./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2794997037 <...> forked to background, child pid 4645 no interfaces have a carrier [ 38.736933][ T4646] 8021q: adding VLAN 0 to HW filter on device bond0 [ 38.766020][ T4646] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.80' (ECDSA) to the list of known hosts. execve("./syz-executor2794997037", ["./syz-executor2794997037"], 0x7ffda018f970 /* 10 vars */) = 0 brk(NULL) = 0x555556e53000 brk(0x555556e53c40) = 0x555556e53c40 arch_prctl(ARCH_SET_FS, 0x555556e53300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x555556e535d0) = 5071 set_robust_list(0x555556e535e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f41587ae950, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f41587af020}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f41587ae9f0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f41587af020}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2794997037", 4096) = 28 brk(0x555556e74c40) = 0x555556e74c40 brk(0x555556e75000) = 0x555556e75000 mprotect(0x7f4158876000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 5071 mkdir("./syzkaller.NUXJFC", 0700) = 0 chmod("./syzkaller.NUXJFC", 0777) = 0 chdir("./syzkaller.NUXJFC") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e535d0) = 5072 ./strace-static-x86_64: Process 5072 attached [pid 5072] set_robust_list(0x555556e535e0, 24) = 0 [pid 5072] chdir("./0") = 0 [pid 5072] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5072] setpgid(0, 0) = 0 [pid 5072] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5072] write(3, "1000", 4) = 4 [pid 5072] close(3) = 0 [pid 5072] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5072] futex(0x7f415887c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f415877d000 [pid 5072] mprotect(0x7f415877e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5072] clone(child_stack=0x7f415879d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5074], tls=0x7f415879d700, child_tidptr=0x7f415879d9d0) = 5074 [pid 5072] futex(0x7f415887c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5074 attached [pid 5074] set_robust_list(0x7f415879d9e0, 24 [pid 5072] futex(0x7f415887c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5074] <... set_robust_list resumed>) = 0 [pid 5074] memfd_create("syzkaller", 0) = 3 [pid 5074] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f415037d000 syzkaller login: [ 62.056247][ T5074] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5074 'syz-executor279' [pid 5074] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5074] munmap(0x7f415037d000, 16777216) = 0 [pid 5074] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5074] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5074] close(3) = 0 [pid 5074] mkdir("./file0", 0777) = 0 [ 62.235895][ T5074] loop0: detected capacity change from 0 to 32768 [ 62.249597][ T5074] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor279 (5074) [ 62.269697][ T5074] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 62.279135][ T5074] BTRFS info (device loop0): force clearing of disk cache [ 62.286286][ T5074] BTRFS info (device loop0): setting nodatasum [ 62.292985][ T5074] BTRFS info (device loop0): allowing degraded mounts [ 62.300667][ T5074] BTRFS info (device loop0): enabling disk space caching [ 62.307736][ T5074] BTRFS info (device loop0): disk space caching is enabled [ 62.331281][ T5074] BTRFS info (device loop0): enabling ssd optimizations [ 62.338651][ T5074] BTRFS info (device loop0): auto enabling async discard [ 62.347701][ T5074] BTRFS info (device loop0): clearing free space tree [ 62.355354][ T5074] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 62.365818][ T5074] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5074] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5074] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5074] chdir("./file0") = 0 [pid 5074] ioctl(4, LOOP_CLR_FD) = 0 [pid 5074] close(4) = 0 [pid 5074] futex(0x7f415887c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5072] <... futex resumed>) = 0 [pid 5074] futex(0x7f415887c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5072] futex(0x7f415887c7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5074] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5072] <... futex resumed>) = 0 [pid 5074] openat(AT_FDCWD, ".", O_RDONLY [pid 5072] futex(0x7f415887c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5074] <... openat resumed>) = 4 [pid 5074] futex(0x7f415887c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5072] <... futex resumed>) = 0 [pid 5074] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5072] futex(0x7f415887c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 62.390272][ T5074] BTRFS info (device loop0): checking UUID tree [ 62.422297][ T5074] BTRFS info (device loop0): balance: start -d -m -s [pid 5072] futex(0x7f415887c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5072] futex(0x7f415887c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5072] futex(0x7f415887c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f415135c000 [pid 5072] mprotect(0x7f415135d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5072] clone(child_stack=0x7f415137c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5093 attached [pid 5093] set_robust_list(0x7f415137c9e0, 24 [pid 5072] <... clone resumed>, parent_tid=[5093], tls=0x7f415137c700, child_tidptr=0x7f415137c9d0) = 5093 [pid 5093] <... set_robust_list resumed>) = 0 [pid 5072] futex(0x7f415887c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5093] open("./file0", O_RDONLY [pid 5072] futex(0x7f415887c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5093] <... open resumed>) = 5 [pid 5093] futex(0x7f415887c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] <... futex resumed>) = 0 [pid 5072] futex(0x7f415887c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] futex(0x7f415887c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5093] <... futex resumed>) = 1 [ 62.434175][ T5074] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5093] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6 [pid 5093] futex(0x7f415887c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] <... futex resumed>) = 0 [pid 5072] futex(0x7f415887c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] futex(0x7f415887c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5093] <... futex resumed>) = 1 [pid 5093] ioctl(5, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5093] futex(0x7f415887c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] <... futex resumed>) = 0 [pid 5072] futex(0x7f415887c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] futex(0x7f415887c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5093] <... futex resumed>) = 1 [ 62.484606][ T5074] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 62.493819][ T27] audit: type=1800 audit(1680092540.890:2): pid=5093 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor279" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5093] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 7 [pid 5093] futex(0x7f415887c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] <... futex resumed>) = 0 [pid 5072] futex(0x7f415887c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] futex(0x7f415887c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5093] <... futex resumed>) = 1 [ 62.539901][ T27] audit: type=1800 audit(1680092540.940:3): pid=5093 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor279" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 62.563894][ T41] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 5093] ioctl(5, BTRFS_IOC_SNAP_CREATE, {fd=6, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x02\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 5072] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5093] <... ioctl resumed>) = 0 [pid 5093] futex(0x7f415887c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 62.680025][ T5074] BTRFS info (device loop0): found 7 extents, stage: move data extents [pid 5093] futex(0x7f415887c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5072] exit_group(0 [pid 5093] <... futex resumed>) = ? [pid 5072] <... exit_group resumed>) = ? [pid 5093] +++ exited with 0 +++ [ 62.731917][ T5074] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 62.755730][ T5074] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5074] <... ioctl resumed> ) = ? [pid 5074] +++ exited with 0 +++ [pid 5072] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5072, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=52 /* 0.52 s */} --- umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556e54620 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./0/binderfs") = 0 [ 62.778354][ T5074] BTRFS info (device loop0): found 1 extents, stage: move data extents [ 62.799625][ T5074] BTRFS info (device loop0): balance: ended with status: 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556e5c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e5c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x555556e54620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e535d0) = 5098 ./strace-static-x86_64: Process 5098 attached [pid 5098] set_robust_list(0x555556e535e0, 24) = 0 [pid 5098] chdir("./1") = 0 [pid 5098] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5098] setpgid(0, 0) = 0 [pid 5098] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5098] write(3, "1000", 4) = 4 [pid 5098] close(3) = 0 [pid 5098] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5098] futex(0x7f415887c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5098] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f415877d000 [pid 5098] mprotect(0x7f415877e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5098] clone(child_stack=0x7f415879d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5099 attached , parent_tid=[5099], tls=0x7f415879d700, child_tidptr=0x7f415879d9d0) = 5099 [pid 5098] futex(0x7f415887c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5098] futex(0x7f415887c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5099] set_robust_list(0x7f415879d9e0, 24) = 0 [pid 5099] memfd_create("syzkaller", 0) = 3 [pid 5099] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f415037d000 [pid 5099] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5099] munmap(0x7f415037d000, 16777216) = 0 [pid 5099] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5099] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5099] close(3) = 0 [pid 5099] mkdir("./file0", 0777) = 0 [ 63.166354][ T5099] loop0: detected capacity change from 0 to 32768 [ 63.177717][ T5099] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor279 (5099) [ 63.195214][ T5099] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 63.204517][ T5099] BTRFS info (device loop0): force clearing of disk cache [ 63.211693][ T5099] BTRFS info (device loop0): setting nodatasum [ 63.218037][ T5099] BTRFS info (device loop0): allowing degraded mounts [ 63.224864][ T5099] BTRFS info (device loop0): enabling disk space caching [ 63.232023][ T5099] BTRFS info (device loop0): disk space caching is enabled [ 63.253709][ T5099] BTRFS info (device loop0): enabling ssd optimizations [pid 5099] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5099] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5099] chdir("./file0") = 0 [pid 5099] ioctl(4, LOOP_CLR_FD) = 0 [pid 5099] close(4) = 0 [pid 5099] futex(0x7f415887c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5098] <... futex resumed>) = 0 [pid 5098] futex(0x7f415887c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5098] futex(0x7f415887c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5099] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5099] futex(0x7f415887c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5098] <... futex resumed>) = 0 [pid 5098] futex(0x7f415887c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5098] futex(0x7f415887c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 63.260727][ T5099] BTRFS info (device loop0): auto enabling async discard [ 63.269287][ T5099] BTRFS info (device loop0): clearing free space tree [ 63.276115][ T5099] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 63.285969][ T5099] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 63.300928][ T5099] BTRFS info (device loop0): checking UUID tree [pid 5099] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5098] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5098] futex(0x7f415887c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5098] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f415135c000 [pid 5098] mprotect(0x7f415135d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5098] clone(child_stack=0x7f415137c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5118], tls=0x7f415137c700, child_tidptr=0x7f415137c9d0) = 5118 [pid 5098] futex(0x7f415887c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5098] futex(0x7f415887c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5118 attached [pid 5118] set_robust_list(0x7f415137c9e0, 24) = 0 [pid 5118] open("./file0", O_RDONLY) = 5 [pid 5118] futex(0x7f415887c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5098] <... futex resumed>) = 0 [ 63.337665][ T5099] BTRFS info (device loop0): balance: start -d -m -s [ 63.352612][ T5099] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 63.373100][ T5099] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5118] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5098] futex(0x7f415887c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5098] futex(0x7f415887c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5118] <... open resumed>) = 6 [pid 5118] futex(0x7f415887c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5098] <... futex resumed>) = 0 [pid 5118] <... futex resumed>) = 1 [pid 5098] futex(0x7f415887c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5098] futex(0x7f415887c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5118] ioctl(5, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5118] futex(0x7f415887c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5098] <... futex resumed>) = 0 [pid 5118] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5098] futex(0x7f415887c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 63.405099][ T27] audit: type=1800 audit(1680092541.810:4): pid=5118 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor279" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5098] futex(0x7f415887c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5118] <... open resumed>) = 7 [pid 5118] futex(0x7f415887c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5098] <... futex resumed>) = 0 [pid 5098] futex(0x7f415887c7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5118] ioctl(5, BTRFS_IOC_SNAP_CREATE, {fd=6, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x02\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 5098] <... futex resumed>) = 0 [ 63.460968][ T41] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 63.483734][ T27] audit: type=1800 audit(1680092541.860:5): pid=5118 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor279" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5098] futex(0x7f415887c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5118] <... ioctl resumed>) = 0 [pid 5118] futex(0x7f415887c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5098] <... futex resumed>) = 0 [ 63.513625][ T5099] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 63.557960][ T5099] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 63.581090][ T5099] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5118] futex(0x7f415887c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5099] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5099] futex(0x7f415887c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5098] exit_group(0) = ? [pid 5118] <... futex resumed>) = ? [pid 5099] <... futex resumed>) = ? [pid 5118] +++ exited with 0 +++ [pid 5099] +++ exited with 0 +++ [pid 5098] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5098, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=46 /* 0.46 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556e54620 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./1/binderfs") = 0 [ 63.601111][ T5099] BTRFS info (device loop0): found 1 extents, stage: move data extents [ 63.619661][ T5099] BTRFS info (device loop0): balance: ended with status: 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556e5c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e5c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 getdents64(3, 0x555556e54620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e535d0) = 5122 ./strace-static-x86_64: Process 5122 attached [pid 5122] set_robust_list(0x555556e535e0, 24) = 0 [pid 5122] chdir("./2") = 0 [pid 5122] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5122] setpgid(0, 0) = 0 [pid 5122] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5122] write(3, "1000", 4) = 4 [pid 5122] close(3) = 0 [pid 5122] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5122] futex(0x7f415887c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f415877d000 [pid 5122] mprotect(0x7f415877e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5122] clone(child_stack=0x7f415879d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5123 attached , parent_tid=[5123], tls=0x7f415879d700, child_tidptr=0x7f415879d9d0) = 5123 [pid 5122] futex(0x7f415887c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] futex(0x7f415887c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5123] set_robust_list(0x7f415879d9e0, 24) = 0 [pid 5123] memfd_create("syzkaller", 0) = 3 [pid 5123] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f415037d000 [pid 5123] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5123] munmap(0x7f415037d000, 16777216) = 0 [pid 5123] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5123] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5123] close(3) = 0 [pid 5123] mkdir("./file0", 0777) = 0 [ 63.975368][ T5123] loop0: detected capacity change from 0 to 32768 [ 63.987940][ T5123] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor279 (5123) [ 64.003437][ T5123] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 64.012778][ T5123] BTRFS info (device loop0): force clearing of disk cache [ 64.020075][ T5123] BTRFS info (device loop0): setting nodatasum [ 64.026259][ T5123] BTRFS info (device loop0): allowing degraded mounts [ 64.033123][ T5123] BTRFS info (device loop0): enabling disk space caching [ 64.040337][ T5123] BTRFS info (device loop0): disk space caching is enabled [ 64.063521][ T5123] BTRFS info (device loop0): enabling ssd optimizations [pid 5123] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5123] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5123] chdir("./file0") = 0 [pid 5123] ioctl(4, LOOP_CLR_FD) = 0 [pid 5123] close(4) = 0 [pid 5123] futex(0x7f415887c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5123] futex(0x7f415887c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5122] <... futex resumed>) = 0 [pid 5122] futex(0x7f415887c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5123] <... futex resumed>) = 0 [pid 5122] futex(0x7f415887c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5123] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5123] futex(0x7f415887c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5122] <... futex resumed>) = 0 [pid 5122] futex(0x7f415887c7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5123] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5122] <... futex resumed>) = 0 [ 64.070537][ T5123] BTRFS info (device loop0): auto enabling async discard [ 64.078556][ T5123] BTRFS info (device loop0): clearing free space tree [ 64.085414][ T5123] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 64.095121][ T5123] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 64.109049][ T5123] BTRFS info (device loop0): checking UUID tree [pid 5122] futex(0x7f415887c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5122] futex(0x7f415887c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f415135c000 [pid 5122] mprotect(0x7f415135d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5122] clone(child_stack=0x7f415137c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5142 attached , parent_tid=[5142], tls=0x7f415137c700, child_tidptr=0x7f415137c9d0) = 5142 [pid 5122] futex(0x7f415887c7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5142] set_robust_list(0x7f415137c9e0, 24 [pid 5122] <... futex resumed>) = 0 [pid 5122] futex(0x7f415887c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5142] <... set_robust_list resumed>) = 0 [pid 5142] open("./file0", O_RDONLY) = 5 [pid 5142] futex(0x7f415887c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5122] <... futex resumed>) = 0 [pid 5122] futex(0x7f415887c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] futex(0x7f415887c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 64.141535][ T5123] BTRFS info (device loop0): balance: start -d -m -s [ 64.149324][ T5123] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 64.176934][ T5123] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5142] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6 [pid 5122] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5122] futex(0x7f415887c7cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5142] futex(0x7f415887c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5122] <... mmap resumed>) = 0x7f415133b000 [pid 5142] <... futex resumed>) = 0 [pid 5122] mprotect(0x7f415133c000, 131072, PROT_READ|PROT_WRITE [pid 5142] futex(0x7f415887c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5122] <... mprotect