./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4149449454 <...> forked to background, child pid 4642 no interfaces have a carrier [ 29.071623][ T4643] 8021q: adding VLAN 0 to HW filter on device bond0 [ 29.081988][ T4643] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.17' (ECDSA) to the list of known hosts. execve("./syz-executor4149449454", ["./syz-executor4149449454"], 0x7ffdd52931c0 /* 10 vars */) = 0 brk(NULL) = 0x555556553000 brk(0x555556553c40) = 0x555556553c40 arch_prctl(ARCH_SET_FS, 0x555556553300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x5555565535d0) = 5070 set_robust_list(0x5555565535e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7eff7cb129c0, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7eff7cb13090}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7eff7cb12a60, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7eff7cb13090}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor4149449454", 4096) = 28 brk(0x555556574c40) = 0x555556574c40 brk(0x555556575000) = 0x555556575000 mprotect(0x7eff7cbda000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 5070 mkdir("./syzkaller.fqkFZA", 0700) = 0 chmod("./syzkaller.fqkFZA", 0777) = 0 chdir("./syzkaller.fqkFZA") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555565535d0) = 5071 ./strace-static-x86_64: Process 5071 attached [pid 5071] set_robust_list(0x5555565535e0, 24) = 0 [pid 5071] chdir("./0") = 0 [pid 5071] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5071] setpgid(0, 0) = 0 [pid 5071] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5071] write(3, "1000", 4) = 4 [pid 5071] close(3) = 0 [pid 5071] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5071] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5071] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7eff7cae1000 [pid 5071] mprotect(0x7eff7cae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5071] clone(child_stack=0x7eff7cb013f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5073], tls=0x7eff7cb01700, child_tidptr=0x7eff7cb019d0) = 5073 [pid 5071] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5071] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5073 attached [pid 5073] set_robust_list(0x7eff7cb019e0, 24) = 0 [pid 5073] memfd_create("syzkaller", 0) = 3 [pid 5073] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff746e1000 [pid 5073] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5073] munmap(0x7eff746e1000, 16777216) = 0 [pid 5073] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5073] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5073] close(3) = 0 [pid 5073] mkdir("./file0", 0777) = 0 syzkaller login: [ 55.027914][ T5073] loop0: detected capacity change from 0 to 32768 [ 55.040537][ T5073] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor414 (5073) [ 55.059301][ T5073] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 55.068982][ T5073] BTRFS info (device loop0): force clearing of disk cache [ 55.076128][ T5073] BTRFS info (device loop0): setting nodatasum [ 55.082428][ T5073] BTRFS info (device loop0): allowing degraded mounts [ 55.089257][ T5073] BTRFS info (device loop0): enabling disk space caching [ 55.096289][ T5073] BTRFS info (device loop0): disk space caching is enabled [ 55.119249][ T5073] BTRFS info (device loop0): enabling ssd optimizations [ 55.126509][ T5073] BTRFS info (device loop0): auto enabling async discard [ 55.135347][ T5073] BTRFS info (device loop0): clearing free space tree [ 55.142624][ T5073] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 55.153091][ T5073] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5073] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5073] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5073] chdir("./file0") = 0 [pid 5073] ioctl(4, LOOP_CLR_FD) = 0 [pid 5073] close(4) = 0 [pid 5073] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5071] <... futex resumed>) = 0 [pid 5071] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5071] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] <... futex resumed>) = 1 [pid 5073] open("./file0", O_RDONLY) = 4 [pid 5073] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5071] <... futex resumed>) = 0 [pid 5071] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5071] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] <... futex resumed>) = 1 [pid 5073] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5073] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5071] <... futex resumed>) = 0 [pid 5071] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5071] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] <... futex resumed>) = 1 [ 55.174629][ T5073] BTRFS info (device loop0): checking UUID tree [pid 5073] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5073] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5071] <... futex resumed>) = 0 [pid 5073] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5071] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5071] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5073] creat("./bus", 000) = 6 [pid 5073] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5071] <... futex resumed>) = 0 [pid 5071] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5071] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] ftruncate(6, 2048) = 0 [pid 5073] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5071] <... futex resumed>) = 0 [pid 5071] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5071] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 55.212531][ T27] audit: type=1800 audit(1672288918.391:2): pid=5073 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor414" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 55.230528][ T41] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 5073] open("./bus", O_RDONLY) = 7 [pid 5073] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5071] <... futex resumed>) = 0 [pid 5071] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5071] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] sendfile(6, 7, NULL, 65536) = 2048 [pid 5073] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5071] <... futex resumed>) = 0 [pid 5071] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 5071] <... futex resumed>) = 0 [pid 5071] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] <... openat resumed>) = 8 [pid 5073] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5071] <... futex resumed>) = 0 [pid 5071] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5071] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 55.257675][ T27] audit: type=1804 audit(1672288918.431:3): pid=5073 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor414" name="/root/syzkaller.fqkFZA/0/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 55.310278][ T5073] BTRFS info (device loop0): balance: start -s [pid 5073] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5071] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5071] futex(0x7eff7cbe07fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5071] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7eff756c0000 [pid 5071] mprotect(0x7eff756c1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5071] clone(child_stack=0x7eff756e03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5092], tls=0x7eff756e0700, child_tidptr=0x7eff756e09d0) = 5092 [pid 5071] futex(0x7eff7cbe07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5071] futex(0x7eff7cbe07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5092 attached [pid 5092] set_robust_list(0x7eff756e09e0, 24) = 0 [ 55.325582][ T5073] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5092] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 5071] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5092] <... ioctl resumed>) = 0 [pid 5092] futex(0x7eff7cbe07fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5092] futex(0x7eff7cbe07f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5073] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5073] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5071] exit_group(0 [pid 5092] <... futex resumed>) = ? [pid 5071] <... exit_group resumed>) = ? [pid 5092] +++ exited with 0 +++ [pid 5073] <... futex resumed>) = ? [pid 5073] +++ exited with 0 +++ [pid 5071] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5071, si_uid=0, si_status=0, si_utime=0, si_stime=40 /* 0.40 s */} --- umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556554620 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./0/binderfs") = 0 [ 55.423817][ T5073] BTRFS info (device loop0): balance: ended with status: 0 [ 55.439594][ T5092] syz-executor414 (5092) used greatest stack depth: 22392 bytes left umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555655c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555655c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x555556554620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555565535d0) = 5100 ./strace-static-x86_64: Process 5100 attached [pid 5100] set_robust_list(0x5555565535e0, 24) = 0 [pid 5100] chdir("./1") = 0 [pid 5100] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5100] setpgid(0, 0) = 0 [pid 5100] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5100] write(3, "1000", 4) = 4 [pid 5100] close(3) = 0 [pid 5100] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5100] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5100] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7eff7cae1000 [pid 5100] mprotect(0x7eff7cae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5100] clone(child_stack=0x7eff7cb013f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5101 attached , parent_tid=[5101], tls=0x7eff7cb01700, child_tidptr=0x7eff7cb019d0) = 5101 [pid 5101] set_robust_list(0x7eff7cb019e0, 24) = 0 [pid 5101] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5100] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5101] <... futex resumed>) = 0 [pid 5101] memfd_create("syzkaller", 0 [pid 5100] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5101] <... memfd_create resumed>) = 3 [pid 5101] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff746e1000 [pid 5101] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5101] munmap(0x7eff746e1000, 16777216) = 0 [pid 5101] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5101] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5101] close(3) = 0 [pid 5101] mkdir("./file0", 0777) = 0 [ 55.728473][ T5101] loop0: detected capacity change from 0 to 32768 [ 55.743074][ T5101] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 55.752397][ T5101] BTRFS info (device loop0): force clearing of disk cache [ 55.759568][ T5101] BTRFS info (device loop0): setting nodatasum [ 55.765754][ T5101] BTRFS info (device loop0): allowing degraded mounts [ 55.772602][ T5101] BTRFS info (device loop0): enabling disk space caching [ 55.779679][ T5101] BTRFS info (device loop0): disk space caching is enabled [ 55.799872][ T5101] BTRFS info (device loop0): enabling ssd optimizations [ 55.806927][ T5101] BTRFS info (device loop0): auto enabling async discard [ 55.817185][ T5101] BTRFS info (device loop0): clearing free space tree [pid 5101] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5101] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5101] chdir("./file0") = 0 [pid 5101] ioctl(4, LOOP_CLR_FD) = 0 [pid 5101] close(4) = 0 [pid 5101] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5100] <... futex resumed>) = 0 [pid 5101] open("./file0", O_RDONLY [pid 5100] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5101] <... open resumed>) = 4 [pid 5100] <... futex resumed>) = 0 [pid 5101] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5100] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5101] <... futex resumed>) = 0 [pid 5100] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5101] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5100] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 55.824086][ T5101] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 55.834035][ T5101] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 55.847907][ T5101] BTRFS info (device loop0): checking UUID tree [pid 5100] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5101] <... open resumed>) = 5 [pid 5101] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5100] <... futex resumed>) = 0 [pid 5100] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5100] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5101] <... futex resumed>) = 1 [pid 5101] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5101] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5100] <... futex resumed>) = 0 [pid 5100] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5100] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5101] <... futex resumed>) = 1 [pid 5101] creat("./bus", 000) = 6 [pid 5101] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5100] <... futex resumed>) = 0 [pid 5100] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5100] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5101] <... futex resumed>) = 1 [pid 5101] ftruncate(6, 2048) = 0 [pid 5101] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5100] <... futex resumed>) = 0 [pid 5100] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5100] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5101] <... futex resumed>) = 1 [pid 5101] open("./bus", O_RDONLY) = 7 [pid 5101] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5100] <... futex resumed>) = 0 [pid 5100] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5100] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5101] <... futex resumed>) = 1 [pid 5101] sendfile(6, 7, NULL, 65536) = 2048 [pid 5101] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5100] <... futex resumed>) = 0 [pid 5100] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5100] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5101] <... futex resumed>) = 1 [pid 5101] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 5101] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5100] <... futex resumed>) = 0 [pid 5100] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5100] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5101] <... futex resumed>) = 1 [ 55.874690][ T27] audit: type=1800 audit(1672288919.051:4): pid=5101 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor414" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 55.897534][ T27] audit: type=1804 audit(1672288919.071:5): pid=5101 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor414" name="/root/syzkaller.fqkFZA/1/file0/bus" dev="loop0" ino=263 res=1 errno=0 [pid 5101] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5100] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5100] futex(0x7eff7cbe07fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5100] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7eff756c0000 [pid 5100] mprotect(0x7eff756c1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5100] clone(child_stack=0x7eff756e03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5120], tls=0x7eff756e0700, child_tidptr=0x7eff756e09d0) = 5120 [pid 5100] futex(0x7eff7cbe07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5100] futex(0x7eff7cbe07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5120 attached [pid 5120] set_robust_list(0x7eff756e09e0, 24) = 0 [ 55.898544][ T41] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 55.934656][ T5101] BTRFS info (device loop0): balance: start -s [ 55.943281][ T5101] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5120] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 5100] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5120] <... ioctl resumed>) = 0 [pid 5100] futex(0x7eff7cbe07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0} [pid 5120] futex(0x7eff7cbe07fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5100] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5120] <... futex resumed>) = 0 [pid 5120] futex(0x7eff7cbe07f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5101] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5101] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5100] exit_group(0 [pid 5120] <... futex resumed>) = ? [pid 5100] <... exit_group resumed>) = ? [pid 5120] +++ exited with 0 +++ [pid 5101] +++ exited with 0 +++ [pid 5100] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5100, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556554620 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./1/binderfs") = 0 [ 55.977495][ T5101] BTRFS info (device loop0): balance: ended with status: 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555655c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555655c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 getdents64(3, 0x555556554620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555565535d0) = 5124 ./strace-static-x86_64: Process 5124 attached [pid 5124] set_robust_list(0x5555565535e0, 24) = 0 [pid 5124] chdir("./2") = 0 [pid 5124] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5124] setpgid(0, 0) = 0 [pid 5124] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5124] write(3, "1000", 4) = 4 [pid 5124] close(3) = 0 [pid 5124] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5124] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5124] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7eff7cae1000 [pid 5124] mprotect(0x7eff7cae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5124] clone(child_stack=0x7eff7cb013f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5125], tls=0x7eff7cb01700, child_tidptr=0x7eff7cb019d0) = 5125 [pid 5124] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5124] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5125 attached [pid 5125] set_robust_list(0x7eff7cb019e0, 24) = 0 [pid 5125] memfd_create("syzkaller", 0) = 3 [pid 5125] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff746e1000 [pid 5125] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5125] munmap(0x7eff746e1000, 16777216) = 0 [pid 5125] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5125] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5125] close(3) = 0 [pid 5125] mkdir("./file0", 0777) = 0 [ 56.305408][ T5125] loop0: detected capacity change from 0 to 32768 [ 56.318561][ T5125] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 56.328095][ T5125] BTRFS info (device loop0): force clearing of disk cache [ 56.335226][ T5125] BTRFS info (device loop0): setting nodatasum [ 56.341460][ T5125] BTRFS info (device loop0): allowing degraded mounts [ 56.348396][ T5125] BTRFS info (device loop0): enabling disk space caching [ 56.355430][ T5125] BTRFS info (device loop0): disk space caching is enabled [ 56.374262][ T5125] BTRFS info (device loop0): enabling ssd optimizations [ 56.381465][ T5125] BTRFS info (device loop0): auto enabling async discard [ 56.389601][ T5125] BTRFS info (device loop0): clearing free space tree [pid 5125] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5125] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5125] chdir("./file0") = 0 [pid 5125] ioctl(4, LOOP_CLR_FD) = 0 [pid 5125] close(4) = 0 [pid 5125] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5124] <... futex resumed>) = 0 [pid 5125] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5124] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5125] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5124] <... futex resumed>) = 0 [pid 5125] open("./file0", O_RDONLY) = 4 [pid 5124] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5125] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5124] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5124] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5125] <... futex resumed>) = 0 [pid 5124] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 56.396512][ T5125] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 56.406312][ T5125] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 56.419792][ T5125] BTRFS info (device loop0): checking UUID tree [pid 5125] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5125] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5125] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5124] <... futex resumed>) = 0 [pid 5124] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5125] <... futex resumed>) = 0 [pid 5124] <... futex resumed>) = 1 [pid 5125] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5124] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5125] <... ioctl resumed>) = 0 [pid 5125] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5124] <... futex resumed>) = 0 [pid 5124] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5124] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5125] <... futex resumed>) = 1 [pid 5125] creat("./bus", 000) = 6 [pid 5125] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5124] <... futex resumed>) = 0 [pid 5124] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5124] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5125] <... futex resumed>) = 1 [pid 5125] ftruncate(6, 2048) = 0 [pid 5125] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5124] <... futex resumed>) = 0 [pid 5124] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5125] <... futex resumed>) = 1 [pid 5124] <... futex resumed>) = 0 [pid 5125] open("./bus", O_RDONLY [pid 5124] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5125] <... open resumed>) = 7 [ 56.450838][ T27] audit: type=1800 audit(1672288919.631:6): pid=5125 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor414" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5125] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5124] <... futex resumed>) = 0 [pid 5125] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5124] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5125] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5124] <... futex resumed>) = 0 [pid 5125] sendfile(6, 7, NULL, 65536 [pid 5124] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5125] <... sendfile resumed>) = 2048 [pid 5125] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5124] <... futex resumed>) = 0 [pid 5125] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5124] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5125] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5124] <... futex resumed>) = 0 [pid 5125] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 5124] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5125] <... openat resumed>) = 8 [pid 5125] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5124] <... futex resumed>) = 0 [pid 5125] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5124] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5125] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5125] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5124] <... futex resumed>) = 0 [ 56.480017][ T27] audit: type=1804 audit(1672288919.661:7): pid=5125 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor414" name="/root/syzkaller.fqkFZA/2/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 56.508104][ T41] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 56.524569][ T5125] BTRFS info (device loop0): balance: start -s [ 56.534101][ T5125] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5124] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5124] futex(0x7eff7cbe07fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5124] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7eff756c0000 [pid 5124] mprotect(0x7eff756c1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5124] clone(child_stack=0x7eff756e03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5144], tls=0x7eff756e0700, child_tidptr=0x7eff756e09d0) = 5144 [pid 5124] futex(0x7eff7cbe07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5124] futex(0x7eff7cbe07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5125] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5125] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5125] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5144 attached [pid 5144] set_robust_list(0x7eff756e09e0, 24) = 0 [pid 5144] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 5144] futex(0x7eff7cbe07fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5124] <... futex resumed>) = 0 [pid 5124] exit_group(0) = ? [pid 5125] <... futex resumed>) = ? [pid 5144] <... futex resumed>) = ? [pid 5125] +++ exited with 0 +++ [pid 5144] +++ exited with 0 +++ [pid 5124] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5124, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=30 /* 0.30 s */} --- umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556554620 /* 4 entries */, 32768) = 112 [ 56.562812][ T5125] BTRFS info (device loop0): balance: ended with status: 0 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./2/binderfs") = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555655c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555655c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 getdents64(3, 0x555556554620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555565535d0) = 5145 ./strace-static-x86_64: Process 5145 attached [pid 5145] set_robust_list(0x5555565535e0, 24) = 0 [pid 5145] chdir("./3") = 0 [pid 5145] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5145] setpgid(0, 0) = 0 [pid 5145] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5145] write(3, "1000", 4) = 4 [pid 5145] close(3) = 0 [pid 5145] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5145] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5145] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7eff7cae1000 [pid 5145] mprotect(0x7eff7cae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5145] clone(child_stack=0x7eff7cb013f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5146 attached [pid 5146] set_robust_list(0x7eff7cb019e0, 24 [pid 5145] <... clone resumed>, parent_tid=[5146], tls=0x7eff7cb01700, child_tidptr=0x7eff7cb019d0) = 5146 [pid 5146] <... set_robust_list resumed>) = 0 [pid 5145] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5145] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5146] memfd_create("syzkaller", 0) = 3 [pid 5146] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff746e1000 [pid 5146] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5146] munmap(0x7eff746e1000, 16777216) = 0 [pid 5146] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5146] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5146] close(3) = 0 [pid 5146] mkdir("./file0", 0777) = 0 [ 56.880415][ T5146] loop0: detected capacity change from 0 to 32768 [ 56.894502][ T5146] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 56.903993][ T5146] BTRFS info (device loop0): force clearing of disk cache [ 56.911179][ T5146] BTRFS info (device loop0): setting nodatasum [ 56.917354][ T5146] BTRFS info (device loop0): allowing degraded mounts [ 56.924220][ T5146] BTRFS info (device loop0): enabling disk space caching [ 56.931288][ T5146] BTRFS info (device loop0): disk space caching is enabled [ 56.950424][ T5146] BTRFS info (device loop0): enabling ssd optimizations [ 56.957496][ T5146] BTRFS info (device loop0): auto enabling async discard [ 56.965898][ T5146] BTRFS info (device loop0): clearing free space tree [pid 5146] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5146] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5146] chdir("./file0") = 0 [pid 5146] ioctl(4, LOOP_CLR_FD) = 0 [pid 5146] close(4) = 0 [pid 5146] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5145] <... futex resumed>) = 0 [pid 5146] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5145] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5146] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5145] <... futex resumed>) = 0 [pid 5146] open("./file0", O_RDONLY [pid 5145] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5146] <... open resumed>) = 4 [pid 5146] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5145] <... futex resumed>) = 0 [pid 5146] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5145] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5146] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5145] <... futex resumed>) = 0 [pid 5146] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [ 56.972790][ T5146] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 56.982547][ T5146] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 56.995925][ T5146] BTRFS info (device loop0): checking UUID tree [pid 5145] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5146] <... open resumed>) = 5 [pid 5146] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5145] <... futex resumed>) = 0 [pid 5146] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5145] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5146] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5145] <... futex resumed>) = 0 [pid 5146] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5145] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5146] <... ioctl resumed>) = 0 [pid 5146] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5145] <... futex resumed>) = 0 [pid 5146] creat("./bus", 000 [pid 5145] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5146] <... creat resumed>) = 6 [pid 5145] <... futex resumed>) = 0 [pid 5146] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5145] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5146] <... futex resumed>) = 0 [pid 5145] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5146] ftruncate(6, 2048 [pid 5145] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5146] <... ftruncate resumed>) = 0 [pid 5145] <... futex resumed>) = 0 [pid 5146] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5145] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5146] <... futex resumed>) = 0 [pid 5145] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5146] open("./bus", O_RDONLY [pid 5145] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5146] <... open resumed>) = 7 [pid 5145] <... futex resumed>) = 0 [pid 5146] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5145] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5146] <... futex resumed>) = 0 [pid 5145] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5146] sendfile(6, 7, NULL, 65536 [pid 5145] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5146] <... sendfile resumed>) = 2048 [pid 5145] <... futex resumed>) = 0 [pid 5146] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5145] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5146] <... futex resumed>) = 0 [pid 5145] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5146] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 