./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2612704182 <...> DUID 00:04:e3:a1:4c:5b:a4:47:39:93:9a:5d:f6:69:14:97:a9:57 forked to background, child pid 4670 [ 34.556011][ T4671] 8021q: adding VLAN 0 to HW filter on device bond0 [ 34.566214][ T4671] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.110' (ECDSA) to the list of known hosts. execve("./syz-executor2612704182", ["./syz-executor2612704182"], 0x7ffd53a4b930 /* 10 vars */) = 0 brk(NULL) = 0x5555562ff000 brk(0x5555562ffc40) = 0x5555562ffc40 arch_prctl(ARCH_SET_FS, 0x5555562ff300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x5555562ff5d0) = 5001 set_robust_list(0x5555562ff5e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f0d9bc6f5b0, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f0d9bc6fc80}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f0d9bc6f650, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0d9bc6fc80}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2612704182", 4096) = 28 brk(0x555556320c40) = 0x555556320c40 brk(0x555556321000) = 0x555556321000 mprotect(0x7f0d9bd36000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 5001 mkdir("./syzkaller.8jkkFl", 0700) = 0 chmod("./syzkaller.8jkkFl", 0777) = 0 chdir("./syzkaller.8jkkFl") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555562ff5d0) = 5002 ./strace-static-x86_64: Process 5002 attached [pid 5002] set_robust_list(0x5555562ff5e0, 24) = 0 [pid 5002] chdir("./0") = 0 [pid 5002] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5002] setpgid(0, 0) = 0 [pid 5002] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5002] write(3, "1000", 4) = 4 [pid 5002] close(3) = 0 [pid 5002] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5002] futex(0x7f0d9bd3c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5002] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0d9bc3e000 [pid 5002] mprotect(0x7f0d9bc3f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5002] clone(child_stack=0x7f0d9bc5e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5003], tls=0x7f0d9bc5e700, child_tidptr=0x7f0d9bc5e9d0) = 5003 [pid 5002] futex(0x7f0d9bd3c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5002] futex(0x7f0d9bd3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5003 attached [pid 5003] set_robust_list(0x7f0d9bc5e9e0, 24) = 0 [pid 5003] memfd_create("syzkaller", 0) = 3 [pid 5003] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0d9383e000 syzkaller login: [ 62.145202][ T5003] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5003 'syz-executor261' [pid 5003] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5003] munmap(0x7f0d9383e000, 16777216) = 0 [pid 5003] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5003] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5003] close(3) = 0 [pid 5003] mkdir("./file0", 0777) = 0 [ 62.317516][ T5003] loop0: detected capacity change from 0 to 32768 [ 62.329623][ T5003] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor261 (5003) [ 62.350988][ T5003] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 62.359863][ T5003] BTRFS info (device loop0): turning on flush-on-commit [ 62.366931][ T5003] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 62.377974][ T5003] BTRFS info (device loop0): trying to use backup root at mount time [ 62.386345][ T5003] BTRFS info (device loop0): using free space tree [ 62.403280][ T41] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [pid 5003] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5003] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5003] chdir("./file0") = 0 [pid 5003] ioctl(4, LOOP_CLR_FD) = 0 [ 62.417061][ T5003] BTRFS warning (device loop0): couldn't read tree root [ 62.431554][ T5003] BTRFS info (device loop0): enabling ssd optimizations [ 62.441812][ T5003] BTRFS info (device loop0): rebuilding free space tree [pid 5003] close(4) = 0 [pid 5003] futex(0x7f0d9bd3c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5002] <... futex resumed>) = 0 [pid 5002] futex(0x7f0d9bd3c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5002] futex(0x7f0d9bd3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5003] <... futex resumed>) = 1 [pid 5003] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5003] futex(0x7f0d9bd3c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5002] <... futex resumed>) = 0 [pid 5002] futex(0x7f0d9bd3c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5002] futex(0x7f0d9bd3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5003] <... futex resumed>) = 1 [pid 5003] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0) = 0 [pid 5003] futex(0x7f0d9bd3c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5002] <... futex resumed>) = 0 [pid 5002] futex(0x7f0d9bd3c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5002] futex(0x7f0d9bd3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5003] <... futex resumed>) = 1 [ 62.475074][ T27] audit: type=1800 audit(1686290416.973:2): pid=5003 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor261" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5003] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5002] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5002] futex(0x7f0d9bd3c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5002] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0d9481d000 [pid 5002] mprotect(0x7f0d9481e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5002] clone(child_stack=0x7f0d9483d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5021 attached , parent_tid=[5021], tls=0x7f0d9483d700, child_tidptr=0x7f0d9483d9d0) = 5021 [pid 5002] futex(0x7f0d9bd3c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5021] set_robust_list(0x7f0d9483d9e0, 24 [pid 5002] futex(0x7f0d9bd3c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5021] <... set_robust_list resumed>) = 0 [pid 5021] open(".", O_RDONLY) = 5 [pid 5021] futex(0x7f0d9bd3c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5002] <... futex resumed>) = 0 [pid 5002] futex(0x7f0d9bd3c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5002] futex(0x7f0d9bd3c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5021] <... futex resumed>) = 1 [ 62.521969][ T5003] BTRFS info (device loop0): balance: start -d -m [ 62.540496][ T5003] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5021] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [pid 5002] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5021] <... ioctl resumed>) = 0 [pid 5021] futex(0x7f0d9bd3c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5021] futex(0x7f0d9bd3c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5002] exit_group(0 [pid 5021] <... futex resumed>) = ? [pid 5002] <... exit_group resumed>) = ? [pid 5021] +++ exited with 0 +++ [ 62.713157][ T5003] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5003] <... ioctl resumed> ) = ? [pid 5003] +++ exited with 0 +++ [pid 5002] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5002, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=38 /* 0.38 s */} --- umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556300620 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./0/binderfs") = 