 [pid 3726] write(6, "6", 1) = 1 [pid 3726] pwritev2(5, [{iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=4294934528}], 1, 134217728, 0) = -1 ENOSPC (No space left on device) [pid 3726] close(3) = 0 [pid 3726] close(4) = 0 [pid 3726] close(5) = 0 [pid 3726] close(6) = 0 [pid 3726] close(7) = -1 EBADF (Bad file descriptor) [pid 3726] close(8) = -1 EBADF (Bad file descriptor) [pid 3726] close(9) = -1 EBADF (Bad file descriptor) [pid 3726] close(10) = -1 EBADF (Bad file descriptor) [pid 3726] close(11) = -1 EBADF (Bad file descriptor) [pid 3726] close(12) = -1 EBADF (Bad file descriptor) [pid 3726] close(13) = -1 EBADF (Bad file descriptor) [pid 3726] close(14) = -1 EBADF (Bad file descriptor) [pid 3726] close(15) = -1 EBADF (Bad file descriptor) [pid 3726] close(16) = -1 EBADF (Bad file descriptor) [pid 3726] close(17) = -1 EBADF (Bad file descriptor) [pid 3726] close(18) = -1 EBADF (Bad file descriptor) [pid 3726] close(19) = -1 EBADF (Bad file descriptor) [pid 3726] close(20) = -1 EBADF (Bad file descriptor) [pid 3726] close(21) = -1 EBADF (Bad file descriptor) [pid 3726] close(22) = -1 EBADF (Bad file descriptor) [pid 3726] close(23) = -1 EBADF (Bad file descriptor) [pid 3726] close(24) = -1 EBADF (Bad file descriptor) [pid 3726] close(25) = -1 EBADF (Bad file descriptor) [pid 3726] close(26) = -1 EBADF (Bad file descriptor) [pid 3726] close(27) = -1 EBADF (Bad file descriptor) [pid 3726] close(28) = -1 EBADF (Bad file descriptor) [pid 3726] close(29) = -1 EBADF (Bad file descriptor) [pid 3726] exit_group(0) = ? [pid 3726] +++ exited with 0 +++ [pid 3631] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6, si_uid=0, si_status=0, si_utime=4, si_stime=22} --- [pid 3631] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3631] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(3, 0x555555aab620 /* 4 entries */, 32768) = 112 [pid 3631] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 3631] unlink("./4/binderfs") = 0 [ 58.314529][ T27] audit: type=1800 audit(1669664172.549:11): pid=3726 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor759" name="file2" dev="loop0" ino=261 res=0 errno=0 [pid 3631] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 3631] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 3631] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(4, 0x555555ab3660 /* 2 entries */, 32768) = 48 [pid 3631] getdents64(4, 0x555555ab3660 /* 0 entries */, 32768) = 0 [pid 3631] close(4) = 0 [pid 3631] rmdir("./4/file0") = 0 [pid 3631] getdents64(3, 0x555555aab620 /* 0 entries */, 32768) = 0 [pid 3631] close(3) = 0 [pid 3631] rmdir("./4") = 0 [pid 3631] mkdir("./5", 0777) = 0 [pid 3631] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 3631] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 3631] close(3) = 0 [pid 3631] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3745 attached , child_tidptr=0x555555aaa5d0) = 7 [pid 3745] chdir("./5") = 0 [pid 3745] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3745] setpgid(0, 0) = 0 [pid 3745] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3745] write(3, "1000", 4) = 4 [pid 3745] close(3) = 0 [pid 3745] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3745] memfd_create("syzkaller", 