./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2319623551 <...> forked to background, child pid 4646 [ 32.061770][ T4647] 8021q: adding VLAN 0 to HW filter on device bond0 [ 32.078921][ T4647] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: [ 32.614268][ T4739] sshd (4739) used greatest stack depth: 19648 bytes left OK syzkaller Warning: Permanently added '10.128.0.227' (ECDSA) to the list of known hosts. execve("./syz-executor2319623551", ["./syz-executor2319623551"], 0x7ffcfea69640 /* 10 vars */) = 0 brk(NULL) = 0x555556b9a000 brk(0x555556b9ac40) = 0x555556b9ac40 arch_prctl(ARCH_SET_FS, 0x555556b9a300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x555556b9a5d0) = 5076 set_robust_list(0x555556b9a5e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f54243705b0, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f5424370c80}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f5424370650, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f5424370c80}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2319623551", 4096) = 28 brk(0x555556bbbc40) = 0x555556bbbc40 brk(0x555556bbc000) = 0x555556bbc000 mprotect(0x7f5424437000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 5076 mkdir("./syzkaller.lyHtI2", 0700) = 0 chmod("./syzkaller.lyHtI2", 0777) = 0 chdir("./syzkaller.lyHtI2") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b9a5d0) = 5077 ./strace-static-x86_64: Process 5077 attached [pid 5077] set_robust_list(0x555556b9a5e0, 24) = 0 [pid 5077] chdir("./0") = 0 [pid 5077] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5077] setpgid(0, 0) = 0 [pid 5077] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5077] write(3, "1000", 4) = 4 [pid 5077] close(3) = 0 [pid 5077] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5077] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f542433f000 [pid 5077] mprotect(0x7f5424340000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5077] clone(child_stack=0x7f542435f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5079], tls=0x7f542435f700, child_tidptr=0x7f542435f9d0) = 5079 [pid 5077] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5079 attached [pid 5079] set_robust_list(0x7f542435f9e0, 24) = 0 [pid 5079] memfd_create("syzkaller", 0) = 3 [pid 5079] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f541bf3f000 syzkaller login: [ 55.455316][ T5079] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5079 'syz-executor231' [pid 5079] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5079] munmap(0x7f541bf3f000, 16777216) = 0 [pid 5079] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5079] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5079] close(3) = 0 [pid 5079] mkdir("./file0", 0777) = 0 [ 55.626775][ T5079] loop0: detected capacity change from 0 to 32768 [ 55.640515][ T5079] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor231 (5079) [ 55.660381][ T5079] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 55.669925][ T5079] BTRFS info (device loop0): turning on flush-on-commit [ 55.677681][ T5079] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 55.688852][ T5079] BTRFS info (device loop0): trying to use backup root at mount time [ 55.697117][ T5079] BTRFS info (device loop0): using free space tree [ 55.714428][ T2823] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 55.728719][ T5079] BTRFS warning (device loop0): couldn't read tree root [ 55.742332][ T5079] BTRFS info (device loop0): enabling ssd optimizations [ 55.750939][ T5079] BTRFS info (device loop0): clearing free space tree [ 55.758351][ T5079] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 55.768734][ T5079] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5079] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5079] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5079] chdir("./file0") = 0 [pid 5079] ioctl(4, LOOP_CLR_FD) = 0 [pid 5079] close(4) = 0 [pid 5079] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5079] futex(0x7f542443d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5077] <... futex resumed>) = 0 [pid 5077] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5079] <... futex resumed>) = 0 [pid 5077] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 55.790544][ T5079] BTRFS info (device loop0): creating free space tree [ 55.799456][ T5079] BTRFS info (device loop0): setting compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 55.809578][ T5079] BTRFS info (device loop0): setting compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 55.824008][ T5079] BTRFS info (device loop0): checking UUID tree [pid 5079] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5079] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5077] <... futex resumed>) = 0 [pid 5079] futex(0x7f542443d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5077] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5079] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5077] <... futex resumed>) = 0 [pid 5079] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0 [pid 5077] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] <... ioctl resumed>) = 0 [pid 5079] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5077] <... futex resumed>) = 0 [pid 5077] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5079] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5077] <... futex resumed>) = 0 [ 55.860944][ T27] audit: type=1800 audit(1677515373.457:2): pid=5079 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor231" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5077] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5077] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f541cf1e000 [pid 5077] mprotect(0x7f541cf1f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5077] clone(child_stack=0x7f541cf3e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5098], tls=0x7f541cf3e700, child_tidptr=0x7f541cf3e9d0) = 5098 [pid 5077] futex(0x7f542443d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] futex(0x7f542443d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5098 attached [pid 5098] set_robust_list(0x7f541cf3e9e0, 24) = 0 [pid 5098] open(".", O_RDONLY) = 5 [pid 5098] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5098] futex(0x7f542443d7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5077] <... futex resumed>) = 0 [pid 5077] futex(0x7f542443d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5098] <... futex resumed>) = 0 [pid 5098] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [ 55.912386][ T5079] BTRFS info (device loop0): balance: start -d -m [ 55.924582][ T5079] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5077] futex(0x7f542443d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5098] <... ioctl resumed>) = 0 [pid 5098] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 56.091292][ T5079] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5098] futex(0x7f542443d7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5077] exit_group(0 [pid 5098] <... futex resumed>) = ? [pid 5077] <... exit_group resumed>) = ? [pid 5098] +++ exited with 0 +++ [ 56.140716][ T5079] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 56.172844][ T5079] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5079] <... ioctl resumed> ) = ? [pid 5079] +++ exited with 0 +++ [pid 5077] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5077, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=44 /* 0.44 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b9b620 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./0/binderfs") = 0 [ 56.203655][ T5079] BTRFS info (device loop0): balance: ended with status: 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556ba3660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ba3660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x555556b9b620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b9a5d0) = 5102 ./strace-static-x86_64: Process 5102 attached [pid 5102] set_robust_list(0x555556b9a5e0, 24) = 0 [pid 5102] chdir("./1") = 0 [pid 5102] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5102] setpgid(0, 0) = 0 [pid 5102] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5102] write(3, "1000", 4) = 4 [pid 5102] close(3) = 0 [pid 5102] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5102] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5102] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f542433f000 [pid 5102] mprotect(0x7f5424340000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5102] clone(child_stack=0x7f542435f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5103], tls=0x7f542435f700, child_tidptr=0x7f542435f9d0) = 5103 [pid 5102] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5102] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5103 attached [pid 5103] set_robust_list(0x7f542435f9e0, 24) = 0 [pid 5103] memfd_create("syzkaller", 0) = 3 [pid 5103] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f541bf3f000 [pid 5103] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5103] munmap(0x7f541bf3f000, 16777216) = 0 [pid 5103] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5103] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5103] close(3) = 0 [pid 5103] mkdir("./file0", 0777) = 0 [ 56.517128][ T5103] loop0: detected capacity change from 0 to 32768 [ 56.530128][ T5103] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor231 (5103) [ 56.545243][ T5103] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 56.554509][ T5103] BTRFS info (device loop0): turning on flush-on-commit [ 56.565004][ T5103] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 56.575706][ T5103] BTRFS info (device loop0): trying to use backup root at mount time [ 56.583962][ T5103] BTRFS info (device loop0): using free space tree [ 56.599994][ T41] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 56.614018][ T5103] BTRFS warning (device loop0): couldn't read tree root [ 56.626778][ T5103] BTRFS info (device loop0): enabling ssd optimizations [ 56.634806][ T5103] BTRFS info (device loop0): clearing free space tree [ 56.642107][ T5103] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 56.652020][ T5103] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5103] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5103] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5103] chdir("./file0") = 0 [pid 5103] ioctl(4, LOOP_CLR_FD) = 0 [pid 5103] close(4) = 0 [pid 5103] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5102] <... futex resumed>) = 0 [pid 5102] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5103] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5102] <... futex resumed>) = 0 [ 56.666994][ T5103] BTRFS info (device loop0): creating free space tree [ 56.674656][ T5103] BTRFS info (device loop0): setting compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 56.684298][ T5103] BTRFS info (device loop0): setting compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 56.696761][ T5103] BTRFS info (device loop0): checking UUID tree [pid 5102] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5103] <... open resumed>) = 4 [pid 5103] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5102] <... futex resumed>) = 0 [pid 5102] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5103] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0 [pid 5102] <... futex resumed>) = 0 [pid 5102] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5103] <... ioctl resumed>) = 0 [pid 5103] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5102] <... futex resumed>) = 0 [pid 5103] futex(0x7f542443d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5102] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5103] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5103] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 56.725523][ T27] audit: type=1800 audit(1677515374.317:3): pid=5103 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor231" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5102] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5102] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5102] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f541cf1e000 [pid 5102] mprotect(0x7f541cf1f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5102] clone(child_stack=0x7f541cf3e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5122], tls=0x7f541cf3e700, child_tidptr=0x7f541cf3e9d0) = 5122 [pid 5102] futex(0x7f542443d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 56.766630][ T5103] BTRFS info (device loop0): balance: start -d -m [ 56.774283][ T5103] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5102] futex(0x7f542443d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5122 attached [pid 5122] set_robust_list(0x7f541cf3e9e0, 24) = 0 [pid 5122] open(".", O_RDONLY) = 5 [pid 5122] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5102] <... futex resumed>) = 0 [pid 5122] futex(0x7f542443d7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5102] futex(0x7f542443d7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5122] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5102] <... futex resumed>) = 0 [pid 5122] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [ 56.818336][ T5103] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5102] futex(0x7f542443d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5122] <... ioctl resumed>) = 0 [pid 5122] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] futex(0x7f542443d7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5103] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 5103] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5103] futex(0x7f542443d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5102] exit_group(0 [pid 5122] <... futex resumed>) = ? [pid 5102] <... exit_group resumed>) = ? [pid 5122] +++ exited with 0 +++ [pid 5103] <... futex resumed>) = ? [pid 5103] +++ exited with 0 +++ [pid 5102] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5102, si_uid=0, si_status=0, si_utime=0, si_stime=34 /* 0.34 s */} --- umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b9b620 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./1/binderfs") = 0 [ 56.955757][ T5103] BTRFS info (device loop0): 1 enospc errors during balance [ 56.963683][ T5103] BTRFS info (device loop0): balance: ended with status: -28 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556ba3660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ba3660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 getdents64(3, 0x555556b9b620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5125 attached , child_tidptr=0x555556b9a5d0) = 5125 [pid 5125] set_robust_list(0x555556b9a5e0, 24) = 0 [pid 5125] chdir("./2") = 0 [pid 5125] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5125] setpgid(0, 0) = 0 [pid 5125] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5125] write(3, "1000", 4) = 4 [pid 5125] close(3) = 0 [pid 5125] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5125] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5125] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f542433f000 [pid 5125] mprotect(0x7f5424340000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5125] clone(child_stack=0x7f542435f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5126 attached [pid 5126] set_robust_list(0x7f542435f9e0, 24 [pid 5125] <... clone resumed>, parent_tid=[5126], tls=0x7f542435f700, child_tidptr=0x7f542435f9d0) = 5126 [pid 5126] <... set_robust_list resumed>) = 0 [pid 5126] futex(0x7f542443d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5125] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5126] <... futex resumed>) = 0 [pid 5125] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5126] memfd_create("syzkaller", 0) = 3 [pid 5126] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f541bf3f000 [pid 5126] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5126] munmap(0x7f541bf3f000, 16777216) = 0 [pid 5126] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5126] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5126] close(3) = 0 [pid 5126] mkdir("./file0", 0777) = 0 [ 57.289548][ T5126] loop0: detected capacity change from 0 to 32768 [ 57.302345][ T5126] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor231 (5126) [ 57.318677][ T5126] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 57.327468][ T5126] BTRFS info (device loop0): turning on flush-on-commit [ 57.334415][ T5126] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 57.345132][ T5126] BTRFS info (device loop0): trying to use backup root at mount time [ 57.353249][ T5126] BTRFS info (device loop0): using free space tree [ 57.369377][ T2823] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 57.383376][ T5126] BTRFS warning (device loop0): couldn't read tree root [ 57.395718][ T5126] BTRFS info (device loop0): enabling ssd optimizations [ 57.403999][ T5126] BTRFS info (device loop0): clearing free space tree [ 57.411421][ T5126] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 57.421490][ T5126] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5126] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5126] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5126] chdir("./file0") = 0 [pid 5126] ioctl(4, LOOP_CLR_FD) = 0 [pid 5126] close(4) = 0 [pid 5126] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5126] futex(0x7f542443d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5125] <... futex resumed>) = 0 [pid 5125] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5126] <... futex resumed>) = 0 [pid 5125] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 57.435620][ T5126] BTRFS info (device loop0): creating free space tree [ 57.444664][ T5126] BTRFS info (device loop0): setting compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 57.454505][ T5126] BTRFS info (device loop0): setting compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 57.468359][ T5126] BTRFS info (device loop0): checking UUID tree [pid 5126] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5126] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5125] <... futex resumed>) = 0 [pid 5126] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0 [pid 5125] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5126] <... ioctl resumed>) = 0 [pid 5125] <... futex resumed>) = 0 [pid 5126] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5125] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5126] <... futex resumed>) = 0 [pid 5125] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5126] futex(0x7f542443d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5125] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5126] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5125] <... futex resumed>) = 0 [pid 5125] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 57.493249][ T27] audit: type=1800 audit(1677515375.087:4): pid=5126 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor231" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 57.523921][ T5126] BTRFS info (device loop0): balance: start -d -m [ 57.532990][ T5126] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5126] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5125] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5125] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5125] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f541cf1e000 [pid 5125] mprotect(0x7f541cf1f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5125] clone(child_stack=0x7f541cf3e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5145], tls=0x7f541cf3e700, child_tidptr=0x7f541cf3e9d0) = 5145 [pid 5125] futex(0x7f542443d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5125] futex(0x7f542443d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5145 attached [pid 5145] set_robust_list(0x7f541cf3e9e0, 24) = 0 [pid 5145] open(".", O_RDONLY) = 5 [pid 5145] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5125] <... futex resumed>) = 0 [pid 5145] futex(0x7f542443d7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5125] futex(0x7f542443d7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5145] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5145] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [pid 5125] <... futex resumed>) = 0 [ 57.563799][ T5126] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5125] futex(0x7f542443d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5145] <... ioctl resumed>) = 0 [pid 5145] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 57.682100][ T5126] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 57.711662][ T5126] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5145] futex(0x7f542443d7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5126] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5126] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5125] exit_group(0 [pid 5145] <... futex resumed>) = ? [pid 5125] <... exit_group resumed>) = ? [pid 5145] +++ exited with 0 +++ [pid 5126] +++ exited with 0 +++ [pid 5125] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5125, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=43 /* 0.43 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b9b620 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./2/binderfs") = 0 [ 57.739305][ T5126] BTRFS info (device loop0): balance: ended with status: 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556ba3660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ba3660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 getdents64(3, 0x555556b9b620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b9a5d0) = 5146 ./strace-static-x86_64: Process 5146 attached [pid 5146] set_robust_list(0x555556b9a5e0, 24) = 0 [pid 5146] chdir("./3") = 0 [pid 5146] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5146] setpgid(0, 0) = 0 [pid 5146] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5146] write(3, "1000", 4) = 4 [pid 5146] close(3) = 0 [pid 5146] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5146] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5146] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f542433f000 [pid 5146] mprotect(0x7f5424340000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5146] clone(child_stack=0x7f542435f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5147], tls=0x7f542435f700, child_tidptr=0x7f542435f9d0) = 5147 [pid 5146] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5146] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5147 attached [pid 5147] set_robust_list(0x7f542435f9e0, 24) = 0 [pid 5147] memfd_create("syzkaller", 0) = 3 [pid 5147] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f541bf3f000 [pid 5147] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5147] munmap(0x7f541bf3f000, 16777216) = 0 [pid 5147] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5147] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5147] close(3) = 0 [pid 5147] mkdir("./file0", 0777) = 0 [ 58.017998][ T5147] loop0: detected capacity change from 0 to 32768 [ 58.029026][ T5147] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor231 (5147) [ 58.044913][ T5147] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 58.053964][ T5147] BTRFS info (device loop0): turning on flush-on-commit [ 58.061238][ T5147] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 58.072052][ T5147] BTRFS info (device loop0): trying to use backup root at mount time [ 58.080394][ T5147] BTRFS info (device loop0): using free space tree [ 58.094174][ T2823] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 58.108081][ T5147] BTRFS warning (device loop0): couldn't read tree root [ 58.119821][ T5147] BTRFS info (device loop0): enabling ssd optimizations [ 58.128751][ T5147] BTRFS info (device loop0): clearing free space tree [ 58.136561][ T5147] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 58.146386][ T5147] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 58.160477][ T5147] BTRFS info (device loop0): creating free space tree [pid 5147] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5147] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5147] chdir("./file0") = 0 [pid 5147] ioctl(4, LOOP_CLR_FD) = 0 [pid 5147] close(4) = 0 [pid 5147] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5146] <... futex resumed>) = 0 [pid 5146] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5146] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5147] <... futex resumed>) = 1 [ 58.170022][ T5147] BTRFS info (device loop0): setting compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 58.179678][ T5147] BTRFS info (device loop0): setting compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 58.191722][ T5147] BTRFS info (device loop0): checking UUID tree [pid 5147] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5147] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5146] <... futex resumed>) = 0 [pid 5146] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5146] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5147] <... futex resumed>) = 1 [pid 5147] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0) = 0 [pid 5147] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5146] <... futex resumed>) = 0 [pid 5146] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5146] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5147] <... futex resumed>) = 1 [pid 5147] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5146] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5146] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5146] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5146] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5146] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f541cf1e000 [pid 5146] mprotect(0x7f541cf1f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5146] clone(child_stack=0x7f541cf3e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5166], tls=0x7f541cf3e700, child_tidptr=0x7f541cf3e9d0) = 5166 [pid 5146] futex(0x7f542443d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 58.209384][ T27] audit: type=1800 audit(1677515375.807:5): pid=5147 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor231" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 58.241442][ T5147] BTRFS info (device loop0): balance: start -d -m [ 58.249090][ T5147] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5146] futex(0x7f542443d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5166 attached [pid 5166] set_robust_list(0x7f541cf3e9e0, 24) = 0 [pid 5166] open(".", O_RDONLY) = 5 [pid 5166] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5166] futex(0x7f542443d7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5146] <... futex resumed>) = 0 [pid 5146] futex(0x7f542443d7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5166] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5146] <... futex resumed>) = 0 [pid 5166] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [ 58.291575][ T5147] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5146] futex(0x7f542443d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5166] <... ioctl resumed>) = 0 [pid 5166] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 58.432926][ T5147] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 58.462961][ T5147] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5166] futex(0x7f542443d7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5147] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5147] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5146] exit_group(0 [pid 5147] ???