0 [ 62.763948][ T5003] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 62.785719][ T5003] BTRFS info (device loop0): balance: canceled umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556308660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556308660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x555556300620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555562ff5d0) = 5032 ./strace-static-x86_64: Process 5032 attached [pid 5032] set_robust_list(0x5555562ff5e0, 24) = 0 [pid 5032] chdir("./1") = 0 [pid 5032] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5032] setpgid(0, 0) = 0 [pid 5032] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5032] write(3, "1000", 4) = 4 [pid 5032] close(3) = 0 [pid 5032] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5032] futex(0x7f0d9bd3c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5032] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0d9bc3e000 [pid 5032] mprotect(0x7f0d9bc3f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5032] clone(child_stack=0x7f0d9bc5e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5033 attached [pid 5033] set_robust_list(0x7f0d9bc5e9e0, 24 [pid 5032] <... clone resumed>, parent_tid=[5033], tls=0x7f0d9bc5e700, child_tidptr=0x7f0d9bc5e9d0) = 5033 [pid 5032] futex(0x7f0d9bd3c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5032] futex(0x7f0d9bd3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5033] <... set_robust_list resumed>) = 0 [pid 5033] memfd_create("syzkaller", 0) = 3 [pid 5033] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0d9383e000 [pid 5033] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5033] munmap(0x7f0d9383e000, 16777216) = 0 [pid 5033] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5033] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5033] close(3) = 0 [pid 5033] mkdir("./file0", 0777) = 0 [ 63.087057][ T5033] loop0: detected capacity change from 0 to 32768 [ 63.098790][ T5033] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor261 (5033) [ 63.115461][ T5033] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 63.124343][ T5033] BTRFS info (device loop0): turning on flush-on-commit [ 63.131462][ T5033] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 63.142129][ T5033] BTRFS info (device loop0): trying to use backup root at mount time [ 63.150401][ T5033] BTRFS info (device loop0): using free space tree [ 63.163896][ T1100] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 63.177538][ T5033] BTRFS warning (device loop0): couldn't read tree root [pid 5033] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5033] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5033] chdir("./file0") = 0 [pid 5033] ioctl(4, LOOP_CLR_FD) = 0 [pid 5033] close(4) = 0 [pid 5033] futex(0x7f0d9bd3c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5032] <... futex resumed>) = 0 [pid 5032] futex(0x7f0d9bd3c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5032] futex(0x7f0d9bd3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5033] <... futex resumed>) = 1 [ 63.190467][ T5033] BTRFS info (device loop0): enabling ssd optimizations [ 63.199029][ T5033] BTRFS info (device loop0): rebuilding free space tree [pid 5033] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5033] futex(0x7f0d9bd3c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5032] <... futex resumed>) = 0 [pid 5032] futex(0x7f0d9bd3c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5032] futex(0x7f0d9bd3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5033] <... futex resumed>) = 1 [pid 5033] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0) = 0 [pid 5033] futex(0x7f0d9bd3c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5032] <... futex resumed>) = 0 [pid 5032] futex(0x7f0d9bd3c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5032] futex(0x7f0d9bd3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5033] <... futex resumed>) = 1 [pid 5033] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5032] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5032] futex(0x7f0d9bd3c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5032] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0d9481d000 [pid 5032] mprotect(0x7f0d9481e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5032] clone(child_stack=0x7f0d9483d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5050], tls=0x7f0d9483d700, child_tidptr=0x7f0d9483d9d0) = 5050 [pid 5032] futex(0x7f0d9bd3c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 63.223859][ T27] audit: type=1800 audit(1686290417.723:3): pid=5033 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor261" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 63.257627][ T5033] BTRFS info (device loop0): balance: start -d -m [ 63.266041][ T5033] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5032] futex(0x7f0d9bd3c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5050 attached [pid 5050] set_robust_list(0x7f0d9483d9e0, 24) = 0 [pid 5050] open(".", O_RDONLY) = 5 [pid 5050] futex(0x7f0d9bd3c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5032] <... futex resumed>) = 0 [pid 5050] futex(0x7f0d9bd3c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5032] futex(0x7f0d9bd3c7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5050] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5032] <... futex resumed>) = 0 [pid 5050] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [ 63.303051][ T5033] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5032] futex(0x7f0d9bd3c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5050] <... ioctl resumed>) = 0 [pid 5050] futex(0x7f0d9bd3c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 63.445138][ T5033] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 63.473092][ T5033] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5050] futex(0x7f0d9bd3c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5033] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5033] futex(0x7f0d9bd3c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5032] exit_group(0 [pid 5050] <... futex resumed>) = ? [pid 5032] <... exit_group resumed>) = ? [pid 5050] +++ exited with 0 +++ [pid 5033] <... futex resumed>) = ? [pid 5033] +++ exited with 0 +++ [pid 5032] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5032, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=37 /* 0.37 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556300620 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./1/binderfs") = 0 [ 63.501300][ T5033] BTRFS info (device loop0): balance: ended with status: 0 [ 63.520500][ T5033] syz-executor261 (5033) used greatest stack depth: 22304 bytes left umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556308660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556308660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 getdents64(3, 0x555556300620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555562ff5d0) = 5052 ./strace-static-x86_64: Process 5052 attached [pid 5052] set_robust_list(0x5555562ff5e0, 24) = 0 [pid 5052] chdir("./2") = 0 [pid 