5145] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5146] <... openat resumed>) = 8 [pid 5145] <... futex resumed>) = 0 [pid 5146] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5145] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5146] <... futex resumed>) = 0 [pid 5145] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5146] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5145] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5146] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5145] <... futex resumed>) = 0 [pid 5146] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 57.026387][ T27] audit: type=1800 audit(1672288920.201:8): pid=5146 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor414" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 57.050361][ T41] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 57.059952][ T27] audit: type=1804 audit(1672288920.231:9): pid=5146 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor414" name="/root/syzkaller.fqkFZA/3/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 57.073886][ T5146] BTRFS info (device loop0): balance: start -s [ 57.093220][ T5146] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5145] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5145] futex(0x7eff7cbe07fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5145] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7eff756c0000 [pid 5145] mprotect(0x7eff756c1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5145] clone(child_stack=0x7eff756e03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5165], tls=0x7eff756e0700, child_tidptr=0x7eff756e09d0) = 5165 [pid 5145] futex(0x7eff7cbe07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5145] futex(0x7eff7cbe07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5165 attached [pid 5165] set_robust_list(0x7eff756e09e0, 24) = 0 [pid 5165] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 5146] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5146] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5146] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5165] <... ioctl resumed>) = 0 [pid 5165] futex(0x7eff7cbe07fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5145] <... futex resumed>) = 0 [pid 5145] exit_group(0 [pid 5165] futex(0x7eff7cbe07f8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5145] <... exit_group resumed>) = ? [pid 5146] <... futex resumed>) = ? [pid 5146] +++ exited with 0 +++ [pid 5165] +++ exited with 0 +++ [pid 5145] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5145, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=32 /* 0.32 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556554620 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./3/binderfs") = 0 [ 57.119985][ T5146] BTRFS info (device loop0): balance: ended with status: 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555655c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555655c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 getdents64(3, 0x555556554620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555565535d0) = 5173 ./strace-static-x86_64: Process 5173 attached [pid 5173] set_robust_list(0x5555565535e0, 24) = 0 [pid 5173] chdir("./4") = 0 [pid 5173] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5173] setpgid(0, 0) = 0 [pid 5173] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5173] write(3, "1000", 4) = 4 [pid 5173] close(3) = 0 [pid 5173] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5173] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5173] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7eff7cae1000 [pid 5173] mprotect(0x7eff7cae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5173] clone(child_stack=0x7eff7cb013f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5174 attached , parent_tid=[5174], tls=0x7eff7cb01700, child_tidptr=0x7eff7cb019d0) = 5174 [pid 5174] set_robust_list(0x7eff7cb019e0, 24 [pid 5173] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5173] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5174] <... set_robust_list resumed>) = 0 [pid 5174] memfd_create("syzkaller", 0) = 3 [pid 5174] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff746e1000 [pid 5174] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5174] munmap(0x7eff746e1000, 16777216) = 0 [pid 5174] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5174] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5174] close(3) = 0 [pid 5174] mkdir("./file0", 0777) = 0 [ 57.452903][ T5174] loop0: detected capacity change from 0 to 32768 [ 57.466237][ T5174] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 57.475711][ T5174] BTRFS info (device loop0): force clearing of disk cache [ 57.482933][ T5174] BTRFS info (device loop0): setting nodatasum [ 57.489206][ T5174] BTRFS info (device loop0): allowing degraded mounts [ 57.496024][ T5174] BTRFS info (device loop0): enabling disk space caching [ 57.503126][ T5174] BTRFS info (device loop0): disk space caching is enabled [ 57.522229][ T5174] BTRFS info (device loop0): enabling ssd optimizations [ 57.529268][ T5174] BTRFS info (device loop0): auto enabling async discard [ 57.537063][ T5174] BTRFS info (device loop0): clearing free space tree [pid 5174] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5174] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5174] chdir("./file0") = 0 [pid 5174] ioctl(4, LOOP_CLR_FD) = 0 [pid 5174] close(4) = 0 [pid 5174] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5173] <... futex resumed>) = 0 [pid 5173] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5173] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5174] <... futex resumed>) = 1 [pid 5174] open("./file0", O_RDONLY) = 4 [pid 5174] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5173] <... futex resumed>) = 0 [pid 5173] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5173] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 57.544048][ T5174] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 57.553926][ T5174] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 57.567897][ T5174] BTRFS info (device loop0): checking UUID tree [pid 5174] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5174] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5173] <... futex resumed>) = 0 [pid 5173] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5173] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5174] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5174] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5173] <... futex resumed>) = 0 [pid 5173] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5174] creat("./bus", 000 [pid 5173] <... futex resumed>) = 0 [pid 5174] <... creat resumed>) = 6 [pid 5173] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5174] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5173] <... futex resumed>) = 0 [pid 5173] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5173] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5174] ftruncate(6, 2048) = 0 [pid 5174] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5173] <... futex resumed>) = 0 [pid 5173] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5173] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5174] <... futex resumed>) = 1 [ 57.606059][ T27] audit: type=1800 audit(1672288920.781:10): pid=5174 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor414" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5174] open("./bus", O_RDONLY) = 7 [pid 5174] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5173] <... futex resumed>) = 0 [pid 5174] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5173] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5173] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5174] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5174] sendfile(6, 7, NULL, 65536) = 2048 [pid 5174] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5173] <... futex resumed>) = 0 [pid 5173] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5173] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5174] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 5174] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5173] <... futex resumed>) = 0 [pid 5174] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5173] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5173] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5174] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 57.635223][ T27] audit: type=1804 audit(1672288920.811:11): pid=5174 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor414" name="/root/syzkaller.fqkFZA/4/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 57.660676][ T41] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 57.688961][ T5174] BTRFS info (device loop0): balance: start -s [ 57.697321][ T5174] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5174] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5173] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5173] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5173] futex(0x7eff7cbe07fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5173] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7eff756c0000 [pid 5173] mprotect(0x7eff756c1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5173] clone(child_stack=0x7eff756e03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5193], tls=0x7eff756e0700, child_tidptr=0x7eff756e09d0) = 5193 [pid 5173] futex(0x7eff7cbe07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5173] futex(0x7eff7cbe07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5193 attached [pid 5174] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5174] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5193] set_robust_list(0x7eff756e09e0, 24 [pid 5174] <... futex resumed>) = 0 [pid 5193] <... set_robust_list resumed>) = 0 [pid 5193] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 5174] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5193] <... ioctl resumed>) = 0 [pid 5193] futex(0x7eff7cbe07fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5173] <... futex resumed>) = 0 [pid 5173] exit_group(0) = ? [pid 5174] <... futex resumed>) = ? [pid 5174] +++ exited with 0 +++ [pid 5193] <... futex resumed>) = ? [pid 5193] +++ exited with 0 +++ [pid 5173] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5173, si_uid=0, si_status=0, si_utime=0, si_stime=30 /* 0.30 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556554620 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 57.723821][ T5174] BTRFS info (device loop0): balance: ended with status: 0 lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./4/binderfs") = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555655c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555655c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 getdents64(3, 0x555556554620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555565535d0) = 5194 ./strace-static-x86_64: Process 5194 attached [pid 5194] set_robust_list(0x5555565535e0, 24) = 0 [pid 5194] chdir("./5") = 0 [pid 5194] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5194] setpgid(0, 0) = 0 [pid 5194] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5194] write(3, "1000", 4) = 4 [pid 5194] close(3) = 0 [pid 5194] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5194] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5194] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7eff7cae1000 [pid 5194] mprotect(0x7eff7cae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5194] clone(child_stack=0x7eff7cb013f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5195 attached , parent_tid=[5195], tls=0x7eff7cb01700, child_tidptr=0x7eff7cb019d0) = 5195 [pid 5195] set_robust_list(0x7eff7cb019e0, 24) = 0 [pid 5195] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5194] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5195] <... futex resumed>) = 0 [pid 5194] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5195] memfd_create("syzkaller", 0) = 3 [pid 5195] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff746e1000 [pid 5195] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5195] munmap(0x7eff746e1000, 16777216) = 0 [pid 5195] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5195] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5195] close(3) = 0 [pid 5195] mkdir("./file0", 0777) = 0 [ 58.038217][ T5195] loop0: detected capacity change from 0 to 32768 [ 58.051677][ T5195] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 58.061483][ T5195] BTRFS info (device loop0): force clearing of disk cache [ 58.068800][ T5195] BTRFS info (device loop0): setting nodatasum [ 58.075001][ T5195] BTRFS info (device loop0): allowing degraded mounts [ 58.081954][ T5195] BTRFS info (device loop0): enabling disk space caching [ 58.089851][ T5195] BTRFS info (device loop0): disk space caching is enabled [ 58.109256][ T5195] BTRFS info (device loop0): enabling ssd optimizations [ 58.116283][ T5195] BTRFS info (device loop0): auto enabling async discard [ 58.124971][ T5195] BTRFS info (device loop0): clearing free space tree [pid 5195] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5195] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5195] chdir("./file0") = 0 [pid 5195] ioctl(4, LOOP_CLR_FD) = 0 [pid 5195] close(4) = 0 [pid 5195] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5195] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5194] <... futex resumed>) = 0 [pid 5194] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5194] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5195] <... futex resumed>) = 0 [pid 5195] open("./file0", O_RDONLY) = 4 [pid 5195] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5194] <... futex resumed>) = 0 [pid 5195] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5194] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5195] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5194] <... futex resumed>) = 0 [pid 5195] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5194] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5195] <... open resumed>) = 5 [pid 5195] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5194] <... futex resumed>) = 0 [pid 5195] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5194] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5194] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5195] <... ioctl resumed>) = 0 [pid 5195] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5195] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5194] <... futex resumed>) = 0 [pid 5194] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5194] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5195] <... futex resumed>) = 0 [ 58.132477][ T5195] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 58.142490][ T5195] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 58.156771][ T5195] BTRFS info (device loop0): checking UUID tree [pid 5195] creat("./bus", 000) = 6 [pid 5195] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5194] <... futex resumed>) = 0 [pid 5194] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5194] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5195] <... futex resumed>) = 1 [pid 5195] ftruncate(6, 2048) = 0 [pid 5195] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5194] <... futex resumed>) = 0 [pid 5194] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5194] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5195] <... futex resumed>) = 1 [pid 5195] open("./bus", O_RDONLY) = 7 [pid 5195] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5194] <... futex resumed>) = 0 [pid 5194] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5194] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5195] <... futex resumed>) = 1 [pid 5195] sendfile(6, 7, NULL, 65536) = 2048 [pid 5195] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5194] <... futex resumed>) = 0 [pid 5194] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5194] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5195] <... futex resumed>) = 1 [pid 5195] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 5195] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5194] <... futex resumed>) = 0 [pid 5194] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5194] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5195] <... futex resumed>) = 1 [pid 5195] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5194] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5194] futex(0x7eff7cbe07fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5194] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7eff756c0000 [pid 5194] mprotect(0x7eff756c1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5194] clone(child_stack=0x7eff756e03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5214], tls=0x7eff756e0700, child_tidptr=0x7eff756e09d0) = 5214 [pid 5194] futex(0x7eff7cbe07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 58.229714][ T41] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 58.240270][ T5195] BTRFS info (device loop0): balance: start -s [ 58.250065][ T5195] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5194] futex(0x7eff7cbe07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5214 attached [pid 5214] set_robust_list(0x7eff756e09e0, 24) = 0 [ 58.276368][ T5195] BTRFS info (device loop0): balance: ended with status: 0 [pid 5214] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 5214] futex(0x7eff7cbe07fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5194] <... futex resumed>) = 0 [pid 5214] futex(0x7eff7cbe07f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5195] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5195] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5195] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5194] exit_group(0 [pid 5214] <... futex resumed>) = ? [pid 5194] <... exit_group resumed>) = ? [pid 5195] <... futex resumed>) = ? [pid 5195] +++ exited with 0 +++ [pid 5214] +++ exited with 0 +++ [pid 5194] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5194, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556554620 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./5/binderfs") = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555655c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555655c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 getdents64(3, 0x555556554620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555565535d0) = 5215 ./strace-static-x86_64: Process 5215 attached [pid 5215] set_robust_list(0x5555565535e0, 24) = 0 [pid 5215] chdir("./6") = 0 [pid 5215] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5215] setpgid(0, 0) = 0 [pid 5215] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5215] write(3, "1000", 4) = 4 [pid 5215] close(3) = 0 [pid 5215] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5215] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5215] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7eff7cae1000 [pid 5215] mprotect(0x7eff7cae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5215] clone(child_stack=0x7eff7cb013f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5216 attached , parent_tid=[5216], tls=0x7eff7cb01700, child_tidptr=0x7eff7cb019d0) = 5216 [pid 5216] set_robust_list(0x7eff7cb019e0, 24) = 0 [pid 5216] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5215] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5216] <... futex resumed>) = 0 [pid 5215] <... futex resumed>) = 1 [pid 5216] memfd_create("syzkaller", 0 [pid 5215] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5216] <... memfd_create resumed>) = 3 [pid 5216] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff746e1000 [pid 5216] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5216] munmap(0x7eff746e1000, 16777216) = 0 [pid 5216] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5216] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5216] close(3) = 0 [pid 5216] mkdir("./file0", 0777) = 0 [pid 5216] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5216] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5216] chdir("./file0") = 0 [pid 5216] ioctl(4, LOOP_CLR_FD) = 0 [pid 5216] close(4) = 0 [pid 5216] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5215] <... futex resumed>) = 0 [pid 5215] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5215] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5216] <... futex resumed>) = 1 [pid 5216] open("./file0", O_RDONLY) = 4 [pid 5216] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5215] <... futex resumed>) = 0 [pid 5215] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5216] <... futex resumed>) = 1 [pid 5215] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5216] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5216] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5215] <... futex resumed>) = 0 [pid 5215] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5215] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5216] <... futex resumed>) = 1 [ 58.608060][ T5216] loop0: detected capacity change from 0 to 32768 [ 58.620583][ T5216] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 58.630105][ T5216] BTRFS info (device loop0): force clearing of disk cache [ 58.637234][ T5216] BTRFS info (device loop0): setting nodatasum [ 58.643482][ T5216] BTRFS info (device loop0): allowing degraded mounts [pid 5216] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5216] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5215] <... futex resumed>) = 0 [pid 5215] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5215] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5216] <... futex resumed>) = 1 [pid 5216] creat("./bus", 000) = 6 [pid 5216] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5215] <... futex resumed>) = 0 [pid 5215] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5215] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5216] <... futex resumed>) = 1 [pid 5216] ftruncate(6, 2048) = 0 [pid 5216] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5215] <... futex resumed>) = 0 [pid 5215] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5215] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5216] <... futex resumed>) = 1 [pid 5216] open("./bus", O_RDONLY) = 7 [pid 5216] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5215] <... futex resumed>) = 0 [pid 5216] sendfile(6, 7, NULL, 65536 [pid 5215] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5216] <... sendfile resumed>) = 2048 [pid 5215] <... futex resumed>) = 0 [pid 5215] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5216] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5215] <... futex resumed>) = 0 [pid 5215] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5215] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5216] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 5216] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5215] <... futex resumed>) = 0 [pid 5215] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5215] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5216] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5216] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5215] <... futex resumed>) = 0 [pid 5215] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5215] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5216] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 5216] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5215] <... futex resumed>) = 0 [pid 5215] exit_group(0) = ? [pid 5216] +++ exited with 0 +++ [pid 5215] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5215, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=23 /* 0.23 s */} --- umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556554620 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./6/binderfs") = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555655c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555655c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 getdents64(3, 0x555556554620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5235 attached , child_tidptr=0x5555565535d0) = 5235 [pid 5235] set_robust_list(0x5555565535e0, 24) = 0 [pid 5235] chdir("./7") = 0 [pid 5235] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5235] setpgid(0, 0) = 0 [pid 5235] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5235] write(3, "1000", 4) = 4 [pid 5235] close(3) = 0 [pid 5235] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5235] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5235] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7eff7cae1000 [pid 5235] mprotect(0x7eff7cae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5235] clone(child_stack=0x7eff7cb013f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5236 attached , parent_tid=[5236], tls=0x7eff7cb01700, child_tidptr=0x7eff7cb019d0) = 5236 [pid 5236] set_robust_list(0x7eff7cb019e0, 24) = 0 [pid 5236] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5235] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5236] <... futex resumed>) = 0 [pid 5235] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5236] memfd_create("syzkaller", 0) = 3 [pid 5236] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff746e1000 [pid 5236] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5236] munmap(0x7eff746e1000, 16777216) = 0 [pid 5236] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5236] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5236] close(3) = 0 [pid 5236] mkdir("./file0", 0777) = 0 [pid 5236] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5236] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5236] chdir("./file0") = 0 [pid 5236] ioctl(4, LOOP_CLR_FD) = 0 [pid 5236] close(4) = 0 [pid 5236] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5235] <... futex resumed>) = 0 [pid 5235] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5235] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5236] <... futex resumed>) = 1 [pid 5236] open("./file0", O_RDONLY) = 4 [pid 5236] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5235] <... futex resumed>) = 0 [pid 5236] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5235] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5236] <... open resumed>) = 5 [pid 5235] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5236] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5235] <... futex resumed>) = 0 [pid 5235] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5235] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5236] <... futex resumed>) = 1 [ 59.085144][ T5236] loop0: detected capacity change from 0 to 32768 [pid 5236] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5236] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5235] <... futex resumed>) = 0 [pid 5235] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5235] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5236] <... futex resumed>) = 1 [pid 5236] creat("./bus", 000) = 6 [pid 5236] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5235] <... futex resumed>) = 0 [pid 5235] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5235] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5236] <... futex resumed>) = 1 [pid 5236] ftruncate(6, 2048) = 0 [pid 5236] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5235] <... futex resumed>) = 0 [pid 5235] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5235] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5236] open("./bus", O_RDONLY) = 7 [pid 5236] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5235] <... futex resumed>) = 0 [pid 5235] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5236] sendfile(6, 7, NULL, 65536 [pid 5235] <... futex resumed>) = 0 [pid 5235] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5236] <... sendfile resumed>) = 2048 [pid 5236] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5235] <... futex resumed>) = 0 [pid 5235] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5235] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5236] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 5236] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5235] <... futex resumed>) = 0 [pid 5235] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5235] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5236] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5236] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5235] <... futex resumed>) = 0 [pid 5235] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5235] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5236] <... futex resumed>) = 1 [pid 5236] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 5236] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5235] <... futex resumed>) = 0 [pid 5235] exit_group(0) = ? [pid 5236] <... futex resumed>) = ? [pid 5236] +++ exited with 0 +++ [pid 5235] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5235, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=12 /* 0.12 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556554620 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./7/binderfs") = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555655c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555655c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 getdents64(3, 0x555556554620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555565535d0) = 5255 ./strace-static-x86_64: Process 5255 attached [pid 5255] set_robust_list(0x5555565535e0, 24) = 0 [pid 5255] chdir("./8") = 0 [pid 5255] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5255] setpgid(0, 0) = 0 [pid 5255] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5255] write(3, "1000", 4) = 4 [pid 5255] close(3) = 0 [pid 5255] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5255] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5255] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7eff7cae1000 [pid 5255] mprotect(0x7eff7cae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5255] clone(child_stack=0x7eff7cb013f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5256], tls=0x7eff7cb01700, child_tidptr=0x7eff7cb019d0) = 5256 [pid 5255] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5255] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5256 attached [pid 5256] set_robust_list(0x7eff7cb019e0, 24) = 0 [pid 5256] memfd_create("syzkaller", 0) = 3 [pid 5256] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff746e1000 [pid 5256] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5256] munmap(0x7eff746e1000, 16777216) = 0 [pid 5256] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5256] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5256] close(3) = 