0) = 3 [pid 3745] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0d90a00000 [pid 3745] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 3745] munmap(0x7f0d90a00000, 16777216) = 0 [pid 3745] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3745] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3745] close(3) = 0 [pid 3745] mkdir("./file0", 0777) = 0 [ 58.664611][ T3745] loop0: detected capacity change from 0 to 32768 [ 58.677098][ T3745] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 58.686251][ T3745] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 58.697108][ T3745] BTRFS info (device loop0): setting nodatacow, compression disabled [ 58.705375][ T3745] BTRFS info (device loop0): enabling auto defrag [pid 3745] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,datacow,noinode_cache,nodatacow,nodatasum,autodefrag,user_subvol_rm_allowed,metadata_ra"...) = 0 [pid 3745] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3745] chdir("./file0") = 0 [pid 3745] ioctl(4, LOOP_CLR_FD) = 0 [pid 3745] close(4) = 0 [pid 3745] openat(AT_FDCWD, "./file2", O_RDWR|O_EXCL|O_DIRECT|O_NOATIME) = 4 [ 58.711910][ T3745] BTRFS info (device loop0): metadata ratio 1 [ 58.718257][ T3745] BTRFS info (device loop0): using free space tree [ 58.737782][ T3745] BTRFS info (device loop0): enabling ssd optimizations [pid 3745] pwritev2(4, [{iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=4294934528}], 1, 134217728, 0) = 8388608 [pid 3745] openat(AT_FDCWD, "./file2", O_RDWR|O_EXCL|O_DIRECT|O_NOATIME) = 5 [pid 3745] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6 [pid 3745] write(6, "6", 1) = 1 [pid 3745] pwritev2(5, [{iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=4294934528}], 1, 134217728, 0) = -1 ENOSPC (No space left on device) [pid 3745] close(3) = 0 [pid 3745] close(4) = 0 [pid 3745] close(5) = 0 [pid 3745] close(6) = 0 [pid 3745] close(7) = -1 EBADF (Bad file descriptor) [pid 3745] close(8) = -1 EBADF (Bad file descriptor) [pid 3745] close(9) = -1 EBADF (Bad file descriptor) [pid 3745] close(10) = -1 EBADF (Bad file descriptor) [pid 3745] close(11) = -1 EBADF (Bad file descriptor) [pid 3745] close(12) = -1 EBADF (Bad file descriptor) [pid 3745] close(13) = -1 EBADF (Bad file descriptor) [pid 3745] close(14) = -1 EBADF (Bad file descriptor) [pid 3745] close(15) = -1 EBADF (Bad file descriptor) [pid 3745] close(16) = -1 EBADF (Bad file descriptor) [pid 3745] close(17) = -1 EBADF (Bad file descriptor) [pid 3745] close(18) = -1 EBADF (Bad file descriptor) [pid 3745] close(19) = -1 EBADF (Bad file descriptor) [pid 3745] close(20) = -1 EBADF (Bad file descriptor) [pid 3745] close(21) = -1 EBADF (Bad file descriptor) [pid 3745] close(22) = -1 EBADF (Bad file descriptor) [pid 3745] close(23) = -1 EBADF (Bad file descriptor) [pid 3745] close(24) = -1 EBADF (Bad file descriptor) [pid 3745] close(25) = -1 EBADF (Bad file descriptor) [pid 3745] close(26) = -1 EBADF (Bad file descriptor) [pid 3745] close(27) = -1 EBADF (Bad file descriptor) [pid 3745] close(28) = -1 EBADF (Bad file descriptor) [pid 3745] close(29) = -1 EBADF (Bad file descriptor) [pid 3745] exit_group(0) = ? [pid 