5052] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5052] setpgid(0, 0) = 0 [pid 5052] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5052] write(3, "1000", 4) = 4 [pid 5052] close(3) = 0 [pid 5052] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5052] futex(0x7f0d9bd3c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5052] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0d9bc3e000 [pid 5052] mprotect(0x7f0d9bc3f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5052] clone(child_stack=0x7f0d9bc5e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5053 attached , parent_tid=[5053], tls=0x7f0d9bc5e700, child_tidptr=0x7f0d9bc5e9d0) = 5053 [pid 5053] set_robust_list(0x7f0d9bc5e9e0, 24) = 0 [pid 5053] futex(0x7f0d9bd3c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5052] futex(0x7f0d9bd3c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5053] <... futex resumed>) = 0 [pid 5052] futex(0x7f0d9bd3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5053] memfd_create("syzkaller", 0) = 3 [pid 5053] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0d9383e000 [pid 5053] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5053] munmap(0x7f0d9383e000, 16777216) = 0 [pid 5053] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5053] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5053] close(3) = 0 [pid 5053] mkdir("./file0", 0777) = 0 [ 63.794000][ T5053] loop0: detected capacity change from 0 to 32768 [ 63.805094][ T5053] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor261 (5053) [ 63.821921][ T5053] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 63.830736][ T5053] BTRFS info (device loop0): turning on flush-on-commit [ 63.837682][ T5053] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 63.848393][ T5053] BTRFS info (device loop0): trying to use backup root at mount time [ 63.856517][ T5053] BTRFS info (device loop0): using free space tree [ 63.870742][ T1100] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 63.884280][ T5053] BTRFS warning (device loop0): couldn't read tree root [pid 5053] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5053] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5053] chdir("./file0") = 0 [pid 5053] ioctl(4, LOOP_CLR_FD) = 0 [pid 5053] close(4) = 0 [pid 5053] futex(0x7f0d9bd3c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5052] <... futex resumed>) = 0 [pid 5053] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5052] futex(0x7f0d9bd3c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 63.896080][ T5053] BTRFS info (device loop0): enabling ssd optimizations [ 63.903831][ T5053] BTRFS info (device loop0): rebuilding free space tree [pid 5052] futex(0x7f0d9bd3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5053] <... open resumed>) = 4 [pid 5053] futex(0x7f0d9bd3c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5052] <... futex resumed>) = 0 [pid 5052] futex(0x7f0d9bd3c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5052] futex(0x7f0d9bd3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5053] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0) = 0 [pid 5053] futex(0x7f0d9bd3c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5052] <... futex resumed>) = 0 [pid 5052] futex(0x7f0d9bd3c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5052] futex(0x7f0d9bd3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 63.941069][ T27] audit: type=1800 audit(1686290418.443:4): pid=5053 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor261" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 63.976502][ T5053] BTRFS info (device loop0): balance: start -d -m [pid 5053] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5052] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5052] futex(0x7f0d9bd3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5052] futex(0x7f0d9bd3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5052] futex(0x7f0d9bd3c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5052] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0d9481d000 [pid 5052] mprotect(0x7f0d9481e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5052] clone(child_stack=0x7f0d9483d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5070], tls=0x7f0d9483d700, child_tidptr=0x7f0d9483d9d0) = 5070 [pid 5052] futex(0x7f0d9bd3c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5052] futex(0x7f0d9bd3c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5070 attached [pid 5070] set_robust_list(0x7f0d9483d9e0, 24) = 0 [pid 5070] open(".", O_RDONLY) = 5 [ 63.985067][ T5053] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5070] futex(0x7f0d9bd3c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5052] <... futex resumed>) = 0 [pid 5052] futex(0x7f0d9bd3c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5052] futex(0x7f0d9bd3c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5070] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [pid 5052] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 64.034238][ T5053] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5070] <... ioctl resumed>) = 0 [pid 5070] futex(0x7f0d9bd3c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 64.167830][ T5053] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 64.198966][ T5053] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5070] futex(0x7f0d9bd3c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5052] exit_group(0 [pid 5070] <... futex resumed>) = ? [pid 5052] <... exit_group resumed>) = ? [pid 5070] +++ exited with 0 +++ [pid 5053] <... ioctl resumed> ) = ? [pid 5053] +++ exited with 0 +++ [pid 5052] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5052, si_uid=0, si_status=0, si_utime=0, si_stime=39 /* 0.39 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556300620 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./2/binderfs") = 0 [ 64.223344][ T5053] BTRFS info (device loop0): balance: ended with status: 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556308660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556308660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 getdents64(3, 0x555556300620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555562ff5d0) = 5072 ./strace-static-x86_64: Process 5072 attached [pid 5072] set_robust_list(0x5555562ff5e0, 24) = 0 [pid 5072] chdir("./3") = 0 [pid 5072] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5072] setpgid(0, 0) = 0 [pid 5072] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5072] write(3, "1000", 4) = 4 [pid 5072] close(3) = 0 [pid 5072] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5072] futex(0x7f0d9bd3c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0d9bc3e000 [pid 5072] mprotect(0x7f0d9bc3f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5072] clone(child_stack=0x7f0d9bc5e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5073], tls=0x7f0d9bc5e700, child_tidptr=0x7f0d9bc5e9d0) = 5073 [pid 5072] futex(0x7f0d9bd3c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] futex(0x7f0d9bd3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5073 attached [pid 5073] set_robust_list(0x7f0d9bc5e9e0, 24) = 0 [pid 5073] memfd_create("syzkaller", 