0 [pid 5256] mkdir("./file0", 0777) = 0 [pid 5256] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5256] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5256] chdir("./file0") = 0 [pid 5256] ioctl(4, LOOP_CLR_FD) = 0 [pid 5256] close(4) = 0 [pid 5256] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5255] <... futex resumed>) = 0 [pid 5255] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5255] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5256] open("./file0", O_RDONLY) = 4 [pid 5256] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5255] <... futex resumed>) = 0 [pid 5255] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5255] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5256] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5256] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5255] <... futex resumed>) = 0 [pid 5255] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5255] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5256] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5256] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5255] <... futex resumed>) = 0 [pid 5255] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5255] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 59.530438][ T5256] loop0: detected capacity change from 0 to 32768 [pid 5256] creat("./bus", 000) = 6 [pid 5256] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5255] <... futex resumed>) = 0 [pid 5255] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5255] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5256] ftruncate(6, 2048) = 0 [pid 5256] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5255] <... futex resumed>) = 0 [pid 5255] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5256] <... futex resumed>) = 1 [pid 5255] <... futex resumed>) = 0 [pid 5255] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5256] open("./bus", O_RDONLY) = 7 [pid 5256] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5255] <... futex resumed>) = 0 [pid 5255] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5255] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5256] sendfile(6, 7, NULL, 65536) = 2048 [pid 5256] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5255] <... futex resumed>) = 0 [pid 5255] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5255] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5256] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 5256] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5255] <... futex resumed>) = 0 [pid 5255] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5255] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5256] <... futex resumed>) = 1 [pid 5256] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5256] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5255] <... futex resumed>) = 0 [pid 5255] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5255] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5256] <... futex resumed>) = 1 [pid 5256] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 5256] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5255] <... futex resumed>) = 0 [pid 5255] exit_group(0) = ? [pid 5256] <... futex resumed>) = ? [pid 5256] +++ exited with 0 +++ [pid 5255] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5255, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556554620 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./8/binderfs") = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555655c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555655c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = 0 getdents64(3, 0x555556554620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5275 attached , child_tidptr=0x5555565535d0) = 5275 [pid 5275] set_robust_list(0x5555565535e0, 24) = 0 [pid 5275] chdir("./9") = 0 [pid 5275] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5275] setpgid(0, 0) = 0 [pid 5275] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5275] write(3, "1000", 4) = 4 [pid 5275] close(3) = 0 [pid 5275] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5275] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5275] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7eff7cae1000 [pid 5275] mprotect(0x7eff7cae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5275] clone(child_stack=0x7eff7cb013f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5276 attached , parent_tid=[5276], tls=0x7eff7cb01700, child_tidptr=0x7eff7cb019d0) = 5276 [pid 5276] set_robust_list(0x7eff7cb019e0, 24) = 0 [pid 5275] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5275] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5276] memfd_create("syzkaller", 0) = 3 [pid 5276] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff746e1000 [pid 5276] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5276] munmap(0x7eff746e1000, 16777216) = 0 [pid 5276] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5276] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5276] close(3) = 0 [pid 5276] mkdir("./file0", 0777) = 0 [pid 5276] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5276] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5276] chdir("./file0") = 0 [pid 5276] ioctl(4, LOOP_CLR_FD) = 0 [pid 5276] close(4) = 0 [pid 5276] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5275] <... futex resumed>) = 0 [pid 5275] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5275] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5276] open("./file0", O_RDONLY) = 4 [pid 5276] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5275] <... futex resumed>) = 0 [pid 5275] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5275] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5276] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5276] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5275] <... futex resumed>) = 0 [pid 5275] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5276] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [ 59.971195][ T5276] loop0: detected capacity change from 0 to 32768 [pid 5275] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5276] <... ioctl resumed>) = 0 [pid 5276] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5275] <... futex resumed>) = 0 [pid 5275] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5275] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5276] creat("./bus", 000) = 6 [pid 5276] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5275] <... futex resumed>) = 0 [pid 5275] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5275] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5276] ftruncate(6, 2048) = 0 [pid 5276] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5275] <... futex resumed>) = 0 [pid 5275] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5275] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5276] open("./bus", O_RDONLY) = 7 [pid 5276] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5275] <... futex resumed>) = 0 [pid 5275] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5276] sendfile(6, 7, NULL, 65536 [pid 5275] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5276] <... sendfile resumed>) = 2048 [pid 5276] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5275] <... futex resumed>) = 0 [pid 5276] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5275] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5276] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5275] <... futex resumed>) = 0 [pid 5276] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 5275] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5276] <... openat resumed>) = 8 [pid 5276] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5275] <... futex resumed>) = 0 [pid 5276] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5275] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5276] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5275] <... futex resumed>) = 0 [pid 5276] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5275] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5276] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5276] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5275] <... futex resumed>) = 0 [pid 5275] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5275] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5276] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 5276] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5275] <... futex resumed>) = 0 [pid 5275] exit_group(0) = ? [pid 5276] +++ exited with 0 +++ [pid 5275] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5275, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 60.068058][ T5276] _btrfs_printk: 58 callbacks suppressed [ 60.068074][ T5276] BTRFS info (device loop0): relocating block group 1048576 flags system [ 60.096756][ T5276] BTRFS info (device loop0): balance: ended with status: 0 umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556554620 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./9/binderfs") = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555655c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555655c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file0") = 0 getdents64(3, 0x555556554620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555565535d0) = 5295 ./strace-static-x86_64: Process 5295 attached [pid 5295] set_robust_list(0x5555565535e0, 24) = 0 [pid 5295] chdir("./10") = 0 [pid 5295] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5295] setpgid(0, 0) = 0 [pid 5295] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5295] write(3, "1000", 4) = 4 [pid 5295] close(3) = 0 [pid 5295] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5295] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5295] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7eff7cae1000 [pid 5295] mprotect(0x7eff7cae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5295] clone(child_stack=0x7eff7cb013f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5296], tls=0x7eff7cb01700, child_tidptr=0x7eff7cb019d0) = 5296 [pid 5295] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5295] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5296 attached [pid 5296] set_robust_list(0x7eff7cb019e0, 24) = 0 [pid 5296] memfd_create("syzkaller", 0) = 3 [pid 5296] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff746e1000 [pid 5296] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5296] munmap(0x7eff746e1000, 16777216) = 0 [pid 5296] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5296] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5296] close(3) = 0 [pid 5296] mkdir("./file0", 0777) = 0 [ 60.476417][ T5296] loop0: detected capacity change from 0 to 32768 [ 60.508472][ T5296] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 60.518713][ T5296] BTRFS info (device loop0): force clearing of disk cache [ 60.526675][ T5296] BTRFS info (device loop0): setting nodatasum [ 60.533549][ T5296] BTRFS info (device loop0): allowing degraded mounts [ 60.540446][ T5296] BTRFS info (device loop0): enabling disk space caching [ 60.547495][ T5296] BTRFS info (device loop0): disk space caching is enabled [ 60.566805][ T5296] BTRFS info (device loop0): enabling ssd optimizations [pid 5296] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5296] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5296] chdir("./file0") = 0 [pid 5296] ioctl(4, LOOP_CLR_FD) = 0 [ 60.574039][ T5296] BTRFS info (device loop0): auto enabling async discard [ 60.582435][ T5296] BTRFS info (device loop0): clearing free space tree [ 60.589346][ T5296] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 60.599080][ T5296] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 60.612232][ T5296] BTRFS info (device loop0): checking UUID tree [pid 5296] close(4) = 0 [pid 5296] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5295] <... futex resumed>) = 0 [pid 5296] open("./file0", O_RDONLY [pid 5295] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5296] <... open resumed>) = 4 [pid 5295] <... futex resumed>) = 0 [pid 5296] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5295] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5296] <... futex resumed>) = 0 [pid 5295] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5296] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5295] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5295] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5296] <... open resumed>) = 5 [pid 5296] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5295] <... futex resumed>) = 0 [pid 5296] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5295] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5295] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5296] <... ioctl resumed>) = 0 [pid 5296] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5295] <... futex resumed>) = 0 [pid 5296] creat("./bus", 000 [pid 5295] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5295] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5296] <... creat resumed>) = 6 [pid 5296] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5295] <... futex resumed>) = 0 [pid 5296] ftruncate(6, 2048 [pid 5295] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5296] <... ftruncate resumed>) = 0 [pid 5295] <... futex resumed>) = 0 [pid 5296] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5295] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5296] <... futex resumed>) = 0 [pid 5295] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5296] open("./bus", O_RDONLY [pid 5295] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5296] <... open resumed>) = 7 [pid 5295] <... futex resumed>) = 0 [pid 5296] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5295] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5296] <... futex resumed>) = 0 [pid 5295] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5296] sendfile(6, 7, NULL, 65536 [pid 5295] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5296] <... sendfile resumed>) = 2048 [pid 5295] <... futex resumed>) = 0 [pid 5296] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5295] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5296] <... futex resumed>) = 0 [pid 5295] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5296] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 5295] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5296] <... openat resumed>) = 8 [pid 5295] <... futex resumed>) = 0 [ 60.629262][ T27] kauditd_printk_skb: 10 callbacks suppressed [ 60.629276][ T27] audit: type=1800 audit(1672288923.811:22): pid=5296 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor414" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5296] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5295] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5296] <... futex resumed>) = 0 [pid 5295] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5296] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5295] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 60.687400][ T27] audit: type=1804 audit(1672288923.861:23): pid=5296 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor414" name="/root/syzkaller.fqkFZA/10/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 60.714901][ T41] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 60.725719][ T5296] BTRFS info (device loop0): balance: start -s [pid 5295] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5295] futex(0x7eff7cbe07fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5295] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7eff756c0000 [pid 5295] mprotect(0x7eff756c1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5295] clone(child_stack=0x7eff756e03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5315], tls=0x7eff756e0700, child_tidptr=0x7eff756e09d0) = 5315 [pid 5295] futex(0x7eff7cbe07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5295] futex(0x7eff7cbe07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5315 attached [pid 5315] set_robust_list(0x7eff756e09e0, 24) = 0 [ 60.740602][ T5296] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5315] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 5315] futex(0x7eff7cbe07fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5295] <... futex resumed>) = 0 [pid 5315] futex(0x7eff7cbe07f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5296] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5296] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5296] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5295] exit_group(0 [pid 5315] <... futex resumed>) = ? [pid 5295] <... exit_group resumed>) = ? [pid 5315] +++ exited with 0 +++ [pid 5296] <... futex resumed>) = ? [pid 5296] +++ exited with 0 +++ [pid 5295] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5295, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=31 /* 0.31 s */} --- umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556554620 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./10/binderfs") = 0 [ 60.804587][ T5296] BTRFS info (device loop0): balance: ended with status: 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555655c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555655c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file0") = 0 getdents64(3, 0x555556554620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555565535d0) = 5316 ./strace-static-x86_64: Process 5316 attached [pid 5316] set_robust_list(0x5555565535e0, 24) = 0 [pid 5316] chdir("./11") = 0 [pid 5316] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5316] setpgid(0, 0) = 0 [pid 5316] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5316] write(3, "1000", 4) = 4 [pid 5316] close(3) = 0 [pid 5316] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5316] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5316] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7eff7cae1000 [pid 5316] mprotect(0x7eff7cae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5316] clone(child_stack=0x7eff7cb013f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5317], tls=0x7eff7cb01700, child_tidptr=0x7eff7cb019d0) = 5317 ./strace-static-x86_64: Process 5317 attached [pid 5316] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5316] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5317] set_robust_list(0x7eff7cb019e0, 24) = 0 [pid 5317] memfd_create("syzkaller", 0) = 3 [pid 5317] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff746e1000 [pid 5317] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5317] munmap(0x7eff746e1000, 16777216) = 0 [pid 5317] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5317] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5317] close(3) = 0 [pid 5317] mkdir("./file0", 0777) = 0 [ 61.082561][ T5317] loop0: detected capacity change from 0 to 32768 [ 61.096403][ T5317] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 61.106293][ T5317] BTRFS info (device loop0): force clearing of disk cache [ 61.113489][ T5317] BTRFS info (device loop0): setting nodatasum [ 61.119923][ T5317] BTRFS info (device loop0): allowing degraded mounts [ 61.126713][ T5317] BTRFS info (device loop0): enabling disk space caching [ 61.133846][ T5317] BTRFS info (device loop0): disk space caching is enabled [ 61.152686][ T5317] BTRFS info (device loop0): enabling ssd optimizations [ 61.160432][ T5317] BTRFS info (device loop0): auto enabling async discard [ 61.168920][ T5317] BTRFS info (device loop0): clearing free space tree [pid 5317] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5317] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5317] chdir("./file0") = 0 [pid 5317] ioctl(4, LOOP_CLR_FD) = 0 [pid 5317] close(4) = 0 [pid 5317] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5316] <... futex resumed>) = 0 [pid 5316] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5316] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5317] <... futex resumed>) = 1 [pid 5317] open("./file0", O_RDONLY) = 4 [pid 5317] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5316] <... futex resumed>) = 0 [pid 5316] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5316] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5317] <... futex resumed>) = 1 [ 61.175938][ T5317] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 61.185735][ T5317] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 61.199611][ T5317] BTRFS info (device loop0): checking UUID tree [pid 5317] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5317] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5317] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5316] <... futex resumed>) = 0 [pid 5316] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5316] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5317] <... futex resumed>) = 0 [pid 5317] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5317] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5316] <... futex resumed>) = 0 [pid 5316] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5316] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5317] <... futex resumed>) = 1 [pid 5317] creat("./bus", 000) = 6 [pid 5317] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5316] <... futex resumed>) = 0 [pid 5316] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5316] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5317] <... futex resumed>) = 1 [pid 5317] ftruncate(6, 2048) = 0 [pid 5317] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5316] <... futex resumed>) = 0 [pid 5316] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5316] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5317] <... futex resumed>) = 1 [ 61.230842][ T27] audit: type=1800 audit(1672288924.411:24): pid=5317 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor414" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5317] open("./bus", O_RDONLY) = 7 [pid 5317] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5316] <... futex resumed>) = 0 [pid 5317] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5316] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5317] sendfile(6, 7, NULL, 65536 [pid 5316] <... futex resumed>) = 0 [pid 5317] <... sendfile resumed>) = 2048 [pid 5316] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5317] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5316] <... futex resumed>) = 0 [pid 5317] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5316] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5317] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 5316] <... futex resumed>) = 0 [pid 5316] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5317] <... openat resumed>) = 8 [pid 5317] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5316] <... futex resumed>) = 0 [pid 5316] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5317] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5316] <... futex resumed>) = 0 [ 61.278041][ T27] audit: type=1804 audit(1672288924.451:25): pid=5317 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor414" name="/root/syzkaller.fqkFZA/11/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 61.303292][ T41] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 5316] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5316] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5316] futex(0x7eff7cbe07fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5316] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7eff756c0000 [pid 5316] mprotect(0x7eff756c1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5316] clone(child_stack=0x7eff756e03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5336], tls=0x7eff756e0700, child_tidptr=0x7eff756e09d0) = 5336 [pid 5316] futex(0x7eff7cbe07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5316] futex(0x7eff7cbe07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5336 attached [pid 5336] set_robust_list(0x7eff756e09e0, 24) = 0 [pid 5317] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5336] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 5317] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5317] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5336] <... ioctl resumed>) = 0 [pid 5336] futex(0x7eff7cbe07fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5336] futex(0x7eff7cbe07f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5316] <... futex resumed>) = 0 [pid 5316] exit_group(0) = ? [pid 5317] <... futex resumed>) = ? [pid 5317] +++ exited with 0 +++ [pid 5336] <... futex resumed>) = ? [ 61.329273][ T5317] BTRFS info (device loop0): balance: start -s [ 61.337240][ T5317] BTRFS info (device loop0): relocating block group 1048576 flags system [ 61.363929][ T5317] BTRFS info (device loop0): balance: ended with status: 0 [pid 5336] +++ exited with 0 +++ [pid 5316] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5316, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=30 /* 0.30 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556554620 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./11/binderfs") = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555655c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555655c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file0") = 0 getdents64(3, 0x555556554620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555565535d0) = 5337 ./strace-static-x86_64: Process 5337 attached [pid 5337] set_robust_list(0x5555565535e0, 24) = 0 [pid 5337] chdir("./12") = 0 [pid 5337] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5337] setpgid(0, 0) = 0 [pid 5337] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5337] write(3, "1000", 4) = 4 [pid 5337] close(3) = 0 [pid 5337] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5337] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5337] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7eff7cae1000 [pid 5337] mprotect(0x7eff7cae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5337] clone(child_stack=0x7eff7cb013f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5338], tls=0x7eff7cb01700, child_tidptr=0x7eff7cb019d0) = 5338 ./strace-static-x86_64: Process 5338 attached [pid 5338] set_robust_list(0x7eff7cb019e0, 24) = 0 [pid 5338] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5337] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5338] <... futex resumed>) = 0 [pid 5337] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5338] memfd_create("syzkaller", 0) = 3 [pid 5338] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff746e1000 [pid 5338] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5338] munmap(0x7eff746e1000, 16777216) = 0 [pid 5338] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5338] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5338] close(3) = 0 [pid 5338] mkdir("./file0", 0777) = 0 [ 61.689818][ T5338] loop0: detected capacity change from 0 to 32768 [ 61.703520][ T5338] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 61.713360][ T5338] BTRFS info (device loop0): force clearing of disk cache [ 61.720646][ T5338] BTRFS info (device loop0): setting nodatasum [ 61.726833][ T5338] BTRFS info (device loop0): allowing degraded mounts [ 61.733706][ T5338] BTRFS info (device loop0): enabling disk space caching [ 61.740839][ T5338] BTRFS info (device loop0): disk space caching is enabled [ 61.760075][ T5338] BTRFS info (device loop0): enabling ssd optimizations [ 61.767103][ T5338] BTRFS info (device loop0): auto enabling async discard [ 61.775338][ T5338] BTRFS info (device loop0): clearing free space tree [pid 5338] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5338] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5338] chdir("./file0") = 0 [pid 5338] ioctl(4, LOOP_CLR_FD) = 0 [pid 5338] close(4) = 0 [pid 5338] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5338] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5337] <... futex resumed>) = 0 [pid 5337] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5337] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5338] <... futex resumed>) = 0 [pid 5338] open("./file0", O_RDONLY) = 4 [pid 5338] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5337] <... futex resumed>) = 0 [pid 5337] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5337] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5338] <... futex resumed>) = 1 [pid 5338] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [ 61.782339][ T5338] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 61.792117][ T5338] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 61.805627][ T5338] BTRFS info (device loop0): checking UUID tree [pid 5338] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5337] <... futex resumed>) = 0 [pid 5337] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5337] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5338] <... futex resumed>) = 1 [pid 5338] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5338] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5337] <... futex resumed>) = 0 [pid 5337] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5337] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5338] <... futex resumed>) = 1 [pid 5338] creat("./bus", 000) = 6 [pid 5338] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5337] <... futex resumed>) = 0 [pid 5338] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5337] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5338] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5337] <... futex resumed>) = 0 [pid 5338] ftruncate(6, 2048 [pid 5337] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5338] <... ftruncate resumed>) = 0 [pid 5338] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5337] <... futex resumed>) = 0 [pid 5337] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5337] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5338] open("./bus", O_RDONLY) = 7 [ 61.835110][ T27] audit: type=1800 audit(1672288925.011:26): pid=5338 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor414" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 61.865200][ T74] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 5338] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5338] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5337] <... futex resumed>) = 0 [pid 5337] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5337] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5338] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5338] sendfile(6, 7, NULL, 65536) = 2048 [pid 5338] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5337] <... futex resumed>) = 0 [pid 5338] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5337] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5338] <... futex resumed>) = 0 [pid 5337] <... futex