./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor845747113 <...> Warning: Permanently added '10.128.0.194' (ED25519) to the list of known hosts. execve("./syz-executor845747113", ["./syz-executor845747113"], 0x7ffdec4378a0 /* 10 vars */) = 0 brk(NULL) = 0x55556fa3c000 brk(0x55556fa3cd40) = 0x55556fa3cd40 arch_prctl(ARCH_SET_FS, 0x55556fa3c3c0) = 0 set_tid_address(0x55556fa3c690) = 5083 set_robust_list(0x55556fa3c6a0, 24) = 0 rseq(0x55556fa3cce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor845747113", 4096) = 27 getrandom("\xd6\x87\xb8\x9d\x84\x8d\x1d\x25", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55556fa3cd40 brk(0x55556fa5dd40) = 0x55556fa5dd40 brk(0x55556fa5e000) = 0x55556fa5e000 mprotect(0x7fda22e14000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5084 attached , child_tidptr=0x55556fa3c690) = 5084 [pid 5083] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5084] set_robust_list(0x55556fa3c6a0, 24) = 0 ./strace-static-x86_64: Process 5085 attached [pid 5083] <... clone resumed>, child_tidptr=0x55556fa3c690) = 5085 [pid 5083] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5085] set_robust_list(0x55556fa3c6a0, 24 [pid 5084] mkdir("./syzkaller.8c8wlE", 0700 [pid 5085] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 5086 attached [pid 5083] <... clone resumed>, child_tidptr=0x55556fa3c690) = 5086 [pid 5086] set_robust_list(0x55556fa3c6a0, 24 [pid 5085] mkdir("./syzkaller.G2IZVH", 0700 [pid 5084] <... mkdir resumed>) = 0 [pid 5083] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5086] <... set_robust_list resumed>) = 0 [pid 5086] mkdir("./syzkaller.1KkzEM", 0700 [pid 5085] <... mkdir resumed>) = 0 [pid 5084] chmod("./syzkaller.8c8wlE", 0777 [pid 5086] <... mkdir resumed>) = 0 [pid 5085] chmod("./syzkaller.G2IZVH", 0777 [pid 5084] <... chmod resumed>) = 0 ./strace-static-x86_64: Process 5087 attached [pid 5083] <... clone resumed>, child_tidptr=0x55556fa3c690) = 5087 [pid 5086] chmod("./syzkaller.1KkzEM", 0777 [pid 5083] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5087] set_robust_list(0x55556fa3c6a0, 24 [pid 5085] <... chmod resumed>) = 0 [pid 5084] chdir("./syzkaller.8c8wlE" [pid 5087] <... set_robust_list resumed>) = 0 [pid 5086] <... chmod resumed>) = 0 [pid 5085] chdir("./syzkaller.G2IZVH" [pid 5084] <... chdir resumed>) = 0 ./strace-static-x86_64: Process 5088 attached [pid 5087] mkdir("./syzkaller.nhaQ96", 0700 [pid 5086] chdir("./syzkaller.1KkzEM" [pid 5085] <... chdir resumed>) = 0 [pid 5084] mkdir("./0", 0777 [pid 5083] <... clone resumed>, child_tidptr=0x55556fa3c690) = 5088 [pid 5088] set_robust_list(0x55556fa3c6a0, 24 [pid 5086] <... chdir resumed>) = 0 [pid 5085] mkdir("./0", 0777 [pid 5087] <... mkdir resumed>) = 0 [pid 5084] <... mkdir resumed>) = 0 [pid 5088] <... set_robust_list resumed>) = 0 [pid 5086] mkdir("./0", 0777 [pid 5085] <... mkdir resumed>) = 0 [pid 5087] chmod("./syzkaller.nhaQ96", 0777 [pid 5088] mkdir("./syzkaller.dq2N7Z", 0700 [pid 5087] <... chmod resumed>) = 0 [pid 5085] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5087] chdir("./syzkaller.nhaQ96") = 0 [pid 5087] mkdir("./0", 0777 [pid 5086] <... mkdir resumed>) = 0 [pid 5087] <... mkdir resumed>) = 0 [pid 5085] <... openat resumed>) = 3 [pid 5084] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5087] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5088] <... mkdir resumed>) = 0 [pid 5086] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5085] ioctl(3, LOOP_CLR_FD [pid 5084] <... openat resumed>) = 3 [pid 5088] chmod("./syzkaller.dq2N7Z", 0777 [pid 5087] <... openat resumed>) = 3 [pid 5085] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5084] ioctl(3, LOOP_CLR_FD [pid 5087] ioctl(3, LOOP_CLR_FD [pid 5088] <... chmod resumed>) = 0 [pid 5086] <... openat resumed>) = 3 [pid 5085] close(3 [pid 5084] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5088] chdir("./syzkaller.dq2N7Z" [pid 5087] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5086] ioctl(3, LOOP_CLR_FD [pid 5084] close(3 [pid 5088] <... chdir resumed>) = 0 [pid 5088] mkdir("./0", 0777 [pid 5087] close(3 [pid 5086] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5085] <... close resumed>) = 0 [pid 5084] <... close resumed>) = 0 [pid 5087] <... close resumed>) = 0 [pid 5084] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5088] <... mkdir resumed>) = 0 [pid 5086] close(3) = 0 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5088] openat(AT_FDCWD, "/dev/loop4", O_RDWR./strace-static-x86_64: Process 5089 attached ) = 3 [pid 5087] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5089] set_robust_list(0x55556fa3c6a0, 24 [pid 5084] <... clone resumed>, child_tidptr=0x55556fa3c690) = 5089 [pid 5088] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) ./strace-static-x86_64: Process 5092 attached ./strace-static-x86_64: Process 5091 attached ./strace-static-x86_64: Process 5090 attached [pid 5089] <... set_robust_list resumed>) = 0 [pid 5088] close(3 [pid 5092] set_robust_list(0x55556fa3c6a0, 24 [pid 5091] set_robust_list(0x55556fa3c6a0, 24 [pid 5089] chdir("./0" [pid 5085] <... clone resumed>, child_tidptr=0x55556fa3c690) = 5091 [pid 5092] <... set_robust_list resumed>) = 0 [pid 5091] <... set_robust_list resumed>) = 0 [pid 5089] <... chdir resumed>) = 0 [pid 5087] <... clone resumed>, child_tidptr=0x55556fa3c690) = 5092 [pid 5092] chdir("./0" [pid 5091] chdir("./0" [pid 5089] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5092] <... chdir resumed>) = 0 [pid 5089] <... prctl resumed>) = 0 [pid 5092] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5091] <... chdir resumed>) = 0 [pid 5089] setpgid(0, 0 [pid 5092] <... prctl resumed>) = 0 [pid 5091] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5089] <... setpgid resumed>) = 0 [pid 5092] setpgid(0, 0 [pid 5091] <... prctl resumed>) = 0 [pid 5089] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5092] <... setpgid resumed>) = 0 [pid 5091] setpgid(0, 0 [pid 5092] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5091] <... setpgid resumed>) = 0 [pid 5089] <... openat resumed>) = 3 [pid 5091] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5092] write(3, "1000", 4 [pid 5091] <... openat resumed>) = 3 [pid 5092] <... write resumed>) = 4 [pid 5089] write(3, "1000", 4) = 4 [pid 5092] close(3) = 0 [pid 5089] close(3) = 0 [pid 5092] symlink("/dev/binderfs", "./binderfs" [pid 5091] write(3, "1000", 4 [pid 5089] symlink("/dev/binderfs", "./binderfs" [pid 5092] <... symlink resumed>) = 0 [pid 5091] <... write resumed>) = 4 [pid 5089] <... symlink resumed>) = 0 [pid 5086] <... clone resumed>, child_tidptr=0x55556fa3c690) = 5090 [pid 5091] close(3 [pid 5090] set_robust_list(0x55556fa3c6a0, 24 [pid 5091] <... close resumed>) = 0 [pid 5090] <... set_robust_list resumed>) = 0 [pid 5088] <... close resumed>) = 0 [pid 5091] symlink("/dev/binderfs", "./binderfs" [pid 5090] chdir("./0" [pid 5088] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program