( [pid 5166] <... futex resumed>) = ? [pid 5146] <... exit_group resumed>) = ? [pid 5147] <... ??? resumed>) = ? [pid 5166] +++ exited with 0 +++ [pid 5147] +++ exited with 0 +++ [pid 5146] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5146, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=37 /* 0.37 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b9b620 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./3/binderfs") = 0 [ 58.490615][ T5147] BTRFS info (device loop0): balance: ended with status: 0 [ 58.508024][ T5147] syz-executor231 (5147) used greatest stack depth: 19280 bytes left umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556ba3660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ba3660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 getdents64(3, 0x555556b9b620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5168 attached , child_tidptr=0x555556b9a5d0) = 5168 [pid 5168] set_robust_list(0x555556b9a5e0, 24) = 0 [pid 5168] chdir("./4") = 0 [pid 5168] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5168] setpgid(0, 0) = 0 [pid 5168] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5168] write(3, "1000", 4) = 4 [pid 5168] close(3) = 0 [pid 5168] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5168] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5168] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f542433f000 [pid 5168] mprotect(0x7f5424340000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5168] clone(child_stack=0x7f542435f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5169 attached , parent_tid=[5169], tls=0x7f542435f700, child_tidptr=0x7f542435f9d0) = 5169 [pid 5169] set_robust_list(0x7f542435f9e0, 24) = 0 [pid 5169] futex(0x7f542443d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5168] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5169] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5168] <... futex resumed>) = 0 [pid 5168] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5169] memfd_create("syzkaller", 0) = 3 [pid 5169] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f541bf3f000 [pid 5169] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5169] munmap(0x7f541bf3f000, 16777216) = 0 [pid 5169] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5169] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5169] close(3) = 0 [pid 5169] mkdir("./file0", 0777) = 0 [ 58.803039][ T5169] loop0: detected capacity change from 0 to 32768 [ 58.814996][ T5169] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor231 (5169) [ 58.832843][ T5169] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 58.841809][ T5169] BTRFS info (device loop0): turning on flush-on-commit [ 58.848964][ T5169] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 58.860313][ T5169] BTRFS info (device loop0): trying to use backup root at mount time [ 58.868681][ T5169] BTRFS info (device loop0): using free space tree [ 58.884837][ T41] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 58.898847][ T5169] BTRFS warning (device loop0): couldn't read tree root [ 58.911762][ T5169] BTRFS info (device loop0): enabling ssd optimizations [ 58.919944][ T5169] BTRFS info (device loop0): clearing free space tree [ 58.927047][ T5169] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 58.937017][ T5169] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5169] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5169] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5169] chdir("./file0") = 0 [pid 5169] ioctl(4, LOOP_CLR_FD) = 0 [pid 5169] close(4) = 0 [pid 5169] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5168] <... futex resumed>) = 0 [pid 5168] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5168] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 58.950684][ T5169] BTRFS info (device loop0): creating free space tree [ 58.958515][ T5169] BTRFS info (device loop0): setting compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 58.968354][ T5169] BTRFS info (device loop0): setting compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 58.980396][ T5169] BTRFS info (device loop0): checking UUID tree [pid 5169] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5169] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5169] futex(0x7f542443d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5168] <... futex resumed>) = 0 [pid 5168] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5169] <... futex resumed>) = 0 [pid 5168] <... futex resumed>) = 1 [pid 5169] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0) = 0 [pid 5169] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5169] futex(0x7f542443d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5168] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5168] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5169] <... futex resumed>) = 0 [pid 5168] <... futex resumed>) = 1 [pid 5169] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5168] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5168] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5168] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f541cf1e000 [ 59.008635][ T27] audit: type=1800 audit(1677515376.607:6): pid=5169 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor231" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 59.039393][ T5169] BTRFS info (device loop0): balance: start -d -m [ 59.047551][ T5169] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5168] mprotect(0x7f541cf1f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5168] clone(child_stack=0x7f541cf3e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5188], tls=0x7f541cf3e700, child_tidptr=0x7f541cf3e9d0) = 5188 [pid 5168] futex(0x7f542443d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5168] futex(0x7f542443d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5188 attached [pid 5188] set_robust_list(0x7f541cf3e9e0, 24) = 0 [pid 5188] open(".", O_RDONLY) = 5 [pid 5188] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5188] futex(0x7f542443d7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5168] <... futex resumed>) = 0 [pid 5168] futex(0x7f542443d7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5188] <... futex resumed>) = 0 [pid 5168] <... futex resumed>) = 1 [pid 5188] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [ 59.094697][ T5169] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5168] futex(0x7f542443d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5188] <... ioctl resumed>) = 0 [pid 5188] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 59.230692][ T5169] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 59.258372][ T5169] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5188] futex(0x7f542443d7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5169] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5169] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5168] exit_group(0 [pid 5188] <... futex resumed>) = ? [pid 5168] <... exit_group resumed>) = ? [pid 5169] <... futex resumed>) = ? [pid 5188] +++ exited with 0 +++ [pid 5169] +++ exited with 0 +++ [pid 5168] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5168, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=38 /* 0.38 s */} --- umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b9b620 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./4/binderfs") = 0 [ 59.286054][ T5169] BTRFS info (device loop0): balance: ended with status: 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556ba3660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ba3660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 getdents64(3, 0x555556b9b620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b9a5d0) = 5189 ./strace-static-x86_64: Process 5189 attached [pid 5189] set_robust_list(0x555556b9a5e0, 24) = 0 [pid 5189] chdir("./5") = 0 [pid 5189] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5189] setpgid(0, 0) = 0 [pid 5189] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5189] write(3, "1000", 4) = 4 [pid 5189] close(3) = 0 [pid 5189] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5189] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5189] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f542433f000 [pid 5189] mprotect(0x7f5424340000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5189] clone(child_stack=0x7f542435f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5190], tls=0x7f542435f700, child_tidptr=0x7f542435f9d0) = 5190 [pid 5189] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5189] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5190 attached [pid 5190] set_robust_list(0x7f542435f9e0, 24) = 0 [pid 5190] memfd_create("syzkaller", 0) = 3 [pid 5190] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f541bf3f000 [pid 5190] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5190] munmap(0x7f541bf3f000, 16777216) = 0 [pid 5190] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5190] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5190] close(3) = 0 [pid 5190] mkdir("./file0", 0777) = 0 [ 59.659825][ T5190] loop0: detected capacity change from 0 to 32768 [ 59.671086][ T5190] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor231 (5190) [ 59.687931][ T5190] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 59.696779][ T5190] BTRFS info (device loop0): turning on flush-on-commit [ 59.703718][ T5190] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 59.715006][ T5190] BTRFS info (device loop0): trying to use backup root at mount time [ 59.723429][ T5190] BTRFS info (device loop0): using free space tree [ 59.737413][ T42] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 59.751442][ T5190] BTRFS warning (device loop0): couldn't read tree root [ 59.763579][ T5190] BTRFS info (device loop0): enabling ssd optimizations [ 59.772194][ T5190] BTRFS info (device loop0): clearing free space tree [ 59.779176][ T5190] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 59.788939][ T5190] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 59.802747][ T5190] BTRFS info (device loop0): creating free space tree [pid 5190] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5190] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5190] chdir("./file0") = 0 [pid 5190] ioctl(4, LOOP_CLR_FD) = 0 [pid 5190] close(4) = 0 [pid 5190] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5190] futex(0x7f542443d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5189] <... futex resumed>) = 0 [pid 5189] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5190] <... futex resumed>) = 0 [pid 5189] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 59.811736][ T5190] BTRFS info (device loop0): setting compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 59.821422][ T5190] BTRFS info (device loop0): setting compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5190] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5190] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5189] <... futex resumed>) = 0 [pid 5190] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0 [pid 5189] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5190] <... ioctl resumed>) = 0 [pid 5189] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5190] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5189] <... futex resumed>) = 0 [pid 5189] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5190] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 59.855509][ T27] audit: type=1800 audit(1677515377.447:7): pid=5190 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor231" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5189] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5189] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5189] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f541cf1e000 [pid 5189] mprotect(0x7f541cf1f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5189] clone(child_stack=0x7f541cf3e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5209], tls=0x7f541cf3e700, child_tidptr=0x7f541cf3e9d0) = 5209 [pid 5189] futex(0x7f542443d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5189] futex(0x7f542443d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5209 attached [pid 5209] set_robust_list(0x7f541cf3e9e0, 24) = 0 [pid 5209] open(".", O_RDONLY) = 5 [pid 5209] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5209] futex(0x7f542443d7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5189] <... futex resumed>) = 0 [pid 5189] futex(0x7f542443d7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5209] <... futex resumed>) = 0 [pid 5189] <... futex resumed>) = 1 [pid 5209] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [pid 5189] futex(0x7f542443d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5209] <... ioctl resumed>) = 0 [pid 5209] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5209] futex(0x7f542443d7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5190] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5190] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5190] futex(0x7f542443d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5189] exit_group(0 [pid 5209] <... futex resumed>) = ? [pid 5189] <... exit_group resumed>) = ? [pid 5209] +++ exited with 0 +++ [pid 5190] <... futex resumed>) = ? [pid 5190] +++ exited with 0 +++ [pid 5189] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5189, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=39 /* 0.39 s */} --- umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b9b620 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./5/binderfs") = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556ba3660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ba3660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 getdents64(3, 0x555556b9b620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b9a5d0) = 5211 ./strace-static-x86_64: Process 5211 attached [pid 5211] set_robust_list(0x555556b9a5e0, 24) = 0 [pid 5211] chdir("./6") = 0 [pid 5211] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5211] setpgid(0, 0) = 0 [pid 5211] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5211] write(3, "1000", 4) = 4 [pid 5211] close(3) = 0 [pid 5211] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5211] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5211] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f542433f000 [pid 5211] mprotect(0x7f5424340000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5211] clone(child_stack=0x7f542435f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5212], tls=0x7f542435f700, child_tidptr=0x7f542435f9d0) = 5212 [pid 5211] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5211] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5212 attached [pid 5212] set_robust_list(0x7f542435f9e0, 24) = 0 [pid 5212] memfd_create("syzkaller", 0) = 3 [pid 5212] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f541bf3f000 [pid 5212] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5212] munmap(0x7f541bf3f000, 16777216) = 0 [pid 5212] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5212] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5212] close(3) = 0 [pid 5212] mkdir("./file0", 0777) = 0 [ 60.364726][ T5212] loop0: detected capacity change from 0 to 32768 [ 60.377535][ T5212] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor231 (5212) [ 60.392201][ T5212] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [pid 5212] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5212] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5212] chdir("./file0") = 0 [pid 5212] ioctl(4, LOOP_CLR_FD) = 0 [pid 5212] close(4) = 0 [pid 5212] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5211] <... futex resumed>) = 0 [pid 5211] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5211] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5212] <... futex resumed>) = 1 [ 60.410750][ T2823] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 60.424474][ T5212] BTRFS warning (device loop0): couldn't read tree root [pid 5212] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5212] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5211] <... futex resumed>) = 0 [pid 5211] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5211] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5212] <... futex resumed>) = 1 [pid 5212] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0) = 0 [pid 5212] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5211] <... futex resumed>) = 0 [pid 5211] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5211] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5212] <... futex resumed>) = 1 [ 60.459807][ T27] audit: type=1800 audit(1677515378.057:8): pid=5212 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor231" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5212] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5211] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5211] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5211] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5211] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f541cf1e000 [pid 5211] mprotect(0x7f541cf1f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5211] clone(child_stack=0x7f541cf3e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5231], tls=0x7f541cf3e700, child_tidptr=0x7f541cf3e9d0) = 5231 [pid 5211] futex(0x7f542443d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5211] futex(0x7f542443d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5231 attached [pid 5231] set_robust_list(0x7f541cf3e9e0, 24) = 0 [pid 5231] open(".", O_RDONLY) = 5 [pid 5231] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5211] <... futex resumed>) = 0 [pid 5211] futex(0x7f542443d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5211] futex(0x7f542443d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5231] <... futex resumed>) = 1 [pid 5231] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [pid 5211] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5211] futex(0x7f542443d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5211] futex(0x7f542443d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5231] <... ioctl resumed>) = 0 [pid 5231] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5231] futex(0x7f542443d7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5212] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5212] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5211] exit_group(0 [pid 5231] <... futex resumed>) = ? [pid 5211] <... exit_group resumed>) = ? [pid 5231] +++ exited with 0 +++ [pid 5212] <... futex resumed>) = ? [pid 5212] +++ exited with 0 +++ [pid 5211] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5211, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=30 /* 0.30 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b9b620 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./6/binderfs") = 0 [ 60.675558][ T5212] _btrfs_printk: 23 callbacks suppressed [ 60.675577][ T5212] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 60.703771][ T5212] BTRFS info (device loop0): balance: ended with status: 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556ba3660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ba3660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 getdents64(3, 0x555556b9b620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b9a5d0) = 5232 ./strace-static-x86_64: Process 5232 attached [pid 5232] set_robust_list(0x555556b9a5e0, 24) = 0 [pid 5232] chdir("./7") = 0 [pid 5232] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5232] setpgid(0, 0) = 0 [pid 5232] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5232] write(3, "1000", 4) = 4 [pid 5232] close(3) = 0 [pid 5232] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5232] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5232] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f542433f000 [pid 5232] mprotect(0x7f5424340000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5232] clone(child_stack=0x7f542435f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5233], tls=0x7f542435f700, child_tidptr=0x7f542435f9d0) = 5233 ./strace-static-x86_64: Process 5233 attached [pid 5233] set_robust_list(0x7f542435f9e0, 24) = 0 [pid 5233] futex(0x7f542443d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5232] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5233] <... futex resumed>) = 0 [pid 5232] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5233] memfd_create("syzkaller", 0) = 3 [pid 5233] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f541bf3f000 [pid 5233] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5233] munmap(0x7f541bf3f000, 16777216) = 0 [pid 5233] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5233] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5233] close(3) = 0 [pid 5233] mkdir("./file0", 0777) = 0 [ 60.992139][ T5233] loop0: detected capacity change from 0 to 32768 [ 61.003312][ T5233] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor231 (5233) [ 61.020714][ T5233] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 61.029642][ T5233] BTRFS info (device loop0): turning on flush-on-commit [ 61.036758][ T5233] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 61.047605][ T5233] BTRFS info (device loop0): trying to use backup root at mount time [ 61.055724][ T5233] BTRFS info (device loop0): using free space tree [ 61.070755][ T2823] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 61.084689][ T5233] BTRFS warning (device loop0): couldn't read tree root [ 61.097003][ T5233] BTRFS info (device loop0): enabling ssd optimizations [ 61.105455][ T5233] BTRFS info (device loop0): clearing free space tree [ 61.112820][ T5233] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 61.123095][ T5233] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 61.137508][ T5233] BTRFS info (device loop0): creating free space tree [pid 5233] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5233] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5233] chdir("./file0") = 0 [pid 5233] ioctl(4, LOOP_CLR_FD) = 0 [pid 5233] close(4) = 0 [pid 5233] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5233] futex(0x7f542443d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5232] <... futex resumed>) = 0 [pid 5232] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5232] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5233] <... futex resumed>) = 0 [ 61.144938][ T5233] BTRFS info (device loop0): setting compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 61.154831][ T5233] BTRFS info (device loop0): setting compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 61.167949][ T5233] BTRFS info (device loop0): checking UUID tree [pid 5233] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5233] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5232] <... futex resumed>) = 0 [pid 5233] <... futex resumed>) = 1 [pid 5232] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5232] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5233] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0) = 0 [pid 5233] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5232] <... futex resumed>) = 0 [pid 5232] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5232] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 61.192705][ T27] audit: type=1800 audit(1677515378.787:9): pid=5233 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor231" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 61.236794][ T5233] BTRFS info (device loop0): balance: start -d -m [pid 5233] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5232] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5232] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5232] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f541cf1e000 [pid 5232] mprotect(0x7f541cf1f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5232] clone(child_stack=0x7f541cf3e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5252], tls=0x7f541cf3e700, child_tidptr=0x7f541cf3e9d0) = 5252 [pid 5232] futex(0x7f542443d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 61.243858][ T5233] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5232] futex(0x7f542443d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5252 attached [pid 5252] set_robust_list(0x7f541cf3e9e0, 24) = 0 [pid 5252] open(".", O_RDONLY) = 5 [pid 5252] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5252] futex(0x7f542443d7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5232] <... futex resumed>) = 0 [pid 5232] futex(0x7f542443d7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5252] <... futex resumed>) = 0 [pid 5232] <... futex resumed>) = 1 [pid 5252] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [ 61.280379][ T5233] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5232] futex(0x7f542443d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5252] <... ioctl resumed>) = 0 [pid 5252] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 61.399062][ T5233] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 61.432692][ T5233] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5252] futex(0x7f542443d7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5233] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5233] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5233] futex(0x7f542443d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5232] exit_group(0 [pid 5252] <... futex resumed>) = ? [pid 5233] <... futex resumed>) = ? [pid 5232] <... exit_group resumed>) = ? [pid 5252] +++ exited with 0 +++ [pid 5233] +++ exited with 0 +++ [pid 5232] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5232, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=37 /* 0.37 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b9b620 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./7/binderfs") = 0 [ 61.458168][ T5233] BTRFS info (device loop0): balance: ended with status: 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556ba3660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ba3660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 getdents64(3, 0x555556b9b620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b9a5d0) = 5254 ./strace-static-x86_64: Process 5254 attached [pid 5254] set_robust_list(0x555556b9a5e0, 24) = 0 [pid 5254] chdir("./8") = 0 [pid 5254] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5254] setpgid(0, 0) = 0 [pid 5254] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5254] write(3, "1000", 4) = 4 [pid 5254] close(3) = 0 [pid 5254] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5254] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5254] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f542433f000 [pid 5254] mprotect(0x7f5424340000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5254] clone(child_stack=0x7f542435f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5255], tls=0x7f542435f700, child_tidptr=0x7f542435f9d0) = 5255 [pid 5254] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5254] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5255 attached [pid 5255] set_robust_list(0x7f542435f9e0, 24) = 0 [pid 5255] memfd_create("syzkaller", 0) = 3 [pid 5255] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f541bf3f000 [pid 5255] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5255] munmap(0x7f541bf3f000, 16777216) = 0 [pid 5255] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5255] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5255] close(3) = 0 [pid 5255] mkdir("./file0", 0777) = 0 [ 61.711978][ T5255] loop0: detected capacity change from 0 to 32768 [ 61.724137][ T5255] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor231 (5255) [ 61.741471][ T5255] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 61.750284][ T5255] BTRFS info (device loop0): turning on flush-on-commit [ 61.757307][ T5255] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 61.767976][ T5255] BTRFS info (device loop0): trying to use backup root at mount time [ 61.776254][ T5255] BTRFS info (device loop0): using free space tree [ 61.790248][ T2823] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 61.803687][ T5255] BTRFS warning (device loop0): couldn't read tree root [ 61.815967][ T5255] BTRFS info (device loop0): enabling ssd optimizations [ 61.824149][ T5255] BTRFS info (device loop0): clearing free space tree [ 61.831709][ T5255] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 61.841590][ T5255] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 61.855594][ T5255] BTRFS info (device loop0): creating free space tree [pid 5255] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5255] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5255] chdir("./file0") = 0 [pid 5255] ioctl(4, LOOP_CLR_FD) = 0 [pid 5255] close(4) = 0 [pid 5255] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5254] <... futex resumed>) = 0 [pid 5254] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5254] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5255] <... futex