3745] +++ exited with 0 +++ [pid 3631] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7, si_uid=0, si_status=0, si_utime=3, si_stime=23} --- [pid 3631] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3631] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(3, 0x555555aab620 /* 4 entries */, 32768) = 112 [pid 3631] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 3631] unlink("./5/binderfs") = 0 [pid 3631] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 3631] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] lstat("./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3631] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 3631] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3631] getdents64(4, 0x555555ab3660 /* 2 entries */, 32768) = 48 [pid 3631] getdents64(4, 0x555555ab3660 /* 0 entries */, 32768) = 0 [pid 3631] close(4) = 0 [pid 3631] rmdir("./5/file0") = 0 [pid 3631] getdents64(3, 0x555555aab620 /* 0 entries */, 32768) = 0 [pid 3631] close(3) = 0 [pid 3631] rmdir("./5") = 0 [pid 3631] mkdir("./6", 0777) = 0 [pid 3631] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 3631] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 3631] close(3) = 0 [pid 3631] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555aaa5d0) = 8 ./strace-static-x86_64: Process 3764 attached [pid 3764] chdir("./6") = 0 [pid 3764] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3764] setpgid(0, 0) = 0 [pid 3764] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3764] write(3, "1000", 4) = 4 [pid 3764] close(3) = 0 [pid 3764] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3764] memfd_create("syzkaller", 0) = 3 [pid 3764] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0d90a00000 [pid 3764] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 3764] munmap(0x7f0d90a00000, 16777216) = 0 [pid 3764] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3764] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3764] close(3) = 0 [pid 3764] mkdir("./file0", 0777) = 0 [ 59.188144][ T3764] loop0: detected capacity change from 0 to 32768 [ 59.202717][ T3764] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 59.211534][ T3764] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 59.222404][ T3764] BTRFS info (device loop0): setting nodatacow, compression disabled [ 59.230724][ T3764] BTRFS info (device loop0): enabling auto defrag [pid 3764] mount("/dev/loop0", "./file0", "btrfs", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS, "nossd_spread,datacow,noinode_cache,nodatacow,nodatasum,autodefrag,user_subvol_rm_allowed,metadata_ra"...) = 0 [pid 3764] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3764] chdir("./file0") = 0 [pid 3764] ioctl(4, LOOP_CLR_FD) = 0 [pid 3764] close(4) = 0 [pid 3764] openat(AT_FDCWD, "./file2", O_RDWR|O_EXCL|O_DIRECT|O_NOATIME) = 4 [pid 3764] pwritev2(4, [{iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=4294934528}], 1, 134217728, 0) = -1 EIO (Input/output error) [pid 3764] openat(AT_FDCWD, "./file2", O_RDWR|O_EXCL|O_DIRECT|O_NOATIME) = 5 [pid 3764] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6 [pid 3764] write(6, "6", 1) = 1 [ 59.237301][ T3764] BTRFS info (device