0) = 3 [pid 5073] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0d9383e000 [pid 5073] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5073] munmap(0x7f0d9383e000, 16777216) = 0 [pid 5073] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5073] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5073] close(3) = 0 [pid 5073] mkdir("./file0", 0777) = 0 [ 64.527257][ T5073] loop0: detected capacity change from 0 to 32768 [ 64.537755][ T5073] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor261 (5073) [ 64.555517][ T5073] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 64.564671][ T5073] BTRFS info (device loop0): turning on flush-on-commit [ 64.572008][ T5073] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 64.582694][ T5073] BTRFS info (device loop0): trying to use backup root at mount time [ 64.590945][ T5073] BTRFS info (device loop0): using free space tree [ 64.604399][ T1100] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 64.618592][ T5073] BTRFS warning (device loop0): couldn't read tree root [pid 5073] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5073] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5073] chdir("./file0") = 0 [pid 5073] ioctl(4, LOOP_CLR_FD) = 0 [pid 5073] close(4) = 0 [pid 5073] futex(0x7f0d9bd3c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] <... futex resumed>) = 0 [pid 5072] futex(0x7f0d9bd3c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] futex(0x7f0d9bd3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] <... futex resumed>) = 1 [pid 5073] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5073] futex(0x7f0d9bd3c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] <... futex resumed>) = 0 [pid 5072] futex(0x7f0d9bd3c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] futex(0x7f0d9bd3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] <... futex resumed>) = 1 [pid 5073] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0) = 0 [pid 5073] futex(0x7f0d9bd3c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] <... futex resumed>) = 0 [pid 5072] futex(0x7f0d9bd3c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] futex(0x7f0d9bd3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] <... futex resumed>) = 1 [ 64.631182][ T5073] BTRFS info (device loop0): enabling ssd optimizations [ 64.639656][ T5073] BTRFS info (device loop0): rebuilding free space tree [ 64.662675][ T27] audit: type=1800 audit(1686290419.163:5): pid=5073 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor261" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 64.696320][ T5073] BTRFS info (device loop0): balance: start -d -m [ 64.704884][ T5073] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5073] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5072] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5072] futex(0x7f0d9bd3c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0d9481d000 [pid 5072] mprotect(0x7f0d9481e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5072] clone(child_stack=0x7f0d9483d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5090], tls=0x7f0d9483d700, child_tidptr=0x7f0d9483d9d0) = 5090 [pid 5072] futex(0x7f0d9bd3c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] futex(0x7f0d9bd3c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5090 attached [pid 5090] set_robust_list(0x7f0d9483d9e0, 24) = 0 [pid 5090] open(".", O_RDONLY) = 5 [pid 5090] futex(0x7f0d9bd3c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] <... futex resumed>) = 0 [pid 5072] futex(0x7f0d9bd3c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] futex(0x7f0d9bd3c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5090] <... futex resumed>) = 1 [ 64.734202][ T5073] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5090] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [pid 5072] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5072] futex(0x7f0d9bd3c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5090] <... ioctl resumed>) = 0 [pid 5090] futex(0x7f0d9bd3c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 64.847714][ T5073] BTRFS info (device loop0): found 10 extents, stage: move data extents [pid 5090] futex(0x7f0d9bd3c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5073] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5073] futex(0x7f0d9bd3c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] exit_group(0) = ? [pid 5090] <... futex resumed>) = ? [pid 5090] +++ exited with 0 +++ [pid 5073] +++ exited with 0 +++ [pid 5072] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5072, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556300620 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./3/binderfs") = 0 [ 64.892700][ T5073] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 64.916308][ T5073] BTRFS info (device loop0): balance: ended with status: 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556308660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556308660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 getdents64(3, 0x555556300620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555562ff5d0) = 5091 ./strace-static-x86_64: Process 5091 attached [pid 5091] set_robust_list(0x5555562ff5e0, 24) = 0 [pid 5091] chdir("./4") = 0 [pid 5091] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5091] setpgid(0, 0) = 0 [pid 5091] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5091] write(3, "1000", 4) = 4 [pid 5091] close(3) = 0 [pid 5091] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5091] futex(0x7f0d9bd3c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5091] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0d9bc3e000 [pid 5091] mprotect(0x7f0d9bc3f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5091] clone(child_stack=0x7f0d9bc5e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5092 attached , parent_tid=[5092], tls=0x7f0d9bc5e700, child_tidptr=0x7f0d9bc5e9d0) = 5092 [pid 5091] futex(0x7f0d9bd3c7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5092] set_robust_list(0x7f0d9bc5e9e0, 24 [pid 5091] <... futex resumed>) = 0 [pid 5092] <... set_robust_list resumed>) = 0 [pid 5091] futex(0x7f0d9bd3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5092] memfd_create("syzkaller", 0) = 3 [pid 5092] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0d9383e000 [pid 5092] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5092] munmap(0x7f0d9383e000, 16777216) = 0 [pid 5092] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5092] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5092] close(3) = 0 [pid 5092] mkdir("./file0", 0777) = 0 [ 65.211035][ T5092] loop0: detected capacity change from 0 to 32768 [ 65.222003][ T5092] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor261 (5092) [ 65.236943][ T5092] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 65.246013][ T5092] BTRFS info (device loop0): turning on flush-on-commit [ 65.253267][ T5092] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 65.263983][ T5092] BTRFS info (device loop0): trying to use backup root at mount time [ 65.272411][ T5092] BTRFS info (device loop0): using free