executing program executing program [pid 5092] write(1, "executing program\n", 18 [pid 5091] <... symlink resumed>) = 0 [pid 5089] write(1, "executing program\n", 18 [pid 5092] <... write resumed>) = 18 [pid 5090] <... chdir resumed>) = 0 [pid 5088] <... clone resumed>, child_tidptr=0x55556fa3c690) = 5094 [pid 5092] futex(0x7fda22e1a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5092] <... futex resumed>) = 0 [pid 5090] <... prctl resumed>) = 0 [pid 5089] <... write resumed>) = 18 [pid 5090] setpgid(0, 0 [pid 5092] rt_sigaction(SIGRT_1, {sa_handler=0x7fda22db3020, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fda22da41d0}, [pid 5090] <... setpgid resumed>) = 0 [pid 5089] futex(0x7fda22e1a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5092] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5089] <... futex resumed>) = 0 [pid 5092] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5091] write(1, "executing program\n", 18 [pid 5089] rt_sigaction(SIGRT_1, {sa_handler=0x7fda22db3020, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fda22da41d0}, ./strace-static-x86_64: Process 5094 attached [pid 5092] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5091] <... write resumed>) = 18 [pid 5090] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5089] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5094] set_robust_list(0x55556fa3c6a0, 24 [pid 5092] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5091] futex(0x7fda22e1a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5092] <... mmap resumed>) = 0x7fda22d23000 [pid 5091] <... futex resumed>) = 0 [pid 5089] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5092] mprotect(0x7fda22d24000, 131072, PROT_READ|PROT_WRITE [pid 5091] rt_sigaction(SIGRT_1, {sa_handler=0x7fda22db3020, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fda22da41d0}, [pid 5089] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5094] <... set_robust_list resumed>) = 0 [pid 5092] <... mprotect resumed>) = 0 [pid 5091] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5090] <... openat resumed>) = 3 [pid 5089] <... mmap resumed>) = 0x7fda22d23000 [pid 5091] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5090] write(3, "1000", 4 [pid 5094] chdir("./0" [pid 5092] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5091] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5090] <... write resumed>) = 4 [pid 5089] mprotect(0x7fda22d24000, 131072, PROT_READ|PROT_WRITE [pid 5094] <... chdir resumed>) = 0 [pid 5092] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5091] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5090] close(3 [pid 5089] <... mprotect resumed>) = 0 [pid 5094] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5092] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fda22d43990, parent_tid=0x7fda22d43990, exit_signal=0, stack=0x7fda22d23000, stack_size=0x20300, tls=0x7fda22d436c0} [pid 5091] <... mmap resumed>) = 0x7fda22d23000 [pid 5090] <... close resumed>) = 0 [pid 5094] <... prctl resumed>) = 0 [pid 5089] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5091] mprotect(0x7fda22d24000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 5095 attached [pid 5092] <... clone3 resumed> => {parent_tid=[5095]}, 88) = 5095 [pid 5091] <... mprotect resumed>) = 0 [pid 5089] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5095] rseq(0x7fda22d43fe0, 0x20, 0, 0x53053053 [pid 5094] setpgid(0, 0 [pid 5092] rt_sigprocmask(SIG_SETMASK, [], [pid 5091] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5090] symlink("/dev/binderfs", "./binderfs" [pid 5089] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fda22d43990, parent_tid=0x7fda22d43990, exit_signal=0, stack=0x7fda22d23000, stack_size=0x20300, tls=0x7fda22d436c0} [pid 5095] <... rseq resumed>) = 0 [pid 5094] <... setpgid resumed>) = 0 [pid 5092] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5095] set_robust_list(0x7fda22d439a0, 24 [pid 5092] futex(0x7fda22e1a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5091] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5090] <... symlink resumed>) = 0 ./strace-static-x86_64: Process 5096 attached [pid 5095] <... set_robust_list resumed>) = 0 [pid 5094] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5092] <... futex resumed>) = 0 [pid 5091] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fda22d43990, parent_tid=0x7fda22d43990, exit_signal=0, stack=0x7fda22d23000, stack_size=0x20300, tls=0x7fda22d436c0} [pid 5096] rseq(0x7fda22d43fe0, 0x20, 0, 0x53053053 [pid 5095] rt_sigprocmask(SIG_SETMASK, [], [pid 5094] <... openat resumed>) = 3 [pid 5092] futex(0x7fda22e1a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5089] <... clone3 resumed> => {parent_tid=[5096]}, 88) = 5096 [pid 5096] <... rseq resumed>) = 0 [pid 5095] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5094] write(3, "1000", 4./strace-static-x86_64: Process 5097 attached [pid 5096] set_robust_list(0x7fda22d439a0, 24 [pid 5095] memfd_create("syzkaller", 0executing program [pid 5094] <... write resumed>) = 4 [pid 5090] write(1, "executing program\n", 18 [pid 5089] rt_sigprocmask(SIG_SETMASK, [], [pid 5097] rseq(0x7fda22d43fe0, 0x20, 0, 0x53053053 [pid 5094] close(3 [pid 5097] <... rseq resumed>) = 0 [pid 5094] <... close resumed>) = 0 [pid 5090] <... write resumed>) = 18 [pid 5097] set_robust_list(0x7fda22d439a0, 24) = 0 [pid 5097] rt_sigprocmask(SIG_SETMASK, [], [pid 5090] futex(0x7fda22e1a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5097] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5090] <... futex resumed>) = 0 [pid 5097] futex(0x7fda22e1a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5096] <... set_robust_list resumed>) = 0 [pid 5095] <... memfd_create resumed>) = 3 [pid 5094] symlink("/dev/binderfs", "./binderfs" [pid 5091] <... clone3 resumed> => {parent_tid=[5097]}, 88) = 5097 [pid 5090] rt_sigaction(SIGRT_1, {sa_handler=0x7fda22db3020, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fda22da41d0}, [pid 5089] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5096] rt_sigprocmask(SIG_SETMASK, [], [pid 5095] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5091] rt_sigprocmask(SIG_SETMASK, [], [pid 5089] futex(0x7fda22e1a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5095] <... mmap resumed>) = 0x7fda1a800000 [pid 5091] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5090] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5089] <... futex resumed>) = 0 [pid 5096] memfd_create("syzkaller", 0 [pid 5094] <... symlink resumed>) = 0 [pid 5090] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5090] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5094] write(1, "executing program\n", 18 [pid 5090] <... mmap resumed>) = 0x7fda22d23000 [pid 5089] futex(0x7fda22e1a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}executing program [pid 5091] futex(0x7fda22e1a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] <... memfd_create