loop0): metadata ratio 1 [ 59.243522][ T3764] BTRFS info (device loop0): using free space tree [ 59.262419][ T3764] BTRFS info (device loop0): enabling ssd optimizations [ 59.298740][ T3764] FAULT_INJECTION: forcing a failure. [ 59.298740][ T3764] name failslab, interval 1, probability 0, space 0, times 1 [ 59.312532][ T3764] CPU: 1 PID: 3764 Comm: syz-executor759 Not tainted 6.1.0-rc7-syzkaller #0 [ 59.321250][ T3764] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 59.331349][ T3764] Call Trace: [ 59.334645][ T3764] [ 59.337591][ T3764] dump_stack_lvl+0x1b1/0x28e [ 59.342296][ T3764] ? nf_tcp_handle_invalid+0x62e/0x62e [ 59.347955][ T3764] ? panic+0x710/0x710 [ 59.352057][ T3764] ? __might_sleep+0xc0/0xc0 [ 59.356685][ T3764] should_fail_ex+0x395/0x4c0 [ 59.361383][ T3764] ? alloc_extent_map+0x1d/0x130 [ 59.366358][ T3764] should_failslab+0x5/0x20 [ 59.370877][ T3764] kmem_cache_alloc+0x68/0x300 [ 59.375652][ T3764] alloc_extent_map+0x1d/0x130 [ 59.380418][ T3764] btrfs_get_blocks_direct_write+0x80b/0xfb0 [ 59.386406][ T3764] ? btrfs_dio_iomap_end+0x230/0x230 [ 59.391693][ T3764] ? btrfs_cont_expand+0x780/0x780 [ 59.396808][ T3764] ? btrfs_lookup_ordered_range+0x597/0x9b0 [ 59.402880][ T3764] btrfs_dio_iomap_begin+0xac3/0x1070 [ 59.408261][ T3764] ? csum_exist_in_range+0x330/0x330 [ 59.413546][ T3764] ? xas_next_entry+0x3c0/0x3c0 [ 59.418418][ T3764] ? csum_exist_in_range+0x330/0x330 [ 59.423703][ T3764] iomap_iter+0x606/0x8a0 [ 59.428037][ T3764] ? blk_start_plug+0x95/0x110 [ 59.432807][ T3764] __iomap_dio_rw+0xd91/0x20d0 [ 59.437588][ T3764] ? lockdep_hardirqs_on_prepare+0x428/0x790 [ 59.443569][ T3764] ? print_irqtrace_events+0x220/0x220 [ 59.449026][ T3764] ? iomap_dio_complete_work+0x70/0x70 [ 59.454508][ T3764] ? ktime_get_coarse_real_ts64+0x45/0x140 [ 59.460329][ T3764] ? ktime_get_coarse_real_ts64+0x12c/0x140 [ 59.466226][ T3764] ? inode_maybe_inc_iversion+0x192/0x1e0 [ 59.471954][ T3764] ? generic_set_encrypted_ci_d_ops+0x100/0x100 [ 59.478194][ T3764] btrfs_dio_write+0x9c/0xe0 [ 59.482780][ T3764] ? btrfs_dio_read+0xe0/0xe0 [ 59.487459][ T3764] ? btrfs_write_check+0x4a9/0x540 [ 59.492571][ T3764] ? iov_iter_alignment_iovec+0x1b4/0x1d0 [ 59.498328][ T3764] btrfs_do_write_iter+0x871/0x1260 [ 59.503541][ T3764] ? btrfs_check_nocow_unlock+0x40/0x40 [ 59.509086][ T3764] ? bpf_lsm_file_permission+0x5/0x10 [ 59.514462][ T3764] do_iter_write+0x6c2/0xc20 [ 59.519066][ T3764] ? vfs_iter_write+0xa0/0xa0 [ 59.523741][ T3764] ? rcu_read_lock_any_held+0xb1/0x130 [ 59.529215][ T3764] do_pwritev+0x200/0x350 [ 59.533555][ T3764] ? do_preadv+0x330/0x330 [ 59.537982][ T3764] ? _raw_spin_unlock_irq+0x1f/0x40 [ 59.543179][ T3764] ? lockdep_hardirqs_on+0x8d/0x130 [ 59.548375][ T3764] ? _raw_spin_unlock_irq+0x2a/0x40 [ 59.553572][ T3764] ? ptrace_notify+0x245/0x340 [ 59.558334][ T3764] ? do_notify_parent+0xe00/0xe00 [ 59.563362][ T3764] ? syscall_enter_from_user_mode+0x2e/0x1d0 [ 59.569346][ T3764] ? __x64_sys_pwritev2+0xb9/0x100 [ 59.574461][ T3764] do_syscall_64+0x3d/0xb0 [ 59.578879][ T3764] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 59.584768][ T3764] RIP: 0033:0x7f0d98ea8ea9 [ 59.589178][ T3764] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 