./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3112146075 <...> Warning: Permanently added '10.128.1.63' (ECDSA) to the list of known hosts. execve("./syz-executor3112146075", ["./syz-executor3112146075"], 0x7ffe2bbed220 /* 10 vars */) = 0 brk(NULL) = 0x55555746f000 brk(0x55555746fc40) = 0x55555746fc40 arch_prctl(ARCH_SET_FS, 0x55555746f300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x55555746f5d0) = 3630 set_robust_list(0x55555746f5e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7fdb618079c0, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7fdb61808090}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7fdb61807a60, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fdb61808090}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3112146075", 4096) = 28 brk(0x555557490c40) = 0x555557490c40 brk(0x555557491000) = 0x555557491000 mprotect(0x7fdb618cf000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 3630 mkdir("./syzkaller.1ZDoxE", 0700) = 0 chmod("./syzkaller.1ZDoxE", 0777) = 0 chdir("./syzkaller.1ZDoxE") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 3631 ./strace-static-x86_64: Process 3631 attached [pid 3631] set_robust_list(0x55555746f5e0, 24) = 0 [pid 3631] chdir("./0") = 0 [pid 3631] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3631] setpgid(0, 0) = 0 [pid 3631] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3631] write(3, "1000", 4) = 4 [pid 3631] close(3) = 0 [pid 3631] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3631] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3631] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 3631] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3631] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3633], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 3633 [pid 3631] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3631] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3633 attached [pid 3633] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 3633] memfd_create("syzkaller", 0) = 3 [pid 3633] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 3633] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 3633] munmap(0x7fdb59200000, 16777216) = 0 [pid 3633] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3633] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3633] close(3) = 0 [pid 3633] mkdir("./file0", 0777) = 0 [ 50.583661][ T3633] loop0: detected capacity change from 0 to 32768 [ 50.596649][ T3633] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor311 (3633) [ 50.617192][ T3633] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 50.627201][ T3633] BTRFS info (device loop0): force clearing of disk cache [ 50.634739][ T3633] BTRFS info (device loop0): setting nodatasum [ 50.641033][ T3633] BTRFS info (device loop0): allowing degraded mounts [ 50.648249][ T3633] BTRFS info (device loop0): enabling disk space caching [ 50.655501][ T3633] BTRFS info (device loop0): disk space caching is enabled [ 50.680354][ T3633] BTRFS info (device loop0): enabling ssd optimizations [ 50.689018][ T3633] BTRFS info (device loop0): clearing free space tree [ 50.696322][ T3633] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 50.706853][ T3633] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 3633] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 3633] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3633] chdir("./file0") = 0 [pid 3633] ioctl(4, LOOP_CLR_FD) = 0 [pid 3633] close(4) = 0 [pid 3633] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3633] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3631] <... futex resumed>) = 0 [pid 3631] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3633] <... futex resumed>) = 0 [pid 3633] open("./file0", O_RDONLY [pid 3631] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3633] <... open resumed>) = 4 [pid 3633] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3631] <... futex resumed>) = 0 [pid 3631] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3631] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3633] <... futex resumed>) = 1 [ 50.728876][ T3633] BTRFS info (device loop0): checking UUID tree [pid 3633] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 3633] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3633] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3631] <... futex resumed>) = 0 [pid 3631] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3631] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3633] <... futex resumed>) = 0 [pid 3633] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 3633] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3631] <... futex resumed>) = 0 [pid 3631] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3631] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3633] <... futex resumed>) = 1 [pid 3633] creat("./bus", 000) = 6 [pid 3633] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3631] <... futex resumed>) = 0 [pid 3631] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3631] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3633] <... futex resumed>) = 1 [pid 3633] ftruncate(6, 2048) = 0 [pid 3633] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3631] <... futex resumed>) = 0 [pid 3631] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3631] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3633] <... futex resumed>) = 1 [ 50.760883][ T27] audit: type=1800 audit(1670043431.265:2): pid=3633 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 50.792938][ T33] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 3633] open("./bus", O_RDONLY) = 7 [pid 3633] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3631] <... futex resumed>) = 0 [pid 3631] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3631] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3633] <... futex resumed>) = 1 [pid 3633] sendfile(6, 7, NULL, 65536) = 2048 [pid 3633] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3631] <... futex resumed>) = 0 [pid 3631] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3631] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3633] <... futex resumed>) = 1 [pid 3633] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 3633] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3631] <... futex resumed>) = 0 [pid 3631] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3631] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3633] <... futex resumed>) = 1 [ 50.811445][ T27] audit: type=1804 audit(1670043431.315:3): pid=3633 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/0/file0/bus" dev="loop0" ino=263 res=1 errno=0 [pid 3633] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 3631] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3631] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3631] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 3631] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3631] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3653], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 3653 [pid 3631] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3631] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3653 attached [pid 3653] set_robust_list(0x7fdb617d59e0, 24) = 0 [ 50.870196][ T3633] BTRFS info (device loop0): balance: start -s [ 50.880104][ T3633] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 3653] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 3631] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3653] <... ioctl resumed>) = 0 [pid 3653] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3653] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3633] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 3633] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3631] exit_group(0 [pid 3653] <... futex resumed>) = ? [pid 3631] <... exit_group resumed>) = ? [pid 3653] +++ exited with 0 +++ [pid 3633] +++ exited with 0 +++ [pid 3631] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3631, si_uid=0, si_status=0, si_utime=3, si_stime=36} --- umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./0/binderfs") = 0 [ 51.006404][ T3633] BTRFS info (device loop0): balance: ended with status: 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 3664 ./strace-static-x86_64: Process 3664 attached [pid 3664] set_robust_list(0x55555746f5e0, 24) = 0 [pid 3664] chdir("./1") = 0 [pid 3664] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3664] setpgid(0, 0) = 0 [pid 3664] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3664] write(3, "1000", 4) = 4 [pid 3664] close(3) = 0 [pid 3664] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3664] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3664] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 3664] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3664] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3665 attached , parent_tid=[3665], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 3665 [pid 3665] set_robust_list(0x7fdb617f69e0, 24 [pid 3664] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3665] <... set_robust_list resumed>) = 0 [pid 3664] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3665] memfd_create("syzkaller", 0) = 3 [pid 3665] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 3665] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 3665] munmap(0x7fdb59200000, 16777216) = 0 [pid 3665] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3665] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3665] close(3) = 0 [pid 3665] mkdir("./file0", 0777) = 0 [ 51.321300][ T3665] loop0: detected capacity change from 0 to 32768 [ 51.334277][ T3665] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 51.343929][ T3665] BTRFS info (device loop0): force clearing of disk cache [ 51.351161][ T3665] BTRFS info (device loop0): setting nodatasum [ 51.357385][ T3665] BTRFS info (device loop0): allowing degraded mounts [ 51.364154][ T3665] BTRFS info (device loop0): enabling disk space caching [ 51.371235][ T3665] BTRFS info (device loop0): disk space caching is enabled [ 51.391663][ T3665] BTRFS info (device loop0): enabling ssd optimizations [ 51.399852][ T3665] BTRFS info (device loop0): clearing free space tree [ 51.406921][ T3665] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 3665] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 3665] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3665] chdir("./file0") = 0 [pid 3665] ioctl(4, LOOP_CLR_FD) = 0 [pid 3665] close(4) = 0 [pid 3665] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3664] <... futex resumed>) = 0 [pid 3664] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3664] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3665] <... futex resumed>) = 1 [pid 3665] open("./file0", O_RDONLY) = 4 [pid 3665] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3664] <... futex resumed>) = 0 [pid 3664] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3664] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3665] <... futex resumed>) = 1 [ 51.416699][ T3665] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 51.431106][ T3665] BTRFS info (device loop0): checking UUID tree [pid 3665] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 3665] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3664] <... futex resumed>) = 0 [pid 3664] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3664] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3665] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 3665] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3664] <... futex resumed>) = 0 [pid 3665] creat("./bus", 000 [pid 3664] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3664] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3665] <... creat resumed>) = 6 [pid 3665] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3664] <... futex resumed>) = 0 [pid 3665] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3664] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3665] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3664] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3665] ftruncate(6, 2048) = 0 [pid 3665] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3664] <... futex resumed>) = 0 [pid 3664] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 51.468578][ T27] audit: type=1800 audit(1670043431.975:4): pid=3665 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 51.508692][ T33] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 3664] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3665] open("./bus", O_RDONLY) = 7 [pid 3665] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3664] <... futex resumed>) = 0 [pid 3664] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3664] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3665] sendfile(6, 7, NULL, 65536) = 2048 [pid 3665] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3664] <... futex resumed>) = 0 [pid 3664] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3664] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3665] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 3665] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3664] <... futex resumed>) = 0 [pid 3664] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3664] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 51.523582][ T27] audit: type=1804 audit(1670043432.025:5): pid=3665 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/1/file0/bus" dev="loop0" ino=263 res=1 errno=0 [pid 3665] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 3664] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3664] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3664] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 3664] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3664] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3685], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 3685 [pid 3664] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3664] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3665] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 3665] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3665] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3685 attached [pid 3685] set_robust_list(0x7fdb617d59e0, 24) = 0 [ 51.563962][ T3665] BTRFS info (device loop0): balance: start -s [ 51.572468][ T3665] BTRFS info (device loop0): relocating block group 1048576 flags system [ 51.601566][ T3665] BTRFS info (device loop0): balance: ended with status: 0 [pid 3685] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 3685] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3685] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3664] <... futex resumed>) = 0 [pid 3664] exit_group(0) = ? [pid 3665] <... futex resumed>) = ? [pid 3665] +++ exited with 0 +++ [pid 3685] <... futex resumed>) = ? [pid 3685] +++ exited with 0 +++ [pid 3664] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3664, si_uid=0, si_status=0, si_utime=1, si_stime=30} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./1/binderfs") = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 3686 ./strace-static-x86_64: Process 3686 attached [pid 3686] set_robust_list(0x55555746f5e0, 24) = 0 [pid 3686] chdir("./2") = 0 [pid 3686] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3686] setpgid(0, 0) = 0 [pid 3686] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3686] write(3, "1000", 4) = 4 [pid 3686] close(3) = 0 [pid 3686] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3686] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3686] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 3686] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3686] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3687], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 3687 [pid 3686] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 3687 attached [pid 3687] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 3686] <... futex resumed>) = 0 [pid 3687] memfd_create("syzkaller", 0 [pid 3686] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3687] <... memfd_create resumed>) = 3 [pid 3687] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 3687] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 3687] munmap(0x7fdb59200000, 16777216) = 0 [pid 3687] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3687] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3687] close(3) = 0 [pid 3687] mkdir("./file0", 0777) = 0 [ 51.937978][ T3687] loop0: detected capacity change from 0 to 32768 [ 51.951189][ T3687] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 51.960938][ T3687] BTRFS info (device loop0): force clearing of disk cache [ 51.968196][ T3687] BTRFS info (device loop0): setting nodatasum [ 51.974377][ T3687] BTRFS info (device loop0): allowing degraded mounts [ 51.981556][ T3687] BTRFS info (device loop0): enabling disk space caching [ 51.988659][ T3687] BTRFS info (device loop0): disk space caching is enabled [ 52.009335][ T3687] BTRFS info (device loop0): enabling ssd optimizations [ 52.017791][ T3687] BTRFS info (device loop0): clearing free space tree [ 52.024635][ T3687] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 3687] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 3687] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3687] chdir("./file0") = 0 [pid 3687] ioctl(4, LOOP_CLR_FD) = 0 [pid 3687] close(4) = 0 [pid 3687] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3686] <... futex resumed>) = 0 [pid 3687] open("./file0", O_RDONLY [pid 3686] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3687] <... open resumed>) = 4 [pid 3686] <... futex resumed>) = 0 [pid 3686] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3687] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3686] <... futex resumed>) = 0 [pid 3687] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3686] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3686] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3687] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 52.034383][ T3687] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 52.048349][ T3687] BTRFS info (device loop0): checking UUID tree [pid 3687] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 3687] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3686] <... futex resumed>) = 0 [pid 3687] <... futex resumed>) = 1 [pid 3686] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3687] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 3686] <... futex resumed>) = 0 [pid 3686] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3687] <... ioctl resumed>) = 0 [pid 3687] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3686] <... futex resumed>) = 0 [pid 3686] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3686] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3687] <... futex resumed>) = 1 [pid 3687] creat("./bus", 000) = 6 [pid 3687] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3686] <... futex resumed>) = 0 [pid 3686] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3686] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3687] <... futex resumed>) = 1 [pid 3687] ftruncate(6, 2048) = 0 [pid 3687] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3686] <... futex resumed>) = 0 [pid 3686] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3686] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3687] <... futex resumed>) = 1 [pid 3687] open("./bus", O_RDONLY) = 7 [pid 3687] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3686] <... futex resumed>) = 0 [pid 3686] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3686] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3687] <... futex resumed>) = 1 [pid 3687] sendfile(6, 7, NULL, 65536) = 2048 [pid 3687] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3686] <... futex resumed>) = 0 [pid 3686] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3686] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3687] <... futex resumed>) = 1 [pid 3687] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 3687] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3686] <... futex resumed>) = 0 [pid 3686] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3686] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3687] <... futex resumed>) = 1 [ 52.073281][ T27] audit: type=1800 audit(1670043432.575:6): pid=3687 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 52.098923][ T27] audit: type=1804 audit(1670043432.605:7): pid=3687 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/2/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 52.099009][ T9] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 3687] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 3686] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3686] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 3686] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3686] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 3686] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3686] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3707], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 3707 [pid 3686] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 52.150119][ T3687] BTRFS info (device loop0): balance: start -s [ 52.159201][ T3687] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 3686] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3707 attached [pid 3707] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 3707] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 3687] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 3687] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3687] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3707] <... ioctl resumed>) = 0 [pid 3707] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3686] <... futex resumed>) = 0 [pid 3707] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3686] exit_group(0 [pid 3707] <... futex resumed>) = ? [pid 3687] <... futex resumed>) = ? [pid 3686] <... exit_group resumed>) = ? [pid 3687] +++ exited with 0 +++ [pid 3707] +++ exited with 0 +++ [pid 3686] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3686, si_uid=0, si_status=0, si_utime=1, si_stime=33} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 [ 52.195785][ T3687] BTRFS info (device loop0): balance: ended with status: 0 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./2/binderfs") = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 3711 ./strace-static-x86_64: Process 3711 attached [pid 3711] set_robust_list(0x55555746f5e0, 24) = 0 [pid 3711] chdir("./3") = 0 [pid 3711] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3711] setpgid(0, 0) = 0 [pid 3711] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3711] write(3, "1000", 4) = 4 [pid 3711] close(3) = 0 [pid 3711] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3711] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3711] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 3711] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3711] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3712], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 3712 ./strace-static-x86_64: Process 3712 attached [pid 3712] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 3712] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3711] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3712] <... futex resumed>) = 0 [pid 3711] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3712] memfd_create("syzkaller", 0) = 3 [pid 3712] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 3712] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 3712] munmap(0x7fdb59200000, 16777216) = 0 [pid 3712] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3712] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3712] close(3) = 0 [pid 3712] mkdir("./file0", 0777) = 0 [ 52.540974][ T3712] loop0: detected capacity change from 0 to 32768 [ 52.555627][ T3712] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 52.565234][ T3712] BTRFS info (device loop0): force clearing of disk cache [ 52.572520][ T3712] BTRFS info (device loop0): setting nodatasum [ 52.578964][ T3712] BTRFS info (device loop0): allowing degraded mounts [ 52.585740][ T3712] BTRFS info (device loop0): enabling disk space caching [ 52.593087][ T3712] BTRFS info (device loop0): disk space caching is enabled [ 52.611684][ T3712] BTRFS info (device loop0): enabling ssd optimizations [ 52.619435][ T3712] BTRFS info (device loop0): clearing free space tree [ 52.626475][ T3712] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 3712] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 3712] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3712] chdir("./file0") = 0 [pid 3712] ioctl(4, LOOP_CLR_FD) = 0 [pid 3712] close(4) = 0 [pid 3712] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3712] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3711] <... futex resumed>) = 0 [pid 3711] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3711] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3712] <... futex resumed>) = 0 [pid 3712] open("./file0", O_RDONLY) = 4 [pid 3712] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3711] <... futex resumed>) = 0 [pid 3711] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3711] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3712] <... futex resumed>) = 1 [pid 3712] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 3712] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3711] <... futex resumed>) = 0 [pid 3711] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3711] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3712] <... futex resumed>) = 1 [ 52.636423][ T3712] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 52.649995][ T3712] BTRFS info (device loop0): checking UUID tree [pid 3712] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 3712] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3712] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3711] <... futex resumed>) = 0 [pid 3711] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3711] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3712] <... futex resumed>) = 0 [pid 3712] creat("./bus", 000) = 6 [pid 3712] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3711] <... futex resumed>) = 0 [pid 3712] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3711] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3712] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3711] <... futex resumed>) = 0 [pid 3712] ftruncate(6, 2048 [pid 3711] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3712] <... ftruncate resumed>) = 0 [pid 3712] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3711] <... futex resumed>) = 0 [pid 3711] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3711] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 52.679760][ T27] audit: type=1800 audit(1670043433.185:8): pid=3712 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 52.715622][ T27] audit: type=1804 audit(1670043433.215:9): pid=3712 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/3/file0/bus" dev="loop0" ino=263 res=1 errno=0 [pid 3712] open("./bus", O_RDONLY) = 7 [pid 3712] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3711] <... futex resumed>) = 0 [pid 3711] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3711] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3712] sendfile(6, 7, NULL, 65536) = 2048 [pid 3712] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3711] <... futex resumed>) = 0 [pid 3712] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 3711] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3712] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 3711] <... futex resumed>) = 0 [pid 3711] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3712] <... openat resumed>) = 8 [pid 3712] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3711] <... futex resumed>) = 0 [pid 3712] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3711] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3712] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3711] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 52.715978][ T9] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 52.762371][ T3712] BTRFS info (device loop0): balance: start -s [ 52.770762][ T3712] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 3712] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 3711] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3711] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3711] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 3711] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3711] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3732], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 3732 [pid 3711] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3711] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3712] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 ./strace-static-x86_64: Process 3732 attached [pid 3732] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 3732] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 3712] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3712] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3732] <... ioctl resumed>) = 0 [pid 3732] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3711] <... futex resumed>) = 0 [pid 3732] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3711] exit_group(0 [pid 3732] <... futex resumed>) = ? [pid 3712] <... futex resumed>) = ? [pid 3711] <... exit_group resumed>) = ? [pid 3712] +++ exited with 0 +++ [pid 3732] +++ exited with 0 +++ [pid 3711] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3711, si_uid=0, si_status=0, si_utime=0, si_stime=30} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 52.799743][ T3712] BTRFS info (device loop0): balance: ended with status: 0 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./3/binderfs") = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 3733 ./strace-static-x86_64: Process 3733 attached [pid 3733] set_robust_list(0x55555746f5e0, 24) = 0 [pid 3733] chdir("./4") = 0 [pid 3733] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3733] setpgid(0, 0) = 0 [pid 3733] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3733] write(3, "1000", 4) = 4 [pid 3733] close(3) = 0 [pid 3733] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3733] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3733] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 3733] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3733] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3734], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 3734 [pid 3733] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3733] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3734 attached [pid 3734] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 3734] memfd_create("syzkaller", 0) = 3 [pid 3734] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 3734] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 3734] munmap(0x7fdb59200000, 16777216) = 0 [pid 3734] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3734] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3734] close(3) = 0 [pid 3734] mkdir("./file0", 0777) = 0 [ 53.136121][ T3734] loop0: detected capacity change from 0 to 32768 [ 53.150745][ T3734] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 53.160086][ T3734] BTRFS info (device loop0): force clearing of disk cache [ 53.167318][ T3734] BTRFS info (device loop0): setting nodatasum [ 53.173486][ T3734] BTRFS info (device loop0): allowing degraded mounts [ 53.180374][ T3734] BTRFS info (device loop0): enabling disk space caching [ 53.187431][ T3734] BTRFS info (device loop0): disk space caching is enabled [ 53.206178][ T3734] BTRFS info (device loop0): enabling ssd optimizations [ 53.214196][ T3734] BTRFS info (device loop0): clearing free space tree [ 53.221303][ T3734] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 3734] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 3734] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3734] chdir("./file0") = 0 [pid 3734] ioctl(4, LOOP_CLR_FD) = 0 [pid 3734] close(4) = 0 [pid 3734] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3733] <... futex resumed>) = 0 [pid 3734] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3733] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3734] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3733] <... futex resumed>) = 0 [pid 3734] open("./file0", O_RDONLY [pid 3733] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3734] <... open resumed>) = 4 [pid 3734] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3733] <... futex resumed>) = 0 [pid 3734] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 3733] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3734] <... open resumed>) = 5 [pid 3733] <... futex resumed>) = 0 [pid 3734] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3734] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3733] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 3733] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3733] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3734] <... futex resumed>) = 0 [ 53.231348][ T3734] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 53.245319][ T3734] BTRFS info (device loop0): checking UUID tree [pid 3734] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 3734] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3733] <... futex resumed>) = 0 [pid 3733] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3733] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3734] <... futex resumed>) = 1 [pid 3734] creat("./bus", 000) = 6 [pid 3734] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3733] <... futex resumed>) = 0 [pid 3733] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3733] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3734] <... futex resumed>) = 1 [pid 3734] ftruncate(6, 2048) = 0 [pid 3734] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3733] <... futex resumed>) = 0 [pid 3733] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3733] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3734] <... futex resumed>) = 1 [pid 3734] open("./bus", O_RDONLY) = 7 [pid 3734] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3733] <... futex resumed>) = 0 [pid 3733] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3733] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3734] <... futex resumed>) = 1 [pid 3734] sendfile(6, 7, NULL, 65536) = 2048 [pid 3734] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3733] <... futex resumed>) = 0 [pid 3733] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3733] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3734] <... futex resumed>) = 1 [pid 3734] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 3734] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3733] <... futex resumed>) = 0 [pid 3733] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3733] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3734] <... futex resumed>) = 1 [ 53.269270][ T27] audit: type=1800 audit(1670043433.775:10): pid=3734 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 53.302395][ T33] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 53.311721][ T27] audit: type=1804 audit(1670043433.815:11): pid=3734 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/4/file0/bus" dev="loop0" ino=263 res=1 errno=0 [pid 3734] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 3733] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3733] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3733] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 3733] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3733] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3754], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 3754 [pid 3733] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3733] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3754 attached [pid 3754] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 3754] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 3734] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 3734] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 53.333847][ T3734] BTRFS info (device loop0): balance: start -s [ 53.343424][ T3734] BTRFS info (device loop0): relocating block group 1048576 flags system [ 53.370555][ T3734] BTRFS info (device loop0): balance: ended with status: 0 [pid 3734] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3754] <... ioctl resumed>) = 0 [pid 3754] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3733] <... futex resumed>) = 0 [pid 3754] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3733] exit_group(0 [pid 3754] <... futex resumed>) = ? [pid 3734] <... futex resumed>) = ? [pid 3733] <... exit_group resumed>) = ? [pid 3734] +++ exited with 0 +++ [pid 3754] +++ exited with 0 +++ [pid 3733] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3733, si_uid=0, si_status=0, si_utime=3, si_stime=25} --- umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./4/binderfs") = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 3755 ./strace-static-x86_64: Process 3755 attached [pid 3755] set_robust_list(0x55555746f5e0, 24) = 0 [pid 3755] chdir("./5") = 0 [pid 3755] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3755] setpgid(0, 0) = 0 [pid 3755] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3755] write(3, "1000", 4) = 4 [pid 3755] close(3) = 0 [pid 3755] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3755] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3755] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 3755] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3755] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3756], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 3756 [pid 3755] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3755] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3756 attached [pid 3756] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 3756] memfd_create("syzkaller", 0) = 3 [pid 3756] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 3756] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 3756] munmap(0x7fdb59200000, 16777216) = 0 [pid 3756] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3756] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3756] close(3) = 0 [pid 3756] mkdir("./file0", 0777) = 0 [ 53.703760][ T3756] loop0: detected capacity change from 0 to 32768 [ 53.716176][ T3756] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 53.725527][ T3756] BTRFS info (device loop0): force clearing of disk cache [ 53.732781][ T3756] BTRFS info (device loop0): setting nodatasum [ 53.739083][ T3756] BTRFS info (device loop0): allowing degraded mounts [ 53.745963][ T3756] BTRFS info (device loop0): enabling disk space caching [ 53.753096][ T3756] BTRFS info (device loop0): disk space caching is enabled [ 53.771303][ T3756] BTRFS info (device loop0): enabling ssd optimizations [ 53.779306][ T3756] BTRFS info (device loop0): clearing free space tree [ 53.786365][ T3756] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 3756] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 3756] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3756] chdir("./file0") = 0 [pid 3756] ioctl(4, LOOP_CLR_FD) = 0 [pid 3756] close(4) = 0 [pid 3756] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3755] <... futex resumed>) = 0 [pid 3755] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3755] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3756] <... futex resumed>) = 1 [pid 3756] open("./file0", O_RDONLY) = 4 [pid 3756] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3755] <... futex resumed>) = 0 [pid 3755] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3755] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3756] <... futex resumed>) = 1 [pid 3756] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 3756] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3755] <... futex resumed>) = 0 [pid 3755] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3755] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3756] <... futex resumed>) = 1 [pid 3756] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 3756] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3755] <... futex resumed>) = 0 [pid 3755] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3755] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3756] <... futex resumed>) = 1 [pid 3756] creat("./bus", 000) = 6 [ 53.796314][ T3756] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 53.809996][ T3756] BTRFS info (device loop0): checking UUID tree [pid 3756] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3755] <... futex resumed>) = 0 [pid 3755] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3755] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3756] <... futex resumed>) = 1 [pid 3756] ftruncate(6, 2048) = 0 [pid 3756] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3755] <... futex resumed>) = 0 [pid 3755] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3755] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3756] <... futex resumed>) = 1 [pid 3756] open("./bus", O_RDONLY) = 7 [pid 3756] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3755] <... futex resumed>) = 0 [pid 3755] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3755] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3756] <... futex resumed>) = 1 [pid 3756] sendfile(6, 7, NULL, 65536) = 2048 [pid 3756] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3755] <... futex resumed>) = 0 [pid 3755] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3755] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3756] <... futex resumed>) = 1 [pid 3756] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 3756] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3755] <... futex resumed>) = 0 [pid 3755] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3755] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3756] <... futex resumed>) = 1 [pid 3756] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 3755] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3755] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 3755] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3755] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 3755] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3755] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3776 attached , parent_tid=[3776], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 3776 [pid 3755] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3776] set_robust_list(0x7fdb617d59e0, 24 [pid 3755] <... futex resumed>) = 0 [pid 3755] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3776] <... set_robust_list resumed>) = 0 [ 53.850423][ T9] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 53.875888][ T3756] BTRFS info (device loop0): balance: start -s [ 53.884874][ T3756] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 3776] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 3776] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3755] <... futex resumed>) = 0 [pid 3776] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3756] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 3756] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3756] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3755] exit_group(0 [pid 3776] <... futex resumed>) = ? [pid 3755] <... exit_group resumed>) = ? [pid 3756] <... futex resumed>) = ? [pid 3756] +++ exited with 0 +++ [pid 3776] +++ exited with 0 +++ [pid 3755] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3755, si_uid=0, si_status=0, si_utime=3, si_stime=29} --- umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./5/binderfs") = 0 [ 53.920572][ T3756] BTRFS info (device loop0): balance: ended with status: 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 3777 ./strace-static-x86_64: Process 3777 attached [pid 3777] set_robust_list(0x55555746f5e0, 24) = 0 [pid 3777] chdir("./6") = 0 [pid 3777] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3777] setpgid(0, 0) = 0 [pid 3777] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3777] write(3, "1000", 4) = 4 [pid 3777] close(3) = 0 [pid 3777] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3777] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3777] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 3777] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3777] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3778 attached , parent_tid=[3778], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 3778 [pid 3778] set_robust_list(0x7fdb617f69e0, 24 [pid 3777] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3778] <... set_robust_list resumed>) = 0 [pid 3777] <... futex resumed>) = 0 [pid 3777] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3778] memfd_create("syzkaller", 0) = 3 [pid 3778] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 3778] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 3778] munmap(0x7fdb59200000, 16777216) = 0 [pid 3778] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3778] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3778] close(3) = 0 [pid 3778] mkdir("./file0", 0777) = 0 [ 54.249485][ T3778] loop0: detected capacity change from 0 to 32768 [ 54.262449][ T3778] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 54.272043][ T3778] BTRFS info (device loop0): force clearing of disk cache [ 54.279584][ T3778] BTRFS info (device loop0): setting nodatasum [ 54.285812][ T3778] BTRFS info (device loop0): allowing degraded mounts [ 54.292998][ T3778] BTRFS info (device loop0): enabling disk space caching [ 54.300309][ T3778] BTRFS info (device loop0): disk space caching is enabled [ 54.320008][ T3778] BTRFS info (device loop0): enabling ssd optimizations [ 54.328049][ T3778] BTRFS info (device loop0): clearing free space tree [ 54.335136][ T3778] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 3778] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 3778] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3778] chdir("./file0") = 0 [pid 3778] ioctl(4, LOOP_CLR_FD) = 0 [pid 3778] close(4) = 0 [pid 3778] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3778] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3777] <... futex resumed>) = 0 [pid 3777] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3777] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3778] <... futex resumed>) = 0 [pid 3778] open("./file0", O_RDONLY) = 4 [pid 3778] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3777] <... futex resumed>) = 0 [pid 3777] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3777] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3778] <... futex resumed>) = 1 [pid 3778] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 3778] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3777] <... futex resumed>) = 0 [pid 3777] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3777] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3778] <... futex resumed>) = 1 [pid 3778] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 3778] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3777] <... futex resumed>) = 0 [pid 3777] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3777] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3778] <... futex resumed>) = 1 [pid 3778] creat("./bus", 000) = 6 [pid 3778] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3777] <... futex resumed>) = 0 [pid 3777] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3777] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3778] <... futex resumed>) = 1 [pid 3778] ftruncate(6, 2048) = 0 [pid 3778] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3777] <... futex resumed>) = 0 [pid 3777] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3777] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3778] <... futex resumed>) = 1 [pid 3778] open("./bus", O_RDONLY) = 7 [pid 3778] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3777] <... futex resumed>) = 0 [pid 3777] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3777] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3778] <... futex resumed>) = 1 [pid 3778] sendfile(6, 7, NULL, 65536) = 2048 [ 54.345318][ T3778] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 3778] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3777] <... futex resumed>) = 0 [pid 3777] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3777] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3778] <... futex resumed>) = 1 [pid 3778] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 3778] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3777] <... futex resumed>) = 0 [pid 3777] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3777] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3778] <... futex resumed>) = 1 [pid 3778] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 3778] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3777] <... futex resumed>) = 0 [pid 3777] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3777] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3778] <... futex resumed>) = 1 [pid 3778] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 3778] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3778] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3777] <... futex resumed>) = 0 [pid 3777] exit_group(0 [pid 3778] <... futex resumed>) = ? [pid 3777] <... exit_group resumed>) = ? [pid 3778] +++ exited with 0 +++ [pid 3777] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3777, si_uid=0, si_status=0, si_utime=1, si_stime=27} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./6/binderfs") = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3801 attached , child_tidptr=0x55555746f5d0) = 3801 [pid 3801] set_robust_list(0x55555746f5e0, 24) = 0 [pid 3801] chdir("./7") = 0 [pid 3801] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3801] setpgid(0, 0) = 0 [pid 3801] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3801] write(3, "1000", 4) = 4 [pid 3801] close(3) = 0 [pid 3801] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3801] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3801] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 3801] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3801] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3802 attached [pid 3802] set_robust_list(0x7fdb617f69e0, 24 [pid 3801] <... clone resumed>, parent_tid=[3802], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 3802 [pid 3802] <... set_robust_list resumed>) = 0 [pid 3801] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3801] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3802] memfd_create("syzkaller", 0) = 3 [pid 3802] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 3802] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 3802] munmap(0x7fdb59200000, 16777216) = 0 [pid 3802] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3802] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3802] close(3) = 0 [pid 3802] mkdir("./file0", 0777) = 0 [pid 3802] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 3802] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3802] chdir("./file0") = 0 [pid 3802] ioctl(4, LOOP_CLR_FD) = 0 [pid 3802] close(4) = 0 [pid 3802] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3801] <... futex resumed>) = 0 [pid 3801] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3801] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3802] <... futex resumed>) = 1 [pid 3802] open("./file0", O_RDONLY) = 4 [pid 3802] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3801] <... futex resumed>) = 0 [pid 3801] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3801] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3802] <... futex resumed>) = 1 [pid 3802] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 3802] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3801] <... futex resumed>) = 0 [pid 3801] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3801] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3802] <... futex resumed>) = 1 [pid 3802] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 3802] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3801] <... futex resumed>) = 0 [pid 3801] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3801] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 54.782738][ T3802] loop0: detected capacity change from 0 to 32768 [pid 3802] creat("./bus", 000) = 6 [pid 3802] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3801] <... futex resumed>) = 0 [pid 3801] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3801] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3802] <... futex resumed>) = 1 [pid 3802] ftruncate(6, 2048) = 0 [pid 3802] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3801] <... futex resumed>) = 0 [pid 3801] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3801] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3802] <... futex resumed>) = 1 [pid 3802] open("./bus", O_RDONLY) = 7 [pid 3802] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3801] <... futex resumed>) = 0 [pid 3801] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3801] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3802] <... futex resumed>) = 1 [pid 3802] sendfile(6, 7, NULL, 65536) = 2048 [pid 3802] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3801] <... futex resumed>) = 0 [pid 3801] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3801] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3802] <... futex resumed>) = 1 [pid 3802] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 3802] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3801] <... futex resumed>) = 0 [pid 3801] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3801] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3802] <... futex resumed>) = 1 [pid 3802] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 3802] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3801] <... futex resumed>) = 0 [pid 3801] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3801] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3802] <... futex resumed>) = 1 [pid 3802] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 3802] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3801] <... futex resumed>) = 0 [pid 3801] exit_group(0) = ? [pid 3802] <... futex resumed>) = ? [pid 3802] +++ exited with 0 +++ [pid 3801] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3801, si_uid=0, si_status=0, si_utime=2, si_stime=21} --- umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./7/binderfs") = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 3822 ./strace-static-x86_64: Process 3822 attached [pid 3822] set_robust_list(0x55555746f5e0, 24) = 0 [pid 3822] chdir("./8") = 0 [pid 3822] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3822] setpgid(0, 0) = 0 [pid 3822] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3822] write(3, "1000", 4) = 4 [pid 3822] close(3) = 0 [pid 3822] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3822] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3822] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 3822] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3822] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3823], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 3823 [pid 3822] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3822] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3823 attached [pid 3823] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 3823] memfd_create("syzkaller", 0) = 3 [pid 3823] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 3823] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 3823] munmap(0x7fdb59200000, 16777216) = 0 [pid 3823] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3823] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3823] close(3) = 0 [pid 3823] mkdir("./file0", 0777) = 0 [pid 3823] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 3823] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3823] chdir("./file0") = 0 [pid 3823] ioctl(4, LOOP_CLR_FD) = 0 [pid 3823] close(4) = 0 [pid 3823] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3822] <... futex resumed>) = 0 [pid 3822] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3822] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3823] <... futex resumed>) = 1 [pid 3823] open("./file0", O_RDONLY) = 4 [pid 3823] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3822] <... futex resumed>) = 0 [pid 3822] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3822] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3823] <... futex resumed>) = 1 [pid 3823] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 3823] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3822] <... futex resumed>) = 0 [pid 3822] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3822] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3823] <... futex resumed>) = 1 [pid 3823] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 3823] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3822] <... futex resumed>) = 0 [pid 3822] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3822] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3823] <... futex resumed>) = 1 [ 55.229772][ T3823] loop0: detected capacity change from 0 to 32768 [pid 3823] creat("./bus", 000) = 6 [pid 3823] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3822] <... futex resumed>) = 0 [pid 3822] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3822] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3823] <... futex resumed>) = 1 [pid 3823] ftruncate(6, 2048) = 0 [pid 3823] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3822] <... futex resumed>) = 0 [pid 3822] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3822] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3823] <... futex resumed>) = 1 [pid 3823] open("./bus", O_RDONLY) = 7 [pid 3823] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3822] <... futex resumed>) = 0 [pid 3822] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3822] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3823] <... futex resumed>) = 1 [pid 3823] sendfile(6, 7, NULL, 65536) = 2048 [pid 3823] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3822] <... futex resumed>) = 0 [pid 3822] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3822] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3823] <... futex resumed>) = 1 [pid 3823] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 3823] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3822] <... futex resumed>) = 0 [pid 3822] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3822] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3823] <... futex resumed>) = 1 [pid 3823] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 3823] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3822] <... futex resumed>) = 0 [pid 3822] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3822] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3823] <... futex resumed>) = 1 [pid 3823] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 3823] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3822] <... futex resumed>) = 0 [pid 3822] exit_group(0) = ? [pid 3823] <... futex resumed>) = ? [pid 3823] +++ exited with 0 +++ [pid 3822] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3822, si_uid=0, si_status=0, si_utime=4, si_stime=19} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./8/binderfs") = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 3843 ./strace-static-x86_64: Process 3843 attached [pid 3843] set_robust_list(0x55555746f5e0, 24) = 0 [pid 3843] chdir("./9") = 0 [pid 3843] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3843] setpgid(0, 0) = 0 [pid 3843] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3843] write(3, "1000", 4) = 4 [pid 3843] close(3) = 0 [pid 3843] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3843] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3843] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 3843] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3843] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3844 attached , parent_tid=[3844], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 3844 [pid 3844] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 3844] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3843] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3844] <... futex resumed>) = 0 [pid 3844] memfd_create("syzkaller", 0) = 3 [pid 3844] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 3843] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3844] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 3844] munmap(0x7fdb59200000, 16777216) = 0 [pid 3844] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3844] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3844] close(3) = 0 [pid 3844] mkdir("./file0", 0777) = 0 [ 55.672701][ T3844] loop0: detected capacity change from 0 to 32768 [ 55.686632][ T3844] _btrfs_printk: 35 callbacks suppressed [ 55.686647][ T3844] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 55.701713][ T3844] BTRFS info (device loop0): force clearing of disk cache [ 55.708910][ T3844] BTRFS info (device loop0): setting nodatasum [ 55.715068][ T3844] BTRFS info (device loop0): allowing degraded mounts [ 55.721891][ T3844] BTRFS info (device loop0): enabling disk space caching [ 55.728944][ T3844] BTRFS info (device loop0): disk space caching is enabled [ 55.745723][ T3844] BTRFS info (device loop0): enabling ssd optimizations [ 55.753474][ T3844] BTRFS info (device loop0): clearing free space tree [ 55.760865][ T3844] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 3844] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 3844] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3844] chdir("./file0") = 0 [pid 3844] ioctl(4, LOOP_CLR_FD) = 0 [pid 3844] close(4) = 0 [pid 3844] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3843] <... futex resumed>) = 0 [pid 3844] open("./file0", O_RDONLY [pid 3843] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3844] <... open resumed>) = 4 [pid 3843] <... futex resumed>) = 0 [pid 3844] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3843] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3844] <... futex resumed>) = 0 [pid 3843] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 55.770571][ T3844] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 55.784215][ T3844] BTRFS info (device loop0): checking UUID tree [ 55.800460][ T27] kauditd_printk_skb: 8 callbacks suppressed [pid 3844] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 3843] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3843] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3844] <... open resumed>) = 5 [pid 3844] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3843] <... futex resumed>) = 0 [pid 3843] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3844] <... futex resumed>) = 1 [pid 3843] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3844] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 3844] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3843] <... futex resumed>) = 0 [pid 3843] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3843] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3844] creat("./bus", 000) = 6 [pid 3844] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3843] <... futex resumed>) = 0 [pid 3843] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 55.800473][ T27] audit: type=1800 audit(1670043436.305:20): pid=3844 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 3843] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3844] ftruncate(6, 2048) = 0 [pid 3844] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3843] <... futex resumed>) = 0 [pid 3843] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3843] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3844] <... futex resumed>) = 1 [pid 3844] open("./bus", O_RDONLY) = 7 [pid 3844] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3843] <... futex resumed>) = 0 [pid 3844] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3843] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3844] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3843] <... futex resumed>) = 0 [pid 3844] sendfile(6, 7, NULL, 65536 [pid 3843] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3844] <... sendfile resumed>) = 2048 [pid 3844] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3843] <... futex resumed>) = 0 [pid 3844] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3843] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3844] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3843] <... futex resumed>) = 0 [pid 3844] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 3843] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3844] <... openat resumed>) = 8 [pid 3844] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3843] <... futex resumed>) = 0 [pid 3844] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3843] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3844] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3843] <... futex resumed>) = 0 [pid 3844] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 55.847126][ T9] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 55.855258][ T27] audit: type=1804 audit(1670043436.355:21): pid=3844 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/9/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 55.891375][ T3844] BTRFS info (device loop0): balance: start -s [pid 3843] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3844] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 3844] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3843] <... futex resumed>) = 0 [pid 3843] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3843] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3844] <... futex resumed>) = 1 [pid 3844] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 3844] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3843] <... futex resumed>) = 0 [pid 3843] exit_group(0) = ? [pid 3844] <... futex resumed>) = ? [ 55.899135][ T3844] BTRFS info (device loop0): relocating block group 1048576 flags system [ 55.922686][ T3844] BTRFS info (device loop0): balance: ended with status: 0 [pid 3844] +++ exited with 0 +++ [pid 3843] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3843, si_uid=0, si_status=0, si_utime=3, si_stime=24} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./9/binderfs") = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 3864 ./strace-static-x86_64: Process 3864 attached [pid 3864] set_robust_list(0x55555746f5e0, 24) = 0 [pid 3864] chdir("./10") = 0 [pid 3864] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3864] setpgid(0, 0) = 0 [pid 3864] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3864] write(3, "1000", 4) = 4 [pid 3864] close(3) = 0 [pid 3864] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3864] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3864] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 3864] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3864] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3865 attached , parent_tid=[3865], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 3865 [pid 3865] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 3865] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3864] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3865] <... futex resumed>) = 0 [pid 3864] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3865] memfd_create("syzkaller", 0) = 3 [pid 3865] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 3865] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 3865] munmap(0x7fdb59200000, 16777216) = 0 [pid 3865] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3865] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3865] close(3) = 0 [pid 3865] mkdir("./file0", 0777) = 0 [ 56.248575][ T3865] loop0: detected capacity change from 0 to 32768 [ 56.263608][ T3865] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 56.272936][ T3865] BTRFS info (device loop0): force clearing of disk cache [ 56.280212][ T3865] BTRFS info (device loop0): setting nodatasum [ 56.286396][ T3865] BTRFS info (device loop0): allowing degraded mounts [ 56.293256][ T3865] BTRFS info (device loop0): enabling disk space caching [ 56.300358][ T3865] BTRFS info (device loop0): disk space caching is enabled [ 56.319375][ T3865] BTRFS info (device loop0): enabling ssd optimizations [ 56.327180][ T3865] BTRFS info (device loop0): clearing free space tree [ 56.334307][ T3865] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 3865] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 3865] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3865] chdir("./file0") = 0 [pid 3865] ioctl(4, LOOP_CLR_FD) = 0 [pid 3865] close(4) = 0 [pid 3865] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3864] <... futex resumed>) = 0 [pid 3864] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3864] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3865] open("./file0", O_RDONLY) = 4 [pid 3865] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3864] <... futex resumed>) = 0 [pid 3864] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3864] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 56.344029][ T3865] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 56.357339][ T3865] BTRFS info (device loop0): checking UUID tree [pid 3865] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 3865] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3864] <... futex resumed>) = 0 [pid 3864] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3864] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3865] <... futex resumed>) = 1 [pid 3865] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 3865] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3864] <... futex resumed>) = 0 [pid 3864] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3864] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3865] <... futex resumed>) = 1 [pid 3865] creat("./bus", 000) = 6 [pid 3865] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3864] <... futex resumed>) = 0 [pid 3864] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3864] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3865] <... futex resumed>) = 1 [pid 3865] ftruncate(6, 2048) = 0 [pid 3865] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3864] <... futex resumed>) = 0 [pid 3864] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3864] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3865] <... futex resumed>) = 1 [ 56.386705][ T27] audit: type=1800 audit(1670043436.885:22): pid=3865 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 56.425334][ T27] audit: type=1804 audit(1670043436.925:23): pid=3865 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/10/file0/bus" dev="loop0" ino=263 res=1 errno=0 [pid 3865] open("./bus", O_RDONLY) = 7 [pid 3865] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3864] <... futex resumed>) = 0 [pid 3864] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3864] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3865] <... futex resumed>) = 1 [pid 3865] sendfile(6, 7, NULL, 65536) = 2048 [pid 3865] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3864] <... futex resumed>) = 0 [pid 3864] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3864] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3865] <... futex resumed>) = 1 [pid 3865] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 3865] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3864] <... futex resumed>) = 0 [pid 3864] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3864] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3865] <... futex resumed>) = 1 [ 56.426264][ T9] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 56.479313][ T3865] BTRFS info (device loop0): balance: start -s [ 56.488333][ T3865] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 3865] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 3864] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3864] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3864] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 3864] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3864] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3885], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 3885 [pid 3864] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3864] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3885 attached [pid 3885] set_robust_list(0x7fdb617d59e0, 24 [pid 3865] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 3885] <... set_robust_list resumed>) = 0 [pid 3885] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 3865] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3865] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3885] <... ioctl resumed>) = 0 [pid 3885] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3885] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3864] <... futex resumed>) = 0 [pid 3864] exit_group(0 [pid 3865] <... futex resumed>) = ? [pid 3864] <... exit_group resumed>) = ? [pid 3885] <... futex resumed>) = ? [pid 3885] +++ exited with 0 +++ [pid 3865] +++ exited with 0 +++ [pid 3864] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3864, si_uid=0, si_status=0, si_utime=3, si_stime=31} --- [ 56.518730][ T3865] BTRFS info (device loop0): balance: ended with status: 0 umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./10/binderfs") = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 3886 ./strace-static-x86_64: Process 3886 attached [pid 3886] set_robust_list(0x55555746f5e0, 24) = 0 [pid 3886] chdir("./11") = 0 [pid 3886] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3886] setpgid(0, 0) = 0 [pid 3886] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3886] write(3, "1000", 4) = 4 [pid 3886] close(3) = 0 [pid 3886] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3886] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3886] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 3886] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3886] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3887], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 3887 [pid 3886] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3886] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3887 attached [pid 3887] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 3887] memfd_create("syzkaller", 0) = 3 [pid 3887] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 3887] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 3887] munmap(0x7fdb59200000, 16777216) = 0 [pid 3887] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3887] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3887] close(3) = 0 [pid 3887] mkdir("./file0", 0777) = 0 [ 56.867461][ T3887] loop0: detected capacity change from 0 to 32768 [ 56.880622][ T3887] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 56.890233][ T3887] BTRFS info (device loop0): force clearing of disk cache [ 56.897781][ T3887] BTRFS info (device loop0): setting nodatasum [ 56.904191][ T3887] BTRFS info (device loop0): allowing degraded mounts [ 56.911352][ T3887] BTRFS info (device loop0): enabling disk space caching [ 56.918852][ T3887] BTRFS info (device loop0): disk space caching is enabled [ 56.937663][ T3887] BTRFS info (device loop0): enabling ssd optimizations [ 56.945590][ T3887] BTRFS info (device loop0): clearing free space tree [ 56.952518][ T3887] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 3887] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 3887] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3887] chdir("./file0") = 0 [pid 3887] ioctl(4, LOOP_CLR_FD) = 0 [pid 3887] close(4) = 0 [pid 3887] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3886] <... futex resumed>) = 0 [pid 3886] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3886] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3887] <... futex resumed>) = 1 [pid 3887] open("./file0", O_RDONLY) = 4 [pid 3887] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3886] <... futex resumed>) = 0 [pid 3886] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3886] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3887] <... futex resumed>) = 1 [pid 3887] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [ 56.962234][ T3887] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 56.976145][ T3887] BTRFS info (device loop0): checking UUID tree [pid 3887] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3886] <... futex resumed>) = 0 [pid 3886] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3886] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3887] <... futex resumed>) = 1 [pid 3887] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 3887] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3886] <... futex resumed>) = 0 [pid 3886] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3886] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3887] <... futex resumed>) = 1 [pid 3887] creat("./bus", 000) = 6 [pid 3887] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3886] <... futex resumed>) = 0 [pid 3886] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3886] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3887] <... futex resumed>) = 1 [pid 3887] ftruncate(6, 2048) = 0 [pid 3887] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3886] <... futex resumed>) = 0 [pid 3886] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3886] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3887] <... futex resumed>) = 1 [pid 3887] open("./bus", O_RDONLY) = 7 [ 57.008626][ T27] audit: type=1800 audit(1670043437.515:24): pid=3887 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 57.037867][ T9] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 3887] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3886] <... futex resumed>) = 0 [pid 3886] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3886] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3887] <... futex resumed>) = 1 [pid 3887] sendfile(6, 7, NULL, 65536) = 2048 [pid 3887] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3886] <... futex resumed>) = 0 [pid 3886] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3886] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3887] <... futex resumed>) = 1 [pid 3887] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 3887] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3886] <... futex resumed>) = 0 [pid 3886] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3886] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3887] <... futex resumed>) = 1 [pid 3887] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 3886] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3886] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3886] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 3886] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3886] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3907], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 3907 [pid 3886] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 57.061599][ T27] audit: type=1804 audit(1670043437.565:25): pid=3887 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/11/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 57.079507][ T3887] BTRFS info (device loop0): balance: start -s [ 57.093618][ T3887] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 3886] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3907 attached [pid 3907] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 3907] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 3887] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 3887] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3887] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3907] <... ioctl resumed>) = 0 [pid 3907] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3886] <... futex resumed>) = 0 [pid 3907] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3886] exit_group(0 [pid 3907] <... futex resumed>) = ? [pid 3887] <... futex resumed>) = ? [pid 3886] <... exit_group resumed>) = ? [pid 3887] +++ exited with 0 +++ [pid 3907] +++ exited with 0 +++ [pid 3886] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3886, si_uid=0, si_status=0, si_utime=0, si_stime=32} --- umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./11/binderfs") = 0 [ 57.127473][ T3887] BTRFS info (device loop0): balance: ended with status: 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 3911 ./strace-static-x86_64: Process 3911 attached [pid 3911] set_robust_list(0x55555746f5e0, 24) = 0 [pid 3911] chdir("./12") = 0 [pid 3911] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3911] setpgid(0, 0) = 0 [pid 3911] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3911] write(3, "1000", 4) = 4 [pid 3911] close(3) = 0 [pid 3911] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3911] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3911] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 3911] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3911] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3912], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 3912 [pid 3911] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3911] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3912 attached [pid 3912] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 3912] memfd_create("syzkaller", 0) = 3 [pid 3912] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 3912] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 3912] munmap(0x7fdb59200000, 16777216) = 0 [pid 3912] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3912] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3912] close(3) = 0 [pid 3912] mkdir("./file0", 0777) = 0 [ 57.446588][ T3912] loop0: detected capacity change from 0 to 32768 [ 57.462241][ T3912] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 57.471546][ T3912] BTRFS info (device loop0): force clearing of disk cache [ 57.478822][ T3912] BTRFS info (device loop0): setting nodatasum [ 57.485265][ T3912] BTRFS info (device loop0): allowing degraded mounts [ 57.492106][ T3912] BTRFS info (device loop0): enabling disk space caching [ 57.499628][ T3912] BTRFS info (device loop0): disk space caching is enabled [ 57.519096][ T3912] BTRFS info (device loop0): enabling ssd optimizations [ 57.526765][ T3912] BTRFS info (device loop0): clearing free space tree [ 57.533687][ T3912] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 3912] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 3912] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3912] chdir("./file0") = 0 [pid 3912] ioctl(4, LOOP_CLR_FD) = 0 [pid 3912] close(4) = 0 [pid 3912] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3911] <... futex resumed>) = 0 [pid 3912] open("./file0", O_RDONLY [pid 3911] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3912] <... open resumed>) = 4 [pid 3911] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3912] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3911] <... futex resumed>) = 0 [pid 3911] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3912] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [ 57.543536][ T3912] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 57.557138][ T3912] BTRFS info (device loop0): checking UUID tree [pid 3911] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3912] <... open resumed>) = 5 [pid 3912] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3911] <... futex resumed>) = 0 [pid 3911] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3911] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3912] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 3912] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3912] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3911] <... futex resumed>) = 0 [pid 3911] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3912] <... futex resumed>) = 0 [pid 3911] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3912] creat("./bus", 000) = 6 [pid 3912] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3912] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3911] <... futex resumed>) = 0 [pid 3911] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3912] <... futex resumed>) = 0 [pid 3912] ftruncate(6, 2048 [pid 3911] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3912] <... ftruncate resumed>) = 0 [pid 3912] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3912] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3911] <... futex resumed>) = 0 [pid 3911] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3912] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3911] <... futex resumed>) = 0 [pid 3912] open("./bus", O_RDONLY [ 57.584367][ T27] audit: type=1800 audit(1670043438.085:26): pid=3912 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 57.629698][ T9] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 3911] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3912] <... open resumed>) = 7 [pid 3912] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3912] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3911] <... futex resumed>) = 0 [pid 3911] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3912] <... futex resumed>) = 0 [pid 3911] <... futex resumed>) = 1 [pid 3912] sendfile(6, 7, NULL, 65536) = 2048 [pid 3911] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3912] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3911] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3912] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3911] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3912] <... futex resumed>) = 0 [pid 3911] <... futex resumed>) = 1 [pid 3912] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 3911] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3912] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3911] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3912] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3911] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3912] <... futex resumed>) = 0 [pid 3912] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 57.644363][ T27] audit: type=1804 audit(1670043438.145:27): pid=3912 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/12/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 57.684553][ T3912] BTRFS info (device loop0): balance: start -s [ 57.693252][ T3912] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 3911] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 3911] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3911] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 3911] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3911] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3932], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 3932 [pid 3911] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3911] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3912] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 3912] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3912] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3932 attached [pid 3932] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 3932] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 3932] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3932] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3911] <... futex resumed>) = 0 [pid 3911] exit_group(0 [pid 3912] <... futex resumed>) = ? [ 57.721495][ T3912] BTRFS info (device loop0): balance: ended with status: 0 [pid 3911] <... exit_group resumed>) = ? [pid 3912] +++ exited with 0 +++ [pid 3932] <... futex resumed>) = ? [pid 3932] +++ exited with 0 +++ [pid 3911] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3911, si_uid=0, si_status=0, si_utime=4, si_stime=27} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./12/binderfs") = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 3933 ./strace-static-x86_64: Process 3933 attached [pid 3933] set_robust_list(0x55555746f5e0, 24) = 0 [pid 3933] chdir("./13") = 0 [pid 3933] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3933] setpgid(0, 0) = 0 [pid 3933] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3933] write(3, "1000", 4) = 4 [pid 3933] close(3) = 0 [pid 3933] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3933] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3933] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 3933] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3933] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3934], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 3934 [pid 3933] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3933] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3934 attached [pid 3934] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 3934] memfd_create("syzkaller", 0) = 3 [pid 3934] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 3934] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 3934] munmap(0x7fdb59200000, 16777216) = 0 [pid 3934] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3934] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3934] close(3) = 0 [pid 3934] mkdir("./file0", 0777) = 0 [ 58.064303][ T3934] loop0: detected capacity change from 0 to 32768 [ 58.077943][ T3934] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 58.087291][ T3934] BTRFS info (device loop0): force clearing of disk cache [ 58.094556][ T3934] BTRFS info (device loop0): setting nodatasum [ 58.100789][ T3934] BTRFS info (device loop0): allowing degraded mounts [ 58.107848][ T3934] BTRFS info (device loop0): enabling disk space caching [ 58.114879][ T3934] BTRFS info (device loop0): disk space caching is enabled [ 58.133508][ T3934] BTRFS info (device loop0): enabling ssd optimizations [ 58.141272][ T3934] BTRFS info (device loop0): clearing free space tree [ 58.148545][ T3934] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 3934] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 3934] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3934] chdir("./file0") = 0 [pid 3934] ioctl(4, LOOP_CLR_FD) = 0 [pid 3934] close(4) = 0 [pid 3934] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3933] <... futex resumed>) = 0 [pid 3934] <... futex resumed>) = 1 [pid 3933] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3934] open("./file0", O_RDONLY [pid 3933] <... futex resumed>) = 0 [pid 3933] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3934] <... open resumed>) = 4 [pid 3934] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3933] <... futex resumed>) = 0 [pid 3934] <... futex resumed>) = 1 [pid 3933] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3933] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 58.158635][ T3934] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 58.172285][ T3934] BTRFS info (device loop0): checking UUID tree [pid 3934] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 3934] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3934] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3933] <... futex resumed>) = 0 [pid 3933] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3934] <... futex resumed>) = 0 [pid 3933] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3934] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 3934] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3933] <... futex resumed>) = 0 [pid 3934] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3933] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3934] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3933] <... futex resumed>) = 0 [pid 3934] creat("./bus", 000 [pid 3933] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3934] <... creat resumed>) = 6 [pid 3934] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3933] <... futex resumed>) = 0 [pid 3934] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3933] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3934] <... futex resumed>) = 0 [pid 3933] <... futex resumed>) = 1 [pid 3934] ftruncate(6, 2048 [pid 3933] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3934] <... ftruncate resumed>) = 0 [ 58.195320][ T27] audit: type=1800 audit(1670043438.695:28): pid=3934 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 58.231215][ T33] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 3934] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3933] <... futex resumed>) = 0 [pid 3934] open("./bus", O_RDONLY [pid 3933] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3934] <... open resumed>) = 7 [pid 3933] <... futex resumed>) = 0 [pid 3934] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3933] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3934] <... futex resumed>) = 0 [pid 3933] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3934] sendfile(6, 7, NULL, 65536 [pid 3933] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3934] <... sendfile resumed>) = 2048 [pid 3933] <... futex resumed>) = 0 [pid 3934] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3933] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3934] <... futex resumed>) = 0 [pid 3933] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3934] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 3933] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3934] <... openat resumed>) = 8 [pid 3933] <... futex resumed>) = 0 [pid 3933] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3934] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3933] <... futex resumed>) = 0 [pid 3934] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 3933] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 58.252254][ T27] audit: type=1804 audit(1670043438.755:29): pid=3934 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/13/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 58.294928][ T3934] BTRFS info (device loop0): balance: start -s [ 58.303582][ T3934] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 3933] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 3933] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3933] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 3933] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3933] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3954], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 3954 [pid 3933] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3933] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3934] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 3934] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3934] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3954 attached [pid 3954] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 3954] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 3954] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3933] <... futex resumed>) = 0 [pid 3954] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3933] exit_group(0) = ? [pid 3954] <... futex resumed>) = ? [pid 3934] <... futex resumed>) = ? [pid 3934] +++ exited with 0 +++ [pid 3954] +++ exited with 0 +++ [pid 3933] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3933, si_uid=0, si_status=0, si_utime=3, si_stime=30} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./13/binderfs") = 0 [ 58.333667][ T3934] BTRFS info (device loop0): balance: ended with status: 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 3955 ./strace-static-x86_64: Process 3955 attached [pid 3955] set_robust_list(0x55555746f5e0, 24) = 0 [pid 3955] chdir("./14") = 0 [pid 3955] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3955] setpgid(0, 0) = 0 [pid 3955] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3955] write(3, "1000", 4) = 4 [pid 3955] close(3) = 0 [pid 3955] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3955] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3955] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 3955] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3955] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3956], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 3956 [pid 3955] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3955] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3956 attached [pid 3956] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 3956] memfd_create("syzkaller", 0) = 3 [pid 3956] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 3956] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 3956] munmap(0x7fdb59200000, 16777216) = 0 [pid 3956] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3956] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3956] close(3) = 0 [pid 3956] mkdir("./file0", 0777) = 0 [ 58.663432][ T3956] loop0: detected capacity change from 0 to 32768 [ 58.676226][ T3956] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 58.685587][ T3956] BTRFS info (device loop0): force clearing of disk cache [ 58.692796][ T3956] BTRFS info (device loop0): setting nodatasum [ 58.699117][ T3956] BTRFS info (device loop0): allowing degraded mounts [ 58.705904][ T3956] BTRFS info (device loop0): enabling disk space caching [ 58.713271][ T3956] BTRFS info (device loop0): disk space caching is enabled [ 58.731094][ T3956] BTRFS info (device loop0): enabling ssd optimizations [ 58.739330][ T3956] BTRFS info (device loop0): clearing free space tree [ 58.746127][ T3956] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 3956] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 3956] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3956] chdir("./file0") = 0 [pid 3956] ioctl(4, LOOP_CLR_FD) = 0 [pid 3956] close(4) = 0 [pid 3956] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3955] <... futex resumed>) = 0 [pid 3955] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3955] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3956] <... futex resumed>) = 1 [pid 3956] open("./file0", O_RDONLY) = 4 [pid 3956] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3955] <... futex resumed>) = 0 [pid 3955] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3955] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3956] <... futex resumed>) = 1 [pid 3956] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 3956] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3955] <... futex resumed>) = 0 [pid 3955] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3955] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3956] <... futex resumed>) = 1 [pid 3956] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 3956] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3955] <... futex resumed>) = 0 [pid 3955] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3955] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3956] creat("./bus", 000) = 6 [pid 3956] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3955] <... futex resumed>) = 0 [pid 3955] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3955] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 58.756160][ T3956] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 58.769692][ T3956] BTRFS info (device loop0): checking UUID tree [pid 3956] ftruncate(6, 2048) = 0 [pid 3956] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3955] <... futex resumed>) = 0 [pid 3955] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3956] open("./bus", O_RDONLY [pid 3955] <... futex resumed>) = 0 [pid 3955] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3956] <... open resumed>) = 7 [pid 3956] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3955] <... futex resumed>) = 0 [pid 3955] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3955] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3956] sendfile(6, 7, NULL, 65536) = 2048 [pid 3956] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3955] <... futex resumed>) = 0 [pid 3955] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3955] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3956] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 3956] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3955] <... futex resumed>) = 0 [pid 3956] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3955] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3956] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3955] <... futex resumed>) = 0 [pid 3956] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 58.820630][ T9] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 58.857968][ T3956] BTRFS info (device loop0): balance: start -s [pid 3955] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 3955] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3955] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 3955] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3955] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3976], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 3976 [pid 3955] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3955] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3976 attached [pid 3976] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 3976] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 3976] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3955] <... futex resumed>) = 0 [pid 3976] <... futex resumed>) = 1 [ 58.881388][ T3956] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 3976] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3956] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 3956] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3955] exit_group(0 [pid 3976] <... futex resumed>) = ? [pid 3955] <... exit_group resumed>) = ? [pid 3976] +++ exited with 0 +++ [pid 3956] +++ exited with 0 +++ [pid 3955] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3955, si_uid=0, si_status=0, si_utime=2, si_stime=31} --- umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./14/binderfs") = 0 [ 58.951675][ T3956] BTRFS info (device loop0): balance: ended with status: 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 3977 ./strace-static-x86_64: Process 3977 attached [pid 3977] set_robust_list(0x55555746f5e0, 24) = 0 [pid 3977] chdir("./15") = 0 [pid 3977] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3977] setpgid(0, 0) = 0 [pid 3977] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3977] write(3, "1000", 4) = 4 [pid 3977] close(3) = 0 [pid 3977] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3977] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3977] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 3977] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3977] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3978 attached , parent_tid=[3978], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 3978 [pid 3978] set_robust_list(0x7fdb617f69e0, 24 [pid 3977] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3978] <... set_robust_list resumed>) = 0 [pid 3977] <... futex resumed>) = 0 [pid 3978] memfd_create("syzkaller", 0 [pid 3977] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3978] <... memfd_create resumed>) = 3 [pid 3978] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 3978] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 3978] munmap(0x7fdb59200000, 16777216) = 0 [pid 3978] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3978] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3978] close(3) = 0 [pid 3978] mkdir("./file0", 0777) = 0 [ 59.263305][ T3978] loop0: detected capacity change from 0 to 32768 [ 59.277504][ T3978] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 59.286819][ T3978] BTRFS info (device loop0): force clearing of disk cache [ 59.294008][ T3978] BTRFS info (device loop0): setting nodatasum [ 59.300430][ T3978] BTRFS info (device loop0): allowing degraded mounts [ 59.307203][ T3978] BTRFS info (device loop0): enabling disk space caching [ 59.314637][ T3978] BTRFS info (device loop0): disk space caching is enabled [ 59.335373][ T3978] BTRFS info (device loop0): enabling ssd optimizations [ 59.343445][ T3978] BTRFS info (device loop0): clearing free space tree [ 59.350650][ T3978] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 3978] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 3978] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3978] chdir("./file0") = 0 [pid 3978] ioctl(4, LOOP_CLR_FD) = 0 [pid 3978] close(4) = 0 [pid 3978] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3977] <... futex resumed>) = 0 [pid 3978] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3977] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3978] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3977] <... futex resumed>) = 0 [pid 3978] open("./file0", O_RDONLY [pid 3977] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3978] <... open resumed>) = 4 [pid 3978] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3977] <... futex resumed>) = 0 [pid 3978] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3977] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3978] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3977] <... futex resumed>) = 0 [pid 3978] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 3977] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3978] <... open resumed>) = 5 [pid 3978] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3977] <... futex resumed>) = 0 [pid 3978] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3977] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3978] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3977] <... futex resumed>) = 0 [pid 3978] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 3977] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3978] <... ioctl resumed>) = 0 [pid 3978] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3977] <... futex resumed>) = 0 [pid 3978] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3977] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3978] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3977] <... futex resumed>) = 0 [pid 3978] creat("./bus", 000 [ 59.360636][ T3978] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 3977] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3978] <... creat resumed>) = 6 [pid 3978] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3977] <... futex resumed>) = 0 [pid 3978] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3977] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3978] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3977] <... futex resumed>) = 0 [pid 3978] ftruncate(6, 2048 [pid 3977] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3978] <... ftruncate resumed>) = 0 [pid 3978] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3977] <... futex resumed>) = 0 [pid 3978] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3977] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3978] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3977] <... futex resumed>) = 0 [pid 3978] open("./bus", O_RDONLY [pid 3977] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3978] <... open resumed>) = 7 [pid 3978] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3977] <... futex resumed>) = 0 [pid 3978] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3977] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3978] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3977] <... futex resumed>) = 0 [pid 3978] sendfile(6, 7, NULL, 65536 [pid 3977] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3978] <... sendfile resumed>) = 2048 [pid 3978] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3977] <... futex resumed>) = 0 [pid 3978] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3977] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3978] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3977] <... futex resumed>) = 0 [pid 3978] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 3977] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3978] <... openat resumed>) = 8 [pid 3978] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3977] <... futex resumed>) = 0 [pid 3978] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3977] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3978] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3977] <... futex resumed>) = 0 [pid 3978] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 3977] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 3977] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3977] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 3977] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3977] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3998 attached , parent_tid=[3998], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 3998 [pid 3998] set_robust_list(0x7fdb617d59e0, 24 [pid 3977] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3998] <... set_robust_list resumed>) = 0 [pid 3998] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 3977] <... futex resumed>) = 0 [pid 3977] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3998] <... ioctl resumed>) = 0 [pid 3998] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3998] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3978] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 3978] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3978] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3977] <... futex resumed>) = 0 [pid 3977] exit_group(0) = ? [pid 3998] <... futex resumed>) = ? [pid 3998] +++ exited with 0 +++ [pid 3978] <... futex resumed>) = ? [pid 3978] +++ exited with 0 +++ [pid 3977] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3977, si_uid=0, si_status=0, si_utime=1, si_stime=23} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./15/binderfs") = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 