resumed>) = 3 [pid 5097] <... futex resumed>) = 0 [pid 5091] <... futex resumed>) = 1 [pid 5094] <... write resumed>) = 18 [pid 5091] futex(0x7fda22e1a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5096] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5097] memfd_create("syzkaller", 0 [pid 5096] <... mmap resumed>) = 0x7fda1a800000 [pid 5094] futex(0x7fda22e1a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] mprotect(0x7fda22d24000, 131072, PROT_READ|PROT_WRITE [pid 5097] <... memfd_create resumed>) = 3 [pid 5094] <... futex resumed>) = 0 [pid 5090] <... mprotect resumed>) = 0 [pid 5094] rt_sigaction(SIGRT_1, {sa_handler=0x7fda22db3020, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fda22da41d0}, [pid 5097] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5094] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5094] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5094] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5097] <... mmap resumed>) = 0x7fda1a800000 [pid 5094] <... mmap resumed>) = 0x7fda22d23000 [pid 5090] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5094] mprotect(0x7fda22d24000, 131072, PROT_READ|PROT_WRITE [pid 5090] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5094] <... mprotect resumed>) = 0 [pid 5090] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fda22d43990, parent_tid=0x7fda22d43990, exit_signal=0, stack=0x7fda22d23000, stack_size=0x20300, tls=0x7fda22d436c0} [pid 5094] rt_sigprocmask(SIG_BLOCK, ~[], ./strace-static-x86_64: Process 5098 attached [pid 5098] rseq(0x7fda22d43fe0, 0x20, 0, 0x53053053) = 0 [pid 5094] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5090] <... clone3 resumed> => {parent_tid=[5098]}, 88) = 5098 [pid 5090] rt_sigprocmask(SIG_SETMASK, [], [pid 5094] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fda22d43990, parent_tid=0x7fda22d43990, exit_signal=0, stack=0x7fda22d23000, stack_size=0x20300, tls=0x7fda22d436c0}./strace-static-x86_64: Process 5099 attached [pid 5098] set_robust_list(0x7fda22d439a0, 24 [pid 5090] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5094] <... clone3 resumed> => {parent_tid=[5099]}, 88) = 5099 [pid 5090] futex(0x7fda22e1a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5099] rseq(0x7fda22d43fe0, 0x20, 0, 0x53053053 [pid 5094] rt_sigprocmask(SIG_SETMASK, [], [pid 5099] <... rseq resumed>) = 0 [pid 5090] <... futex resumed>) = 0 [pid 5094] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5094] futex(0x7fda22e1a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] futex(0x7fda22e1a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5099] set_robust_list(0x7fda22d439a0, 24 [pid 5094] <... futex resumed>) = 0 [pid 5099] <... set_robust_list resumed>) = 0 [pid 5094] futex(0x7fda22e1a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5099] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5098] <... set_robust_list resumed>) = 0 [pid 5098] rt_sigprocmask(SIG_SETMASK, [], [pid 5099] memfd_create("syzkaller", 0 [pid 5098] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5098] memfd_create("syzkaller", 0 [pid 5099] <... memfd_create resumed>) = 3 [pid 5098] <... memfd_create resumed>) = 3 [pid 5099] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda1a800000 [pid 5098] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fda1a800000 [pid 5097] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5096] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5095] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5099] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5098] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5097] <... write resumed>) = 16777216 [pid 5096] <... write resumed>) = 16777216 [pid 5097] munmap(0x7fda1a800000, 138412032 [pid 5096] munmap(0x7fda1a800000, 138412032 [pid 5097] <... munmap resumed>) = 0 [pid 5095] <... write resumed>) = 16777216 [pid 5097] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5097] ioctl(4, LOOP_SET_FD, 3 [pid 5099] <... write resumed>) = 16777216 [pid 5096] <... munmap resumed>) = 0 [pid 5095] munmap(0x7fda1a800000, 138412032 [pid 5099] munmap(0x7fda1a800000, 138412032 [pid 5096] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5097] <... ioctl resumed>) = 0 [pid 5096] ioctl(4, LOOP_SET_FD, 3 [pid 5097] close(3) = 0 [pid 5097] close(4) = 0 [pid 5097] mkdir("./file0", 0777) = 0 [ 80.180635][ T5097] loop1: detected capacity change from 0 to 32768 [ 80.205964][ T5096] loop0: detected capacity change from 0 to 32768 [pid 5097] mount("/dev/loop1", "./file0", "btrfs", 0, "" [pid 5099] <... munmap resumed>) = 0 [pid 5098] <... write resumed>) = 16777216 [pid 5096] <... ioctl resumed>) = 0 [pid 5095] <... munmap resumed>) = 0 [pid 5098] munmap(0x7fda1a800000, 138412032 [pid 5096] close(3 [pid 5095] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5096] <... close resumed>) = 0 [pid 5095] <... openat resumed>) = 4 [pid 5099] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5096] close(4 [pid 5095] ioctl(4, LOOP_SET_FD, 3 [pid 5096] <... close resumed>) = 0 [pid 5095] <... ioctl resumed>) = 0 [pid 5099] <... openat resumed>) = 4 [pid 5096] mkdir("./file0", 0777 [pid 5099] ioctl(4, LOOP_SET_FD, 3 [pid 5098] <... munmap resumed>) = 0 [pid 5096] <... mkdir resumed>) = 0 [pid 5098] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5096] mount("/dev/loop0", "./file0", "btrfs", 0, "" [ 80.215401][ T5097] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor845 (5097) [ 80.241931][ T5095] loop3: detected capacity change from 0 to 32768 [ 80.256016][ T5099] loop4: detected capacity change from 0 to 32768 [ 80.256945][ T5098] loop2: detected capacity change from 0 to 32768 [pid 5098] ioctl(4, LOOP_SET_FD, 3 [pid 5095] close(3 [pid 5098] <... ioctl resumed>) = 0 [pid 5098] close(3) = 0 [pid 5098] close(4) = 0 [pid 5098] mkdir("./file0", 0777) = 0 [pid 5098] mount("/dev/loop2", "./file0", "btrfs", 0, "" [pid 5095] <... close resumed>) = 0 [pid 5095] close(4 [pid 5099] <... ioctl resumed>) = 0 [pid 5099] close(3 [pid 5095] <... close resumed>) = 0 [pid 5099] <... close resumed>) = 0 [pid 5095] mkdir("./file0", 0777 [pid 5099] close(4) = 0 [pid 5099] mkdir("./file0", 0777 [pid 5095] <... mkdir resumed>) = 0 [pid 5099] <... mkdir resumed>) = 0 [pid 5099] mount("/dev/loop4", "./file0", "btrfs", 0, "" [ 80.276601][ T5096] BTRFS: device /dev/loop0 (7:0) using temp-fsid 41398d09-f43d-4e71-8aef-98915c5e0c4f [ 80.304665][ T5097] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 80.325854][ T5096] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor845 (5096) [ 80.342991][ T5097] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 80.356660][ T5097] BTRFS info (device loop1): using free-space-tree [ 80.373396][ T5096] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 80.373508][ T5098] BTRFS: device /dev/loop2 (7:2) using temp-fsid 64f4bfb3-2e7a-4f58-b341-e790f167cc94 [ 80.400544][ T5096] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 