space tree [ 65.286860][ T42] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 65.300283][ T5092] BTRFS warning (device loop0): couldn't read tree root [pid 5092] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5092] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5092] chdir("./file0") = 0 [pid 5092] ioctl(4, LOOP_CLR_FD) = 0 [pid 5092] close(4) = 0 [pid 5092] futex(0x7f0d9bd3c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5091] <... futex resumed>) = 0 [pid 5091] futex(0x7f0d9bd3c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5091] futex(0x7f0d9bd3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5092] <... futex resumed>) = 1 [ 65.312065][ T5092] BTRFS info (device loop0): enabling ssd optimizations [ 65.320151][ T5092] BTRFS info (device loop0): rebuilding free space tree [pid 5092] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5092] futex(0x7f0d9bd3c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5091] <... futex resumed>) = 0 [pid 5091] futex(0x7f0d9bd3c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5091] futex(0x7f0d9bd3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5092] <... futex resumed>) = 1 [pid 5092] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0) = 0 [pid 5092] futex(0x7f0d9bd3c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5091] <... futex resumed>) = 0 [pid 5091] futex(0x7f0d9bd3c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5091] futex(0x7f0d9bd3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5092] <... futex resumed>) = 1 [pid 5092] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5091] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5091] futex(0x7f0d9bd3c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5091] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0d9481d000 [pid 5091] mprotect(0x7f0d9481e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5091] clone(child_stack=0x7f0d9483d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5109 attached , parent_tid=[5109], tls=0x7f0d9483d700, child_tidptr=0x7f0d9483d9d0) = 5109 [pid 5109] set_robust_list(0x7f0d9483d9e0, 24 [pid 5091] futex(0x7f0d9bd3c7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5109] <... set_robust_list resumed>) = 0 [pid 5091] <... futex resumed>) = 0 [pid 5109] open(".", O_RDONLY [pid 5091] futex(0x7f0d9bd3c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5109] <... open resumed>) = 5 [pid 5109] futex(0x7f0d9bd3c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5091] <... futex resumed>) = 0 [pid 5109] <... futex resumed>) = 1 [pid 5109] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [pid 5091] futex(0x7f0d9bd3c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 65.347379][ T27] audit: type=1800 audit(1686290419.843:6): pid=5092 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor261" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 65.386212][ T5092] BTRFS info (device loop0): balance: start -d -m [ 65.394303][ T5092] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5091] futex(0x7f0d9bd3c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 65.449513][ T5092] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5109] <... ioctl resumed>) = 0 [pid 5109] futex(0x7f0d9bd3c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 65.552709][ T5092] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 65.582496][ T5092] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5109] futex(0x7f0d9bd3c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5092] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5092] futex(0x7f0d9bd3c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5092] futex(0x7f0d9bd3c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5091] exit_group(0 [pid 5109] <... futex resumed>) = ? [pid 5092] <... futex resumed>) = ? [pid 5091] <... exit_group resumed>) = ? [pid 5109] +++ exited with 0 +++ [pid 5092] +++ exited with 0 +++ [pid 5091] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5091, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=29 /* 0.29 s */} --- umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556300620 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./4/binderfs") = 0 [ 65.607446][ T5092] BTRFS info (device loop0): balance: ended with status: 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556308660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556308660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 getdents64(3, 0x555556300620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5112 attached , child_tidptr=0x5555562ff5d0) = 5112 [pid 5112] set_robust_list(0x5555562ff5e0, 24) = 0 [pid 5112] chdir("./5") = 0 [pid 5112] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5112] setpgid(0, 0) = 0 [pid 5112] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5112] write(3, "1000", 4) = 4 [pid 5112] close(3) = 0 [pid 5112] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5112] futex(0x7f0d9bd3c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5112] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0d9bc3e000 [pid 5112] mprotect(0x7f0d9bc3f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5112] clone(child_stack=0x7f0d9bc5e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5113], tls=0x7f0d9bc5e700, child_tidptr=0x7f0d9bc5e9d0) = 5113 [pid 5112] futex(0x7f0d9bd3c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5112] futex(0x7f0d9bd3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5113 attached [pid 5113] set_robust_list(0x7f0d9bc5e9e0, 24) = 0 [pid 5113] memfd_create("syzkaller", 0) = 3 [pid 5113] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0d9383e000 [pid 5113] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5113] munmap(0x7f0d9383e000, 16777216) = 0 [pid 5113] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5113] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5113] close(3) = 0 [pid 5113] mkdir("./file0", 0777) = 0 [ 65.933778][ T5113] loop0: detected capacity change from 0 to 32768 [ 65.943545][ T5113] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor261 (5113) [ 65.960438][ T5113] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 65.969334][ T5113] BTRFS info (device loop0): turning on flush-on-commit [ 65.976295][ T5113] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 65.987378][ T5113] BTRFS info (device loop0): trying to use backup root at mount time [ 65.995922][ T5113] BTRFS info (device loop0): using free space tree [ 66.010800][ T42] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 66.024965][ T5113] BTRFS warning (device loop0): couldn't read tree root [pid 5113] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5113] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5113] chdir("./file0") = 0 [pid 5113] ioctl(4, LOOP_CLR_FD) = 0 [pid 5113] close(4) = 0 [pid 5113] futex(0x7f0d9bd3c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5112] <... futex resumed>) = 0 [pid 5112] futex(0x7f0d9bd3c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5112] futex(0x7f0d9bd3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 66.035956][ T5113] BTRFS info (device loop0): enabling ssd