3999 ./strace-static-x86_64: Process 3999 attached [pid 3999] set_robust_list(0x55555746f5e0, 24) = 0 [pid 3999] chdir("./16") = 0 [pid 3999] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3999] setpgid(0, 0) = 0 [pid 3999] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3999] write(3, "1000", 4) = 4 [pid 3999] close(3) = 0 [pid 3999] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3999] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3999] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 3999] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3999] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4000 attached , parent_tid=[4000], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4000 [pid 4000] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4000] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3999] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4000] <... futex resumed>) = 0 [pid 3999] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4000] memfd_create("syzkaller", 0) = 3 [pid 4000] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4000] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4000] munmap(0x7fdb59200000, 16777216) = 0 [pid 4000] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4000] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4000] close(3) = 0 [pid 4000] mkdir("./file0", 0777) = 0 [pid 4000] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4000] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4000] chdir("./file0") = 0 [pid 4000] ioctl(4, LOOP_CLR_FD) = 0 [pid 4000] close(4) = 0 [pid 4000] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4000] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3999] <... futex resumed>) = 0 [pid 3999] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3999] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4000] <... futex resumed>) = 0 [pid 4000] open("./file0", O_RDONLY) = 4 [pid 4000] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3999] <... futex resumed>) = 0 [pid 4000] <... futex resumed>) = 1 [pid 3999] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4000] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 3999] <... futex resumed>) = 0 [pid 3999] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4000] <... open resumed>) = 5 [ 59.825887][ T4000] loop0: detected capacity change from 0 to 32768 [pid 4000] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3999] <... futex resumed>) = 0 [pid 4000] <... futex resumed>) = 1 [pid 3999] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3999] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4000] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 4000] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3999] <... futex resumed>) = 0 [pid 4000] <... futex resumed>) = 1 [pid 3999] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4000] creat("./bus", 000 [pid 3999] <... futex resumed>) = 0 [pid 3999] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4000] <... creat resumed>) = 6 [pid 4000] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3999] <... futex resumed>) = 0 [pid 3999] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3999] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4000] <... futex resumed>) = 1 [pid 4000] ftruncate(6, 2048) = 0 [pid 4000] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3999] <... futex resumed>) = 0 [pid 4000] <... futex resumed>) = 1 [pid 3999] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3999] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4000] open("./bus", O_RDONLY) = 7 [pid 4000] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3999] <... futex resumed>) = 0 [pid 3999] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3999] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4000] <... futex resumed>) = 1 [pid 4000] sendfile(6, 7, NULL, 65536) = 2048 [pid 4000] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3999] <... futex resumed>) = 0 [pid 4000] <... futex resumed>) = 1 [pid 3999] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3999] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4000] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 4000] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3999] <... futex resumed>) = 0 [pid 4000] <... futex resumed>) = 1 [pid 3999] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3999] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4000] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4000] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3999] <... futex resumed>) = 0 [pid 4000] <... futex resumed>) = 1 [pid 3999] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3999] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4000] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 4000] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3999] <... futex resumed>) = 0 [pid 4000] <... futex resumed>) = 1 [pid 3999] exit_group(0 [pid 4000] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3999] <... exit_group resumed>) = ? [pid 4000] <... futex resumed>) = ? [pid 4000] +++ exited with 0 +++ [pid 3999] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3999, si_uid=0, si_status=0, si_utime=1, si_stime=19} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./16/binderfs") = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4020 ./strace-static-x86_64: Process 4020 attached [pid 4020] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4020] chdir("./17") = 0 [pid 4020] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4020] setpgid(0, 0) = 0 [pid 4020] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4020] write(3, "1000", 4) = 4 [pid 4020] close(3) = 0 [pid 4020] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4020] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4020] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4020] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4020] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4021], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4021 [pid 4020] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4020] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4021 attached [pid 4021] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4021] memfd_create("syzkaller", 0) = 3 [pid 4021] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4021] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4021] munmap(0x7fdb59200000, 16777216) = 0 [pid 4021] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4021] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4021] close(3) = 0 [pid 4021] mkdir("./file0", 0777) = 0 [pid 4021] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4021] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4021] chdir("./file0") = 0 [pid 4021] ioctl(4, LOOP_CLR_FD) = 0 [pid 4021] close(4) = 0 [pid 4021] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4020] <... futex resumed>) = 0 [pid 4020] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4020] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4021] <... futex resumed>) = 1 [pid 4021] open("./file0", O_RDONLY) = 4 [pid 4021] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4020] <... futex resumed>) = 0 [pid 4020] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4020] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4021] <... futex resumed>) = 1 [pid 4021] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 4021] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4020] <... futex resumed>) = 0 [pid 4020] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4020] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4021] <... futex resumed>) = 1 [pid 4021] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [ 60.290505][ T4021] loop0: detected capacity change from 0 to 32768 [pid 4021] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4020] <... futex resumed>) = 0 [pid 4020] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4020] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4021] creat("./bus", 000) = 6 [pid 4021] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4020] <... futex resumed>) = 0 [pid 4020] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4020] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4021] <... futex resumed>) = 1 [pid 4021] ftruncate(6, 2048) = 0 [pid 4021] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4020] <... futex resumed>) = 0 [pid 4020] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4020] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4021] <... futex resumed>) = 1 [pid 4021] open("./bus", O_RDONLY) = 7 [pid 4021] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4020] <... futex resumed>) = 0 [pid 4020] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4020] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4021] <... futex resumed>) = 1 [pid 4021] sendfile(6, 7, NULL, 65536) = 2048 [pid 4021] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4020] <... futex resumed>) = 0 [pid 4020] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4020] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4021] <... futex resumed>) = 1 [pid 4021] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 4021] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4020] <... futex resumed>) = 0 [pid 4020] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4020] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4021] <... futex resumed>) = 1 [pid 4021] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4021] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4020] <... futex resumed>) = 0 [pid 4020] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4020] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4021] <... futex resumed>) = 1 [pid 4021] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 4021] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4020] <... futex resumed>) = 0 [pid 4020] exit_group(0) = ? [pid 4021] <... futex resumed>) = ? [pid 4021] +++ exited with 0 +++ [pid 4020] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4020, si_uid=0, si_status=0, si_utime=1, si_stime=16} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./17/binderfs") = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4041 attached , child_tidptr=0x55555746f5d0) = 4041 [pid 4041] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4041] chdir("./18") = 0 [pid 4041] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4041] setpgid(0, 0) = 0 [pid 4041] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4041] write(3, "1000", 4) = 4 [pid 4041] close(3) = 0 [pid 4041] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4041] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4041] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4041] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4041] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4042 attached , parent_tid=[4042], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4042 [pid 4042] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4042] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4041] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4042] <... futex resumed>) = 0 [pid 4042] memfd_create("syzkaller", 0) = 3 [pid 4042] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4041] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4042] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4042] munmap(0x7fdb59200000, 16777216) = 0 [pid 4042] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4042] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4042] close(3) = 0 [pid 4042] mkdir("./file0", 0777) = 0 [ 60.738376][ T4042] loop0: detected capacity change from 0 to 32768 [ 60.753591][ T4042] _btrfs_printk: 35 callbacks suppressed [ 60.753655][ T4042] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 60.768675][ T4042] BTRFS info (device loop0): force clearing of disk cache [ 60.775809][ T4042] BTRFS info (device loop0): setting nodatasum [ 60.782019][ T4042] BTRFS info (device loop0): allowing degraded mounts [ 60.788957][ T4042] BTRFS info (device loop0): enabling disk space caching [ 60.795975][ T4042] BTRFS info (device loop0): disk space caching is enabled [ 60.815298][ T4042] BTRFS info (device loop0): enabling ssd optimizations [ 60.822863][ T4042] BTRFS info (device loop0): clearing free space tree [ 60.829739][ T4042] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 4042] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4042] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4042] chdir("./file0") = 0 [pid 4042] ioctl(4, LOOP_CLR_FD) = 0 [pid 4042] close(4) = 0 [pid 4042] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4041] <... futex resumed>) = 0 [pid 4041] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4041] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4042] <... futex resumed>) = 1 [pid 4042] open("./file0", O_RDONLY) = 4 [pid 4042] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4041] <... futex resumed>) = 0 [pid 4041] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4041] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4042] <... futex resumed>) = 1 [ 60.839441][ T4042] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 60.852689][ T4042] BTRFS info (device loop0): checking UUID tree [pid 4042] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 4042] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4041] <... futex resumed>) = 0 [pid 4041] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4041] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4042] <... futex resumed>) = 1 [pid 4042] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 4042] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4041] <... futex resumed>) = 0 [pid 4041] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4042] creat("./bus", 000 [pid 4041] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4042] <... creat resumed>) = 6 [pid 4042] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4041] <... futex resumed>) = 0 [pid 4041] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4041] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4042] ftruncate(6, 2048) = 0 [pid 4042] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4041] <... futex resumed>) = 0 [pid 4041] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4041] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4042] <... futex resumed>) = 1 [ 60.882651][ T27] kauditd_printk_skb: 8 callbacks suppressed [ 60.882664][ T27] audit: type=1800 audit(1670043441.385:38): pid=4042 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 4042] open("./bus", O_RDONLY) = 7 [pid 4042] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4041] <... futex resumed>) = 0 [pid 4041] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4041] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4042] sendfile(6, 7, NULL, 65536) = 2048 [pid 4042] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4041] <... futex resumed>) = 0 [pid 4041] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4041] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4042] <... futex resumed>) = 1 [pid 4042] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 4042] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4041] <... futex resumed>) = 0 [pid 4041] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4041] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4042] <... futex resumed>) = 1 [ 60.923078][ T27] audit: type=1804 audit(1670043441.425:39): pid=4042 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/18/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 60.972156][ T33] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 4042] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 4041] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 4041] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4041] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 4041] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4041] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4062], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 4062 [pid 4041] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4041] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4062 attached [pid 4062] set_robust_list(0x7fdb617d59e0, 24) = 0 [ 60.984010][ T4042] BTRFS info (device loop0): balance: start -s [ 60.993069][ T4042] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 4062] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 4062] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4041] <... futex resumed>) = 0 [pid 4062] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4042] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4042] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4041] exit_group(0) = ? [pid 4042] <... futex resumed>) = ? [pid 4042] +++ exited with 0 +++ [pid 4062] <... futex resumed>) = ? [pid 4062] +++ exited with 0 +++ [pid 4041] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4041, si_uid=0, si_status=0, si_utime=1, si_stime=28} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./18/binderfs") = 0 [ 61.025779][ T4042] BTRFS info (device loop0): balance: ended with status: 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4063 ./strace-static-x86_64: Process 4063 attached [pid 4063] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4063] chdir("./19") = 0 [pid 4063] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4063] setpgid(0, 0) = 0 [pid 4063] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4063] write(3, "1000", 4) = 4 [pid 4063] close(3) = 0 [pid 4063] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4063] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4063] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4063] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4063] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4064 attached , parent_tid=[4064], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4064 [pid 4063] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4063] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4064] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4064] memfd_create("syzkaller", 0) = 3 [pid 4064] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4064] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4064] munmap(0x7fdb59200000, 16777216) = 0 [pid 4064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4064] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4064] close(3) = 0 [pid 4064] mkdir("./file0", 0777) = 0 [ 61.331094][ T4064] loop0: detected capacity change from 0 to 32768 [ 61.344072][ T4064] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 61.353544][ T4064] BTRFS info (device loop0): force clearing of disk cache [ 61.360811][ T4064] BTRFS info (device loop0): setting nodatasum [ 61.366971][ T4064] BTRFS info (device loop0): allowing degraded mounts [ 61.373937][ T4064] BTRFS info (device loop0): enabling disk space caching [ 61.381131][ T4064] BTRFS info (device loop0): disk space caching is enabled [ 61.398101][ T4064] BTRFS info (device loop0): enabling ssd optimizations [ 61.405649][ T4064] BTRFS info (device loop0): clearing free space tree [ 61.412915][ T4064] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 4064] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4064] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4064] chdir("./file0") = 0 [pid 4064] ioctl(4, LOOP_CLR_FD) = 0 [pid 4064] close(4) = 0 [pid 4064] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4063] <... futex resumed>) = 0 [pid 4063] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4063] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4064] open("./file0", O_RDONLY) = 4 [pid 4064] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4063] <... futex resumed>) = 0 [pid 4064] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4063] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4064] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4063] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 61.423085][ T4064] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 61.437646][ T4064] BTRFS info (device loop0): checking UUID tree [pid 4064] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 4064] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4063] <... futex resumed>) = 0 [pid 4063] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4063] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4064] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 4064] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4063] <... futex resumed>) = 0 [pid 4063] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4063] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 61.464577][ T27] audit: type=1800 audit(1670043441.965:40): pid=4064 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 4064] creat("./bus", 000) = 6 [pid 4064] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4063] <... futex resumed>) = 0 [pid 4063] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4063] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4064] ftruncate(6, 2048) = 0 [pid 4064] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4063] <... futex resumed>) = 0 [pid 4063] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4063] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4064] open("./bus", O_RDONLY) = 7 [pid 4064] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4063] <... futex resumed>) = 0 [pid 4063] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4063] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4064] sendfile(6, 7, NULL, 65536) = 2048 [pid 4064] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4063] <... futex resumed>) = 0 [pid 4063] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4063] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4064] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 4064] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4064] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4063] <... futex resumed>) = 0 [pid 4063] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4063] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4064] <... futex resumed>) = 0 [ 61.502781][ T9] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 61.518361][ T27] audit: type=1804 audit(1670043442.025:41): pid=4064 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/19/file0/bus" dev="loop0" ino=263 res=1 errno=0 [pid 4064] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 4063] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 4063] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 4063] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4063] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 4063] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4063] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4084], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 4084 [pid 4063] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4063] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4084 attached [pid 4064] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4064] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4084] set_robust_list(0x7fdb617d59e0, 24 [pid 4064] <... futex resumed>) = 0 [pid 4084] <... set_robust_list resumed>) = 0 [pid 4084] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [ 61.557472][ T4064] BTRFS info (device loop0): balance: start -s [ 61.565180][ T4064] BTRFS info (device loop0): relocating block group 1048576 flags system [ 61.592349][ T4064] BTRFS info (device loop0): balance: ended with status: 0 [pid 4064] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4084] <... ioctl resumed>) = 0 [pid 4084] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4063] <... futex resumed>) = 0 [pid 4063] exit_group(0) = ? [pid 4064] <... futex resumed>) = ? [pid 4084] <... futex resumed>) = ? [pid 4064] +++ exited with 0 +++ [pid 4084] +++ exited with 0 +++ [pid 4063] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4063, si_uid=0, si_status=0, si_utime=3, si_stime=27} --- umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./19/binderfs") = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4085 attached , child_tidptr=0x55555746f5d0) = 4085 [pid 4085] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4085] chdir("./20") = 0 [pid 4085] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4085] setpgid(0, 0) = 0 [pid 4085] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4085] write(3, "1000", 4) = 4 [pid 4085] close(3) = 0 [pid 4085] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4085] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4085] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4085] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4085] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4086 attached , parent_tid=[4086], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4086 [pid 4085] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4086] set_robust_list(0x7fdb617f69e0, 24 [pid 4085] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4086] <... set_robust_list resumed>) = 0 [pid 4086] memfd_create("syzkaller", 0) = 3 [pid 4086] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4086] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4086] munmap(0x7fdb59200000, 16777216) = 0 [pid 4086] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4086] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4086] close(3) = 0 [pid 4086] mkdir("./file0", 0777) = 0 [ 61.930384][ T4086] loop0: detected capacity change from 0 to 32768 [ 61.944579][ T4086] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 61.953853][ T4086] BTRFS info (device loop0): force clearing of disk cache [ 61.961175][ T4086] BTRFS info (device loop0): setting nodatasum [ 61.967579][ T4086] BTRFS info (device loop0): allowing degraded mounts [ 61.974478][ T4086] BTRFS info (device loop0): enabling disk space caching [ 61.981744][ T4086] BTRFS info (device loop0): disk space caching is enabled [ 62.000758][ T4086] BTRFS info (device loop0): enabling ssd optimizations [ 62.008632][ T4086] BTRFS info (device loop0): clearing free space tree [ 62.015505][ T4086] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 4086] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4086] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4086] chdir("./file0") = 0 [pid 4086] ioctl(4, LOOP_CLR_FD) = 0 [pid 4086] close(4) = 0 [pid 4086] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4085] <... futex resumed>) = 0 [pid 4085] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4085] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4086] open("./file0", O_RDONLY) = 4 [pid 4086] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4085] <... futex resumed>) = 0 [pid 4085] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4085] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 62.025283][ T4086] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 62.038777][ T4086] BTRFS info (device loop0): checking UUID tree [pid 4086] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 4086] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4085] <... futex resumed>) = 0 [pid 4085] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4085] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4086] <... futex resumed>) = 1 [pid 4086] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 4086] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4085] <... futex resumed>) = 0 [pid 4085] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4085] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4086] <... futex resumed>) = 1 [pid 4086] creat("./bus", 000) = 6 [pid 4086] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4085] <... futex resumed>) = 0 [pid 4085] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4085] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4086] <... futex resumed>) = 1 [pid 4086] ftruncate(6, 2048) = 0 [pid 4086] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4085] <... futex resumed>) = 0 [pid 4085] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4085] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4086] <... futex resumed>) = 1 [ 62.065242][ T27] audit: type=1800 audit(1670043442.565:42): pid=4086 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 4086] open("./bus", O_RDONLY) = 7 [pid 4086] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4085] <... futex resumed>) = 0 [pid 4085] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4085] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4086] <... futex resumed>) = 1 [pid 4086] sendfile(6, 7, NULL, 65536) = 2048 [pid 4086] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4085] <... futex resumed>) = 0 [pid 4085] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4085] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4086] <... futex resumed>) = 1 [pid 4086] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 4086] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4085] <... futex resumed>) = 0 [pid 4085] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4085] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4086] <... futex resumed>) = 1 [ 62.107190][ T27] audit: type=1804 audit(1670043442.605:43): pid=4086 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/20/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 62.107850][ T9] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 4086] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 4085] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 4085] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4085] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 4085] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4085] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4106], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 4106 [pid 4085] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4085] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4106 attached [pid 4086] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4106] set_robust_list(0x7fdb617d59e0, 24 [pid 4086] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4106] <... set_robust_list resumed>) = 0 [pid 4086] <... futex resumed>) = 0 [pid 4106] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 4086] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4106] <... ioctl resumed>) = 0 [pid 4106] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4085] <... futex resumed>) = 0 [pid 4085] exit_group(0 [pid 4086] <... futex resumed>) = ? [pid 4085] <... exit_group resumed>) = ? [pid 4086] +++ exited with 0 +++ [pid 4106] +++ exited with 0 +++ [pid 4085] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4085, si_uid=0, si_status=0, si_utime=3, si_stime=25} --- [ 62.160097][ T4086] BTRFS info (device loop0): balance: start -s [ 62.169358][ T4086] BTRFS info (device loop0): relocating block group 1048576 flags system [ 62.192904][ T4086] BTRFS info (device loop0): balance: ended with status: 0 restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./20/binderfs") = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4107 ./strace-static-x86_64: Process 4107 attached [pid 4107] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4107] chdir("./21") = 0 [pid 4107] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4107] setpgid(0, 0) = 0 [pid 4107] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4107] write(3, "1000", 4) = 4 [pid 4107] close(3) = 0 [pid 4107] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4107] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4107] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4107] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4107] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4108], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4108 [pid 4107] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4107] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4108 attached [pid 4108] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4108] memfd_create("syzkaller", 0) = 3 [pid 4108] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4108] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4108] munmap(0x7fdb59200000, 16777216) = 0 [pid 4108] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4108] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4108] close(3) = 0 [pid 4108] mkdir("./file0", 0777) = 0 [ 62.523821][ T4108] loop0: detected capacity change from 0 to 32768 [ 62.538411][ T4108] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 62.547802][ T4108] BTRFS info (device loop0): force clearing of disk cache [ 62.555118][ T4108] BTRFS info (device loop0): setting nodatasum [ 62.561878][ T4108] BTRFS info (device loop0): allowing degraded mounts [ 62.569133][ T4108] BTRFS info (device loop0): enabling disk space caching [ 62.576224][ T4108] BTRFS info (device loop0): disk space caching is enabled [pid 4108] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4108] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4108] chdir("./file0") = 0 [pid 4108] ioctl(4, LOOP_CLR_FD) = 0 [pid 4108] close(4) = 0 [pid 4108] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4107] <... futex resumed>) = 0 [pid 4107] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4107] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4108] open("./file0", O_RDONLY) = 4 [pid 4108] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4107] <... futex resumed>) = 0 [pid 4107] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4107] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 62.625196][ T4108] BTRFS info (device loop0): enabling ssd optimizations [ 62.633086][ T4108] BTRFS info (device loop0): clearing free space tree [ 62.640332][ T4108] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 62.650464][ T4108] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 62.664013][ T4108] BTRFS info (device loop0): checking UUID tree [pid 4108] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 4108] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4108] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4107] <... futex resumed>) = 0 [pid 4107] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4108] <... futex resumed>) = 0 [pid 4107] <... futex resumed>) = 1 [pid 4108] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 4107] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4108] <... ioctl resumed>) = 0 [pid 4108] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4108] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4107] <... futex resumed>) = 0 [pid 4107] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4108] <... futex resumed>) = 0 [pid 4108] creat("./bus", 000 [pid 4107] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4108] <... creat resumed>) = 6 [pid 4108] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4108] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4107] <... futex resumed>) = 0 [pid 4107] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4108] <... futex resumed>) = 0 [pid 4107] <... futex resumed>) = 1 [pid 4108] ftruncate(6, 2048) = 0 [pid 4107] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4108] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4108] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4107] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4107] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4108] <... futex resumed>) = 0 [pid 4107] <... futex resumed>) = 1 [pid 4108] open("./bus", O_RDONLY [ 62.697158][ T27] audit: type=1800 audit(1670043443.195:44): pid=4108 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 4107] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4108] <... open resumed>) = 7 [pid 4108] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4108] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4107] <... futex resumed>) = 0 [pid 4107] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4108] <... futex resumed>) = 0 [pid 4107] <... futex resumed>) = 1 [pid 4108] sendfile(6, 7, NULL, 65536) = 2048 [pid 4107] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4108] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4108] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4107] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4107] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4108] <... futex resumed>) = 0 [pid 4107] <... futex resumed>) = 1 [pid 4108] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 4107] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4108] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4108] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4107] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4107] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4108] <... futex resumed>) = 0 [pid 4107] <... futex resumed>) = 1 [pid 4108] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 62.745756][ T27] audit: type=1804 audit(1670043443.245:45): pid=4108 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/21/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 62.775264][ T33] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 4107] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 4107] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4107] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 4108] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4107] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE [pid 4108] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4108] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4107] <... mprotect resumed>) = 0 [pid 4107] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4128 attached [pid 4128] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 4128] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4107] <... clone resumed>, parent_tid=[4128], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 4128 [pid 4107] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4128] <... futex resumed>) = 0 [pid 4107] <... futex resumed>) = 1 [pid 4107] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4128] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 4128] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4107] <... futex resumed>) = 0 [pid 4107] exit_group(0 [pid 4108] <... futex resumed>) = ? [pid 4107] <... exit_group resumed>) = ? [pid 4108] +++ exited with 0 +++ [pid 4128] <... futex resumed>) = ? [ 62.794790][ T4108] BTRFS info (device loop0): balance: start -s [ 62.803666][ T4108] BTRFS info (device loop0): relocating block group 1048576 flags system [ 62.833983][ T4108] BTRFS info (device loop0): balance: ended with status: 0 [pid 4128] +++ exited with 0 +++ [pid 4107] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4107, si_uid=0, si_status=0, si_utime=3, si_stime=29} --- umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./21/binderfs") = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4129 ./strace-static-x86_64: Process 4129 attached [pid 4129] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4129] chdir("./22") = 0 [pid 4129] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4129] setpgid(0, 0) = 0 [pid 4129] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4129] write(3, "1000", 4) = 4 [pid 4129] close(3) = 0 [pid 4129] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4129] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4129] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4129] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4129] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4130 attached , parent_tid=[4130], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4130 [pid 4129] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4129] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4130] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4130] memfd_create("syzkaller", 0) = 3 [pid 4130] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4130] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4130] munmap(0x7fdb59200000, 16777216) = 0 [pid 4130] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4130] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4130] close(3) = 0 [pid 4130] mkdir("./file0", 0777) = 0 [ 63.178189][ T4130] loop0: detected capacity change from 0 to 32768 [ 63.190775][ T4130] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 63.200293][ T4130] BTRFS info (device loop0): force clearing of disk cache [ 63.207857][ T4130] BTRFS info (device loop0): setting nodatasum [ 63.214358][ T4130] BTRFS info (device loop0): allowing degraded mounts [ 63.221514][ T4130] BTRFS info (device loop0): enabling disk space caching [ 63.228939][ T4130] BTRFS info (device loop0): disk space caching is enabled [ 63.247709][ T4130] BTRFS info (device loop0): enabling ssd optimizations [ 63.255499][ T4130] BTRFS info (device loop0): clearing free space tree [ 63.262437][ T4130] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 4130] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4130] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4130] chdir("./file0") = 0 [pid 4130] ioctl(4, LOOP_CLR_FD) = 0 [pid 4130] close(4) = 0 [pid 4130] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4129] <... futex resumed>) = 0 [pid 4130] <... futex resumed>) = 1 [pid 4129] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4130] open("./file0", O_RDONLY [pid 4129] <... futex resumed>) = 0 [pid 4129] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4130] <... open resumed>) = 4 [pid 4130] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4129] <... futex resumed>) = 0 [pid 4130] <... futex resumed>) = 1 [pid 4129] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4129] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 63.272173][ T4130] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 63.285705][ T4130] BTRFS info (device loop0): checking UUID tree [pid 4130] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 4130] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4129] <... futex resumed>) = 0 [pid 4129] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4130] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 4129] <... futex resumed>) = 0 [pid 4129] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4130] <... ioctl resumed>) = 0 [pid 4130] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4129] <... futex resumed>) = 0 [pid 4129] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4130] creat("./bus", 000 [pid 4129] <... futex resumed>) = 0 [pid 4130] <... creat resumed>) = 6 [pid 4129] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4130] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4129] <... futex resumed>) = 0 [pid 4130] <... futex resumed>) = 1 [pid 4129] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4130] ftruncate(6, 2048 [pid 4129] <... futex resumed>) = 0 [pid 4129] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4130] <... ftruncate resumed>) = 0 [pid 4130] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4129] <... futex resumed>) = 0 [ 63.319344][ T27] audit: type=1800 audit(1670043443.825:46): pid=4130 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 4130] <... futex resumed>) = 1 [pid 4129] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4130] open("./bus", O_RDONLY [pid 4129] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4130] <... open resumed>) = 7 [pid 4130] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4129] <... futex resumed>) = 0 [pid 4130] <... futex resumed>) = 1 [pid 4129] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4130] sendfile(6, 7, NULL, 65536 [pid 4129] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4130] <... sendfile resumed>) = 2048 [pid 4130] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4129] <... futex resumed>) = 0 [pid 4130] <... futex resumed>) = 1 [pid 4129] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4130] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 4129] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4130] <... openat resumed>) = 8 [pid 4130] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4129] <... futex resumed>) = 0 [pid 4129] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4130] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 63.367640][ T27] audit: type=1804 audit(1670043443.865:47): pid=4130 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/22/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 63.407662][ T33] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 4129] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 4129] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 4129] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4129] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 4129] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4129] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4150], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 4150 [pid 4129] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4129] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4150 attached [ 63.418870][ T4130] BTRFS info (device loop0): balance: start -s [ 63.426571][ T4130] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 4150] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 4150] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 4130] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4150] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4130] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4150] <... futex resumed>) = 1 [pid 4129] <... futex resumed>) = 0 [pid 4150] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4130] <... futex resumed>) = 0 [pid 4129] exit_group(0) = ? [pid 4150] <... futex resumed>) = ? [pid 4150] +++ exited with 0 +++ [pid 4130] +++ exited with 0 +++ [pid 4129] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4129, si_uid=0, si_status=0, si_utime=3, si_stime=29} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./22/binderfs") = 0 [ 63.460342][ T4130] BTRFS info (device loop0): balance: ended with status: 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4151 ./strace-static-x86_64: Process 4151 attached [pid 4151] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4151] chdir("./23") = 0 [pid 4151] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4151] setpgid(0, 0) = 0 [pid 4151] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4151] write(3, "1000", 4) = 4 [pid 4151] close(3) = 0 [pid 4151] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4151] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4151] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4151] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4151] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4152 attached , parent_tid=[4152], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4152 [pid 4152] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4151] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4151] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4152] memfd_create("syzkaller", 0) = 3 [pid 4152] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4152] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4152] munmap(0x7fdb59200000, 16777216) = 0 [pid 4152] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4152] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4152] close(3) = 0 [pid 4152] mkdir("./file0", 0777) = 0 [ 63.775850][ T4152] loop0: detected capacity change from 0 to 32768 [ 63.790166][ T4152] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 63.799474][ T4152] BTRFS info (device loop0): force clearing of disk cache [ 63.806632][ T4152] BTRFS info (device loop0): setting nodatasum [ 63.813158][ T4152] BTRFS info (device loop0): allowing degraded mounts [ 63.820146][ T4152] BTRFS info (device loop0): enabling disk space caching [ 63.827159][ T4152] BTRFS info (device loop0): disk space caching is enabled [ 63.845500][ T4152] BTRFS info (device loop0): enabling ssd optimizations [ 63.853260][ T4152] BTRFS info (device loop0): clearing free space tree [ 63.860331][ T4152] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 4152] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4152] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4152] chdir("./file0") = 0 [pid 4152] ioctl(4, LOOP_CLR_FD) = 0 [pid 4152] close(4) = 0 [pid 4152] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4151] <... futex resumed>) = 0 [pid 4152] open("./file0", O_RDONLY [pid 4151] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4152] <... open resumed>) = 4 [pid 4151] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4152] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4151] <... futex resumed>) = 0 [pid 4152] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 4151] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4151] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4152] <... open resumed>) = 5 [pid 4152] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4151] <... futex resumed>) = 0 [pid 4152] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4151] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4152] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4151] <... futex resumed>) = 0 [pid 4152] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 4151] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4152] <... ioctl resumed>) = 0 [pid 4152] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4151] <... futex resumed>) = 0 [pid 4152] <... futex resumed>) = 1 [pid 4151] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4152] creat("./bus", 000 [pid 4151] <... futex resumed>) = 0 [pid 4151] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4152] <... creat resumed>) = 6 [ 63.870229][ T4152] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 63.883548][ T4152] BTRFS info (device loop0): checking UUID tree [pid 4152] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4151] <... futex resumed>) = 0 [pid 4152] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4151] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4152] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4151] <... futex resumed>) = 0 [pid 4151] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4152] ftruncate(6, 2048) = 0 [pid 4152] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4151] <... futex resumed>) = 0 [pid 4152] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4151] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4152] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4151] <... futex resumed>) = 0 [pid 4152] open("./bus", O_RDONLY [pid 4151] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4152] <... open resumed>) = 7 [pid 4152] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4151] <... futex resumed>) = 0 [pid 4152] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4151] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4152] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4151] <... futex resumed>) = 0 [pid 4152] sendfile(6, 7, NULL, 65536 [pid 4151] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4152] <... sendfile resumed>) = 2048 [pid 4152] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4151] <... futex resumed>) = 0 [pid 4151] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4152] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 4151] <... futex resumed>) = 0 [pid 4152] <... openat resumed>) = 8 [pid 4151] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4152] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4151] <... futex resumed>) = 0 [pid 4152] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 4151] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 63.930165][ T33] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 63.955832][ T4152] BTRFS info (device loop0): balance: start -s [ 63.964722][ T4152] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 4151] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 4151] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4151] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 4151] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4151] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4172], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 4172 [pid 4151] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4151] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4172 attached [pid 4172] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 4172] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 4152] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4152] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4152] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4172] <... ioctl resumed>) = 0 [pid 4172] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4151] <... futex resumed>) = 0 [pid 4172] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4151] exit_group(0 [pid 4172] <... futex resumed>) = ? [pid 4152] <... futex resumed>) = ? [pid 4151] <... exit_group resumed>) = ? [pid 4152] +++ exited with 0 +++ [pid 4172] +++ exited with 0 +++ [pid 4151] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4151, si_uid=0, si_status=0, si_utime=1, si_stime=29} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./23/binderfs") = 0 [ 63.992885][ T4152] BTRFS info (device loop0): balance: ended with status: 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4173 ./strace-static-x86_64: Process 4173 attached [pid 4173] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4173] chdir("./24") = 0 [pid 4173] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4173] setpgid(0, 0) = 0 [pid 4173] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4173] write(3, "1000", 4) = 4 [pid 4173] close(3) = 0 [pid 4173] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4173] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4173] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4173] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4173] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4174], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4174 [pid 4173] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4173] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4174 attached [pid 4174] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4174] memfd_create("syzkaller", 0) = 3 [pid 4174] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4174] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4174] munmap(0x7fdb59200000, 16777216) = 0 [pid 4174] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4174] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4174] close(3) = 0 [pid 4174] mkdir("./file0", 0777) = 0 [ 64.328099][ T4174] loop0: detected capacity change from 0 to 32768 [ 64.340738][ T4174] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 64.350187][ T4174] BTRFS info (device loop0): force clearing of disk cache [ 64.357361][ T4174] BTRFS info (device