resumed>) = 0 [pid 5122] clone(child_stack=0x7f415135b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5143], tls=0x7f415135b700, child_tidptr=0x7f415135b9d0) = 5143 [pid 5122] futex(0x7f415887c7c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] futex(0x7f415887c7cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5143 attached [ 64.223662][ T27] audit: type=1800 audit(1680092542.630:6): pid=5142 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor279" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5143] set_robust_list(0x7f415135b9e0, 24) = 0 [pid 5143] ioctl(5, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5143] futex(0x7f415887c7cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5143] futex(0x7f415887c7c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5122] <... futex resumed>) = 0 [pid 5122] futex(0x7f415887c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5142] <... futex resumed>) = 0 [pid 5122] futex(0x7f415887c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5142] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 7 [ 64.264799][ T5123] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 64.290649][ T27] audit: type=1800 audit(1680092542.700:7): pid=5142 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor279" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5142] futex(0x7f415887c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5122] <... futex resumed>) = 0 [pid 5142] ioctl(5, BTRFS_IOC_SNAP_CREATE, {fd=6, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x02\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 5122] futex(0x7f415887c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] futex(0x7f415887c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5142] <... ioctl resumed>) = 0 [pid 5122] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5142] futex(0x7f415887c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 64.316594][ T9] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 64.335606][ T5123] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 64.414003][ T5123] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5142] futex(0x7f415887c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5123] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5123] futex(0x7f415887c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5123] futex(0x7f415887c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5122] exit_group(0 [pid 5143] <... futex resumed>) = ? [pid 5142] <... futex resumed>) = ? [pid 5123] <... futex resumed>) = ? [pid 5122] <... exit_group resumed>) = ? [pid 5143] +++ exited with 0 +++ [pid 5142] +++ exited with 0 +++ [pid 5123] +++ exited with 0 +++ [pid 5122] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5122, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=44 /* 0.44 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556e54620 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./2/binderfs") = 0 [ 64.469623][ T5123] BTRFS info (device loop0): found 1 extents, stage: move data extents [ 64.502001][ T5123] BTRFS info (device loop0): balance: ended with status: 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556e5c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e5c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 getdents64(3, 0x555556e54620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e535d0) = 5144 ./strace-static-x86_64: Process 5144 attached [pid 5144] set_robust_list(0x555556e535e0, 24) = 0 [pid 5144] chdir("./3") = 0 [pid 5144] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5144] setpgid(0, 0) = 0 [pid 5144] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5144] write(3, "1000", 4) = 4 [pid 5144] close(3) = 0 [pid 5144] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5144] futex(0x7f415887c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f415877d000 [pid 5144] mprotect(0x7f415877e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5144] clone(child_stack=0x7f415879d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5145 attached [pid 5145] set_robust_list(0x7f415879d9e0, 24) = 0 [pid 5145] futex(0x7f415887c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5144] <... clone resumed>, parent_tid=[5145], tls=0x7f415879d700, child_tidptr=0x7f415879d9d0) = 5145 [pid 5144] futex(0x7f415887c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5145] <... futex resumed>) = 0 [pid 5144] futex(0x7f415887c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5145] memfd_create("syzkaller", 0) = 3 [pid 5145] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f415037d000 [pid 5145] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5145] munmap(0x7f415037d000, 16777216) = 0 [pid 5145] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5145] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5145] close(3) = 0 [pid 5145] mkdir("./file0", 0777) = 0 [ 64.875924][ T5145] loop0: detected capacity change from 0 to 32768 [ 64.886136][ T5145] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor279 (5145) [ 64.903081][ T5145] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 64.912614][ T5145] BTRFS info (device loop0): force clearing of disk cache [ 64.920085][ T5145] BTRFS info (device loop0): setting nodatasum [ 64.926284][ T5145] BTRFS info (device loop0): allowing degraded mounts [ 64.933245][ T5145] BTRFS info (device loop0): enabling disk space caching [ 64.940564][ T5145] BTRFS info (device loop0): disk space caching is enabled [ 64.960511][ T5145] BTRFS info (device loop0): enabling ssd optimizations [ 64.967525][ T5145] BTRFS info (device loop0): auto enabling async discard [pid 5145] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5145] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5145] chdir("./file0") = 0 [pid 5145] ioctl(4, LOOP_CLR_FD) = 0 [pid 5145] close(4) = 0 [pid 5145] futex(0x7f415887c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5144] <... futex resumed>) = 0 [pid 5145] openat(AT_FDCWD, ".", O_RDONLY [pid 5144] futex(0x7f415887c7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5145] <... openat resumed>) = 4 [pid 5144] <... futex resumed>) = 0 [pid 5144] futex(0x7f415887c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] futex(0x7f415887c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5144] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5145] <... futex resumed>) = 0 [pid 5144] futex(0x7f415887c7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5145] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5144] <... futex resumed>) = 0 [ 64.975414][ T5145] BTRFS info (device loop0): clearing free space tree [ 64.982491][ T5145] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 64.992322][ T5145] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 65.006192][ T5145] BTRFS info (device loop0): checking UUID tree [pid 5144] futex(0x7f415887c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5144] futex(0x7f415887c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f415135c000 [pid 5144] mprotect(0x7f415135d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5144] clone(child_stack=0x7f415137c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5164], tls=0x7f415137c700, child_tidptr=0x7f415137c9d0) = 5164 [pid 5144] futex(0x7f415887c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] futex(0x7f415887c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5164 attached [pid 5164] set_robust_list(0x7f415137c9e0, 24) = 0 [pid 5164] open("./file0", O_RDONLY) = 5 [pid 5164] futex(0x7f415887c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5164] futex(0x7f415887c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5144] <... futex resumed>) = 0 [pid 5144] futex(0x7f415887c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5164] <... futex resumed>) = 0 [pid 5144] futex(0x7f415887c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 65.040281][ T5145] BTRFS info (device loop0): balance: start -d -m -s [ 65.047858][ T5145] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 65.071219][ T5145] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5164] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6 [pid 5164] futex(0x7f415887c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5144] <... futex resumed>) = 0 [pid 5164] <... futex resumed>) = 1 [pid 5144] futex(0x7f415887c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5164] ioctl(5, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5144] futex(0x7f415887c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5164] <... ioctl resumed>) = 0 [pid 5164] futex(0x7f415887c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5144] <... futex resumed>) = 0 [pid 5164] <... futex resumed>) = 1 [pid 5144] futex(0x7f415887c7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5164] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5144] <... futex resumed>) = 0 [ 65.109930][ T27] audit: type=1800 audit(1680092543.520:8): pid=5164 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor279" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5144] futex(0x7f415887c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5164] <... open resumed>) = 7 [pid 5144] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5164] futex(0x7f415887c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5164] futex(0x7f415887c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5144] futex(0x7f415887c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5164] <... futex resumed>) = 0 [pid 5164] ioctl(5, BTRFS_IOC_SNAP_CREATE, {fd=6, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x02\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [ 65.166984][ T27] audit: type=1800 audit(1680092543.560:9): pid=5164 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor279" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 65.199209][ T41] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 5144] futex(0x7f415887c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5164] <... ioctl resumed>) = 0 [pid 5164] futex(0x7f415887c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5144] <... futex resumed>) = 0 [pid 5164] <... futex resumed>) = 1 [ 65.234102][ T5145] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 65.270692][ T5145] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5164] futex(0x7f415887c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5145] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5145] futex(0x7f415887c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5145] futex(0x7f415887c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5144] exit_group(0 [pid 5164] <... futex resumed>) = ? [pid 5145] <... futex resumed>) = ? [pid 5144] <... exit_group resumed>) = ? [pid 5164] +++ exited with 0 +++ [pid 5145] +++ exited with 0 +++ [pid 5144] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5144, si_uid=0, si_status=0, si_utime=0, si_stime=44 /* 0.44 s */} --- umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556e54620 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./3/binderfs") = 0 [ 65.292956][ T5145] BTRFS info (device loop0): relocating block group 1048576 flags system [ 65.312274][ T5145] BTRFS info (device loop0): found 1 extents, stage: move data extents [ 65.333392][ T5145] BTRFS info (device loop0): balance: ended with status: 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556e5c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e5c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 getdents64(3, 0x555556e54620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e535d0) = 5167 ./strace-static-x86_64: Process 5167 attached [pid 5167] set_robust_list(0x555556e535e0, 24) = 0 [pid 5167] chdir("./4") = 0 [pid 5167] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5167] setpgid(0, 0) = 0 [pid 5167] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5167] write(3, "1000", 4) = 4 [pid 5167] close(3) = 0 [pid 5167] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5167] futex(0x7f415887c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5167] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f415877d000 [pid 5167] mprotect(0x7f415877e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5167] clone(child_stack=0x7f415879d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5168 attached [pid 5168] set_robust_list(0x7f415879d9e0, 24 [pid 5167] <... clone resumed>, parent_tid=[5168], tls=0x7f415879d700, child_tidptr=0x7f415879d9d0) = 5168 [pid 5168] <... set_robust_list resumed>) = 0 [pid 5168] futex(0x7f415887c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5167] futex(0x7f415887c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5168] <... futex resumed>) = 0 [pid 5167] futex(0x7f415887c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5168] memfd_create("syzkaller", 0) = 3 [pid 5168] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f415037d000 [pid 5168] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5168] munmap(0x7f415037d000, 16777216) = 0 [pid 5168] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5168] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5168] close(3) = 0 [pid 5168] mkdir("./file0", 0777) = 0 [ 65.688377][ T5168] loop0: detected capacity change from 0 to 32768 [ 65.697827][ T5168] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor279 (5168) [ 65.714808][ T5168] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 65.724166][ T5168] BTRFS info (device loop0): force clearing of disk cache [ 65.731548][ T5168] BTRFS info (device loop0): setting nodatasum [ 65.737724][ T5168] BTRFS info (device loop0): allowing degraded mounts [ 65.744766][ T5168] BTRFS info (device loop0): enabling disk space caching [ 65.751854][ T5168] BTRFS info (device loop0): disk space caching is enabled [ 65.772086][ T5168] BTRFS info (device loop0): enabling ssd optimizations [ 65.779129][ T5168] BTRFS info (device loop0): auto enabling async discard [pid 5168] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5168] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5168] chdir("./file0") = 0 [pid 5168] ioctl(4, LOOP_CLR_FD) = 0 [pid 5168] close(4) = 0 [pid 5168] futex(0x7f415887c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5167] <... futex resumed>) = 0 [pid 5168] futex(0x7f415887c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5167] futex(0x7f415887c7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5168] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5167] <... futex resumed>) = 0 [pid 5168] openat(AT_FDCWD, ".", O_RDONLY [pid 5167] futex(0x7f415887c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5168] <... openat resumed>) = 4 [pid 5168] futex(0x7f415887c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5167] <... futex resumed>) = 0 [pid 5168] futex(0x7f415887c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5167] futex(0x7f415887c7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5168] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5167] <... futex resumed>) = 0 [ 65.787017][ T5168] BTRFS info (device loop0): clearing free space tree [ 65.793905][ T5168] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 65.803614][ T5168] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 65.818142][ T5168] BTRFS info (device loop0): checking UUID tree [pid 5168] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5167] futex(0x7f415887c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5167] futex(0x7f415887c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5167] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f415135c000 [pid 5167] mprotect(0x7f415135d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5167] clone(child_stack=0x7f415137c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5187], tls=0x7f415137c700, child_tidptr=0x7f415137c9d0) = 5187 [pid 5167] futex(0x7f415887c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5167] futex(0x7f415887c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5187 attached [pid 5187] set_robust_list(0x7f415137c9e0, 24) = 0 [pid 5187] open("./file0", O_RDONLY) = 5 [pid 5187] futex(0x7f415887c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5167] <... futex resumed>) = 0 [pid 5187] futex(0x7f415887c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5167] futex(0x7f415887c7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5187] <... futex resumed>) = 0 [pid 5167] <... futex resumed>) = 1 [ 65.861277][ T5168] BTRFS info (device loop0): balance: start -d -m -s [ 65.870615][ T5168] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 65.897346][ T5168] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5187] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5167] futex(0x7f415887c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5187] <... open resumed>) = 6 [pid 5187] futex(0x7f415887c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5167] <... futex resumed>) = 0 [pid 5187] futex(0x7f415887c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5167] futex(0x7f415887c7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5187] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5167] <... futex resumed>) = 0 [pid 5187] ioctl(5, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5167] futex(0x7f415887c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5187] <... ioctl resumed>) = 0 [pid 5187] futex(0x7f415887c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5167] <... futex resumed>) = 0 [pid 5187] futex(0x7f415887c7b8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5167] futex(0x7f415887c7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5187] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5167] <... futex resumed>) = 0 [pid 5167] futex(0x7f415887c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5187] <... open resumed>) = 7 [pid 5187] futex(0x7f415887c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5167] <... futex resumed>) = 0 [pid 5187] futex(0x7f415887c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5167] futex(0x7f415887c7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5187] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5167] <... futex resumed>) = 0 [pid 5187] ioctl(5, BTRFS_IOC_SNAP_CREATE, {fd=6, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x02\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [ 65.943991][ T27] audit: type=1800 audit(1680092544.350:10): pid=5187 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor279" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 65.955821][ T5168] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 65.994471][ T27] audit: type=1800 audit(1680092544.390:11): pid=5187 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor279" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5167] futex(0x7f415887c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5187] <... ioctl resumed>) = 0 [pid 5187] futex(0x7f415887c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5167] <... futex resumed>) = 0 [pid 5187] <... futex resumed>) = 1 [pid 5187] futex(0x7f415887c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5168] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5168] futex(0x7f415887c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5168] futex(0x7f415887c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5167] exit_group(0) = ? [pid 5187] <... futex resumed>) = ? [pid 5168] <... futex resumed>) = ? [pid 5168] +++ exited with 0 +++ [pid 5187] +++ exited with 0 +++ [pid 5167] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5167, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=45 /* 0.45 s */} --- umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556e54620 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./4/binderfs") = 0 [ 66.105240][ T5168] syz-executor279 (5168) used greatest stack depth: 19896 bytes left umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556e5c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e5c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 getdents64(3, 0x555556e54620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e535d0) = 5188 ./strace-static-x86_64: Process 5188 attached [pid 5188] set_robust_list(0x555556e535e0, 24) = 0 [pid 5188] chdir("./5") = 0 [pid 5188] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5188] setpgid(0, 0) = 0 [pid 5188] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5188] write(3, "1000", 4) = 4 [pid 5188] close(3) = 0 [pid 5188] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5188] futex(0x7f415887c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5188] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f415877d000 [pid 5188] mprotect(0x7f415877e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5188] clone(child_stack=0x7f415879d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5189 attached , parent_tid=[5189], tls=0x7f415879d700, child_tidptr=0x7f415879d9d0) = 5189 [pid 5188] futex(0x7f415887c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5189] set_robust_list(0x7f415879d9e0, 24 [pid 5188] futex(0x7f415887c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5189] <... set_robust_list resumed>) = 0 [pid 5189] memfd_create("syzkaller", 0) = 3 [pid 5189] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f415037d000 [pid 5189] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5189] munmap(0x7f415037d000, 16777216) = 0 [pid 5189] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5189] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5189] close(3) = 0 [pid 5189] mkdir("./file0", 0777) = 0 [pid 5189] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5189] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5189] chdir("./file0") = 0 [pid 5189] ioctl(4, LOOP_CLR_FD) = 0 [pid 5189] close(4) = 0 [pid 