resumed>) = 1 [ 61.863992][ T5255] BTRFS info (device loop0): setting compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 61.873784][ T5255] BTRFS info (device loop0): setting compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 61.887323][ T5255] BTRFS info (device loop0): checking UUID tree [pid 5255] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5255] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5254] <... futex resumed>) = 0 [pid 5254] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5254] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5255] <... futex resumed>) = 1 [pid 5255] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0) = 0 [pid 5255] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5254] <... futex resumed>) = 0 [pid 5254] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5254] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5255] <... futex resumed>) = 1 [pid 5255] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5254] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5254] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5254] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5254] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f541cf1e000 [pid 5254] mprotect(0x7f541cf1f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5254] clone(child_stack=0x7f541cf3e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5274], tls=0x7f541cf3e700, child_tidptr=0x7f541cf3e9d0) = 5274 [pid 5254] futex(0x7f542443d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5254] futex(0x7f542443d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5274 attached [pid 5274] set_robust_list(0x7f541cf3e9e0, 24) = 0 [ 61.911008][ T27] audit: type=1800 audit(1677515379.507:10): pid=5255 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor231" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 61.943045][ T5255] BTRFS info (device loop0): balance: start -d -m [ 61.950696][ T5255] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5274] open(".", O_RDONLY) = 5 [pid 5274] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5254] <... futex resumed>) = 0 [pid 5254] futex(0x7f542443d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5254] futex(0x7f542443d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5274] <... futex resumed>) = 1 [ 61.993203][ T5255] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5274] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [pid 5254] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5274] <... ioctl resumed>) = 0 [pid 5274] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 62.115678][ T5255] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 62.139280][ T5255] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5274] futex(0x7f542443d7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5255] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5255] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5254] exit_group(0 [pid 5255] <... futex resumed>) = ? [pid 5274] <... futex resumed>) = ? [pid 5254] <... exit_group resumed>) = ? [pid 5274] +++ exited with 0 +++ [pid 5255] +++ exited with 0 +++ [pid 5254] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5254, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=43 /* 0.43 s */} --- umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b9b620 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./8/binderfs") = 0 [ 62.169290][ T5255] BTRFS info (device loop0): balance: ended with status: 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556ba3660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ba3660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = 0 getdents64(3, 0x555556b9b620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b9a5d0) = 5275 ./strace-static-x86_64: Process 5275 attached [pid 5275] set_robust_list(0x555556b9a5e0, 24) = 0 [pid 5275] chdir("./9") = 0 [pid 5275] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5275] setpgid(0, 0) = 0 [pid 5275] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5275] write(3, "1000", 4) = 4 [pid 5275] close(3) = 0 [pid 5275] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5275] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5275] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f542433f000 [pid 5275] mprotect(0x7f5424340000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5275] clone(child_stack=0x7f542435f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5276], tls=0x7f542435f700, child_tidptr=0x7f542435f9d0) = 5276 ./strace-static-x86_64: Process 5276 attached [pid 5275] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5276] set_robust_list(0x7f542435f9e0, 24 [pid 5275] <... futex resumed>) = 0 [pid 5276] <... set_robust_list resumed>) = 0 [pid 5275] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5276] memfd_create("syzkaller", 0) = 3 [pid 5276] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f541bf3f000 [pid 5276] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5276] munmap(0x7f541bf3f000, 16777216) = 0 [pid 5276] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5276] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5276] close(3) = 0 [pid 5276] mkdir("./file0", 0777) = 0 [ 62.449440][ T5276] loop0: detected capacity change from 0 to 32768 [ 62.460454][ T5276] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor231 (5276) [ 62.478607][ T5276] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 62.487388][ T5276] BTRFS info (device loop0): turning on flush-on-commit [ 62.494359][ T5276] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 62.505186][ T5276] BTRFS info (device loop0): trying to use backup root at mount time [ 62.513648][ T5276] BTRFS info (device loop0): using free space tree [ 62.527746][ T42] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 62.541597][ T5276] BTRFS warning (device loop0): couldn't read tree root [ 62.554128][ T5276] BTRFS info (device loop0): enabling ssd optimizations [ 62.562343][ T5276] BTRFS info (device loop0): clearing free space tree [ 62.569338][ T5276] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 62.579096][ T5276] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 62.592801][ T5276] BTRFS info (device loop0): creating free space tree [pid 5276] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5276] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5276] chdir("./file0") = 0 [pid 5276] ioctl(4, LOOP_CLR_FD) = 0 [pid 5276] close(4) = 0 [pid 5276] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5276] futex(0x7f542443d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5275] <... futex resumed>) = 0 [pid 5275] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5276] <... futex resumed>) = 0 [pid 5275] <... futex resumed>) = 1 [ 62.600537][ T5276] BTRFS info (device loop0): setting compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 62.610160][ T5276] BTRFS info (device loop0): setting compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 62.622812][ T5276] BTRFS info (device loop0): checking UUID tree [pid 5276] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5275] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5276] <... open resumed>) = 4 [pid 5276] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5275] <... futex resumed>) = 0 [pid 5275] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5275] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5276] <... futex resumed>) = 1 [pid 5276] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0) = 0 [pid 5276] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5275] <... futex resumed>) = 0 [pid 5275] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5275] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5276] <... futex resumed>) = 1 [pid 5276] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5275] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5275] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5275] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f541cf1e000 [pid 5275] mprotect(0x7f541cf1f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5275] clone(child_stack=0x7f541cf3e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5295], tls=0x7f541cf3e700, child_tidptr=0x7f541cf3e9d0) = 5295 [pid 5275] futex(0x7f542443d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 62.647468][ T27] audit: type=1800 audit(1677515380.247:11): pid=5276 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor231" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 62.678798][ T5276] BTRFS info (device loop0): balance: start -d -m [ 62.688397][ T5276] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5275] futex(0x7f542443d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5295 attached [pid 5295] set_robust_list(0x7f541cf3e9e0, 24) = 0 [pid 5295] open(".", O_RDONLY) = 5 [pid 5295] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5275] <... futex resumed>) = 0 [pid 5295] futex(0x7f542443d7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5275] futex(0x7f542443d7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5295] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5275] <... futex resumed>) = 0 [pid 5295] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [ 62.733565][ T5276] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5275] futex(0x7f542443d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5275] futex(0x7f542443d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5295] <... ioctl resumed>) = 0 [pid 5295] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 62.854183][ T5276] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 62.882301][ T5276] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5295] futex(0x7f542443d7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5276] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5276] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5276] futex(0x7f542443d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5275] exit_group(0 [pid 5295] <... futex resumed>) = ? [pid 5276] <... futex resumed>) = ? [pid 5275] <... exit_group resumed>) = ? [pid 5295] +++ exited with 0 +++ [pid 5276] +++ exited with 0 +++ [pid 5275] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5275, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=42 /* 0.42 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b9b620 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./9/binderfs") = 0 [ 62.907480][ T5276] BTRFS info (device loop0): balance: ended with status: 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556ba3660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ba3660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file0") = 0 getdents64(3, 0x555556b9b620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b9a5d0) = 5296 ./strace-static-x86_64: Process 5296 attached [pid 5296] set_robust_list(0x555556b9a5e0, 24) = 0 [pid 5296] chdir("./10") = 0 [pid 5296] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5296] setpgid(0, 0) = 0 [pid 5296] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5296] write(3, "1000", 4) = 4 [pid 5296] close(3) = 0 [pid 5296] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5296] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5296] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f542433f000 [pid 5296] mprotect(0x7f5424340000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5296] clone(child_stack=0x7f542435f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5297 attached , parent_tid=[5297], tls=0x7f542435f700, child_tidptr=0x7f542435f9d0) = 5297 [pid 5297] set_robust_list(0x7f542435f9e0, 24) = 0 [pid 5297] futex(0x7f542443d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5296] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5297] <... futex resumed>) = 0 [pid 5296] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5297] memfd_create("syzkaller", 0) = 3 [pid 5297] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f541bf3f000 [pid 5297] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5297] munmap(0x7f541bf3f000, 16777216) = 0 [pid 5297] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5297] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5297] close(3) = 0 [pid 5297] mkdir("./file0", 0777) = 0 [ 63.196467][ T5297] loop0: detected capacity change from 0 to 32768 [ 63.207005][ T5297] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor231 (5297) [ 63.223367][ T5297] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 63.232425][ T5297] BTRFS info (device loop0): turning on flush-on-commit [ 63.239659][ T5297] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 63.250456][ T5297] BTRFS info (device loop0): trying to use backup root at mount time [ 63.258840][ T5297] BTRFS info (device loop0): using free space tree [ 63.273427][ T42] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 63.287391][ T5297] BTRFS warning (device loop0): couldn't read tree root [ 63.299361][ T5297] BTRFS info (device loop0): enabling ssd optimizations [ 63.307044][ T5297] BTRFS info (device loop0): clearing free space tree [ 63.313851][ T5297] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 63.323630][ T5297] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 63.338113][ T5297] BTRFS info (device loop0): creating free space tree [pid 5297] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5297] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5297] chdir("./file0") = 0 [pid 5297] ioctl(4, LOOP_CLR_FD) = 0 [pid 5297] close(4) = 0 [pid 5297] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5296] <... futex resumed>) = 0 [pid 5296] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5296] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5297] <... futex resumed>) = 1 [pid 5297] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5297] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5296] <... futex resumed>) = 0 [pid 5296] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5296] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5297] <... futex resumed>) = 1 [pid 5297] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0) = 0 [pid 5297] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5296] <... futex resumed>) = 0 [pid 5296] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5296] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5297] <... futex resumed>) = 1 [ 63.345496][ T5297] BTRFS info (device loop0): setting compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 63.355136][ T5297] BTRFS info (device loop0): setting compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 63.367337][ T5297] BTRFS info (device loop0): checking UUID tree [ 63.380089][ T27] audit: type=1800 audit(1677515380.977:12): pid=5297 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor231" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5297] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5296] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5296] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5296] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f541cf1e000 [pid 5296] mprotect(0x7f541cf1f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5296] clone(child_stack=0x7f541cf3e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5315 attached , parent_tid=[5315], tls=0x7f541cf3e700, child_tidptr=0x7f541cf3e9d0) = 5315 [pid 5296] futex(0x7f542443d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5296] futex(0x7f542443d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5315] set_robust_list(0x7f541cf3e9e0, 24) = 0 [pid 5315] open(".", O_RDONLY) = 5 [pid 5315] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5296] <... futex resumed>) = 0 [pid 5296] futex(0x7f542443d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5296] futex(0x7f542443d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 63.387809][ T5297] BTRFS info (device loop0): balance: start -d -m [ 63.407629][ T5297] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5315] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [pid 5296] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5315] <... ioctl resumed>) = 0 [pid 5315] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 63.533879][ T5297] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 63.584921][ T5297] BTRFS info (device loop0): found 10 extents, stage: move data extents [pid 5315] futex(0x7f542443d7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5296] exit_group(0 [pid 5315] <... futex resumed>) = ? [pid 5296] <... exit_group resumed>) = ? [pid 5315] +++ exited with 0 +++ [pid 5297] <... ioctl resumed> ) = ? [pid 5297] +++ exited with 0 +++ [pid 5296] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5296, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=41 /* 0.41 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b9b620 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./10/binderfs") = 0 [ 63.626959][ T5297] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 63.652549][ T5297] BTRFS info (device loop0): balance: ended with status: 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556ba3660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ba3660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file0") = 0 getdents64(3, 0x555556b9b620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b9a5d0) = 5317 ./strace-static-x86_64: Process 5317 attached [pid 5317] set_robust_list(0x555556b9a5e0, 24) = 0 [pid 5317] chdir("./11") = 0 [pid 5317] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5317] setpgid(0, 0) = 0 [pid 5317] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5317] write(3, "1000", 4) = 4 [pid 5317] close(3) = 0 [pid 5317] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5317] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5317] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f542433f000 [pid 5317] mprotect(0x7f5424340000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5317] clone(child_stack=0x7f542435f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5318], tls=0x7f542435f700, child_tidptr=0x7f542435f9d0) = 5318 [pid 5317] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5317] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5318 attached [pid 5318] set_robust_list(0x7f542435f9e0, 24) = 0 [pid 5318] memfd_create("syzkaller", 0) = 3 [pid 5318] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f541bf3f000 [pid 5318] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5318] munmap(0x7f541bf3f000, 16777216) = 0 [pid 5318] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5318] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5318] close(3) = 0 [pid 5318] mkdir("./file0", 0777) = 0 [ 63.937167][ T5318] loop0: detected capacity change from 0 to 32768 [ 63.947124][ T5318] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor231 (5318) [ 63.964701][ T5318] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 63.973736][ T5318] BTRFS info (device loop0): turning on flush-on-commit [ 63.980981][ T5318] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 63.991837][ T5318] BTRFS info (device loop0): trying to use backup root at mount time [ 64.000375][ T5318] BTRFS info (device loop0): using free space tree [ 64.014832][ T41] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 64.029307][ T5318] BTRFS warning (device loop0): couldn't read tree root [ 64.041772][ T5318] BTRFS info (device loop0): enabling ssd optimizations [ 64.050114][ T5318] BTRFS info (device loop0): clearing free space tree [ 64.056990][ T5318] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 64.066742][ T5318] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 64.081175][ T5318] BTRFS info (device loop0): creating free space tree [pid 5318] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5318] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5318] chdir("./file0") = 0 [pid 5318] ioctl(4, LOOP_CLR_FD) = 0 [pid 5318] close(4) = 0 [pid 5318] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5318] futex(0x7f542443d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5317] <... futex resumed>) = 0 [pid 5317] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5318] <... futex resumed>) = 0 [pid 5317] <... futex resumed>) = 1 [pid 5318] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5317] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5318] <... open resumed>) = 4 [ 64.088834][ T5318] BTRFS info (device loop0): setting compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 64.098495][ T5318] BTRFS info (device loop0): setting compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 64.110773][ T5318] BTRFS info (device loop0): checking UUID tree [pid 5318] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5317] <... futex resumed>) = 0 [pid 5318] futex(0x7f542443d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5317] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5318] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5317] <... futex resumed>) = 0 [pid 5317] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5318] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0) = 0 [pid 5318] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5317] <... futex resumed>) = 0 [pid 5317] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5318] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5317] <... futex resumed>) = 0 [ 64.129715][ T27] audit: type=1800 audit(1677515381.727:13): pid=5318 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor231" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 64.162122][ T5318] BTRFS info (device loop0): balance: start -d -m [ 64.169560][ T5318] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5317] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5317] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5317] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f541cf1e000 [pid 5317] mprotect(0x7f541cf1f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5317] clone(child_stack=0x7f541cf3e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5337], tls=0x7f541cf3e700, child_tidptr=0x7f541cf3e9d0) = 5337 [pid 5317] futex(0x7f542443d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5317] futex(0x7f542443d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5337 attached [pid 5337] set_robust_list(0x7f541cf3e9e0, 24) = 0 [pid 5337] open(".", O_RDONLY) = 5 [pid 5337] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5337] futex(0x7f542443d7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5317] <... futex resumed>) = 0 [pid 5317] futex(0x7f542443d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5317] futex(0x7f542443d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5337] <... futex resumed>) = 0 [ 64.204570][ T5318] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5337] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [pid 5317] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5337] <... ioctl resumed>) = 0 [pid 5337] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 64.347120][ T5318] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 64.371914][ T5318] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5337] futex(0x7f542443d7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5318] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5318] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5317] exit_group(0) = ? [pid 5337] <... futex resumed>) = ? [pid 5337] +++ exited with 0 +++ [pid 5318] <... futex resumed>) = ? [pid 5318] +++ exited with 0 +++ [pid 5317] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5317, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=43 /* 0.43 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b9b620 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./11/binderfs") = 0 [ 64.394144][ T5318] BTRFS info (device loop0): balance: ended with status: 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556ba3660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ba3660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file0") = 0 getdents64(3, 0x555556b9b620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b9a5d0) = 5338 ./strace-static-x86_64: Process 5338 attached [pid 5338] set_robust_list(0x555556b9a5e0, 24) = 0 [pid 5338] chdir("./12") = 0 [pid 5338] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5338] setpgid(0, 0) = 0 [pid 5338] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5338] write(3, "1000", 4) = 4 [pid 5338] close(3) = 0 [pid 5338] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5338] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5338] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f542433f000 [pid 5338] mprotect(0x7f5424340000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5338] clone(child_stack=0x7f542435f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5339 attached , parent_tid=[5339], tls=0x7f542435f700, child_tidptr=0x7f542435f9d0) = 5339 [pid 5339] set_robust_list(0x7f542435f9e0, 24 [pid 5338] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5339] <... set_robust_list resumed>) = 0 [pid 5338] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5339] memfd_create("syzkaller", 0) = 3 [pid 5339] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f541bf3f000 [pid 5339] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5339] munmap(0x7f541bf3f000, 16777216) = 0 [pid 5339] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5339] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5339] close(3) = 0 [pid 5339] mkdir("./file0", 0777) = 0 [ 64.673769][ T5339] loop0: detected capacity change from 0 to 32768 [ 64.686111][ T5339] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor231 (5339) [ 64.705973][ T5339] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 64.715206][ T5339] BTRFS info (device loop0): turning on flush-on-commit [ 64.722472][ T5339] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 64.733155][ T5339] BTRFS info (device loop0): trying to use backup root at mount time [ 64.741473][ T5339] BTRFS info (device loop0): using free space tree [ 64.755799][ T2823] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [pid 5339] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5339] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5339] chdir("./file0") = 0 [pid 5339] ioctl(4, LOOP_CLR_FD) = 0 [pid 5339] close(4) = 0 [pid 5339] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5338] <... futex resumed>) = 0 [pid 5339] futex(0x7f542443d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5338] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5339] <... futex resumed>) = 0 [pid 5339] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [ 64.769660][ T5339] BTRFS warning (device loop0): couldn't read tree root [ 64.782094][ T5339] BTRFS info (device loop0): enabling ssd optimizations [ 64.790327][ T5339] BTRFS info (device loop0): clearing free space tree [ 64.797615][ T5339] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 64.807633][ T5339] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5338] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5339] <... open resumed>) = 4 [pid 5339] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5338] <... futex resumed>) = 0 [pid 5339] futex(0x7f542443d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5338] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5339] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5338] <... futex resumed>) = 0 [pid 5339] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0 [pid 5338] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5339] <... ioctl resumed>) = 0 [pid 5339] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5338] <... futex resumed>) = 0 [pid 5339] futex(0x7f542443d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5338] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5339] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5338] <... futex resumed>) = 0 [pid 5339] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 64.849528][ T27] audit: type=1800 audit(1677515382.447:14): pid=5339 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor231" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5338] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5338] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5338] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f541cf1e000 [pid 5338] mprotect(0x7f541cf1f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5338] clone(child_stack=0x7f541cf3e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5358], tls=0x7f541cf3e700, child_tidptr=0x7f541cf3e9d0) = 5358 [pid 5338] futex(0x7f542443d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5338] futex(0x7f542443d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5358 attached [pid 5358] set_robust_list(0x7f541cf3e9e0, 24) = 0 [pid 5358] open(".", O_RDONLY) = 5 [pid 5358] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5358] futex(0x7f542443d7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5338] <... futex resumed>) = 0 [pid 5338] futex(0x7f542443d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5358] <... futex resumed>) = 0 [pid 5358] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [pid 5338] futex(0x7f542443d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5358] <... ioctl resumed>) = 0 [pid 5358] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5358] futex(0x7f542443d7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5339] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5339] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5338] exit_group(0 [pid 5339] <... futex resumed>) = 0 [pid 5358] <... futex resumed>) = ? [pid 5338] <... exit_group resumed>) = ? [pid 5358] +++ exited with 0 +++ [pid 5339] +++ exited with 0 +++ [pid 5338] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5338, si_uid=0, si_status=0, si_utime=0, si_stime=37 /* 0.37 s */} --- umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b9b620 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./12/binderfs") = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556ba3660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ba3660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file0") = 0 getdents64(3, 0x555556b9b620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b9a5d0) = 5359 ./strace-static-x86_64: Process 5359 attached [pid 5359] set_robust_list(0x555556b9a5e0, 24) = 0 [pid 5359] chdir("./13") = 0 [pid 5359] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5359] setpgid(0, 0) = 0 [pid 5359] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5359] write(3, "1000", 4) = 4 [pid 5359] close(3) = 0 [pid 5359] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5359] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5359] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f542433f000 [pid 5359] mprotect(0x7f5424340000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5359] clone(child_stack=0x7f542435f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5360 attached [pid 5360] set_robust_list(0x7f542435f9e0, 24) = 0 [pid 5360] futex(0x7f542443d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5359] <... clone resumed>, parent_tid=[5360], tls=0x7f542435f700, child_tidptr=0x7f542435f9d0) = 5360 [pid 5359] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5360] <... futex resumed>) = 0 [pid 5359] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5360] memfd_create("syzkaller", 0) = 3 [pid 5360] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f541bf3f000 [pid 5360] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5360] munmap(0x7f541bf3f000, 16777216) = 0 [pid 5360] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5360] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5360] close(3) = 0 [pid 5360] mkdir("./file0", 0777) = 0 [ 65.365842][ T5360] loop0: detected capacity change from 0 to 32768 [ 65.377207][ T5360] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor231 (5360) [ 65.393777][ T5360] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [pid 5360] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5360] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5360] chdir("./file0") = 0 [pid 5360] ioctl(4, LOOP_CLR_FD) = 0 [pid 5360] close(4) = 0 [pid 5360] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5359] <... futex resumed>) = 0 [pid 5360] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [ 65.412085][ T41] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 65.426080][ T5360] BTRFS warning (device loop0): couldn't read tree root [pid 5359] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5360] <... open resumed>) = 4 [pid 5360] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5360] futex(0x7f542443d7a8, FUTEX_WAIT_PRIVATE, 0, NULL) = 0 [pid 5359] <... futex resumed>) = 1 [pid 5360] futex(0x7f542443d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5359] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5359] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5360] <... futex resumed>) = 0 [pid 5359] <... futex resumed>) = 1 [pid 5360] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0 [pid 5359] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5360] <... ioctl resumed>) = 0 [pid 5360] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5359] <... futex resumed>) = 0 [pid 5360] futex(0x7f542443d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5359] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5360] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5359] <... futex resumed>) = 0 [pid 5360] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 65.460360][ T27] audit: type=1800 audit(1677515383.057:15): pid=5360 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor231" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5359] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5359] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5359] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f541cf1e000 [pid 5359] mprotect(0x7f541cf1f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5359] clone(child_stack=0x7f541cf3e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5379], tls=0x7f541cf3e700, child_tidptr=0x7f541cf3e9d0) = 5379 [pid 5359] futex(0x7f542443d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5359] futex(0x7f542443d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5379 attached [pid 5379] set_robust_list(0x7f541cf3e9e0, 24) = 0 [pid 5379] open(".", O_RDONLY) = 5 [pid 5379] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5359] <... futex resumed>) = 0 [pid 5359] futex(0x7f542443d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5359] futex(0x7f542443d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5379] <... futex resumed>) = 1 [pid 5379] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [pid 5359] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5359] futex(0x7f542443d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5379] <... ioctl resumed>) = 0 [pid 5379] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5379] futex(0x7f542443d7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5360] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5360] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5360] futex(0x7f542443d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5359] exit_group(0 [pid 5379] <... futex resumed>) = ? [pid 5359] <... exit_group resumed>) = ? [pid 5379] +++ exited with 0 +++ [pid 5360] <... futex resumed>) = ? [pid 5360] +++ exited with 0 +++ [pid 5359] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5359, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=30 /* 0.30 s */} --- umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b9b620 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./13/binderfs") = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556ba3660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ba3660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file0") = 0 getdents64(3, 0x555556b9b620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b9a5d0) = 5380 ./strace-static-x86_64: Process 5380 attached [pid 5380] set_robust_list(0x555556b9a5e0, 24) = 0 [pid 5380] chdir("./14") = 0 [pid 5380] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5380] setpgid(0, 0) = 0 [pid 5380] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5380] write(3, "1000", 4) = 4 [pid 5380] close(3) = 0 [pid 5380] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5380] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5380] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f542433f000 [pid 5380] mprotect(0x7f5424340000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5380] clone(child_stack=0x7f542435f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5381], tls=0x7f542435f700, child_tidptr=0x7f542435f9d0) = 5381 ./strace-static-x86_64: Process 5381 attached [pid 5381] set_robust_list(0x7f542435f9e0, 24) = 0 [pid 5381] futex(0x7f542443d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5380] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5381] <... futex resumed>) = 0 [pid 5381] memfd_create("syzkaller", 0) = 3 [pid 5381] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5380] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5381] <... mmap resumed>) = 0x7f541bf3f000 [pid 5381] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5381] munmap(0x7f541bf3f000, 16777216) = 0 [pid 5381] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5381] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5381] close(3) = 0 [pid 5381] mkdir("./file0", 0777) = 0 [ 65.972941][ T5381] loop0: detected capacity change from 0 to 32768 [ 65.984091][ T5381] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor231 (5381) [ 66.000310][ T5381] _btrfs_printk: 28 callbacks suppressed [ 66.000324][ T5381] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 66.015150][ T5381] BTRFS info (device loop0): turning on flush-on-commit [ 66.022683][ T5381] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 66.033754][ T5381] BTRFS info (device loop0): trying to use backup root at mount time [ 66.042077][ T5381] BTRFS info (device loop0): using free space tree [ 66.057133][ T41] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 66.071397][ T5381] BTRFS warning (device loop0): couldn't read tree root [ 66.084001][ T5381] BTRFS info (device loop0): enabling ssd optimizations [ 66.092132][ T5381] BTRFS info (device loop0): clearing free space tree [ 66.099411][ T5381] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 66.109357][ T5381] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5381] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5381] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5381] chdir("./file0") = 0 [pid 5381] ioctl(4, LOOP_CLR_FD) = 0 [pid 5381] close(4) = 0 [pid 5381] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5381] futex(0x7f542443d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5380] <... futex resumed>) = 0 [pid 5380] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5381] <... futex resumed>) = 0 [pid 5380] <... futex resumed>) = 1 [ 66.123012][ T5381] BTRFS info (device loop0): creating free space tree [ 66.131027][ T5381] BTRFS info (device loop0): setting compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 66.140961][ T5381] BTRFS info (device loop0): setting compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 66.153554][ T5381] BTRFS info (device loop0): checking UUID tree [pid 5381] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5380] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5381] <... open resumed>) = 4 [pid 5381] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5380] <... futex resumed>) = 0 [pid 5381] futex(0x7f542443d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5380] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5381] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5380] <... futex resumed>) = 0 [pid 5381] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0 [pid 5380] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5381] <... ioctl resumed>) = 0 [pid 5381] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5380] <... futex resumed>) = 0 [pid 5381] futex(0x7f542443d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5380] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5381] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5380] <... futex resumed>) = 0 [pid 5381] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5380] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5380] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5380] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f541cf1e000 [pid 5380] mprotect(0x7f541cf1f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5380] clone(child_stack=0x7f541cf3e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5400], tls=0x7f541cf3e700, child_tidptr=0x7f541cf3e9d0) = 5400 [pid 5380] futex(0x7f542443d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 66.177911][ T27] audit: type=1800 audit(1677515383.777:16): pid=5381 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor231" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 66.203978][ T5381] BTRFS info (device loop0): balance: start -d -m [ 66.213757][ T5381] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5380] futex(0x7f542443d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5400 attached [pid 5400] set_robust_list(0x7f541cf3e9e0, 24) = 0 [pid 5400] open(".", O_RDONLY) = 5 [pid 5400] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5380] <... futex resumed>) = 0 [pid 5400] futex(0x7f542443d7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5380] futex(0x7f542443d7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5400] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5380] <... futex resumed>) = 0 [pid 5400] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [ 66.261490][ T5381] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5380] futex(0x7f542443d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5400] <... ioctl resumed>) = 0 [pid 5400] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 66.402870][ T5381] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 66.429746][ T5381] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5400] futex(0x7f542443d7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5381] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5381] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5380] exit_group(0 [pid 5381] <... futex resumed>) = ? [pid 5400] <... futex resumed>) = ? [pid 5380] <... exit_group resumed>) = ? [pid 5400] +++ exited with 0 +++ [pid 5381] +++ exited with 0 +++ [pid 5380] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5380, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=39 /* 0.39 s */} --- umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b9b620 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./14/binderfs") = 0 [ 66.452949][ T5381] BTRFS info (device loop0): balance: ended with status: 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556ba3660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ba3660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file0") = 0 getdents64(3, 0x555556b9b620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5401 attached , child_tidptr=0x555556b9a5d0) = 5401 [pid 5401] set_robust_list(0x555556b9a5e0, 24) = 0 [pid 5401] chdir("./15") = 0 [pid 5401] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5401] setpgid(0, 0) = 0 [pid 5401] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5401] write(3, "1000", 4) = 4 [pid 5401] close(3) = 0 [pid 5401] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5401] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5401] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f542433f000 [pid 5401] mprotect(0x7f5424340000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5401] clone(child_stack=0x7f542435f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5402 attached , parent_tid=[5402], tls=0x7f542435f700, child_tidptr=0x7f542435f9d0) = 5402 [pid 5402] set_robust_list(0x7f542435f9e0, 24) = 0 [pid 5402] futex(0x7f542443d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5401] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5402] <... futex resumed>) = 0 [pid 5401] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5402] memfd_create("syzkaller", 0) = 3 [pid 5402] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f541bf3f000 [pid 5402] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5402] munmap(0x7f541bf3f000, 16777216) = 0 [pid 5402] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5402] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5402] close(3) = 0 [pid 5402] mkdir("./file0", 0777) = 0 [ 66.748089][ T5402] loop0: detected capacity change from 0 to 32768 [ 66.759222][ T5402] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor231 (5402) [ 66.777330][ T5402] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 66.786423][ T5402] BTRFS info (device loop0): turning on flush-on-commit [ 66.793664][ T5402] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 66.804707][ T5402] BTRFS info (device loop0): trying to use backup root at mount time [ 66.813747][ T5402] BTRFS info (device loop0): using free space tree [ 66.827746][ T42] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 66.841645][ T5402] BTRFS warning (device loop0): couldn't read tree root [ 66.853626][ T5402] BTRFS info (device loop0): enabling ssd optimizations [ 66.861413][ T5402] BTRFS info (device loop0): clearing free space tree [ 66.868526][ T5402] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 66.878237][ T5402] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 66.891673][ T5402] BTRFS info (device loop0): creating free space tree [pid 5402] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5402] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5402] chdir("./file0") = 0 [pid 5402] ioctl(4, LOOP_CLR_FD) = 0 [pid 5402] close(4) = 0 [pid 5402] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5401] <... futex resumed>) = 0 [pid 5401] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5401] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5402] <... futex resumed>) = 1 [pid 5402] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [ 66.899384][ T5402] BTRFS info (device loop0): setting compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 66.909005][ T5402] BTRFS info (device loop0): setting compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 66.921673][ T5402] BTRFS info (device loop0): checking UUID tree [pid 5402] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5401] <... futex resumed>) = 0 [pid 5401] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5401] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5402] <... futex resumed>) = 1 [pid 5402] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0) = 0 [pid 5402] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5401] <... futex resumed>) = 0 [pid 5401] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5401] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5402] <... futex resumed>) = 1 [pid 5402] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5401] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5401] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5401] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5401] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f541cf1e000 [pid 5401] mprotect(0x7f541cf1f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5401] clone(child_stack=0x7f541cf3e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5421], tls=0x7f541cf3e700, child_tidptr=0x7f541cf3e9d0) = 5421 [pid 5401] futex(0x7f542443d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5401] futex(0x7f542443d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5421 attached [pid 5421] set_robust_list(0x7f541cf3e9e0, 24) = 0 [pid 5421] open(".", O_RDONLY) = 5 [pid 5421] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5401] <... futex resumed>) = 0 [pid 5421] futex(0x7f542443d7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5401] futex(0x7f542443d7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5421] <... futex resumed>) = 0 [pid 5401] <... futex resumed>) = 1 [pid 5421] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [ 66.957896][ T27] audit: type=1800 audit(1677515384.557:17): pid=5402 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor231" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 66.982997][ T5402] BTRFS info (device loop0): balance: start -d -m [ 66.992858][ T5402] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5401] futex(0x7f542443d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5421] <... ioctl resumed>) = 0 [pid 5421] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 67.134147][ T5402] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 67.175082][ T5402] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 67.200623][ T5402] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5421] futex(0x7f542443d7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5402] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5402] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5402] futex(0x7f542443d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5401] exit_group(0 [pid 5421] <... futex resumed>) = ? [pid 5402] <... futex resumed>) = ? [pid 5401] <... exit_group resumed>) = ? [pid 5402] +++ exited with 0 +++ [pid 5421] +++ exited with 0 +++ [pid 5401] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5401, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=38 /* 0.38 s */} --- umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b9b620 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./15/binderfs") = 0 [ 67.226351][ T5402] BTRFS info (device loop0): balance: ended with status: 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556ba3660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ba3660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file0") = 0 getdents64(3, 0x555556b9b620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b9a5d0) = 5422 ./strace-static-x86_64: Process 5422 attached [pid 5422] set_robust_list(0x555556b9a5e0, 24) = 0 [pid 5422] chdir("./16") = 0 [pid 5422] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5422] setpgid(0, 0) = 0 [pid 5422] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5422] write(3, "1000", 4) = 4 [pid 5422] close(3) = 0 [pid 5422] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5422] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5422] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f542433f000 [pid 5422] mprotect(0x7f5424340000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5422] clone(child_stack=0x7f542435f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5423 attached , parent_tid=[5423], tls=0x7f542435f700, child_tidptr=0x7f542435f9d0) = 5423 [pid 5422] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5422] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5423] set_robust_list(0x7f542435f9e0, 24) = 0 [pid 5423] memfd_create("syzkaller", 0) = 3 [pid 5423] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f541bf3f000 [pid 5423] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5423] munmap(0x7f541bf3f000, 16777216) = 0 [pid 5423] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5423] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5423] close(3) = 0 [pid 5423] mkdir("./file0", 0777) = 0 [ 67.504162][ T5423] loop0: detected capacity change from 0 to 32768 [ 67.515390][ T5423] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor231 (5423) [ 67.531763][ T5423] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 67.540538][ T5423] BTRFS info (device loop0): turning on flush-on-commit [ 67.547523][ T5423] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 67.558165][ T5423] BTRFS info (device loop0): trying to use backup root at mount time [ 67.566300][ T5423] BTRFS info (device loop0): using free space tree [ 67.580368][ T41] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 67.594329][ T5423] BTRFS warning (device loop0): couldn't read tree root [ 67.605598][ T5423] BTRFS info (device loop0): enabling ssd optimizations [ 67.613475][ T5423] BTRFS info (device loop0): clearing free space tree [ 67.620523][ T5423] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 67.630305][ T5423] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 67.643633][ T5423] BTRFS info (device loop0): creating free space tree [pid 5423] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5423] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5423] chdir("./file0") = 0 [pid 5423] ioctl(4, LOOP_CLR_FD) = 0 [pid 5423] close(4) = 0 [pid 5423] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5423] futex(0x7f542443d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5422] <... futex resumed>) = 0 [pid 5422] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5423] <... futex resumed>) = 0 [pid 5422] <... futex resumed>) = 1 [pid 5423] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [ 67.651106][ T5423] BTRFS info (device loop0): setting compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 67.660774][ T5423] BTRFS info (device loop0): setting compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 67.672888][ T5423] BTRFS info (device loop0): checking UUID tree [pid 5422] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5423] <... open resumed>) = 4 [pid 5423] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5423] futex(0x7f542443d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5422] <... futex resumed>) = 0 [pid 5422] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5423] <... futex resumed>) = 0 [pid 5422] <... futex resumed>) = 1 [pid 5423] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0) = 0 [pid 5423] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5423] futex(0x7f542443d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5422] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5422] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5423] <... futex resumed>) = 0 [pid 5422] <... futex resumed>) = 1 [ 67.701771][ T27] audit: type=1800 audit(1677515385.297:18): pid=5423 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor231" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 67.737865][ T5423] BTRFS info (device loop0): balance: start -d -m [pid 5423] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 67.744892][ T5423] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5422] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5422] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5422] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f541cf1e000 [pid 5422] mprotect(0x7f541cf1f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5422] clone(child_stack=0x7f541cf3e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5442], tls=0x7f541cf3e700, child_tidptr=0x7f541cf3e9d0) = 5442 [pid 5422] futex(0x7f542443d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5422] futex(0x7f542443d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5442 attached [pid 5442] set_robust_list(0x7f541cf3e9e0, 24) = 0 [pid 5442] open(".", O_RDONLY) = 5 [pid 5442] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5442] futex(0x7f542443d7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5422] <... futex resumed>) = 0 [pid 5422] futex(0x7f542443d7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5442] <... futex resumed>) = 0 [pid 5422] <... futex resumed>) = 1 [pid 5442] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [ 67.782507][ T5423] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5422] futex(0x7f542443d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5442] <... ioctl resumed>) = 0 [pid 5442] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 67.895142][ T5423] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 67.923571][ T5423] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5442] futex(0x7f542443d7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5423] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5423] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5422] exit_group(0 [pid 5442] <... futex resumed>) = ? [pid 5422] <... exit_group resumed>) = ? [pid 5442] +++ exited with 0 +++ [pid 5423] <... futex resumed>) = ? [pid 5423] +++ exited with 0 +++ [pid 5422] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5422, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=36 /* 0.36 s */} --- umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b9b620 