loop0): setting nodatasum [ 64.363666][ T4174] BTRFS info (device loop0): allowing degraded mounts [ 64.370643][ T4174] BTRFS info (device loop0): enabling disk space caching [ 64.377717][ T4174] BTRFS info (device loop0): disk space caching is enabled [ 64.395859][ T4174] BTRFS info (device loop0): enabling ssd optimizations [ 64.404079][ T4174] BTRFS info (device loop0): clearing free space tree [ 64.411214][ T4174] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 4174] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4174] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4174] chdir("./file0") = 0 [pid 4174] ioctl(4, LOOP_CLR_FD) = 0 [pid 4174] close(4) = 0 [pid 4174] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4173] <... futex resumed>) = 0 [pid 4174] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4173] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4174] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4173] <... futex resumed>) = 0 [pid 4174] open("./file0", O_RDONLY [pid 4173] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4174] <... open resumed>) = 4 [pid 4174] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4173] <... futex resumed>) = 0 [pid 4174] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4173] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4174] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4173] <... futex resumed>) = 0 [pid 4174] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 4173] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4174] <... open resumed>) = 5 [pid 4174] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4173] <... futex resumed>) = 0 [pid 4174] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 4173] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 64.421026][ T4174] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 4173] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4174] <... ioctl resumed>) = 0 [pid 4174] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4173] <... futex resumed>) = 0 [pid 4173] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4173] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4174] <... futex resumed>) = 1 [pid 4174] creat("./bus", 000) = 6 [pid 4174] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4173] <... futex resumed>) = 0 [pid 4173] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4173] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4174] <... futex resumed>) = 1 [pid 4174] ftruncate(6, 2048) = 0 [pid 4174] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4173] <... futex resumed>) = 0 [pid 4173] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4174] <... futex resumed>) = 1 [pid 4173] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4174] open("./bus", O_RDONLY) = 7 [pid 4174] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4173] <... futex resumed>) = 0 [pid 4173] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4174] <... futex resumed>) = 1 [pid 4173] <... futex resumed>) = 0 [pid 4174] sendfile(6, 7, NULL, 65536 [pid 4173] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4174] <... sendfile resumed>) = 2048 [pid 4174] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4173] <... futex resumed>) = 0 [pid 4173] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4174] <... futex resumed>) = 1 [pid 4173] <... futex resumed>) = 0 [pid 4174] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 4173] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4174] <... openat resumed>) = 8 [pid 4174] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4173] <... futex resumed>) = 0 [pid 4173] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4173] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4174] <... futex resumed>) = 1 [pid 4174] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4174] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4173] <... futex resumed>) = 0 [pid 4173] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4173] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4174] <... futex resumed>) = 1 [pid 4174] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 4174] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4173] <... futex resumed>) = 0 [pid 4174] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4173] exit_group(0 [pid 4174] <... futex resumed>) = ? [pid 4173] <... exit_group resumed>) = ? [pid 4174] +++ exited with 0 +++ [pid 4173] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4173, si_uid=0, si_status=0, si_utime=1, si_stime=23} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./24/binderfs") = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4194 ./strace-static-x86_64: Process 4194 attached [pid 4194] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4194] chdir("./25") = 0 [pid 4194] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4194] setpgid(0, 0) = 0 [pid 4194] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4194] write(3, "1000", 4) = 4 [pid 4194] close(3) = 0 [pid 4194] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4194] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4194] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4194] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4194] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4195 attached , parent_tid=[4195], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4195 [pid 4195] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4195] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4194] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4195] <... futex resumed>) = 0 [pid 4194] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4195] memfd_create("syzkaller", 0) = 3 [pid 4195] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4195] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4195] munmap(0x7fdb59200000, 16777216) = 0 [pid 4195] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4195] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4195] close(3) = 0 [pid 4195] mkdir("./file0", 0777) = 0 [pid 4195] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4195] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4195] chdir("./file0") = 0 [pid 4195] ioctl(4, LOOP_CLR_FD) = 0 [pid 4195] close(4) = 0 [pid 4195] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4194] <... futex resumed>) = 0 [pid 4195] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4194] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4194] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4195] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4195] open("./file0", O_RDONLY) = 4 [pid 4195] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4194] <... futex resumed>) = 0 [pid 4194] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4194] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4195] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 4195] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4194] <... futex resumed>) = 0 [pid 4195] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4194] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4195] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4194] <... futex resumed>) = 0 [pid 4195] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 4194] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4195] <... ioctl resumed>) = 0 [pid 4195] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 64.878012][ T4195] loop0: detected capacity change from 0 to 32768 [pid 4195] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4194] <... futex resumed>) = 0 [pid 4194] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4195] <... futex resumed>) = 0 [pid 4194] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4195] creat("./bus", 000) = 6 [pid 4195] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4194] <... futex resumed>) = 0 [pid 4195] ftruncate(6, 2048 [pid 4194] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4194] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4195] <... ftruncate resumed>) = 0 [pid 4195] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4194] <... futex resumed>) = 0 [pid 4195] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4194] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4195] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4194] <... futex resumed>) = 0 [pid 4195] open("./bus", O_RDONLY [pid 4194] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4195] <... open resumed>) = 7 [pid 4195] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4194] <... futex resumed>) = 0 [pid 4195] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4194] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4195] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4194] <... futex resumed>) = 0 [pid 4195] sendfile(6, 7, NULL, 65536 [pid 4194] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4195] <... sendfile resumed>) = 2048 [pid 4195] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4194] <... futex resumed>) = 0 [pid 4194] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4194] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4195] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 4195] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4194] <... futex resumed>) = 0 [pid 4194] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4194] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4195] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4195] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4194] <... futex resumed>) = 0 [pid 4195] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 4194] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4194] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4195] <... ioctl resumed>) = 0 [pid 4195] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4194] <... futex resumed>) = 0 [pid 4195] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4194] exit_group(0) = ? [pid 4195] <... futex resumed>) = ? [pid 4195] +++ exited with 0 +++ [pid 4194] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4194, si_uid=0, si_status=0, si_utime=1, si_stime=18} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./25/binderfs") = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4216 ./strace-static-x86_64: Process 4216 attached [pid 4216] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4216] chdir("./26") = 0 [pid 4216] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4216] setpgid(0, 0) = 0 [pid 4216] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4216] write(3, "1000", 4) = 4 [pid 4216] close(3) = 0 [pid 4216] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4216] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4216] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4216] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4216] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4217], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4217 [pid 4216] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4216] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4217 attached [pid 4217] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4217] memfd_create("syzkaller", 0) = 3 [pid 4217] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4217] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4217] munmap(0x7fdb59200000, 16777216) = 0 [pid 4217] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4217] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4217] close(3) = 0 [pid 4217] mkdir("./file0", 0777) = 0 [pid 4217] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4217] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4217] chdir("./file0") = 0 [pid 4217] ioctl(4, LOOP_CLR_FD) = 0 [pid 4217] close(4) = 0 [pid 4217] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4216] <... futex resumed>) = 0 [pid 4217] open("./file0", O_RDONLY [pid 4216] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4216] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4217] <... open resumed>) = 4 [pid 4217] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4216] <... futex resumed>) = 0 [pid 4217] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 4216] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4216] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4217] <... open resumed>) = 5 [pid 4217] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4216] <... futex resumed>) = 0 [pid 4217] <... futex resumed>) = 1 [pid 4216] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4217] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 4216] <... futex resumed>) = 0 [pid 4216] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4217] <... ioctl resumed>) = 0 [ 65.312436][ T4217] loop0: detected capacity change from 0 to 32768 [pid 4217] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4216] <... futex resumed>) = 0 [pid 4217] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4216] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4217] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4216] <... futex resumed>) = 0 [pid 4217] creat("./bus", 000 [pid 4216] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4217] <... creat resumed>) = 6 [pid 4217] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4216] <... futex resumed>) = 0 [pid 4217] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 4216] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4217] ftruncate(6, 2048 [pid 4216] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4217] <... ftruncate resumed>) = 0 [pid 4217] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4216] <... futex resumed>) = 0 [pid 4217] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4216] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4217] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4216] <... futex resumed>) = 0 [pid 4217] open("./bus", O_RDONLY [pid 4216] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4217] <... open resumed>) = 7 [pid 4217] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4216] <... futex resumed>) = 0 [pid 4217] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4216] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4217] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4216] <... futex resumed>) = 0 [pid 4217] sendfile(6, 7, NULL, 65536 [pid 4216] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4217] <... sendfile resumed>) = 2048 [pid 4217] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4216] <... futex resumed>) = 0 [pid 4217] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 4216] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4217] <... openat resumed>) = 8 [pid 4216] <... futex resumed>) = 0 [pid 4216] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4217] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4216] <... futex resumed>) = 0 [pid 4217] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 4216] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4216] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4217] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4217] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4216] <... futex resumed>) = 0 [pid 4216] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4216] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4217] <... futex resumed>) = 1 [pid 4217] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 4217] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4216] <... futex resumed>) = 0 [pid 4216] exit_group(0) = ? [pid 4217] <... futex resumed>) = ? [pid 4217] +++ exited with 0 +++ [pid 4216] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4216, si_uid=0, si_status=0, si_utime=2, si_stime=17} --- umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./26/binderfs") = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4237 ./strace-static-x86_64: Process 4237 attached [pid 4237] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4237] chdir("./27") = 0 [pid 4237] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4237] setpgid(0, 0) = 0 [pid 4237] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4237] write(3, "1000", 4) = 4 [pid 4237] close(3) = 0 [pid 4237] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4237] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4237] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4237] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4237] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4238], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4238 [pid 4237] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4237] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4238 attached [pid 4238] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4238] memfd_create("syzkaller", 0) = 3 [pid 4238] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4238] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4238] munmap(0x7fdb59200000, 16777216) = 0 [pid 4238] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4238] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4238] close(3) = 0 [pid 4238] mkdir("./file0", 0777) = 0 [ 65.744747][ T4238] loop0: detected capacity change from 0 to 32768 [ 65.758829][ T4238] _btrfs_printk: 35 callbacks suppressed [ 65.758840][ T4238] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 65.774002][ T4238] BTRFS info (device loop0): force clearing of disk cache [ 65.781363][ T4238] BTRFS info (device loop0): setting nodatasum [ 65.787731][ T4238] BTRFS info (device loop0): allowing degraded mounts [ 65.794516][ T4238] BTRFS info (device loop0): enabling disk space caching [ 65.801893][ T4238] BTRFS info (device loop0): disk space caching is enabled [ 65.820837][ T4238] BTRFS info (device loop0): enabling ssd optimizations [ 65.829222][ T4238] BTRFS info (device loop0): clearing free space tree [pid 4238] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4238] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4238] chdir("./file0") = 0 [pid 4238] ioctl(4, LOOP_CLR_FD) = 0 [pid 4238] close(4) = 0 [pid 4238] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4237] <... futex resumed>) = 0 [pid 4237] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4237] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4238] open("./file0", O_RDONLY) = 4 [pid 4238] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4237] <... futex resumed>) = 0 [pid 4238] <... futex resumed>) = 1 [pid 4237] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4237] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 65.836142][ T4238] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 65.846173][ T4238] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 65.860133][ T4238] BTRFS info (device loop0): checking UUID tree [pid 4238] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 4238] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4237] <... futex resumed>) = 0 [pid 4238] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4237] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4238] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4237] <... futex resumed>) = 0 [pid 4238] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 4237] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4238] <... ioctl resumed>) = 0 [pid 4238] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4237] <... futex resumed>) = 0 [pid 4238] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4237] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4238] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4237] <... futex resumed>) = 0 [pid 4238] creat("./bus", 000 [pid 4237] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4238] <... creat resumed>) = 6 [pid 4238] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4237] <... futex resumed>) = 0 [pid 4238] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4237] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4238] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4237] <... futex resumed>) = 0 [pid 4238] ftruncate(6, 2048 [pid 4237] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4238] <... ftruncate resumed>) = 0 [pid 4238] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4237] <... futex resumed>) = 0 [pid 4238] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [ 65.892542][ T27] kauditd_printk_skb: 8 callbacks suppressed [ 65.892556][ T27] audit: type=1800 audit(1670043446.395:56): pid=4238 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 4237] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4238] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4237] <... futex resumed>) = 0 [pid 4238] open("./bus", O_RDONLY [pid 4237] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4238] <... open resumed>) = 7 [pid 4238] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4237] <... futex resumed>) = 0 [pid 4238] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4237] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4238] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4237] <... futex resumed>) = 0 [pid 4238] sendfile(6, 7, NULL, 65536 [pid 4237] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4238] <... sendfile resumed>) = 2048 [pid 4238] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4237] <... futex resumed>) = 0 [pid 4238] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4237] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4238] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4237] <... futex resumed>) = 0 [pid 4238] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 4237] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4238] <... openat resumed>) = 8 [pid 4238] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4237] <... futex resumed>) = 0 [pid 4238] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4237] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4238] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4237] <... futex resumed>) = 0 [pid 4238] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 65.946609][ T33] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 65.957601][ T27] audit: type=1804 audit(1670043446.465:57): pid=4238 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/27/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 65.969206][ T4238] BTRFS info (device loop0): balance: start -s [pid 4237] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 4237] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4237] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 4237] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4237] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4258 attached [pid 4258] set_robust_list(0x7fdb617d59e0, 24 [pid 4237] <... clone resumed>, parent_tid=[4258], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 4258 [pid 4237] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4237] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4258] <... set_robust_list resumed>) = 0 [ 65.989753][ T4238] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 4258] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 4258] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4237] <... futex resumed>) = 0 [pid 4258] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4238] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4238] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4238] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4237] exit_group(0 [pid 4258] <... futex resumed>) = ? [pid 4237] <... exit_group resumed>) = ? [pid 4238] <... futex resumed>) = ? [pid 4238] +++ exited with 0 +++ [pid 4258] +++ exited with 0 +++ [pid 4237] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4237, si_uid=0, si_status=0, si_utime=4, si_stime=33} --- umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./27/binderfs") = 0 [ 66.025772][ T4238] BTRFS info (device loop0): balance: ended with status: 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4259 ./strace-static-x86_64: Process 4259 attached [pid 4259] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4259] chdir("./28") = 0 [pid 4259] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4259] setpgid(0, 0) = 0 [pid 4259] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4259] write(3, "1000", 4) = 4 [pid 4259] close(3) = 0 [pid 4259] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4259] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4259] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4259] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4259] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4260], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4260 [pid 4259] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4259] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4260 attached [pid 4260] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4260] memfd_create("syzkaller", 0) = 3 [pid 4260] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4260] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4260] munmap(0x7fdb59200000, 16777216) = 0 [pid 4260] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4260] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4260] close(3) = 0 [pid 4260] mkdir("./file0", 0777) = 0 [ 66.332948][ T4260] loop0: detected capacity change from 0 to 32768 [ 66.347786][ T4260] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 66.357031][ T4260] BTRFS info (device loop0): force clearing of disk cache [ 66.364490][ T4260] BTRFS info (device loop0): setting nodatasum [ 66.370925][ T4260] BTRFS info (device loop0): allowing degraded mounts [ 66.378335][ T4260] BTRFS info (device loop0): enabling disk space caching [ 66.385359][ T4260] BTRFS info (device loop0): disk space caching is enabled [ 66.403422][ T4260] BTRFS info (device loop0): enabling ssd optimizations [ 66.411346][ T4260] BTRFS info (device loop0): clearing free space tree [ 66.418596][ T4260] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 4260] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4260] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4260] chdir("./file0") = 0 [pid 4260] ioctl(4, LOOP_CLR_FD) = 0 [pid 4260] close(4) = 0 [pid 4260] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4259] <... futex resumed>) = 0 [pid 4259] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4259] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4260] <... futex resumed>) = 1 [pid 4260] open("./file0", O_RDONLY) = 4 [pid 4260] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4259] <... futex resumed>) = 0 [pid 4259] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4259] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4260] <... futex resumed>) = 1 [ 66.428343][ T4260] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 66.441552][ T4260] BTRFS info (device loop0): checking UUID tree [pid 4260] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 4260] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4259] <... futex resumed>) = 0 [pid 4259] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4259] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4260] <... futex resumed>) = 1 [pid 4260] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 4260] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4259] <... futex resumed>) = 0 [pid 4259] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4259] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4260] <... futex resumed>) = 1 [pid 4260] creat("./bus", 000) = 6 [pid 4260] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4259] <... futex resumed>) = 0 [pid 4259] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4259] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4260] <... futex resumed>) = 1 [pid 4260] ftruncate(6, 2048) = 0 [pid 4260] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4259] <... futex resumed>) = 0 [pid 4259] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4259] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4260] <... futex resumed>) = 1 [pid 4260] open("./bus", O_RDONLY) = 7 [pid 4260] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4259] <... futex resumed>) = 0 [pid 4259] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4259] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4260] <... futex resumed>) = 1 [pid 4260] sendfile(6, 7, NULL, 65536) = 2048 [pid 4260] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4259] <... futex resumed>) = 0 [pid 4259] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4259] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4260] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 4260] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4259] <... futex resumed>) = 0 [pid 4259] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4259] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 66.464133][ T27] audit: type=1800 audit(1670043446.965:58): pid=4260 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 66.494875][ T27] audit: type=1804 audit(1670043446.995:59): pid=4260 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/28/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 66.497200][ T33] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 4260] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 4259] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 4259] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 4259] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4259] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 4259] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4259] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4280], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 4280 [pid 4259] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4259] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4280 attached [pid 4280] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 4280] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 4260] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4260] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 66.541536][ T4260] BTRFS info (device loop0): balance: start -s [ 66.549467][ T4260] BTRFS info (device loop0): relocating block group 1048576 flags system [ 66.575815][ T4260] BTRFS info (device loop0): balance: ended with status: 0 [pid 4260] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4280] <... ioctl resumed>) = 0 [pid 4280] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4259] <... futex resumed>) = 0 [pid 4259] exit_group(0) = ? [pid 4260] <... futex resumed>) = ? [pid 4280] +++ exited with 0 +++ [pid 4260] +++ exited with 0 +++ [pid 4259] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4259, si_uid=0, si_status=0, si_utime=2, si_stime=33} --- umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./28/binderfs") = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4281 ./strace-static-x86_64: Process 4281 attached [pid 4281] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4281] chdir("./29") = 0 [pid 4281] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4281] setpgid(0, 0) = 0 [pid 4281] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4281] write(3, "1000", 4) = 4 [pid 4281] close(3) = 0 [pid 4281] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4281] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4281] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4281] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4281] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4282], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4282 [pid 4281] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4281] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4282 attached [pid 4282] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4282] memfd_create("syzkaller", 0) = 3 [pid 4282] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4282] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4282] munmap(0x7fdb59200000, 16777216) = 0 [pid 4282] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4282] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4282] close(3) = 0 [pid 4282] mkdir("./file0", 0777) = 0 [ 66.931758][ T4282] loop0: detected capacity change from 0 to 32768 [ 66.945256][ T4282] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 66.954719][ T4282] BTRFS info (device loop0): force clearing of disk cache [ 66.961885][ T4282] BTRFS info (device loop0): setting nodatasum [ 66.968102][ T4282] BTRFS info (device loop0): allowing degraded mounts [ 66.974963][ T4282] BTRFS info (device loop0): enabling disk space caching [ 66.982194][ T4282] BTRFS info (device loop0): disk space caching is enabled [ 67.001980][ T4282] BTRFS info (device loop0): enabling ssd optimizations [ 67.009637][ T4282] BTRFS info (device loop0): clearing free space tree [ 67.016453][ T4282] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 4282] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4282] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4282] chdir("./file0") = 0 [pid 4282] ioctl(4, LOOP_CLR_FD) = 0 [pid 4282] close(4) = 0 [pid 4282] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4281] <... futex resumed>) = 0 [pid 4281] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4281] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4282] <... futex resumed>) = 1 [pid 4282] open("./file0", O_RDONLY) = 4 [pid 4282] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4281] <... futex resumed>) = 0 [pid 4281] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4281] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4282] <... futex resumed>) = 1 [ 67.026495][ T4282] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 67.040661][ T4282] BTRFS info (device loop0): checking UUID tree [pid 4282] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 4282] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4281] <... futex resumed>) = 0 [pid 4281] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4281] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4282] <... futex resumed>) = 1 [pid 4282] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 4282] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4281] <... futex resumed>) = 0 [pid 4281] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4281] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4282] <... futex resumed>) = 1 [pid 4282] creat("./bus", 000) = 6 [pid 4282] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4281] <... futex resumed>) = 0 [pid 4281] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4281] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4282] <... futex resumed>) = 1 [pid 4282] ftruncate(6, 2048) = 0 [pid 4282] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4281] <... futex resumed>) = 0 [pid 4281] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4281] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4282] <... futex resumed>) = 1 [ 67.072665][ T27] audit: type=1800 audit(1670043447.575:60): pid=4282 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 4282] open("./bus", O_RDONLY) = 7 [pid 4282] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4281] <... futex resumed>) = 0 [pid 4281] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4281] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4282] <... futex resumed>) = 1 [pid 4282] sendfile(6, 7, NULL, 65536) = 2048 [pid 4282] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4281] <... futex resumed>) = 0 [pid 4281] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4281] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4282] <... futex resumed>) = 1 [pid 4282] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 4282] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4281] <... futex resumed>) = 0 [pid 4281] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4281] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4282] <... futex resumed>) = 1 [ 67.120379][ T33] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 67.144092][ T27] audit: type=1804 audit(1670043447.635:61): pid=4282 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/29/file0/bus" dev="loop0" ino=263 res=1 errno=0 [pid 4282] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 4281] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 4281] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4281] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 4281] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4281] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4302], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 4302 [pid 4281] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4281] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4302 attached [pid 4302] set_robust_list(0x7fdb617d59e0, 24) = 0 [ 67.168744][ T4282] BTRFS info (device loop0): balance: start -s [ 67.177931][ T4282] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 4302] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 4302] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4281] <... futex resumed>) = 0 [pid 4302] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4282] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4282] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4282] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4281] exit_group(0) = ? [pid 4282] <... futex resumed>) = ? [pid 4282] +++ exited with 0 +++ [pid 4302] <... futex resumed>) = ? [pid 4302] +++ exited with 0 +++ [pid 4281] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4281, si_uid=0, si_status=0, si_utime=2, si_stime=31} --- umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./29/binderfs") = 0 [ 67.231220][ T4282] BTRFS info (device loop0): balance: ended with status: 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4303 ./strace-static-x86_64: Process 4303 attached [pid 4303] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4303] chdir("./30") = 0 [pid 4303] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4303] setpgid(0, 0) = 0 [pid 4303] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4303] write(3, "1000", 4) = 4 [pid 4303] close(3) = 0 [pid 4303] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4303] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4303] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4303] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4303] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4304 attached [pid 4304] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4304] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4303] <... clone resumed>, parent_tid=[4304], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4304 [pid 4303] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4304] <... futex resumed>) = 0 [pid 4303] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4304] memfd_create("syzkaller", 0) = 3 [pid 4304] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4304] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4304] munmap(0x7fdb59200000, 16777216) = 0 [pid 4304] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4304] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4304] close(3) = 0 [pid 4304] mkdir("./file0", 0777) = 0 [ 67.525052][ T4304] loop0: detected capacity change from 0 to 32768 [ 67.539373][ T4304] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 67.548658][ T4304] BTRFS info (device loop0): force clearing of disk cache [ 67.555766][ T4304] BTRFS info (device loop0): setting nodatasum [ 67.561995][ T4304] BTRFS info (device loop0): allowing degraded mounts [ 67.568891][ T4304] BTRFS info (device loop0): enabling disk space caching [ 67.575945][ T4304] BTRFS info (device loop0): disk space caching is enabled [ 67.595070][ T4304] BTRFS info (device loop0): enabling ssd optimizations [ 67.603285][ T4304] BTRFS info (device loop0): clearing free space tree [ 67.610663][ T4304] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 4304] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4304] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4304] chdir("./file0") = 0 [pid 4304] ioctl(4, LOOP_CLR_FD) = 0 [pid 4304] close(4) = 0 [pid 4304] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4303] <... futex resumed>) = 0 [pid 4304] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4303] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4304] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4303] <... futex resumed>) = 0 [pid 4304] open("./file0", O_RDONLY [pid 4303] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4304] <... open resumed>) = 4 [pid 4304] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4303] <... futex resumed>) = 0 [pid 4304] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4303] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4304] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4303] <... futex resumed>) = 0 [pid 4304] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 4303] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4304] <... open resumed>) = 5 [ 67.620732][ T4304] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 67.634788][ T4304] BTRFS info (device loop0): checking UUID tree [pid 4304] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4303] <... futex resumed>) = 0 [pid 4304] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4303] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4304] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4303] <... futex resumed>) = 0 [pid 4304] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 4303] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4304] <... ioctl resumed>) = 0 [pid 4304] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4303] <... futex resumed>) = 0 [pid 4304] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4303] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4304] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4303] <... futex resumed>) = 0 [pid 4304] creat("./bus", 000 [pid 4303] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4304] <... creat resumed>) = 6 [pid 4304] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4303] <... futex resumed>) = 0 [pid 4304] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4303] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4304] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4303] <... futex resumed>) = 0 [pid 4304] ftruncate(6, 2048 [pid 4303] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4304] <... ftruncate resumed>) = 0 [pid 4304] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4303] <... futex resumed>) = 0 [pid 4304] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4303] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4304] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4303] <... futex resumed>) = 0 [pid 4304] open("./bus", O_RDONLY [pid 4303] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4304] <... open resumed>) = 7 [pid 4304] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4303] <... futex resumed>) = 0 [pid 4304] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4303] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4304] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4303] <... futex resumed>) = 0 [pid 4304] sendfile(6, 7, NULL, 65536 [pid 4303] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4304] <... sendfile resumed>) = 2048 [ 67.664377][ T27] audit: type=1800 audit(1670043448.165:62): pid=4304 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 4304] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4303] <... futex resumed>) = 0 [pid 4304] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4303] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4304] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4303] <... futex resumed>) = 0 [pid 4304] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 4303] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4304] <... openat resumed>) = 8 [pid 4304] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4303] <... futex resumed>) = 0 [pid 4304] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 4303] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4303] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 4303] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 4303] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4303] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [ 67.710982][ T27] audit: type=1804 audit(1670043448.205:63): pid=4304 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/30/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 67.720903][ T33] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 67.748872][ T4304] BTRFS info (device loop0): balance: start -s [ 67.758892][ T4304] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 4303] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4303] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4324], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 4324 [pid 4303] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4303] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4324 attached [pid 4324] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 4324] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 4304] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4304] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4304] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4324] <... ioctl resumed>) = 0 [pid 4324] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4303] <... futex resumed>) = 0 [pid 4303] exit_group(0 [pid 4304] <... futex resumed>) = ? [pid 4303] <... exit_group resumed>) = ? [pid 4304] +++ exited with 0 +++ [pid 4324] <... futex resumed>) = ? [pid 4324] +++ exited with 0 +++ [pid 4303] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4303, si_uid=0, si_status=0, si_utime=2, si_stime=28} --- umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./30/binderfs") = 0 [ 67.799746][ T4304] BTRFS info (device loop0): balance: ended with status: 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4325 ./strace-static-x86_64: Process 4325 attached [pid 4325] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4325] chdir("./31") = 0 [pid 4325] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4325] setpgid(0, 0) = 0 [pid 4325] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4325] write(3, "1000", 4) = 4 [pid 4325] close(3) = 0 [pid 4325] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4325] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4325] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4325] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4325] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4326], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4326 [pid 4325] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4325] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4326 attached [pid 4326] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4326] memfd_create("syzkaller", 0) = 3 [pid 4326] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4326] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4326] munmap(0x7fdb59200000, 16777216) = 0 [pid 4326] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4326] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4326] close(3) = 0 [pid 4326] mkdir("./file0", 0777) = 0 [ 68.141362][ T4326] loop0: detected capacity change from 0 to 32768 [ 68.152216][ T4326] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 68.161814][ T4326] BTRFS info (device loop0): force clearing of disk cache [ 68.169181][ T4326] BTRFS info (device loop0): setting nodatasum [ 68.175342][ T4326] BTRFS info (device loop0): allowing degraded mounts [ 68.182368][ T4326] BTRFS info (device loop0): enabling disk space caching [ 68.189630][ T4326] BTRFS info (device loop0): disk space caching is enabled [ 68.209674][ T4326] BTRFS info (device loop0): enabling ssd optimizations [ 68.217174][ T4326] BTRFS info (device loop0): clearing free space tree [ 68.224110][ T4326] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 4326] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4326] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4326] chdir("./file0") = 0 [pid 4326] ioctl(4, LOOP_CLR_FD) = 0 [pid 4326] close(4) = 0 [pid 4326] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4325] <... futex resumed>) = 0 [pid 4325] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4325] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4326] <... futex resumed>) = 1 [pid 4326] open("./file0", O_RDONLY) = 4 [pid 4326] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4325] <... futex resumed>) = 0 [pid 4325] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4325] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4326] <... futex resumed>) = 1 [pid 4326] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 4326] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4325] <... futex resumed>) = 0 [pid 4325] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4325] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4326] <... futex resumed>) = 1 [pid 4326] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 4326] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4325] <... futex resumed>) = 0 [pid 4325] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4326] creat("./bus", 000 [pid 4325] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4326] <... creat resumed>) = 6 [pid 4326] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4325] <... futex resumed>) = 0 [pid 4326] ftruncate(6, 2048 [pid 4325] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4325] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4326] <... ftruncate resumed>) = 0 [pid 4326] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4325] <... futex resumed>) = 0 [pid 4325] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4326] open("./bus", O_RDONLY [ 68.233983][ T4326] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 68.247969][ T4326] BTRFS info (device loop0): checking UUID tree [ 68.262454][ T27] audit: type=1800 audit(1670043448.765:64): pid=4326 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 4325] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4326] <... open resumed>) = 7 [pid 4326] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4325] <... futex resumed>) = 0 [pid 4326] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4325] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4326] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4326] sendfile(6, 7, NULL, 65536 [pid 4325] <... futex resumed>) = 0 [pid 4326] <... sendfile resumed>) = 2048 [pid 4325] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4326] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4325] <... futex resumed>) = 0 [pid 4326] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 4325] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4326] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 4325] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4326] <... openat resumed>) = 8 [pid 4326] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4325] <... futex resumed>) = 0 [pid 4326] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 4325] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 68.310438][ T27] audit: type=1804 audit(1670043448.815:65): pid=4326 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/31/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 68.311305][ T56] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 4325] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4326] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4326] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4325] <... futex resumed>) = 0 [pid 4326] <... futex resumed>) = 1 [pid 4326] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 4325] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4325] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4326] <... ioctl resumed>) = 0 [pid 4326] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4325] <... futex resumed>) = 0 [pid 4326] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4325] exit_group(0 [pid 4326] <... futex resumed>) = ? [pid 4325] <... exit_group resumed>) = ? [pid 4326] +++ exited with 0 +++ [pid 4325] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4325, si_uid=0, si_status=0, si_utime=2, si_stime=30} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 68.359818][ T4326] BTRFS info (device loop0): balance: start -s [ 68.368044][ T4326] BTRFS info (device loop0): relocating block group 1048576 flags system [ 68.392550][ T4326] BTRFS info (device loop0): balance: ended with status: 0 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./31/binderfs") = 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4346 ./strace-static-x86_64: Process 4346 attached [pid 4346] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4346] chdir("./32") = 0 [pid 4346] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4346] setpgid(0, 0) = 0 [pid 4346] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4346] write(3, "1000", 4) = 4 [pid 4346] close(3) = 0 [pid 4346] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4346] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4346] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4346] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4346] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4347], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4347 [pid 4346] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4346] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4347 attached [pid 4347] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4347] memfd_create("syzkaller", 0) = 3 [pid 4347] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4347] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4347] munmap(0x7fdb59200000, 16777216) = 0 [pid 4347] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4347] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4347] close(3) = 0 [pid 4347] mkdir("./file0", 0777) = 0 [ 68.732150][ T4347] loop0: detected capacity change from 0 to 32768 [ 68.756363][ T4347] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 68.765765][ T4347] BTRFS info (device loop0): force clearing of disk cache [ 68.773010][ T4347] BTRFS info (device loop0): setting nodatasum [ 68.779207][ T4347] BTRFS info (device loop0): allowing degraded mounts [ 68.785979][ T4347] BTRFS info (device loop0): enabling disk space caching [ 68.793066][ T4347] BTRFS info (device loop0): disk space caching is enabled [ 68.811624][ T4347] BTRFS info (device loop0): enabling ssd optimizations [ 68.819747][ T4347] BTRFS info (device loop0): clearing free space tree [pid 4347] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4347] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4347] chdir("./file0") = 0 [pid 4347] ioctl(4, LOOP_CLR_FD) = 0 [pid 4347] close(4) = 0 [pid 4347] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4347] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4346] <... futex resumed>) = 0 [pid 4346] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4346] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4347] <... futex