5189] futex(0x7f415887c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5188] <... futex resumed>) = 0 [ 66.439172][ T5189] loop0: detected capacity change from 0 to 32768 [ 66.451580][ T5189] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor279 (5189) [pid 5188] futex(0x7f415887c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5188] futex(0x7f415887c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5189] <... futex resumed>) = 1 [pid 5189] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5189] futex(0x7f415887c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5188] <... futex resumed>) = 0 [pid 5188] futex(0x7f415887c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5188] futex(0x7f415887c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5189] <... futex resumed>) = 1 [pid 5189] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5188] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5188] futex(0x7f415887c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5188] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f415135c000 [pid 5188] mprotect(0x7f415135d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5188] clone(child_stack=0x7f415137c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5208], tls=0x7f415137c700, child_tidptr=0x7f415137c9d0) = 5208 [pid 5188] futex(0x7f415887c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5188] futex(0x7f415887c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5208 attached [pid 5208] set_robust_list(0x7f415137c9e0, 24) = 0 [pid 5208] open("./file0", O_RDONLY) = 5 [pid 5208] futex(0x7f415887c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5188] <... futex resumed>) = 0 [pid 5208] futex(0x7f415887c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5188] futex(0x7f415887c7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5208] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5188] <... futex resumed>) = 0 [pid 5208] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5188] futex(0x7f415887c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5208] <... open resumed>) = 6 [pid 5208] futex(0x7f415887c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5188] <... futex resumed>) = 0 [pid 5208] futex(0x7f415887c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5188] futex(0x7f415887c7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5208] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5188] <... futex resumed>) = 0 [pid 5208] ioctl(5, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5188] futex(0x7f415887c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5208] <... ioctl resumed>) = 0 [pid 5208] futex(0x7f415887c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5188] <... futex resumed>) = 0 [pid 5208] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5188] futex(0x7f415887c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5188] futex(0x7f415887c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5208] <... open resumed>) = 7 [pid 5208] futex(0x7f415887c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5188] <... futex resumed>) = 0 [pid 5208] futex(0x7f415887c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5188] futex(0x7f415887c7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5208] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5188] <... futex resumed>) = 0 [pid 5208] ioctl(5, BTRFS_IOC_SNAP_CREATE, {fd=6, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x02\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 5188] futex(0x7f415887c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5208] <... ioctl resumed>) = 0 [pid 5208] futex(0x7f415887c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5188] <... futex resumed>) = 0 [pid 5208] futex(0x7f415887c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5189] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5189] futex(0x7f415887c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5189] futex(0x7f415887c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5188] exit_group(0 [pid 5208] <... futex resumed>) = ? [pid 5188] <... exit_group resumed>) = ? [pid 5208] +++ exited with 0 +++ [pid 5189] <... futex resumed>) = ? [pid 5189] +++ exited with 0 +++ [pid 5188] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5188, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=31 /* 0.31 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556e54620 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./5/binderfs") = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556e5c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e5c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 getdents64(3, 0x555556e54620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e535d0) = 5209 ./strace-static-x86_64: Process 5209 attached [pid 5209] set_robust_list(0x555556e535e0, 24) = 0 [pid 5209] chdir("./6") = 0 [pid 5209] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5209] setpgid(0, 0) = 0 [pid 5209] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5209] write(3, "1000", 4) = 4 [pid 5209] close(3) = 0 [pid 5209] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5209] futex(0x7f415887c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5209] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f415877d000 [pid 5209] mprotect(0x7f415877e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5209] clone(child_stack=0x7f415879d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5210], tls=0x7f415879d700, child_tidptr=0x7f415879d9d0) = 5210 [pid 5209] futex(0x7f415887c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5209] futex(0x7f415887c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5210 attached [pid 5210] set_robust_list(0x7f415879d9e0, 24) = 0 [pid 5210] memfd_create("syzkaller", 0) = 3 [pid 5210] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f415037d000 [pid 5210] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5210] munmap(0x7f415037d000, 16777216) = 0 [pid 5210] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5210] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5210] close(3) = 0 [pid 5210] mkdir("./file0", 0777) = 0 [pid 5210] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5210] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5210] chdir("./file0") = 0 [pid 5210] ioctl(4, LOOP_CLR_FD) = 0 [pid 5210] close(4) = 0 [pid 5210] futex(0x7f415887c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5209] <... futex resumed>) = 0 [pid 5209] futex(0x7f415887c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5209] futex(0x7f415887c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5210] <... futex resumed>) = 1 [pid 5210] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5210] futex(0x7f415887c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5209] <... futex resumed>) = 0 [pid 5209] futex(0x7f415887c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5209] futex(0x7f415887c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5210] <... futex resumed>) = 1 [ 67.047858][ T5210] loop0: detected capacity change from 0 to 32768 [ 67.058710][ T5210] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor279 (5210) [pid 5210] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5209] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5209] futex(0x7f415887c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5209] futex(0x7f415887c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5209] futex(0x7f415887c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5209] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f415135c000 [pid 5209] mprotect(0x7f415135d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5209] clone(child_stack=0x7f415137c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5229], tls=0x7f415137c700, child_tidptr=0x7f415137c9d0) = 5229 [pid 5209] futex(0x7f415887c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5209] futex(0x7f415887c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5229 attached [pid 5229] set_robust_list(0x7f415137c9e0, 24) = 0 [pid 5229] open("./file0", O_RDONLY) = 5 [pid 5229] futex(0x7f415887c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5209] <... futex resumed>) = 0 [pid 5209] futex(0x7f415887c7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5229] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5209] <... futex resumed>) = 0 [pid 5209] futex(0x7f415887c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5229] <... open resumed>) = 6 [pid 5229] futex(0x7f415887c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5209] <... futex resumed>) = 0 [pid 5229] <... futex resumed>) = 1 [pid 5209] futex(0x7f415887c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5209] futex(0x7f415887c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5229] ioctl(5, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5229] futex(0x7f415887c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5209] <... futex resumed>) = 0 [pid 5229] <... futex resumed>) = 1 [pid 5209] futex(0x7f415887c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5229] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5209] futex(0x7f415887c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5229] <... open resumed>) = 7 [pid 5229] futex(0x7f415887c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5209] <... futex resumed>) = 0 [pid 5209] futex(0x7f415887c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5209] futex(0x7f415887c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5229] ioctl(5, BTRFS_IOC_SNAP_CREATE, {fd=6, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x02\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 5229] futex(0x7f415887c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5209] <... futex resumed>) = 0 [pid 5229] futex(0x7f415887c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5210] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5210] futex(0x7f415887c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5210] futex(0x7f415887c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5209] exit_group(0 [pid 5229] <... futex resumed>) = ? [pid 5210] <... futex resumed>) = ? [pid 5209] <... exit_group resumed>) = ? [pid 5210] +++ exited with 0 +++ [pid 5229] +++ exited with 0 +++ [pid 5209] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5209, si_uid=0, si_status=0, si_utime=0, si_stime=31 /* 0.31 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556e54620 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./6/binderfs") = 0 [ 67.283926][ T5210] _btrfs_printk: 45 callbacks suppressed [ 67.283942][ T5210] BTRFS info (device loop0): found 1 extents, stage: move data extents [ 67.316426][ T5210] BTRFS info (device loop0): balance: ended with status: 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556e5c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e5c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 getdents64(3, 