59.608792][ T3764] RSP: 002b:00007ffd32e91c38 EFLAGS: 00000246 ORIG_RAX: 0000000000000148 [ 59.617224][ T3764] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f0d98ea8ea9 [ 59.625215][ T3764] RDX: 0000000000000001 RSI: 0000000020000280 RDI: 0000000000000005 [ 59.633196][ T3764] RBP: 00007ffd32e91c70 R08: 0000000000000000 R09: 0000000000000000 [ 59.641186][ T3764] R10: 0000000008000000 R11: 0000000000000246 R12: 0000000000000006 [ 59.649170][ T3764] R13: 00007ffd32e91cb0 R14: 00007ffd32e91c90 R15: 0000000000000006 [ 59.657170][ T3764] [ 59.664212][ T3764] ------------[ cut here ]------------ [ 59.670096][ T3764] WARNING: CPU: 1 PID: 3764 at fs/btrfs/space-info.h:122 btrfs_free_reserved_data_space_noquota+0x219/0x2b0 [ 59.681706][ T3764] Modules linked in: [ 59.685628][ T3764] CPU: 1 PID: 3764 Comm: syz-executor759 Not tainted 6.1.0-rc7-syzkaller #0 [ 59.694393][ T3764] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 59.704525][ T3764] RIP: 0010:btrfs_free_reserved_data_space_noquota+0x219/0x2b0 [ 59.712247][ T3764] Code: 2f 00 74 08 4c 89 ef e8 b5 98 32 fe 49 8b 5d 00 48 89 df 4c 8b 74 24 08 4c 89 f6 e8 21 81 de fd 4c 39 f3 73 16 e8 d7 7e de fd <0f> 0b 31 db 4c 8b 34 24 41 80 3c 2f 00 75 8c eb 92 e8 c1 7e de fd [ 59.731942][ T3764] RSP: 0018:ffffc9000443f410 EFLAGS: 00010293 [ 59.738082][ T3764] RAX: ffffffff83ac1919 RBX: 00000000005cb000 RCX: ffff888027989d40 [ 59.746085][ T3764] RDX: 0000000000000000 RSI: 0000000000800000 RDI: 00000000005cb000 [ 59.754178][ T3764] RBP: dffffc0000000000 R08: ffffffff83ac190f R09: fffffbfff1cebe0e [ 59.762226][ T3764] R10: fffffbfff1cebe0e R11: 1ffffffff1cebe0d R12: ffff8880774f3800 [ 59.770292][ T3764] R13: ffff8880774f3860 R14: 0000000000800000 R15: 1ffff1100ee9e70c [ 59.778344][ T3764] FS: 0000555555aaa300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 59.787342][ T3764] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 59.793950][ T3764] CR2: 00007f0d98f20140 CR3: 0000000025ccf000 CR4: 00000000003506e0 [ 59.802017][ T3764] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 59.810043][ T3764] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 59.818069][ T3764] Call Trace: [ 59.821457][ T3764] [ 59.824410][ T3764] btrfs_free_reserved_data_space+0x9d/0xd0 [ 59.830360][ T3764] btrfs_dio_iomap_begin+0x8f7/0x1070 [ 59.835755][ T3764] ? csum_exist_in_range+0x330/0x330 [ 59.841135][ T3764] ? xas_next_entry+0x3c0/0x3c0 [ 59.846006][ T3764] ? csum_exist_in_range+0x330/0x330 [ 59.851381][ T3764] iomap_iter+0x606/0x8a0 [ 59.855737][ T3764] ? blk_start_plug+0x95/0x110 [ 59.860605][ T3764] __iomap_dio_rw+0xd91/0x20d0 [ 59.865523][ T3764] ? lockdep_hardirqs_on_prepare+0x428/0x790 [ 59.871570][ T3764] ? print_irqtrace_events+0x220/0x220 [ 59.877143][ T3764] ? iomap_dio_complete_work+0x70/0x70 [ 59.882627][ T3764] ? ktime_get_coarse_real_ts64+0x45/0x140 [ 59.888532][ T3764] ? ktime_get_coarse_real_ts64+0x12c/0x140 [ 59.894455][ T3764] ? inode_maybe_inc_iversion+0x192/0x1e0 [ 59.900264][ T3764] ? generic_set_encrypted_ci_d_ops+0x100/0x100 [ 59.906520][ T3764] btrfs_dio_write+0x9c/0xe0 [ 59.911163][ T3764] ? btrfs_dio_read+0xe0/0xe0 [ 59.915864][ T3764] ? btrfs_write_check+0x4a9/0x540 [ 59.921054][ T3764] ? iov_iter_alignment_iovec+0x1b4/0x1d0 [ 59.926838][ T3764] btrfs_do_write_iter+0x871/0x1260 [ 59.932052][ T3764] ? btrfs_check_nocow_unlock+0x40/0x40 [ 59.937658][ T3764] ? bpf_lsm_file_permission+0x5/0x10 [ 59.943069][ T3764] do_iter_write+0x6c2/0xc20 [ 59.947743][ T3764] ? vfs_iter_write+0xa0/0xa0 [ 59.952428][ T3764] ? rcu_read_lock_any_held+0xb1/0x130 [ 59.957964][ T3764] do_pwritev+0x200/0x350 [ 59.962314][ T3764] ? do_preadv+0x330/0x330 [ 59.966792][ T3764] ? _raw_spin_unlock_irq+0x1f/0x40 [ 59.972007][ T3764] ? lockdep_hardirqs_on+0x8d/0x130 [ 59.977272][ T3764] ? _raw_spin_unlock_irq+0x2a/0x40 [ 59.982496][ T3764] ? ptrace_notify+0x245/0x340 [ 59.987351][ T3764] ? do_notify_parent+0xe00/0xe00 [ 59.992408][ T3764] ? syscall_enter_from_user_mode+0x2e/0x1d0 [ 59.998467][ T3764] ? __x64_sys_pwritev2+0xb9/0x100 [ 60.003595][ T3764] do_syscall_64+0x3d/0xb0 [ 60.008088][ T3764] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 60.014179][ T3764] RIP: 0033:0x7f0d98ea8ea9 [ 60.018686][ T3764] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 60.038365][ T3764] RSP: 002b:00007ffd32e91c38 EFLAGS: 00000246 ORIG_RAX: 0000000000000148 [ 60.046842][ T3764] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f0d98ea8ea9 [ 60.054835][ T3764] RDX: 0000000000000001 RSI: 0000000020000280 RDI: 0000000000000005 [ 60.063007][ T3764] RBP: 00007ffd32e91c70 R08: 0000000000000000 R09: 0000000000000000 [ 60.071033][ T3764] R10: 0000000008000000 R11: 0000000000000246 R12: 0000000000000006 [ 60.079073][ T3764] R13: 00007ffd32e91cb0 R14: 00007ffd32e91c90 R15: 0000000000000006 [ 60.087101][ T3764] [ 60.090118][ T3764] Kernel panic - not syncing: panic_on_warn set ... [ 60.096704][ T3764] CPU: 1 PID: 3764 Comm: syz-executor759 Not tainted 6.1.0-rc7-syzkaller #0 [ 60.105379][ T3764] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 60.115436][ T3764] Call Trace: [ 60.118718][ T3764] [ 60.121642][ T3764] dump_stack_lvl+0x1b1/0x28e [ 60.126329][ T3764] ? nf_tcp_handle_invalid+0x62e/0x62e [ 60.131806][ T3764] ? panic+0x710/0x710 [ 60.135899][ T3764] ? vscnprintf+0x59/0x80 [ 60.140245][ T3764] ? btrfs_free_reserved_data_space_noquota+0x200/0x2b0 [ 60.147179][ T3764] panic+0x2d6/0x710 [ 60.151082][ T3764] ? __warn+0x131/0x220 [ 60.155236][ T3764] ? memcpy_page_flushcache+0xfc/0xfc [ 60.160620][ T3764] ? btrfs_free_reserved_data_space_noquota+0x219/0x2b0 [ 60.167820][ T3764] __warn+0x1fa/0x220 [ 60.171842][ T3764] ? btrfs_free_reserved_data_space_noquota+0x219/0x2b0 [ 60.178779][ T3764] report_bug+0x1b3/0x2d0 [ 60.183111][ T3764] handle_bug+0x3d/0x70 [ 60.187276][ T3764] exc_invalid_op+0x16/0x40 [ 60.191776][ T3764] asm_exc_invalid_op+0x16/0x20 [ 60.196621][ T3764] RIP: 0010:btrfs_free_reserved_data_space_noquota+0x219/0x2b0 [ 60.204166][ T3764] Code: 2f 00 74 08 4c 89 ef e8 b5 98 32 fe 49 8b 5d 00 48 89 df 4c 8b 74 24 08 4c 89 f6 e8 21 81 de fd 4c 39 f3 73 16 e8 d7 7e de fd <0f> 0b 31 db 4c 8b 34 24 41 80 3c 2f 00 75 8c eb 92 e8 c1 7e de fd [ 60.223768][ T3764] RSP: 0018:ffffc9000443f410 EFLAGS: 00010293 [ 60.229832][ T3764] RAX: ffffffff83ac1919 RBX: 00000000005cb000 RCX: ffff888027989d40 [ 60.237799][ T3764] RDX: 