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./16/binderfs") = 0 [ 67.950436][ T5423] BTRFS info (device loop0): balance: ended with status: 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556ba3660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ba3660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file0") = 0 getdents64(3, 0x555556b9b620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b9a5d0) = 5443 ./strace-static-x86_64: Process 5443 attached [pid 5443] set_robust_list(0x555556b9a5e0, 24) = 0 [pid 5443] chdir("./17") = 0 [pid 5443] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5443] setpgid(0, 0) = 0 [pid 5443] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5443] write(3, "1000", 4) = 4 [pid 5443] close(3) = 0 [pid 5443] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5443] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5443] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f542433f000 [pid 5443] mprotect(0x7f5424340000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5443] clone(child_stack=0x7f542435f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5444 attached , parent_tid=[5444], tls=0x7f542435f700, child_tidptr=0x7f542435f9d0) = 5444 [pid 5444] set_robust_list(0x7f542435f9e0, 24) = 0 [pid 5444] futex(0x7f542443d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5443] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5444] <... futex resumed>) = 0 [pid 5443] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5444] memfd_create("syzkaller", 0) = 3 [pid 5444] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f541bf3f000 [pid 5444] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5444] munmap(0x7f541bf3f000, 16777216) = 0 [pid 5444] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5444] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5444] close(3) = 0 [pid 5444] mkdir("./file0", 0777) = 0 [ 68.240105][ T5444] loop0: detected capacity change from 0 to 32768 [ 68.251090][ T5444] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor231 (5444) [ 68.268791][ T5444] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 68.277574][ T5444] BTRFS info (device loop0): turning on flush-on-commit [ 68.284544][ T5444] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 68.295511][ T5444] BTRFS info (device loop0): trying to use backup root at mount time [ 68.303891][ T5444] BTRFS info (device loop0): using free space tree [ 68.318117][ T41] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 68.332075][ T5444] BTRFS warning (device loop0): couldn't read tree root [ 68.343262][ T5444] BTRFS info (device loop0): enabling ssd optimizations [ 68.351278][ T5444] BTRFS info (device loop0): clearing free space tree [ 68.358418][ T5444] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 68.368270][ T5444] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 68.381793][ T5444] BTRFS info (device loop0): creating free space tree [pid 5444] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5444] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5444] chdir("./file0") = 0 [pid 5444] ioctl(4, LOOP_CLR_FD) = 0 [pid 5444] close(4) = 0 [pid 5444] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5443] <... futex resumed>) = 0 [pid 5443] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5443] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 68.389462][ T5444] BTRFS info (device loop0): setting compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 68.399192][ T5444] BTRFS info (device loop0): setting compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 68.411828][ T5444] BTRFS info (device loop0): checking UUID tree [pid 5444] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5444] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5443] <... futex resumed>) = 0 [pid 5444] futex(0x7f542443d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5443] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5444] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5443] <... futex resumed>) = 0 [pid 5444] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0 [pid 5443] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5444] <... ioctl resumed>) = 0 [pid 5444] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5443] <... futex resumed>) = 0 [pid 5444] futex(0x7f542443d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5443] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5444] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5443] <... futex resumed>) = 0 [pid 5444] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 68.443999][ T27] audit: type=1800 audit(1677515386.037:19): pid=5444 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor231" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 68.471579][ T5444] BTRFS info (device loop0): balance: start -d -m [ 68.479812][ T5444] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5443] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5443] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5443] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f541cf1e000 [pid 5443] mprotect(0x7f541cf1f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5443] clone(child_stack=0x7f541cf3e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5463], tls=0x7f541cf3e700, child_tidptr=0x7f541cf3e9d0) = 5463 [pid 5443] futex(0x7f542443d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5443] futex(0x7f542443d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5463 attached [pid 5463] set_robust_list(0x7f541cf3e9e0, 24) = 0 [pid 5463] open(".", O_RDONLY) = 5 [pid 5463] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5443] <... futex resumed>) = 0 [pid 5463] futex(0x7f542443d7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5443] futex(0x7f542443d7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5463] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5443] <... futex resumed>) = 0 [pid 5463] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [ 68.518749][ T5444] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5443] futex(0x7f542443d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5463] <... ioctl resumed>) = 0 [pid 5463] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 68.636909][ T5444] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 68.662974][ T5444] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5463] futex(0x7f542443d7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5444] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5444] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5444] futex(0x7f542443d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5443] exit_group(0 [pid 5463] <... futex resumed>) = ? [pid 5443] <... exit_group resumed>) = ? [pid 5463] +++ exited with 0 +++ [pid 5444] <... futex resumed>) = ? [pid 5444] +++ exited with 0 +++ [pid 5443] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5443, si_uid=0, si_status=0, si_utime=0, si_stime=50 /* 0.50 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b9b620 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./17/binderfs") = 0 [ 68.684397][ T5444] BTRFS info (device loop0): balance: ended with status: 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556ba3660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ba3660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file0") = 0 getdents64(3, 0x555556b9b620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b9a5d0) = 5464 ./strace-static-x86_64: Process 5464 attached [pid 5464] set_robust_list(0x555556b9a5e0, 24) = 0 [pid 5464] chdir("./18") = 0 [pid 5464] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5464] setpgid(0, 0) = 0 [pid 5464] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5464] write(3, "1000", 4) = 4 [pid 5464] close(3) = 0 [pid 5464] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5464] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5464] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f542433f000 [pid 5464] mprotect(0x7f5424340000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5464] clone(child_stack=0x7f542435f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5465], tls=0x7f542435f700, child_tidptr=0x7f542435f9d0) = 5465 [pid 5464] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5464] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5465 attached [pid 5465] set_robust_list(0x7f542435f9e0, 24) = 0 [pid 5465] memfd_create("syzkaller", 0) = 3 [pid 5465] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f541bf3f000 [pid 5465] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5465] munmap(0x7f541bf3f000, 16777216) = 0 [pid 5465] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5465] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5465] close(3) = 0 [pid 5465] mkdir("./file0", 0777) = 0 [ 68.935824][ T5465] loop0: detected capacity change from 0 to 32768 [ 68.956950][ T5465] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor231 (5465) [ 68.973790][ T5465] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 68.982620][ T5465] BTRFS info (device loop0): turning on flush-on-commit [ 68.989647][ T5465] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 69.000317][ T5465] BTRFS info (device loop0): trying to use backup root at mount time [ 69.008472][ T5465] BTRFS info (device loop0): using free space tree [ 69.022100][ T42] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 69.036066][ T5465] BTRFS warning (device loop0): couldn't read tree root [ 69.048433][ T5465] BTRFS info (device loop0): enabling ssd optimizations [ 69.056507][ T5465] BTRFS info (device loop0): clearing free space tree [ 69.063354][ T5465] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 69.073087][ T5465] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5465] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5465] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5465] chdir("./file0") = 0 [pid 5465] ioctl(4, LOOP_CLR_FD) = 0 [pid 5465] close(4) = 0 [pid 5465] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5464] <... futex resumed>) = 0 [pid 5464] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5464] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5465] <... futex resumed>) = 1 [ 69.087145][ T5465] BTRFS info (device loop0): creating free space tree [ 69.094629][ T5465] BTRFS info (device loop0): setting compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 69.104285][ T5465] BTRFS info (device loop0): setting compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 69.116459][ T5465] BTRFS info (device loop0): checking UUID tree [pid 5465] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5465] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5464] <... futex resumed>) = 0 [pid 5464] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5464] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5465] <... futex resumed>) = 1 [pid 5465] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0) = 0 [pid 5465] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5464] <... futex resumed>) = 0 [pid 5464] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5464] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5465] <... futex resumed>) = 1 [pid 5465] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5464] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5464] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5464] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f541cf1e000 [pid 5464] mprotect(0x7f541cf1f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5464] clone(child_stack=0x7f541cf3e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5483], tls=0x7f541cf3e700, child_tidptr=0x7f541cf3e9d0) = 5483 [pid 5464] futex(0x7f542443d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5464] futex(0x7f542443d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5483 attached [pid 5483] set_robust_list(0x7f541cf3e9e0, 24) = 0 [pid 5483] open(".", O_RDONLY) = 5 [pid 5483] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5464] <... futex resumed>) = 0 [pid 5464] futex(0x7f542443d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5464] futex(0x7f542443d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5483] <... futex resumed>) = 1 [ 69.135858][ T27] audit: type=1800 audit(1677515386.727:20): pid=5465 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor231" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 69.158684][ T5465] BTRFS info (device loop0): balance: start -d -m [ 69.165558][ T5465] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5483] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [pid 5464] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5464] futex(0x7f542443d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [ 69.199325][ T5465] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5483] <... ioctl resumed>) = 0 [pid 5483] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 69.332505][ T5465] BTRFS info (device loop0): found 10 extents, stage: move data extents [pid 5483] futex(0x7f542443d7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5464] exit_group(0 [pid 5483] <... futex resumed>) = ? [pid 5464] <... exit_group resumed>) = ? [pid 5483] +++ exited with 0 +++ [pid 5465] <... ioctl resumed> ) = ? [pid 5465] +++ exited with 0 +++ [pid 5464] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5464, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=41 /* 0.41 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b9b620 /* 4 entries */, 32768) = 112 umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./18/binderfs") = 0 [ 69.380045][ T5465] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 69.402748][ T5465] BTRFS info (device loop0): balance: ended with status: 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556ba3660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ba3660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file0") = 0 getdents64(3, 0x555556b9b620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b9a5d0) = 5485 ./strace-static-x86_64: Process 5485 attached [pid 5485] set_robust_list(0x555556b9a5e0, 24) = 0 [pid 5485] chdir("./19") = 0 [pid 5485] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5485] setpgid(0, 0) = 0 [pid 5485] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5485] write(3, "1000", 4) = 4 [pid 5485] close(3) = 0 [pid 5485] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5485] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5485] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f542433f000 [pid 5485] mprotect(0x7f5424340000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5485] clone(child_stack=0x7f542435f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5486], tls=0x7f542435f700, child_tidptr=0x7f542435f9d0) = 5486 [pid 5485] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5485] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5486 attached [pid 5486] set_robust_list(0x7f542435f9e0, 24) = 0 [pid 5486] memfd_create("syzkaller", 0) = 3 [pid 5486] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f541bf3f000 [pid 5486] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5486] munmap(0x7f541bf3f000, 16777216) = 0 [pid 5486] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5486] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5486] close(3) = 0 [pid 5486] mkdir("./file0", 0777) = 0 [ 69.659034][ T5486] loop0: detected capacity change from 0 to 32768 [ 69.670790][ T5486] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor231 (5486) [ 69.687808][ T5486] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 69.696554][ T5486] BTRFS info (device loop0): turning on flush-on-commit [ 69.703500][ T5486] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 69.714423][ T5486] BTRFS info (device loop0): trying to use backup root at mount time [ 69.722762][ T5486] BTRFS info (device loop0): using free space tree [ 69.737412][ T2823] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 69.751193][ T5486] BTRFS warning (device loop0): couldn't read tree root [ 69.763231][ T5486] BTRFS info (device loop0): enabling ssd optimizations [ 69.771353][ T5486] BTRFS info (device loop0): clearing free space tree [ 69.778335][ T5486] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 69.788085][ T5486] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 69.802266][ T5486] BTRFS info (device loop0): creating free space tree [pid 5486] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5486] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5486] chdir("./file0") = 0 [pid 5486] ioctl(4, LOOP_CLR_FD) = 0 [pid 5486] close(4) = 0 [pid 5486] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5485] <... futex resumed>) = 0 [pid 5486] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5485] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5486] <... open resumed>) = 4 [pid 5485] <... futex resumed>) = 0 [ 69.810207][ T5486] BTRFS info (device loop0): setting compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5485] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5486] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5485] <... futex resumed>) = 0 [pid 5486] futex(0x7f542443d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5485] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5486] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5485] <... futex resumed>) = 0 [pid 5486] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0) = 0 [pid 5485] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5486] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5485] <... futex resumed>) = 0 [pid 5486] futex(0x7f542443d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5485] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5486] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5485] <... futex resumed>) = 0 [pid 5486] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 69.845287][ T27] audit: type=1800 audit(1677515387.437:21): pid=5486 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor231" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5485] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5485] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5485] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f541cf1e000 [pid 5485] mprotect(0x7f541cf1f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5485] clone(child_stack=0x7f541cf3e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5505], tls=0x7f541cf3e700, child_tidptr=0x7f541cf3e9d0) = 5505 [pid 5485] futex(0x7f542443d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5485] futex(0x7f542443d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5505 attached [pid 5505] set_robust_list(0x7f541cf3e9e0, 24) = 0 [pid 5505] open(".", O_RDONLY) = 5 [pid 5505] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5505] futex(0x7f542443d7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5485] <... futex resumed>) = 0 [pid 5485] futex(0x7f542443d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5505] <... futex resumed>) = 0 [pid 5485] futex(0x7f542443d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5505] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [pid 5485] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5505] <... ioctl resumed>) = 0 [pid 5505] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5505] futex(0x7f542443d7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5486] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5486] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5486] futex(0x7f542443d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5485] exit_group(0 [pid 5505] <... futex resumed>) = ? [pid 5485] <... exit_group resumed>) = ? [pid 5505] +++ exited with 0 +++ [pid 5486] <... futex resumed>) = ? [pid 5486] +++ exited with 0 +++ [pid 5485] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5485, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=26 /* 0.26 s */} --- umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b9b620 /* 4 entries */, 32768) = 112 umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./19/binderfs") = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556ba3660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ba3660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file0") = 0 getdents64(3, 0x555556b9b620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b9a5d0) = 5506 ./strace-static-x86_64: Process 5506 attached [pid 5506] set_robust_list(0x555556b9a5e0, 24) = 0 [pid 5506] chdir("./20") = 0 [pid 5506] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5506] setpgid(0, 0) = 0 [pid 5506] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5506] write(3, "1000", 4) = 4 [pid 5506] close(3) = 0 [pid 5506] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5506] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5506] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f542433f000 [pid 5506] mprotect(0x7f5424340000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5506] clone(child_stack=0x7f542435f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5507 attached , parent_tid=[5507], tls=0x7f542435f700, child_tidptr=0x7f542435f9d0) = 5507 [pid 5507] set_robust_list(0x7f542435f9e0, 24 [pid 5506] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5507] <... set_robust_list resumed>) = 0 [pid 5506] <... futex resumed>) = 0 [pid 5506] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5507] memfd_create("syzkaller", 0) = 3 [pid 5507] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f541bf3f000 [pid 5507] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5507] munmap(0x7f541bf3f000, 16777216) = 0 [pid 5507] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5507] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5507] close(3) = 0 [pid 5507] mkdir("./file0", 0777) = 0 [ 70.344449][ T5507] loop0: detected capacity change from 0 to 32768 [ 70.356006][ T5507] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor231 (5507) [ 70.372705][ T5507] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [pid 5507] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5507] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5507] chdir("./file0") = 0 [pid 5507] ioctl(4, LOOP_CLR_FD) = 0 [pid 5507] close(4) = 0 [pid 5507] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5506] <... futex resumed>) = 0 [pid 5507] futex(0x7f542443d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5506] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5507] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5506] <... futex resumed>) = 0 [pid 5507] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [ 70.391196][ T42] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 70.404925][ T5507] BTRFS warning (device loop0): couldn't read tree root [pid 5506] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5507] <... open resumed>) = 4 [pid 5507] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5506] <... futex resumed>) = 0 [pid 5507] futex(0x7f542443d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5506] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5507] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5506] <... futex resumed>) = 0 [pid 5507] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0 [pid 5506] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5507] <... ioctl resumed>) = 0 [pid 5507] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5506] <... futex resumed>) = 0 [pid 5507] futex(0x7f542443d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5506] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5507] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5506] <... futex resumed>) = 0 [pid 5507] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 70.451586][ T27] audit: type=1800 audit(1677515388.047:22): pid=5507 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor231" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5506] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5506] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5506] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f541cf1e000 [pid 5506] mprotect(0x7f541cf1f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5506] clone(child_stack=0x7f541cf3e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5526], tls=0x7f541cf3e700, child_tidptr=0x7f541cf3e9d0) = 5526 [pid 5506] futex(0x7f542443d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5506] futex(0x7f542443d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5526 attached [pid 5526] set_robust_list(0x7f541cf3e9e0, 24) = 0 [pid 5526] open(".", O_RDONLY) = 5 [pid 5526] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5526] futex(0x7f542443d7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5506] <... futex resumed>) = 0 [pid 5506] futex(0x7f542443d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5526] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5506] futex(0x7f542443d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5526] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [pid 5506] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5526] <... ioctl resumed>) = 0 [pid 5526] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5526] futex(0x7f542443d7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5507] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5507] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5507] futex(0x7f542443d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5506] exit_group(0 [pid 5526] <... futex resumed>) = ? [pid 5507] <... futex resumed>) = ? [pid 5506] <... exit_group resumed>) = ? [pid 5526] +++ exited with 0 +++ [pid 5507] +++ exited with 0 +++ [pid 5506] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5506, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=25 /* 0.25 s */} --- umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b9b620 /* 4 entries */, 32768) = 112 umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./20/binderfs") = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556ba3660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ba3660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file0") = 0 getdents64(3, 0x555556b9b620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b9a5d0) = 5527 ./strace-static-x86_64: Process 5527 attached [pid 5527] set_robust_list(0x555556b9a5e0, 24) = 0 [pid 5527] chdir("./21") = 0 [pid 5527] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5527] setpgid(0, 0) = 0 [pid 5527] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5527] write(3, "1000", 4) = 4 [pid 5527] close(3) = 0 [pid 5527] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5527] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5527] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f542433f000 [pid 5527] mprotect(0x7f5424340000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5527] clone(child_stack=0x7f542435f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5528 attached , parent_tid=[5528], tls=0x7f542435f700, child_tidptr=0x7f542435f9d0) = 5528 [pid 5527] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5527] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5528] set_robust_list(0x7f542435f9e0, 24) = 0 [pid 5528] memfd_create("syzkaller", 0) = 3 [pid 5528] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f541bf3f000 [pid 5528] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5528] munmap(0x7f541bf3f000, 16777216) = 0 [pid 5528] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5528] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5528] close(3) = 0 [pid 5528] mkdir("./file0", 0777) = 0 [ 70.915904][ T5528] loop0: detected capacity change from 0 to 32768 [ 70.927829][ T5528] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor231 (5528) [ 70.944849][ T5528] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [pid 5528] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5528] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5528] chdir("./file0") = 0 [pid 5528] ioctl(4, LOOP_CLR_FD) = 0 [pid 5528] close(4) = 0 [ 70.963638][ T2823] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 70.977113][ T5528] BTRFS warning (device loop0): couldn't read tree root [pid 5528] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5527] <... futex resumed>) = 0 [pid 5528] <... futex resumed>) = 1 [pid 