0x555556e54620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e535d0) = 5230 ./strace-static-x86_64: Process 5230 attached [pid 5230] set_robust_list(0x555556e535e0, 24) = 0 [pid 5230] chdir("./7") = 0 [pid 5230] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5230] setpgid(0, 0) = 0 [pid 5230] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5230] write(3, "1000", 4) = 4 [pid 5230] close(3) = 0 [pid 5230] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5230] futex(0x7f415887c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5230] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f415877d000 [pid 5230] mprotect(0x7f415877e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5230] clone(child_stack=0x7f415879d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5231 attached [pid 5231] set_robust_list(0x7f415879d9e0, 24) = 0 [pid 5231] futex(0x7f415887c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5230] <... clone resumed>, parent_tid=[5231], tls=0x7f415879d700, child_tidptr=0x7f415879d9d0) = 5231 [pid 5230] futex(0x7f415887c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5231] <... futex resumed>) = 0 [pid 5231] memfd_create("syzkaller", 0) = 3 [pid 5231] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f415037d000 [pid 5230] futex(0x7f415887c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5231] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5231] munmap(0x7f415037d000, 16777216) = 0 [pid 5231] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5231] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5231] close(3) = 0 [pid 5231] mkdir("./file0", 0777) = 0 [ 67.686008][ T5231] loop0: detected capacity change from 0 to 32768 [ 67.703413][ T5231] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor279 (5231) [ 67.721473][ T5231] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 67.730803][ T5231] BTRFS info (device loop0): force clearing of disk cache [ 67.737944][ T5231] BTRFS info (device loop0): setting nodatasum [ 67.744195][ T5231] BTRFS info (device loop0): allowing degraded mounts [ 67.751048][ T5231] BTRFS info (device loop0): enabling disk space caching [ 67.758156][ T5231] BTRFS info (device loop0): disk space caching is enabled [ 67.779480][ T5231] BTRFS info (device loop0): enabling ssd optimizations [pid 5231] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5231] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5231] chdir("./file0") = 0 [pid 5231] ioctl(4, LOOP_CLR_FD) = 0 [pid 5231] close(4) = 0 [pid 5231] futex(0x7f415887c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5230] <... futex resumed>) = 0 [pid 5230] futex(0x7f415887c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5230] futex(0x7f415887c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5231] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5231] futex(0x7f415887c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5230] <... futex resumed>) = 0 [pid 5231] <... futex resumed>) = 1 [pid 5230] futex(0x7f415887c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5230] futex(0x7f415887c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 67.786471][ T5231] BTRFS info (device loop0): auto enabling async discard [ 67.795209][ T5231] BTRFS info (device loop0): clearing free space tree [ 67.802183][ T5231] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 67.811915][ T5231] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 67.825952][ T5231] BTRFS info (device loop0): checking UUID tree [pid 5231] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5230] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5230] futex(0x7f415887c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5230] futex(0x7f415887c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5230] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f415135c000 [pid 5230] mprotect(0x7f415135d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5230] clone(child_stack=0x7f415137c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5250], tls=0x7f415137c700, child_tidptr=0x7f415137c9d0) = 5250 [pid 5230] futex(0x7f415887c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5230] futex(0x7f415887c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5250 attached [pid 5250] set_robust_list(0x7f415137c9e0, 24) = 0 [pid 5250] open("./file0", O_RDONLY) = 5 [pid 5250] futex(0x7f415887c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5250] futex(0x7f415887c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5230] <... futex resumed>) = 0 [pid 5230] futex(0x7f415887c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5230] futex(0x7f415887c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5250] <... futex resumed>) = 0 [ 67.864307][ T5231] BTRFS info (device loop0): balance: start -d -m -s [ 67.872426][ T5231] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 67.894624][ T5231] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5250] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6 [pid 5250] futex(0x7f415887c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5230] <... futex resumed>) = 0 [pid 5250] futex(0x7f415887c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5230] futex(0x7f415887c7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5250] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5230] <... futex resumed>) = 0 [pid 5250] ioctl(5, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5230] futex(0x7f415887c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5250] <... ioctl resumed>) = 0 [pid 5250] futex(0x7f415887c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5230] <... futex resumed>) = 0 [pid 5250] <... futex resumed>) = 1 [pid 5230] futex(0x7f415887c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5230] futex(0x7f415887c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 67.930931][ T27] kauditd_printk_skb: 4 callbacks suppressed [ 67.930947][ T27] audit: type=1800 audit(1680092546.340:16): pid=5250 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor279" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 67.949111][ T5231] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 5250] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 7 [pid 5250] futex(0x7f415887c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5230] <... futex resumed>) = 0 [pid 5250] futex(0x7f415887c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5230] futex(0x7f415887c7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5250] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5230] <... futex resumed>) = 0 [pid 5250] ioctl(5, BTRFS_IOC_SNAP_CREATE, {fd=6, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x02\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 5230] futex(0x7f415887c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 67.984567][ T27] audit: type=1800 audit(1680092546.390:17): pid=5250 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor279" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 68.015542][ T11] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 5250] <... ioctl resumed>) = 0 [pid 5250] futex(0x7f415887c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 68.085805][ T5231] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 68.109998][ T5231] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5250] futex(0x7f415887c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5231] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5231] futex(0x7f415887c7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5230] exit_group(0 [pid 5231] <... futex resumed>) = 0 [pid 5250] <... futex resumed>) = ? [pid 5230] <... exit_group resumed>) = ? [pid 5250] +++ exited with 0 +++ [pid 5231] +++ exited with 0 +++ [pid 5230] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5230, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=40 /* 0.40 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556e54620 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./7/binderfs") = 0 [ 68.130105][ T5231] BTRFS info (device loop0): found 1 extents, stage: move data extents [ 68.150940][ T5231] BTRFS info (device loop0): balance: ended with status: 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556e5c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e5c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 getdents64(3, 0x555556e54620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e535d0) = 5251 ./strace-static-x86_64: Process 5251 attached [pid 5251] set_robust_list(0x555556e535e0, 24) = 0 [pid 5251] chdir("./8") = 0 [pid 5251] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5251] setpgid(0, 0) = 0 [pid 5251] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5251] write(3, "1000", 4) = 4 [pid 5251] close(3) = 0 [pid 5251] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5251] futex(0x7f415887c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5251] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f415877d000 [pid 5251] mprotect(0x7f415877e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5251] clone(child_stack=0x7f415879d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5252], tls=0x7f415879d700, child_tidptr=0x7f415879d9d0) = 5252 [pid 5251] futex(0x7f415887c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5251] futex(0x7f415887c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5252 attached [pid 5252] set_robust_list(0x7f415879d9e0, 24) = 0 [pid 5252] memfd_create("syzkaller", 0) = 3 [pid 5252] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f415037d000 [pid 5252] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5252] munmap(0x7f415037d000, 16777216) = 0 [pid 5252] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5252] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5252] close(3) = 0 [pid 5252] mkdir("./file0", 0777) = 0 [ 68.515780][ T5252] loop0: detected capacity change from 0 to 32768 [ 68.527135][ T5252] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor279 (5252) [ 68.542462][ T5252] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 68.551818][ T5252] BTRFS info (device loop0): force clearing of disk cache [ 68.559438][ T5252] BTRFS info (device loop0): setting nodatasum [ 68.565628][ T5252] BTRFS info (device loop0): allowing degraded mounts [ 68.572505][ T5252] BTRFS info (device loop0): enabling disk space caching [ 68.579936][ T5252] BTRFS info (device loop0): disk space caching is enabled [ 68.603331][ T5252] BTRFS info (device loop0): enabling ssd optimizations [pid 5252] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5252] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5252] chdir("./file0") = 0 [pid 5252] ioctl(4, LOOP_CLR_FD) = 0 [pid 5252] close(4) = 0 [pid 5252] futex(0x7f415887c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5251] <... futex resumed>) = 0 [pid 