0000000000000000 RSI: 0000000000800000 RDI: 00000000005cb000 [ 60.245767][ T3764] RBP: dffffc0000000000 R08: ffffffff83ac190f R09: fffffbfff1cebe0e [ 60.253819][ T3764] R10: fffffbfff1cebe0e R11: 1ffffffff1cebe0d R12: ffff8880774f3800 [ 60.261783][ T3764] R13: ffff8880774f3860 R14: 0000000000800000 R15: 1ffff1100ee9e70c [ 60.269758][ T3764] ? btrfs_free_reserved_data_space_noquota+0x20f/0x2b0 [ 60.276695][ T3764] ? btrfs_free_reserved_data_space_noquota+0x219/0x2b0 [ 60.283649][ T3764] btrfs_free_reserved_data_space+0x9d/0xd0 [ 60.289544][ T3764] btrfs_dio_iomap_begin+0x8f7/0x1070 [ 60.294923][ T3764] ? csum_exist_in_range+0x330/0x330 [ 60.300206][ T3764] ? xas_next_entry+0x3c0/0x3c0 [ 60.305067][ T3764] ? csum_exist_in_range+0x330/0x330 [ 60.310354][ T3764] iomap_iter+0x606/0x8a0 [ 60.314687][ T3764] ? blk_start_plug+0x95/0x110 [ 60.319458][ T3764] __iomap_dio_rw+0xd91/0x20d0 [ 60.324243][ T3764] ? lockdep_hardirqs_on_prepare+0x428/0x790 [ 60.330221][ T3764] ? print_irqtrace_events+0x220/0x220 [ 60.335679][ T3764] ? iomap_dio_complete_work+0x70/0x70 [ 60.341139][ T3764] ? ktime_get_coarse_real_ts64+0x45/0x140 [ 60.346962][ T3764] ? ktime_get_coarse_real_ts64+0x12c/0x140 [ 60.352856][ T3764] ? inode_maybe_inc_iversion+0x192/0x1e0 [ 60.358604][ T3764] ? generic_set_encrypted_ci_d_ops+0x100/0x100 [ 60.364842][ T3764] btrfs_dio_write+0x9c/0xe0 [ 60.369431][ T3764] ? btrfs_dio_read+0xe0/0xe0 [ 60.374121][ T3764] ? btrfs_write_check+0x4a9/0x540 [ 60.379233][ T3764] ? iov_iter_alignment_iovec+0x1b4/0x1d0 [ 60.384960][ T3764] btrfs_do_write_iter+0x871/0x1260 [ 60.390172][ T3764] ? btrfs_check_nocow_unlock+0x40/0x40 [ 60.395717][ T3764] ? bpf_lsm_file_permission+0x5/0x10 [ 60.401089][ T3764] do_iter_write+0x6c2/0xc20 [ 60.405689][ T3764] ? vfs_iter_write+0xa0/0xa0 [ 60.410370][ T3764] ? rcu_read_lock_any_held+0xb1/0x130 [ 60.415838][ T3764] do_pwritev+0x200/0x350 [ 60.420177][ T3764] ? do_preadv+0x330/0x330 [ 60.424595][ T3764] ? _raw_spin_unlock_irq+0x1f/0x40 [ 60.429796][ T3764] ? lockdep_hardirqs_on+0x8d/0x130 [ 60.434995][ T3764] ? _raw_spin_unlock_irq+0x2a/0x40 [ 60.440199][ T3764] ? ptrace_notify+0x245/0x340 [ 60.444961][ T3764] ? do_notify_parent+0xe00/0xe00 [ 60.449989][ T3764] ? syscall_enter_from_user_mode+0x2e/0x1d0 [ 60.455973][ T3764] ? __x64_sys_pwritev2+0xb9/0x100 [ 60.461087][ T3764] do_syscall_64+0x3d/0xb0 [ 60.465501][ T3764] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 60.471390][ T3764] RIP: 0033:0x7f0d98ea8ea9 [ 60.475800][ T3764] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 60.495404][ T3764] RSP: 002b:00007ffd32e91c38 EFLAGS: 00000246 ORIG_RAX: 0000000000000148 [ 60.503814][ T3764] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f0d98ea8ea9 [ 60.511800][ T3764] RDX: 0000000000000001 RSI: 0000000020000280 RDI: 0000000000000005 [ 60.519773][ T3764] RBP: 00007ffd32e91c70 R08: 0000000000000000 R09: 0000000000000000 [ 60.527739][ T3764] R10: 0000000008000000 R11: 0000000000000246 R12: 0000000000000006 [ 60.535710][ T3764] R13: 00007ffd32e91cb0 R14: 00007ffd32e91c90 R15: 0000000000000006 [ 60.543693][ T3764] [ 60.546883][ T3764] Kernel Offset: disabled [ 60.551353][ T3764] Rebooting in 86400 seconds..