optimizations [ 66.043860][ T5113] BTRFS info (device loop0): rebuilding free space tree [pid 5113] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5113] futex(0x7f0d9bd3c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5112] <... futex resumed>) = 0 [pid 5112] futex(0x7f0d9bd3c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5112] futex(0x7f0d9bd3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5113] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0) = 0 [pid 5113] futex(0x7f0d9bd3c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5112] <... futex resumed>) = 0 [pid 5112] futex(0x7f0d9bd3c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5112] futex(0x7f0d9bd3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 66.074796][ T27] audit: type=1800 audit(1686290420.573:7): pid=5113 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor261" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 66.108910][ T5113] BTRFS info (device loop0): balance: start -d -m [ 66.117329][ T5113] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5113] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5112] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5112] futex(0x7f0d9bd3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5112] futex(0x7f0d9bd3c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5112] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0d9481d000 [pid 5112] mprotect(0x7f0d9481e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5112] clone(child_stack=0x7f0d9483d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5130], tls=0x7f0d9483d700, child_tidptr=0x7f0d9483d9d0) = 5130 [pid 5112] futex(0x7f0d9bd3c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5112] futex(0x7f0d9bd3c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5130 attached [pid 5130] set_robust_list(0x7f0d9483d9e0, 24) = 0 [pid 5130] open(".", O_RDONLY) = 5 [pid 5130] futex(0x7f0d9bd3c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5112] <... futex resumed>) = 0 [pid 5112] futex(0x7f0d9bd3c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5112] futex(0x7f0d9bd3c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5130] <... futex resumed>) = 1 [ 66.149310][ T5113] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5130] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [pid 5112] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5112] futex(0x7f0d9bd3c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5130] <... ioctl resumed>) = 0 [pid 5130] futex(0x7f0d9bd3c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 66.303540][ T5113] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 66.331378][ T5113] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5130] futex(0x7f0d9bd3c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5113] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5113] futex(0x7f0d9bd3c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5113] futex(0x7f0d9bd3c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5112] exit_group(0 [pid 5130] <... futex resumed>) = ? [pid 5112] <... exit_group resumed>) = ? [pid 5130] +++ exited with 0 +++ [pid 5113] <... futex resumed>) = ? [pid 5113] +++ exited with 0 +++ [pid 5112] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5112, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=36 /* 0.36 s */} --- umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556300620 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./5/binderfs") = 0 [ 66.354383][ T5113] BTRFS info (device loop0): balance: ended with status: 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556308660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556308660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 getdents64(3, 0x555556300620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555562ff5d0) = 5131 ./strace-static-x86_64: Process 5131 attached [pid 5131] set_robust_list(0x5555562ff5e0, 24) = 0 [pid 5131] chdir("./6") = 0 [pid 5131] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5131] setpgid(0, 0) = 0 [pid 5131] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5131] write(3, "1000", 4) = 4 [pid 5131] close(3) = 0 [pid 5131] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5131] futex(0x7f0d9bd3c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0d9bc3e000 [pid 5131] mprotect(0x7f0d9bc3f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5131] clone(child_stack=0x7f0d9bc5e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5132], tls=0x7f0d9bc5e700, child_tidptr=0x7f0d9bc5e9d0) = 5132 [pid 5131] futex(0x7f0d9bd3c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] futex(0x7f0d9bd3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5132 attached [pid 5132] set_robust_list(0x7f0d9bc5e9e0, 24) = 0 [pid 5132] memfd_create("syzkaller", 0) = 3 [pid 5132] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0d9383e000 [pid 5132] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5132] munmap(0x7f0d9383e000, 16777216) = 0 [pid 5132] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5132] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5132] close(3) = 0 [pid 5132] mkdir("./file0", 0777) = 0 [ 66.634045][ T5132] loop0: detected capacity change from 0 to 32768 [ 66.643965][ T5132] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor261 (5132) [ 66.661936][ T5132] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 66.671057][ T5132] BTRFS info (device loop0): turning on flush-on-commit [ 66.678231][ T5132] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 66.689272][ T5132] BTRFS info (device loop0): trying to use backup root at mount time [ 66.697821][ T5132] BTRFS info (device loop0): using free space tree [ 66.711243][ T42] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 66.724658][ T5132] BTRFS warning (device loop0): couldn't read tree root [pid 5132] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5132] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5132] chdir("./file0") = 0 [pid 5132] ioctl(4, LOOP_CLR_FD) = 0 [pid 5132] close(4) = 0 [pid 5132] futex(0x7f0d9bd3c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5131] <... futex resumed>) = 0 [pid 5131] futex(0x7f0d9bd3c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] futex(0x7f0d9bd3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5132] <... futex resumed>) = 1 [ 66.737194][ T5132] BTRFS info (device loop0): enabling ssd optimizations [ 66.745132][ T5132] BTRFS info (device loop0): rebuilding free space tree [pid 5132] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5132] futex(0x7f0d9bd3c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5131] <... futex resumed>) = 0 [pid 5131] futex(0x7f0d9bd3c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] futex(0x7f0d9bd3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5132] <... futex resumed>) = 1 [pid 5132] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0) = 0 [pid 5132] futex(0x7f0d9bd3c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5131] <... futex resumed>) = 0 [pid 5131] futex(0x7f0d9bd3c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] futex(0x7f0d9bd3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5132] <... futex