resumed>) = 0 [pid 4347] open("./file0", O_RDONLY) = 4 [pid 4347] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4346] <... futex resumed>) = 0 [pid 4346] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4346] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4347] <... futex resumed>) = 1 [pid 4347] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 4347] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4346] <... futex resumed>) = 0 [pid 4346] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4346] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4347] <... futex resumed>) = 1 [ 68.826791][ T4347] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 68.837094][ T4347] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 68.850855][ T4347] BTRFS info (device loop0): checking UUID tree [pid 4347] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 4347] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4346] <... futex resumed>) = 0 [pid 4346] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4346] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4347] <... futex resumed>) = 1 [pid 4347] creat("./bus", 000) = 6 [pid 4347] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4346] <... futex resumed>) = 0 [pid 4346] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4346] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4347] ftruncate(6, 2048) = 0 [pid 4347] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4346] <... futex resumed>) = 0 [pid 4346] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4346] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4347] open("./bus", O_RDONLY) = 7 [pid 4347] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4346] <... futex resumed>) = 0 [pid 4346] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4346] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4347] <... futex resumed>) = 1 [pid 4347] sendfile(6, 7, NULL, 65536) = 2048 [pid 4347] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4346] <... futex resumed>) = 0 [pid 4346] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4346] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4347] <... futex resumed>) = 1 [pid 4347] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 4347] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4346] <... futex resumed>) = 0 [pid 4346] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4346] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4347] <... futex resumed>) = 1 [ 68.908731][ T56] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 68.918057][ T4347] BTRFS info (device loop0): balance: start -s [ 68.927130][ T4347] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 4347] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 4346] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 4346] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4346] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 4346] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4346] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4367], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 4367 [pid 4346] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4346] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4347] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4347] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4347] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 4367 attached [pid 4367] set_robust_list(0x7fdb617d59e0, 24) = 0 [ 68.955986][ T4347] BTRFS info (device loop0): balance: ended with status: 0 [pid 4367] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 4367] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4346] <... futex resumed>) = 0 [pid 4346] exit_group(0 [pid 4347] <... futex resumed>) = ? [pid 4346] <... exit_group resumed>) = ? [pid 4347] +++ exited with 0 +++ [pid 4367] <... futex resumed>) = ? [pid 4367] +++ exited with 0 +++ [pid 4346] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4346, si_uid=0, si_status=0, si_utime=0, si_stime=28} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./32/binderfs") = 0 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4368 ./strace-static-x86_64: Process 4368 attached [pid 4368] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4368] chdir("./33") = 0 [pid 4368] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4368] setpgid(0, 0) = 0 [pid 4368] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4368] write(3, "1000", 4) = 4 [pid 4368] close(3) = 0 [pid 4368] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4368] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4368] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4368] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4368] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4369], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4369 [pid 4368] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4368] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4369 attached [pid 4369] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4369] memfd_create("syzkaller", 0) = 3 [pid 4369] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4369] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4369] munmap(0x7fdb59200000, 16777216) = 0 [pid 4369] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4369] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4369] close(3) = 0 [pid 4369] mkdir("./file0", 0777) = 0 [ 69.284034][ T4369] loop0: detected capacity change from 0 to 32768 [ 69.298645][ T4369] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 69.307945][ T4369] BTRFS info (device loop0): force clearing of disk cache [ 69.315081][ T4369] BTRFS info (device loop0): setting nodatasum [ 69.321286][ T4369] BTRFS info (device loop0): allowing degraded mounts [ 69.328112][ T4369] BTRFS info (device loop0): enabling disk space caching [ 69.335150][ T4369] BTRFS info (device loop0): disk space caching is enabled [ 69.353734][ T4369] BTRFS info (device loop0): enabling ssd optimizations [ 69.361578][ T4369] BTRFS info (device loop0): clearing free space tree [ 69.368725][ T4369] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 4369] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4369] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4369] chdir("./file0") = 0 [pid 4369] ioctl(4, LOOP_CLR_FD) = 0 [pid 4369] close(4) = 0 [pid 4369] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4368] <... futex resumed>) = 0 [pid 4369] <... futex resumed>) = 1 [pid 4368] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4369] open("./file0", O_RDONLY [pid 4368] <... futex resumed>) = 0 [pid 4369] <... open resumed>) = 4 [pid 4368] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4369] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4368] <... futex resumed>) = 0 [pid 4368] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4368] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4369] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 4369] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4368] <... futex resumed>) = 0 [pid 4368] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4368] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4369] <... futex resumed>) = 1 [ 69.378815][ T4369] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 4369] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 4369] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4368] <... futex resumed>) = 0 [pid 4368] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4368] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4369] <... futex resumed>) = 1 [pid 4369] creat("./bus", 000) = 6 [pid 4369] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4368] <... futex resumed>) = 0 [pid 4368] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4368] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4369] <... futex resumed>) = 1 [pid 4369] ftruncate(6, 2048) = 0 [pid 4369] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4368] <... futex resumed>) = 0 [pid 4368] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4368] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4369] <... futex resumed>) = 1 [pid 4369] open("./bus", O_RDONLY) = 7 [pid 4369] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4368] <... futex resumed>) = 0 [pid 4368] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4368] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4369] <... futex resumed>) = 1 [pid 4369] sendfile(6, 7, NULL, 65536) = 2048 [pid 4369] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4368] <... futex resumed>) = 0 [pid 4368] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4368] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4369] <... futex resumed>) = 1 [pid 4369] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 4369] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4368] <... futex resumed>) = 0 [pid 4368] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4368] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4369] <... futex resumed>) = 1 [pid 4369] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4369] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4368] <... futex resumed>) = 0 [pid 4368] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4368] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4369] <... futex resumed>) = 1 [pid 4369] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 4369] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4368] <... futex resumed>) = 0 [pid 4368] exit_group(0) = ? [pid 4369] <... futex resumed>) = ? [pid 4369] +++ exited with 0 +++ [pid 4368] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4368, si_uid=0, si_status=0, si_utime=0, si_stime=26} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./33/binderfs") = 0 umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./33/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4389 ./strace-static-x86_64: Process 4389 attached [pid 4389] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4389] chdir("./34") = 0 [pid 4389] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4389] setpgid(0, 0) = 0 [pid 4389] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4389] write(3, "1000", 4) = 4 [pid 4389] close(3) = 0 [pid 4389] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4389] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4389] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4389] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4389] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4390], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4390 [pid 4389] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4389] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4390 attached [pid 4390] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4390] memfd_create("syzkaller", 0) = 3 [pid 4390] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4390] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4390] munmap(0x7fdb59200000, 16777216) = 0 [pid 4390] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4390] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4390] close(3) = 0 [pid 4390] mkdir("./file0", 0777) = 0 [pid 4390] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4390] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4390] chdir("./file0") = 0 [pid 4390] ioctl(4, LOOP_CLR_FD) = 0 [pid 4390] close(4) = 0 [pid 4390] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4389] <... futex resumed>) = 0 [pid 4389] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4389] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4390] <... futex resumed>) = 1 [pid 4390] open("./file0", O_RDONLY) = 4 [pid 4390] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4389] <... futex resumed>) = 0 [pid 4389] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4389] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4390] <... futex resumed>) = 1 [pid 4390] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 4390] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4389] <... futex resumed>) = 0 [pid 4389] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4389] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4390] <... futex resumed>) = 1 [ 69.808879][ T4390] loop0: detected capacity change from 0 to 32768 [pid 4390] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 4390] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4389] <... futex resumed>) = 0 [pid 4389] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4389] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4390] <... futex resumed>) = 1 [pid 4390] creat("./bus", 000) = 6 [pid 4390] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4389] <... futex resumed>) = 0 [pid 4389] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4389] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4390] <... futex resumed>) = 1 [pid 4390] ftruncate(6, 2048) = 0 [pid 4390] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4389] <... futex resumed>) = 0 [pid 4389] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4389] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4390] <... futex resumed>) = 1 [pid 4390] open("./bus", O_RDONLY) = 7 [pid 4390] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4389] <... futex resumed>) = 0 [pid 4389] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4389] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4390] <... futex resumed>) = 1 [pid 4390] sendfile(6, 7, NULL, 65536) = 2048 [pid 4390] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4389] <... futex resumed>) = 0 [pid 4389] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4389] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4390] <... futex resumed>) = 1 [pid 4390] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 4390] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4389] <... futex resumed>) = 0 [pid 4389] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4389] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4390] <... futex resumed>) = 1 [pid 4390] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4390] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4389] <... futex resumed>) = 0 [pid 4389] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4389] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4390] <... futex resumed>) = 1 [pid 4390] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 4390] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4389] <... futex resumed>) = 0 [pid 4389] exit_group(0) = ? [pid 4390] <... futex resumed>) = ? [pid 4390] +++ exited with 0 +++ [pid 4389] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4389, si_uid=0, si_status=0, si_utime=1, si_stime=16} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./34/binderfs") = 0 umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./34/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4410 ./strace-static-x86_64: Process 4410 attached [pid 4410] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4410] chdir("./35") = 0 [pid 4410] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4410] setpgid(0, 0) = 0 [pid 4410] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4410] write(3, "1000", 4) = 4 [pid 4410] close(3) = 0 [pid 4410] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4410] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4410] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4410] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4410] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4411 attached , parent_tid=[4411], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4411 [pid 4411] set_robust_list(0x7fdb617f69e0, 24 [pid 4410] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4411] <... set_robust_list resumed>) = 0 [pid 4410] <... futex resumed>) = 0 [pid 4411] memfd_create("syzkaller", 0 [pid 4410] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4411] <... memfd_create resumed>) = 3 [pid 4411] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4411] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4411] munmap(0x7fdb59200000, 16777216) = 0 [pid 4411] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4411] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4411] close(3) = 0 [pid 4411] mkdir("./file0", 0777) = 0 [pid 4411] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4411] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4411] chdir("./file0") = 0 [pid 4411] ioctl(4, LOOP_CLR_FD) = 0 [pid 4411] close(4) = 0 [pid 4411] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4410] <... futex resumed>) = 0 [pid 4410] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4410] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4411] <... futex resumed>) = 1 [pid 4411] open("./file0", O_RDONLY) = 4 [pid 4411] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4410] <... futex resumed>) = 0 [pid 4410] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4410] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4411] <... futex resumed>) = 1 [pid 4411] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 4411] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4410] <... futex resumed>) = 0 [pid 4410] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4410] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4411] <... futex resumed>) = 1 [pid 4411] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 4411] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4410] <... futex resumed>) = 0 [pid 4410] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4410] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4411] <... futex resumed>) = 1 [pid 4411] creat("./bus", 000) = 6 [pid 4411] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4410] <... futex resumed>) = 0 [pid 4410] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4410] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4411] <... futex resumed>) = 1 [pid 4411] ftruncate(6, 2048) = 0 [pid 4411] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4410] <... futex resumed>) = 0 [pid 4410] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4410] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4411] <... futex resumed>) = 1 [pid 4411] open("./bus", O_RDONLY) = 7 [pid 4411] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4410] <... futex resumed>) = 0 [pid 4410] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4410] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4411] <... futex resumed>) = 1 [pid 4411] sendfile(6, 7, NULL, 65536) = 2048 [pid 4411] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4410] <... futex resumed>) = 0 [pid 4410] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4410] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4411] <... futex resumed>) = 1 [ 70.243826][ T4411] loop0: detected capacity change from 0 to 32768 [pid 4411] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 4411] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4410] <... futex resumed>) = 0 [pid 4410] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4410] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4411] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4411] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4410] <... futex resumed>) = 0 [pid 4410] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4410] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4411] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 4411] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4410] <... futex resumed>) = 0 [pid 4410] exit_group(0) = ? [pid 4411] +++ exited with 0 +++ [pid 4410] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4410, si_uid=0, si_status=0, si_utime=3, si_stime=19} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./35/binderfs") = 0 umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./35/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4431 ./strace-static-x86_64: Process 4431 attached [pid 4431] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4431] chdir("./36") = 0 [pid 4431] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4431] setpgid(0, 0) = 0 [pid 4431] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4431] write(3, "1000", 4) = 4 [pid 4431] close(3) = 0 [pid 4431] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4431] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4431] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4431] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4431] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4432], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4432 [pid 4431] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4431] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4432 attached [pid 4432] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4432] memfd_create("syzkaller", 0) = 3 [pid 4432] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4432] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4432] munmap(0x7fdb59200000, 16777216) = 0 [pid 4432] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4432] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4432] close(3) = 0 [pid 4432] mkdir("./file0", 0777) = 0 [pid 4432] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4432] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4432] chdir("./file0") = 0 [pid 4432] ioctl(4, LOOP_CLR_FD) = 0 [pid 4432] close(4) = 0 [pid 4432] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4431] <... futex resumed>) = 0 [pid 4432] open("./file0", O_RDONLY [pid 4431] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4432] <... open resumed>) = 4 [pid 4432] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4431] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4432] <... futex resumed>) = 0 [pid 4431] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4432] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 4431] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4432] <... open resumed>) = 5 [pid 4431] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4432] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4431] <... futex resumed>) = 0 [pid 4432] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 4431] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 70.677653][ T4432] loop0: detected capacity change from 0 to 32768 [pid 4432] <... ioctl resumed>) = 0 [pid 4431] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4432] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4431] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4432] <... futex resumed>) = 0 [pid 4431] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4432] creat("./bus", 000 [pid 4431] <... futex resumed>) = 0 [pid 4431] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4432] <... creat resumed>) = 6 [pid 4432] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4431] <... futex resumed>) = 0 [pid 4432] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4431] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4432] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4431] <... futex resumed>) = 0 [pid 4432] ftruncate(6, 2048 [pid 4431] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4432] <... ftruncate resumed>) = 0 [pid 4432] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4431] <... futex resumed>) = 0 [pid 4432] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4431] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4432] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4431] <... futex resumed>) = 0 [pid 4432] open("./bus", O_RDONLY [pid 4431] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4432] <... open resumed>) = 7 [pid 4432] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4431] <... futex resumed>) = 0 [pid 4432] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4431] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4432] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4431] <... futex resumed>) = 0 [pid 4432] sendfile(6, 7, NULL, 65536 [pid 4431] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4432] <... sendfile resumed>) = 2048 [pid 4432] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4431] <... futex resumed>) = 0 [pid 4432] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4431] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4432] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4431] <... futex resumed>) = 0 [pid 4432] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 4431] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4432] <... openat resumed>) = 8 [pid 4432] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4431] <... futex resumed>) = 0 [pid 4432] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4431] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4432] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4431] <... futex resumed>) = 0 [pid 4432] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 70.779115][ T4432] _btrfs_printk: 47 callbacks suppressed [ 70.779131][ T4432] BTRFS info (device loop0): balance: start -s [ 70.794297][ T4432] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 4431] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 4431] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4431] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 4431] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4431] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4452], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 4452 [pid 4431] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4431] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4452 attached [pid 4432] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4452] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 4452] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 4432] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4432] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4452] <... ioctl resumed>) = 0 [pid 4452] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4431] <... futex resumed>) = 0 [pid 4452] <... futex resumed>) = 1 [pid 4431] exit_group(0 [pid 4452] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4431] <... exit_group resumed>) = ? [pid 4452] <... futex resumed>) = ? [pid 4432] <... futex resumed>) = ? [pid 4432] +++ exited with 0 +++ [pid 4452] +++ exited with 0 +++ [pid 4431] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4431, si_uid=0, si_status=0, si_utime=2, si_stime=19} --- umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 70.825484][ T4432] BTRFS info (device loop0): balance: ended with status: 0 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./36/binderfs") = 0 umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./36/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4453 ./strace-static-x86_64: Process 4453 attached [pid 4453] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4453] chdir("./37") = 0 [pid 4453] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4453] setpgid(0, 0) = 0 [pid 4453] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4453] write(3, "1000", 4) = 4 [pid 4453] close(3) = 0 [pid 4453] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4453] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4453] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4453] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4453] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4454], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4454 [pid 4453] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4453] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4454 attached [pid 4454] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4454] memfd_create("syzkaller", 0) = 3 [pid 4454] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4454] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4454] munmap(0x7fdb59200000, 16777216) = 0 [pid 4454] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4454] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4454] close(3) = 0 [pid 4454] mkdir("./file0", 0777) = 0 [ 71.140292][ T4454] loop0: detected capacity change from 0 to 32768 [ 71.155123][ T4454] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 71.177462][ T4454] BTRFS info (device loop0): force clearing of disk cache [ 71.184616][ T4454] BTRFS info (device loop0): setting nodatasum [ 71.191077][ T4454] BTRFS info (device loop0): allowing degraded mounts [ 71.198006][ T4454] BTRFS info (device loop0): enabling disk space caching [ 71.205196][ T4454] BTRFS info (device loop0): disk space caching is enabled [ 71.226853][ T4454] BTRFS info (device loop0): enabling ssd optimizations [pid 4454] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4454] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4454] chdir("./file0") = 0 [pid 4454] ioctl(4, LOOP_CLR_FD) = 0 [pid 4454] close(4) = 0 [pid 4454] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4453] <... futex resumed>) = 0 [pid 4453] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4453] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4454] <... futex resumed>) = 1 [pid 4454] open("./file0", O_RDONLY) = 4 [pid 4454] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4453] <... futex resumed>) = 0 [pid 4453] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4453] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4454] <... futex resumed>) = 1 [pid 4454] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 4454] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4453] <... futex resumed>) = 0 [pid 4453] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4453] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4454] <... futex resumed>) = 1 [ 71.235025][ T4454] BTRFS info (device loop0): clearing free space tree [ 71.241975][ T4454] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 71.251791][ T4454] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 71.266420][ T4454] BTRFS info (device loop0): checking UUID tree [ 71.283107][ T27] kauditd_printk_skb: 10 callbacks suppressed [pid 4454] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 4454] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4453] <... futex resumed>) = 0 [pid 4453] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4453] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4454] <... futex resumed>) = 1 [pid 4454] creat("./bus", 000) = 6 [pid 4454] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4453] <... futex resumed>) = 0 [pid 4453] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4453] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4454] <... futex resumed>) = 1 [pid 4454] ftruncate(6, 2048) = 0 [pid 4454] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4453] <... futex resumed>) = 0 [pid 4453] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4453] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4454] <... futex resumed>) = 1 [pid 4454] open("./bus", O_RDONLY) = 7 [pid 4454] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4453] <... futex resumed>) = 0 [pid 4453] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4453] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4454] <... futex resumed>) = 1 [pid 4454] sendfile(6, 7, NULL, 65536) = 2048 [pid 4454] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4453] <... futex resumed>) = 0 [pid 4453] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4453] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4454] <... futex resumed>) = 1 [pid 4454] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 4454] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4453] <... futex resumed>) = 0 [pid 4453] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4453] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4454] <... futex resumed>) = 1 [ 71.283117][ T27] audit: type=1800 audit(1670043451.785:76): pid=4454 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 71.330729][ T56] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 4454] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 4453] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 4453] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4453] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 4453] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4453] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4474], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 4474 [pid 4453] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4453] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4474 attached [pid 4474] set_robust_list(0x7fdb617d59e0, 24) = 0 [ 71.358372][ T4454] BTRFS info (device loop0): balance: start -s [ 71.366467][ T4454] BTRFS info (device loop0): relocating block group 1048576 flags system [ 71.375754][ T27] audit: type=1804 audit(1670043451.835:77): pid=4454 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/37/file0/bus" dev="loop0" ino=263 res=1 errno=0 [pid 4474] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 4453] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 4474] <... ioctl resumed>) = 0 [pid 4474] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4474] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4454] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4454] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4454] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4453] exit_group(0 [pid 4474] <... futex resumed>) = ? [pid 4454] <... futex resumed>) = ? [pid 4453] <... exit_group resumed>) = ? [pid 4474] +++ exited with 0 +++ [pid 4454] +++ exited with 0 +++ [pid 4453] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4453, si_uid=0, si_status=0, si_utime=2, si_stime=25} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./37/binderfs") = 0 [ 71.493823][ T4454] BTRFS info (device loop0): balance: ended with status: 0 umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4475 ./strace-static-x86_64: Process 4475 attached [pid 4475] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4475] chdir("./38") = 0 [pid 4475] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4475] setpgid(0, 0) = 0 [pid 4475] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4475] write(3, "1000", 4) = 4 [pid 4475] close(3) = 0 [pid 4475] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4475] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4475] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4475] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4475] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4476], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4476 [pid 4475] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4475] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4476 attached [pid 4476] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4476] memfd_create("syzkaller", 0) = 3 [pid 4476] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4476] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4476] munmap(0x7fdb59200000, 16777216) = 0 [pid 4476] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4476] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4476] close(3) = 0 [pid 4476] mkdir("./file0", 0777) = 0 [ 71.947480][ T4476] loop0: detected capacity change from 0 to 32768 [ 71.960515][ T4476] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 71.970072][ T4476] BTRFS info (device loop0): force clearing of disk cache [ 71.977621][ T4476] BTRFS info (device loop0): setting nodatasum [ 71.984041][ T4476] BTRFS info (device loop0): allowing degraded mounts [ 71.991247][ T4476] BTRFS info (device loop0): enabling disk space caching [ 71.998572][ T4476] BTRFS info (device loop0): disk space caching is enabled [ 72.018877][ T4476] BTRFS info (device loop0): enabling ssd optimizations [ 72.026775][ T4476] BTRFS info (device loop0): clearing free space tree [ 72.034165][ T4476] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 4476] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4476] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4476] chdir("./file0") = 0 [pid 4476] ioctl(4, LOOP_CLR_FD) = 0 [pid 4476] close(4) = 0 [pid 4476] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4476] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4475] <... futex resumed>) = 0 [pid 4475] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4476] <... futex resumed>) = 0 [pid 4475] <... futex resumed>) = 1 [pid 4476] open("./file0", O_RDONLY [pid 4475] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4476] <... open resumed>) = 4 [pid 4476] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4475] <... futex resumed>) = 0 [pid 4476] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 4475] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4475] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4476] <... open resumed>) = 5 [pid 4476] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4475] <... futex resumed>) = 0 [pid 4476] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4475] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4476] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4475] <... futex resumed>) = 0 [pid 4476] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 4475] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4476] <... ioctl resumed>) = 0 [pid 4476] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4475] <... futex resumed>) = 0 [pid 4475] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4476] creat("./bus", 000 [pid 4475] <... futex resumed>) = 0 [pid 4476] <... creat resumed>) = 6 [pid 4475] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4476] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4475] <... futex resumed>) = 0 [pid 4475] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4475] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4476] ftruncate(6, 2048) = 0 [pid 4476] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4475] <... futex resumed>) = 0 [pid 4475] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4475] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4476] <... futex resumed>) = 1 [ 72.044212][ T4476] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 72.058989][ T4476] BTRFS info (device loop0): checking UUID tree [ 72.073984][ T27] audit: type=1800 audit(1670043452.575:78): pid=4476 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 4476] open("./bus", O_RDONLY) = 7 [pid 4476] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4475] <... futex resumed>) = 0 [pid 4475] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4475] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4476] <... futex resumed>) = 1 [pid 4476] sendfile(6, 7, NULL, 65536) = 2048 [pid 4476] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4475] <... futex resumed>) = 0 [pid 4475] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4475] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4476] <... futex resumed>) = 1 [pid 4476] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 4476] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4475] <... futex resumed>) = 0 [pid 4475] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4475] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4476] <... futex resumed>) = 1 [ 72.108758][ T27] audit: type=1804 audit(1670043452.615:79): pid=4476 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/38/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 72.115460][ T9] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 72.152813][ T4476] BTRFS info (device loop0): balance: start -s [pid 4476] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 4475] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 4475] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4475] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 4475] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4475] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4496], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 4496 [pid 4475] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4475] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4496 attached [pid 4496] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 4496] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 4476] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4476] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4476] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4496] <... ioctl resumed>) = 0 [pid 4496] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4475] <... futex resumed>) = 0 [pid 4496] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4475] exit_group(0 [pid 4496] <... futex resumed>) = ? [pid 4476] <... futex resumed>) = ? [pid 4475] <... exit_group resumed>) = ? [pid 4476] +++ exited with 0 +++ [ 72.161413][ T4476] BTRFS info (device loop0): relocating block group 1048576 flags system [ 72.196893][ T4476] BTRFS info (device loop0): balance: ended with status: 0 [pid 4496] +++ exited with 0 +++ [pid 4475] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4475, si_uid=0, si_status=0, si_utime=1, si_stime=32} --- umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./38/binderfs") = 0 umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./38/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4497 ./strace-static-x86_64: Process 4497 attached [pid 4497] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4497] chdir("./39") = 0 [pid 4497] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4497] setpgid(0, 0) = 0 [pid 4497] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4497] write(3, "1000", 4) = 4 [pid 4497] close(3) = 0 [pid 4497] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4497] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4497] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4497] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4497] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4498], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4498 [pid 4497] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4497] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4498 attached [pid 4498] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4498] memfd_create("syzkaller", 0) = 3 [pid 4498] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4498] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4498] munmap(0x7fdb59200000, 16777216) = 0 [pid 4498] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4498] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4498] close(3) = 0 [pid 4498] mkdir("./file0", 0777) = 0 [ 72.510081][ T4498] loop0: detected capacity change from 0 to 32768 [ 72.522515][ T4498] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 72.531851][ T4498] BTRFS info (device loop0): force clearing of disk cache [ 72.539060][ T4498] BTRFS info (device loop0): setting nodatasum [ 72.545264][ T4498] BTRFS info (device loop0): allowing degraded mounts [ 72.552094][ T4498] BTRFS info (device loop0): enabling disk space caching [ 72.559143][ T4498] BTRFS info (device loop0): disk space caching is enabled [ 72.575813][ T4498] BTRFS info (device loop0): enabling ssd optimizations [ 72.583930][ T4498] BTRFS info (device loop0): clearing free space tree [ 72.590759][ T4498] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 4498] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4498] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4498] chdir("./file0") = 0 [pid 4498] ioctl(4, LOOP_CLR_FD) = 0 [pid 4498] close(4) = 0 [pid 4498] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4497] <... futex resumed>) = 0 [pid 4498] open("./file0", O_RDONLY [pid 4497] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4497] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4498] <... open resumed>) = 4 [pid 4498] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4497] <... futex resumed>) = 0 [pid 4497] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4497] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 72.600768][ T4498] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 72.613962][ T4498] BTRFS info (device loop0): checking UUID tree [pid 4498] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 4498] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4497] <... futex resumed>) = 0 [pid 4497] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4497] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4498] <... futex resumed>) = 1 [pid 4498] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 4498] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4497] <... futex resumed>) = 0 [pid 4497] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4497] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4498] <... futex resumed>) = 1 [pid 4498] creat("./bus", 000) = 6 [pid 4498] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4497] <... futex resumed>) = 0 [pid 4497] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4497] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4498] <... futex resumed>) = 1 [pid 4498] ftruncate(6, 2048) = 0 [pid 4498] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4497] <... futex resumed>) = 0 [pid 4497] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4497] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4498] <... futex resumed>) = 1 [pid 4498] open("./bus", O_RDONLY) = 7 [ 72.660108][ T27] audit: type=1800 audit(1670043453.165:80): pid=4498 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 4498] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4497] <... futex resumed>) = 0 [pid 4497] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4497] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4498] <... futex resumed>) = 1 [pid 4498] sendfile(6, 7, NULL, 65536) = 2048 [pid 4498] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4497] <... futex resumed>) = 0 [pid 4497] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4497] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4498] <... futex resumed>) = 1 [pid 4498] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 4498] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4497] <... futex resumed>) = 0 [pid 4497] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4497] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4498] <... futex resumed>) = 1 [ 72.710879][ T27] audit: type=1804 audit(1670043453.215:81): pid=4498 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/39/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 72.712858][ T33] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 4498] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 4497] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 4497] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4497] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 4497] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4497] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4518], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 4518 [pid 4497] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4497] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4518 attached [pid 4518] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 4518] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 4498] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4498] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 72.761541][ T4498] BTRFS info (device loop0): balance: start -s [ 72.769929][ T4498] BTRFS info (device loop0): relocating block group 1048576 flags system [ 72.799538][ T4498] BTRFS info (device loop0): balance: ended with status: 0 [pid 4498] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4518] <... ioctl resumed>) = 0 [pid 4518] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4497] <... futex resumed>) = 0 [pid 4518] <... futex resumed>) = 1 [pid 4497] exit_group(0 [pid 4518] ????