resumed>) = 1 [pid 5338] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 5337] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5338] <... openat resumed>) = 8 [pid 5338] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5337] <... futex resumed>) = 0 [pid 5338] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5337] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5338] <... futex resumed>) = 0 [pid 5337] <... futex resumed>) = 1 [pid 5338] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 61.875741][ T27] audit: type=1804 audit(1672288925.061:27): pid=5338 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor414" name="/root/syzkaller.fqkFZA/12/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 61.914813][ T5338] BTRFS info (device loop0): balance: start -s [ 61.923478][ T5338] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5337] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5337] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5337] futex(0x7eff7cbe07fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5337] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7eff756c0000 [pid 5337] mprotect(0x7eff756c1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5337] clone(child_stack=0x7eff756e03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5357], tls=0x7eff756e0700, child_tidptr=0x7eff756e09d0) = 5357 [pid 5337] futex(0x7eff7cbe07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5337] futex(0x7eff7cbe07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5338] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 ./strace-static-x86_64: Process 5357 attached [pid 5357] set_robust_list(0x7eff756e09e0, 24 [pid 5338] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5357] <... set_robust_list resumed>) = 0 [pid 5338] <... futex resumed>) = 0 [pid 5357] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 5338] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5357] <... ioctl resumed>) = 0 [pid 5357] futex(0x7eff7cbe07fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5337] <... futex resumed>) = 0 [pid 5337] exit_group(0) = ? [pid 5338] <... futex resumed>) = ? [pid 5338] +++ exited with 0 +++ [pid 5357] +++ exited with 0 +++ [pid 5337] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5337, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=30 /* 0.30 s */} --- umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556554620 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./12/binderfs") = 0 [ 61.951743][ T5338] BTRFS info (device loop0): balance: ended with status: 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555655c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555655c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file0") = 0 getdents64(3, 0x555556554620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555565535d0) = 5358 ./strace-static-x86_64: Process 5358 attached [pid 5358] set_robust_list(0x5555565535e0, 24) = 0 [pid 5358] chdir("./13") = 0 [pid 5358] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5358] setpgid(0, 0) = 0 [pid 5358] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5358] write(3, "1000", 4) = 4 [pid 5358] close(3) = 0 [pid 5358] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5358] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5358] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7eff7cae1000 [pid 5358] mprotect(0x7eff7cae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5358] clone(child_stack=0x7eff7cb013f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5359], tls=0x7eff7cb01700, child_tidptr=0x7eff7cb019d0) = 5359 ./strace-static-x86_64: Process 5359 attached [pid 5358] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5359] set_robust_list(0x7eff7cb019e0, 24) = 0 [pid 5359] memfd_create("syzkaller", 0 [pid 5358] <... futex resumed>) = 0 [pid 5359] <... memfd_create resumed>) = 3 [pid 5359] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff746e1000 [pid 5358] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5359] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5359] munmap(0x7eff746e1000, 16777216) = 0 [pid 5359] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5359] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5359] close(3) = 0 [pid 5359] mkdir("./file0", 0777) = 0 [ 62.251899][ T5359] loop0: detected capacity change from 0 to 32768 [ 62.265597][ T5359] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 62.275393][ T5359] BTRFS info (device loop0): force clearing of disk cache [ 62.282703][ T5359] BTRFS info (device loop0): setting nodatasum [ 62.289040][ T5359] BTRFS info (device loop0): allowing degraded mounts [ 62.295937][ T5359] BTRFS info (device loop0): enabling disk space caching [ 62.303055][ T5359] BTRFS info (device loop0): disk space caching is enabled [ 62.322080][ T5359] BTRFS info (device loop0): enabling ssd optimizations [ 62.329214][ T5359] BTRFS info (device loop0): auto enabling async discard [ 62.337053][ T5359] BTRFS info (device loop0): clearing free space tree [pid 5359] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5359] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5359] chdir("./file0") = 0 [pid 5359] ioctl(4, LOOP_CLR_FD) = 0 [pid 5359] close(4) = 0 [pid 5359] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5358] <... futex resumed>) = 0 [pid 5358] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5358] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5359] <... futex resumed>) = 1 [pid 5359] open("./file0", O_RDONLY) = 4 [pid 5359] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5358] <... futex resumed>) = 0 [pid 5358] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5358] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5359] <... futex resumed>) = 1 [ 62.343962][ T5359] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 62.353663][ T5359] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 62.366919][ T5359] BTRFS info (device loop0): checking UUID tree [pid 5359] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5359] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5358] <... futex resumed>) = 0 [pid 5358] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5358] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5359] <... futex resumed>) = 1 [pid 5359] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5359] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5358] <... futex resumed>) = 0 [pid 5358] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5358] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5359] <... futex resumed>) = 1 [pid 5359] creat("./bus", 000) = 6 [pid 5359] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5358] <... futex resumed>) = 0 [pid 5358] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5358] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5359] <... futex resumed>) = 1 [pid 5359] ftruncate(6, 2048) = 0 [pid 5359] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5358] <... futex resumed>) = 0 [pid 5358] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5358] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5359] <... futex resumed>) = 1 [ 62.390693][ T27] audit: type=1800 audit(1672288925.571:28): pid=5359 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor414" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 62.417770][ T74] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 5359] open("./bus", O_RDONLY) = 7 [pid 5359] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5358] <... futex resumed>) = 0 [pid 5358] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5358] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5359] <... futex resumed>) = 1 [pid 5359] sendfile(6, 7, NULL, 65536) = 2048 [pid 5359] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5358] <... futex resumed>) = 0 [pid 5358] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5358] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5359] <... futex resumed>) = 1 [pid 5359] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 5359] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5358] <... futex resumed>) = 0 [pid 5358] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5358] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5359] <... futex resumed>) = 1 [ 62.435153][ T27] audit: type=1804 audit(1672288925.611:29): pid=5359 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor414" name="/root/syzkaller.fqkFZA/13/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 62.472968][ T5359] BTRFS info (device loop0): balance: start -s [ 62.482061][ T5359] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5359] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5358] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5358] futex(0x7eff7cbe07fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5358] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7eff756c0000 [pid 5358] mprotect(0x7eff756c1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5358] clone(child_stack=0x7eff756e03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5378], tls=0x7eff756e0700, child_tidptr=0x7eff756e09d0) = 5378 [pid 5358] futex(0x7eff7cbe07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5358] futex(0x7eff7cbe07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5359] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5359] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5359] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5378 attached [pid 5378] set_robust_list(0x7eff756e09e0, 24) = 0 [pid 5378] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 5378] futex(0x7eff7cbe07fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5358] <... futex resumed>) = 0 [pid 5378] <... futex resumed>) = 1 [pid 5358] exit_group(0 [pid 5359] <... futex resumed>) = ? [pid 5358] <... exit_group resumed>) = ? [pid 5359] +++ exited with 0 +++ [pid 5378] +++ exited with 0 +++ [pid 5358] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5358, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=31 /* 0.31 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556554620 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./13/binderfs") = 0 [ 62.507153][ T5359] BTRFS info (device loop0): balance: ended with status: 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555655c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555655c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file0") = 0 getdents64(3, 0x555556554620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5379 attached , child_tidptr=0x5555565535d0) = 5379 [pid 5379] set_robust_list(0x5555565535e0, 24) = 0 [pid 5379] chdir("./14") = 0 [pid 5379] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5379] setpgid(0, 0) = 0 [pid 5379] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5379] write(3, "1000", 4) = 4 [pid 5379] close(3) = 0 [pid 5379] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5379] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5379] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7eff7cae1000 [pid 5379] mprotect(0x7eff7cae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5379] clone(child_stack=0x7eff7cb013f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5380 attached , parent_tid=[5380], tls=0x7eff7cb01700, child_tidptr=0x7eff7cb019d0) = 5380 [pid 5380] set_robust_list(0x7eff7cb019e0, 24) = 0 [pid 5380] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5379] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5380] <... futex resumed>) = 0 [pid 5379] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5380] memfd_create("syzkaller", 0) = 3 [pid 5380] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff746e1000 [pid 5380] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5380] munmap(0x7eff746e1000, 16777216) = 0 [pid 5380] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5380] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5380] close(3) = 0 [pid 5380] mkdir("./file0", 0777) = 0 [ 62.813477][ T5380] loop0: detected capacity change from 0 to 32768 [ 62.827077][ T5380] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 62.836389][ T5380] BTRFS info (device loop0): force clearing of disk cache [ 62.843532][ T5380] BTRFS info (device loop0): setting nodatasum [ 62.849751][ T5380] BTRFS info (device loop0): allowing degraded mounts [ 62.856607][ T5380] BTRFS info (device loop0): enabling disk space caching [ 62.863688][ T5380] BTRFS info (device loop0): disk space caching is enabled [ 62.882482][ T5380] BTRFS info (device loop0): enabling ssd optimizations [ 62.889599][ T5380] BTRFS info (device loop0): auto enabling async discard [ 62.897440][ T5380] BTRFS info (device loop0): clearing free space tree [ 62.904504][ T5380] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5380] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5380] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5380] chdir("./file0") = 0 [pid 5380] ioctl(4, LOOP_CLR_FD) = 0 [pid 5380] close(4) = 0 [pid 5380] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5379] <... futex resumed>) = 0 [pid 5379] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5379] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5380] <... futex resumed>) = 1 [pid 5380] open("./file0", O_RDONLY) = 4 [pid 5380] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5379] <... futex resumed>) = 0 [pid 5379] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5379] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5380] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5380] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5380] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5379] <... futex resumed>) = 0 [pid 5379] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5379] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5380] <... futex resumed>) = 0 [pid 5380] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5380] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5379] <... futex resumed>) = 0 [pid 5379] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5379] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5380] <... futex resumed>) = 1 [pid 5380] creat("./bus", 000) = 6 [ 62.914386][ T5380] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 62.928312][ T5380] BTRFS info (device loop0): checking UUID tree [ 62.943727][ T27] audit: type=1800 audit(1672288926.121:30): pid=5380 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor414" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5380] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5379] <... futex resumed>) = 0 [pid 5379] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5379] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5380] <... futex resumed>) = 1 [pid 5380] ftruncate(6, 2048) = 0 [pid 5380] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5379] <... futex resumed>) = 0 [pid 5379] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5379] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5380] <... futex resumed>) = 1 [pid 5380] open("./bus", O_RDONLY) = 7 [pid 5380] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5379] <... futex resumed>) = 0 [pid 5379] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5379] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5380] <... futex resumed>) = 1 [pid 5380] sendfile(6, 7, NULL, 65536) = 2048 [pid 5380] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5379] <... futex resumed>) = 0 [pid 5379] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5379] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5380] <... futex resumed>) = 1 [pid 5380] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 5380] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5379] <... futex resumed>) = 0 [pid 5379] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5379] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5380] <... futex resumed>) = 1 [ 62.967780][ T41] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 62.977341][ T27] audit: type=1804 audit(1672288926.151:31): pid=5380 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor414" name="/root/syzkaller.fqkFZA/14/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 62.984046][ T5380] BTRFS info (device loop0): balance: start -s [ 63.007778][ T5380] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5380] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5379] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5379] futex(0x7eff7cbe07fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5379] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7eff756c0000 [pid 5379] mprotect(0x7eff756c1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5379] clone(child_stack=0x7eff756e03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5398], tls=0x7eff756e0700, child_tidptr=0x7eff756e09d0) = 5398 [pid 5379] futex(0x7eff7cbe07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5379] futex(0x7eff7cbe07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5398 attached [pid 5398] set_robust_list(0x7eff756e09e0, 24) = 0 [pid 5398] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 5380] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5380] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5380] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5398] <... ioctl resumed>) = 0 [pid 5398] futex(0x7eff7cbe07fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5379] <... futex resumed>) = 0 [pid 5379] exit_group(0) = ? [pid 5380] <... futex resumed>) = ? [pid 5380] +++ exited with 0 +++ [pid 5398] +++ exited with 0 +++ [pid 5379] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5379, si_uid=0, si_status=0, si_utime=0, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556554620 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./14/binderfs") = 0 [ 63.026650][ T5380] BTRFS info (device loop0): balance: ended with status: 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555655c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555655c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file0") = 0 getdents64(3, 0x555556554620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555565535d0) = 5399 ./strace-static-x86_64: Process 5399 attached [pid 5399] set_robust_list(0x5555565535e0, 24) = 0 [pid 5399] chdir("./15") = 0 [pid 5399] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5399] setpgid(0, 0) = 0 [pid 5399] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5399] write(3, "1000", 4) = 4 [pid 5399] close(3) = 0 [pid 5399] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5399] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5399] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7eff7cae1000 [pid 5399] mprotect(0x7eff7cae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5399] clone(child_stack=0x7eff7cb013f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5400 attached , parent_tid=[5400], tls=0x7eff7cb01700, child_tidptr=0x7eff7cb019d0) = 5400 [pid 5400] set_robust_list(0x7eff7cb019e0, 24) = 0 [pid 5400] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5399] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5400] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5399] <... futex resumed>) = 0 [pid 5399] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5400] memfd_create("syzkaller", 0) = 3 [pid 5400] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff746e1000 [pid 5400] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5400] munmap(0x7eff746e1000, 16777216) = 0 [pid 5400] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5400] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5400] close(3) = 0 [pid 5400] mkdir("./file0", 0777) = 0 [ 63.328732][ T5400] loop0: detected capacity change from 0 to 32768 [ 63.342186][ T5400] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 63.351759][ T5400] BTRFS info (device loop0): force clearing of disk cache [ 63.358945][ T5400] BTRFS info (device loop0): setting nodatasum [ 63.365119][ T5400] BTRFS info (device loop0): allowing degraded mounts [ 63.372252][ T5400] BTRFS info (device loop0): enabling disk space caching [ 63.379352][ T5400] BTRFS info (device loop0): disk space caching is enabled [ 63.398636][ T5400] BTRFS info (device loop0): enabling ssd optimizations [ 63.405646][ T5400] BTRFS info (device loop0): auto enabling async discard [ 63.414042][ T5400] BTRFS info (device loop0): clearing free space tree [pid 5400] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5400] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5400] chdir("./file0") = 0 [pid 5400] ioctl(4, LOOP_CLR_FD) = 0 [pid 5400] close(4) = 0 [pid 5400] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5399] <... futex resumed>) = 0 [pid 5399] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5399] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5400] <... futex resumed>) = 1 [pid 5400] open("./file0", O_RDONLY) = 4 [pid 5400] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5399] <... futex resumed>) = 0 [pid 5400] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5399] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5400] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5399] <... futex resumed>) = 0 [pid 5400] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5399] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5400] <... open resumed>) = 5 [pid 5400] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5399] <... futex resumed>) = 0 [pid 5399] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5400] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5399] <... futex resumed>) = 0 [pid 5399] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5400] <... ioctl resumed>) = 0 [ 63.420970][ T5400] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 63.430684][ T5400] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 63.444062][ T5400] BTRFS info (device loop0): checking UUID tree [pid 5400] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5399] <... futex resumed>) = 0 [pid 5399] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5399] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5400] <... futex resumed>) = 1 [pid 5400] creat("./bus", 000) = 6 [pid 5400] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5399] <... futex resumed>) = 0 [pid 5399] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5399] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5400] <... futex resumed>) = 1 [pid 5400] ftruncate(6, 2048) = 0 [pid 5400] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5399] <... futex resumed>) = 0 [pid 5399] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5399] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5400] <... futex resumed>) = 1 [pid 5400] open("./bus", O_RDONLY) = 7 [pid 5400] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5399] <... futex resumed>) = 0 [pid 5399] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5399] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5400] <... futex resumed>) = 1 [pid 5400] sendfile(6, 7, NULL, 65536) = 2048 [pid 5400] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5399] <... futex resumed>) = 0 [pid 5399] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5399] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5400] <... futex resumed>) = 1 [pid 5400] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 5400] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5399] <... futex resumed>) = 0 [pid 5400] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5399] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5400] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5399] <... futex resumed>) = 0 [pid 5400] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 63.495983][ T41] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 63.527314][ T5400] BTRFS info (device loop0): balance: start -s [ 63.535003][ T5400] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5399] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5400] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5400] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5399] <... futex resumed>) = 0 [pid 5399] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5400] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 5399] <... futex resumed>) = 0 [pid 5399] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5400] <... ioctl resumed>) = 0 [pid 5400] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5399] <... futex resumed>) = 0 [pid 5400] <... futex resumed>) = 1 [pid 5399] exit_group(0 [pid 5400] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5399] <... exit_group resumed>) = ? [pid 5400] <... futex resumed>) = ? [pid 5400] +++ exited with 0 +++ [pid 5399] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5399, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556554620 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./15/binderfs") = 0 [ 63.556239][ T5400] BTRFS info (device loop0): balance: ended with status: 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555655c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555655c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file0") = 0 getdents64(3, 0x555556554620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555565535d0) = 5420 ./strace-static-x86_64: Process 5420 attached [pid 5420] set_robust_list(0x5555565535e0, 24) = 0 [pid 5420] chdir("./16") = 0 [pid 5420] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5420] setpgid(0, 0) = 0 [pid 5420] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5420] write(3, "1000", 4) = 4 [pid 5420] close(3) = 0 [pid 5420] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5420] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5420] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7eff7cae1000 [pid 5420] mprotect(0x7eff7cae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5420] clone(child_stack=0x7eff7cb013f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5421 attached [pid 5421] set_robust_list(0x7eff7cb019e0, 24) = 0 [pid 5421] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5420] <... clone resumed>, parent_tid=[5421], tls=0x7eff7cb01700, child_tidptr=0x7eff7cb019d0) = 5421 [pid 5420] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5421] <... futex resumed>) = 0 [pid 5420] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5421] memfd_create("syzkaller", 0) = 3 [pid 5421] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff746e1000 [pid 5421] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5421] munmap(0x7eff746e1000, 16777216) = 0 [pid 5421] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5421] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5421] close(3) = 0 [pid 5421] mkdir("./file0", 0777) = 0 [pid 5421] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5421] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5421] chdir("./file0") = 0 [pid 5421] ioctl(4, LOOP_CLR_FD) = 0 [pid 5421] close(4) = 0 [pid 5421] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5420] <... futex resumed>) = 0 [pid 5420] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5420] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5421] open("./file0", O_RDONLY) = 4 [pid 5421] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5420] <... futex resumed>) = 0 [pid 5420] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5420] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5421] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5421] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5420] <... futex resumed>) = 0 [pid 5420] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5420] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 63.881369][ T5421] loop0: detected capacity change from 0 to 32768 [ 63.892667][ T5421] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 63.902048][ T5421] BTRFS info (device loop0): force clearing of disk cache [pid 5421] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5421] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5420] <... futex resumed>) = 0 [pid 5420] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5420] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5421] <... futex resumed>) = 1 [pid 5421] creat("./bus", 000) = 6 [pid 5421] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5420] <... futex resumed>) = 0 [pid 5420] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5420] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5421] <... futex resumed>) = 1 [pid 5421] ftruncate(6, 2048) = 0 [pid 5421] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5420] <... futex resumed>) = 0 [pid 5420] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5420] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5421] <... futex resumed>) = 1 [pid 5421] open("./bus", O_RDONLY) = 7 [pid 5421] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5420] <... futex resumed>) = 0 [pid 5420] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5421] sendfile(6, 7, NULL, 65536 [pid 5420] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5421] <... sendfile resumed>) = 2048 [pid 5421] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5420] <... futex resumed>) = 0 [pid 5421] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 5420] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5421] <... openat resumed>) = 8 [pid 5420] <... futex resumed>) = 0 [pid 5420] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5421] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5420] <... futex resumed>) = 0 [pid 5420] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5420] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5421] <... futex resumed>) = 1 [pid 5421] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5421] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5420] <... futex resumed>) = 0 [pid 5420] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5420] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5421] <... futex resumed>) = 1 [pid 5421] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 5421] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5420] <... futex resumed>) = 0 [pid 5420] exit_group(0) = ? [pid 5421] <... futex resumed>) = ? [pid 5421] +++ exited with 0 +++ [pid 5420] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5420, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556554620 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./16/binderfs") = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555655c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555655c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file0") = 0 getdents64(3, 0x555556554620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555565535d0) = 5440 ./strace-static-x86_64: Process 5440 attached [pid 5440] set_robust_list(0x5555565535e0, 