resumed>) = 1 [ 66.775259][ T27] audit: type=1800 audit(1686290421.273:8): pid=5132 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor261" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 66.818764][ T5132] BTRFS info (device loop0): balance: start -d -m [pid 5132] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5131] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5131] futex(0x7f0d9bd3c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0d9481d000 [pid 5131] mprotect(0x7f0d9481e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5131] clone(child_stack=0x7f0d9483d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5149], tls=0x7f0d9483d700, child_tidptr=0x7f0d9483d9d0) = 5149 [pid 5131] futex(0x7f0d9bd3c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] futex(0x7f0d9bd3c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5149 attached [pid 5149] set_robust_list(0x7f0d9483d9e0, 24) = 0 [pid 5149] open(".", O_RDONLY) = 5 [pid 5149] futex(0x7f0d9bd3c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5131] <... futex resumed>) = 0 [pid 5131] futex(0x7f0d9bd3c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] futex(0x7f0d9bd3c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 66.832836][ T5132] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5149] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [pid 5131] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5131] futex(0x7f0d9bd3c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [ 66.880601][ T5132] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5149] <... ioctl resumed>) = 0 [pid 5149] futex(0x7f0d9bd3c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 67.012979][ T5132] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 67.041682][ T5132] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5149] futex(0x7f0d9bd3c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5131] exit_group(0 [pid 5149] <... futex resumed>) = ? [pid 5131] <... exit_group resumed>) = ? [pid 5149] +++ exited with 0 +++ [pid 5132] <... ioctl resumed> ) = ? [pid 5132] +++ exited with 0 +++ [pid 5131] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5131, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=36 /* 0.36 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556300620 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./6/binderfs") = 0 [ 67.067790][ T5132] BTRFS info (device loop0): balance: ended with status: 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556308660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556308660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 getdents64(3, 0x555556300620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555562ff5d0) = 5150 ./strace-static-x86_64: Process 5150 attached [pid 5150] set_robust_list(0x5555562ff5e0, 24) = 0 [pid 5150] chdir("./7") = 0 [pid 5150] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5150] setpgid(0, 0) = 0 [pid 5150] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5150] write(3, "1000", 4) = 4 [pid 5150] close(3) = 0 [pid 5150] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5150] futex(0x7f0d9bd3c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5150] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0d9bc3e000 [pid 5150] mprotect(0x7f0d9bc3f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5150] clone(child_stack=0x7f0d9bc5e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5151], tls=0x7f0d9bc5e700, child_tidptr=0x7f0d9bc5e9d0) = 5151 ./strace-static-x86_64: Process 5151 attached [pid 5151] set_robust_list(0x7f0d9bc5e9e0, 24) = 0 [pid 5151] futex(0x7f0d9bd3c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5150] futex(0x7f0d9bd3c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5151] <... futex resumed>) = 0 [pid 5150] futex(0x7f0d9bd3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5151] memfd_create("syzkaller", 0) = 3 [pid 5151] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0d9383e000 [pid 5151] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5151] munmap(0x7f0d9383e000, 16777216) = 0 [pid 5151] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5151] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5151] close(3) = 0 [pid 5151] mkdir("./file0", 0777) = 0 [ 67.363020][ T5151] loop0: detected capacity change from 0 to 32768 [ 67.374060][ T5151] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor261 (5151) [ 67.390002][ T5151] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 67.398781][ T5151] BTRFS info (device loop0): turning on flush-on-commit [ 67.405910][ T5151] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 67.416878][ T5151] BTRFS info (device loop0): trying to use backup root at mount time [ 67.425055][ T5151] BTRFS info (device loop0): using free space tree [ 67.438509][ T42] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 67.452615][ T5151] BTRFS warning (device loop0): couldn't read tree root [pid 5151] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5151] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5151] chdir("./file0") = 0 [pid 5151] ioctl(4, LOOP_CLR_FD) = 0 [pid 5151] close(4) = 0 [pid 5151] futex(0x7f0d9bd3c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5150] <... futex resumed>) = 0 [pid 5150] futex(0x7f0d9bd3c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5150] futex(0x7f0d9bd3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5151] <... futex resumed>) = 1 [pid 5151] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5151] futex(0x7f0d9bd3c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5150] <... futex resumed>) = 0 [pid 5150] futex(0x7f0d9bd3c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5150] futex(0x7f0d9bd3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5151] <... futex resumed>) = 1 [pid 5151] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0) = 0 [pid 5151] futex(0x7f0d9bd3c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5150] <... futex resumed>) = 0 [pid 5150] futex(0x7f0d9bd3c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5150] futex(0x7f0d9bd3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5151] <... futex resumed>) = 1 [ 67.464272][ T5151] BTRFS info (device loop0): enabling ssd optimizations [ 67.472503][ T5151] BTRFS info (device loop0): rebuilding free space tree [ 67.490639][ T27] audit: type=1800 audit(1686290421.993:9): pid=5151 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor261" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5151] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5150] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5150] futex(0x7f0d9bd3c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5150] futex(0x7f0d9bd3c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5150] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0d9481d000 [pid 5150] mprotect(0x7f0d9481e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5150] clone(child_stack=0x7f0d9483d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5167], tls=0x7f0d9483d700, child_tidptr=0x7f0d9483d9d0) = 5167 [pid 