80.414507][ T5096] BTRFS info (device loop0): using free-space-tree [ 80.444435][ T5098] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor845 (5098) [ 80.489241][ T5099] BTRFS: device /dev/loop4 (7:4) using temp-fsid d3c9156f-3664-4e71-bc8d-5ee2e7c729da [ 80.505165][ T5099] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor845 (5099) [ 80.529374][ T5098] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 80.548980][ T5098] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 80.565705][ T5095] BTRFS: device /dev/loop3 (7:3) using temp-fsid d5507427-5a3e-4d21-9448-2a049f21ec7b [ 80.581545][ T5098] BTRFS info (device loop2): using free-space-tree [ 80.585432][ T5095] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor845 (5095) [ 80.599128][ T5099] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 80.622711][ T5099] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [pid 5095] mount("/dev/loop3", "./file0", "btrfs", 0, "" [pid 5097] <... mount resumed>) = 0 [pid 5097] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5097] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5097] ioctl(4, LOOP_CLR_FD) = 0 [pid 5097] close(4) = 0 [pid 5097] futex(0x7fda22e1a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5097] futex(0x7fda22e1a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5096] <... mount resumed>) = 0 [pid 5091] <... futex resumed>) = 0 [ 80.660420][ T5099] BTRFS info (device loop4): using free-space-tree [ 80.676548][ T5095] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [pid 5096] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5091] futex(0x7fda22e1a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5097] <... futex resumed>) = 0 [pid 5091] <... futex resumed>) = 1 [pid 5097] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=0x4 /* BTRFS_QUOTA_CTL_??? */} [pid 5091] futex(0x7fda22e1a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5096] <... openat resumed>) = 3 [pid 5096] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5096] ioctl(4, LOOP_CLR_FD) = 0 [pid 5096] close(4) = 0 [pid 5096] futex(0x7fda22e1a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5096] futex(0x7fda22e1a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5091] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5089] <... futex resumed>) = 0 [pid 5096] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5091] futex(0x7fda22e1a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] futex(0x7fda22e1a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=0x4 /* BTRFS_QUOTA_CTL_??? */} [pid 5091] <... futex resumed>) = 0 [pid 5089] <... futex resumed>) = 0 [pid 5091] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5089] futex(0x7fda22e1a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] <... mmap resumed>) = 0x7fda22d02000 [pid 5091] mprotect(0x7fda22d03000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5091] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 80.785103][ T5095] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [pid 5091] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fda22d22990, parent_tid=0x7fda22d22990, exit_signal=0, stack=0x7fda22d02000, stack_size=0x20300, tls=0x7fda22d226c0}./strace-static-x86_64: Process 5161 attached => {parent_tid=[5161]}, 88) = 5161 [pid 5091] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5161] rseq(0x7fda22d22fe0, 0x20, 0, 0x53053053) = 0 [pid 5091] futex(0x7fda22e1a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5161] set_robust_list(0x7fda22d229a0, 24 [pid 5091] futex(0x7fda22e1a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5161] <... set_robust_list resumed>) = 0 [pid 5089] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5089] futex(0x7fda22e1a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5161] rt_sigprocmask(SIG_SETMASK, [], [pid 5089] <... futex resumed>) = 0 [pid 5089] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fda22d02000 [pid 5161] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5089] mprotect(0x7fda22d03000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5089] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5161] chdir("./file0" [pid 5089] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5161] <... chdir resumed>) = 0 [pid 5089] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fda22d22990, parent_tid=0x7fda22d22990, exit_signal=0, stack=0x7fda22d02000, stack_size=0x20300, tls=0x7fda22d226c0}./strace-static-x86_64: Process 5167 attached [pid 5161] futex(0x7fda22e1a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5167] rseq(0x7fda22d22fe0, 0x20, 0, 0x53053053 [pid 5089] <... clone3 resumed> => {parent_tid=[5167]}, 88) = 5167 [pid 5167] <... rseq resumed>) = 0 [pid 5089] rt_sigprocmask(SIG_SETMASK, [], [pid 5167] set_robust_list(0x7fda22d229a0, 24 [pid 5089] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5167] <... set_robust_list resumed>) = 0 [pid 5161] <... futex resumed>) = 1 [pid 5091] <... futex resumed>) = 0 [ 80.860532][ T5095] BTRFS info (device loop3): using free-space-tree [pid 5089] futex(0x7fda22e1a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5167] rt_sigprocmask(SIG_SETMASK, [], [pid 5161] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5091] futex(0x7fda22e1a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] <... futex resumed>) = 0 [pid 5167] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5091] <... futex resumed>) = 0 [pid 5089] futex(0x7fda22e1a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5167] chdir("./file0" [pid 5091] futex(0x7fda22e1a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5167] <... chdir resumed>) = 0 [pid 5167] futex(0x7fda22e1a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5089] <... futex resumed>) = 0 [pid 5167] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5089] futex(0x7fda22e1a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5167] <... open resumed>) = 4 [pid 5089] <... futex resumed>) = 0 [pid 5089] futex(0x7fda22e1a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5098] <... mount resumed>) = 0 [ 80.926203][ T29] audit: type=1800 audit(1718813990.637:2): pid=5161 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor845" name="file2" dev="loop1" ino=261 res=0 errno=0 [ 80.948887][ T5096] BTRFS info (device loop0): setting incompat feature flag for SIMPLE_QUOTA (0x10000) [pid 5098] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5091] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5089] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5091] futex(0x7fda22e1a6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] futex(0x7fda22e1a6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5167] futex(0x7fda22e1a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5091] <... futex resumed>) = 0 [pid 5089] <... futex resumed>) = 0 [pid 5167] <... futex resumed>) = 0 [pid 5161] <... open resumed>) = 4 [pid 5098] <... openat resumed>) = 3 [pid 