( [pid 4497] <... exit_group resumed>) = ? [pid 4518] <... ???? resumed>) = ? [pid 4518] +++ exited with 0 +++ [pid 4498] <... futex resumed>) = ? [pid 4498] +++ exited with 0 +++ [pid 4497] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4497, si_uid=0, si_status=0, si_utime=3, si_stime=28} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./39/binderfs") = 0 umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4519 ./strace-static-x86_64: Process 4519 attached [pid 4519] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4519] chdir("./40") = 0 [pid 4519] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4519] setpgid(0, 0) = 0 [pid 4519] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4519] write(3, "1000", 4) = 4 [pid 4519] close(3) = 0 [pid 4519] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4519] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4519] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4519] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4519] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4520], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4520 [pid 4519] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4519] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4520 attached [pid 4520] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4520] memfd_create("syzkaller", 0) = 3 [pid 4520] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4520] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4520] munmap(0x7fdb59200000, 16777216) = 0 [pid 4520] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4520] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4520] close(3) = 0 [pid 4520] mkdir("./file0", 0777) = 0 [ 73.120758][ T4520] loop0: detected capacity change from 0 to 32768 [ 73.134786][ T4520] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 73.144517][ T4520] BTRFS info (device loop0): force clearing of disk cache [ 73.151840][ T4520] BTRFS info (device loop0): setting nodatasum [ 73.158258][ T4520] BTRFS info (device loop0): allowing degraded mounts [ 73.165047][ T4520] BTRFS info (device loop0): enabling disk space caching [ 73.172480][ T4520] BTRFS info (device loop0): disk space caching is enabled [ 73.191388][ T4520] BTRFS info (device loop0): enabling ssd optimizations [ 73.203811][ T4520] BTRFS info (device loop0): clearing free space tree [ 73.210750][ T4520] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 4520] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4520] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4520] chdir("./file0") = 0 [pid 4520] ioctl(4, LOOP_CLR_FD) = 0 [pid 4520] close(4) = 0 [pid 4520] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4519] <... futex resumed>) = 0 [pid 4520] open("./file0", O_RDONLY [pid 4519] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4520] <... open resumed>) = 4 [pid 4519] <... futex resumed>) = 0 [pid 4520] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4519] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4520] <... futex resumed>) = 0 [pid 4519] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4520] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4519] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4520] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4519] <... futex resumed>) = 0 [pid 4520] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 4519] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4520] <... open resumed>) = 5 [pid 4520] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 73.220466][ T4520] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 73.234089][ T4520] BTRFS info (device loop0): checking UUID tree [pid 4520] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4519] <... futex resumed>) = 0 [pid 4519] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4520] <... futex resumed>) = 0 [pid 4519] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4520] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 4520] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4519] <... futex resumed>) = 0 [pid 4520] creat("./bus", 000 [pid 4519] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4520] <... creat resumed>) = 6 [pid 4519] <... futex resumed>) = 0 [pid 4519] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4520] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4519] <... futex resumed>) = 0 [pid 4519] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4519] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4520] <... futex resumed>) = 1 [pid 4520] ftruncate(6, 2048) = 0 [pid 4520] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4519] <... futex resumed>) = 0 [pid 4519] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4519] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4520] <... futex resumed>) = 1 [ 73.258808][ T27] audit: type=1800 audit(1670043453.765:82): pid=4520 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 73.300111][ T9] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 4520] open("./bus", O_RDONLY) = 7 [pid 4520] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4520] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4519] <... futex resumed>) = 0 [pid 4519] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4520] <... futex resumed>) = 0 [pid 4519] <... futex resumed>) = 1 [pid 4519] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4520] sendfile(6, 7, NULL, 65536) = 2048 [pid 4520] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4520] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4519] <... futex resumed>) = 0 [pid 4519] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4520] <... futex resumed>) = 0 [pid 4519] <... futex resumed>) = 1 [pid 4520] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 4519] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4520] <... openat resumed>) = 8 [pid 4520] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4519] <... futex resumed>) = 0 [pid 4520] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4519] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4520] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4519] <... futex resumed>) = 0 [pid 4520] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 73.302636][ T27] audit: type=1804 audit(1670043453.805:83): pid=4520 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/40/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 73.350982][ T4520] BTRFS info (device loop0): balance: start -s [ 73.359129][ T4520] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 4519] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4520] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4520] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4519] <... futex resumed>) = 0 [pid 4520] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4519] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4520] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4519] <... futex resumed>) = 0 [pid 4520] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 4519] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4520] <... ioctl resumed>) = 0 [pid 4520] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4519] <... futex resumed>) = 0 [pid 4520] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4519] exit_group(0 [pid 4520] <... futex resumed>) = ? [pid 4519] <... exit_group resumed>) = ? [pid 4520] +++ exited with 0 +++ [pid 4519] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4519, si_uid=0, si_status=0, si_utime=0, si_stime=30} --- umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./40/binderfs") = 0 [ 73.382617][ T4520] BTRFS info (device loop0): balance: ended with status: 0 umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./40/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4540 attached , child_tidptr=0x55555746f5d0) = 4540 [pid 4540] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4540] chdir("./41") = 0 [pid 4540] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4540] setpgid(0, 0) = 0 [pid 4540] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4540] write(3, "1000", 4) = 4 [pid 4540] close(3) = 0 [pid 4540] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4540] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4540] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4540] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4540] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4541], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4541 ./strace-static-x86_64: Process 4541 attached [pid 4541] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4541] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4540] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4541] <... futex resumed>) = 0 [pid 4541] memfd_create("syzkaller", 0) = 3 [pid 4541] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4540] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4541] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4541] munmap(0x7fdb59200000, 16777216) = 0 [pid 4541] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4541] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4541] close(3) = 0 [pid 4541] mkdir("./file0", 0777) = 0 [ 73.723073][ T4541] loop0: detected capacity change from 0 to 32768 [ 73.735505][ T4541] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 73.745174][ T4541] BTRFS info (device loop0): force clearing of disk cache [ 73.752530][ T4541] BTRFS info (device loop0): setting nodatasum [ 73.758960][ T4541] BTRFS info (device loop0): allowing degraded mounts [ 73.765735][ T4541] BTRFS info (device loop0): enabling disk space caching [ 73.773128][ T4541] BTRFS info (device loop0): disk space caching is enabled [ 73.790351][ T4541] BTRFS info (device loop0): enabling ssd optimizations [ 73.798320][ T4541] BTRFS info (device loop0): clearing free space tree [ 73.805128][ T4541] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 4541] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4541] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4541] chdir("./file0") = 0 [pid 4541] ioctl(4, LOOP_CLR_FD) = 0 [pid 4541] close(4) = 0 [pid 4541] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4541] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4540] <... futex resumed>) = 0 [pid 4540] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4540] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4541] <... futex resumed>) = 0 [pid 4541] open("./file0", O_RDONLY) = 4 [pid 4541] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4540] <... futex resumed>) = 0 [pid 4540] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4540] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 73.814868][ T4541] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 73.828495][ T4541] BTRFS info (device loop0): checking UUID tree [pid 4541] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 4541] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4540] <... futex resumed>) = 0 [pid 4540] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4541] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 4540] <... futex resumed>) = 0 [pid 4540] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4541] <... ioctl resumed>) = 0 [pid 4541] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4540] <... futex resumed>) = 0 [pid 4541] <... futex resumed>) = 1 [pid 4540] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4540] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4541] creat("./bus", 000) = 6 [pid 4541] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4540] <... futex resumed>) = 0 [pid 4541] <... futex resumed>) = 1 [pid 4540] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4541] ftruncate(6, 2048 [pid 4540] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4541] <... ftruncate resumed>) = 0 [pid 4541] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4540] <... futex resumed>) = 0 [pid 4541] <... futex resumed>) = 1 [pid 4540] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4540] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 73.860123][ T27] audit: type=1800 audit(1670043454.365:84): pid=4541 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 4541] open("./bus", O_RDONLY) = 7 [pid 4541] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4540] <... futex resumed>) = 0 [pid 4541] <... futex resumed>) = 1 [pid 4540] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4541] sendfile(6, 7, NULL, 65536 [pid 4540] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4541] <... sendfile resumed>) = 2048 [pid 4541] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4540] <... futex resumed>) = 0 [pid 4541] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 4540] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4540] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4541] <... openat resumed>) = 8 [pid 4541] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4540] <... futex resumed>) = 0 [pid 4541] <... futex resumed>) = 1 [pid 4540] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4541] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 4540] <... futex resumed>) = 0 [ 73.913053][ T27] audit: type=1804 audit(1670043454.415:85): pid=4541 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/41/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 73.944580][ T9] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 73.962830][ T4541] BTRFS info (device loop0): balance: start -s [pid 4540] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4541] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4541] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4540] <... futex resumed>) = 0 [pid 4541] <... futex resumed>) = 1 [pid 4540] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4541] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 4540] <... futex resumed>) = 0 [pid 4540] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4541] <... ioctl resumed>) = 0 [pid 4541] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4540] <... futex resumed>) = 0 [pid 4541] <... futex resumed>) = 1 [pid 4540] exit_group(0 [pid 4541] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4540] <... exit_group resumed>) = ? [pid 4541] <... futex resumed>) = ? [pid 4541] +++ exited with 0 +++ [pid 4540] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4540, si_uid=0, si_status=0, si_utime=2, si_stime=30} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./41/binderfs") = 0 [ 73.971106][ T4541] BTRFS info (device loop0): relocating block group 1048576 flags system [ 73.994606][ T4541] BTRFS info (device loop0): balance: ended with status: 0 umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./41/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4561 ./strace-static-x86_64: Process 4561 attached [pid 4561] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4561] chdir("./42") = 0 [pid 4561] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4561] setpgid(0, 0) = 0 [pid 4561] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4561] write(3, "1000", 4) = 4 [pid 4561] close(3) = 0 [pid 4561] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4561] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4561] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4561] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4561] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4562 attached , parent_tid=[4562], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4562 [pid 4562] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4562] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4561] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4562] <... futex resumed>) = 0 [pid 4562] memfd_create("syzkaller", 0) = 3 [pid 4562] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4561] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4562] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4562] munmap(0x7fdb59200000, 16777216) = 0 [pid 4562] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4562] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4562] close(3) = 0 [pid 4562] mkdir("./file0", 0777) = 0 [ 74.314951][ T4562] loop0: detected capacity change from 0 to 32768 [ 74.328149][ T4562] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 74.337444][ T4562] BTRFS info (device loop0): force clearing of disk cache [ 74.344563][ T4562] BTRFS info (device loop0): setting nodatasum [ 74.350960][ T4562] BTRFS info (device loop0): allowing degraded mounts [ 74.358040][ T4562] BTRFS info (device loop0): enabling disk space caching [ 74.365091][ T4562] BTRFS info (device loop0): disk space caching is enabled [ 74.382848][ T4562] BTRFS info (device loop0): enabling ssd optimizations [ 74.390695][ T4562] BTRFS info (device loop0): clearing free space tree [ 74.397919][ T4562] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 4562] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4562] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4562] chdir("./file0") = 0 [pid 4562] ioctl(4, LOOP_CLR_FD) = 0 [pid 4562] close(4) = 0 [pid 4562] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4561] <... futex resumed>) = 0 [pid 4562] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4561] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4561] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4562] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4562] open("./file0", O_RDONLY) = 4 [pid 4562] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4561] <... futex resumed>) = 0 [pid 4562] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4561] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4562] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4561] <... futex resumed>) = 0 [pid 4562] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 4561] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4562] <... open resumed>) = 5 [pid 4562] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4561] <... futex resumed>) = 0 [pid 4562] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4561] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4561] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4562] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4562] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 4562] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4561] <... futex resumed>) = 0 [pid 4561] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4562] creat("./bus", 000 [pid 4561] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4562] <... creat resumed>) = 6 [pid 4562] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4561] <... futex resumed>) = 0 [pid 4561] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 74.407975][ T4562] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 74.422244][ T4562] BTRFS info (device loop0): checking UUID tree [pid 4561] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4562] ftruncate(6, 2048) = 0 [pid 4562] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4562] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4561] <... futex resumed>) = 0 [pid 4561] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4562] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4561] <... futex resumed>) = 0 [pid 4561] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4562] open("./bus", O_RDONLY) = 7 [pid 4562] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4561] <... futex resumed>) = 0 [pid 4561] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4562] sendfile(6, 7, NULL, 65536 [pid 4561] <... futex resumed>) = 0 [pid 4561] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4562] <... sendfile resumed>) = 2048 [pid 4562] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4561] <... futex resumed>) = 0 [pid 4562] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 4561] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4561] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4562] <... openat resumed>) = 8 [pid 4562] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4562] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4561] <... futex resumed>) = 0 [pid 4561] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4561] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4562] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 74.467625][ T9] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 74.498593][ T4562] BTRFS info (device loop0): balance: start -s [ 74.506872][ T4562] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 4562] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 4561] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 4561] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4561] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 4561] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4561] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4582], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 4582 [pid 4561] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4561] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4562] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4562] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4562] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 4582 attached [pid 4582] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 4582] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 4582] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4561] <... futex resumed>) = 0 [pid 4561] exit_group(0) = ? [pid 4562] <... futex resumed>) = ? [pid 4582] <... futex resumed>) = ? [pid 4582] +++ exited with 0 +++ [pid 4562] +++ exited with 0 +++ [pid 4561] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4561, si_uid=0, si_status=0, si_utime=2, si_stime=27} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./42/binderfs") = 0 [ 74.532914][ T4562] BTRFS info (device loop0): balance: ended with status: 0 umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./42/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4584 ./strace-static-x86_64: Process 4584 attached [pid 4584] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4584] chdir("./43") = 0 [pid 4584] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4584] setpgid(0, 0) = 0 [pid 4584] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4584] write(3, "1000", 4) = 4 [pid 4584] close(3) = 0 [pid 4584] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4584] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4584] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4584] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4584] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4585], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4585 [pid 4584] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4584] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4585 attached [pid 4585] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4585] memfd_create("syzkaller", 0) = 3 [pid 4585] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4585] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4585] munmap(0x7fdb59200000, 16777216) = 0 [pid 4585] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4585] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4585] close(3) = 0 [pid 4585] mkdir("./file0", 0777) = 0 [ 74.860050][ T4585] loop0: detected capacity change from 0 to 32768 [ 74.874221][ T4585] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 74.883603][ T4585] BTRFS info (device loop0): force clearing of disk cache [ 74.891081][ T4585] BTRFS info (device loop0): setting nodatasum [ 74.897319][ T4585] BTRFS info (device loop0): allowing degraded mounts [pid 4585] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4585] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4585] chdir("./file0") = 0 [pid 4585] ioctl(4, LOOP_CLR_FD) = 0 [pid 4585] close(4) = 0 [pid 4585] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4585] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4584] <... futex resumed>) = 0 [pid 4584] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4584] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4585] <... futex resumed>) = 0 [pid 4585] open("./file0", O_RDONLY) = 4 [pid 4585] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4584] <... futex resumed>) = 0 [pid 4584] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4584] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4585] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 4585] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4584] <... futex resumed>) = 0 [pid 4585] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4584] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4585] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4584] <... futex resumed>) = 0 [pid 4585] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 4584] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4585] <... ioctl resumed>) = 0 [pid 4585] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4584] <... futex resumed>) = 0 [pid 4585] <... futex resumed>) = 1 [ 74.904097][ T4585] BTRFS info (device loop0): enabling disk space caching [ 74.911463][ T4585] BTRFS info (device loop0): disk space caching is enabled [ 74.930890][ T4585] BTRFS info (device loop0): enabling ssd optimizations [pid 4584] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4585] creat("./bus", 000 [pid 4584] <... futex resumed>) = 0 [pid 4584] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4585] <... creat resumed>) = 6 [pid 4585] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4584] <... futex resumed>) = 0 [pid 4585] <... futex resumed>) = 1 [pid 4584] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4585] ftruncate(6, 2048 [pid 4584] <... futex resumed>) = 0 [pid 4584] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4585] <... ftruncate resumed>) = 0 [pid 4585] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4584] <... futex resumed>) = 0 [pid 4584] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4585] open("./bus", O_RDONLY [pid 4584] <... futex resumed>) = 0 [pid 4585] <... open resumed>) = 7 [pid 4584] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4585] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4584] <... futex resumed>) = 0 [pid 4584] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4585] sendfile(6, 7, NULL, 65536 [pid 4584] <... futex resumed>) = 0 [pid 4584] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4585] <... sendfile resumed>) = 2048 [pid 4585] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4584] <... futex resumed>) = 0 [pid 4585] <... futex resumed>) = 1 [pid 4584] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4585] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 4584] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4585] <... openat resumed>) = 8 [pid 4585] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4584] <... futex resumed>) = 0 [pid 4585] <... futex resumed>) = 1 [pid 4584] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4585] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 4584] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4585] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4585] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4584] <... futex resumed>) = 0 [pid 4585] <... futex resumed>) = 1 [pid 4584] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4585] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 4584] <... futex resumed>) = 0 [pid 4584] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4585] <... ioctl resumed>) = 0 [pid 4585] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4584] <... futex resumed>) = 0 [pid 4585] <... futex resumed>) = 1 [pid 4584] exit_group(0 [pid 4585] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4584] <... exit_group resumed>) = ? [pid 4585] <... futex resumed>) = ? [pid 4585] +++ exited with 0 +++ [pid 4584] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4584, si_uid=0, si_status=0, si_utime=3, si_stime=21} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./43/binderfs") = 0 umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./43/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4605 ./strace-static-x86_64: Process 4605 attached [pid 4605] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4605] chdir("./44") = 0 [pid 4605] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4605] setpgid(0, 0) = 0 [pid 4605] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4605] write(3, "1000", 4) = 4 [pid 4605] close(3) = 0 [pid 4605] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4605] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4605] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4605] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4605] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4606], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4606 [pid 4605] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4605] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4606 attached [pid 4606] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4606] memfd_create("syzkaller", 0) = 3 [pid 4606] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4606] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4606] munmap(0x7fdb59200000, 16777216) = 0 [pid 4606] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4606] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4606] close(3) = 0 [pid 4606] mkdir("./file0", 0777) = 0 [pid 4606] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4606] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4606] chdir("./file0") = 0 [pid 4606] ioctl(4, LOOP_CLR_FD) = 0 [pid 4606] close(4) = 0 [pid 4606] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4605] <... futex resumed>) = 0 [pid 4605] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4605] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4606] <... futex resumed>) = 1 [pid 4606] open("./file0", O_RDONLY) = 4 [pid 4606] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4605] <... futex resumed>) = 0 [pid 4605] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4605] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4606] <... futex resumed>) = 1 [pid 4606] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 4606] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4605] <... futex resumed>) = 0 [pid 4605] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4605] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4606] <... futex resumed>) = 1 [pid 4606] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 4606] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4605] <... futex resumed>) = 0 [pid 4605] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4605] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4606] <... futex resumed>) = 1 [pid 4606] creat("./bus", 000) = 6 [pid 4606] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4605] <... futex resumed>) = 0 [pid 4605] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4605] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4606] <... futex resumed>) = 1 [pid 4606] ftruncate(6, 2048) = 0 [pid 4606] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4605] <... futex resumed>) = 0 [pid 4605] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4605] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4606] <... futex resumed>) = 1 [pid 4606] open("./bus", O_RDONLY) = 7 [pid 4606] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4605] <... futex resumed>) = 0 [pid 4605] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4605] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4606] <... futex resumed>) = 1 [pid 4606] sendfile(6, 7, NULL, 65536) = 2048 [pid 4606] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4605] <... futex resumed>) = 0 [pid 4605] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4605] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4606] <... futex resumed>) = 1 [ 75.382679][ T4606] loop0: detected capacity change from 0 to 32768 [pid 4606] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 4606] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4605] <... futex resumed>) = 0 [pid 4605] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4605] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4606] <... futex resumed>) = 1 [pid 4606] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4606] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4605] <... futex resumed>) = 0 [pid 4605] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4605] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4606] <... futex resumed>) = 1 [pid 4606] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 4606] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4605] <... futex resumed>) = 0 [pid 4606] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4605] exit_group(0 [pid 4606] <... futex resumed>) = ? [pid 4605] <... exit_group resumed>) = ? [pid 4606] +++ exited with 0 +++ [pid 4605] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4605, si_uid=0, si_status=0, si_utime=1, si_stime=18} --- umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./44/binderfs") = 0 umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./44/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4626 ./strace-static-x86_64: Process 4626 attached [pid 4626] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4626] chdir("./45") = 0 [pid 4626] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4626] setpgid(0, 0) = 0 [pid 4626] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4626] write(3, "1000", 4) = 4 [pid 4626] close(3) = 0 [pid 4626] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4626] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4626] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4626] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4626] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4627 attached , parent_tid=[4627], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4627 [pid 4627] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4627] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4626] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4627] <... futex resumed>) = 0 [pid 4626] <... futex resumed>) = 1 [pid 4626] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4627] memfd_create("syzkaller", 0) = 3 [pid 4627] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4627] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4627] munmap(0x7fdb59200000, 16777216) = 0 [pid 4627] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4627] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4627] close(3) = 0 [pid 4627] mkdir("./file0", 0777) = 0 [ 75.858566][ T4627] loop0: detected capacity change from 0 to 32768 [ 75.870265][ T4627] _btrfs_printk: 23 callbacks suppressed [ 75.870280][ T4627] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 75.885632][ T4627] BTRFS info (device loop0): force clearing of disk cache [ 75.893120][ T4627] BTRFS info (device loop0): setting nodatasum [ 75.899361][ T4627] BTRFS info (device loop0): allowing degraded mounts [ 75.906134][ T4627] BTRFS info (device loop0): enabling disk space caching [ 75.913243][ T4627] BTRFS info (device loop0): disk space caching is enabled [ 75.932136][ T4627] BTRFS info (device loop0): enabling ssd optimizations [ 75.940176][ T4627] BTRFS info (device loop0): clearing free space tree [ 75.947031][ T4627] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 4627] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4627] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4627] chdir("./file0") = 0 [pid 4627] ioctl(4, LOOP_CLR_FD) = 0 [pid 4627] close(4) = 0 [pid 4627] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4626] <... futex resumed>) = 0 [pid 4627] open("./file0", O_RDONLY [pid 4626] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4627] <... open resumed>) = 4 [pid 4626] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4627] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4626] <... futex resumed>) = 0 [pid 4626] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4626] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4627] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 4627] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4627] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4626] <... futex resumed>) = 0 [pid 4626] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4626] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4627] <... futex resumed>) = 0 [ 75.957670][ T4627] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 75.971148][ T4627] BTRFS info (device loop0): checking UUID tree [pid 4627] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 4627] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4626] <... futex resumed>) = 0 [pid 4626] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4627] creat("./bus", 000 [pid 4626] <... futex resumed>) = 0 [pid 4626] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4627] <... creat resumed>) = 6 [pid 4627] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4626] <... futex resumed>) = 0 [pid 4627] ftruncate(6, 2048 [pid 4626] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4626] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4627] <... ftruncate resumed>) = 0 [pid 4627] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4626] <... futex resumed>) = 0 [pid 4626] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4626] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4627] open("./bus", O_RDONLY) = 7 [pid 4627] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4627] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4626] <... futex resumed>) = 0 [pid 4627] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4626] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4627] sendfile(6, 7, NULL, 65536 [pid 4626] <... futex resumed>) = 0 [pid 4627] <... sendfile resumed>) = 2048 [pid 4626] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4627] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4626] <... futex resumed>) = 0 [pid 4627] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 4626] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4627] <... openat resumed>) = 8 [pid 4626] <... futex resumed>) = 0 [pid 4627] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4626] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4627] <... futex resumed>) = 0 [pid 4626] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4627] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 4626] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 76.035592][ T56] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 76.060606][ T4627] BTRFS info (device loop0): balance: start -s [ 76.068921][ T4627] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 4626] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4627] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4627] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4626] <... futex resumed>) = 0 [pid 4626] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4627] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 4626] <... futex resumed>) = 0 [pid 4626] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4627] <... ioctl resumed>) = 0 [pid 4627] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4626] <... futex resumed>) = 0 [pid 4627] <... futex resumed>) = 1 [pid 4627] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4626] exit_group(0 [pid 4627] <... futex resumed>) = ? [pid 4626] <... exit_group resumed>) = ? [pid 4627] +++ exited with 0 +++ [pid 4626] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4626, si_uid=0, si_status=0, si_utime=0, si_stime=29} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./45/binderfs") = 0 [ 76.092930][ T4627] BTRFS info (device loop0): balance: ended with status: 0 umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./45/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4647 ./strace-static-x86_64: Process 4647 attached [pid 4647] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4647] chdir("./46") = 0 [pid 4647] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4647] setpgid(0, 0) = 0 [pid 4647] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4647] write(3, "1000", 4) = 4 [pid 4647] close(3) = 0 [pid 4647] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4647] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4647] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4647] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4647] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4648], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4648 [pid 4647] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4647] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4648 attached [pid 4648] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4648] memfd_create("syzkaller", 0) = 3 [pid 4648] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [ 76.278664][ T14] cfg80211: failed to load regulatory.db [pid 4648] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4648] munmap(0x7fdb59200000, 16777216) = 0 [pid 4648] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4648] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4648] close(3) = 0 [pid 4648] mkdir("./file0", 0777) = 0 [ 76.430182][ T4648] loop0: detected capacity change from 0 to 32768 [ 76.443738][ T4648] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 76.453090][ T4648] BTRFS info (device loop0): force clearing of disk cache [ 76.460312][ T4648] BTRFS info (device loop0): setting nodatasum [ 76.466524][ T4648] BTRFS info (device loop0): allowing degraded mounts [ 76.473375][ T4648] BTRFS info (device loop0): enabling disk space caching [ 76.480429][ T4648] BTRFS info (device loop0): disk space caching is enabled [ 76.499442][ T4648] BTRFS info (device loop0): enabling ssd optimizations [ 76.507807][ T4648] BTRFS info (device loop0): clearing free space tree [ 76.514678][ T4648] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 4648] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4648] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4648] chdir("./file0") = 0 [pid 4648] ioctl(4, LOOP_CLR_FD) = 0 [pid 4648] close(4) = 0 [pid 4648] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4647] <... futex resumed>) = 0 [pid 4648] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4647] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4648] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4647] <... futex resumed>) = 0 [pid 4648] open("./file0", O_RDONLY [pid 4647] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4648] <... open resumed>) = 4 [pid 4648] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4647] <... futex resumed>) = 0 [pid 4648] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 4647] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 76.524768][ T4648] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 76.538936][ T4648] BTRFS info (device loop0): checking UUID tree [pid 4647] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4648] <... open resumed>) = 5 [pid 4648] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4647] <... futex resumed>) = 0 [pid 4648] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 4647] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4647] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4648] <... ioctl resumed>) = 0 [pid 4648] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4647] <... futex resumed>) = 0 [pid 4648] creat("./bus", 000 [pid 4647] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4648] <... creat resumed>) = 6 [pid 4647] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4648] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4647] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4648] <... futex resumed>) = 0 [pid 4647] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4648] ftruncate(6, 2048 [pid 4647] <... futex resumed>) = 0 [pid 4647] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4648] <... ftruncate resumed>) = 0 [pid 4648] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4647] <... futex resumed>) = 0 [pid 4648] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4647] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4648] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4647] <... futex resumed>) = 0 [pid 4648] open("./bus", O_RDONLY [pid 4647] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4648] <... open resumed>) = 7 [ 76.572481][ T27] kauditd_printk_skb: 8 callbacks suppressed [ 76.572494][ T27] audit: type=1800 audit(1670043457.075:94): pid=4648 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 4648] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4648] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4647] <... futex resumed>) = 0 [pid 4647] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4648] <... futex resumed>) = 0 [pid 4647] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4648] sendfile(6, 7, NULL, 65536) = 2048 [pid 4648] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4647] <... futex resumed>) = 0 [pid 4648] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 4647] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4648] <... openat resumed>) = 8 [pid 4647] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4648] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4647] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4648] <... futex resumed>) = 0 [pid 4647] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4648] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 4647] <... futex resumed>) = 0 [ 76.621324][ T27] audit: type=1804 audit(1670043457.125:95): pid=4648 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/46/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 76.644734][ T33] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 76.665607][ T4648] BTRFS info (device loop0): balance: start -s [pid 4647] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4648] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4648] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4647] <... futex resumed>) = 0 [pid 4647] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4648] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 4647] <... futex resumed>) = 0 [pid 4647] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4648] <... ioctl resumed>) = 0 [pid 4648] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4647] <... futex resumed>) = 0 [pid 4648] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4647] exit_group(0) = ? [pid 4648] <... futex resumed>) = ? [pid 4648] +++ exited with 0 +++ [pid 4647] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4647, si_uid=0, si_status=0, si_utime=3, si_stime=29} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./46/binderfs") = 0 [ 76.673401][ T4648] BTRFS info (device loop0): relocating block group 1048576 flags system [ 76.696741][ T4648] BTRFS info (device loop0): balance: ended with status: 0 umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./46/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4668 attached , child_tidptr=0x55555746f5d0) = 4668 [pid 4668] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4668] chdir("./47") = 0 [pid 4668] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4668] setpgid(0, 0) = 0 [pid 4668] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4668] write(3, "1000", 4) = 4 [pid 4668] close(3) = 0 [pid 4668] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4668] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4668] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4668] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4668] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4669], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4669 ./strace-static-x86_64: Process 4669 attached [pid 4669] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4669] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4668] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4669] <... futex resumed>) = 0 [pid 4668] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4669] memfd_create("syzkaller", 0) = 3 [pid 4669] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4669] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4669] munmap(0x7fdb59200000, 16777216) = 0 [pid 4669] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4669] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4669] close(3) = 0 [pid 4669] mkdir("./file0", 0777) = 0 [ 77.012498][ T4669] loop0: detected capacity change from 0 to 32768 [ 77.026594][ T4669] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 77.036186][ T4669] BTRFS info (device loop0): force clearing of disk cache [ 77.043653][ T4669] BTRFS info (device loop0): setting nodatasum [ 77.050078][ T4669] BTRFS info (device loop0): allowing degraded mounts [ 77.057137][ T4669] BTRFS info (device loop0): enabling disk space caching [ 77.064550][ T4669] BTRFS info (device loop0): disk space caching is enabled [ 77.084039][ T4669] BTRFS info (device loop0): enabling ssd optimizations [ 77.092412][ T4669] BTRFS info (device loop0): clearing free space tree [ 77.099256][ T4669] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 4669] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4669] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4669] chdir("./file0") = 0 [pid 4669] ioctl(4, LOOP_CLR_FD) = 0 [pid 4669] close(4) = 0 [pid 4669] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4668] <... futex resumed>) = 0 [pid 4669] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4668] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4669] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4668] <... futex resumed>) = 0 [pid 4669] open("./file0", O_RDONLY [pid 4668] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4669] <... open resumed>) = 4 [pid 4669] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4668] <... futex resumed>) = 0 [pid 4669] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4668] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4669] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4668] <... futex resumed>) = 0 [pid 4669] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 4668] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4669] <... open resumed>) = 5 [pid 4669] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4668] <... futex resumed>) = 0 [pid 4669] <... futex resumed>) = 1 [pid 4668] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4669] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 4668] <... futex resumed>) = 0 [pid 4668] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4669] <... ioctl resumed>) = 0 [pid 4669] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4668] <... futex resumed>) = 0 [pid 4669] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4668] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4669] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4668] <... futex resumed>) = 0 [pid 4669] creat("./bus", 000 [pid 4668] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4669] <... creat resumed>) = 6 [pid 4669] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4668] <... futex resumed>) = 0 [pid 4669] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4668] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4669] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4668] <... futex resumed>) = 0 [pid 4669] ftruncate(6, 2048 [pid 4668] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4669] <... ftruncate resumed>) = 0 [pid 4669] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4668] <... futex resumed>) = 0 [pid 4669] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4668] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4669] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4668] <... futex resumed>) = 0 [pid 4669] open("./bus", O_RDONLY [pid 4668] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4669] <... open resumed>) = 7 [ 77.109250][ T4669] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 77.122463][ T4669] BTRFS info (device loop0): checking UUID tree [ 77.141917][ T27] audit: type=1800 audit(1670043457.645:96): pid=4669 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 4669] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4669] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4668] <... futex resumed>) = 0 [pid 4668] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4669] <... futex resumed>) = 0 [pid 4668] <... futex resumed>) = 1 [pid 4669] sendfile(6, 7, NULL, 65536 [pid 4668] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4669] <... sendfile resumed>) = 2048 [pid 4669] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4668] <... futex resumed>) = 0 [pid 4669] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 4668] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4669] <... openat resumed>) = 8 [pid 4668] <... futex resumed>) = 0 [pid 4668] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4669] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4668] <... futex resumed>) = 0 [pid 4668] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4669] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 4668] <... futex resumed>) = 0 [ 77.192955][ T27] audit: type=1804 audit(1670043457.695:97): pid=4669 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/47/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 77.218941][ T56] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 4668] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4669] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4669] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4669] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4668] <... futex resumed>) = 0 [pid 4668] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4669] <... futex resumed>) = 0 [pid 4669] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 4668] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4669] <... ioctl resumed>) = 0 [pid 4669] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4669] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4668] <... futex resumed>) = 0 [ 77.242301][ T4669] BTRFS info (device loop0): balance: start -s [ 77.250922][ T4669] BTRFS info (device loop0): relocating block group 1048576 flags system [ 77.278682][ T4669] BTRFS info (device loop0): balance: ended with status: 0 [pid 4668] exit_group(0) = ? [pid 4669] <... futex resumed>) = ? [pid 4669] +++ exited with 0 +++ [pid 4668] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4668, si_uid=0, si_status=0, si_utime=1, si_stime=28} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./47/binderfs") = 0 umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./47/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4689 ./strace-static-x86_64: Process 4689 attached [pid 4689] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4689] chdir("./48") = 0 [pid 4689] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4689] setpgid(0, 0) = 0 [pid 4689] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4689] write(3, "1000", 4) = 4 [pid 4689] close(3) = 0 [pid 4689] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4689] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4689] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4689] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4689] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4690 attached , parent_tid=[4690], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4690 [pid 4690] set_robust_list(0x7fdb617f69e0, 24 [pid 4689] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4689] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4690] <... set_robust_list resumed>) = 0 [pid 4690] memfd_create("syzkaller", 0) = 3 [pid 4690] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4690] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4690] munmap(0x7fdb59200000, 16777216) = 0 [pid 4690] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4690] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4690] close(3) = 0 [pid 4690] mkdir("./file0", 0777) = 0 [ 77.597065][ T4690] loop0: detected capacity change from 0 to 32768 [ 77.620579][ T4690] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 77.629902][ T4690] BTRFS info (device loop0): force clearing of disk cache [ 77.637043][ T4690] BTRFS info (device loop0): setting nodatasum [ 77.643522][ T4690] BTRFS info (device loop0): allowing degraded mounts [ 77.650350][ T4690] BTRFS info (device loop0): enabling disk space caching [ 77.657442][ T4690] BTRFS info (device loop0): disk space caching is enabled [ 77.675676][ T4690] BTRFS info (device loop0): enabling ssd optimizations [ 77.683737][ T4690] BTRFS info (device loop0): clearing free space tree [pid 4690] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4690] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4690] chdir("./file0") = 0 [pid 4690] ioctl(4, LOOP_CLR_FD) = 0 [pid 4690] close(4) = 0 [pid 4690] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4689] <... futex resumed>) = 0 [pid 4689] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4690] open("./file0", O_RDONLY [pid 4689] <... futex resumed>) = 0 [pid 4689] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4690] <... open resumed>) = 4 [pid 4690] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4689] <... futex resumed>) = 0 [pid 4690] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 4689] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 77.690676][ T4690] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 77.700802][ T4690] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 77.714266][ T4690] BTRFS info (device loop0): checking UUID tree [pid 4689] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4690] <... open resumed>) = 5 [pid 4690] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4689] <... futex resumed>) = 0 [pid 4690] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 4689] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4689] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4690] <... ioctl resumed>) = 0 [pid 4690] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4689] <... futex resumed>) = 0 [pid 4690] creat("./bus", 000 [pid 4689] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4689] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4690] <... creat resumed>) = 6 [pid 4690] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4689] <... futex resumed>) = 0 [pid 4690] ftruncate(6, 2048 [pid 4689] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4689] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4690] <... ftruncate resumed>) = 0 [pid 4690] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4689] <... futex resumed>) = 0 [pid 4690] <... futex resumed>) = 1 [pid 4689] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4690] open("./bus", O_RDONLY [pid 4689] <... futex resumed>) = 0 [ 77.729549][ T27] audit: type=1800 audit(1670043458.235:98): pid=4690 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 4689] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4690] <... open resumed>) = 7 [pid 4690] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4689] <... futex resumed>) = 0 [pid 4690] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4689] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4690] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4689] <... futex resumed>) = 0 [pid 4690] sendfile(6, 7, NULL, 65536 [pid 4689] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4690] <... sendfile resumed>) = 2048 [pid 4690] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4689] <... futex resumed>) = 0 [pid 4690] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4689] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4690] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4689] <... futex resumed>) = 0 [pid 4690] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 4689] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4690] <... openat resumed>) = 8 [pid 4690] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4689] <... futex resumed>) = 0 [pid 4690] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 4689] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 77.769323][ T27] audit: type=1804 audit(1670043458.275:99): pid=4690 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/48/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 77.770364][ T56] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 77.812563][ T4690] BTRFS info (device loop0): balance: start -s [pid 4689] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4690] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4690] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4689] <... futex resumed>) = 0 [pid 4689] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4690] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 4689] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4690] <... ioctl resumed>) = 0 [pid 4690] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4689] <... futex resumed>) = 0 [pid 4690] <... futex resumed>) = 1 [pid 4689] exit_group(0 [pid 4690] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4689] <... exit_group resumed>) = ? [pid 4690] +++ exited with 0 +++ [pid 4689] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4689, si_uid=0, si_status=0, si_utime=1, si_stime=29} --- umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./48/binderfs") = 0 [ 77.820007][ T4690] BTRFS info (device loop0): relocating block group 1048576 flags system [ 77.840539][ T4690] BTRFS info (device loop0): balance: ended with status: 0 umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./48/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4709 ./strace-static-x86_64: Process 4709 attached [pid 4709] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4709] chdir("./49") = 0 [pid 4709] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4709] setpgid(0, 0) = 0 [pid 4709] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4709] write(3, "1000", 4) = 4 [pid 4709] close(3) = 0 [pid 4709] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4709] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4709] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4709] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4709] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4710 