5251] futex(0x7f415887c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5251] futex(0x7f415887c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5252] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5252] futex(0x7f415887c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5251] <... futex resumed>) = 0 [pid 5251] futex(0x7f415887c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5251] futex(0x7f415887c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 68.610385][ T5252] BTRFS info (device loop0): auto enabling async discard [ 68.619187][ T5252] BTRFS info (device loop0): clearing free space tree [ 68.626129][ T5252] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 68.635893][ T5252] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 68.650570][ T5252] BTRFS info (device loop0): checking UUID tree [pid 5252] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5251] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5251] futex(0x7f415887c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5251] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f415135c000 [pid 5251] mprotect(0x7f415135d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5251] clone(child_stack=0x7f415137c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5271], tls=0x7f415137c700, child_tidptr=0x7f415137c9d0) = 5271 [pid 5251] futex(0x7f415887c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5251] futex(0x7f415887c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5271 attached [pid 5271] set_robust_list(0x7f415137c9e0, 24) = 0 [pid 5271] open("./file0", O_RDONLY) = 5 [pid 5271] futex(0x7f415887c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5251] <... futex resumed>) = 0 [pid 5251] futex(0x7f415887c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5251] futex(0x7f415887c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5271] <... futex resumed>) = 1 [ 68.683596][ T5252] BTRFS info (device loop0): balance: start -d -m -s [ 68.691090][ T5252] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 68.711618][ T5252] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5271] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6 [pid 5271] futex(0x7f415887c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5251] <... futex resumed>) = 0 [pid 5251] futex(0x7f415887c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5251] futex(0x7f415887c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5271] <... futex resumed>) = 1 [pid 5271] ioctl(5, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5271] futex(0x7f415887c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5251] <... futex resumed>) = 0 [pid 5251] futex(0x7f415887c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5251] futex(0x7f415887c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5271] <... futex resumed>) = 1 [pid 5271] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 7 [pid 5271] futex(0x7f415887c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5251] <... futex resumed>) = 0 [pid 5251] futex(0x7f415887c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5251] futex(0x7f415887c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5271] <... futex resumed>) = 1 [ 68.746780][ T27] audit: type=1800 audit(1680092547.150:18): pid=5271 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor279" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 68.786126][ T5252] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 5271] ioctl(5, BTRFS_IOC_SNAP_CREATE, {fd=6, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x02\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 5251] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5251] futex(0x7f415887c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5271] <... ioctl resumed>) = 0 [pid 5271] futex(0x7f415887c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 68.825682][ T27] audit: type=1800 audit(1680092547.210:19): pid=5271 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor279" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 68.877952][ T9] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 68.901130][ T5252] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 68.928618][ T5252] BTRFS info (device loop0): relocating block group 1048576 flags system [ 68.952393][ T5252] BTRFS info (device loop0): found 1 extents, stage: move data extents [pid 5271] futex(0x7f415887c7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5252] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5252] futex(0x7f415887c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5252] futex(0x7f415887c7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5251] exit_group(0 [pid 5271] <... futex resumed>) = ? [pid 5251] <... exit_group resumed>) = ? [pid 5252] <... futex resumed>) = ? [pid 5271] +++ exited with 0 +++ [pid 5252] +++ exited with 0 +++ [pid 5251] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5251, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=39 /* 0.39 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556e54620 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./8/binderfs") = 0 [ 68.972673][ T5252] BTRFS info (device loop0): balance: ended with status: 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556e5c660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e5c660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = 0 getdents64(3, 0x555556e54620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556e535d0) = 5272 ./strace-static-x86_64: Process 5272 attached [pid 5272] set_robust_list(0x555556e535e0, 24) = 0 [pid 5272] chdir("./9") = 0 [pid 5272] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5272] setpgid(0, 0) = 0 [pid 5272] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5272] write(3, "1000", 4) = 4 [pid 5272] close(3) = 0 [pid 5272] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5272] futex(0x7f415887c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5272] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f415877d000 [pid 5272] mprotect(0x7f415877e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5272] clone(child_stack=0x7f415879d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5273], tls=0x7f415879d700, child_tidptr=0x7f415879d9d0) = 5273 [pid 5272] futex(0x7f415887c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5272] futex(0x7f415887c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5273 attached [pid 5273] set_robust_list(0x7f415879d9e0, 24) = 0 [pid 5273] memfd_create("syzkaller", 0) = 3 [pid 5273] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f415037d000 [pid 5273] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5273] munmap(0x7f415037d000, 16777216) = 0 [pid 5273] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5273] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5273] close(3) = 0 [pid 5273] mkdir("./file0", 0777) = 0 [ 69.302077][ T5273] loop0: detected capacity change from 0 to 32768 [ 69.313524][ T5273] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor279 (5273) [ 69.328727][ T5273] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 69.338147][ T5273] BTRFS info (device loop0): force clearing of disk cache [ 69.345299][ T5273] BTRFS info (device loop0): setting nodatasum [ 69.351839][ T5273] BTRFS info (device loop0): allowing degraded mounts [ 69.358928][ T5273] BTRFS info (device loop0): enabling disk space caching [ 69.365983][ T5273] BTRFS info (device loop0): disk space caching is enabled [ 69.386970][ T5273] BTRFS info (device loop0): enabling ssd optimizations [ 69.394073][ T5273] BTRFS info (device loop0): auto enabling async discard [pid 5273] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5273] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5273] chdir("./file0") = 0 [pid 5273] ioctl(4, LOOP_CLR_FD) = 0 [pid 5273] close(4) = 0 [pid 5273] futex(0x7f415887c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5272] <... futex resumed>) = 0 [pid 5272] futex(0x7f415887c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5272] futex(0x7f415887c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5273] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5273] futex(0x7f415887c7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5272] <... futex resumed>) = 0 [pid 5272] futex(0x7f415887c7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5272] futex(0x7f415887c7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 69.402226][ T5273] BTRFS info (device loop0): clearing free space tree [ 69.409288][ T5273] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 69.421825][ T5273] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 69.435695][ T5273] BTRFS info (device loop0): checking UUID tree [pid 5273] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5272] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5272] futex(0x7f415887c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5272] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f415135c000 [pid 5272] mprotect(0x7f415135d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5272] clone(child_stack=0x7f415137c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5292 attached , parent_tid=[5292], tls=0x7f415137c700, child_tidptr=0x7f415137c9d0) = 5292 [pid 5272] futex(0x7f415887c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5272] futex(0x7f415887c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5292] set_robust_list(0x7f415137c9e0, 24) = 0 [pid 5292] open("./file0", O_RDONLY) = 5 [pid 5292] futex(0x7f415887c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5272] <... futex resumed>) = 0 [pid 5272] futex(0x7f415887c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5272] futex(0x7f415887c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 69.469334][ T5273] BTRFS info (device loop0): balance: start -d -m -s [ 69.477994][ T5273] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 69.498481][ T5273] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5292] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6 [pid 5292] futex(0x7f415887c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5272] <... futex resumed>) = 0 [pid 5272] futex(0x7f415887c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5272] futex(0x7f415887c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5292] <... futex resumed>) = 1 [pid 5292] ioctl(5, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5292] futex(0x7f415887c7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5272] <... futex resumed>) = 0 [pid 5272] futex(0x7f415887c7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5292] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5272] <... futex resumed>) = 0 [pid 5292] <... open resumed>) = 7 [pid 5272] futex(0x7f415887c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5292] futex(0x7f415887c7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5272] <... futex resumed>) = 0 [pid 