5091] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5089] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5167] futex(0x7fda22e1a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5161] futex(0x7fda22e1a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5098] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5091] <... mmap resumed>) = 0x7fda22ce1000 [pid 5089] <... mmap resumed>) = 0x7fda22ce1000 [pid 5091] mprotect(0x7fda22ce2000, 131072, PROT_READ|PROT_WRITE [pid 5089] mprotect(0x7fda22ce2000, 131072, PROT_READ|PROT_WRITE [pid 5091] <... mprotect resumed>) = 0 [pid 5089] <... mprotect resumed>) = 0 [pid 5098] <... openat resumed>) = 4 [pid 5098] ioctl(4, LOOP_CLR_FD [pid 5097] <... ioctl resumed>) = 0 [pid 5096] <... ioctl resumed>) = 0 [pid 5089] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5091] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5089] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fda22d01990, parent_tid=0x7fda22d01990, exit_signal=0, stack=0x7fda22ce1000, stack_size=0x20300, tls=0x7fda22d016c0} [pid 5091] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5091] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fda22d01990, parent_tid=0x7fda22d01990, exit_signal=0, stack=0x7fda22ce1000, stack_size=0x20300, tls=0x7fda22d016c0} [pid 5089] <... clone3 resumed> => {parent_tid=[5173]}, 88) = 5173 [pid 5089] rt_sigprocmask(SIG_SETMASK, [], [pid 5091] <... clone3 resumed> => {parent_tid=[5174]}, 88) = 5174 [pid 5089] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5161] <... futex resumed>) = 0 [pid 5091] rt_sigprocmask(SIG_SETMASK, [], [pid 5089] futex(0x7fda22e1a6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5161] futex(0x7fda22e1a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5091] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5089] <... futex resumed>) = 0 [pid 5091] futex(0x7fda22e1a6e8, FUTEX_WAKE_PRIVATE, 1000000 [ 80.972561][ T5097] BTRFS info (device loop1): setting incompat feature flag for SIMPLE_QUOTA (0x10000) [pid 5089] futex(0x7fda22e1a6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5098] <... ioctl resumed>) = 0 [pid 5097] futex(0x7fda22e1a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] futex(0x7fda22e1a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5091] <... futex resumed>) = 0 [pid 5098] close(4 [pid 5097] <... futex resumed>) = 0 [pid 5096] <... futex resumed>) = 0 [pid 5098] <... close resumed>) = 0 [pid 5097] futex(0x7fda22e1a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5096] futex(0x7fda22e1a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5098] futex(0x7fda22e1a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5091] futex(0x7fda22e1a6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5090] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5174 attached ./strace-static-x86_64: Process 5173 attached [pid 5098] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=0x4 /* BTRFS_QUOTA_CTL_??? */} [pid 5090] futex(0x7fda22e1a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] futex(0x7fda22e1a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5174] rseq(0x7fda22d01fe0, 0x20, 0, 0x53053053 [pid 5173] rseq(0x7fda22d01fe0, 0x20, 0, 0x53053053 [pid 5089] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5174] <... rseq resumed>) = 0 [pid 5173] <... rseq resumed>) = 0 [pid 5091] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5174] set_robust_list(0x7fda22d019a0, 24 [pid 5173] set_robust_list(0x7fda22d019a0, 24 [pid 5174] <... set_robust_list resumed>) = 0 [pid 5173] <... set_robust_list resumed>) = 0 [pid 5174] rt_sigprocmask(SIG_SETMASK, [], [pid 5173] rt_sigprocmask(SIG_SETMASK, [], [pid 5174] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5173] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 81.060512][ T5098] BTRFS info (device loop2): setting incompat feature flag for SIMPLE_QUOTA (0x10000) [pid 5174] ioctl(4, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5173] ioctl(4, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5099] <... mount resumed>) = 0 [pid 5098] <... ioctl resumed>) = 0 [pid 5090] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5098] futex(0x7fda22e1a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] futex(0x7fda22e1a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5098] <... futex resumed>) = 0 [pid 5090] <... futex resumed>) = 0 [pid 5098] chdir("./file0" [pid 5090] futex(0x7fda22e1a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5098] <... chdir resumed>) = 0 [pid 5099] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5098] futex(0x7fda22e1a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5098] <... futex resumed>) = 0 [pid 5099] <... openat resumed>) = 3 [pid 5098] futex(0x7fda22e1a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5090] futex(0x7fda22e1a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5098] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5098] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5174] <... ioctl resumed>) = 0 [pid 5173] <... ioctl resumed>) = 0 [pid 5099] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5098] <... open resumed>) = 4 [pid 5090] <... futex resumed>) = 0 [pid 5174] futex(0x7fda22e1a6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5099] <... openat resumed>) = 4 [pid 5090] futex(0x7fda22e1a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5099] ioctl(4, LOOP_CLR_FD [pid 5091] exit_group(0 [pid 5173] futex(0x7fda22e1a6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5161] <... futex resumed>) = ? [pid 5099] <... ioctl resumed>) = 0 [pid 5097] <... futex resumed>) = ? [pid 5091] <... exit_group resumed>) = ? [ 81.103443][ T29] audit: type=1800 audit(1718813990.647:3): pid=5167 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor845" name="file2" dev="loop0" ino=261 res=0 errno=0 [pid 5174] <... futex resumed>) = ? [pid 5173] <... futex resumed>) = 0 [pid 5161] +++ exited with 0 +++ [pid 5099] close(4 [pid 5097] +++ exited with 0 +++ [pid 5174] +++ exited with 0 +++ [pid 5173] futex(0x7fda22e1a6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5099] <... close resumed>) = 0 [pid 5098] futex(0x7fda22e1a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5091] +++ exited with 0 +++ [pid 5089] exit_group(0 [pid 5173] <... futex resumed>) = ? [pid 5167] <... futex resumed>) = ? [pid 5099] futex(0x7fda22e1a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5098] <... futex resumed>) = 1 [pid 5096] <... futex resumed>) = ? [pid 5090] <... futex resumed>) = 0 [pid 5089] <... exit_group resumed>) = ? [pid 5090] futex(0x7fda22e1a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5167] +++ exited with 0 +++ [pid 5099] <... futex resumed>) = 1 [pid 5098] ioctl(4, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5096] +++ exited with 0 +++ [pid 5094] <... futex resumed>) = 0 [pid 5090] <... futex resumed>) = 0 [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5091, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=48 /* 0.48 s */} --- [pid 5094] futex(0x7fda22e1a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] futex(0x7fda22e1a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5094] <... futex resumed>) = 0 [pid 5094] futex(0x7fda22e1a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5173] +++ exited with 0 +++ [pid 5099] ioctl(3, BTRFS_IOC_QUOTA_CTL, {cmd=0x4 /* BTRFS_QUOTA_CTL_??? */} [pid 5098] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5089] +++ exited with 0 +++ [pid 5085] restart_syscall(<... resuming interrupted clone ...