attached [pid 4710] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4710] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4709] <... clone resumed>, parent_tid=[4710], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4710 [pid 4709] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4710] <... futex resumed>) = 0 [pid 4709] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4710] memfd_create("syzkaller", 0) = 3 [pid 4710] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4710] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4710] munmap(0x7fdb59200000, 16777216) = 0 [pid 4710] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4710] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4710] close(3) = 0 [pid 4710] mkdir("./file0", 0777) = 0 [ 78.148042][ T4710] loop0: detected capacity change from 0 to 32768 [ 78.161392][ T4710] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 78.170718][ T4710] BTRFS info (device loop0): force clearing of disk cache [ 78.177964][ T4710] BTRFS info (device loop0): setting nodatasum [ 78.184194][ T4710] BTRFS info (device loop0): allowing degraded mounts [ 78.191070][ T4710] BTRFS info (device loop0): enabling disk space caching [ 78.198240][ T4710] BTRFS info (device loop0): disk space caching is enabled [ 78.217716][ T4710] BTRFS info (device loop0): enabling ssd optimizations [ 78.225395][ T4710] BTRFS info (device loop0): clearing free space tree [ 78.232401][ T4710] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 4710] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4710] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4710] chdir("./file0") = 0 [pid 4710] ioctl(4, LOOP_CLR_FD) = 0 [pid 4710] close(4) = 0 [pid 4710] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4710] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4709] <... futex resumed>) = 0 [pid 4709] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4709] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4710] <... futex resumed>) = 0 [pid 4710] open("./file0", O_RDONLY) = 4 [pid 4710] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4709] <... futex resumed>) = 0 [pid 4709] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4709] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 78.242123][ T4710] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 78.256254][ T4710] BTRFS info (device loop0): checking UUID tree [pid 4710] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 4710] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4709] <... futex resumed>) = 0 [pid 4710] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 4709] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4709] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4710] <... ioctl resumed>) = 0 [pid 4710] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4709] <... futex resumed>) = 0 [pid 4709] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4710] creat("./bus", 000 [pid 4709] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4710] <... creat resumed>) = 6 [pid 4710] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4709] <... futex resumed>) = 0 [pid 4710] <... futex resumed>) = 1 [pid 4709] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4709] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4710] ftruncate(6, 2048) = 0 [pid 4710] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4709] <... futex resumed>) = 0 [pid 4709] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4709] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 78.293788][ T27] audit: type=1800 audit(1670043458.795:100): pid=4710 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 4710] open("./bus", O_RDONLY) = 7 [pid 4710] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4709] <... futex resumed>) = 0 [pid 4710] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4709] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4710] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4709] <... futex resumed>) = 0 [pid 4710] sendfile(6, 7, NULL, 65536 [pid 4709] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4710] <... sendfile resumed>) = 2048 [pid 4710] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4709] <... futex resumed>) = 0 [pid 4710] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 4709] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4710] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 4709] <... futex resumed>) = 0 [pid 4710] <... openat resumed>) = 8 [pid 4709] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4710] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4709] <... futex resumed>) = 0 [pid 4710] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4709] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4710] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4709] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 78.338013][ T27] audit: type=1804 audit(1670043458.845:101): pid=4710 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/49/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 78.362358][ T56] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 4710] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 4709] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 4709] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4709] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 4709] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4709] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4730], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 4730 [pid 4709] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4709] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4710] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 ./strace-static-x86_64: Process 4730 attached [pid 4730] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 4730] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 4710] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 78.387709][ T4710] BTRFS info (device loop0): balance: start -s [ 78.395947][ T4710] BTRFS info (device loop0): relocating block group 1048576 flags system [ 78.423293][ T4710] BTRFS info (device loop0): balance: ended with status: 0 [pid 4710] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4730] <... ioctl resumed>) = 0 [pid 4730] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4709] <... futex resumed>) = 0 [pid 4709] exit_group(0) = ? [pid 4710] <... futex resumed>) = ? [pid 4730] +++ exited with 0 +++ [pid 4710] +++ exited with 0 +++ [pid 4709] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4709, si_uid=0, si_status=0, si_utime=3, si_stime=23} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./49/binderfs") = 0 umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./49/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4731 ./strace-static-x86_64: Process 4731 attached [pid 4731] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4731] chdir("./50") = 0 [pid 4731] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4731] setpgid(0, 0) = 0 [pid 4731] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4731] write(3, "1000", 4) = 4 [pid 4731] close(3) = 0 [pid 4731] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4731] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4731] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4731] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4731] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4732 attached , parent_tid=[4732], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4732 [pid 4732] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4732] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4731] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4732] <... futex resumed>) = 0 [pid 4732] memfd_create("syzkaller", 0) = 3 [pid 4732] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4731] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4732] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4732] munmap(0x7fdb59200000, 16777216) = 0 [pid 4732] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4732] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4732] close(3) = 0 [pid 4732] mkdir("./file0", 0777) = 0 [ 78.745872][ T4732] loop0: detected capacity change from 0 to 32768 [ 78.758479][ T4732] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 78.767761][ T4732] BTRFS info (device loop0): force clearing of disk cache [ 78.775051][ T4732] BTRFS info (device loop0): setting nodatasum [ 78.781690][ T4732] BTRFS info (device loop0): allowing degraded mounts [ 78.788716][ T4732] BTRFS info (device loop0): enabling disk space caching [ 78.795748][ T4732] BTRFS info (device loop0): disk space caching is enabled [ 78.812969][ T4732] BTRFS info (device loop0): enabling ssd optimizations [ 78.821154][ T4732] BTRFS info (device loop0): clearing free space tree [ 78.828302][ T4732] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 4732] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4732] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4732] chdir("./file0") = 0 [pid 4732] ioctl(4, LOOP_CLR_FD) = 0 [pid 4732] close(4) = 0 [pid 4732] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4731] <... futex resumed>) = 0 [pid 4732] open("./file0", O_RDONLY [pid 4731] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4731] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4732] <... open resumed>) = 4 [pid 4732] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4731] <... futex resumed>) = 0 [pid 4731] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4731] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4732] <... futex resumed>) = 1 [ 78.838183][ T4732] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 78.851854][ T4732] BTRFS info (device loop0): checking UUID tree [pid 4732] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 4732] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4731] <... futex resumed>) = 0 [pid 4732] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4731] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4732] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4731] <... futex resumed>) = 0 [pid 4732] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 4731] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4732] <... ioctl resumed>) = 0 [pid 4732] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4731] <... futex resumed>) = 0 [pid 4732] creat("./bus", 000 [pid 4731] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4732] <... creat resumed>) = 6 [pid 4731] <... futex resumed>) = 0 [pid 4732] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4731] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4732] <... futex resumed>) = 0 [pid 4731] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4732] ftruncate(6, 2048 [pid 4731] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4732] <... ftruncate resumed>) = 0 [pid 4731] <... futex resumed>) = 0 [pid 4732] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4731] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4732] <... futex resumed>) = 0 [pid 4731] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4732] open("./bus", O_RDONLY [pid 4731] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4732] <... open resumed>) = 7 [pid 4731] <... futex resumed>) = 0 [pid 4732] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4731] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4732] <... futex resumed>) = 0 [pid 4731] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4732] sendfile(6, 7, NULL, 65536 [pid 4731] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4732] <... sendfile resumed>) = 2048 [pid 4731] <... futex resumed>) = 0 [pid 4732] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4731] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4732] <... futex resumed>) = 0 [pid 4731] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4732] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 4731] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4732] <... openat resumed>) = 8 [pid 4731] <... futex resumed>) = 0 [pid 4732] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4731] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4732] <... futex resumed>) = 0 [pid 4731] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4732] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 4731] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 78.886279][ T27] audit: type=1800 audit(1670043459.385:102): pid=4732 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 4731] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 4731] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4731] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 4731] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4731] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4752], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 4752 [pid 4731] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4731] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4752 attached [pid 4752] set_robust_list(0x7fdb617d59e0, 24) = 0 [ 78.925679][ T27] audit: type=1804 audit(1670043459.425:103): pid=4732 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/50/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 78.948824][ T56] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 78.953737][ T4732] BTRFS info (device loop0): balance: start -s [ 78.965795][ T4732] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 4752] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 4752] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4731] <... futex resumed>) = 0 [pid 4752] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4732] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4732] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4732] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4731] exit_group(0 [pid 4752] <... futex resumed>) = ? [pid 4731] <... exit_group resumed>) = ? [pid 4752] +++ exited with 0 +++ [pid 4732] <... futex resumed>) = ? [pid 4732] +++ exited with 0 +++ [pid 4731] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4731, si_uid=0, si_status=0, si_utime=1, si_stime=30} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./50/binderfs") = 0 [ 79.004301][ T4732] BTRFS info (device loop0): balance: ended with status: 0 umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./50/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./50/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./50") = 0 mkdir("./51", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4753 ./strace-static-x86_64: Process 4753 attached [pid 4753] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4753] chdir("./51") = 0 [pid 4753] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4753] setpgid(0, 0) = 0 [pid 4753] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4753] write(3, "1000", 4) = 4 [pid 4753] close(3) = 0 [pid 4753] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4753] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4753] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4753] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4753] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4754], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4754 ./strace-static-x86_64: Process 4754 attached [pid 4754] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4754] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4753] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4754] <... futex resumed>) = 0 [pid 4753] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4754] memfd_create("syzkaller", 0) = 3 [pid 4754] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4754] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4754] munmap(0x7fdb59200000, 16777216) = 0 [pid 4754] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4754] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4754] close(3) = 0 [pid 4754] mkdir("./file0", 0777) = 0 [ 79.353102][ T4754] loop0: detected capacity change from 0 to 32768 [ 79.365074][ T4754] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 79.374742][ T4754] BTRFS info (device loop0): force clearing of disk cache [ 79.382150][ T4754] BTRFS info (device loop0): setting nodatasum [ 79.388508][ T4754] BTRFS info (device loop0): allowing degraded mounts [ 79.395274][ T4754] BTRFS info (device loop0): enabling disk space caching [ 79.402670][ T4754] BTRFS info (device loop0): disk space caching is enabled [ 79.421662][ T4754] BTRFS info (device loop0): enabling ssd optimizations [ 79.429512][ T4754] BTRFS info (device loop0): clearing free space tree [ 79.436392][ T4754] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 4754] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4754] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4754] chdir("./file0") = 0 [pid 4754] ioctl(4, LOOP_CLR_FD) = 0 [pid 4754] close(4) = 0 [pid 4754] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4754] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4753] <... futex resumed>) = 0 [pid 4753] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4754] <... futex resumed>) = 0 [pid 4753] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4754] open("./file0", O_RDONLY) = 4 [pid 4754] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4753] <... futex resumed>) = 0 [pid 4754] <... futex resumed>) = 1 [pid 4753] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4753] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4754] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 4754] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4753] <... futex resumed>) = 0 [ 79.446608][ T4754] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 4753] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4753] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4754] <... futex resumed>) = 1 [pid 4754] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 4754] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4753] <... futex resumed>) = 0 [pid 4754] <... futex resumed>) = 1 [pid 4753] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4754] creat("./bus", 000 [pid 4753] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4754] <... creat resumed>) = 6 [pid 4754] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4753] <... futex resumed>) = 0 [pid 4754] <... futex resumed>) = 1 [pid 4753] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4754] ftruncate(6, 2048 [pid 4753] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4754] <... ftruncate resumed>) = 0 [pid 4754] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4753] <... futex resumed>) = 0 [pid 4754] <... futex resumed>) = 1 [pid 4753] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4753] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4754] open("./bus", O_RDONLY) = 7 [pid 4754] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4753] <... futex resumed>) = 0 [pid 4754] <... futex resumed>) = 1 [pid 4753] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4753] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4754] sendfile(6, 7, NULL, 65536) = 2048 [pid 4754] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4754] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4753] <... futex resumed>) = 0 [pid 4753] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4754] <... futex resumed>) = 0 [pid 4753] <... futex resumed>) = 1 [pid 4753] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4754] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 4754] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4754] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4753] <... futex resumed>) = 0 [pid 4753] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4754] <... futex resumed>) = 0 [pid 4754] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 4753] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4754] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4754] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4754] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4753] <... futex resumed>) = 0 [pid 4753] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4754] <... futex resumed>) = 0 [pid 4754] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 4753] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4754] <... ioctl resumed>) = 0 [pid 4754] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4753] <... futex resumed>) = 0 [pid 4753] exit_group(0) = ? [pid 4754] <... futex resumed>) = ? [pid 4754] +++ exited with 0 +++ [pid 4753] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4753, si_uid=0, si_status=0, si_utime=0, si_stime=30} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./51/binderfs") = 0 umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./51/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./51/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./51") = 0 mkdir("./52", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4774 ./strace-static-x86_64: Process 4774 attached [pid 4774] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4774] chdir("./52") = 0 [pid 4774] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4774] setpgid(0, 0) = 0 [pid 4774] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4774] write(3, "1000", 4) = 4 [pid 4774] close(3) = 0 [pid 4774] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4774] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4774] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4774] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4774] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4775 attached , parent_tid=[4775], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4775 [pid 4774] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4774] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4775] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4775] memfd_create("syzkaller", 0) = 3 [pid 4775] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4775] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4775] munmap(0x7fdb59200000, 16777216) = 0 [pid 4775] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4775] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4775] close(3) = 0 [pid 4775] mkdir("./file0", 0777) = 0 [pid 4775] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4775] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4775] chdir("./file0") = 0 [pid 4775] ioctl(4, LOOP_CLR_FD) = 0 [pid 4775] close(4) = 0 [pid 4775] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4774] <... futex resumed>) = 0 [pid 4774] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4774] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4775] <... futex resumed>) = 1 [pid 4775] open("./file0", O_RDONLY) = 4 [pid 4775] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4774] <... futex resumed>) = 0 [pid 4774] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4774] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4775] <... futex resumed>) = 1 [pid 4775] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 4775] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4774] <... futex resumed>) = 0 [pid 4774] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4774] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4775] <... futex resumed>) = 1 [pid 4775] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 4775] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4774] <... futex resumed>) = 0 [pid 4774] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4774] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4775] <... futex resumed>) = 1 [ 79.891011][ T4775] loop0: detected capacity change from 0 to 32768 [pid 4775] creat("./bus", 000) = 6 [pid 4775] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4774] <... futex resumed>) = 0 [pid 4774] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4774] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4775] <... futex resumed>) = 1 [pid 4775] ftruncate(6, 2048) = 0 [pid 4775] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4774] <... futex resumed>) = 0 [pid 4774] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4774] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4775] <... futex resumed>) = 1 [pid 4775] open("./bus", O_RDONLY) = 7 [pid 4775] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4774] <... futex resumed>) = 0 [pid 4774] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4774] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4775] <... futex resumed>) = 1 [pid 4775] sendfile(6, 7, NULL, 65536) = 2048 [pid 4775] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4774] <... futex resumed>) = 0 [pid 4774] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4774] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4775] <... futex resumed>) = 1 [pid 4775] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 4775] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4774] <... futex resumed>) = 0 [pid 4774] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4774] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4775] <... futex resumed>) = 1 [pid 4775] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4775] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4774] <... futex resumed>) = 0 [pid 4774] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4774] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4775] <... futex resumed>) = 1 [pid 4775] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 4775] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4774] <... futex resumed>) = 0 [pid 4774] exit_group(0) = ? [pid 4775] <... futex resumed>) = ? [pid 4775] +++ exited with 0 +++ [pid 4774] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4774, si_uid=0, si_status=0, si_utime=2, si_stime=18} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./52/binderfs") = 0 umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./52/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./52/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./52") = 0 mkdir("./53", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4795 ./strace-static-x86_64: Process 4795 attached [pid 4795] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4795] chdir("./53") = 0 [pid 4795] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4795] setpgid(0, 0) = 0 [pid 4795] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4795] write(3, "1000", 4) = 4 [pid 4795] close(3) = 0 [pid 4795] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4795] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4795] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4795] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4795] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4796], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4796 [pid 4795] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4795] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4796 attached [pid 4796] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4796] memfd_create("syzkaller", 0) = 3 [pid 4796] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4796] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4796] munmap(0x7fdb59200000, 16777216) = 0 [pid 4796] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4796] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4796] close(3) = 0 [pid 4796] mkdir("./file0", 0777) = 0 [pid 4796] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4796] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4796] chdir("./file0") = 0 [pid 4796] ioctl(4, LOOP_CLR_FD) = 0 [pid 4796] close(4) = 0 [pid 4796] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4795] <... futex resumed>) = 0 [pid 4795] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4795] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4796] <... futex resumed>) = 1 [pid 4796] open("./file0", O_RDONLY) = 4 [pid 4796] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4795] <... futex resumed>) = 0 [pid 4795] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4795] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4796] <... futex resumed>) = 1 [pid 4796] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 4796] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4795] <... futex resumed>) = 0 [pid 4795] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4795] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4796] <... futex resumed>) = 1 [ 80.352830][ T4796] loop0: detected capacity change from 0 to 32768 [pid 4796] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 4796] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4795] <... futex resumed>) = 0 [pid 4795] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4795] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4796] <... futex resumed>) = 1 [pid 4796] creat("./bus", 000) = 6 [pid 4796] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4795] <... futex resumed>) = 0 [pid 4795] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4795] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4796] <... futex resumed>) = 1 [pid 4796] ftruncate(6, 2048) = 0 [pid 4796] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4795] <... futex resumed>) = 0 [pid 4795] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4795] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4796] <... futex resumed>) = 1 [pid 4796] open("./bus", O_RDONLY) = 7 [pid 4796] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4795] <... futex resumed>) = 0 [pid 4795] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4795] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4796] <... futex resumed>) = 1 [pid 4796] sendfile(6, 7, NULL, 65536) = 2048 [pid 4796] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4795] <... futex resumed>) = 0 [pid 4795] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4795] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4796] <... futex resumed>) = 1 [pid 4796] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 4796] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4795] <... futex resumed>) = 0 [pid 4795] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4795] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4796] <... futex resumed>) = 1 [pid 4796] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4796] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4795] <... futex resumed>) = 0 [pid 4795] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4795] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4796] <... futex resumed>) = 1 [pid 4796] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 4796] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4795] <... futex resumed>) = 0 [pid 4795] exit_group(0) = ? [pid 4796] <... futex resumed>) = ? [pid 4796] +++ exited with 0 +++ [pid 4795] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4795, si_uid=0, si_status=0, si_utime=1, si_stime=22} --- umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./53/binderfs") = 0 umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./53/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./53/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./53") = 0 mkdir("./54", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4816 ./strace-static-x86_64: Process 4816 attached [pid 4816] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4816] chdir("./54") = 0 [pid 4816] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4816] setpgid(0, 0) = 0 [pid 4816] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4816] write(3, "1000", 4) = 4 [pid 4816] close(3) = 0 [pid 4816] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4816] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4816] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4816] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4816] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4817], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4817 [pid 4816] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4816] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4817 attached [pid 4817] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4817] memfd_create("syzkaller", 0) = 3 [pid 4817] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4817] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4817] munmap(0x7fdb59200000, 16777216) = 0 [pid 4817] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4817] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4817] close(3) = 0 [pid 4817] mkdir("./file0", 0777) = 0 [pid 4817] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4817] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4817] chdir("./file0") = 0 [pid 4817] ioctl(4, LOOP_CLR_FD) = 0 [pid 4817] close(4) = 0 [pid 4817] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4816] <... futex resumed>) = 0 [pid 4816] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4816] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4817] <... futex resumed>) = 1 [pid 4817] open("./file0", O_RDONLY) = 4 [pid 4817] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4816] <... futex resumed>) = 0 [pid 4816] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4816] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4817] <... futex resumed>) = 1 [pid 4817] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 4817] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4816] <... futex resumed>) = 0 [pid 4816] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4816] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4817] <... futex resumed>) = 1 [ 80.826175][ T4817] loop0: detected capacity change from 0 to 32768 [pid 4817] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 4817] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4816] <... futex resumed>) = 0 [pid 4816] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4816] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4817] <... futex resumed>) = 1 [pid 4817] creat("./bus", 000) = 6 [pid 4817] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4816] <... futex resumed>) = 0 [pid 4816] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4816] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4817] <... futex resumed>) = 1 [pid 4817] ftruncate(6, 2048) = 0 [pid 4817] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4816] <... futex resumed>) = 0 [pid 4816] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4816] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4817] <... futex resumed>) = 1 [pid 4817] open("./bus", O_RDONLY) = 7 [pid 4817] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4816] <... futex resumed>) = 0 [pid 4816] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4816] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4817] <... futex resumed>) = 1 [pid 4817] sendfile(6, 7, NULL, 65536) = 2048 [pid 4817] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4816] <... futex resumed>) = 0 [pid 4816] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4816] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4817] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 4817] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4816] <... futex resumed>) = 0 [pid 4816] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4816] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4817] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 4816] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 4816] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 4816] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 4816] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4816] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 4816] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4816] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4837], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 4837 [pid 4816] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 80.910932][ T9] _btrfs_printk: 46 callbacks suppressed [ 80.910949][ T9] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 80.927033][ T4817] BTRFS info (device loop0): balance: start -s [ 80.936058][ T4817] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 4816] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4837 attached [pid 4837] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 4837] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 4817] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4817] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4837] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4817] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4816] <... futex resumed>) = 0 [pid 4816] exit_group(0) = ? [pid 4837] <... futex resumed>) = ? [pid 4817] <... futex resumed>) = ? [pid 4837] +++ exited with 0 +++ [pid 4817] +++ exited with 0 +++ [pid 4816] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4816, si_uid=0, si_status=0, si_utime=2, si_stime=20} --- umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./54/binderfs") = 0 [ 80.967736][ T4817] BTRFS info (device loop0): balance: ended with status: 0 umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./54/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./54/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./54") = 0 mkdir("./55", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4838 ./strace-static-x86_64: Process 4838 attached [pid 4838] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4838] chdir("./55") = 0 [pid 4838] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4838] setpgid(0, 0) = 0 [pid 4838] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4838] write(3, "1000", 4) = 4 [pid 4838] close(3) = 0 [pid 4838] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4838] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4838] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4838] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4838] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4839], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4839 [pid 4838] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4838] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4839 attached [pid 4839] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4839] memfd_create("syzkaller", 0) = 3 [pid 4839] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4839] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4839] munmap(0x7fdb59200000, 16777216) = 0 [pid 4839] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4839] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4839] close(3) = 0 [pid 4839] mkdir("./file0", 0777) = 0 [ 81.303212][ T4839] loop0: detected capacity change from 0 to 32768 [ 81.317792][ T4839] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 81.327087][ T4839] BTRFS info (device loop0): force clearing of disk cache [ 81.334283][ T4839] BTRFS info (device loop0): setting nodatasum [ 81.340507][ T4839] BTRFS info (device loop0): allowing degraded mounts [ 81.347503][ T4839] BTRFS info (device loop0): enabling disk space caching [ 81.354532][ T4839] BTRFS info (device loop0): disk space caching is enabled [ 81.371961][ T4839] BTRFS info (device loop0): enabling ssd optimizations [ 81.379692][ T4839] BTRFS info (device loop0): clearing free space tree [ 81.386566][ T4839] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 4839] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4839] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4839] chdir("./file0") = 0 [pid 4839] ioctl(4, LOOP_CLR_FD) = 0 [pid 4839] close(4) = 0 [pid 4839] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4838] <... futex resumed>) = 0 [pid 4839] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4838] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4839] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4838] <... futex resumed>) = 0 [pid 4839] open("./file0", O_RDONLY) = 4 [pid 4838] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4839] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4838] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4839] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4838] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4839] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4838] <... futex resumed>) = 0 [pid 4839] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 4838] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4839] <... open resumed>) = 5 [pid 4839] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4838] <... futex resumed>) = 0 [pid 4839] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4838] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4839] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4838] <... futex resumed>) = 0 [pid 4839] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 4838] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4839] <... ioctl resumed>) = 0 [pid 4839] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4838] <... futex resumed>) = 0 [pid 4839] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4838] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4839] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4838] <... futex resumed>) = 0 [pid 4839] creat("./bus", 000 [pid 4838] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4839] <... creat resumed>) = 6 [pid 4839] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4838] <... futex resumed>) = 0 [pid 4838] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 81.396721][ T4839] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 81.410955][ T4839] BTRFS info (device loop0): checking UUID tree [pid 4838] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4839] ftruncate(6, 2048) = 0 [pid 4839] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4838] <... futex resumed>) = 0 [pid 4839] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4838] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4839] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4838] <... futex resumed>) = 0 [pid 4839] open("./bus", O_RDONLY [pid 4838] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4839] <... open resumed>) = 7 [pid 4839] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4839] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4838] <... futex resumed>) = 0 [pid 4838] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4839] <... futex resumed>) = 0 [pid 4838] <... futex resumed>) = 1 [pid 4839] sendfile(6, 7, NULL, 65536 [pid 4838] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4839] <... sendfile resumed>) = 2048 [pid 4839] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4838] <... futex resumed>) = 0 [pid 4839] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 4838] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4839] <... openat resumed>) = 8 [pid 4838] <... futex resumed>) = 0 [pid 4838] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4839] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4838] <... futex resumed>) = 0 [pid 4839] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 4838] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 81.456123][ T9] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 81.479144][ T4839] BTRFS info (device loop0): balance: start -s [ 81.486911][ T4839] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 4838] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4839] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4839] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4839] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4838] <... futex resumed>) = 0 [pid 4838] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4838] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4839] <... futex resumed>) = 0 [pid 4839] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 4839] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4838] <... futex resumed>) = 0 [pid 4839] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4838] exit_group(0 [pid 4839] <... futex resumed>) = ? [pid 4838] <... exit_group resumed>) = ? [pid 4839] +++ exited with 0 +++ [pid 4838] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4838, si_uid=0, si_status=0, si_utime=2, si_stime=28} --- umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./55/binderfs") = 0 [ 81.509890][ T4839] BTRFS info (device loop0): balance: ended with status: 0 umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./55/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./55/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./55") = 0 mkdir("./56", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4860 ./strace-static-x86_64: Process 4860 attached [pid 4860] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4860] chdir("./56") = 0 [pid 4860] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4860] setpgid(0, 0) = 0 [pid 4860] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4860] write(3, "1000", 4) = 4 [pid 4860] close(3) = 0 [pid 4860] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4860] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4860] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4860] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4860] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4861 attached , parent_tid=[4861], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4861 [pid 4861] set_robust_list(0x7fdb617f69e0, 24 [pid 4860] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4861] <... set_robust_list resumed>) = 0 [pid 4860] <... futex resumed>) = 0 [pid 4860] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4861] memfd_create("syzkaller", 0) = 3 [pid 4861] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4861] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4861] munmap(0x7fdb59200000, 16777216) = 0 [pid 4861] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4861] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4861] close(3) = 0 [pid 4861] mkdir("./file0", 0777) = 0 [ 81.839831][ T4861] loop0: detected capacity change from 0 to 32768 [ 81.853089][ T4861] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 81.862378][ T4861] BTRFS info (device loop0): force clearing of disk cache [ 81.870108][ T4861] BTRFS info (device loop0): setting nodatasum [ 81.876283][ T4861] BTRFS info (device loop0): allowing degraded mounts [ 81.883241][ T4861] BTRFS info (device loop0): enabling disk space caching [ 81.890459][ T4861] BTRFS info (device loop0): disk space caching is enabled [ 81.909195][ T4861] BTRFS info (device loop0): enabling ssd optimizations [ 81.916982][ T4861] BTRFS info (device loop0): clearing free space tree [ 81.924233][ T4861] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 4861] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4861] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4861] chdir("./file0") = 0 [pid 4861] ioctl(4, LOOP_CLR_FD) = 0 [pid 4861] close(4) = 0 [pid 4861] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4860] <... futex resumed>) = 0 [pid 4860] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4860] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4861] <... futex resumed>) = 1 [pid 4861] open("./file0", O_RDONLY) = 4 [pid 4861] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4860] <... futex resumed>) = 0 [pid 4860] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4861] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 4860] <... futex resumed>) = 0 [ 81.934185][ T4861] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 81.947944][ T4861] BTRFS info (device loop0): checking UUID tree [pid 4860] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4861] <... open resumed>) = 5 [pid 4861] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4860] <... futex resumed>) = 0 [pid 4861] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4860] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4861] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4860] <... futex resumed>) = 0 [pid 4861] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 4860] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4861] <... ioctl resumed>) = 0 [pid 4861] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4860] <... futex resumed>) = 0 [pid 4861] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4860] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4861] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4860] <... futex resumed>) = 0 [pid 4861] creat("./bus", 000 [pid 4860] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4861] <... creat resumed>) = 6 [pid 4861] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4860] <... futex resumed>) = 0 [pid 4861] ftruncate(6, 2048 [pid 4860] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4861] <... ftruncate resumed>) = 0 [pid 4860] <... futex resumed>) = 0 [pid 4861] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4860] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4861] <... futex resumed>) = 0 [pid 4860] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4861] open("./bus", O_RDONLY [pid 4860] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4861] <... open resumed>) = 7 [pid 4860] <... futex resumed>) = 0 [pid 4861] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4860] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4861] <... futex resumed>) = 0 [pid 4860] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4861] sendfile(6, 7, NULL, 65536 [pid 4860] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4861] <... sendfile resumed>) = 2048 [pid 4860] <... futex resumed>) = 0 [pid 4861] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4860] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4861] <... futex resumed>) = 0 [pid 4860] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4861] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 4860] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4861] <... openat resumed>) = 8 [pid 4860] <... futex resumed>) = 0 [pid 4861] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4860] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4861] <... futex resumed>) = 0 [pid 4860] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 81.989514][ T27] kauditd_printk_skb: 10 callbacks suppressed [ 81.989528][ T27] audit: type=1800 audit(1670043462.495:114): pid=4861 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 82.024308][ T56] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 4861] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 4860] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4860] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 4860] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4860] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [ 82.038267][ T27] audit: type=1804 audit(1670043462.515:115): pid=4861 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/56/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 82.069917][ T4861] BTRFS info (device loop0): balance: start -s [ 82.078980][ T4861] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 4860] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4860] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4881], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 4881 [pid 4860] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4860] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4881 attached [pid 4881] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 4881] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 4881] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4861] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4881] <... futex resumed>) = 1 [pid 4861] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4860] <... futex resumed>) = 0 [pid 4881] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4861] <... futex resumed>) = 0 [pid 4860] exit_group(0 [pid 4881] <... futex resumed>) = ? [pid 4860] <... exit_group resumed>) = ? [pid 4881] +++ exited with 0 +++ [pid 4861] +++ exited with 0 +++ [pid 4860] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4860, si_uid=0, si_status=0, si_utime=6, si_stime=29} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./56/binderfs") = 0 [ 82.125549][ T4861] BTRFS info (device loop0): balance: ended with status: 0 umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./56/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./56/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./56") = 0 mkdir("./57", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4882 ./strace-static-x86_64: Process 4882 attached [pid 4882] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4882] chdir("./57") = 0 [pid 4882] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4882] setpgid(0, 0) = 0 [pid 4882] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4882] write(3, "1000", 4) = 4 [pid 4882] close(3) = 0 [pid 4882] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4882] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4882] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4882] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4882] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4883 attached , parent_tid=[4883], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4883 [pid 4883] set_robust_list(0x7fdb617f69e0, 24 [pid 4882] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4883] <... set_robust_list resumed>) = 0 [pid 4882] <... futex resumed>) = 0 [pid 4883] memfd_create("syzkaller", 0 [pid 4882] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4883] <... memfd_create resumed>) = 3 [pid 4883] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4883] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4883] munmap(0x7fdb59200000, 16777216) = 0 [pid 4883] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4883] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4883] close(3) = 0 [pid 4883] mkdir("./file0", 0777) = 0 [ 82.437881][ T4883] loop0: detected capacity change from 0 to 32768 [ 82.449619][ T4883] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 82.458994][ T4883] BTRFS info (device loop0): force clearing of disk cache [ 82.466105][ T4883] BTRFS info (device loop0): setting nodatasum [ 82.472323][ T4883] BTRFS info (device loop0): allowing degraded mounts [ 82.479165][ T4883] BTRFS info (device loop0): enabling disk space caching [ 82.486182][ T4883] BTRFS info (device loop0): disk space caching is enabled [ 82.504399][ T4883] BTRFS info (device loop0): enabling ssd optimizations [ 82.512129][ T4883] BTRFS info (device loop0): clearing free space tree [ 82.519486][ T4883] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 4883] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4883] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4883] chdir("./file0") = 0 [pid 4883] ioctl(4, LOOP_CLR_FD) = 0 [pid 4883] close(4) = 0 [pid 4883] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4882] <... futex resumed>) = 0 [pid 