24) = 0 [pid 5440] chdir("./17") = 0 [pid 5440] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5440] setpgid(0, 0) = 0 [pid 5440] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5440] write(3, "1000", 4) = 4 [pid 5440] close(3) = 0 [pid 5440] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5440] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5440] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7eff7cae1000 [pid 5440] mprotect(0x7eff7cae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5440] clone(child_stack=0x7eff7cb013f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5441], tls=0x7eff7cb01700, child_tidptr=0x7eff7cb019d0) = 5441 ./strace-static-x86_64: Process 5441 attached [pid 5440] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5441] set_robust_list(0x7eff7cb019e0, 24) = 0 [pid 5441] memfd_create("syzkaller", 0) = 3 [pid 5440] <... futex resumed>) = 0 [pid 5441] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5440] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5441] <... mmap resumed>) = 0x7eff746e1000 [pid 5441] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5441] munmap(0x7eff746e1000, 16777216) = 0 [pid 5441] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5441] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5441] close(3) = 0 [pid 5441] mkdir("./file0", 0777) = 0 [pid 5441] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5441] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5441] chdir("./file0") = 0 [pid 5441] ioctl(4, LOOP_CLR_FD) = 0 [pid 5441] close(4) = 0 [pid 5441] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5441] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5440] <... futex resumed>) = 0 [pid 5440] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5441] <... futex resumed>) = 0 [pid 5440] <... futex resumed>) = 1 [pid 5441] open("./file0", O_RDONLY [pid 5440] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5441] <... open resumed>) = 4 [pid 5441] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5440] <... futex resumed>) = 0 [pid 5441] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5440] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5441] <... open resumed>) = 5 [pid 5440] <... futex resumed>) = 0 [pid 5441] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5440] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5441] <... futex resumed>) = 0 [pid 5440] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5441] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5440] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5440] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5441] <... ioctl resumed>) = 0 [pid 5441] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5440] <... futex resumed>) = 0 [ 64.330117][ T5441] loop0: detected capacity change from 0 to 32768 [pid 5440] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5440] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5441] <... futex resumed>) = 1 [pid 5441] creat("./bus", 000) = 6 [pid 5441] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5440] <... futex resumed>) = 0 [pid 5440] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5440] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5441] <... futex resumed>) = 1 [pid 5441] ftruncate(6, 2048) = 0 [pid 5441] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5440] <... futex resumed>) = 0 [pid 5441] open("./bus", O_RDONLY [pid 5440] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5440] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5441] <... open resumed>) = 7 [pid 5441] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5440] <... futex resumed>) = 0 [pid 5440] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5440] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5441] <... futex resumed>) = 1 [pid 5441] sendfile(6, 7, NULL, 65536) = 2048 [pid 5441] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5440] <... futex resumed>) = 0 [pid 5440] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5440] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5441] <... futex resumed>) = 1 [pid 5441] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 5441] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5440] <... futex resumed>) = 0 [pid 5440] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5440] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5441] <... futex resumed>) = 1 [pid 5441] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5441] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5440] <... futex resumed>) = 0 [pid 5440] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5440] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5441] <... futex resumed>) = 1 [pid 5441] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 5441] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5440] <... futex resumed>) = 0 [pid 5440] exit_group(0) = ? [pid 5441] <... futex resumed>) = ? [pid 5441] +++ exited with 0 +++ [pid 5440] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5440, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556554620 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./17/binderfs") = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555655c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555655c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file0") = 0 getdents64(3, 0x555556554620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555565535d0) = 5460 ./strace-static-x86_64: Process 5460 attached [pid 5460] set_robust_list(0x5555565535e0, 24) = 0 [pid 5460] chdir("./18") = 0 [pid 5460] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5460] setpgid(0, 0) = 0 [pid 5460] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5460] write(3, "1000", 4) = 4 [pid 5460] close(3) = 0 [pid 5460] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5460] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5460] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7eff7cae1000 [pid 5460] mprotect(0x7eff7cae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5460] clone(child_stack=0x7eff7cb013f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5461 attached [pid 5461] set_robust_list(0x7eff7cb019e0, 24 [pid 5460] <... clone resumed>, parent_tid=[5461], tls=0x7eff7cb01700, child_tidptr=0x7eff7cb019d0) = 5461 [pid 5461] <... set_robust_list resumed>) = 0 [pid 5461] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5460] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5461] <... futex resumed>) = 0 [pid 5460] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5461] memfd_create("syzkaller", 0) = 3 [pid 5461] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff746e1000 [pid 5461] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5461] munmap(0x7eff746e1000, 16777216) = 0 [pid 5461] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5461] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5461] close(3) = 0 [pid 5461] mkdir("./file0", 0777) = 0 [pid 5461] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5461] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5461] chdir("./file0") = 0 [pid 5461] ioctl(4, LOOP_CLR_FD) = 0 [pid 5461] close(4) = 0 [pid 5461] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5461] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5460] <... futex resumed>) = 0 [pid 5460] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5460] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5461] <... futex resumed>) = 0 [pid 5461] open("./file0", O_RDONLY) = 4 [pid 5461] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5460] <... futex resumed>) = 0 [pid 5460] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5460] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5461] <... futex resumed>) = 1 [pid 5461] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5461] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5460] <... futex resumed>) = 0 [pid 5460] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5460] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5461] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5461] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5460] <... futex resumed>) = 0 [pid 5460] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5460] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 64.774406][ T5461] loop0: detected capacity change from 0 to 32768 [pid 5461] creat("./bus", 000) = 6 [pid 5461] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5460] <... futex resumed>) = 0 [pid 5461] ftruncate(6, 2048 [pid 5460] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5460] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5461] <... ftruncate resumed>) = 0 [pid 5461] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5461] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5460] <... futex resumed>) = 0 [pid 5460] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5461] <... futex resumed>) = 0 [pid 5461] open("./bus", O_RDONLY [pid 5460] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5461] <... open resumed>) = 7 [pid 5461] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5460] <... futex resumed>) = 0 [pid 5461] sendfile(6, 7, NULL, 65536 [pid 5460] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5461] <... sendfile resumed>) = 2048 [pid 5460] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5461] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5460] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5461] <... futex resumed>) = 0 [pid 5460] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5461] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 5460] <... futex resumed>) = 0 [pid 5460] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5461] <... openat resumed>) = 8 [pid 5461] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5460] <... futex resumed>) = 0 [pid 5461] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5460] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5461] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5460] <... futex resumed>) = 0 [pid 5461] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5460] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5461] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5461] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5460] <... futex resumed>) = 0 [pid 5461] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5460] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5461] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5460] <... futex resumed>) = 0 [pid 5461] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 5460] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5461] <... ioctl resumed>) = 0 [pid 5461] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5460] <... futex resumed>) = 0 [pid 5460] exit_group(0) = ? [pid 5461] <... futex resumed>) = ? [pid 5461] +++ exited with 0 +++ [pid 5460] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5460, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556554620 /* 4 entries */, 32768) = 112 umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./18/binderfs") = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555655c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555655c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file0") = 0 getdents64(3, 0x555556554620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5480 attached , child_tidptr=0x5555565535d0) = 5480 [pid 5480] set_robust_list(0x5555565535e0, 24) = 0 [pid 5480] chdir("./19") = 0 [pid 5480] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5480] setpgid(0, 0) = 0 [pid 5480] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5480] write(3, "1000", 4) = 4 [pid 5480] close(3) = 0 [pid 5480] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5480] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5480] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7eff7cae1000 [pid 5480] mprotect(0x7eff7cae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5480] clone(child_stack=0x7eff7cb013f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5481 attached [pid 5481] set_robust_list(0x7eff7cb019e0, 24) = 0 [pid 5481] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5480] <... clone resumed>, parent_tid=[5481], tls=0x7eff7cb01700, child_tidptr=0x7eff7cb019d0) = 5481 [pid 5480] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5481] <... futex resumed>) = 0 [pid 5480] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5481] memfd_create("syzkaller", 0) = 3 [pid 5481] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff746e1000 [pid 5481] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5481] munmap(0x7eff746e1000, 16777216) = 0 [pid 5481] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5481] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5481] close(3) = 0 [pid 5481] mkdir("./file0", 0777) = 0 [ 65.227428][ T5481] loop0: detected capacity change from 0 to 32768 [ 65.241219][ T5481] _btrfs_printk: 46 callbacks suppressed [ 65.241235][ T5481] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 65.256550][ T5481] BTRFS info (device loop0): force clearing of disk cache [ 65.263801][ T5481] BTRFS info (device loop0): setting nodatasum [ 65.270041][ T5481] BTRFS info (device loop0): allowing degraded mounts [ 65.276903][ T5481] BTRFS info (device loop0): enabling disk space caching [ 65.283985][ T5481] BTRFS info (device loop0): disk space caching is enabled [ 65.302870][ T5481] BTRFS info (device loop0): enabling ssd optimizations [ 65.311758][ T5481] BTRFS info (device loop0): auto enabling async discard [ 65.319891][ T5481] BTRFS info (device loop0): clearing free space tree [pid 5481] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5481] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5481] chdir("./file0") = 0 [pid 5481] ioctl(4, LOOP_CLR_FD) = 0 [pid 5481] close(4) = 0 [pid 5481] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5480] <... futex resumed>) = 0 [pid 5480] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5481] <... futex resumed>) = 1 [pid 5480] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5481] open("./file0", O_RDONLY) = 4 [pid 5481] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5480] <... futex resumed>) = 0 [pid 5481] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5480] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5481] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5480] <... futex resumed>) = 0 [pid 5481] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5480] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5481] <... open resumed>) = 5 [pid 5481] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5480] <... futex resumed>) = 0 [pid 5481] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5480] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5480] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5481] <... ioctl resumed>) = 0 [pid 5481] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5480] <... futex resumed>) = 0 [pid 5480] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5480] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5481] <... futex resumed>) = 1 [pid 5481] creat("./bus", 000) = 6 [pid 5481] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5480] <... futex resumed>) = 0 [pid 5480] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5480] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5481] <... futex resumed>) = 1 [ 65.326965][ T5481] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 65.336924][ T5481] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 65.350096][ T5481] BTRFS info (device loop0): checking UUID tree [pid 5481] ftruncate(6, 2048) = 0 [pid 5481] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5480] <... futex resumed>) = 0 [pid 5480] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5480] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5481] <... futex resumed>) = 1 [pid 5481] open("./bus", O_RDONLY) = 7 [pid 5481] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5480] <... futex resumed>) = 0 [pid 5480] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5480] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5481] <... futex resumed>) = 1 [pid 5481] sendfile(6, 7, NULL, 65536) = 2048 [pid 5481] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5480] <... futex resumed>) = 0 [pid 5481] <... futex resumed>) = 1 [pid 5480] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5481] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 5480] <... futex resumed>) = 0 [pid 5481] <... openat resumed>) = 8 [pid 5480] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5481] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5480] <... futex resumed>) = 0 [pid 5480] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5481] <... futex resumed>) = 1 [pid 5480] <... futex resumed>) = 0 [pid 5481] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 65.401236][ T74] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 65.427166][ T5481] BTRFS info (device loop0): balance: start -s [ 65.435903][ T5481] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5480] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5480] futex(0x7eff7cbe07fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5480] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7eff756c0000 [pid 5480] mprotect(0x7eff756c1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5480] clone(child_stack=0x7eff756e03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5500], tls=0x7eff756e0700, child_tidptr=0x7eff756e09d0) = 5500 ./strace-static-x86_64: Process 5500 attached [pid 5481] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5480] futex(0x7eff7cbe07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5481] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5480] futex(0x7eff7cbe07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5481] <... futex resumed>) = 0 [pid 5500] set_robust_list(0x7eff756e09e0, 24 [pid 5481] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5500] <... set_robust_list resumed>) = 0 [pid 5500] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 5500] futex(0x7eff7cbe07fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5480] <... futex resumed>) = 0 [pid 5500] <... futex resumed>) = 1 [pid 5480] exit_group(0 [pid 5481] <... futex resumed>) = ? [pid 5480] <... exit_group resumed>) = ? [pid 5481] +++ exited with 0 +++ [pid 5500] +++ exited with 0 +++ [pid 5480] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5480, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=30 /* 0.30 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 65.461644][ T5481] BTRFS info (device loop0): balance: ended with status: 0 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556554620 /* 4 entries */, 32768) = 112 umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./19/binderfs") = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555655c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555655c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file0") = 0 getdents64(3, 0x555556554620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555565535d0) = 5501 ./strace-static-x86_64: Process 5501 attached [pid 5501] set_robust_list(0x5555565535e0, 24) = 0 [pid 5501] chdir("./20") = 0 [pid 5501] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5501] setpgid(0, 0) = 0 [pid 5501] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5501] write(3, "1000", 4) = 4 [pid 5501] close(3) = 0 [pid 5501] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5501] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5501] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7eff7cae1000 [pid 5501] mprotect(0x7eff7cae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5501] clone(child_stack=0x7eff7cb013f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5502 attached [pid 5502] set_robust_list(0x7eff7cb019e0, 24) = 0 [pid 5502] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5501] <... clone resumed>, parent_tid=[5502], tls=0x7eff7cb01700, child_tidptr=0x7eff7cb019d0) = 5502 [pid 5501] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5502] <... futex resumed>) = 0 [pid 5501] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5502] memfd_create("syzkaller", 0) = 3 [pid 5502] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff746e1000 [pid 5502] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5502] munmap(0x7eff746e1000, 16777216) = 0 [pid 5502] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5502] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5502] close(3) = 0 [pid 5502] mkdir("./file0", 0777) = 0 [ 65.816602][ T5502] loop0: detected capacity change from 0 to 32768 [ 65.829904][ T5502] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 65.839241][ T5502] BTRFS info (device loop0): force clearing of disk cache [ 65.846364][ T5502] BTRFS info (device loop0): setting nodatasum [ 65.852717][ T5502] BTRFS info (device loop0): allowing degraded mounts [ 65.859541][ T5502] BTRFS info (device loop0): enabling disk space caching [ 65.866574][ T5502] BTRFS info (device loop0): disk space caching is enabled [ 65.886690][ T5502] BTRFS info (device loop0): enabling ssd optimizations [ 65.893838][ T5502] BTRFS info (device loop0): auto enabling async discard [ 65.901769][ T5502] BTRFS info (device loop0): clearing free space tree [pid 5502] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5502] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5502] chdir("./file0") = 0 [pid 5502] ioctl(4, LOOP_CLR_FD) = 0 [pid 5502] close(4) = 0 [pid 5502] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5501] <... futex resumed>) = 0 [pid 5501] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5501] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5502] open("./file0", O_RDONLY) = 4 [pid 5502] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5501] <... futex resumed>) = 0 [pid 5501] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5502] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [ 65.908717][ T5502] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 65.918490][ T5502] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 65.932437][ T5502] BTRFS info (device loop0): checking UUID tree [pid 5501] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5502] <... open resumed>) = 5 [pid 5502] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5501] <... futex resumed>) = 0 [pid 5501] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5501] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5502] <... futex resumed>) = 1 [pid 5502] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5502] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5501] <... futex resumed>) = 0 [pid 5502] creat("./bus", 000 [pid 5501] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5501] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5502] <... creat resumed>) = 6 [pid 5502] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5501] <... futex resumed>) = 0 [pid 5501] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5501] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5502] ftruncate(6, 2048) = 0 [ 65.960210][ T27] kauditd_printk_skb: 10 callbacks suppressed [ 65.960225][ T27] audit: type=1800 audit(1672288929.141:42): pid=5502 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor414" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5502] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5501] <... futex resumed>) = 0 [pid 5501] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5502] open("./bus", O_RDONLY [pid 5501] <... futex resumed>) = 0 [pid 5502] <... open resumed>) = 7 [pid 5501] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5502] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5501] <... futex resumed>) = 0 [pid 5502] sendfile(6, 7, NULL, 65536 [pid 5501] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5502] <... sendfile resumed>) = 2048 [pid 5501] <... futex resumed>) = 0 [pid 5502] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5501] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5502] <... futex resumed>) = 0 [pid 5501] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5502] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 5501] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5502] <... openat resumed>) = 8 [pid 5501] <... futex resumed>) = 0 [pid 5502] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5501] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5502] <... futex resumed>) = 0 [pid 5501] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5501] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5501] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 66.007839][ T74] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 66.018705][ T27] audit: type=1804 audit(1672288929.181:43): pid=5502 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor414" name="/root/syzkaller.fqkFZA/20/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 66.050099][ T5502] BTRFS info (device loop0): balance: start -s [pid 5502] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5501] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5501] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5501] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5501] futex(0x7eff7cbe07fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5501] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7eff756c0000 [pid 5501] mprotect(0x7eff756c1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5501] clone(child_stack=0x7eff756e03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5521], tls=0x7eff756e0700, child_tidptr=0x7eff756e09d0) = 5521 [pid 5501] futex(0x7eff7cbe07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5501] futex(0x7eff7cbe07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5521 attached [pid 5502] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5521] set_robust_list(0x7eff756e09e0, 24 [pid 5502] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5521] <... set_robust_list resumed>) = 0 [pid 5502] <... futex resumed>) = 0 [pid 5521] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 5502] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5521] <... ioctl resumed>) = 0 [pid 5521] futex(0x7eff7cbe07fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5501] <... futex resumed>) = 0 [pid 5501] exit_group(0) = ? [pid 5502] <... futex resumed>) = ? [pid 5502] +++ exited with 0 +++ [pid 5521] +++ exited with 0 +++ [pid 5501] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5501, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=29 /* 0.29 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 66.058702][ T5502] BTRFS info (device loop0): relocating block group 1048576 flags system [ 66.082698][ T5502] BTRFS info (device loop0): balance: ended with status: 0 umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556554620 /* 4 entries */, 32768) = 112 umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./20/binderfs") = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555655c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555655c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file0") = 0 getdents64(3, 0x555556554620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555565535d0) = 5522 ./strace-static-x86_64: Process 5522 attached [pid 5522] set_robust_list(0x5555565535e0, 24) = 0 [pid 5522] chdir("./21") = 0 [pid 5522] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5522] setpgid(0, 0) = 0 [pid 5522] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5522] write(3, "1000", 4) = 4 [pid 5522] close(3) = 0 [pid 5522] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5522] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5522] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7eff7cae1000 [pid 5522] mprotect(0x7eff7cae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5522] clone(child_stack=0x7eff7cb013f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5523 attached [pid 5523] set_robust_list(0x7eff7cb019e0, 24 [pid 5522] <... clone resumed>, parent_tid=[5523], tls=0x7eff7cb01700, child_tidptr=0x7eff7cb019d0) = 5523 [pid 5522] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5523] <... set_robust_list resumed>) = 0 [pid 5522] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5523] memfd_create("syzkaller", 0) = 3 [pid 5523] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff746e1000 [pid 5523] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5523] munmap(0x7eff746e1000, 16777216) = 0 [pid 5523] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5523] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5523] close(3) = 0 [pid 5523] mkdir("./file0", 0777) = 0 [ 66.411203][ T5523] loop0: detected capacity change from 0 to 32768 [ 66.424621][ T5523] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 66.434030][ T5523] BTRFS info (device loop0): force clearing of disk cache [ 66.441359][ T5523] BTRFS info (device loop0): setting nodatasum [ 66.447572][ T5523] BTRFS info (device loop0): allowing degraded mounts [ 66.454440][ T5523] BTRFS info (device loop0): enabling disk space caching [ 66.461960][ T5523] BTRFS info (device loop0): disk space caching is enabled [ 66.480767][ T5523] BTRFS info (device loop0): enabling ssd optimizations [ 66.487761][ T5523] BTRFS info (device loop0): auto enabling async discard [ 66.496175][ T5523] BTRFS info (device loop0): clearing free space tree [pid 5523] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5523] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5523] chdir("./file0") = 0 [pid 5523] ioctl(4, LOOP_CLR_FD) = 0 [pid 5523] close(4) = 0 [pid 5523] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5522] <... futex resumed>) = 0 [pid 5522] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5522] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5523] <... futex resumed>) = 1 [pid 5523] open("./file0", O_RDONLY) = 4 [pid 5523] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5522] <... futex resumed>) = 0 [pid 5523] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [ 66.503404][ T5523] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 66.513232][ T5523] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 66.527042][ T5523] BTRFS info (device loop0): checking UUID tree [pid 5522] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5522] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5523] <... open resumed>) = 5 [pid 5523] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5522] <... futex resumed>) = 0 [pid 5522] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5523] <... futex resumed>) = 1 [pid 5522] <... futex resumed>) = 0 [pid 