> [pid 5098] futex(0x7fda22e1a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... restart_syscall resumed>) = 0 [pid 5098] <... futex resumed>) = 1 [pid 5090] <... futex resumed>) = 0 [pid 5084] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5089, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=42 /* 0.42 s */} --- [pid 5090] exit_group(0) = ? [pid 5084] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5098] +++ exited with 0 +++ [pid 5090] +++ exited with 0 +++ [pid 5085] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5084] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5094] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5090, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=34 /* 0.34 s */} --- [pid 5085] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5084] <... openat resumed>) = 3 [pid 5094] futex(0x7fda22e1a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5086] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5085] <... openat resumed>) = 3 [pid 5084] newfstatat(3, "", [pid 5094] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5085] newfstatat(3, "", [pid 5084] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5094] <... mmap resumed>) = 0x7fda22d02000 [pid 5094] mprotect(0x7fda22d03000, 131072, PROT_READ|PROT_WRITE [pid 5086] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5085] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5084] getdents64(3, [pid 5086] <... openat resumed>) = 3 [pid 5085] getdents64(3, [pid 5084] <... getdents64 resumed>0x55556fa3d730 /* 4 entries */, 32768) = 112 [pid 5086] newfstatat(3, "", [pid 5085] <... getdents64 resumed>0x55556fa3d730 /* 4 entries */, 32768) = 112 [pid 5084] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5094] <... mprotect resumed>) = 0 [pid 5086] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5085] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5094] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5086] getdents64(3, [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 81.288323][ T5099] BTRFS info (device loop4): setting incompat feature flag for SIMPLE_QUOTA (0x10000) [pid 5084] newfstatat(AT_FDCWD, "./0/binderfs", [pid 5094] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5086] <... getdents64 resumed>0x55556fa3d730 /* 4 entries */, 32768) = 112 [pid 5085] newfstatat(AT_FDCWD, "./0/binderfs", [pid 5084] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5094] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fda22d22990, parent_tid=0x7fda22d22990, exit_signal=0, stack=0x7fda22d02000, stack_size=0x20300, tls=0x7fda22d226c0} [pid 5086] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5085] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5084] unlink("./0/binderfs" [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5085] unlink("./0/binderfs" [pid 5084] <... unlink resumed>) = 0 [pid 5094] <... clone3 resumed> => {parent_tid=[5189]}, 88) = 5189 [pid 5085] <... unlink resumed>) = 0 [pid 5085] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5086] newfstatat(AT_FDCWD, "./0/binderfs", [pid 5084] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5086] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5094] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5189 attached [pid 5099] <... ioctl resumed>) = 0 [pid 5094] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5086] unlink("./0/binderfs") = 0 [pid 5189] rseq(0x7fda22d22fe0, 0x20, 0, 0x53053053 [pid 5099] futex(0x7fda22e1a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5094] futex(0x7fda22e1a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5189] <... rseq resumed>) = 0 [pid 5099] <... futex resumed>) = 0 [pid 5094] <... futex resumed>) = 0 [pid 5189] set_robust_list(0x7fda22d229a0, 24 [pid 5099] futex(0x7fda22e1a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5094] futex(0x7fda22e1a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5189] <... set_robust_list resumed>) = 0 [ 81.319256][ T29] audit: type=1800 audit(1718813990.887:4): pid=5098 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor845" name="file2" dev="loop2" ino=261 res=0 errno=0 [pid 5189] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5189] chdir("./file0") = 0 [pid 5189] futex(0x7fda22e1a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5094] <... futex resumed>) = 0 [pid 5094] futex(0x7fda22e1a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5189] futex(0x7fda22e1a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5099] <... futex resumed>) = 0 [pid 5094] <... futex resumed>) = 1 [pid 5099] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5094] futex(0x7fda22e1a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5099] <... open resumed>) = 4 [pid 5099] futex(0x7fda22e1a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5099] futex(0x7fda22e1a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5094] <... futex resumed>) = 0 [pid 5095] <... mount resumed>) = 0 [pid 5095] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [ 81.395726][ T29] audit: type=1800 audit(1718813991.127:5): pid=5099 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor845" name="file2" dev="loop4" ino=261 res=0 errno=0 [ 81.438838][ T5085] ------------[ cut here ]------------ [pid 5094] futex(0x7fda22e1a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5095] <... openat resumed>) = 3 [pid 5095] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5095] ioctl(4, LOOP_CLR_FD [pid 5094] <... futex resumed>) = 1 [pid 5099] <... futex resumed>) = 0 [pid 5095] <... ioctl resumed>) = 0 [pid 5094] futex(0x7fda22e1a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5099] ioctl(4, BTRFS_IOC_QGROUP_CREATE, {create=0, qgroupid=5} [pid 5095] close(4 [pid 5099] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5095] <... close resumed>) = 0 [pid 5095] futex(0x7fda22e1a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 81.446083][ T5085] BTRFS: Transaction aborted (error -2) [ 81.461073][ T5085] WARNING: CPU: 0 PID: 5085 at fs/btrfs/extent-tree.c:2984 __btrfs_free_extent+0x32d1/0x3a10 [ 81.474147][ T5085] Modules linked in: [ 81.480690][ T5085] CPU: 0 PID: 5085 Comm: syz-executor845 Not tainted 6.10.0-rc3-syzkaller-00044-g2ccbdf43d5e7 #0 [pid 5095] futex(0x7fda22e1a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5099] futex(0x7fda22e1a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 81.492851][ T5084] ------------[ cut here ]------------ [ 81.493258][ T5085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 81.499193][ T5084] BTRFS: Transaction aborted (error -2) [ 81.516327][ T5085] RIP: 0010:__btrfs_free_extent+0x32d1/0x3a10 [ 81.523588][ T5085] Code: e8 64 b0 b0 fd 90 0f 0b 90 90 e9 3c f3 ff ff e8 b5 81 ee fd 90 48 c7 c7 00 2e 0b 8c 44 8b 6c 24 18 44 89 ee e8 40 b0 b0 fd 90 <0f> 0b 90 90 4c 8b 24 24 e9 4f f3 ff ff e8 8d 81 ee fd 90 48 c7 c7 [ 81.532029][ T5084] WARNING: CPU: 1 PID: 5084 at fs/btrfs/extent-tree.c:2984 __btrfs_free_extent+0x32d1/0x3a10 [ 81.550961][ T5085] RSP: 0018:ffffc9000352f220 EFLAGS: 00010246 [ 81.563711][ T5084] Modules linked in: [ 81.570338][ T5085] RAX: 7e1377ca92db5900 RBX: ffff888024e3c001 RCX: ffff88807c1f0000 [ 81.575029][ T5084] [ 81.583527][ T5085] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 81.586023][ T5084] CPU: 1 PID: 5084 Comm: syz-executor845 Not tainted 6.10.0-rc3-syzkaller-00044-g2ccbdf43d5e7 #0 [ 81.595754][ T5085] RBP: ffffc9000352f3f0 R08: ffffffff81585742 R09: fffffbfff1c39994 [ 81.609112][ T5084] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 81.618947][ T5085] R10: dffffc0000000000 R11: fffffbfff1c39994 R12: dffffc0000000000 [ 81.618981][ T5085] R13: 00000000fffffffe R14: 0000000000000000 R15: ffff888063a8b5c8 [ 81.629754][ T5084] RIP: 0010:__btrfs_free_extent+0x32d1/0x3a10 [ 81.639189][ T5085] FS: 000055556fa3c3c0(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 [ 81.649478][ T5084] Code: e8 64 b0 b0 fd 90 0f 0b 90 90 e9 3c f3 ff ff e8 b5 81 ee fd 90 48 c7 c7 00 2e 0b 8c 44 8b 6c 24 18 44 89 ee e8 40 b0 b0 fd 90 <0f> 0b 90 90 4c 8b 24 24 e9 4f f3 ff ff e8 8d 81 ee fd 90 48 c7 c7 [ 81.649514][ T5084] RSP: 0018:ffffc900035df220 EFLAGS: 00010246 [ 81.649545][ T5084] RAX: 297888f760071d00 RBX: ffff888011be4001 RCX: ffff88802763da00 [ 81.649568][ T5084] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 81.649585][ T5084] RBP: ffffc900035df3f0 R08: ffffffff81585742 R09: 1ffffffff25ee8ca [ 81.657618][ T5085] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 81.670316][ T5084] R10: dffffc0000000000 R11: fffffbfff25ee8cb R12: dffffc0000000000 [ 81.694703][ T5085] CR2: 00005648b40a4798 CR3: 0000000023a7e000 CR4: 00000000003506f0 [ 81.694740][ T5085] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 81.694758][ T5085] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 81.694775][ T5085] Call Trace: [ 81.694790][ T5085] [ 81.694803][ T5085] ? __warn+0x163/0x4e0 [ 81.694841][ T5085] ? __btrfs_free_extent+0x32d1/0x3a10 [ 81.703989][ T5084] R13: 00000000fffffffe R14: 0000000000000000 R15: ffff888063a04940 [ 81.713760][ T5085] ? report_bug+0x2b3/0x500 [ 81.723304][ T5084] FS: 000055556fa3c3c0(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 [ 81.732829][ T5085] ? __btrfs_free_extent+0x32d1/0x3a10 [ 81.740406][ T5084] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 81.749849][ T5085] ? handle_bug+0x3e/0x70 [ 81.760464][ T5084] CR2: 00005648b40f1ee8 CR3: 0000000023994000 CR4: 00000000003506f0 [ 81.778917][ T5085] ? exc_invalid_op+0x1a/0x50 [ 81.792044][ T5084] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 81.796861][ T5085] ? asm_exc_invalid_op+0x1a/0x20 [ 81.800778][ T5084] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 81.805991][ T5085] ? __warn_printk+0x292/0x360 [ 81.817014][ T5084] Call Trace: [ 81.827500][ T5085] ? __btrfs_free_extent+0x32d1/0x3a10 [ 81.833737][ T5084] [ 81.845579][ T5085] ? __pfx___btrfs_free_extent+0x10/0x10 [ 81.852517][ T5084] ? __warn+0x163/0x4e0 [ 81.859458][ T5085] ? __lock_acquire+0x1f40/0x1fd0 [ 81.866064][ T5084] ? __btrfs_free_extent+0x32d1/0x3a10 [ 81.875542][ T5085] ? do_raw_read_unlock+0x3c/0x80 [ 81.880797][ T5084] ? report_bug+0x2b3/0x500 [ 81.889759][ T5085] ? do_raw_spin_unlock+0x13c/0x8b0 [ 81.896292][ T5084] ? __btrfs_free_extent+0x32d1/0x3a10 [ 81.905406][ T5085] __btrfs_run_delayed_refs+0x117c/0x4670 [ 81.910946][ T5084] ? handle_bug+0x3e/0x70 [ 81.914608][ T5085] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 81.914728][ T5085] ? __pfx___btrfs_run_delayed_refs+0x10/0x10 [ 81.920785][ T5084] ? exc_invalid_op+0x1a/0x50 [ 81.925051][ T5085] ? mark_lock+0x9a/0x350 [ 81.932425][ T5084] ? asm_exc_invalid_op+0x1a/0x20 [ 81.938477][ T5085] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 81.944317][ T5084] ? __warn_printk+0x292/0x360 [ 81.950826][ T5085] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 81.955961][ T5084] ? __btrfs_free_extent+0x32d1/0x3a10 [ 81.960569][ T5085] ? kasan_quarantine_put+0xdc/0x230 [ 81.967577][ T5084] ? __pfx___btrfs_free_extent+0x10/0x10 [ 81.975167][ T5085] ? lockdep_hardirqs_on+0x99/0x150 [ 81.975220][ T5085] ? __btrfs_run_delayed_items+0x2b3/0x490 [ 81.985279][ T5084] ? __lock_acquire+0x1f40/0x1fd0 [ 81.990856][ T5085] ? kmem_cache_free+0x145/0x350 [ 81.997481][ T5084] ? do_raw_read_unlock+0x3c/0x80 [ 82.005009][ T5085] btrfs_run_delayed_refs+0xe3/0x2c0 [ 82.010445][ T5084] ? do_raw_spin_unlock+0x13c/0x8b0 [ 82.015214][ T5085] ? btrfs_commit_transaction+0x17f/0x3740 [ 82.020797][ T5084] __btrfs_run_delayed_refs+0x117c/0x4670 [ 82.030721][ T5085] btrfs_commit_transaction+0xf5d/0x3740 [ 82.030778][ T5085] ? btrfs_commit_transaction+0x17f/0x3740 [ 82.036790][ T5084] ? __pfx___btrfs_run_delayed_refs+0x10/0x10 [ 82.043807][ T5085] ? __pfx_btrfs_commit_transaction+0x10/0x10 [ 82.050936][ T5084] ? mark_lock+0x9a/0x350 [ 82.056815][ T5085] ? join_transaction+0x405/0xcf0 [ 82.062787][ T5084] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 82.068279][ T5085] ? btrfs_record_root_in_trans+0x92/0x190 [ 82.074450][ T5084] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 82.079919][ T5085] ? start_transaction+0x452/0x16d0 [ 82.087039][ T5084] ? kasan_quarantine_put+0xdc/0x230 [ 82.093789][ T5085] ? btrfs_attach_transaction_barrier+0x34/0xa0 [ 82.100479][ T5084] ? lockdep_hardirqs_on+0x99/0x150 [ 82.107137][ T5085] ? btrfs_sync_fs+0x1db/0x700 [ 82.115256][ T5084] ? __btrfs_run_delayed_items+0x2b3/0x490 [ 82.123295][ T5085] sync_filesystem+0x1c8/0x230 [ 82.132194][ T5084] ? kmem_cache_free+0x145/0x350 [ 82.139983][ T5085] generic_shutdown_super+0x72/0x2d0 [ 82.147296][ T5084] btrfs_run_delayed_refs+0xe3/0x2c0 [ 82.155034][ T5085] kill_anon_super+0x3b/0x70 [ 82.155090][ T5085] btrfs_kill_super+0x41/0x50 [ 82.161455][ T5084] ? btrfs_commit_transaction+0x17f/0x3740 [ 82.167329][ T5085] deactivate_locked_super+0xc4/0x130 [ 82.174830][ T5084] btrfs_commit_transaction+0xf5d/0x3740 [ 82.182079][ T5085] cleanup_mnt+0x41f/0x4b0 [ 82.191672][ T5084] ? btrfs_commit_transaction+0x17f/0x3740 [ 82.197789][ T5085] ? lockdep_hardirqs_on+0x99/0x150 [ 82.203873][ T5084] ? __pfx_btrfs_commit_transaction+0x10/0x10 [ 82.215871][ T5085] task_work_run+0x24f/0x310 [ 82.221879][ T5084] ? join_transaction+0x405/0xcf0 [ 82.227463][ T5085] ? __pfx_task_work_run+0x10/0x10 [ 82.233994][ T5084] ? btrfs_record_root_in_trans+0x92/0x190 [ 82.240989][ T5085] ? path_umount+0x284/0xf70 [ 82.247264][ T5084] ? start_transaction+0x452/0x16d0 [ 82.253171][ T5085] ptrace_notify+0x2d2/0x380 [ 82.259821][ T5084] ? btrfs_attach_transaction_barrier+0x34/0xa0 [ 82.265893][ T5085] ? __pfx_path_umount+0x10/0x10 [ 82.272392][ T5084] ? btrfs_sync_fs+0x1db/0x700 [ 82.279504][ T5085] ? user_path_at_empty+0x4c/0x60 [ 82.286730][ T5084] sync_filesystem+0x1c8/0x230 [ 82.293506][ T5085] ? __pfx_ptrace_notify+0x10/0x10 [ 82.298233][ T5084] generic_shutdown_super+0x72/0x2d0 [ 82.307388][ T5085] ? __x64_sys_umount+0x126/0x170 [ 82.307449][ T5085] ? __pfx___x64_sys_umount+0x10/0x10 [ 82.313307][ T5084] kill_anon_super+0x3b/0x70 [ 82.322210][ T5085] syscall_exit_work+0xc6/0x190 [ 82.330104][ T5084] btrfs_kill_super+0x41/0x50 [ 82.335496][ T5085] syscall_exit_to_user_mode+0x273/0x370 [ 82.335553][ T5085] do_syscall_64+0x100/0x230 [ 82.343245][ T5084] deactivate_locked_super+0xc4/0x130 [ 82.343301][ T5084] cleanup_mnt+0x41f/0x4b0 [ 82.349670][ T5085] ? clear_bhb_loop+0x35/0x90 [ 82.354594][ T5084] ? lockdep_hardirqs_on+0x99/0x150 [ 82.360453][ T5085] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 82.365475][ T5084] task_work_run+0x24f/0x310 [ 82.375480][ T5085] RIP: 0033:0x7fda22d8de67 [ 82.381270][ T5084] ? __pfx_task_work_run+0x10/0x10 [ 82.387586][ T5085] Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8 [ 82.393267][ T5084] ? path_umount+0x284/0xf70 [ 82.398068][ T5085] RSP: 002b:00007fffaba15888 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 [ 82.398105][ T5085] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fda22d8de67 [ 82.404258][ T5084] ptrace_notify+0x2d2/0x380 [ 82.411745][ T5085] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fffaba15940 [ 82.411776][ T5085] RBP: 00007fffaba15940 R08: 0000000000000000 R09: 0000000000000000 [ 82.411793][ T5085] R10: 00000000ffffffff R11: 0000000000000206 R12: 00007fffaba16a00 [ 82.411810][ T5085] R13: 000055556fa3d700 R14: 431bde82d7b634db R15: 00007fffaba169a4 [ 82.411851][ T5085] [ 82.411865][ T5085] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 82.411877][ T5085] CPU: 0 PID: 5085 Comm: syz-executor845 Not tainted 6.10.0-rc3-syzkaller-00044-g2ccbdf43d5e7 #0 [ 82.411901][ T5085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 82.411915][ T5085] Call Trace: [ 82.411924][ T5085] [ 82.411934][ T5085] dump_stack_lvl+0x241/0x360 [ 82.411973][ T5085] ? __pfx_dump_stack_lvl+0x10/0x10 [ 82.412108][ T5085] ? __pfx__printk+0x10/0x10 [ 82.412149][ T5085] ? vscnprintf+0x5d/0x90 [ 82.412189][ T5085] panic+0x349/0x860 [ 82.412224][ T5085] ? __warn+0x172/0x4e0 [ 82.412254][ T5085] ? __pfx_panic+0x10/0x10 [ 82.412305][ T5085] __warn+0x346/0x4e0 [ 82.412336][ T5085] ? __btrfs_free_extent+0x32d1/0x3a10 [ 82.412379][ T5085] report_bug+0x2b3/0x500 [ 82.412404][ T5085] ? __btrfs_free_extent+0x32d1/0x3a10 [ 82.412447][ T5085] handle_bug+0x3e/0x70 [ 82.412477][ T5085] exc_invalid_op+0x1a/0x50 [ 82.412506][ T5085] asm_exc_invalid_op+0x1a/0x20 [ 82.412535][ T5085] RIP: 0010:__btrfs_free_extent+0x32d1/0x3a10 [ 82.412574][ T5085] Code: e8 64 b0 b0 fd 90 0f 0b 90 90 e9 3c f3 ff ff e8 b5 81 ee fd 90 48 c7 c7 00 2e 0b 8c 44 8b 6c 24 18 44 89 ee e8 40 b0 b0 fd 90 <0f> 0b 90 90 4c 8b 24 24 e9 4f f3 ff ff e8 8d 81 ee fd 90 48 c7 c7 [ 82.412595][ T5085] RSP: 0018:ffffc9000352f220 EFLAGS: 00010246 [ 82.412619][ T5085] RAX: 7e1377ca92db5900 RBX: ffff888024e3c001 RCX: ffff88807c1f0000 [ 82.412638][ T5085] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 82.412655][ T5085] RBP: ffffc9000352f3f0 R08: ffffffff81585742 R09: fffffbfff1c39994 [ 82.412673][ T5085] R10: dffffc0000000000 R11: fffffbfff1c39994 R12: dffffc0000000000 [ 82.412691][ T5085] R13: 00000000fffffffe R14: 0000000000000000 R15: ffff888063a8b5c8 [ 82.412718][ T5085] ? __warn_printk+0x292/0x360 [ 82.412796][ T5085] ? __pfx___btrfs_free_extent+0x10/0x10 [ 82.412834][ T5085] ? __lock_acquire+0x1f40/0x1fd0 [ 82.412859][ T5085] ? do_raw_read_unlock+0x3c/0x80 [ 82.412938][ T5085] ? do_raw_spin_unlock+0x13c/0x8b0 [ 82.412986][ T5085] __btrfs_run_delayed_refs+0x117c/0x4670 [ 82.413021][ T5085] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 82.413146][ T5085] ? __pfx___btrfs_run_delayed_refs+0x10/0x10 [ 82.413185][ T5085] ? mark_lock+0x9a/0x350 [ 82.413219][ T5085] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 82.413252][ T5085] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 82.413289][ T5085] ? kasan_quarantine_put+0xdc/0x230 [ 82.413324][ T5085] ? lockdep_hardirqs_on+0x99/0x150 [ 82.413360][ T5085] ? __btrfs_run_delayed_items+0x2b3/0x490 [ 82.413395][ T5085] ? kmem_cache_free+0x145/0x350 [ 82.413441][ T5085] btrfs_run_delayed_refs+0xe3/0x2c0 [ 82.413478][ T5085] ? btrfs_commit_transaction+0x17f/0x3740 [ 82.413511][ T5085] btrfs_commit_transaction+0xf5d/0x3740 [ 82.413546][ T5085] ? btrfs_commit_transaction+0x17f/0x3740 [ 82.413612][ T5085] ? __pfx_btrfs_commit_transaction+0x10/0x10 [ 82.413647][ T5085] ? join_transaction+0x405/0xcf0 [ 82.413685][ T5085] ? btrfs_record_root_in_trans+0x92/0x190 [ 82.413719][ T5085] ? start_transaction+0x452/0x16d0 [ 82.413769][ T5085] ? btrfs_attach_transaction_barrier+0x34/0xa0 [ 82.413797][ T5085] ? btrfs_sync_fs+0x1db/0x700 [ 82.413831][ T5085] sync_filesystem+0x1c8/0x230 [ 82.413876][ T5085] generic_shutdown_super+0x72/0x2d0 [ 82.413916][ T5085] kill_anon_super+0x3b/0x70 [ 82.413952][ T5085] btrfs_kill_super+0x41/0x50 [ 82.413991][ T5085] deactivate_locked_super+0xc4/0x130 [ 82.414030][ T5085] cleanup_mnt+0x41f/0x4b0 [ 82.414073][ T5085] ? lockdep_hardirqs_on+0x99/0x150 [ 82.414105][ T5085] task_work_run+0x24f/0x310 [ 82.414158][ T5085] ? __pfx_task_work_run+0x10/0x10 [ 82.414192][ T5085] ? path_umount+0x284/0xf70 [ 82.414242][ T5085] ptrace_notify+0x2d2/0x380 [ 82.414282][ T5085] ? __pfx_path_umount+0x10/0x10 [ 82.414315][ T5085] ? user_path_at_empty+0x4c/0x60 [ 82.414352][ T5085] ? __pfx_ptrace_notify+0x10/0x10 [ 82.414399][ T5085] ? __x64_sys_umount+0x126/0x170 [ 82.414434][ T5085] ? __pfx___x64_sys_umount+0x10/0x10 [ 82.414476][ T5085] syscall_exit_work+0xc6/0x190 [ 82.414512][ T5085] syscall_exit_to_user_mode+0x273/0x370 [ 82.414549][ T5085] do_syscall_64+0x100/0x230 [ 82.414580][ T5085] ? clear_bhb_loop+0x35/0x90 [ 82.414615][ T5085] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 82.414644][ T5085] RIP: 0033:0x7fda22d8de67 [ 82.414668][ T5085] Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8 [ 82.414696][ T5085] RSP: 002b:00007fffaba15888 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 [ 82.414722][ T5085] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fda22d8de67 [ 82.414739][ T5085] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fffaba15940 [ 82.414754][ T5085] RBP: 00007fffaba15940 R08: 0000000000000000 R09: 0000000000000000 [ 82.414770][ T5085] R10: 00000000ffffffff R11: 0000000000000206 R12: 00007fffaba16a00 [ 82.414787][ T5085] R13: 000055556fa3d700 R14: 431bde82d7b634db R15: 00007fffaba169a4 [ 82.414834][ T5085] [ 82.419089][ T5085] Kernel Offset: disabled