5528] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5527] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5527] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5528] <... open resumed>) = 4 [pid 5528] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5527] <... futex resumed>) = 0 [pid 5527] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5528] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0 [pid 5527] <... futex resumed>) = 0 [pid 5527] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5528] <... ioctl resumed>) = 0 [pid 5528] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5527] <... futex resumed>) = 0 [pid 5527] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5528] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5527] <... futex resumed>) = 0 [ 71.015845][ T27] audit: type=1800 audit(1677515388.607:23): pid=5528 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor231" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 71.048327][ T5528] _btrfs_printk: 38 callbacks suppressed [ 71.048342][ T5528] BTRFS info (device loop0): balance: start -d -m [pid 5527] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5527] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5527] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f541cf1e000 [pid 5527] mprotect(0x7f541cf1f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5527] clone(child_stack=0x7f541cf3e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5547], tls=0x7f541cf3e700, child_tidptr=0x7f541cf3e9d0) = 5547 [pid 5527] futex(0x7f542443d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 71.062253][ T5528] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5527] futex(0x7f542443d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5547 attached [pid 5547] set_robust_list(0x7f541cf3e9e0, 24) = 0 [pid 5547] open(".", O_RDONLY) = 5 [pid 5547] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5527] <... futex resumed>) = 0 [pid 5527] futex(0x7f542443d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5527] futex(0x7f542443d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5547] <... futex resumed>) = 1 [ 71.103405][ T5528] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5547] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [pid 5527] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5527] futex(0x7f542443d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5527] futex(0x7f542443d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5547] <... ioctl resumed>) = 0 [pid 5547] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 71.259574][ T5528] BTRFS info (device loop0): found 10 extents, stage: move data extents [pid 5547] futex(0x7f542443d7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5527] exit_group(0 [pid 5547] <... futex resumed>) = ? [pid 5527] <... exit_group resumed>) = ? [pid 5547] +++ exited with 0 +++ [ 71.317678][ T5528] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5528] <... ioctl resumed> ) = ? [pid 5528] +++ exited with 0 +++ [pid 5527] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5527, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=30 /* 0.30 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b9b620 /* 4 entries */, 32768) = 112 umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./21/binderfs") = 0 [ 71.361754][ T5528] BTRFS info (device loop0): balance: ended with status: 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556ba3660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ba3660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file0") = 0 getdents64(3, 0x555556b9b620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b9a5d0) = 5550 ./strace-static-x86_64: Process 5550 attached [pid 5550] set_robust_list(0x555556b9a5e0, 24) = 0 [pid 5550] chdir("./22") = 0 [pid 5550] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5550] setpgid(0, 0) = 0 [pid 5550] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5550] write(3, "1000", 4) = 4 [pid 5550] close(3) = 0 [pid 5550] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5550] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5550] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f542433f000 [pid 5550] mprotect(0x7f5424340000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5550] clone(child_stack=0x7f542435f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5551], tls=0x7f542435f700, child_tidptr=0x7f542435f9d0) = 5551 [pid 5550] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5550] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5551 attached [pid 5551] set_robust_list(0x7f542435f9e0, 24) = 0 [pid 5551] memfd_create("syzkaller", 0) = 3 [pid 5551] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f541bf3f000 [pid 5551] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5551] munmap(0x7f541bf3f000, 16777216) = 0 [pid 5551] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5551] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5551] close(3) = 0 [pid 5551] mkdir("./file0", 0777) = 0 [ 71.784926][ T5551] loop0: detected capacity change from 0 to 32768 [ 71.795173][ T5551] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor231 (5551) [ 71.822785][ T5551] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 71.831566][ T5551] BTRFS info (device loop0): turning on flush-on-commit [ 71.838619][ T5551] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 71.849275][ T5551] BTRFS info (device loop0): trying to use backup root at mount time [ 71.857491][ T5551] BTRFS info (device loop0): using free space tree [ 71.871951][ T2823] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 71.886097][ T5551] BTRFS warning (device loop0): couldn't read tree root [ 71.897587][ T5551] BTRFS info (device loop0): enabling ssd optimizations [ 71.905089][ T5551] BTRFS info (device loop0): clearing free space tree [ 71.912057][ T5551] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 71.922046][ T5551] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5551] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5551] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5551] chdir("./file0") = 0 [pid 5551] ioctl(4, LOOP_CLR_FD) = 0 [pid 5551] close(4) = 0 [pid 5551] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5550] <... futex resumed>) = 0 [pid 5550] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5550] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5551] <... futex resumed>) = 1 [ 71.935479][ T5551] BTRFS info (device loop0): creating free space tree [ 71.943029][ T5551] BTRFS info (device loop0): setting compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 71.952667][ T5551] BTRFS info (device loop0): setting compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 71.964791][ T5551] BTRFS info (device loop0): checking UUID tree [pid 5551] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5551] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5550] <... futex resumed>) = 0 [pid 5550] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5550] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5551] <... futex resumed>) = 1 [pid 5551] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0) = 0 [pid 5551] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5550] <... futex resumed>) = 0 [pid 5550] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5550] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5551] <... futex resumed>) = 1 [pid 5551] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5550] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5550] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5550] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f541cf1e000 [pid 5550] mprotect(0x7f541cf1f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5550] clone(child_stack=0x7f541cf3e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5570], tls=0x7f541cf3e700, child_tidptr=0x7f541cf3e9d0) = 5570 [pid 5550] futex(0x7f542443d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5550] futex(0x7f542443d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5570 attached [pid 5570] set_robust_list(0x7f541cf3e9e0, 24) = 0 [pid 5570] open(".", O_RDONLY) = 5 [pid 5570] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5550] <... futex resumed>) = 0 [pid 5550] futex(0x7f542443d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5550] futex(0x7f542443d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5570] <... futex resumed>) = 1 [ 71.983171][ T27] audit: type=1800 audit(1677515389.577:24): pid=5551 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor231" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 71.998292][ T5551] BTRFS info (device loop0): balance: start -d -m [ 72.021370][ T5551] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5570] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [pid 5550] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5570] <... ioctl resumed>) = 0 [pid 5570] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5570] futex(0x7f542443d7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5551] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 5551] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5550] exit_group(0 [pid 5570] <... futex resumed>) = ? [pid 5550] <... exit_group resumed>) = ? [pid 5570] +++ exited with 0 +++ [pid 5551] <... futex resumed>) = ? [pid 5551] +++ exited with 0 +++ [pid 5550] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5550, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=37 /* 0.37 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b9b620 /* 4 entries */, 32768) = 112 umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./22/binderfs") = 0 [ 72.170483][ T5551] BTRFS info (device loop0): 2 enospc errors during balance [ 72.178017][ T5551] BTRFS info (device loop0): balance: ended with status: -28 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556ba3660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ba3660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file0") = 0 getdents64(3, 0x555556b9b620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b9a5d0) = 5573 ./strace-static-x86_64: Process 5573 attached [pid 5573] set_robust_list(0x555556b9a5e0, 24) = 0 [pid 5573] chdir("./23") = 0 [pid 5573] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5573] setpgid(0, 0) = 0 [pid 5573] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5573] write(3, "1000", 4) = 4 [pid 5573] close(3) = 0 [pid 5573] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5573] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5573] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f542433f000 [pid 5573] mprotect(0x7f5424340000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5573] clone(child_stack=0x7f542435f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5574], tls=0x7f542435f700, child_tidptr=0x7f542435f9d0) = 5574 [pid 5573] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5573] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5574 attached [pid 5574] set_robust_list(0x7f542435f9e0, 24) = 0 [pid 5574] memfd_create("syzkaller", 0) = 3 [pid 5574] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f541bf3f000 [pid 5574] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5574] munmap(0x7f541bf3f000, 16777216) = 0 [pid 5574] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5574] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5574] close(3) = 0 [pid 5574] mkdir("./file0", 0777) = 0 [ 72.436406][ T5574] loop0: detected capacity change from 0 to 32768 [ 72.445700][ T5574] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor231 (5574) [ 72.462251][ T5574] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 72.471314][ T5574] BTRFS info (device loop0): turning on flush-on-commit [ 72.478623][ T5574] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 72.489516][ T5574] BTRFS info (device loop0): trying to use backup root at mount time [ 72.497911][ T5574] BTRFS info (device loop0): using free space tree [ 72.512434][ T2823] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 72.526264][ T5574] BTRFS warning (device loop0): couldn't read tree root [ 72.537583][ T5574] BTRFS info (device loop0): enabling ssd optimizations [ 72.545909][ T5574] BTRFS info (device loop0): clearing free space tree [ 72.552869][ T5574] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 72.562601][ T5574] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 72.576028][ T5574] BTRFS info (device loop0): creating free space tree [pid 5574] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5574] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5574] chdir("./file0") = 0 [pid 5574] ioctl(4, LOOP_CLR_FD) = 0 [pid 5574] close(4) = 0 [pid 5574] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5573] <... futex resumed>) = 0 [pid 5574] futex(0x7f542443d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5573] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5574] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5573] <... futex resumed>) = 0 [pid 5574] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5573] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5574] <... open resumed>) = 4 [pid 5574] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5573] <... futex resumed>) = 0 [pid 5574] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0 [pid 5573] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5574] <... ioctl resumed>) = 0 [pid 5573] <... futex resumed>) = 0 [pid 5574] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5573] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5574] <... futex resumed>) = 0 [pid 5573] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5574] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5573] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 72.583620][ T5574] BTRFS info (device loop0): setting compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 72.593261][ T5574] BTRFS info (device loop0): setting compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 72.605267][ T5574] BTRFS info (device loop0): checking UUID tree [pid 5573] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5573] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5573] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5573] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f541cf1e000 [pid 5573] mprotect(0x7f541cf1f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5573] clone(child_stack=0x7f541cf3e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5593], tls=0x7f541cf3e700, child_tidptr=0x7f541cf3e9d0) = 5593 [pid 5573] futex(0x7f542443d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5573] futex(0x7f542443d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5593 attached [pid 5593] set_robust_list(0x7f541cf3e9e0, 24) = 0 [pid 5593] open(".", O_RDONLY) = 5 [pid 5593] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5593] futex(0x7f542443d7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5573] <... futex resumed>) = 0 [pid 5573] futex(0x7f542443d7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5593] <... futex resumed>) = 0 [pid 5573] <... futex resumed>) = 1 [pid 5593] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [ 72.623416][ T27] audit: type=1800 audit(1677515390.217:25): pid=5574 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor231" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 72.656433][ T5574] BTRFS info (device loop0): balance: start -d -m [ 72.663592][ T5574] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5573] futex(0x7f542443d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5593] <... ioctl resumed>) = 0 [pid 5593] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 72.795504][ T5574] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 72.831385][ T5574] BTRFS info (device loop0): found 10 extents, stage: move data extents [pid 5593] futex(0x7f542443d7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5574] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5574] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5573] exit_group(0 [pid 5593] <... futex resumed>) = ? [pid 5573] <... exit_group resumed>) = ? [pid 5593] +++ exited with 0 +++ [pid 5574] +++ exited with 0 +++ [pid 5573] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5573, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=40 /* 0.40 s */} --- umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b9b620 /* 4 entries */, 32768) = 112 umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./23/binderfs") = 0 [ 72.855166][ T5574] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 72.879941][ T5574] BTRFS info (device loop0): balance: ended with status: 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556ba3660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ba3660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file0") = 0 getdents64(3, 0x555556b9b620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b9a5d0) = 5594 ./strace-static-x86_64: Process 5594 attached [pid 5594] set_robust_list(0x555556b9a5e0, 24) = 0 [pid 5594] chdir("./24") = 0 [pid 5594] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5594] setpgid(0, 0) = 0 [pid 5594] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5594] write(3, "1000", 4) = 4 [pid 5594] close(3) = 0 [pid 5594] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5594] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5594] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f542433f000 [pid 5594] mprotect(0x7f5424340000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5594] clone(child_stack=0x7f542435f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5595], tls=0x7f542435f700, child_tidptr=0x7f542435f9d0) = 5595 [pid 5594] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5594] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5595 attached [pid 5595] set_robust_list(0x7f542435f9e0, 24) = 0 [pid 5595] memfd_create("syzkaller", 0) = 3 [pid 5595] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f541bf3f000 [pid 5595] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5595] munmap(0x7f541bf3f000, 16777216) = 0 [pid 5595] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5595] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5595] close(3) = 0 [pid 5595] mkdir("./file0", 0777) = 0 [ 73.160801][ T5595] loop0: detected capacity change from 0 to 32768 [ 73.171686][ T5595] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor231 (5595) [ 73.187829][ T5595] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 73.196583][ T5595] BTRFS info (device loop0): turning on flush-on-commit [ 73.203616][ T5595] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 73.214253][ T5595] BTRFS info (device loop0): trying to use backup root at mount time [ 73.223847][ T5595] BTRFS info (device loop0): using free space tree [ 73.237759][ T2823] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 73.251126][ T5595] BTRFS warning (device loop0): couldn't read tree root [ 73.263693][ T5595] BTRFS info (device loop0): enabling ssd optimizations [ 73.271929][ T5595] BTRFS info (device loop0): clearing free space tree [ 73.279190][ T5595] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 73.289163][ T5595] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 73.302545][ T5595] BTRFS info (device loop0): creating free space tree [pid 5595] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5595] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5595] chdir("./file0") = 0 [pid 5595] ioctl(4, LOOP_CLR_FD) = 0 [pid 5595] close(4) = 0 [pid 5595] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5594] <... futex resumed>) = 0 [pid 5595] futex(0x7f542443d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5594] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5595] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5594] <... futex resumed>) = 0 [ 73.310412][ T5595] BTRFS info (device loop0): setting compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 73.320468][ T5595] BTRFS info (device loop0): setting compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 73.332393][ T5595] BTRFS info (device loop0): checking UUID tree [pid 5595] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5594] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5595] <... open resumed>) = 4 [pid 5595] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5594] <... futex resumed>) = 0 [pid 5595] futex(0x7f542443d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5594] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5595] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5594] <... futex resumed>) = 0 [pid 5595] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0 [pid 5594] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5595] <... ioctl resumed>) = 0 [pid 5595] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5594] <... futex resumed>) = 0 [pid 5595] futex(0x7f542443d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5594] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5595] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5594] <... futex resumed>) = 0 [pid 5595] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 73.360169][ T27] audit: type=1800 audit(1677515390.957:26): pid=5595 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor231" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 73.389108][ T5595] BTRFS info (device loop0): balance: start -d -m [ 73.396134][ T5595] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5594] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5594] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5594] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f541cf1e000 [pid 5594] mprotect(0x7f541cf1f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5594] clone(child_stack=0x7f541cf3e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5614], tls=0x7f541cf3e700, child_tidptr=0x7f541cf3e9d0) = 5614 [pid 5594] futex(0x7f542443d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5594] futex(0x7f542443d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5614 attached [pid 5614] set_robust_list(0x7f541cf3e9e0, 24) = 0 [pid 5614] open(".", O_RDONLY) = 5 [pid 5614] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5594] <... futex resumed>) = 0 [pid 5614] <... futex resumed>) = 1 [pid 5594] futex(0x7f542443d7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5614] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [pid 5594] <... futex resumed>) = 0 [ 73.428843][ T5595] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5594] futex(0x7f542443d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5614] <... ioctl resumed>) = 0 [pid 5614] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 73.559893][ T5595] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 73.587567][ T5595] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5614] futex(0x7f542443d7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5595] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5595] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5595] futex(0x7f542443d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5594] exit_group(0) = ? [pid 5614] <... futex resumed>) = ? [pid 5614] +++ exited with 0 +++ [pid 5595] <... futex resumed>) = ? [pid 5595] +++ exited with 0 +++ [pid 5594] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5594, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=38 /* 0.38 s */} --- umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b9b620 /* 4 entries */, 32768) = 112 umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./24/binderfs") = 0 [ 73.611624][ T5595] BTRFS info (device loop0): balance: ended with status: 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556ba3660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ba3660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file0") = 0 getdents64(3, 0x555556b9b620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b9a5d0) = 5615 ./strace-static-x86_64: Process 5615 attached [pid 5615] set_robust_list(0x555556b9a5e0, 24) = 0 [pid 5615] chdir("./25") = 0 [pid 5615] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5615] setpgid(0, 0) = 0 [pid 5615] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5615] write(3, "1000", 4) = 4 [pid 5615] close(3) = 0 [pid 5615] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5615] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5615] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f542433f000 [pid 5615] mprotect(0x7f5424340000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5615] clone(child_stack=0x7f542435f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5616 attached [pid 5616] set_robust_list(0x7f542435f9e0, 24) = 0 [pid 5616] futex(0x7f542443d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5615] <... clone resumed>, parent_tid=[5616], tls=0x7f542435f700, child_tidptr=0x7f542435f9d0) = 5616 [pid 5615] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5616] <... futex resumed>) = 0 [pid 5615] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5616] memfd_create("syzkaller", 0) = 3 [pid 5616] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f541bf3f000 [pid 5616] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5616] munmap(0x7f541bf3f000, 16777216) = 0 [pid 5616] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5616] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5616] close(3) = 0 [pid 5616] mkdir("./file0", 0777) = 0 [ 73.865747][ T5616] loop0: detected capacity change from 0 to 32768 [ 73.877232][ T5616] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor231 (5616) [ 73.894140][ T5616] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 73.903037][ T5616] BTRFS info (device loop0): turning on flush-on-commit [ 73.910063][ T5616] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 73.920732][ T5616] BTRFS info (device loop0): trying to use backup root at mount time [ 73.929062][ T5616] BTRFS info (device loop0): using free space tree [ 73.943395][ T41] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 73.956975][ T5616] BTRFS warning (device loop0): couldn't read tree root [ 73.969292][ T5616] BTRFS info (device loop0): enabling ssd optimizations [ 73.977095][ T5616] BTRFS info (device loop0): clearing free space tree [ 73.983965][ T5616] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 73.993722][ T5616] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 74.007030][ T5616] BTRFS info (device loop0): creating free space tree [pid 5616] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5616] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5616] chdir("./file0") = 0 [pid 5616] ioctl(4, LOOP_CLR_FD) = 0 [pid 5616] close(4) = 0 [pid 5616] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5615] <... futex resumed>) = 0 [pid 5616] futex(0x7f542443d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5615] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5616] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5615] <... futex resumed>) = 0 [pid 5616] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5615] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5616] <... open resumed>) = 4 [pid 5616] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5615] <... futex resumed>) = 0 [pid 5616] futex(0x7f542443d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5615] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5616] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5615] <... futex resumed>) = 0 [pid 5616] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0 [pid 5615] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5616] <... ioctl resumed>) = 0 [pid 5616] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5615] <... futex resumed>) = 0 [pid 5616] futex(0x7f542443d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5615] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5616] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5615] <... futex resumed>) = 0 [pid 5616] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 74.014395][ T5616] BTRFS info (device loop0): setting compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 74.024067][ T5616] BTRFS info (device loop0): setting compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 74.036006][ T5616] BTRFS info (device loop0): checking UUID tree [ 74.049736][ T27] audit: type=1800 audit(1677515391.647:27): pid=5616 