5523] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5522] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5523] <... ioctl resumed>) = 0 [pid 5523] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5522] <... futex resumed>) = 0 [pid 5523] creat("./bus", 000 [pid 5522] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5523] <... creat resumed>) = 6 [pid 5522] <... futex resumed>) = 0 [pid 5522] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5523] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5522] <... futex resumed>) = 0 [pid 5523] ftruncate(6, 2048 [pid 5522] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5522] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5523] <... ftruncate resumed>) = 0 [pid 5523] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5522] <... futex resumed>) = 0 [pid 5523] open("./bus", O_RDONLY [pid 5522] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5523] <... open resumed>) = 7 [pid 5522] <... futex resumed>) = 0 [pid 5523] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5522] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5523] <... futex resumed>) = 0 [pid 5522] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 66.555312][ T27] audit: type=1800 audit(1672288929.731:44): pid=5523 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor414" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5523] sendfile(6, 7, NULL, 65536 [pid 5522] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5523] <... sendfile resumed>) = 2048 [pid 5522] <... futex resumed>) = 0 [pid 5523] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5522] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5523] <... futex resumed>) = 0 [pid 5522] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5523] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 5522] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5523] <... openat resumed>) = 8 [pid 5522] <... futex resumed>) = 0 [pid 5523] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5522] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5523] <... futex resumed>) = 0 [pid 5522] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5523] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5522] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 66.599657][ T74] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 66.611284][ T27] audit: type=1804 audit(1672288929.771:45): pid=5523 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor414" name="/root/syzkaller.fqkFZA/21/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 66.635961][ T5523] BTRFS info (device loop0): balance: start -s [pid 5522] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5522] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5522] futex(0x7eff7cbe07fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5522] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7eff756c0000 [pid 5522] mprotect(0x7eff756c1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5522] clone(child_stack=0x7eff756e03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5542], tls=0x7eff756e0700, child_tidptr=0x7eff756e09d0) = 5542 [pid 5522] futex(0x7eff7cbe07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 66.644154][ T5523] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5522] futex(0x7eff7cbe07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5542 attached [pid 5542] set_robust_list(0x7eff756e09e0, 24) = 0 [pid 5542] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 5522] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5542] <... ioctl resumed>) = 0 [pid 5523] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5542] futex(0x7eff7cbe07fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5523] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5542] <... futex resumed>) = 0 [pid 5542] futex(0x7eff7cbe07f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5523] <... futex resumed>) = 0 [pid 5523] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5522] exit_group(0 [pid 5542] <... futex resumed>) = ? [pid 5523] <... futex resumed>) = ? [pid 5522] <... exit_group resumed>) = ? [pid 5542] +++ exited with 0 +++ [pid 5523] +++ exited with 0 +++ [pid 5522] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5522, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=30 /* 0.30 s */} --- umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556554620 /* 4 entries */, 32768) = 112 umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./21/binderfs") = 0 [ 66.671418][ T5523] BTRFS info (device loop0): balance: ended with status: 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555655c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555655c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file0") = 0 getdents64(3, 0x555556554620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555565535d0) = 5543 ./strace-static-x86_64: Process 5543 attached [pid 5543] set_robust_list(0x5555565535e0, 24) = 0 [pid 5543] chdir("./22") = 0 [pid 5543] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5543] setpgid(0, 0) = 0 [pid 5543] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5543] write(3, "1000", 4) = 4 [pid 5543] close(3) = 0 [pid 5543] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5543] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5543] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7eff7cae1000 [pid 5543] mprotect(0x7eff7cae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5543] clone(child_stack=0x7eff7cb013f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5544 attached , parent_tid=[5544], tls=0x7eff7cb01700, child_tidptr=0x7eff7cb019d0) = 5544 [pid 5544] set_robust_list(0x7eff7cb019e0, 24) = 0 [pid 5543] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5543] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5544] memfd_create("syzkaller", 0) = 3 [pid 5544] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff746e1000 [pid 5544] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5544] munmap(0x7eff746e1000, 16777216) = 0 [pid 5544] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5544] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5544] close(3) = 0 [pid 5544] mkdir("./file0", 0777) = 0 [ 66.979058][ T5544] loop0: detected capacity change from 0 to 32768 [ 66.993538][ T5544] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 67.002834][ T5544] BTRFS info (device loop0): force clearing of disk cache [ 67.010001][ T5544] BTRFS info (device loop0): setting nodatasum [ 67.016411][ T5544] BTRFS info (device loop0): allowing degraded mounts [ 67.023362][ T5544] BTRFS info (device loop0): enabling disk space caching [ 67.030664][ T5544] BTRFS info (device loop0): disk space caching is enabled [ 67.049608][ T5544] BTRFS info (device loop0): enabling ssd optimizations [ 67.056608][ T5544] BTRFS info (device loop0): auto enabling async discard [ 67.064722][ T5544] BTRFS info (device loop0): clearing free space tree [pid 5544] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5544] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5544] chdir("./file0") = 0 [pid 5544] ioctl(4, LOOP_CLR_FD) = 0 [pid 5544] close(4) = 0 [pid 5544] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5543] <... futex resumed>) = 0 [pid 5544] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5543] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5544] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5543] <... futex resumed>) = 0 [pid 5544] open("./file0", O_RDONLY [pid 5543] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5544] <... open resumed>) = 4 [pid 5544] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5543] <... futex resumed>) = 0 [pid 5544] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5543] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5544] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5543] <... futex resumed>) = 0 [pid 5544] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5543] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5544] <... open resumed>) = 5 [pid 5544] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 67.071648][ T5544] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 67.081402][ T5544] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 67.095339][ T5544] BTRFS info (device loop0): checking UUID tree [pid 5544] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5543] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5543] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5544] <... futex resumed>) = 0 [pid 5543] <... futex resumed>) = 1 [pid 5544] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5543] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5544] <... ioctl resumed>) = 0 [pid 5544] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5543] <... futex resumed>) = 0 [pid 5544] creat("./bus", 000 [pid 5543] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5544] <... creat resumed>) = 6 [pid 5543] <... futex resumed>) = 0 [pid 5544] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5543] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5544] <... futex resumed>) = 0 [pid 5543] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5544] ftruncate(6, 2048 [pid 5543] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5544] <... ftruncate resumed>) = 0 [pid 5543] <... futex resumed>) = 0 [pid 5544] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5543] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5544] <... futex resumed>) = 0 [pid 5543] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5544] open("./bus", O_RDONLY [pid 5543] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5544] <... open resumed>) = 7 [pid 5543] <... futex resumed>) = 0 [pid 5544] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5543] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5544] <... futex resumed>) = 0 [pid 5543] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5544] sendfile(6, 7, NULL, 65536 [pid 5543] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5544] <... sendfile resumed>) = 2048 [pid 5543] <... futex resumed>) = 0 [pid 5544] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5543] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5544] <... futex resumed>) = 0 [pid 5543] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5544] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 5543] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5544] <... openat resumed>) = 8 [pid 5543] <... futex resumed>) = 0 [pid 5544] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5543] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5544] <... futex resumed>) = 0 [pid 5543] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5544] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5543] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 67.111150][ T27] audit: type=1800 audit(1672288930.291:46): pid=5544 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor414" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 67.143073][ T27] audit: type=1804 audit(1672288930.321:47): pid=5544 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor414" name="/root/syzkaller.fqkFZA/22/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 67.156264][ T74] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 5543] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5543] futex(0x7eff7cbe07fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5543] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7eff756c0000 [pid 5543] mprotect(0x7eff756c1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5543] clone(child_stack=0x7eff756e03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5563], tls=0x7eff756e0700, child_tidptr=0x7eff756e09d0) = 5563 [pid 5543] futex(0x7eff7cbe07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5543] futex(0x7eff7cbe07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5563 attached [pid 5563] set_robust_list(0x7eff756e09e0, 24) = 0 [pid 5563] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 5544] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5544] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 67.175497][ T5544] BTRFS info (device loop0): balance: start -s [ 67.183826][ T5544] BTRFS info (device loop0): relocating block group 1048576 flags system [ 67.214058][ T5544] BTRFS info (device loop0): balance: ended with status: 0 [pid 5544] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5563] <... ioctl resumed>) = 0 [pid 5563] futex(0x7eff7cbe07fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5543] <... futex resumed>) = 0 [pid 5543] exit_group(0 [pid 5544] <... futex resumed>) = ? [pid 5543] <... exit_group resumed>) = ? [pid 5544] +++ exited with 0 +++ [pid 5563] <... futex resumed>) = ? [pid 5563] +++ exited with 0 +++ [pid 5543] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5543, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=29 /* 0.29 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556554620 /* 4 entries */, 32768) = 112 umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./22/binderfs") = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555655c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555655c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file0") = 0 getdents64(3, 0x555556554620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555565535d0) = 5565 ./strace-static-x86_64: Process 5565 attached [pid 5565] set_robust_list(0x5555565535e0, 24) = 0 [pid 5565] chdir("./23") = 0 [pid 5565] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5565] setpgid(0, 0) = 0 [pid 5565] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5565] write(3, "1000", 4) = 4 [pid 5565] close(3) = 0 [pid 5565] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5565] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5565] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7eff7cae1000 [pid 5565] mprotect(0x7eff7cae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5565] clone(child_stack=0x7eff7cb013f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5566], tls=0x7eff7cb01700, child_tidptr=0x7eff7cb019d0) = 5566 [pid 5565] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5565] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5566 attached [pid 5566] set_robust_list(0x7eff7cb019e0, 24) = 0 [pid 5566] memfd_create("syzkaller", 0) = 3 [pid 5566] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff746e1000 [pid 5566] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5566] munmap(0x7eff746e1000, 16777216) = 0 [pid 5566] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5566] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5566] close(3) = 0 [pid 5566] mkdir("./file0", 0777) = 0 [ 67.545160][ T5566] loop0: detected capacity change from 0 to 32768 [ 67.559037][ T5566] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 67.568489][ T5566] BTRFS info (device loop0): force clearing of disk cache [ 67.575737][ T5566] BTRFS info (device loop0): setting nodatasum [ 67.582129][ T5566] BTRFS info (device loop0): allowing degraded mounts [ 67.588938][ T5566] BTRFS info (device loop0): enabling disk space caching [ 67.595960][ T5566] BTRFS info (device loop0): disk space caching is enabled [ 67.614861][ T5566] BTRFS info (device loop0): enabling ssd optimizations [ 67.621952][ T5566] BTRFS info (device loop0): auto enabling async discard [ 67.629872][ T5566] BTRFS info (device loop0): clearing free space tree [pid 5566] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5566] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5566] chdir("./file0") = 0 [pid 5566] ioctl(4, LOOP_CLR_FD) = 0 [pid 5566] close(4) = 0 [pid 5566] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5565] <... futex resumed>) = 0 [pid 5566] <... futex resumed>) = 1 [pid 5565] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5566] open("./file0", O_RDONLY [pid 5565] <... futex resumed>) = 0 [pid 5566] <... open resumed>) = 4 [pid 5565] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5566] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5565] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5566] <... futex resumed>) = 0 [pid 5565] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5566] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5565] <... futex resumed>) = 0 [ 67.636732][ T5566] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 67.646985][ T5566] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 67.660552][ T5566] BTRFS info (device loop0): checking UUID tree [pid 5565] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5566] <... open resumed>) = 5 [pid 5566] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5565] <... futex resumed>) = 0 [pid 5566] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5565] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5565] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5566] <... ioctl resumed>) = 0 [pid 5566] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5565] <... futex resumed>) = 0 [pid 5565] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5565] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5566] creat("./bus", 000) = 6 [pid 5566] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5565] <... futex resumed>) = 0 [pid 5565] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5565] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5566] ftruncate(6, 2048) = 0 [pid 5566] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5565] <... futex resumed>) = 0 [pid 5565] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5565] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 67.692530][ T27] audit: type=1800 audit(1672288930.871:48): pid=5566 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor414" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5566] open("./bus", O_RDONLY) = 7 [pid 5566] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5565] <... futex resumed>) = 0 [pid 5565] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5565] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5566] sendfile(6, 7, NULL, 65536) = 2048 [pid 5566] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5565] <... futex resumed>) = 0 [pid 5565] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5565] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5566] <... futex resumed>) = 1 [pid 5566] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 5566] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5565] <... futex resumed>) = 0 [pid 5565] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5565] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5566] <... futex resumed>) = 1 [ 67.738417][ T27] audit: type=1804 audit(1672288930.921:49): pid=5566 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor414" name="/root/syzkaller.fqkFZA/23/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 67.776890][ T74] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 5566] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5565] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5565] futex(0x7eff7cbe07fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5565] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7eff756c0000 [pid 5565] mprotect(0x7eff756c1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5565] clone(child_stack=0x7eff756e03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5585], tls=0x7eff756e0700, child_tidptr=0x7eff756e09d0) = 5585 [pid 5565] futex(0x7eff7cbe07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5565] futex(0x7eff7cbe07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5585 attached [pid 5585] set_robust_list(0x7eff756e09e0, 24) = 0 [ 67.790230][ T5566] BTRFS info (device loop0): balance: start -s [ 67.799173][ T5566] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5585] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 5585] futex(0x7eff7cbe07fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5585] futex(0x7eff7cbe07f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5565] <... futex resumed>) = 0 [pid 5566] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5566] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5565] exit_group(0 [pid 5566] <... futex resumed>) = 0 [pid 5566] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5585] <... futex resumed>) = ? [pid 5565] <... exit_group resumed>) = ? [pid 5566] <... futex resumed>) = ? [pid 5566] +++ exited with 0 +++ [pid 5585] +++ exited with 0 +++ [pid 5565] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5565, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556554620 /* 4 entries */, 32768) = 112 umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./23/binderfs") = 0 [ 67.850953][ T5566] BTRFS info (device loop0): balance: ended with status: 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555655c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555655c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file0") = 0 getdents64(3, 0x555556554620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555565535d0) = 5586 ./strace-static-x86_64: Process 5586 attached [pid 5586] set_robust_list(0x5555565535e0, 24) = 0 [pid 5586] chdir("./24") = 0 [pid 5586] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5586] setpgid(0, 0) = 0 [pid 5586] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5586] write(3, "1000", 4) = 4 [pid 5586] close(3) = 0 [pid 5586] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5586] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5586] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7eff7cae1000 [pid 5586] mprotect(0x7eff7cae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5586] clone(child_stack=0x7eff7cb013f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5587 attached [pid 5587] set_robust_list(0x7eff7cb019e0, 24 [pid 5586] <... clone resumed>, parent_tid=[5587], tls=0x7eff7cb01700, child_tidptr=0x7eff7cb019d0) = 5587 [pid 5586] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5587] <... set_robust_list resumed>) = 0 [pid 5586] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5587] memfd_create("syzkaller", 0) = 3 [pid 5587] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff746e1000 [pid 5587] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5587] munmap(0x7eff746e1000, 16777216) = 0 [pid 5587] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5587] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5587] close(3) = 0 [pid 5587] mkdir("./file0", 0777) = 0 [ 68.133614][ T5587] loop0: detected capacity change from 0 to 32768 [ 68.147154][ T5587] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 68.156496][ T5587] BTRFS info (device loop0): force clearing of disk cache [ 68.163680][ T5587] BTRFS info (device loop0): setting nodatasum [ 68.169908][ T5587] BTRFS info (device loop0): allowing degraded mounts [ 68.176729][ T5587] BTRFS info (device loop0): enabling disk space caching [ 68.183839][ T5587] BTRFS info (device loop0): disk space caching is enabled [ 68.202343][ T5587] BTRFS info (device loop0): enabling ssd optimizations [ 68.209505][ T5587] BTRFS info (device loop0): auto enabling async discard [ 68.217497][ T5587] BTRFS info (device loop0): clearing free space tree [pid 5587] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5587] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5587] chdir("./file0") = 0 [pid 5587] ioctl(4, LOOP_CLR_FD) = 0 [pid 5587] close(4) = 0 [pid 5587] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5586] <... futex resumed>) = 0 [pid 5586] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5586] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5587] <... futex resumed>) = 1 [pid 5587] open("./file0", O_RDONLY) = 4 [pid 5587] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5586] <... futex resumed>) = 0 [pid 5586] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5586] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5587] <... futex resumed>) = 1 [ 68.224534][ T5587] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 68.234631][ T5587] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 68.247894][ T5587] BTRFS info (device loop0): checking UUID tree [pid 5587] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5587] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5587] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5586] <... futex resumed>) = 0 [pid 5586] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5587] <... futex resumed>) = 0 [pid 5586] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5587] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5587] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5586] <... futex resumed>) = 0 [pid 5587] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5586] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5587] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5586] <... futex resumed>) = 0 [pid 5587] creat("./bus", 000 [pid 5586] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5587] <... creat resumed>) = 6 [pid 5587] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5586] <... futex resumed>) = 0 [pid 5587] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5586] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5587] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5586] <... futex resumed>) = 0 [pid 5587] ftruncate(6, 2048 [pid 5586] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5587] <... ftruncate resumed>) = 0 [pid 5587] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5586] <... futex resumed>) = 0 [pid 5587] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5586] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5587] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5586] <... futex resumed>) = 0 [ 68.280308][ T27] audit: type=1800 audit(1672288931.461:50): pid=5587 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor414" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5587] open("./bus", O_RDONLY [pid 5586] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5587] <... open resumed>) = 7 [pid 5587] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5586] <... futex resumed>) = 0 [pid 5587] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5586] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5587] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5586] <... futex resumed>) = 0 [pid 5587] sendfile(6, 7, NULL, 65536 [pid 5586] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5587] <... sendfile resumed>) = 2048 [pid 5587] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5586] <... futex resumed>) = 0 [pid 5587] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5586] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5587] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5586] <... futex resumed>) = 0 [pid 5587] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 5586] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5587] <... openat resumed>) = 8 [pid 5587] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5586] <... futex resumed>) = 0 [pid 5587] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5586] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5587] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5586] <... futex resumed>) = 0 [pid 5587] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 68.319837][ T27] audit: type=1804 audit(1672288931.501:51): pid=5587 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor414" name="/root/syzkaller.fqkFZA/24/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 68.320967][ T41] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 68.354003][ T5587] BTRFS info (device loop0): balance: start -s [ 68.363626][ T5587] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5586] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5586] futex(0x7eff7cbe07fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5586] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7eff756c0000 [pid 5586] mprotect(0x7eff756c1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5586] clone(child_stack=0x7eff756e03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5606], tls=0x7eff756e0700, child_tidptr=0x7eff756e09d0) = 5606 [pid 5586] futex(0x7eff7cbe07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5586] futex(0x7eff7cbe07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5606 attached [pid 5606] set_robust_list(0x7eff756e09e0, 24) = 0 [pid 5606] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 5587] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5587] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5587] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5606] <... ioctl resumed>) = 0 [pid 5606] futex(0x7eff7cbe07fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5586] <... futex resumed>) = 0 [pid 5586] exit_group(0 [pid 5587] <... futex resumed>) = ? [pid 5586] <... exit_group resumed>) = ? [pid 5587] +++ exited with 0 +++ [pid 5606] +++ exited with 0 +++ [pid 5586] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5586, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=29 /* 0.29 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556554620 /* 4 entries */, 32768) = 112 umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 68.392772][ T5587] BTRFS info (device loop0): balance: ended with status: 0 lstat("./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./24/binderfs") = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555655c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555655c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file0") = 0 getdents64(3, 0x555556554620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5607 attached [pid 5607] set_robust_list(0x5555565535e0, 24 [pid 5070] <... clone resumed>, child_tidptr=0x5555565535d0) = 5607 [pid 5607] <... set_robust_list resumed>) = 0 [pid 5607] chdir("./25") = 0 [pid 5607] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5607] setpgid(0, 0) = 0 [pid 5607] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5607] write(3, "1000", 4) = 4 [pid 5607] close(3) = 0 [pid 5607] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5607] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5607] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7eff7cae1000 [pid 5607] mprotect(0x7eff7cae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5607] clone(child_stack=0x7eff7cb013f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5608], tls=0x7eff7cb01700, child_tidptr=0x7eff7cb019d0) = 5608 [pid 5607] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5607] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5608 attached [pid 5608] set_robust_list(0x7eff7cb019e0, 24) = 0 [pid 5608] memfd_create("syzkaller", 0) = 3 [pid 5608] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff746e1000 [pid 5608] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5608] munmap(0x7eff746e1000, 