5272] futex(0x7f415887c7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5272] futex(0x7f415887c7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5292] <... futex resumed>) = 1 [ 69.542116][ T27] audit: type=1800 audit(1680092547.950:20): pid=5292 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor279" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 69.564558][ T5273] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 69.582335][ T27] audit: type=1800 audit(1680092547.980:21): pid=5292 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor279" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 69.606332][ T5292] ------------[ cut here ]------------ [ 69.612158][ T5292] WARNING: CPU: 1 PID: 5292 at fs/btrfs/extent-tree.c:871 lookup_inline_extent_backref+0x8e8/0x1470 [ 69.623051][ T5292] Modules linked in: [ 69.626996][ T5292] CPU: 1 PID: 5292 Comm: syz-executor279 Not tainted 6.3.0-rc4-syzkaller-00034-gfcd476ea6a88 #0 [ 69.637562][ T5292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/17/2023 [ 69.647690][ T5292] RIP: 0010:lookup_inline_extent_backref+0x8e8/0x1470 [ 69.654556][ T5292] Code: de e8 fc 80 0a fe 49 39 df 0f 87 4b 0b 00 00 e8 de 7e 0a fe eb 30 83 7d 28 00 4c 8b 6c 24 30 0f 84 11 05 00 00 e8 c8 7e 0a fe <0f> 0b 41 bc fb ff ff ff e9 52 06 00 00 e8 b6 7e 0a fe e9 29 06 00 [ 69.674240][ T5292] RSP: 0018:ffffc9000461ede0 EFLAGS: 00010293 [ 69.680406][ T5292] RAX: ffffffff837fd428 RBX: 0000000000000000 RCX: ffff8880273857c0 [pid 5292] ioctl(5, BTRFS_IOC_SNAP_CREATE, {fd=6, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x02\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 5272] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 69.688473][ T5292] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 69.696568][ T5292] RBP: ffffc9000461ef90 R08: ffffffff837fcf93 R09: ffffc9000461eb40 [ 69.704633][ T5292] R10: ffffffffffffffff R11: dffffc0000000001 R12: dffffc0000000000 [ 69.712659][ T5292] R13: ffff888028429000 R14: ffffc9000461ef00 R15: ffff888027df0000 [ 69.720699][ T5292] FS: 00007f415137c700(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 69.729705][ T5292] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 69.736332][ T5292] CR2: 0000000020001000 CR3: 0000000027760000 CR4: 00000000003506e0 [ 69.744507][ T5292] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 69.752547][ T5292] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 69.760584][ T5292] Call Trace: [ 69.763884][ T5292] [ 69.766828][ T5292] ? create_pending_snapshot+0x107b/0x28c0 [ 69.772710][ T5292] ? create_pending_snapshots+0x195/0x1d0 [ 69.778500][ T5292] ? btrfs_commit_transaction+0x1304/0x3440 [ 69.784447][ T5292] ? insert_extent_data_ref+0xa30/0xa30 [ 69.790079][ T5292] insert_inline_extent_backref+0xe6/0x250 [ 69.795928][ T5292] ? __kasan_slab_alloc+0x66/0x70 [ 69.801022][ T5292] ? alloc_reserved_extent+0x2a0/0x2a0 [ 69.806522][ T5292] ? kmem_cache_alloc+0x14e/0x2e0 [ 69.811642][ T5292] __btrfs_inc_extent_ref+0x123/0x5f0 [ 69.817068][ T5292] ? btrfs_put_delayed_ref+0x240/0x240 [ 69.822620][ T5292] ? do_raw_spin_unlock+0x13b/0x8b0 [ 69.827976][ T5292] __btrfs_run_delayed_refs+0x11bc/0x4100 [ 69.833861][ T5292] ? trace_contention_end+0x3c/0xf0 [pid 5272] exit_group(0) = ? [ 69.839149][ T5292] ? btrfs_run_delayed_refs+0x480/0x480 [ 69.844757][ T5292] ? btrfs_run_delayed_refs+0x24d/0x480 [ 69.850380][ T5292] ? btrfs_run_delayed_refs+0x23c/0x480 [ 69.855979][ T5292] ? __might_sleep+0xc0/0xc0 [ 69.860637][ T5292] ? do_raw_spin_unlock+0x13b/0x8b0 [ 69.865908][ T5292] btrfs_run_delayed_refs+0x2f9/0x480 [ 69.871371][ T5292] qgroup_account_snapshot+0xce/0x360 [ 69.876793][ T5292] create_pending_snapshot+0x107b/0x28c0 [ 69.882522][ T5292] ? trace_btrfs_space_reservation+0x210/0x210 [ 69.888754][ T5292] ? rcu_is_watching+0x15/0xb0 [ 69.893550][ T5292] ? trace_contention_end+0x3c/0xf0 [ 69.898814][ T5292] ? __mutex_lock_common+0x42d/0x2530 [ 69.904254][ T5292] create_pending_snapshots+0x195/0x1d0 [ 69.909899][ T5292] btrfs_commit_transaction+0x1304/0x3440 [ 69.915694][ T5292] ? __lock_acquire+0x1f80/0x1f80 [ 69.920808][ T5292] ? btrfs_commit_transaction_async+0x450/0x450 [ 69.927091][ T5292] ? do_raw_spin_unlock+0x13b/0x8b0 [ 69.933933][ T5292] ? wake_bit_function+0x220/0x220 [ 69.940344][ T5292] ? join_transaction+0xc52/0xe80 [ 69.945401][ T5292] ? join_transaction+0xc28/0xe80 [ 69.950486][ T5292] ? btrfs_record_root_in_trans+0x12d/0x180 [ 69.956412][ T5292] ? start_transaction+0x3de/0x1050 [ 69.961710][ T5292] create_snapshot+0x4a5/0x7e0 [ 69.966557][ T5292] btrfs_mksubvol+0x5d0/0x750 [ 69.971341][ T5292] ? __btrfs_ioctl_snap_create+0x450/0x450 [ 69.977195][ T5292] btrfs_mksnapshot+0xb5/0xf0 [ 69.981955][ T5292] __btrfs_ioctl_snap_create+0x338/0x450 [ 69.987653][ T5292] btrfs_ioctl_snap_create+0x136/0x190 [ 69.993283][ T5292] btrfs_ioctl+0xbbc/0xd40 [ 69.997753][ T5292] ? btrfs_ioctl_get_supported_features+0x50/0x50 [ 70.004235][ T5292] __se_sys_ioctl+0xf1/0x160 [ 70.008901][ T5292] do_syscall_64+0x41/0xc0 [ 70.013340][ T5292] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 70.019309][ T5292] RIP: 0033:0x7f41587f19f9 [ 70.023753][ T5292] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 70.043414][ T5292] RSP: 002b:00007f415137c2f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 70.051911][ T5292] RAX: ffffffffffffffda RBX: 00007f415887c7b0 RCX: 00007f41587f19f9 [ 70.060054][ T5292] RDX: 00000000200000c0 RSI: 0000000050009401 RDI: 0000000000000005 [ 70.068121][ T5292] RBP: 00007f415884926c R08: 0000000000000000 R09: 0000000000000000 [ 70.076133][ T5292] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e [ 70.084183][ T5292] R13: 00007f4158848270 R14: 61635f7261656c63 R15: 00007f415887c7b8 [ 70.092261][ T5292] [ 70.095299][ T5292] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 70.102629][ T5292] CPU: 1 PID: 5292 Comm: syz-executor279 Not tainted 6.3.0-rc4-syzkaller-00034-gfcd476ea6a88 #0 [ 70.113079][ T5292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/17/2023 [ 70.123151][ T5292] Call Trace: [ 70.126444][ T5292] [ 70.129395][ T5292] dump_stack_lvl+0x1e7/0x2d0 [ 70.134091][ T5292] ? nf_tcp_handle_invalid+0x650/0x650 [ 70.139576][ T5292] ? panic+0x770/0x770 [ 70.143673][ T5292] ? vscnprintf+0x5d/0x80 [ 70.148025][ T5292] panic+0x31c/0x770 [ 70.151959][ T5292] ? __warn+0x171/0x4a0 [ 70.156138][ T5292] ? memcpy_page_flushcache+0x100/0x100 [ 70.161716][ T5292] __warn+0x314/0x4a0 [ 70.165713][ T5292] ? lookup_inline_extent_backref+0x8e8/0x1470 [ 70.171896][ T5292] report_bug+0x2b3/0x500 [ 70.176228][ T5292] ? lookup_inline_extent_backref+0x8e8/0x1470 [ 70.182417][ T5292] handle_bug+0x3d/0x70 [ 70.186587][ T5292] exc_invalid_op+0x1a/0x50 [ 70.191135][ T5292] asm_exc_invalid_op+0x1a/0x20 [ 70.196001][ T5292] RIP: 0010:lookup_inline_extent_backref+0x8e8/0x1470 [ 70.202777][ T5292] Code: de e8 fc 80 0a fe 49 39 df 0f 87 4b 0b 00 00 e8 de 7e 0a fe eb 30 83 7d 28 00 4c 8b 6c 24 30 0f 84 11 05 00 00 e8 c8 7e 0a fe <0f> 0b 41 bc fb ff ff ff e9 52 06 00 00 e8 b6 7e 0a fe e9 29 06 00 [ 70.222391][ T5292] RSP: 0018:ffffc9000461ede0 EFLAGS: 00010293 [ 70.228463][ T5292] RAX: ffffffff837fd428 RBX: 0000000000000000 RCX: ffff8880273857c0 [ 70.236442][ T5292] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 70.244423][ T5292] RBP: ffffc9000461ef90 R08: ffffffff837fcf93 R09: ffffc9000461eb40 [ 70.252401][ T5292] R10: ffffffffffffffff R11: dffffc0000000001 R12: dffffc0000000000 [ 70.260379][ T5292] R13: ffff888028429000 R14: ffffc9000461ef00 R15: ffff888027df0000 [ 70.268368][ T5292] ? lookup_inline_extent_backref+0x453/0x1470 [ 70.274536][ T5292] ? lookup_inline_extent_backref+0x8e8/0x1470 [ 70.280712][ T5292] ? create_pending_snapshot+0x107b/0x28c0 [ 70.286526][ T5292] ? create_pending_snapshots+0x195/0x1d0 [ 70.292251][ T5292] ? btrfs_commit_transaction+0x1304/0x3440 [ 70.298172][ T5292] ? insert_extent_data_ref+0xa30/0xa30 [ 70.303757][ T5292] insert_inline_extent_backref+0xe6/0x250 [ 70.309582][ T5292] ? __kasan_slab_alloc+0x66/0x70 [ 70.314640][ T5292] ? alloc_reserved_extent+0x2a0/0x2a0 [ 70.320117][ T5292] ? kmem_cache_alloc+0x14e/0x2e0 [ 70.325158][ T5292] __btrfs_inc_extent_ref+0x123/0x5f0 [ 70.330550][ T5292] ? btrfs_put_delayed_ref+0x240/0x240 [ 70.336033][ T5292] ? do_raw_spin_unlock+0x13b/0x8b0 [ 70.341258][ T5292] __btrfs_run_delayed_refs+0x11bc/0x4100 [ 70.347028][ T5292] ? trace_contention_end+0x3c/0xf0 [ 70.352688][ T5292] ? btrfs_run_delayed_refs+0x480/0x480 [ 70.358256][ T5292] ? btrfs_run_delayed_refs+0x24d/0x480 [ 70.363814][ T5292] ? btrfs_run_delayed_refs+0x23c/0x480 [ 70.369377][ T5292] ? __might_sleep+0xc0/0xc0 [ 70.374078][ T5292] ? do_raw_spin_unlock+0x13b/0x8b0 [ 70.379300][ T5292] btrfs_run_delayed_refs+0x2f9/0x480 [ 70.384694][ T5292] qgroup_account_snapshot+0xce/0x360 [ 70.390092][ T5292] create_pending_snapshot+0x107b/0x28c0 [ 70.395772][ T5292] ? trace_btrfs_space_reservation+0x210/0x210 [ 70.401939][ T5292] ? rcu_is_watching+0x15/0xb0 [ 70.406719][ T5292] ? trace_contention_end+0x3c/0xf0 [ 70.411989][ T5292] ? __mutex_lock_common+0x42d/0x2530 [ 70.417428][ T5292] create_pending_snapshots+0x195/0x1d0 [ 70.423019][ T5292] btrfs_commit_transaction+0x1304/0x3440 [ 70.428901][ T5292] ? __lock_acquire+0x1f80/0x1f80 [ 70.433952][ T5292] ? btrfs_commit_transaction_async+0x450/0x450 [ 70.440216][ T5292] ? do_raw_spin_unlock+0x13b/0x8b0 [ 70.445429][ T5292] ? wake_bit_function+0x220/0x220 [ 70.450551][ T5292] ? join_transaction+0xc52/0xe80 [ 70.455597][ T5292] ? join_transaction+0xc28/0xe80 [ 70.460638][ T5292] ? btrfs_record_root_in_trans+0x12d/0x180 [ 70.466547][ T5292] ? start_transaction+0x3de/0x1050 [ 70.471771][ T5292] create_snapshot+0x4a5/0x7e0 [ 70.476567][ T5292] btrfs_mksubvol+0x5d0/0x750 [ 70.481267][ T5292] ? __btrfs_ioctl_snap_create+0x450/0x450 [ 70.487101][ T5292] btrfs_mksnapshot+0xb5/0xf0 [ 70.491803][ T5292] __btrfs_ioctl_snap_create+0x338/0x450 [ 70.497461][ T5292] btrfs_ioctl_snap_create+0x136/0x190 [ 70.502939][ T5292] btrfs_ioctl+0xbbc/0xd40 [ 70.507392][ T5292] ? btrfs_ioctl_get_supported_features+0x50/0x50 [ 70.513833][ T5292] __se_sys_ioctl+0xf1/0x160 [ 70.518458][ T5292] do_syscall_64+0x41/0xc0 [ 70.522921][ T5292] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 70.528854][ T5292] RIP: 0033:0x7f41587f19f9 [ 70.533284][ T5292] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 70.552934][ T5292] RSP: 002b:00007f415137c2f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 70.561376][ T5292] RAX: ffffffffffffffda RBX: 00007f415887c7b0 RCX: 00007f41587f19f9 [ 70.569358][ T5292] RDX: 00000000200000c0 RSI: 0000000050009401 RDI: 0000000000000005 [ 70.577330][ T5292] RBP: 00007f415884926c R08: 0000000000000000 R09: 0000000000000000 [ 70.585307][ T5292] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e [ 70.593283][ T5292] R13: 00007f4158848270 R14: 61635f7261656c63 R15: 00007f415887c7b8 [ 70.601285][ T5292] [ 70.604575][ T5292] Kernel Offset: disabled [ 70.609049][ T5292] Rebooting in 86400 seconds..