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor231" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 74.082592][ T5616] BTRFS info (device loop0): balance: start -d -m [ 74.090250][ T5616] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5615] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5615] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5615] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f541cf1e000 [pid 5615] mprotect(0x7f541cf1f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5615] clone(child_stack=0x7f541cf3e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5635], tls=0x7f541cf3e700, child_tidptr=0x7f541cf3e9d0) = 5635 [pid 5615] futex(0x7f542443d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5615] futex(0x7f542443d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5635 attached [pid 5635] set_robust_list(0x7f541cf3e9e0, 24) = 0 [pid 5635] open(".", O_RDONLY) = 5 [pid 5635] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5615] <... futex resumed>) = 0 [pid 5615] futex(0x7f542443d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5615] futex(0x7f542443d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 74.124501][ T5616] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5635] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [pid 5615] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5615] futex(0x7f542443d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5635] <... ioctl resumed>) = 0 [pid 5635] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 74.244602][ T5616] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 74.277777][ T5616] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5635] futex(0x7f542443d7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5616] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5616] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5615] exit_group(0 [pid 5635] <... futex resumed>) = ? [pid 5616] <... futex resumed>) = ? [pid 5615] <... exit_group resumed>) = ? [pid 5635] +++ exited with 0 +++ [pid 5616] +++ exited with 0 +++ [pid 5615] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5615, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=39 /* 0.39 s */} --- umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b9b620 /* 4 entries */, 32768) = 112 umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./25/binderfs") = 0 [ 74.302854][ T5616] BTRFS info (device loop0): balance: ended with status: 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556ba3660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ba3660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file0") = 0 getdents64(3, 0x555556b9b620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b9a5d0) = 5639 ./strace-static-x86_64: Process 5639 attached [pid 5639] set_robust_list(0x555556b9a5e0, 24) = 0 [pid 5639] chdir("./26") = 0 [pid 5639] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5639] setpgid(0, 0) = 0 [pid 5639] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5639] write(3, "1000", 4) = 4 [pid 5639] close(3) = 0 [pid 5639] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5639] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5639] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f542433f000 [pid 5639] mprotect(0x7f5424340000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5639] clone(child_stack=0x7f542435f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5640 attached , parent_tid=[5640], tls=0x7f542435f700, child_tidptr=0x7f542435f9d0) = 5640 [pid 5639] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5640] set_robust_list(0x7f542435f9e0, 24) = 0 [pid 5639] <... futex resumed>) = 0 [pid 5640] memfd_create("syzkaller", 0 [pid 5639] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5640] <... memfd_create resumed>) = 3 [pid 5640] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f541bf3f000 [pid 5640] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5640] munmap(0x7f541bf3f000, 16777216) = 0 [pid 5640] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5640] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5640] close(3) = 0 [pid 5640] mkdir("./file0", 0777) = 0 [ 74.573501][ T5640] loop0: detected capacity change from 0 to 32768 [ 74.584035][ T5640] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor231 (5640) [ 74.599681][ T5640] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 74.608749][ T5640] BTRFS info (device loop0): turning on flush-on-commit [ 74.615975][ T5640] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 74.627145][ T5640] BTRFS info (device loop0): trying to use backup root at mount time [ 74.635406][ T5640] BTRFS info (device loop0): using free space tree [ 74.650181][ T9] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 74.663947][ T5640] BTRFS warning (device loop0): couldn't read tree root [ 74.675348][ T5640] BTRFS info (device loop0): enabling ssd optimizations [ 74.683402][ T5640] BTRFS info (device loop0): clearing free space tree [ 74.690530][ T5640] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 74.700433][ T5640] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 74.713684][ T5640] BTRFS info (device loop0): creating free space tree [pid 5640] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5640] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5640] chdir("./file0") = 0 [pid 5640] ioctl(4, LOOP_CLR_FD) = 0 [pid 5640] close(4) = 0 [pid 5640] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5640] futex(0x7f542443d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5639] <... futex resumed>) = 0 [pid 5639] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5640] <... futex resumed>) = 0 [pid 5639] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 74.721358][ T5640] BTRFS info (device loop0): setting compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 74.731160][ T5640] BTRFS info (device loop0): setting compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 74.743723][ T5640] BTRFS info (device loop0): checking UUID tree [pid 5640] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5640] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5640] futex(0x7f542443d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5639] <... futex resumed>) = 0 [pid 5639] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5640] <... futex resumed>) = 0 [pid 5639] <... futex resumed>) = 1 [pid 5639] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5640] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0) = 0 [pid 5640] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5640] futex(0x7f542443d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5639] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5639] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5640] <... futex resumed>) = 0 [pid 5639] <... futex resumed>) = 1 [pid 5640] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 74.772989][ T27] audit: type=1800 audit(1677515392.367:28): pid=5640 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor231" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 74.802955][ T5640] BTRFS info (device loop0): balance: start -d -m [ 74.810533][ T5640] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5639] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5639] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5639] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f541cf1e000 [pid 5639] mprotect(0x7f541cf1f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5639] clone(child_stack=0x7f541cf3e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5659], tls=0x7f541cf3e700, child_tidptr=0x7f541cf3e9d0) = 5659 [pid 5639] futex(0x7f542443d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5639] futex(0x7f542443d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5659 attached [pid 5659] set_robust_list(0x7f541cf3e9e0, 24) = 0 [pid 5659] open(".", O_RDONLY) = 5 [pid 5659] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5639] <... futex resumed>) = 0 [pid 5659] futex(0x7f542443d7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5639] futex(0x7f542443d7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5659] <... futex resumed>) = 0 [pid 5639] <... futex resumed>) = 1 [pid 5659] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [ 74.847765][ T5640] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5639] futex(0x7f542443d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5659] <... ioctl resumed>) = 0 [pid 5659] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 74.978169][ T5640] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 75.004562][ T5640] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5659] futex(0x7f542443d7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5640] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5640] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5640] futex(0x7f542443d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5639] exit_group(0) = ? [pid 5659] <... futex resumed>) = ? [pid 5659] +++ exited with 0 +++ [pid 5640] <... futex resumed>) = ? [pid 5640] +++ exited with 0 +++ [pid 5639] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5639, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=38 /* 0.38 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b9b620 /* 4 entries */, 32768) = 112 umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./26/binderfs") = 0 [ 75.028222][ T5640] BTRFS info (device loop0): balance: ended with status: 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556ba3660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ba3660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file0") = 0 getdents64(3, 0x555556b9b620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5660 attached [pid 5660] set_robust_list(0x555556b9a5e0, 24) = 0 [pid 5660] chdir("./27") = 0 [pid 5660] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5660] setpgid(0, 0) = 0 [pid 5660] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5660] write(3, "1000", 4) = 4 [pid 5660] close(3) = 0 [pid 5076] <... clone resumed>, child_tidptr=0x555556b9a5d0) = 5660 [pid 5660] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5660] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5660] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f542433f000 [pid 5660] mprotect(0x7f5424340000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5660] clone(child_stack=0x7f542435f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5661], tls=0x7f542435f700, child_tidptr=0x7f542435f9d0) = 5661 [pid 5660] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5660] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5661 attached [pid 5661] set_robust_list(0x7f542435f9e0, 24) = 0 [pid 5661] memfd_create("syzkaller", 0) = 3 [pid 5661] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f541bf3f000 [pid 5661] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5661] munmap(0x7f541bf3f000, 16777216) = 0 [pid 5661] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5661] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5661] close(3) = 0 [pid 5661] mkdir("./file0", 0777) = 0 [ 75.315800][ T5661] loop0: detected capacity change from 0 to 32768 [ 75.326739][ T5661] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor231 (5661) [ 75.343359][ T5661] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 75.352366][ T5661] BTRFS info (device loop0): turning on flush-on-commit [ 75.359550][ T5661] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 75.370408][ T5661] BTRFS info (device loop0): trying to use backup root at mount time [ 75.378691][ T5661] BTRFS info (device loop0): using free space tree [ 75.392228][ T2823] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 75.405976][ T5661] BTRFS warning (device loop0): couldn't read tree root [pid 5661] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5661] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5661] chdir("./file0") = 0 [pid 5661] ioctl(4, LOOP_CLR_FD) = 0 [pid 5661] close(4) = 0 [pid 5661] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5660] <... futex resumed>) = 0 [pid 5661] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [ 75.418034][ T5661] BTRFS info (device loop0): enabling ssd optimizations [ 75.425882][ T5661] BTRFS info (device loop0): clearing free space tree [pid 5660] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5661] <... open resumed>) = 4 [pid 5660] <... futex resumed>) = 0 [pid 5660] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5661] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5660] <... futex resumed>) = 0 [pid 5660] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5661] <... futex resumed>) = 1 [pid 5660] <... futex resumed>) = 0 [pid 5661] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0 [pid 5660] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5661] <... ioctl resumed>) = 0 [pid 5661] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5660] <... futex resumed>) = 0 [pid 5661] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5660] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5660] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5660] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5660] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f541cf1e000 [pid 5660] mprotect(0x7f541cf1f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5660] clone(child_stack=0x7f541cf3e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5680], tls=0x7f541cf3e700, child_tidptr=0x7f541cf3e9d0) = 5680 [pid 5660] futex(0x7f542443d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5660] futex(0x7f542443d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5680 attached [pid 5680] set_robust_list(0x7f541cf3e9e0, 24) = 0 [pid 5680] open(".", O_RDONLY) = 5 [pid 5680] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5680] futex(0x7f542443d7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5660] <... futex resumed>) = 0 [pid 5660] futex(0x7f542443d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5660] futex(0x7f542443d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5680] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 75.455162][ T27] audit: type=1800 audit(1677515393.047:29): pid=5661 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor231" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5680] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [pid 5660] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5680] <... ioctl resumed>) = 0 [pid 5680] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5680] futex(0x7f542443d7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5661] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5661] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5660] exit_group(0 [pid 5680] <... futex resumed>) = ? [pid 5660] <... exit_group resumed>) = ? [pid 5680] +++ exited with 0 +++ [pid 5661] +++ exited with 0 +++ [pid 5660] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5660, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=30 /* 0.30 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b9b620 /* 4 entries */, 32768) = 112 umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./27/binderfs") = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556ba3660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ba3660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file0") = 0 getdents64(3, 0x555556b9b620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b9a5d0) = 5681 ./strace-static-x86_64: Process 5681 attached [pid 5681] set_robust_list(0x555556b9a5e0, 24) = 0 [pid 5681] chdir("./28") = 0 [pid 5681] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5681] setpgid(0, 0) = 0 [pid 5681] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5681] write(3, "1000", 4) = 4 [pid 5681] close(3) = 0 [pid 5681] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5681] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5681] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f542433f000 [pid 5681] mprotect(0x7f5424340000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5681] clone(child_stack=0x7f542435f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5682 attached [pid 5682] set_robust_list(0x7f542435f9e0, 24 [pid 5681] <... clone resumed>, parent_tid=[5682], tls=0x7f542435f700, child_tidptr=0x7f542435f9d0) = 5682 [pid 5682] <... set_robust_list resumed>) = 0 [pid 5681] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5681] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5682] memfd_create("syzkaller", 0) = 3 [pid 5682] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f541bf3f000 [pid 5682] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5682] munmap(0x7f541bf3f000, 16777216) = 0 [pid 5682] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5682] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5682] close(3) = 0 [pid 5682] mkdir("./file0", 0777) = 0 [ 75.938564][ T5682] loop0: detected capacity change from 0 to 32768 [ 75.949581][ T5682] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor231 (5682) [ 75.964304][ T5682] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [pid 5682] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5682] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5682] chdir("./file0") = 0 [pid 5682] ioctl(4, LOOP_CLR_FD) = 0 [pid 5682] close(4) = 0 [pid 5682] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5681] <... futex resumed>) = 0 [pid 5682] futex(0x7f542443d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5681] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5682] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5681] <... futex resumed>) = 0 [pid 5682] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [ 75.982312][ T9] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 75.995859][ T5682] BTRFS warning (device loop0): couldn't read tree root [pid 5681] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5682] <... open resumed>) = 4 [pid 5682] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5681] <... futex resumed>) = 0 [pid 5682] futex(0x7f542443d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5681] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5682] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5681] <... futex resumed>) = 0 [pid 5682] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0 [pid 5681] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5682] <... ioctl resumed>) = 0 [pid 5682] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5681] <... futex resumed>) = 0 [pid 5682] futex(0x7f542443d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5681] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5682] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5681] <... futex resumed>) = 0 [pid 5682] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 76.034393][ T27] audit: type=1800 audit(1677515393.627:30): pid=5682 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor231" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5681] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5681] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5681] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f541cf1e000 [pid 5681] mprotect(0x7f541cf1f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5681] clone(child_stack=0x7f541cf3e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5701], tls=0x7f541cf3e700, child_tidptr=0x7f541cf3e9d0) = 5701 [pid 5681] futex(0x7f542443d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5681] futex(0x7f542443d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5701 attached [pid 5701] set_robust_list(0x7f541cf3e9e0, 24) = 0 [pid 5701] open(".", O_RDONLY) = 5 [pid 5701] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5681] <... futex resumed>) = 0 [pid 5681] futex(0x7f542443d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5681] futex(0x7f542443d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 76.079726][ T5682] _btrfs_printk: 26 callbacks suppressed [ 76.079743][ T5682] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5701] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [pid 5681] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5701] <... ioctl resumed>) = 0 [pid 5701] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 76.214984][ T5682] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 76.248665][ T5682] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5701] futex(0x7f542443d7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5682] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5682] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5681] exit_group(0 [pid 5701] <... futex resumed>) = ? [pid 5681] <... exit_group resumed>) = ? [pid 5701] +++ exited with 0 +++ [pid 5682] <... futex resumed>) = ? [pid 5682] +++ exited with 0 +++ [pid 5681] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5681, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=26 /* 0.26 s */} --- umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b9b620 /* 4 entries */, 32768) = 112 umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./28/binderfs") = 0 [ 76.269925][ T5682] BTRFS info (device loop0): balance: ended with status: 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556ba3660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ba3660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file0") = 0 getdents64(3, 0x555556b9b620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 76.315276][ T7] cfg80211: failed to load regulatory.db close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b9a5d0) = 5704 ./strace-static-x86_64: Process 5704 attached [pid 5704] set_robust_list(0x555556b9a5e0, 24) = 0 [pid 5704] chdir("./29") = 0 [pid 5704] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5704] setpgid(0, 0) = 0 [pid 5704] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5704] write(3, "1000", 4) = 4 [pid 5704] close(3) = 0 [pid 5704] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5704] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5704] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f542433f000 [pid 5704] mprotect(0x7f5424340000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5704] clone(child_stack=0x7f542435f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5705 attached , parent_tid=[5705], tls=0x7f542435f700, child_tidptr=0x7f542435f9d0) = 5705 [pid 5705] set_robust_list(0x7f542435f9e0, 24 [pid 5704] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5705] <... set_robust_list resumed>) = 0 [pid 5704] <... futex resumed>) = 0 [pid 5704] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5705] memfd_create("syzkaller", 0) = 3 [pid 5705] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f541bf3f000 [pid 5705] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5705] munmap(0x7f541bf3f000, 16777216) = 0 [pid 5705] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5705] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5705] close(3) = 0 [pid 5705] mkdir("./file0", 0777) = 0 [ 76.548760][ T5705] loop0: detected capacity change from 0 to 32768 [ 76.560667][ T5705] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor231 (5705) [ 76.578569][ T5705] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 76.587640][ T5705] BTRFS info (device loop0): turning on flush-on-commit [ 76.594844][ T5705] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 76.605949][ T5705] BTRFS info (device loop0): trying to use backup root at mount time [ 76.614335][ T5705] BTRFS info (device loop0): using free space tree [ 76.628449][ T9] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 76.642561][ T5705] BTRFS warning (device loop0): couldn't read tree root [ 76.654095][ T5705] BTRFS info (device loop0): enabling ssd optimizations [ 76.662164][ T5705] BTRFS info (device loop0): clearing free space tree [ 76.669066][ T5705] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 76.678812][ T5705] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 76.692207][ T5705] BTRFS info (device loop0): creating free space tree [pid 5705] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5705] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5705] chdir("./file0") = 0 [pid 5705] ioctl(4, LOOP_CLR_FD) = 0 [ 76.699947][ T5705] BTRFS info (device loop0): setting compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 76.709655][ T5705] BTRFS info (device loop0): setting compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 76.722032][ T5705] BTRFS info (device loop0): checking UUID tree [pid 5705] close(4) = 0 [pid 5705] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5704] <... futex resumed>) = 0 [pid 5704] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5704] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5705] <... futex resumed>) = 1 [pid 5705] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5705] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5704] <... futex resumed>) = 0 [pid 5704] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5704] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5705] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0) = 0 [pid 5705] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5704] <... futex resumed>) = 0 [pid 5704] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5704] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 76.749106][ T27] audit: type=1800 audit(1677515394.347:31): pid=5705 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor231" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5705] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5704] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5704] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5704] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5704] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f541cf1e000 [pid 5704] mprotect(0x7f541cf1f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5704] clone(child_stack=0x7f541cf3e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5724], tls=0x7f541cf3e700, child_tidptr=0x7f541cf3e9d0) = 5724 [pid 5704] futex(0x7f542443d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5704] futex(0x7f542443d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5724 attached [pid 5724] set_robust_list(0x7f541cf3e9e0, 24) = 0 [pid 5724] open(".", O_RDONLY) = 5 [pid 5724] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5704] <... futex resumed>) = 0 [pid 5704] futex(0x7f542443d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5704] futex(0x7f542443d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5724] <... futex resumed>) = 1 [ 76.792567][ T5705] BTRFS info (device loop0): balance: start -d -m [ 76.800493][ T5705] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5724] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [pid 5704] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 76.839226][ T5705] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5724] <... ioctl resumed>) = 0 [pid 5724] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 76.970516][ T5705] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 77.005107][ T5705] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5724] futex(0x7f542443d7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5705] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5705] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5705] futex(0x7f542443d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5704] exit_group(0 [pid 5724] <... futex resumed>) = ? [pid 5704] <... exit_group resumed>) = ? [pid 5724] +++ exited with 0 +++ [pid 5705] <... futex resumed>) = ? [pid 5705] +++ exited with 0 +++ [pid 5704] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5704, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=35 /* 0.35 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b9b620 /* 4 entries */, 32768) = 112 umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./29/binderfs") = 0 [ 77.031919][ T5705] BTRFS info (device loop0): balance: ended with status: 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556ba3660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ba3660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file0") = 0 getdents64(3, 0x555556b9b620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b9a5d0) = 5725 ./strace-static-x86_64: Process 5725 attached [pid 5725] set_robust_list(0x555556b9a5e0, 24) = 0 [pid 5725] chdir("./30") = 0 [pid 5725] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5725] setpgid(0, 0) = 0 [pid 5725] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5725] write(3, "1000", 4) = 4 [pid 5725] close(3) = 0 [pid 5725] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5725] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5725] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f542433f000 [pid 5725] mprotect(0x7f5424340000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5725] clone(child_stack=0x7f542435f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5726], tls=0x7f542435f700, child_tidptr=0x7f542435f9d0) = 5726 [pid 5725] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5725] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5726 attached [pid 5726] set_robust_list(0x7f542435f9e0, 24) = 0 [pid 5726] memfd_create("syzkaller", 0) = 3 [pid 5726] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f541bf3f000 [pid 5726] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5726] munmap(0x7f541bf3f000, 16777216) = 0 [pid 5726] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5726] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5726] close(3) = 0 [pid 5726] mkdir("./file0", 0777) = 0 [ 77.315548][ T5726] loop0: detected capacity change from 0 to 32768 [ 77.325563][ T5726] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor231 (5726) [ 77.342122][ T5726] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 77.351030][ T5726] BTRFS info (device loop0): turning on flush-on-commit [ 77.358338][ T5726] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 77.369231][ T5726] BTRFS info (device loop0): trying to use backup root at mount time [ 77.377635][ T5726] BTRFS info (device loop0): using free space tree [ 77.391397][ T9] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 77.405339][ T5726] BTRFS warning (device loop0): couldn't read tree root [ 77.417567][ T5726] BTRFS info (device loop0): enabling ssd optimizations [ 77.425614][ T5726] BTRFS info (device loop0): clearing free space tree [ 77.432622][ T5726] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 77.442387][ T5726] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 77.456018][ T5726] BTRFS info (device loop0): creating free space tree [pid 5726] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5726] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5726] chdir("./file0") = 0 [pid 5726] ioctl(4, LOOP_CLR_FD) = 0 [pid 5726] close(4) = 0 [pid 5726] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5725] <... futex resumed>) = 0 [pid 5726] futex(0x7f542443d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5725] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5726] <... futex resumed>) = 0 [pid 5725] <... futex resumed>) = 1 [pid 5726] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [ 77.464611][ T5726] BTRFS info (device loop0): setting compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 77.474297][ T5726] BTRFS info (device loop0): setting compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 77.487345][ T5726] BTRFS info (device loop0): checking UUID tree [pid 5725] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5726] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5726] futex(0x7f542443d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5725] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5725] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5726] <... futex resumed>) = 0 [pid 5725] <... futex resumed>) = 1 [pid 5726] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0 [pid 5725] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5726] <... ioctl resumed>) = 0 [pid 5726] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5725] <... futex resumed>) = 0 [pid 5726] futex(0x7f542443d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5725] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5726] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5725] <... futex resumed>) = 0 [pid 5726] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5725] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5725] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5725] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f541cf1e000 [pid 5725] mprotect(0x7f541cf1f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5725] clone(child_stack=0x7f541cf3e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5745], tls=0x7f541cf3e700, child_tidptr=0x7f541cf3e9d0) = 5745 [pid 5725] futex(0x7f542443d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 77.521391][ T27] audit: type=1800 audit(1677515395.117:32): pid=5726 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor231" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 77.547730][ T5726] BTRFS info (device loop0): balance: start -d -m [ 77.554909][ T5726] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5725] futex(0x7f542443d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5745 attached [pid 5745] set_robust_list(0x7f541cf3e9e0, 24) = 0 [pid 5745] open(".", O_RDONLY) = 5 [pid 5745] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5725] <... futex resumed>) = 0 [pid 5745] futex(0x7f542443d7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5725] futex(0x7f542443d7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5745] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5725] <... futex resumed>) = 0 [pid 5745] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [ 77.599019][ T5726] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5725] futex(0x7f542443d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5725] futex(0x7f542443d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5745] <... ioctl resumed>) = 0 [pid 5745] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 77.731240][ T5726] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 77.759033][ T5726] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5745] futex(0x7f542443d7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5726] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5726] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5726] futex(0x7f542443d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5725] exit_group(0) = ? [pid 5745] <... futex resumed>) = ? [pid 5745] +++ exited with 0 +++ [pid 5726] <... futex resumed>) = ? [pid 5726] +++ exited with 0 +++ [pid 5725] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5725, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=39 /* 0.39 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b9b620 /* 4 entries */, 32768) = 112 umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./30/binderfs") = 0 [ 77.783574][ T5726] BTRFS info (device loop0): balance: ended with status: 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556ba3660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ba3660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file0") = 0 getdents64(3, 0x555556b9b620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b9a5d0) = 5746 ./strace-static-x86_64: Process 5746 attached [pid 5746] set_robust_list(0x555556b9a5e0, 24) = 0 [pid 5746] chdir("./31") = 0 [pid 5746] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5746] setpgid(0, 0) = 0 [pid 5746] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5746] write(3, "1000", 4) = 4 [pid 5746] close(3) = 0 [pid 5746] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5746] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5746] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f542433f000 [pid 5746] mprotect(0x7f5424340000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5746] clone(child_stack=0x7f542435f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5747 attached , parent_tid=[5747], tls=0x7f542435f700, child_tidptr=0x7f542435f9d0) = 5747 [pid 5747] set_robust_list(0x7f542435f9e0, 24 [pid 5746] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5747] <... set_robust_list resumed>) = 0 [pid 5746] <... futex resumed>) = 0 [pid 5746] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5747] memfd_create("syzkaller", 0) = 3 [pid 5747] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f541bf3f000 [pid 5747] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5747] munmap(0x7f541bf3f000, 16777216) = 0 [pid 5747] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5747] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5747] close(3) = 0 [pid 5747] mkdir("./file0", 0777) = 0 [ 78.057016][ T5747] loop0: detected capacity change from 0 to 32768 [ 78.067885][ T5747] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor231 (5747) [ 78.083742][ T5747] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 78.092773][ T5747] BTRFS info (device loop0): turning on flush-on-commit [ 78.099988][ T5747] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 78.110648][ T5747] BTRFS info (device loop0): trying to use backup root at mount time [ 78.118843][ T5747] BTRFS info (device loop0): using free space tree [ 78.132470][ T9] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 78.146289][ T5747] BTRFS warning (device loop0): couldn't read tree root [ 78.158795][ T5747] BTRFS info (device loop0): enabling ssd optimizations [ 78.166733][ T5747] BTRFS info (device loop0): clearing free space tree [ 78.173528][ T5747] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 78.183775][ T5747] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 78.197308][ T5747] BTRFS info (device loop0): creating free space tree [pid 5747] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5747] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5747] chdir("./file0") = 0 [pid 5747] ioctl(4, LOOP_CLR_FD) = 0 [pid 5747] close(4) = 0 [pid 5747] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5746] <... futex resumed>) = 0 [pid 5747] futex(0x7f542443d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5746] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5747] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5746] <... futex resumed>) = 0 [pid 5747] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [ 78.204720][ T5747] BTRFS info (device loop0): setting compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 78.214383][ T5747] BTRFS info (device loop0): setting compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 78.226642][ T5747] BTRFS info (device loop0): checking UUID tree [pid 5746] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5747] <... open resumed>) = 4 [pid 5747] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5746] <... futex resumed>) = 0 [pid 5747] futex(0x7f542443d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5746] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5747] <... futex resumed>) = 0 [pid 5747] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0 [pid 5746] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5747] <... ioctl resumed>) = 0 [pid 5747] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5746] <... futex resumed>) = 0 [pid 5746] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5747] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 78.264109][ T27] audit: type=1800 audit(1677515395.857:33): pid=5747 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor231" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 78.298911][ T5747] BTRFS info (device loop0): balance: start -d -m [ 78.306818][ T5747] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5746] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5746] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5746] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f541cf1e000 [pid 5746] mprotect(0x7f541cf1f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5746] clone(child_stack=0x7f541cf3e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5766], tls=0x7f541cf3e700, child_tidptr=0x7f541cf3e9d0) = 5766 [pid 5746] futex(0x7f542443d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5746] futex(0x7f542443d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5766 attached [pid 5766] set_robust_list(0x7f541cf3e9e0, 24) = 0 [pid 5766] open(".", O_RDONLY) = 5 [pid 5766] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5766] futex(0x7f542443d7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5746] <... futex resumed>) = 0 [pid 5746] futex(0x7f542443d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5766] <... futex resumed>) = 0 [pid 5766] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [ 78.342301][ T5747] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5746] futex(0x7f542443d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5766] <... ioctl resumed>) = 0 [pid 5766] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 78.457785][ T5747] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 78.484769][ T5747] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5766] futex(0x7f542443d7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5747] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5747] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5746] exit_group(0 [pid 5766] <... futex resumed>) = ? [pid 5747] <... futex resumed>) = ? [pid 5746] <... exit_group resumed>) = ? [pid 5766] +++ exited with 0 +++ [pid 5747] +++ exited with 0 +++ [pid 5746] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5746, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=40 /* 0.40 s */} --- umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b9b620 /* 4 entries */, 32768) = 112 umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./31/binderfs") = 0 [ 78.509137][ T5747] BTRFS info (device loop0): balance: ended with status: 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556ba3660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ba3660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file0") = 0 getdents64(3, 0x555556b9b620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5767 attached , child_tidptr=0x555556b9a5d0) = 5767 [pid 5767] set_robust_list(0x555556b9a5e0, 24) = 0 [pid 5767] chdir("./32") = 0 [pid 5767] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5767] setpgid(0, 0) = 0 [pid 5767] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5767] write(3, "1000", 4) = 4 [pid 5767] close(3) = 0 [pid 5767] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5767] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5767] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f542433f000 [pid 5767] mprotect(0x7f5424340000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5767] clone(child_stack=0x7f542435f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5768], tls=0x7f542435f700, child_tidptr=0x7f542435f9d0) = 5768 [pid 5767] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5767] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5768 attached [pid 5768] set_robust_list(0x7f542435f9e0, 24) = 0 [pid 5768] memfd_create("syzkaller", 0) = 3 [pid 5768] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f541bf3f000 [pid 5768] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5768] munmap(0x7f541bf3f000, 16777216) = 0 [pid 5768] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5768] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5768] close(3) = 0 [pid 5768] mkdir("./file0", 0777) = 0 [ 78.777179][ T5768] loop0: detected capacity change from 0 to 32768 [ 78.787547][ T5768] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor231 (5768) [ 78.803473][ T5768] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 78.812490][ T5768] BTRFS info (device loop0): turning on flush-on-commit [ 78.819695][ T5768] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 78.830790][ T5768] BTRFS info (device loop0): trying to use backup root at mount time [ 78.839194][ T5768] BTRFS info (device loop0): using free space tree [ 78.852919][ T41] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 78.866765][ T5768] BTRFS warning (device loop0): couldn't read tree root [ 78.877692][ T5768] BTRFS info (device loop0): enabling ssd optimizations [ 78.885257][ T5768] BTRFS info (device loop0): clearing free space tree [ 78.892187][ T5768] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 78.901915][ T5768] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 78.916429][ T5768] BTRFS info (device loop0): creating free space tree [pid 5768] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5768] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5768] chdir("./file0") = 0 [pid 5768] ioctl(4, LOOP_CLR_FD) = 0 [pid 5768] close(4) = 0 [pid 5768] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5767] <... futex resumed>) = 0 [pid 5767] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5767] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5768] <... futex resumed>) = 1 [ 78.924055][ T5768] BTRFS info (device loop0): setting compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 78.933763][ T5768] BTRFS info (device loop0): setting compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 78.946611][ T5768] BTRFS info (device loop0): checking UUID tree [pid 5768] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5768] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5767] <... futex resumed>) = 0 [pid 5767] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5767] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5768] <... futex resumed>) = 1 [pid 5768] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0) = 0 [pid 5768] futex(0x7f542443d7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5767] <... futex resumed>) = 0 [pid 5767] futex(0x7f542443d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5767] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5768] <... futex resumed>) = 1 [pid 5768] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5767] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5767] futex(0x7f542443d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5767] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5767] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f541cf1e000 [pid 5767] mprotect(0x7f541cf1f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5767] clone(child_stack=0x7f541cf3e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5787], tls=0x7f541cf3e700, child_tidptr=0x7f541cf3e9d0) = 5787 [pid 5767] futex(0x7f542443d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5767] futex(0x7f542443d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5787 attached [pid 5787] set_robust_list(0x7f541cf3e9e0, 24) = 0 [pid 5787] open(".", O_RDONLY) = 5 [pid 5787] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5767] <... futex resumed>) = 0 [pid 5787] <... futex resumed>) = 1 [pid 5767] futex(0x7f542443d7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5787] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [pid 5767] <... futex resumed>) = 0 [ 78.969870][ T27] audit: type=1800 audit(1677515396.567:34): pid=5768 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor231" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 78.994821][ T5768] BTRFS info (device loop0): balance: start -d -m [ 79.002492][ T5768] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5767] futex(0x7f542443d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 79.066127][ T5768] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 79.080039][ T5768] BTRFS warning (device loop0): Skipping commit of aborted transaction. [ 79.089465][ T5768] ------------[ cut here ]------------ [ 79.094986][ T5768] BTRFS: Transaction aborted (error -28) [ 79.102171][ T5768] WARNING: CPU: 1 PID: 5768 at fs/btrfs/transaction.c:1984 cleanup_transaction+0x6b8/0x7a0 [ 79.112314][ T5768] Modules linked in: [ 79.116333][ T5768] CPU: 1 PID: 5768 Comm: syz-executor231 Not tainted 6.2.0-syzkaller-12485-gf3a2439f20d9 #0 [ 79.126490][ T5768] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023 [ 79.136634][ T5768] RIP: 0010:cleanup_transaction+0x6b8/0x7a0 [ 79.142558][ T5768] Code: 41 5c 41 5d 41 5e 41 5f 5d c3 e8 43 cc fb fd 0f 0b e9 87 fa ff ff e8 37 cc fb fd 48 c7 c7 60 34 4a 8b 44 89 f6 e8 c8 8c c2 fd <0f> 0b e9 f2 fa ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c 40 fa ff [pid 5787] <... ioctl resumed>) = 0 [pid 5787] futex(0x7f542443d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 79.162353][ T5768] RSP: 0018:ffffc9000a857420 EFLAGS: 00010246 [ 79.168611][ T5768] RAX: bd03f37ede31bf00 RBX: 0000000000000000 RCX: ffff888076fd3a80 [ 79.176705][ T5768] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 79.184709][ T5768] RBP: ffffc9000a857550 R08: ffffffff8153a9f2 R09: fffff5200150adfd [ 79.192757][ T5768] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff888074d30440 [ 79.200892][ T5768] R13: 1ffff1100e9a6088 R14: 00000000ffffffe4 R15: 00000000ffffffe4 [ 79.208958][ T5768] FS: 00007f542435f700(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 79.217945][ T5768] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 79.224545][ T5768] CR2: 00007f541cf3e718 CR3: 0000000077978000 CR4: 00000000003506e0 [ 79.232570][ T5768] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 79.240613][ T5768] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 79.248668][ T5768] Call Trace: [ 79.251957][ T5768] [ 79.254890][ T5768] ? trace_btrfs_transaction_commit+0x350/0x350 [ 79.261211][ T5768] ? do_raw_spin_unlock+0x13b/0x8b0 [ 79.266704][ T5768] ? btrfs_trans_release_metadata+0x158/0x1c0 [ 79.272826][ T5768] btrfs_commit_transaction+0x29e3/0x3440 [ 79.278705][ T5768] ? join_transaction+0xbfd/0xe80 [ 79.283778][ T5768] ? __lock_acquire+0x1f80/0x1f80 [ 79.288910][ T5768] ? btrfs_commit_transaction_async+0x450/0x450 [ 79.295220][ T5768] ? do_raw_spin_unlock+0x13b/0x8b0 [ 79.300528][ T5768] ? join_transaction+0xc52/0xe80 [ 79.305592][ T5768] ? join_transaction+0xc28/0xe80 [ 79.310700][ T5768] ? btrfs_record_root_in_trans+0x92/0x180 [ 79.316566][ T5768] ? start_transaction+0x3de/0x1050 [ 79.321786][ T5768] prepare_to_relocate+0x3c5/0x4c0 [ 79.327037][ T5768] relocate_block_group+0x17f/0xce0 [ 79.332280][ T5768] ? __mutex_lock_common+0x42d/0x2530 [ 79.337749][ T5768] ? btrfs_wait_ordered_roots+0x8f4/0x950 [ 79.343495][ T5768] ? btrfs_relocate_block_group+0x7a3/0xd70 [ 79.349452][ T5768] ? describe_relocation+0x130/0x130 [ 79.354773][ T5768] btrfs_relocate_block_group+0x7ab/0xd70 [ 79.360581][ T5768] btrfs_relocate_chunk+0x12c/0x350 [pid 5787] futex(0x7f542443d7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5767] exit_group(0 [pid 5787] <... futex resumed>) = ? [pid 5767] <... exit_group resumed>) = ? [pid 5787] +++ exited with 0 +++ [ 79.365802][ T5768] __btrfs_balance+0x1b06/0x2690 [ 79.370936][ T5768] ? describe_balance_start_or_resume+0x490/0x490 [ 79.377423][ T5768] ? mutex_unlock+0x10/0x10 [ 79.381979][ T5768] ? do_raw_spin_unlock+0x13b/0x8b0 [ 79.387342][ T5768] ? validate_convert_profile+0x7d/0x2c0 [ 79.393003][ T5768] btrfs_balance+0xbdf/0x1120 [ 79.397776][ T5768] btrfs_ioctl_balance+0x493/0x7c0 [ 79.402906][ T5768] ? btrfs_ioctl+0xb88/0xd40 [ 79.407548][ T5768] ? btrfs_ioctl_get_supported_features+0x50/0x50 [ 79.413999][ T5768] __se_sys_ioctl+0xf1/0x160 [ 79.418673][ T5768] do_syscall_64+0x41/0xc0 [ 79.423119][ T5768] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 79.429103][ T5768] RIP: 0033:0x7f54243b3659 [ 79.433572][ T5768] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 79.453257][ T5768] RSP: 002b:00007f542435f2f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 79.461739][ T5768] RAX: ffffffffffffffda RBX: 00007f542443d7a0 RCX: 00007f54243b3659 [ 79.470039][ T5768] RDX: 00000000200003c0 RSI: 00000000c4009420 RDI: 0000000000000004 [ 79.478053][ T5768] RBP: 00007f542440a1b0 R08: 0000000000000000 R09: 0000000000000000 [ 79.486049][ T5768] R10: 0000000000000000 R11: 0000000000000246 R12: 756b636162657375 [ 79.494120][ T5768] R13: 636e6f6873756c66 R14: 0030656c69662f2e R15: 00007f542443d7a8 [ 79.502211][ T5768] [ 79.505250][ T5768] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 79.512551][ T5768] CPU: 1 PID: 5768 Comm: syz-executor231 Not tainted 6.2.0-syzkaller-12485-gf3a2439f20d9 #0 [ 79.522637][ T5768] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023 [ 79.532716][ T5768] Call Trace: [ 79.536014][ T5768] [ 79.538945][ T5768] dump_stack_lvl+0x1e7/0x2d0 [ 79.543642][ T5768] ? nf_tcp_handle_invalid+0x650/0x650 [ 79.549110][ T5768] ? vsnprintf+0x17f/0x1d80 [ 79.553661][ T5768] ? panic+0x770/0x770 [ 79.557748][ T5768] ? vscnprintf+0x5d/0x80 [ 79.562102][ T5768] panic+0x31c/0x770 [ 79.566008][ T5768] ? __warn+0x16c/0x610 [ 79.570267][ T5768] ? memcpy_page_flushcache+0x100/0x100 [ 79.575829][ T5768] __warn+0x434/0x610 [ 79.579825][ T5768] ? cleanup_transaction+0x6b8/0x7a0 [ 79.585110][ T5768] report_bug+0x2b3/0x500 [ 79.589440][ T5768] ? cleanup_transaction+0x6b8/0x7a0 [ 79.594724][ T5768] handle_bug+0x3d/0x70 [ 79.598880][ T5768] exc_invalid_op+0x1a/0x50 [ 79.603396][ T5768] asm_exc_invalid_op+0x1a/0x20 [ 79.608251][ T5768] RIP: 0010:cleanup_transaction+0x6b8/0x7a0 [ 79.614143][ T5768] Code: 41 5c 41 5d 41 5e 41 5f 5d c3 e8 43 cc fb fd 0f 0b e9 87 fa ff ff e8 37 cc fb fd 48 c7 c7 60 34 4a 8b 44 89 f6 e8 c8 8c c2 fd <0f> 0b e9 f2 fa ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c 40 fa ff [ 79.633744][ T5768] RSP: 0018:ffffc9000a857420 EFLAGS: 00010246 [ 79.639807][ T5768] RAX: bd03f37ede31bf00 RBX: 0000000000000000 RCX: ffff888076fd3a80 [ 79.647780][ T5768] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 79.655744][ T5768] RBP: ffffc9000a857550 R08: ffffffff8153a9f2 R09: fffff5200150adfd [ 79.663711][ T5768] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff888074d30440 [ 79.671765][ T5768] R13: 1ffff1100e9a6088 R14: 00000000ffffffe4 R15: 00000000ffffffe4 [ 79.679743][ T5768] ? __warn_printk+0x292/0x360 [ 79.684533][ T5768] ? trace_btrfs_transaction_commit+0x350/0x350 [ 79.690796][ T5768] ? do_raw_spin_unlock+0x13b/0x8b0 [ 79.695997][ T5768] ? btrfs_trans_release_metadata+0x158/0x1c0 [ 79.702064][ T5768] btrfs_commit_transaction+0x29e3/0x3440 [ 79.707820][ T5768] ? join_transaction+0xbfd/0xe80 [ 79.712865][ T5768] ? __lock_acquire+0x1f80/0x1f80 [ 79.717909][ T5768] ? btrfs_commit_transaction_async+0x450/0x450 [ 79.724153][ T5768] ? do_raw_spin_unlock+0x13b/0x8b0 [ 79.729359][ T5768] ? join_transaction+0xc52/0xe80 [ 79.734381][ T5768] ? join_transaction+0xc28/0xe80 [ 79.739423][ T5768] ? btrfs_record_root_in_trans+0x92/0x180 [ 79.745236][ T5768] ? start_transaction+0x3de/0x1050 [ 79.750442][ T5768] prepare_to_relocate+0x3c5/0x4c0 [ 79.755560][ T5768] relocate_block_group+0x17f/0xce0 [ 79.760762][ T5768] ? __mutex_lock_common+0x42d/0x2530 [ 79.766139][ T5768] ? btrfs_wait_ordered_roots+0x8f4/0x950 [ 79.771868][ T5768] ? btrfs_relocate_block_group+0x7a3/0xd70 [ 79.777763][ T5768] ? describe_relocation+0x130/0x130 [ 79.783064][ T5768] btrfs_relocate_block_group+0x7ab/0xd70 [ 79.788791][ T5768] btrfs_relocate_chunk+0x12c/0x350 [ 79.794023][ T5768] __btrfs_balance+0x1b06/0x2690 [ 79.798992][ T5768] ? describe_balance_start_or_resume+0x490/0x490 [ 79.805402][ T5768] ? mutex_unlock+0x10/0x10 [ 79.809909][ T5768] ? do_raw_spin_unlock+0x13b/0x8b0 [ 79.815111][ T5768] ? validate_convert_profile+0x7d/0x2c0 [ 79.820925][ T5768] btrfs_balance+0xbdf/0x1120 [ 79.825618][ T5768] btrfs_ioctl_balance+0x493/0x7c0 [ 79.830754][ T5768] ? btrfs_ioctl+0xb88/0xd40 [ 79.835345][ T5768] ? btrfs_ioctl_get_supported_features+0x50/0x50 [ 79.841758][ T5768] __se_sys_ioctl+0xf1/0x160 [ 79.846360][ T5768] do_syscall_64+0x41/0xc0 [ 79.850780][ T5768] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 79.856675][ T5768] RIP: 0033:0x7f54243b3659 [ 79.861088][ T5768] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 79.880690][ T5768] RSP: 002b:00007f542435f2f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 79.889104][ T5768] RAX: ffffffffffffffda RBX: 00007f542443d7a0 RCX: 00007f54243b3659 [ 79.897072][ T5768] RDX: 00000000200003c0 RSI: 00000000c4009420 RDI: 0000000000000004 [ 79.905039][ T5768] RBP: 00007f542440a1b0 R08: 0000000000000000 R09: 0000000000000000 [ 79.913007][ T5768] R10: 0000000000000000 R11: 0000000000000246 R12: 756b636162657375 [ 79.920974][ T5768] R13: 636e6f6873756c66 R14: 0030656c69662f2e R15: 00007f542443d7a8 [ 79.928957][ T5768] [ 79.932149][ T5768] Kernel Offset: disabled [ 79.936564][ T5768] Rebooting in 86400 seconds..