16777216) = 0 [pid 5608] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5608] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5608] close(3) = 0 [pid 5608] mkdir("./file0", 0777) = 0 [pid 5608] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5608] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5608] chdir("./file0") = 0 [pid 5608] ioctl(4, LOOP_CLR_FD) = 0 [pid 5608] close(4) = 0 [pid 5608] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5607] <... futex resumed>) = 0 [pid 5607] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5607] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5608] <... futex resumed>) = 1 [pid 5608] open("./file0", O_RDONLY) = 4 [pid 5608] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5607] <... futex resumed>) = 0 [pid 5607] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5607] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5608] <... futex resumed>) = 1 [pid 5608] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [ 68.731315][ T5608] loop0: detected capacity change from 0 to 32768 [ 68.744042][ T5608] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 68.753366][ T5608] BTRFS info (device loop0): force clearing of disk cache [ 68.760600][ T5608] BTRFS info (device loop0): setting nodatasum [ 68.766794][ T5608] BTRFS info (device loop0): allowing degraded mounts [pid 5608] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5607] <... futex resumed>) = 0 [pid 5608] <... futex resumed>) = 1 [pid 5607] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5607] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5608] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5608] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5607] <... futex resumed>) = 0 [pid 5607] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5607] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5608] <... futex resumed>) = 1 [pid 5608] creat("./bus", 000) = 6 [pid 5608] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5607] <... futex resumed>) = 0 [pid 5607] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5607] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5608] ftruncate(6, 2048) = 0 [pid 5608] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5607] <... futex resumed>) = 0 [pid 5607] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5607] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5608] open("./bus", O_RDONLY) = 7 [pid 5608] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5607] <... futex resumed>) = 0 [pid 5607] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5607] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5608] sendfile(6, 7, NULL, 65536) = 2048 [pid 5608] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5607] <... futex resumed>) = 0 [pid 5607] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5607] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5608] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 5608] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5607] <... futex resumed>) = 0 [pid 5607] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5607] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5608] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5608] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5607] <... futex resumed>) = 0 [pid 5607] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5607] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5608] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 5608] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5607] <... futex resumed>) = 0 [pid 5607] exit_group(0 [pid 5608] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5607] <... exit_group resumed>) = ? [pid 5608] <... futex resumed>) = ? [pid 5608] +++ exited with 0 +++ [pid 5607] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5607, si_uid=0, si_status=0, si_utime=0, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556554620 /* 4 entries */, 32768) = 112 umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./25/binderfs") = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555655c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555655c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file0") = 0 getdents64(3, 0x555556554620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555565535d0) = 5627 ./strace-static-x86_64: Process 5627 attached [pid 5627] set_robust_list(0x5555565535e0, 24) = 0 [pid 5627] chdir("./26") = 0 [pid 5627] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5627] setpgid(0, 0) = 0 [pid 5627] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5627] write(3, "1000", 4) = 4 [pid 5627] close(3) = 0 [pid 5627] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5627] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5627] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7eff7cae1000 [pid 5627] mprotect(0x7eff7cae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5627] clone(child_stack=0x7eff7cb013f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5628 attached [pid 5628] set_robust_list(0x7eff7cb019e0, 24) = 0 [pid 5628] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5627] <... clone resumed>, parent_tid=[5628], tls=0x7eff7cb01700, child_tidptr=0x7eff7cb019d0) = 5628 [pid 5627] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5628] <... futex resumed>) = 0 [pid 5627] <... futex resumed>) = 1 [pid 5628] memfd_create("syzkaller", 0 [pid 5627] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5628] <... memfd_create resumed>) = 3 [pid 5628] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff746e1000 [pid 5628] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5628] munmap(0x7eff746e1000, 16777216) = 0 [pid 5628] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5628] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5628] close(3) = 0 [pid 5628] mkdir("./file0", 0777) = 0 [pid 5628] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5628] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5628] chdir("./file0") = 0 [pid 5628] ioctl(4, LOOP_CLR_FD) = 0 [pid 5628] close(4) = 0 [pid 5628] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5627] <... futex resumed>) = 0 [pid 5627] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5627] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5628] <... futex resumed>) = 1 [pid 5628] open("./file0", O_RDONLY) = 4 [pid 5628] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5627] <... futex resumed>) = 0 [pid 5627] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5627] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5628] <... futex resumed>) = 1 [ 69.221580][ T5628] loop0: detected capacity change from 0 to 32768 [pid 5628] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5628] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5627] <... futex resumed>) = 0 [pid 5627] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5627] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5628] <... futex resumed>) = 1 [pid 5628] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5628] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5627] <... futex resumed>) = 0 [pid 5627] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5627] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5628] <... futex resumed>) = 1 [pid 5628] creat("./bus", 000) = 6 [pid 5628] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5627] <... futex resumed>) = 0 [pid 5627] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5627] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5628] <... futex resumed>) = 1 [pid 5628] ftruncate(6, 2048) = 0 [pid 5628] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5627] <... futex resumed>) = 0 [pid 5628] <... futex resumed>) = 1 [pid 5627] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5628] open("./bus", O_RDONLY [pid 5627] <... futex resumed>) = 0 [pid 5628] <... open resumed>) = 7 [pid 5627] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5628] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5627] <... futex resumed>) = 0 [pid 5628] sendfile(6, 7, NULL, 65536 [pid 5627] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5628] <... sendfile resumed>) = 2048 [pid 5627] <... futex resumed>) = 0 [pid 5628] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5627] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5628] <... futex resumed>) = 0 [pid 5627] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5628] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 5627] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5628] <... openat resumed>) = 8 [pid 5627] <... futex resumed>) = 0 [pid 5628] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5627] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5628] <... futex resumed>) = 0 [pid 5627] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5628] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5627] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5627] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5628] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5628] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5627] <... futex resumed>) = 0 [pid 5627] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5627] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5628] <... futex resumed>) = 1 [pid 5628] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 5628] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5627] <... futex resumed>) = 0 [pid 5628] <... futex resumed>) = 1 [pid 5628] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5627] exit_group(0) = ? [pid 5628] <... futex resumed>) = ? [pid 5628] +++ exited with 0 +++ [pid 5627] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5627, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=17 /* 0.17 s */} --- umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556554620 /* 4 entries */, 32768) = 112 umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./26/binderfs") = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555655c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555655c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file0") = 0 getdents64(3, 0x555556554620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555565535d0) = 5647 ./strace-static-x86_64: Process 5647 attached [pid 5647] set_robust_list(0x5555565535e0, 24) = 0 [pid 5647] chdir("./27") = 0 [pid 5647] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5647] setpgid(0, 0) = 0 [pid 5647] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5647] write(3, "1000", 4) = 4 [pid 5647] close(3) = 0 [pid 5647] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5647] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5647] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7eff7cae1000 [pid 5647] mprotect(0x7eff7cae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5647] clone(child_stack=0x7eff7cb013f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5648 attached [pid 5648] set_robust_list(0x7eff7cb019e0, 24) = 0 [pid 5648] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5647] <... clone resumed>, parent_tid=[5648], tls=0x7eff7cb01700, child_tidptr=0x7eff7cb019d0) = 5648 [pid 5647] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5648] <... futex resumed>) = 0 [pid 5647] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5648] memfd_create("syzkaller", 0) = 3 [pid 5648] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff746e1000 [pid 5648] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5648] munmap(0x7eff746e1000, 16777216) = 0 [pid 5648] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5648] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5648] close(3) = 0 [pid 5648] mkdir("./file0", 0777) = 0 [pid 5648] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5648] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5648] chdir("./file0") = 0 [pid 5648] ioctl(4, LOOP_CLR_FD) = 0 [pid 5648] close(4) = 0 [pid 5648] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5647] <... futex resumed>) = 0 [pid 5647] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5647] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5648] open("./file0", O_RDONLY) = 4 [pid 5648] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5647] <... futex resumed>) = 0 [pid 5647] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5647] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5648] <... futex resumed>) = 1 [pid 5648] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5648] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5647] <... futex resumed>) = 0 [pid 5647] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5647] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5648] <... futex resumed>) = 1 [ 69.687738][ T5648] loop0: detected capacity change from 0 to 32768 [pid 5648] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5648] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5647] <... futex resumed>) = 0 [pid 5647] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5647] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5648] <... futex resumed>) = 1 [pid 5648] creat("./bus", 000) = 6 [pid 5648] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5647] <... futex resumed>) = 0 [pid 5647] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5647] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5648] <... futex resumed>) = 1 [pid 5648] ftruncate(6, 2048) = 0 [pid 5648] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5647] <... futex resumed>) = 0 [pid 5647] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5647] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5648] open("./bus", O_RDONLY) = 7 [pid 5648] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5647] <... futex resumed>) = 0 [pid 5647] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5647] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5648] sendfile(6, 7, NULL, 65536) = 2048 [pid 5648] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5647] <... futex resumed>) = 0 [pid 5647] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5647] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5648] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 5648] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5647] <... futex resumed>) = 0 [pid 5647] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5648] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5647] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5648] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5648] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5647] <... futex resumed>) = 0 [pid 5647] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5648] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 5647] <... futex resumed>) = 0 [pid 5647] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5648] <... ioctl resumed>) = 0 [pid 5648] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5647] <... futex resumed>) = 0 [pid 5647] exit_group(0) = ? [pid 5648] +++ exited with 0 +++ [pid 5647] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5647, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556554620 /* 4 entries */, 32768) = 112 umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./27/binderfs") = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555655c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555655c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file0") = 0 getdents64(3, 0x555556554620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555565535d0) = 5667 ./strace-static-x86_64: Process 5667 attached [pid 5667] set_robust_list(0x5555565535e0, 24) = 0 [pid 5667] chdir("./28") = 0 [pid 5667] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5667] setpgid(0, 0) = 0 [pid 5667] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5667] write(3, "1000", 4) = 4 [pid 5667] close(3) = 0 [pid 5667] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5667] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5667] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7eff7cae1000 [pid 5667] mprotect(0x7eff7cae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5667] clone(child_stack=0x7eff7cb013f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5668], tls=0x7eff7cb01700, child_tidptr=0x7eff7cb019d0) = 5668 [pid 5667] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5667] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5668 attached [pid 5668] set_robust_list(0x7eff7cb019e0, 24) = 0 [pid 5668] memfd_create("syzkaller", 0) = 3 [pid 5668] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff746e1000 [pid 5668] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5668] munmap(0x7eff746e1000, 16777216) = 0 [pid 5668] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5668] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5668] close(3) = 0 [pid 5668] mkdir("./file0", 0777) = 0 [pid 5668] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5668] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5668] chdir("./file0") = 0 [pid 5668] ioctl(4, LOOP_CLR_FD) = 0 [pid 5668] close(4) = 0 [pid 5668] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5667] <... futex resumed>) = 0 [pid 5667] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5667] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5668] open("./file0", O_RDONLY) = 4 [pid 5668] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5667] <... futex resumed>) = 0 [pid 5667] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5667] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5668] <... futex resumed>) = 1 [pid 5668] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5668] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5667] <... futex resumed>) = 0 [pid 5667] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5667] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5668] <... futex resumed>) = 1 [ 70.122961][ T5668] loop0: detected capacity change from 0 to 32768 [pid 5668] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5668] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5667] <... futex resumed>) = 0 [pid 5667] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5667] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5668] <... futex resumed>) = 1 [pid 5668] creat("./bus", 000) = 6 [pid 5668] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5667] <... futex resumed>) = 0 [pid 5667] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5667] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5668] <... futex resumed>) = 1 [pid 5668] ftruncate(6, 2048) = 0 [pid 5668] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5667] <... futex resumed>) = 0 [pid 5667] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5667] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5668] <... futex resumed>) = 1 [pid 5668] open("./bus", O_RDONLY) = 7 [pid 5668] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5667] <... futex resumed>) = 0 [pid 5667] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5667] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5668] <... futex resumed>) = 1 [pid 5668] sendfile(6, 7, NULL, 65536) = 2048 [pid 5668] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5667] <... futex resumed>) = 0 [pid 5667] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5667] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5668] <... futex resumed>) = 1 [pid 5668] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 5668] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5667] <... futex resumed>) = 0 [pid 5667] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5667] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5668] <... futex resumed>) = 1 [pid 5668] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5667] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5668] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5668] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5668] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5667] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5668] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5668] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 5667] <... futex resumed>) = 0 [pid 5667] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5668] <... ioctl resumed>) = 0 [pid 5668] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5667] <... futex resumed>) = 0 [pid 5667] exit_group(0) = ? [pid 5668] <... futex resumed>) = ? [pid 5668] +++ exited with 0 +++ [pid 5667] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5667, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556554620 /* 4 entries */, 32768) = 112 umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./28/binderfs") = 0 [ 70.248001][ T5668] _btrfs_printk: 59 callbacks suppressed [ 70.248019][ T5668] BTRFS info (device loop0): balance: ended with status: 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555655c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555655c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file0") = 0 getdents64(3, 0x555556554620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555565535d0) = 5687 ./strace-static-x86_64: Process 5687 attached [pid 5687] set_robust_list(0x5555565535e0, 24) = 0 [pid 5687] chdir("./29") = 0 [pid 5687] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5687] setpgid(0, 0) = 0 [pid 5687] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5687] write(3, "1000", 4) = 4 [pid 5687] close(3) = 0 [pid 5687] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5687] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5687] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7eff7cae1000 [pid 5687] mprotect(0x7eff7cae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5687] clone(child_stack=0x7eff7cb013f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5688 attached , parent_tid=[5688], tls=0x7eff7cb01700, child_tidptr=0x7eff7cb019d0) = 5688 [pid 5688] set_robust_list(0x7eff7cb019e0, 24) = 0 [pid 5688] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5687] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5688] <... futex resumed>) = 0 [pid 5687] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5688] memfd_create("syzkaller", 0) = 3 [pid 5688] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff746e1000 [pid 5688] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5688] munmap(0x7eff746e1000, 16777216) = 0 [pid 5688] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5688] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5688] close(3) = 0 [pid 5688] mkdir("./file0", 0777) = 0 [ 70.566559][ T5688] loop0: detected capacity change from 0 to 32768 [ 70.581353][ T5688] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 70.590888][ T5688] BTRFS info (device loop0): force clearing of disk cache [ 70.598395][ T5688] BTRFS info (device loop0): setting nodatasum [ 70.604589][ T5688] BTRFS info (device loop0): allowing degraded mounts [ 70.611774][ T5688] BTRFS info (device loop0): enabling disk space caching [ 70.618907][ T5688] BTRFS info (device loop0): disk space caching is enabled [ 70.637540][ T5688] BTRFS info (device loop0): enabling ssd optimizations [ 70.644694][ T5688] BTRFS info (device loop0): auto enabling async discard [ 70.652646][ T5688] BTRFS info (device loop0): clearing free space tree [pid 5688] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5688] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5688] chdir("./file0") = 0 [pid 5688] ioctl(4, LOOP_CLR_FD) = 0 [ 70.659571][ T5688] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 70.669438][ T5688] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 70.700056][ T5688] BTRFS info (device loop0): checking UUID tree [pid 5688] close(4) = 0 [pid 5688] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5687] <... futex resumed>) = 0 [pid 5688] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5687] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5688] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5687] <... futex resumed>) = 0 [pid 5688] open("./file0", O_RDONLY [pid 5687] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5688] <... open resumed>) = 4 [pid 5688] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5687] <... futex resumed>) = 0 [pid 5688] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5687] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5688] <... open resumed>) = 5 [pid 5687] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5688] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5687] <... futex resumed>) = 0 [pid 5688] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5687] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5687] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5688] <... ioctl resumed>) = 0 [pid 5688] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5687] <... futex resumed>) = 0 [pid 5688] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5687] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5688] <... futex resumed>) = 0 [pid 5688] creat("./bus", 000 [pid 5687] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5688] <... creat resumed>) = 6 [pid 5688] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5687] <... futex resumed>) = 0 [pid 5688] ftruncate(6, 2048 [pid 5687] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5688] <... ftruncate resumed>) = 0 [pid 5687] <... futex resumed>) = 0 [pid 5687] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5688] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5687] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5688] open("./bus", O_RDONLY [pid 5687] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5688] <... open resumed>) = 7 [pid 5687] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5688] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5687] <... futex resumed>) = 0 [pid 5687] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5687] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5688] sendfile(6, 7, NULL, 65536) = 2048 [pid 5688] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5687] <... futex resumed>) = 0 [pid 5687] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5687] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5688] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 5688] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5687] <... futex resumed>) = 0 [pid 5688] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5687] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5688] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5687] <... futex resumed>) = 0 [pid 5688] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5687] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5687] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5687] futex(0x7eff7cbe07fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5687] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7eff756c0000 [pid 5687] mprotect(0x7eff756c1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5687] clone(child_stack=0x7eff756e03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5707], tls=0x7eff756e0700, child_tidptr=0x7eff756e09d0) = 5707 [pid 5687] futex(0x7eff7cbe07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 70.788035][ T41] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 70.818591][ T5688] BTRFS info (device loop0): balance: start -s [ 70.826323][ T5688] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5687] futex(0x7eff7cbe07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5707 attached [pid 5707] set_robust_list(0x7eff756e09e0, 24) = 0 [pid 5707] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 5687] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5707] <... ioctl resumed>) = 0 [pid 5707] futex(0x7eff7cbe07fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5707] futex(0x7eff7cbe07f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5688] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5688] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5688] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5687] exit_group(0) = ? [pid 5707] <... futex resumed>) = ? [pid 5688] <... futex resumed>) = ? [ 70.873412][ T5688] BTRFS info (device loop0): balance: ended with status: 0 [pid 5707] +++ exited with 0 +++ [pid 5688] +++ exited with 0 +++ [pid 5687] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5687, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=27 /* 0.27 s */} --- umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556554620 /* 4 entries */, 32768) = 112 umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./29/binderfs") = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555655c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555655c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file0") = 0 getdents64(3, 0x555556554620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555565535d0) = 5708 ./strace-static-x86_64: Process 5708 attached [pid 5708] set_robust_list(0x5555565535e0, 24) = 0 [pid 5708] chdir("./30") = 0 [pid 5708] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5708] setpgid(0, 0) = 0 [pid 5708] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5708] write(3, "1000", 4) = 4 [pid 5708] close(3) = 0 [pid 5708] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5708] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5708] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7eff7cae1000 [pid 5708] mprotect(0x7eff7cae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5708] clone(child_stack=0x7eff7cb013f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5709], tls=0x7eff7cb01700, child_tidptr=0x7eff7cb019d0) = 5709 [pid 5708] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5708] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5709 attached [pid 5709] set_robust_list(0x7eff7cb019e0, 24) = 0 [pid 5709] memfd_create("syzkaller", 0) = 3 [pid 5709] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff746e1000 [pid 5709] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5709] munmap(0x7eff746e1000, 16777216) = 0 [pid 5709] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5709] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5709] close(3) = 0 [pid 5709] mkdir("./file0", 0777) = 0 [ 71.336894][ T5709] loop0: detected capacity change from 0 to 32768 [ 71.350616][ T5709] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 71.359931][ T5709] BTRFS info (device loop0): force clearing of disk cache [ 71.367051][ T5709] BTRFS info (device loop0): setting nodatasum [ 71.373301][ T5709] BTRFS info (device loop0): allowing degraded mounts [ 71.380166][ T5709] BTRFS info (device loop0): enabling disk space caching [ 71.387259][ T5709] BTRFS info (device loop0): disk