5150] futex(0x7f0d9bd3c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5150] futex(0x7f0d9bd3c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5167 attached [pid 5167] set_robust_list(0x7f0d9483d9e0, 24) = 0 [pid 5167] open(".", O_RDONLY) = 5 [pid 5167] futex(0x7f0d9bd3c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5150] <... futex resumed>) = 0 [pid 5150] futex(0x7f0d9bd3c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5150] futex(0x7f0d9bd3c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5167] <... futex resumed>) = 1 [ 67.498684][ T5151] BTRFS info (device loop0): balance: start -d -m [ 67.521260][ T5151] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5167] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [pid 5150] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 67.580656][ T5151] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 67.607822][ T1100] BTRFS warning (device loop0): Skipping commit of aborted transaction. [ 67.624571][ T1100] ------------[ cut here ]------------ [pid 5167] <... ioctl resumed>) = 0 [pid 5167] futex(0x7f0d9bd3c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 67.630245][ T1100] BTRFS: Transaction aborted (error -28) [ 67.642286][ T1100] WARNING: CPU: 0 PID: 1100 at fs/btrfs/transaction.c:1974 btrfs_commit_transaction+0x3217/0x3f90 [ 67.654196][ T1100] Modules linked in: [ 67.658291][ T1100] CPU: 0 PID: 1100 Comm: kworker/u4:5 Not tainted 6.4.0-rc2-next-20230515-syzkaller #0 [ 67.667996][ T1100] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 67.678311][ T1100] Workqueue: events_unbound btrfs_async_reclaim_metadata_space [ 67.686185][ T1100] RIP: 0010:btrfs_commit_transaction+0x3217/0x3f90 [ 67.692868][ T1100] Code: c8 fe ff ff be 02 00 00 00 e8 85 45 aa 00 e9 2d d3 ff ff e8 7b 8c 1b fe 8b b5 20 ff ff ff 48 c7 c7 a0 2b 95 8a e8 79 39 e3 fd <0f> 0b c7 85 00 ff ff ff 01 00 00 00 e9 a3 df ff ff e8 53 8c 1b fe [ 67.713101][ T1100] RSP: 0000:ffffc900059f7990 EFLAGS: 00010282 [ 67.719254][ T1100] RAX: 0000000000000000 RBX: 000000001e53c001 RCX: 0000000000000000 [pid 5167] futex(0x7f0d9bd3c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5150] exit_group(0 [pid 5167] <... futex resumed>) = ? [pid 5150] <... exit_group resumed>) = ? [pid 5167] +++ exited with 0 +++ [ 67.727245][ T1100] RDX: ffff888020e3d940 RSI: ffffffff814bd247 RDI: 0000000000000001 [ 67.735992][ T1100] RBP: ffffc900059f7b00 R08: 0000000000000001 R09: 0000000000000000 [ 67.744113][ T1100] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88801e53c000 [ 67.752219][ T1100] R13: ffff8880786059c0 R14: ffff888078605b28 R15: ffff88801e53c000 [ 67.760604][ T1100] FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 67.769707][ T1100] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 67.776326][ T1100] CR2: 00007f45ada6d000 CR3: 000000001772b000 CR4: 00000000003506f0 [ 67.784596][ T1100] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 67.792869][ T1100] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 67.800919][ T1100] Call Trace: [ 67.804229][ T1100] [ 67.807181][ T1100] ? trace_lock_acquire+0x12d/0x180 [ 67.812539][ T1100] ? create_pending_snapshots+0x2c0/0x2c0 [ 67.818312][ T1100] ? start_transaction+0x2aa/0x14c0 [ 67.823638][ T1100] flush_space+0x1e0/0xde0 [ 67.828102][ T1100] ? do_raw_spin_lock+0x124/0x2b0 [ 67.833281][ T1100] ? find_held_lock+0x2d/0x110 [ 67.838089][ T1100] ? dump_global_block_rsv+0x2f0/0x2f0 [ 67.843614][ T1100] ? lock_downgrade+0x690/0x690 [ 67.848492][ T1100] ? _raw_spin_unlock+0x28/0x40 [ 67.853639][ T1100] btrfs_async_reclaim_metadata_space+0x39e/0xa90 [ 67.860161][ T1100] process_one_work+0x99a/0x15e0 [ 67.865116][ T1100] ? pwq_dec_nr_in_flight+0x2a0/0x2a0 [ 67.870562][ T1100] ? rcu_is_watching+0x12/0xb0 [ 67.875364][ T1100] ? spin_bug+0x1c0/0x1c0 [ 67.879798][ T1100] ? lock_acquire+0x32/0xc0 [ 67.884331][ T1100] ? worker_thread+0x16d/0x10c0 [ 67.889437][ T1100] worker_thread+0x67d/0x10c0 [ 67.894247][ T1100] ? process_one_work+0x15e0/0x15e0 [ 67.899520][ T1100] kthread+0x344/0x440 [ 67.903627][ T1100] ? kthread_complete_and_exit+0x40/0x40 [ 67.909517][ T1100] ret_from_fork+0x1f/0x30 [ 67.913984][ T1100] [ 67.917029][ T1100] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 67.924417][ T1100] CPU: 0 PID: 1100 Comm: kworker/u4:5 Not tainted 6.4.0-rc2-next-20230515-syzkaller #0 [ 67.934056][ T1100] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 67.944199][ T1100] Workqueue: events_unbound btrfs_async_reclaim_metadata_space [ 67.951766][ T1100] Call Trace: [ 67.955044][ T1100] [ 67.957978][ T1100] dump_stack_lvl+0xd9/0x150 [ 67.962589][ T1100] panic+0x686/0x730 [ 67.966498][ T1100] ? panic_smp_self_stop+0xa0/0xa0 [ 67.971623][ T1100] ? show_trace_log_lvl+0x285/0x390 [ 67.976849][ T1100] ? btrfs_commit_transaction+0x3217/0x3f90 [ 67.982753][ T1100] check_panic_on_warn+0xb1/0xc0 [ 67.987701][ T1100] __warn+0xf2/0x390 [ 67.991607][ T1100] ? btrfs_commit_transaction+0x3217/0x3f90 [ 67.997513][ T1100] report_bug+0x2da/0x500 [ 68.001866][ T1100] handle_bug+0x3c/0x70 [ 68.006029][ T1100] exc_invalid_op+0x18/0x50 [ 68.010535][ T1100] asm_exc_invalid_op+0x1a/0x20 [ 68.015400][ T1100] RIP: 0010:btrfs_commit_transaction+0x3217/0x3f90 [ 68.021911][ T1100] Code: c8 fe ff ff be 02 00 00 00 e8 85 45 aa 00 e9 2d d3 ff ff e8 7b 8c 1b fe 8b b5 20 ff ff ff 48 c7 c7 a0 2b 95 8a e8 79 39 e3 fd <0f> 0b c7 85 00 ff ff ff 01 00 00 00 e9 a3 df ff ff e8 53 8c 1b fe [ 68.041605][ T1100] RSP: 0000:ffffc900059f7990 EFLAGS: 00010282 [ 68.047681][ T1100] RAX: 0000000000000000 RBX: 000000001e53c001 RCX: 0000000000000000 [ 68.055648][ T1100] RDX: ffff888020e3d940 RSI: ffffffff814bd247 RDI: 0000000000000001 [ 68.063617][ T1100] RBP: ffffc900059f7b00 R08: 0000000000000001 R09: 0000000000000000 [ 68.071589][ T1100] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88801e53c000 [ 68.079559][ T1100] R13: ffff8880786059c0 R14: ffff888078605b28 R15: ffff88801e53c000 [ 68.087712][ T1100] ? __warn_printk+0x187/0x310 [ 68.092499][ T1100] ? trace_lock_acquire+0x12d/0x180 [ 68.097718][ T1100] ? create_pending_snapshots+0x2c0/0x2c0 [ 68.103449][ T1100] ? start_transaction+0x2aa/0x14c0 [ 68.108671][ T1100] flush_space+0x1e0/0xde0 [ 68.113103][ T1100] ? do_raw_spin_lock+0x124/0x2b0 [ 68.118139][ T1100] ? find_held_lock+0x2d/0x110 [ 68.122919][ T1100] ? dump_global_block_rsv+0x2f0/0x2f0 [ 68.128393][ T1100] ? lock_downgrade+0x690/0x690 [ 68.133275][ T1100] ? _raw_spin_unlock+0x28/0x40 [ 68.138190][ T1100] btrfs_async_reclaim_metadata_space+0x39e/0xa90 [ 68.144650][ T1100] process_one_work+0x99a/0x15e0 [ 68.149620][ T1100] ? pwq_dec_nr_in_flight+0x2a0/0x2a0 [ 68.155009][ T1100] ? rcu_is_watching+0x12/0xb0 [ 68.159787][ T1100] ? spin_bug+0x1c0/0x1c0 [ 68.164222][ T1100] ? lock_acquire+0x32/0xc0 [ 68.168734][ T1100] ? worker_thread+0x16d/0x10c0 [ 68.173603][ T1100] worker_thread+0x67d/0x10c0 [ 68.178303][ T1100] ? process_one_work+0x15e0/0x15e0 [ 68.183517][ T1100] kthread+0x344/0x440 [ 68.187604][ T1100] ? kthread_complete_and_exit+0x40/0x40 [ 68.193253][ T1100] ret_from_fork+0x1f/0x30 [ 68.197697][ T1100] [ 68.201243][ T1100] Kernel Offset: disabled [ 68.205758][ T1100] Rebooting in 86400 seconds..