space caching is enabled [ 71.407390][ T5709] BTRFS info (device loop0): enabling ssd optimizations [ 71.414619][ T5709] BTRFS info (device loop0): auto enabling async discard [ 71.422838][ T5709] BTRFS info (device loop0): clearing free space tree [pid 5709] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5709] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5709] chdir("./file0") = 0 [pid 5709] ioctl(4, LOOP_CLR_FD) = 0 [pid 5709] close(4) = 0 [pid 5709] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5708] <... futex resumed>) = 0 [pid 5709] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5708] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5709] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5708] <... futex resumed>) = 0 [pid 5709] open("./file0", O_RDONLY) = 4 [pid 5709] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5708] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5709] <... futex resumed>) = 0 [pid 5708] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5709] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5708] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5709] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5708] <... futex resumed>) = 0 [ 71.429842][ T5709] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 71.439626][ T5709] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 71.452753][ T5709] BTRFS info (device loop0): checking UUID tree [pid 5708] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5709] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5709] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5708] <... futex resumed>) = 0 [pid 5709] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5708] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5708] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5709] <... ioctl resumed>) = 0 [pid 5709] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5708] <... futex resumed>) = 0 [pid 5708] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5708] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5709] creat("./bus", 000) = 6 [pid 5709] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5708] <... futex resumed>) = 0 [pid 5708] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5708] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5709] ftruncate(6, 2048) = 0 [ 71.482477][ T27] kauditd_printk_skb: 10 callbacks suppressed [ 71.482491][ T27] audit: type=1800 audit(1672288934.661:62): pid=5709 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor414" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5709] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5708] <... futex resumed>) = 0 [pid 5709] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5708] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5709] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5708] <... futex resumed>) = 0 [pid 5709] open("./bus", O_RDONLY [pid 5708] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5709] <... open resumed>) = 7 [pid 5709] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5708] <... futex resumed>) = 0 [pid 5709] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5708] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5709] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5708] <... futex resumed>) = 0 [pid 5709] sendfile(6, 7, NULL, 65536 [pid 5708] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5709] <... sendfile resumed>) = 2048 [pid 5709] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5708] <... futex resumed>) = 0 [pid 5709] futex(0x7eff7cbe07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5708] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5709] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5708] <... futex resumed>) = 0 [pid 5709] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 5708] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5709] <... openat resumed>) = 8 [pid 5709] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5708] <... futex resumed>) = 0 [pid 5709] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5708] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 71.542131][ T74] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 71.559868][ T27] audit: type=1804 audit(1672288934.731:63): pid=5709 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor414" name="/root/syzkaller.fqkFZA/30/file0/bus" dev="loop0" ino=263 res=1 errno=0 [pid 5708] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5709] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5709] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5708] <... futex resumed>) = 0 [pid 5708] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5708] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5709] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 5709] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5708] <... futex resumed>) = 0 [pid 5708] exit_group(0) = ? [pid 5709] +++ exited with 0 +++ [pid 5708] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5708, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=31 /* 0.31 s */} --- umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556554620 /* 4 entries */, 32768) = 112 umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./30/binderfs") = 0 [ 71.591235][ T5709] BTRFS info (device loop0): balance: start -s [ 71.599245][ T5709] BTRFS info (device loop0): relocating block group 1048576 flags system [ 71.621306][ T5709] BTRFS info (device loop0): balance: ended with status: 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555655c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555655c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file0") = 0 getdents64(3, 0x555556554620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555565535d0) = 5728 ./strace-static-x86_64: Process 5728 attached [pid 5728] set_robust_list(0x5555565535e0, 24) = 0 [pid 5728] chdir("./31") = 0 [pid 5728] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5728] setpgid(0, 0) = 0 [pid 5728] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5728] write(3, "1000", 4) = 4 [pid 5728] close(3) = 0 [pid 5728] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5728] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5728] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7eff7cae1000 [pid 5728] mprotect(0x7eff7cae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5728] clone(child_stack=0x7eff7cb013f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5729], tls=0x7eff7cb01700, child_tidptr=0x7eff7cb019d0) = 5729 [pid 5728] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5728] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5729 attached [pid 5729] set_robust_list(0x7eff7cb019e0, 24) = 0 [pid 5729] memfd_create("syzkaller", 0) = 3 [pid 5729] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff746e1000 [pid 5729] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5729] munmap(0x7eff746e1000, 16777216) = 0 [pid 5729] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5729] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5729] close(3) = 0 [pid 5729] mkdir("./file0", 0777) = 0 [ 71.909822][ T5729] loop0: detected capacity change from 0 to 32768 [ 71.924317][ T5729] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 71.934170][ T5729] BTRFS info (device loop0): force clearing of disk cache [ 71.941396][ T5729] BTRFS info (device loop0): setting nodatasum [ 71.947580][ T5729] BTRFS info (device loop0): allowing degraded mounts [ 71.954417][ T5729] BTRFS info (device loop0): enabling disk space caching [ 71.961522][ T5729] BTRFS info (device loop0): disk space caching is enabled [ 71.980608][ T5729] BTRFS info (device loop0): enabling ssd optimizations [ 71.987701][ T5729] BTRFS info (device loop0): auto enabling async discard [ 71.995924][ T5729] BTRFS info (device loop0): clearing free space tree [pid 5729] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5729] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5729] chdir("./file0") = 0 [pid 5729] ioctl(4, LOOP_CLR_FD) = 0 [pid 5729] close(4) = 0 [pid 5729] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5728] <... futex resumed>) = 0 [pid 5728] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5728] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5729] open("./file0", O_RDONLY) = 4 [pid 5729] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5728] <... futex resumed>) = 0 [pid 5728] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5728] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 72.002824][ T5729] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 72.012558][ T5729] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 72.025862][ T5729] BTRFS info (device loop0): checking UUID tree [pid 5729] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5729] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5728] <... futex resumed>) = 0 [pid 5728] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5728] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5729] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5729] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5728] <... futex resumed>) = 0 [pid 5728] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5728] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5729] creat("./bus", 000) = 6 [pid 5729] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5728] <... futex resumed>) = 0 [pid 5728] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5728] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5729] ftruncate(6, 2048) = 0 [pid 5729] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5728] <... futex resumed>) = 0 [pid 5728] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5728] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 72.058320][ T27] audit: type=1800 audit(1672288935.241:64): pid=5729 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor414" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5729] open("./bus", O_RDONLY) = 7 [pid 5729] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5728] <... futex resumed>) = 0 [pid 5728] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5728] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5729] sendfile(6, 7, NULL, 65536) = 2048 [pid 5729] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5728] <... futex resumed>) = 0 [pid 5728] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5728] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5729] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 5729] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5728] <... futex resumed>) = 0 [pid 5728] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5728] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 72.103132][ T74] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 72.112501][ T27] audit: type=1804 audit(1672288935.281:65): pid=5729 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor414" name="/root/syzkaller.fqkFZA/31/file0/bus" dev="loop0" ino=263 res=1 errno=0 [pid 5729] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5728] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5728] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5728] futex(0x7eff7cbe07fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5728] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7eff756c0000 [pid 5728] mprotect(0x7eff756c1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5728] clone(child_stack=0x7eff756e03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5748], tls=0x7eff756e0700, child_tidptr=0x7eff756e09d0) = 5748 [pid 5728] futex(0x7eff7cbe07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5728] futex(0x7eff7cbe07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5748 attached [pid 5748] set_robust_list(0x7eff756e09e0, 24) = 0 [ 72.148274][ T5729] BTRFS info (device loop0): balance: start -s [ 72.155369][ T5729] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5748] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 5748] futex(0x7eff7cbe07fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5728] <... futex resumed>) = 0 [pid 5748] futex(0x7eff7cbe07f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5729] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5729] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5728] exit_group(0) = ? [pid 5748] <... futex resumed>) = ? [pid 5748] +++ exited with 0 +++ [pid 5729] +++ exited with 0 +++ [pid 5728] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5728, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=25 /* 0.25 s */} --- umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556554620 /* 4 entries */, 32768) = 112 umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./31/binderfs") = 0 [ 72.241285][ T5729] BTRFS info (device loop0): balance: ended with status: 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555655c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555655c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file0") = 0 getdents64(3, 0x555556554620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555565535d0) = 5749 ./strace-static-x86_64: Process 5749 attached [pid 5749] set_robust_list(0x5555565535e0, 24) = 0 [pid 5749] chdir("./32") = 0 [pid 5749] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5749] setpgid(0, 0) = 0 [pid 5749] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5749] write(3, "1000", 4) = 4 [pid 5749] close(3) = 0 [pid 5749] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5749] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5749] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7eff7cae1000 [pid 5749] mprotect(0x7eff7cae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5749] clone(child_stack=0x7eff7cb013f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5750 attached , parent_tid=[5750], tls=0x7eff7cb01700, child_tidptr=0x7eff7cb019d0) = 5750 [pid 5749] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5749] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5750] set_robust_list(0x7eff7cb019e0, 24) = 0 [pid 5750] memfd_create("syzkaller", 0) = 3 [pid 5750] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff746e1000 [pid 5750] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5750] munmap(0x7eff746e1000, 16777216) = 0 [pid 5750] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5750] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5750] close(3) = 0 [pid 5750] mkdir("./file0", 0777) = 0 [ 72.521516][ T5750] loop0: detected capacity change from 0 to 32768 [ 72.535012][ T5750] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 72.544400][ T5750] BTRFS info (device loop0): force clearing of disk cache [ 72.551652][ T5750] BTRFS info (device loop0): setting nodatasum [ 72.557868][ T5750] BTRFS info (device loop0): allowing degraded mounts [ 72.564753][ T5750] BTRFS info (device loop0): enabling disk space caching [ 72.571829][ T5750] BTRFS info (device loop0): disk space caching is enabled [ 72.590979][ T5750] BTRFS info (device loop0): enabling ssd optimizations [ 72.598151][ T5750] BTRFS info (device loop0): auto enabling async discard [ 72.606071][ T5750] BTRFS info (device loop0): clearing free space tree [pid 5750] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5750] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5750] chdir("./file0") = 0 [pid 5750] ioctl(4, LOOP_CLR_FD) = 0 [pid 5750] close(4) = 0 [pid 5750] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5749] <... futex resumed>) = 0 [pid 5749] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5749] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5750] <... futex resumed>) = 1 [pid 5750] open("./file0", O_RDONLY) = 4 [pid 5750] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5749] <... futex resumed>) = 0 [pid 5749] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5749] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5750] <... futex resumed>) = 1 [pid 5750] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [ 72.613131][ T5750] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 72.622866][ T5750] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 72.637385][ T5750] BTRFS info (device loop0): checking UUID tree [pid 5750] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5749] <... futex resumed>) = 0 [pid 5749] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5749] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5750] <... futex resumed>) = 1 [pid 5750] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5750] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5749] <... futex resumed>) = 0 [pid 5750] creat("./bus", 000 [pid 5749] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5750] <... creat resumed>) = 6 [pid 5749] <... futex resumed>) = 0 [pid 5749] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5750] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5749] <... futex resumed>) = 0 [pid 5749] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5749] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5750] ftruncate(6, 2048) = 0 [pid 5750] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5749] <... futex resumed>) = 0 [pid 5750] <... futex resumed>) = 1 [pid 5749] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5750] open("./bus", O_RDONLY [pid 5749] <... futex resumed>) = 0 [pid 5750] <... open resumed>) = 7 [pid 5749] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5750] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5749] <... futex resumed>) = 0 [pid 5750] sendfile(6, 7, NULL, 65536 [pid 5749] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5750] <... sendfile resumed>) = 2048 [pid 5749] <... futex resumed>) = 0 [pid 5750] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5749] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5750] <... futex resumed>) = 0 [pid 5749] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5750] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 5749] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5750] <... openat resumed>) = 8 [pid 5749] <... futex resumed>) = 0 [pid 5749] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5750] futex(0x7eff7cbe07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5749] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5750] <... futex resumed>) = 0 [pid 5749] futex(0x7eff7cbe07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5750] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5749] <... futex resumed>) = 0 [ 72.669154][ T27] audit: type=1800 audit(1672288935.851:66): pid=5750 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor414" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5749] futex(0x7eff7cbe07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5749] futex(0x7eff7cbe07fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5749] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7eff756c0000 [pid 5749] mprotect(0x7eff756c1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5749] clone(child_stack=0x7eff756e03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5769], tls=0x7eff756e0700, child_tidptr=0x7eff756e09d0) = 5769 [pid 5749] futex(0x7eff7cbe07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5749] futex(0x7eff7cbe07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5769 attached [pid 5769] set_robust_list(0x7eff756e09e0, 24) = 0 [ 72.704639][ T27] audit: type=1804 audit(1672288935.881:67): pid=5750 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor414" name="/root/syzkaller.fqkFZA/32/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 72.730672][ T41] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 72.741834][ T5750] BTRFS info (device loop0): balance: start -s [ 72.751195][ T5750] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5769] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 5749] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5749] futex(0x7eff7cbe07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [ 72.781950][ T5750] ------------[ cut here ]------------ [ 72.787871][ T5750] WARNING: CPU: 0 PID: 5750 at fs/btrfs/extent-tree.c:872 lookup_inline_extent_backref+0xd28/0x10e0 [ 72.809001][ T5750] Modules linked in: [ 72.812944][ T5750] CPU: 0 PID: 5750 Comm: syz-executor414 Not tainted 6.2.0-rc1-syzkaller #0 [ 72.822107][ T5750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 72.832508][ T5750] RIP: 0010:lookup_inline_extent_backref+0xd28/0x10e0 [ 72.839512][ T5750] Code: f9 ff ff e8 fa fd 21 fe 8b b4 24 40 01 00 00 31 ff e8 9c fa 21 fe 8b b4 24 40 01 00 00 85 f6 0f 84 10 02 00 00 e8 d8 fd 21 fe <0f> 0b 41 bd fb ff ff ff e8 cb fd 21 fe 48 8b 44 24 18 48 8d 78 6a [ 72.859357][ T5750] RSP: 0018:ffffc9000a9bee08 EFLAGS: 00010293 [ 72.865549][ T5750] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 72.874010][ T5750] RDX: ffff88801c23d7c0 RSI: ffffffff835f5468 RDI: 0000000000000005 [ 72.882161][ T5750] RBP: ffffc9000a9bee98 R08: 0000000000000005 R09: 0000000000000000 [ 72.890373][ T5750] R10: 0000000000000001 R11: 0000000000000000 R12: ffff88801dc4adc0 [ 72.900509][ T5750] R13: 0000000000000001 R14: 0000000000001000 R15: ffff8880767c3150 [ 72.908782][ T5750] FS: 00007eff7cb01700(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 72.917744][ T5750] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 72.924426][ T5750] CR2: 000055a00746a960 CR3: 0000000028e2d000 CR4: 0000000000350ef0 [pid 5749] exit_group(0) = ? [ 72.932460][ T5750] Call Trace: [ 72.935745][ T5750] [ 72.938752][ T5750] ? hash_extent_data_ref+0xf0/0xf0 [ 72.943989][ T5750] ? find_held_lock+0x2d/0x110 [ 72.948848][ T5750] insert_inline_extent_backref+0xb3/0x1b0 [ 72.954714][ T5750] ? lookup_inline_extent_backref+0x10e0/0x10e0 [ 72.961461][ T5750] ? rcu_read_lock_sched_held+0x3e/0x70 [ 72.967174][ T5750] __btrfs_inc_extent_ref.isra.0+0xdb/0x3e0 [ 72.973188][ T5750] ? insert_extent_data_ref+0x7b0/0x7b0 [ 72.979266][ T5750] ? lock_downgrade+0x6e0/0x6e0 [ 72.984397][ T5750] ? _raw_read_unlock+0x28/0x40 [ 72.989322][ T5750] ? btrfs_tree_mod_log_lowest_seq+0x86/0xb0 [ 72.995389][ T5750] __btrfs_run_delayed_refs+0x2017/0x3760 [ 73.001256][ T5750] ? check_ref_cleanup+0x3e0/0x3e0 [ 73.006442][ T5750] ? __mutex_unlock_slowpath+0x157/0x5e0 [ 73.012174][ T5750] ? wait_for_completion_io_timeout+0x20/0x20 [ 73.018373][ T5750] btrfs_run_delayed_refs+0x19a/0x490 [ 73.023817][ T5750] create_pending_snapshot+0x11ce/0x2110 [ 73.029642][ T5750] ? btrfs_write_and_wait_transaction+0x280/0x280 [ 73.036106][ T5750] ? rcu_read_lock_sched_held+0x3e/0x70 [ 73.041728][ T5750] ? trace_contention_end+0x153/0x1e0 [ 73.047241][ T5750] ? __mutex_lock+0x231/0x1360 [ 73.052182][ T5750] ? btrfs_commit_transaction+0xa9e/0x36c0 [ 73.058071][ T5750] ? lock_release+0x810/0x810 [ 73.062763][ T5750] ? btrfs_commit_transaction+0x7ba/0x36c0 [ 73.068650][ T5750] create_pending_snapshots+0x174/0x2c0 [ 73.074233][ T5750] btrfs_commit_transaction+0xaa6/0x36c0 [ 73.079941][ T5750] ? do_raw_spin_lock+0x124/0x2b0 [ 73.085039][ T5750] ? join_transaction+0x43e/0x10e0 [ 73.090273][ T5750] ? btrfs_commit_transaction_async+0x3f0/0x3f0 [ 73.096648][ T5750] ? start_transaction+0x2aa/0x1410 [ 73.101973][ T5750] prepare_to_relocate+0x41d/0x6b0 [ 73.107167][ T5750] relocate_block_group+0x123/0xd60 [ 73.112543][ T5750] ? btrfs_relocate_block_group+0x512/0xda0 [ 73.118533][ T5750] ? mutex_lock_io_nested+0x11a0/0x11a0 [ 73.124120][ T5750] ? relocate_data_extent+0x4b0/0x4b0 [ 73.129584][ T5750] ? btrfs_wait_ordered_extents+0xe20/0xe20 [ 73.135532][ T5750] btrfs_relocate_block_group+0x51a/0xda0 [ 73.141344][ T5750] btrfs_relocate_chunk+0x14a/0x350 [ 73.146588][ T5750] btrfs_balance+0x1caf/0x3b50 [ 73.151449][ T5750] ? find_held_lock+0x2d/0x110 [ 73.156291][ T5750] ? btrfs_relocate_chunk+0x350/0x350 [ 73.161883][ T5750] btrfs_ioctl+0xfda/0x5830 [ 73.166423][ T5750] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 73.172336][ T5750] ? btrfs_ioctl_get_supported_features+0x50/0x50 [ 73.178941][ T5750] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 73.184896][ T5750] ? do_vfs_ioctl+0x132/0x15b0 [ 73.189744][ T5750] ? vfs_fileattr_set+0xbe0/0xbe0 [ 73.194809][ T5750] ? find_held_lock+0x2d/0x110 [ 73.199657][ T5750] ? do_one_initcall+0x372/0x790 [ 73.204638][ T5750] ? __fget_files+0x26a/0x440 [ 73.209397][ T5750] ? bpf_lsm_file_ioctl+0x9/0x10 [ 73.214372][ T5750] ? btrfs_ioctl_get_supported_features+0x50/0x50 [ 73.220916][ T5750] __x64_sys_ioctl+0x197/0x210 [ 73.225745][ T5750] do_syscall_64+0x39/0xb0 [ 73.230277][ T5750] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 73.236213][ T5750] RIP: 0033:0x7eff7cb55a69 [ 73.240724][ T5750] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 73.260400][ T5750] RSP: 002b:00007eff7cb012f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 73.268878][ T5750] RAX: ffffffffffffffda RBX: 00007eff7cbe07e0 RCX: 00007eff7cb55a69 [ 73.276891][ T5750] RDX: 0000000020000480 RSI: 00000000c4009420 RDI: 0000000000000008 [ 73.284955][ T5750] RBP: 00007eff7cbad26c R08: 0000000000000000 R09: 0000000000000000 [ 73.293002][ T5750] R10: 0000000000000000 R11: 0000000000000246 R12: 8000000000000000 [ 73.301031][ T5750] R13: 00007eff7cbac270 R14: 0000000100000000 R15: 00007eff7cbe07e8 [ 73.309073][ T5750] [ 73.312095][ T5750] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 73.319376][ T5750] CPU: 0 PID: 5750 Comm: syz-executor414 Not tainted 6.2.0-rc1-syzkaller #0 [ 73.328056][ T5750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 73.338130][ T5750] Call Trace: [ 73.341413][ T5750] [ 73.344341][ T5750] dump_stack_lvl+0xd1/0x138 [ 73.348938][ T5750] panic+0x2cc/0x626 [ 73.352838][ T5750] ? panic_print_sys_info.part.0+0x110/0x110 [ 73.358836][ T5750] ? lookup_inline_extent_backref+0xd28/0x10e0 [ 73.365083][ T5750] check_panic_on_warn.cold+0x19/0x35 [ 73.370463][ T5750] __warn+0xf2/0x1a0 [ 73.374361][ T5750] ? lookup_inline_extent_backref+0xd28/0x10e0 [ 73.380518][ T5750] report_bug+0x1c0/0x210 [ 73.384854][ T5750] handle_bug+0x3c/0x70 [ 73.389015][ T5750] exc_invalid_op+0x18/0x50 [ 73.393519][ T5750] asm_exc_invalid_op+0x1a/0x20 [ 73.398370][ T5750] RIP: 0010:lookup_inline_extent_backref+0xd28/0x10e0 [ 73.405136][ T5750] Code: f9 ff ff e8 fa fd 21 fe 8b b4 24 40 01 00 00 31 ff e8 9c fa 21 fe 8b b4 24 40 01 00 00 85 f6 0f 84 10 02 00 00 e8 d8 fd 21 fe <0f> 0b 41 bd fb ff ff ff e8 cb fd 21 fe 48 8b 44 24 18 48 8d 78 6a [ 73.424751][ T5750] RSP: 0018:ffffc9000a9bee08 EFLAGS: 00010293 [ 73.431376][ T5750] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 73.439441][ T5750] RDX: ffff88801c23d7c0 RSI: ffffffff835f5468 RDI: 0000000000000005 [ 73.447410][ T5750] RBP: ffffc9000a9bee98 R08: 0000000000000005 R09: 0000000000000000 [ 73.455388][ T5750] R10: 0000000000000001 R11: 0000000000000000 R12: ffff88801dc4adc0 [ 73.463540][ T5750] R13: 0000000000000001 R14: 0000000000001000 R15: ffff8880767c3150 [ 73.471528][ T5750] ? lookup_inline_extent_backref+0xd28/0x10e0 [ 73.477697][ T5750] ? lookup_inline_extent_backref+0xd28/0x10e0 [ 73.483875][ T5750] ? hash_extent_data_ref+0xf0/0xf0 [ 73.489325][ T5750] ? find_held_lock+0x2d/0x110 [ 73.494649][ T5750] insert_inline_extent_backref+0xb3/0x1b0 [ 73.500476][ T5750] ? lookup_inline_extent_backref+0x10e0/0x10e0 [ 73.506728][ T5750] ? rcu_read_lock_sched_held+0x3e/0x70 [ 73.512305][ T5750] __btrfs_inc_extent_ref.isra.0+0xdb/0x3e0 [ 73.518221][ T5750] ? insert_extent_data_ref+0x7b0/0x7b0 [ 73.523769][ T5750] ? lock_downgrade+0x6e0/0x6e0 [ 73.528617][ T5750] ? _raw_read_unlock+0x28/0x40 [ 73.533466][ T5750] ? btrfs_tree_mod_log_lowest_seq+0x86/0xb0 [ 73.539461][ T5750] __btrfs_run_delayed_refs+0x2017/0x3760 [ 73.545215][ T5750] ? check_ref_cleanup+0x3e0/0x3e0 [ 73.550332][ T5750] ? __mutex_unlock_slowpath+0x157/0x5e0 [ 73.556009][ T5750] ? wait_for_completion_io_timeout+0x20/0x20 [ 73.562108][ T5750] btrfs_run_delayed_refs+0x19a/0x490 [ 73.567494][ T5750] create_pending_snapshot+0x11ce/0x2110 [ 73.573168][ T5750] ? btrfs_write_and_wait_transaction+0x280/0x280 [ 73.579598][ T5750] ? rcu_read_lock_sched_held+0x3e/0x70 [ 73.585155][ T5750] ? trace_contention_end+0x153/0x1e0 [ 73.590536][ T5750] ? __mutex_lock+0x231/0x1360 [ 73.595313][ T5750] ? btrfs_commit_transaction+0xa9e/0x36c0 [ 73.601130][ T5750] ? lock_release+0x810/0x810 [ 73.605809][ T5750] ? btrfs_commit_transaction+0x7ba/0x36c0 [ 73.611628][ T5750] create_pending_snapshots+0x174/0x2c0 [ 73.617182][ T5750] btrfs_commit_transaction+0xaa6/0x36c0 [ 73.622838][ T5750] ? do_raw_spin_lock+0x124/0x2b0 [ 73.627903][ T5750] ? join_transaction+0x43e/0x10e0 [ 73.633031][ T5750] ? btrfs_commit_transaction_async+0x3f0/0x3f0 [ 73.639289][ T5750] ? start_transaction+0x2aa/0x1410 [ 73.644525][ T5750] prepare_to_relocate+0x41d/0x6b0 [ 73.649647][ T5750] relocate_block_group+0x123/0xd60 [ 73.654853][ T5750] ? btrfs_relocate_block_group+0x512/0xda0 [ 73.660759][ T5750] ? mutex_lock_io_nested+0x11a0/0x11a0 [ 73.666339][ T5750] ? relocate_data_extent+0x4b0/0x4b0 [ 73.671717][ T5750] ? btrfs_wait_ordered_extents+0xe20/0xe20 [ 73.677628][ T5750] btrfs_relocate_block_group+0x51a/0xda0 [ 73.683382][ T5750] btrfs_relocate_chunk+0x14a/0x350 [ 73.688604][ T5750] btrfs_balance+0x1caf/0x3b50 [ 73.693404][ T5750] ? find_held_lock+0x2d/0x110 [ 73.698216][ T5750] ? btrfs_relocate_chunk+0x350/0x350 [ 73.703608][ T5750] btrfs_ioctl+0xfda/0x5830 [ 73.708123][ T5750] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 73.713957][ T5750] ? btrfs_ioctl_get_supported_features+0x50/0x50 [ 73.720382][ T5750] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 73.726290][ T5750] ? do_vfs_ioctl+0x132/0x15b0 [ 73.731070][ T5750] ? vfs_fileattr_set+0xbe0/0xbe0 [ 73.736099][ T5750] ? find_held_lock+0x2d/0x110 [ 73.740874][ T5750] ? do_one_initcall+0x372/0x790 [ 73.745821][ T5750] ? __fget_files+0x26a/0x440 [ 73.750502][ T5750] ? bpf_lsm_file_ioctl+0x9/0x10 [ 73.755705][ T5750] ? btrfs_ioctl_get_supported_features+0x50/0x50 [ 73.762131][ T5750] __x64_sys_ioctl+0x197/0x210 [ 73.766897][ T5750] do_syscall_64+0x39/0xb0 [ 73.771318][ T5750] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 73.777213][ T5750] RIP: 0033:0x7eff7cb55a69 [ 73.781623][ T5750] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 73.801602][ T5750] RSP: 002b:00007eff7cb012f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 73.810013][ T5750] RAX: ffffffffffffffda RBX: 00007eff7cbe07e0 RCX: 00007eff7cb55a69 [ 73.817980][ T5750] RDX: 0000000020000480 RSI: 00000000c4009420 RDI: 0000000000000008 [ 73.825954][ T5750] RBP: 00007eff7cbad26c R08: 0000000000000000 R09: 0000000000000000 [ 73.833920][ T5750] R10: 0000000000000000 R11: 0000000000000246 R12: 8000000000000000 [ 73.841887][ T5750] R13: 00007eff7cbac270 R14: 0000000100000000 R15: 00007eff7cbe07e8 [ 73.849895][ T5750] [ 73.853294][ T5750] Kernel Offset: disabled [ 73.857725][ T5750] Rebooting in 86400 seconds..