4882] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4882] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4883] <... futex resumed>) = 1 [pid 4883] open("./file0", O_RDONLY) = 4 [pid 4883] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4882] <... futex resumed>) = 0 [pid 4883] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 4882] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 82.529483][ T4883] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 82.542673][ T4883] BTRFS info (device loop0): checking UUID tree [pid 4882] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4883] <... open resumed>) = 5 [pid 4883] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4883] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4882] <... futex resumed>) = 0 [pid 4882] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4883] <... futex resumed>) = 0 [pid 4882] <... futex resumed>) = 1 [pid 4883] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 4882] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4883] <... ioctl resumed>) = 0 [pid 4883] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4882] <... futex resumed>) = 0 [pid 4883] <... futex resumed>) = 1 [pid 4882] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4883] creat("./bus", 000 [pid 4882] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4883] <... creat resumed>) = 6 [pid 4883] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4882] <... futex resumed>) = 0 [pid 4883] ftruncate(6, 2048 [pid 4882] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4882] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4883] <... ftruncate resumed>) = 0 [pid 4883] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4882] <... futex resumed>) = 0 [pid 4882] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4883] open("./bus", O_RDONLY [pid 4882] <... futex resumed>) = 0 [pid 4882] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4883] <... open resumed>) = 7 [pid 4883] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4882] <... futex resumed>) = 0 [pid 4883] sendfile(6, 7, NULL, 65536 [pid 4882] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4882] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4883] <... sendfile resumed>) = 2048 [ 82.585353][ T27] audit: type=1800 audit(1670043463.085:116): pid=4883 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 4883] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4882] <... futex resumed>) = 0 [pid 4882] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4883] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 4882] <... futex resumed>) = 0 [pid 4882] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4883] <... openat resumed>) = 8 [pid 4883] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4882] <... futex resumed>) = 0 [pid 4882] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4883] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 4882] <... futex resumed>) = 0 [ 82.632632][ T33] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 82.650252][ T4883] BTRFS info (device loop0): balance: start -s [ 82.667692][ T4883] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 4882] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 4882] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4882] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 4882] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4882] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4903], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 4903 [pid 4882] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4882] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4903 attached [pid 4903] set_robust_list(0x7fdb617d59e0, 24) = 0 [ 82.677359][ T27] audit: type=1804 audit(1670043463.135:117): pid=4883 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/57/file0/bus" dev="loop0" ino=263 res=1 errno=0 [pid 4903] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 4903] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4882] <... futex resumed>) = 0 [pid 4903] <... futex resumed>) = 1 [pid 4903] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4883] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4883] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4882] exit_group(0 [pid 4903] <... futex resumed>) = ? [pid 4882] <... exit_group resumed>) = ? [pid 4903] +++ exited with 0 +++ [pid 4883] +++ exited with 0 +++ [pid 4882] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4882, si_uid=0, si_status=0, si_utime=1, si_stime=28} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./57/binderfs") = 0 [ 82.744690][ T4883] BTRFS info (device loop0): balance: ended with status: 0 umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./57/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./57/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./57") = 0 mkdir("./58", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4904 ./strace-static-x86_64: Process 4904 attached [pid 4904] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4904] chdir("./58") = 0 [pid 4904] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4904] setpgid(0, 0) = 0 [pid 4904] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4904] write(3, "1000", 4) = 4 [pid 4904] close(3) = 0 [pid 4904] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4904] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4904] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4904] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4904] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4905], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4905 [pid 4904] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4904] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4905 attached [pid 4905] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4905] memfd_create("syzkaller", 0) = 3 [pid 4905] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4905] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4905] munmap(0x7fdb59200000, 16777216) = 0 [pid 4905] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4905] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4905] close(3) = 0 [pid 4905] mkdir("./file0", 0777) = 0 [ 83.065767][ T4905] loop0: detected capacity change from 0 to 32768 [ 83.079525][ T4905] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 83.088823][ T4905] BTRFS info (device loop0): force clearing of disk cache [ 83.095955][ T4905] BTRFS info (device loop0): setting nodatasum [ 83.102250][ T4905] BTRFS info (device loop0): allowing degraded mounts [ 83.109106][ T4905] BTRFS info (device loop0): enabling disk space caching [ 83.116133][ T4905] BTRFS info (device loop0): disk space caching is enabled [ 83.135306][ T4905] BTRFS info (device loop0): enabling ssd optimizations [ 83.143384][ T4905] BTRFS info (device loop0): clearing free space tree [ 83.150590][ T4905] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 4905] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4905] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4905] chdir("./file0") = 0 [pid 4905] ioctl(4, LOOP_CLR_FD) = 0 [pid 4905] close(4) = 0 [pid 4905] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4904] <... futex resumed>) = 0 [pid 4905] open("./file0", O_RDONLY [pid 4904] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4905] <... open resumed>) = 4 [pid 4904] <... futex resumed>) = 0 [pid 4905] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4904] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4905] <... futex resumed>) = 0 [pid 4904] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4905] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 4904] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 83.160570][ T4905] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 83.174783][ T4905] BTRFS info (device loop0): checking UUID tree [pid 4904] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4905] <... open resumed>) = 5 [pid 4905] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4904] <... futex resumed>) = 0 [pid 4905] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4904] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4905] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4904] <... futex resumed>) = 0 [pid 4905] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 4904] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4905] <... ioctl resumed>) = 0 [pid 4905] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4904] <... futex resumed>) = 0 [pid 4905] creat("./bus", 000 [pid 4904] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4905] <... creat resumed>) = 6 [pid 4904] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4905] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4904] <... futex resumed>) = 0 [pid 4905] ftruncate(6, 2048 [pid 4904] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4905] <... ftruncate resumed>) = 0 [pid 4904] <... futex resumed>) = 0 [pid 4905] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4904] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4905] <... futex resumed>) = 0 [pid 4904] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4905] open("./bus", O_RDONLY [pid 4904] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4905] <... open resumed>) = 7 [pid 4904] <... futex resumed>) = 0 [pid 4905] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4904] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4905] <... futex resumed>) = 0 [pid 4904] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4905] sendfile(6, 7, NULL, 65536 [pid 4904] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4905] <... sendfile resumed>) = 2048 [pid 4904] <... futex resumed>) = 0 [pid 4905] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4904] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4905] <... futex resumed>) = 0 [pid 4904] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4905] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 4904] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4905] <... openat resumed>) = 8 [pid 4904] <... futex resumed>) = 0 [pid 4904] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4905] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4904] <... futex resumed>) = 0 [pid 4904] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4904] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4905] <... futex resumed>) = 1 [ 83.205461][ T27] audit: type=1800 audit(1670043463.705:118): pid=4905 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 83.236222][ T27] audit: type=1804 audit(1670043463.735:119): pid=4905 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/58/file0/bus" dev="loop0" ino=263 res=1 errno=0 [pid 4905] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 4904] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 4904] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 4904] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4904] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 4904] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4904] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4925], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 4925 [pid 4904] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4904] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4925 attached [pid 4925] set_robust_list(0x7fdb617d59e0, 24) = 0 [ 83.262582][ T33] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 83.274430][ T4905] BTRFS info (device loop0): balance: start -s [ 83.282790][ T4905] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 4925] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 4925] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4904] <... futex resumed>) = 0 [pid 4925] <... futex resumed>) = 1 [pid 4925] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4905] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4905] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4905] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4904] exit_group(0 [pid 4925] <... futex resumed>) = ? [pid 4904] <... exit_group resumed>) = ? [pid 4925] +++ exited with 0 +++ [pid 4905] <... futex resumed>) = ? [pid 4905] +++ exited with 0 +++ [pid 4904] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4904, si_uid=0, si_status=0, si_utime=2, si_stime=24} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./58", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./58/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./58/binderfs") = 0 [ 83.335433][ T4905] BTRFS info (device loop0): balance: ended with status: 0 umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./58/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./58/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./58") = 0 mkdir("./59", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4926 ./strace-static-x86_64: Process 4926 attached [pid 4926] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4926] chdir("./59") = 0 [pid 4926] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4926] setpgid(0, 0) = 0 [pid 4926] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4926] write(3, "1000", 4) = 4 [pid 4926] close(3) = 0 [pid 4926] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4926] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4926] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4926] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4926] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4927], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4927 [pid 4926] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4926] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4927 attached [pid 4927] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4927] memfd_create("syzkaller", 0) = 3 [pid 4927] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4927] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4927] munmap(0x7fdb59200000, 16777216) = 0 [pid 4927] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4927] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4927] close(3) = 0 [pid 4927] mkdir("./file0", 0777) = 0 [ 83.635367][ T4927] loop0: detected capacity change from 0 to 32768 [ 83.648726][ T4927] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 83.658114][ T4927] BTRFS info (device loop0): force clearing of disk cache [ 83.665228][ T4927] BTRFS info (device loop0): setting nodatasum [ 83.671635][ T4927] BTRFS info (device loop0): allowing degraded mounts [ 83.678621][ T4927] BTRFS info (device loop0): enabling disk space caching [ 83.685656][ T4927] BTRFS info (device loop0): disk space caching is enabled [ 83.705905][ T4927] BTRFS info (device loop0): enabling ssd optimizations [ 83.713822][ T4927] BTRFS info (device loop0): clearing free space tree [ 83.720766][ T4927] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 4927] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4927] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4927] chdir("./file0") = 0 [pid 4927] ioctl(4, LOOP_CLR_FD) = 0 [pid 4927] close(4) = 0 [pid 4927] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4926] <... futex resumed>) = 0 [pid 4926] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4927] open("./file0", O_RDONLY [pid 4926] <... futex resumed>) = 0 [pid 4927] <... open resumed>) = 4 [pid 4926] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4927] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4926] <... futex resumed>) = 0 [ 83.730514][ T4927] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 83.744132][ T4927] BTRFS info (device loop0): checking UUID tree [pid 4926] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4927] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 4926] <... futex resumed>) = 0 [pid 4926] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4927] <... open resumed>) = 5 [pid 4927] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4926] <... futex resumed>) = 0 [pid 4927] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 4926] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4926] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4927] <... ioctl resumed>) = 0 [pid 4927] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4926] <... futex resumed>) = 0 [pid 4926] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4927] creat("./bus", 000 [pid 4926] <... futex resumed>) = 0 [pid 4926] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4927] <... creat resumed>) = 6 [pid 4927] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4926] <... futex resumed>) = 0 [pid 4927] ftruncate(6, 2048 [pid 4926] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4926] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4927] <... ftruncate resumed>) = 0 [pid 4927] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4926] <... futex resumed>) = 0 [pid 4927] open("./bus", O_RDONLY [pid 4926] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4926] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4927] <... open resumed>) = 7 [pid 4927] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4926] <... futex resumed>) = 0 [pid 4927] sendfile(6, 7, NULL, 65536 [ 83.771476][ T27] audit: type=1800 audit(1670043464.275:120): pid=4927 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 4926] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4926] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4927] <... sendfile resumed>) = 2048 [pid 4927] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4927] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4926] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4926] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4927] <... futex resumed>) = 0 [pid 4926] <... futex resumed>) = 1 [pid 4927] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 4926] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4927] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4927] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4926] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4926] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4927] <... futex resumed>) = 0 [pid 4926] <... futex resumed>) = 1 [pid 4927] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 83.814385][ T27] audit: type=1804 audit(1670043464.315:121): pid=4927 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/59/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 83.827319][ T33] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 83.855704][ T4927] BTRFS info (device loop0): balance: start -s [ 83.863993][ T4927] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 4926] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 4927] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4926] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4927] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4926] <... futex resumed>) = 0 [pid 4927] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4926] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 4926] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4926] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4947 attached , parent_tid=[4947], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 4947 [pid 4947] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 4947] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4926] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4926] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4947] <... futex resumed>) = 0 [pid 4947] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 4947] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4947] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4926] <... futex resumed>) = 0 [pid 4926] exit_group(0 [pid 4927] <... futex resumed>) = ? [pid 4926] <... exit_group resumed>) = ? [pid 4927] +++ exited with 0 +++ [pid 4947] <... futex resumed>) = ? [pid 4947] +++ exited with 0 +++ [pid 4926] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4926, si_uid=0, si_status=0, si_utime=3, si_stime=29} --- umount2("./59", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 83.891921][ T4927] BTRFS info (device loop0): balance: ended with status: 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./59/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./59/binderfs") = 0 umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./59/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./59/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./59") = 0 mkdir("./60", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4948 ./strace-static-x86_64: Process 4948 attached [pid 4948] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4948] chdir("./60") = 0 [pid 4948] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4948] setpgid(0, 0) = 0 [pid 4948] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4948] write(3, "1000", 4) = 4 [pid 4948] close(3) = 0 [pid 4948] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4948] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4948] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4948] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4948] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4949], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4949 ./strace-static-x86_64: Process 4949 attached [pid 4949] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4949] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4948] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4949] <... futex resumed>) = 0 [pid 4948] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4949] memfd_create("syzkaller", 0) = 3 [pid 4949] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4949] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4949] munmap(0x7fdb59200000, 16777216) = 0 [pid 4949] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4949] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4949] close(3) = 0 [pid 4949] mkdir("./file0", 0777) = 0 [ 84.242126][ T4949] loop0: detected capacity change from 0 to 32768 [ 84.256009][ T4949] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 84.265320][ T4949] BTRFS info (device loop0): force clearing of disk cache [ 84.272474][ T4949] BTRFS info (device loop0): setting nodatasum [ 84.278676][ T4949] BTRFS info (device loop0): allowing degraded mounts [ 84.285447][ T4949] BTRFS info (device loop0): enabling disk space caching [ 84.292522][ T4949] BTRFS info (device loop0): disk space caching is enabled [ 84.312604][ T4949] BTRFS info (device loop0): enabling ssd optimizations [ 84.320599][ T4949] BTRFS info (device loop0): clearing free space tree [ 84.327483][ T4949] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 4949] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4949] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4949] chdir("./file0") = 0 [pid 4949] ioctl(4, LOOP_CLR_FD) = 0 [pid 4949] close(4) = 0 [pid 4949] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4948] <... futex resumed>) = 0 [pid 4949] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 4948] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4949] open("./file0", O_RDONLY) = 4 [pid 4948] <... futex resumed>) = 0 [pid 4949] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4948] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4949] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4948] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4948] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4949] <... futex resumed>) = 0 [pid 4948] <... futex resumed>) = 1 [pid 4949] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [ 84.337125][ T4949] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 84.350602][ T4949] BTRFS info (device loop0): checking UUID tree [pid 4948] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4949] <... open resumed>) = 5 [pid 4949] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4948] <... futex resumed>) = 0 [pid 4949] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4948] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4949] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4948] <... futex resumed>) = 0 [pid 4949] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 4948] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4949] <... ioctl resumed>) = 0 [pid 4949] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4948] <... futex resumed>) = 0 [pid 4949] creat("./bus", 000 [pid 4948] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4948] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4949] <... creat resumed>) = 6 [pid 4949] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4948] <... futex resumed>) = 0 [pid 4949] ftruncate(6, 2048 [pid 4948] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4949] <... ftruncate resumed>) = 0 [pid 4948] <... futex resumed>) = 0 [pid 4949] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4948] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4949] <... futex resumed>) = 0 [pid 4948] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4949] open("./bus", O_RDONLY [pid 4948] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4949] <... open resumed>) = 7 [pid 4948] <... futex resumed>) = 0 [pid 4949] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4948] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4949] <... futex resumed>) = 0 [pid 4948] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4949] sendfile(6, 7, NULL, 65536 [pid 4948] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4949] <... sendfile resumed>) = 2048 [pid 4948] <... futex resumed>) = 0 [pid 4949] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4948] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4949] <... futex resumed>) = 0 [pid 4948] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4949] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 4948] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4949] <... openat resumed>) = 8 [pid 4948] <... futex resumed>) = 0 [pid 4948] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4949] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4948] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4949] <... futex resumed>) = 0 [pid 4948] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4949] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 4948] <... futex resumed>) = 0 [ 84.383623][ T27] audit: type=1800 audit(1670043464.885:122): pid=4949 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 4948] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 4948] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4948] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 4948] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4948] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4969], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 4969 [pid 4948] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4948] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4969 attached [pid 4969] set_robust_list(0x7fdb617d59e0, 24) = 0 [ 84.413652][ T27] audit: type=1804 audit(1670043464.915:123): pid=4949 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/60/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 84.427973][ T33] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 84.451388][ T4949] BTRFS info (device loop0): balance: start -s [ 84.460038][ T4949] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 4969] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 4969] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4948] <... futex resumed>) = 0 [pid 4969] <... futex resumed>) = 1 [pid 4969] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4949] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4949] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4949] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4948] exit_group(0 [pid 4969] <... futex resumed>) = ? [pid 4949] <... futex resumed>) = ? [pid 4948] <... exit_group resumed>) = ? [pid 4969] +++ exited with 0 +++ [pid 4949] +++ exited with 0 +++ [pid 4948] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4948, si_uid=0, si_status=0, si_utime=2, si_stime=28} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./60", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./60/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./60/binderfs") = 0 [ 84.529423][ T4949] BTRFS info (device loop0): balance: ended with status: 0 umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./60/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./60/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./60") = 0 mkdir("./61", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4970 ./strace-static-x86_64: Process 4970 attached [pid 4970] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4970] chdir("./61") = 0 [pid 4970] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4970] setpgid(0, 0) = 0 [pid 4970] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4970] write(3, "1000", 4) = 4 [pid 4970] close(3) = 0 [pid 4970] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4970] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4970] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4970] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4970] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4971 attached , parent_tid=[4971], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4971 [pid 4970] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4970] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4971] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4971] memfd_create("syzkaller", 0) = 3 [pid 4971] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4971] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4971] munmap(0x7fdb59200000, 16777216) = 0 [pid 4971] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4971] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4971] close(3) = 0 [pid 4971] mkdir("./file0", 0777) = 0 [ 84.834230][ T4971] loop0: detected capacity change from 0 to 32768 [ 84.847593][ T4971] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 84.856841][ T4971] BTRFS info (device loop0): force clearing of disk cache [ 84.864240][ T4971] BTRFS info (device loop0): setting nodatasum [ 84.870707][ T4971] BTRFS info (device loop0): allowing degraded mounts [pid 4971] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4971] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4971] chdir("./file0") = 0 [pid 4971] ioctl(4, LOOP_CLR_FD) = 0 [pid 4971] close(4) = 0 [pid 4971] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4970] <... futex resumed>) = 0 [pid 4970] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4970] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4971] <... futex resumed>) = 1 [pid 4971] open("./file0", O_RDONLY) = 4 [pid 4971] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4970] <... futex resumed>) = 0 [pid 4970] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4970] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4971] <... futex resumed>) = 1 [pid 4971] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 4971] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4970] <... futex resumed>) = 0 [pid 4970] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4970] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4971] <... futex resumed>) = 1 [pid 4971] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 4971] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4970] <... futex resumed>) = 0 [pid 4970] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4970] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4971] <... futex resumed>) = 1 [pid 4971] creat("./bus", 000) = 6 [pid 4971] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4970] <... futex resumed>) = 0 [pid 4970] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4970] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4971] <... futex resumed>) = 1 [pid 4971] ftruncate(6, 2048) = 0 [pid 4971] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4970] <... futex resumed>) = 0 [pid 4970] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4970] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4971] <... futex resumed>) = 1 [pid 4971] open("./bus", O_RDONLY) = 7 [pid 4971] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4970] <... futex resumed>) = 0 [pid 4970] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4970] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4971] <... futex resumed>) = 1 [pid 4971] sendfile(6, 7, NULL, 65536) = 2048 [pid 4971] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4970] <... futex resumed>) = 0 [pid 4970] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4970] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4971] <... futex resumed>) = 1 [pid 4971] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 4971] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4970] <... futex resumed>) = 0 [pid 4970] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4970] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4971] <... futex resumed>) = 1 [ 84.877953][ T4971] BTRFS info (device loop0): enabling disk space caching [ 84.885002][ T4971] BTRFS info (device loop0): disk space caching is enabled [pid 4971] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4971] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4970] <... futex resumed>) = 0 [pid 4971] <... futex resumed>) = 1 [pid 4970] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4971] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 4970] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4971] <... ioctl resumed>) = 0 [pid 4971] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4970] <... futex resumed>) = 0 [pid 4971] <... futex resumed>) = 1 [pid 4970] exit_group(0 [pid 4971] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4970] <... exit_group resumed>) = ? [pid 4971] <... futex resumed>) = ? [pid 4971] +++ exited with 0 +++ [pid 4970] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4970, si_uid=0, si_status=0, si_utime=2, si_stime=19} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./61", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./61/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./61/binderfs") = 0 umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./61/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./61/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./61") = 0 mkdir("./62", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4991 ./strace-static-x86_64: Process 4991 attached [pid 4991] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4991] chdir("./62") = 0 [pid 4991] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4991] setpgid(0, 0) = 0 [pid 4991] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4991] write(3, "1000", 4) = 4 [pid 4991] close(3) = 0 [pid 4991] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4991] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4991] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4991] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4991] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4992], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4992 [pid 4991] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4991] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4992 attached [pid 4992] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4992] memfd_create("syzkaller", 0) = 3 [pid 4992] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4992] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4992] munmap(0x7fdb59200000, 16777216) = 0 [pid 4992] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4992] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4992] close(3) = 0 [pid 4992] mkdir("./file0", 0777) = 0 [pid 4992] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4992] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4992] chdir("./file0") = 0 [pid 4992] ioctl(4, LOOP_CLR_FD) = 0 [pid 4992] close(4) = 0 [pid 4992] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4991] <... futex resumed>) = 0 [pid 4992] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4991] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4991] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4992] <... futex resumed>) = 0 [pid 4992] open("./file0", O_RDONLY) = 4 [pid 4992] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4991] <... futex resumed>) = 0 [pid 4991] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4992] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 4991] <... futex resumed>) = 0 [ 85.290994][ T4992] loop0: detected capacity change from 0 to 32768 [pid 4991] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4992] <... open resumed>) = 5 [pid 4992] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4991] <... futex resumed>) = 0 [pid 4991] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4991] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4992] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 4992] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4992] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4991] <... futex resumed>) = 0 [pid 4991] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4992] <... futex resumed>) = 0 [pid 4991] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4992] creat("./bus", 000) = 6 [pid 4992] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4991] <... futex resumed>) = 0 [pid 4992] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 4991] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4992] ftruncate(6, 2048 [pid 4991] <... futex resumed>) = 0 [pid 4992] <... ftruncate resumed>) = 0 [pid 4991] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4992] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4991] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4992] <... futex resumed>) = 0 [pid 4991] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4991] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4992] open("./bus", O_RDONLY) = 7 [pid 4992] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4991] <... futex resumed>) = 0 [pid 4992] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4991] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4992] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4991] <... futex resumed>) = 0 [pid 4992] sendfile(6, 7, NULL, 65536 [pid 4991] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4992] <... sendfile resumed>) = 2048 [pid 4992] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4991] <... futex resumed>) = 0 [pid 4992] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4991] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4992] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4991] <... futex resumed>) = 0 [pid 4992] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 4991] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4992] <... openat resumed>) = 8 [pid 4992] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4991] <... futex resumed>) = 0 [pid 4992] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4991] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4992] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4991] <... futex resumed>) = 0 [pid 4992] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 4991] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4992] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4992] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4991] <... futex resumed>) = 0 [pid 4992] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4991] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4992] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4991] <... futex resumed>) = 0 [pid 4992] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 4991] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4992] <... ioctl resumed>) = 0 [pid 4992] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4991] <... futex resumed>) = 0 [pid 4992] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4991] exit_group(0 [pid 4992] <... futex resumed>) = ? [pid 4991] <... exit_group resumed>) = ? [pid 4992] +++ exited with 0 +++ [pid 4991] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4991, si_uid=0, si_status=0, si_utime=2, si_stime=17} --- umount2("./62", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./62/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./62/binderfs") = 0 umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./62/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./62/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./62") = 0 mkdir("./63", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 5012 ./strace-static-x86_64: Process 5012 attached [pid 5012] set_robust_list(0x55555746f5e0, 24) = 0 [pid 5012] chdir("./63") = 0 [pid 5012] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5012] setpgid(0, 0) = 0 [pid 5012] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5012] write(3, "1000", 4) = 4 [pid 5012] close(3) = 0 [pid 5012] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5012] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5012] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 5012] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5012] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5013 attached , parent_tid=[5013], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 5013 [pid 5012] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5012] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5013] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 5013] memfd_create("syzkaller", 0) = 3 [pid 5013] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 5013] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5013] munmap(0x7fdb59200000, 16777216) = 0 [pid 5013] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5013] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5013] close(3) = 0 [pid 5013] mkdir("./file0", 0777) = 0 [pid 5013] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5013] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5013] chdir("./file0") = 0 [pid 5013] ioctl(4, LOOP_CLR_FD) = 0 [pid 5013] close(4) = 0 [pid 5013] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5012] <... futex resumed>) = 0 [pid 5012] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5012] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5013] <... futex resumed>) = 1 [pid 5013] open("./file0", O_RDONLY) = 4 [pid 5013] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5012] <... futex resumed>) = 0 [pid 5012] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5012] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5013] <... futex resumed>) = 1 [pid 5013] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5013] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5012] <... futex resumed>) = 0 [pid 5012] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5012] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5013] <... futex resumed>) = 1 [ 85.727009][ T5013] loop0: detected capacity change from 0 to 32768 [pid 5013] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5013] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5012] <... futex resumed>) = 0 [pid 5012] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5012] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5013] <... futex resumed>) = 1 [pid 5013] creat("./bus", 000) = 6 [pid 5013] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5012] <... futex resumed>) = 0 [pid 5012] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5012] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5013] <... futex resumed>) = 1 [pid 5013] ftruncate(6, 2048) = 0 [pid 5013] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5012] <... futex resumed>) = 0 [pid 5012] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5012] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5013] <... futex resumed>) = 1 [pid 5013] open("./bus", O_RDONLY) = 7 [pid 5013] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5012] <... futex resumed>) = 0 [pid 5012] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5012] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5013] <... futex resumed>) = 1 [pid 5013] sendfile(6, 7, NULL, 65536) = 2048 [pid 5013] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5012] <... futex resumed>) = 0 [pid 5012] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5012] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5013] <... futex resumed>) = 1 [pid 5013] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 5013] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5012] <... futex resumed>) = 0 [pid 5012] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5012] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5013] <... futex resumed>) = 1 [pid 5013] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5013] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5012] <... futex resumed>) = 0 [pid 5012] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5012] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5013] <... futex resumed>) = 1 [pid 5013] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 5013] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5012] <... futex resumed>) = 0 [pid 5012] exit_group(0) = ? [pid 5013] <... futex resumed>) = ? [pid 5013] +++ exited with 0 +++ [pid 5012] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5012, si_uid=0, si_status=0, si_utime=2, si_stime=19} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./63", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./63/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./63/binderfs") = 0 umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./63/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./63/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./63") = 0 mkdir("./64", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 5033 ./strace-static-x86_64: Process 5033 attached [pid 5033] set_robust_list(0x55555746f5e0, 24) = 0 [pid 5033] chdir("./64") = 0 [pid 5033] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5033] setpgid(0, 0) = 0 [pid 5033] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5033] write(3, "1000", 4) = 4 [pid 5033] close(3) = 0 [pid 5033] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5033] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5033] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 5033] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5033] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5034], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 5034 ./strace-static-x86_64: Process 5034 attached [pid 5033] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5033] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5034] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 5034] memfd_create("syzkaller", 0) = 3 [pid 5034] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 5034] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5034] munmap(0x7fdb59200000, 16777216) = 0 [pid 5034] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5034] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5034] close(3) = 0 [pid 5034] mkdir("./file0", 0777) = 0 [ 86.172908][ T5034] loop0: detected capacity change from 0 to 32768 [ 86.186498][ T5034] _btrfs_printk: 39 callbacks suppressed [ 86.186513][ T5034] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 86.201533][ T5034] BTRFS info (device loop0): force clearing of disk cache [ 86.208705][ T5034] BTRFS info (device loop0): setting nodatasum [ 86.214866][ T5034] BTRFS info (device loop0): allowing degraded mounts [ 86.221701][ T5034] BTRFS info (device loop0): enabling disk space caching [ 86.228751][ T5034] BTRFS info (device loop0): disk space caching is enabled [ 86.248563][ T5034] BTRFS info (device loop0): enabling ssd optimizations [ 86.256228][ T5034] BTRFS info (device loop0): clearing free space tree [ 86.263476][ T5034] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5034] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5034] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5034] chdir("./file0") = 0 [pid 5034] ioctl(4, LOOP_CLR_FD) = 0 [pid 5034] close(4) = 0 [pid 5034] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5033] <... futex resumed>) = 0 [pid 5033] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5034] <... futex resumed>) = 1 [pid 5033] <... futex resumed>) = 0 [pid 5033] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5034] open("./file0", O_RDONLY) = 4 [pid 5034] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5033] <... futex resumed>) = 0 [pid 5033] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5033] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5034] <... futex resumed>) = 1 [pid 5034] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5034] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5033] <... futex resumed>) = 0 [pid 5034] <... futex resumed>) = 1 [pid 5033] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5033] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 86.273422][ T5034] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 86.286612][ T5034] BTRFS info (device loop0): checking UUID tree [pid 5034] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5034] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5033] <... futex resumed>) = 0 [pid 5034] creat("./bus", 000 [pid 5033] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5033] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5034] <... creat resumed>) = 6 [pid 5034] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5033] <... futex resumed>) = 0 [pid 5033] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5033] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5034] ftruncate(6, 2048) = 0 [pid 5034] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5033] <... futex resumed>) = 0 [pid 5034] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5033] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5033] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5034] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5034] open("./bus", O_RDONLY) = 7 [pid 5034] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5033] <... futex resumed>) = 0 [pid 5033] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5033] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5034] sendfile(6, 7, NULL, 65536) = 2048 [pid 5034] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5033] <... futex resumed>) = 0 [pid 5034] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5033] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5034] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5033] <... futex resumed>) = 0 [pid 5034] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 5033] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5034] <... openat resumed>) = 8 [pid 5034] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5033] <... futex resumed>) = 0 [pid 5033] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5033] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 86.342691][ T33] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 86.368269][ T5034] BTRFS info (device loop0): balance: start -s [ 86.376824][ T5034] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5034] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5033] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5033] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5033] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 5033] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5033] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5054], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 5054 [pid 5033] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5033] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5054 attached [pid 5054] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 5054] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 5034] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5034] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5034] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5054] <... ioctl resumed>) = 0 [pid 5054] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5033] <... futex resumed>) = 0 [pid 5033] exit_group(0 [pid 5034] <... futex resumed>) = ? [pid 5033] <... exit_group resumed>) = ? [pid 5034] +++ exited with 0 +++ [pid 5054] <... futex resumed>) = ? [pid 5054] +++ exited with 0 +++ [pid 5033] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5033, si_uid=0, si_status=0, si_utime=0, si_stime=32} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./64", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./64/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./64/binderfs") = 0 [ 86.406885][ T5034] BTRFS info (device loop0): balance: ended with status: 0 umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./64/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./64/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./64") = 0 mkdir("./65", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 5055 ./strace-static-x86_64: Process 5055 attached [pid 5055] set_robust_list(0x55555746f5e0, 24) = 0 [pid 5055] chdir("./65") = 0 [pid 5055] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5055] setpgid(0, 0) = 0 [pid 5055] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5055] write(3, "1000", 4) = 4 [pid 5055] close(3) = 0 [pid 5055] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5055] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5055] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 5055] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5055] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5056], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 5056 ./strace-static-x86_64: Process 5056 attached [pid 5055] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5056] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 5055] <... futex resumed>) = 0 [pid 5056] memfd_create("syzkaller", 0 [pid 5055] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5056] <... memfd_create resumed>) = 3 [pid 5056] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 5056] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5056] munmap(0x7fdb59200000, 16777216) = 0 [pid 5056] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5056] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5056] close(3) = 0 [pid 5056] mkdir("./file0", 0777) = 0 [ 86.759966][ T5056] loop0: detected capacity change from 0 to 32768 [ 86.771561][ T5056] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 86.781131][ T5056] BTRFS info (device loop0): force clearing of disk cache [ 86.788710][ T5056] BTRFS info (device loop0): setting nodatasum [ 86.794881][ T5056] BTRFS info (device loop0): allowing degraded mounts [ 86.801720][ T5056] BTRFS info (device loop0): enabling disk space caching [ 86.808803][ T5056] BTRFS info (device loop0): disk space caching is enabled [ 86.828427][ T5056] BTRFS info (device loop0): enabling ssd optimizations [ 86.836207][ T5056] BTRFS info (device loop0): clearing free space tree [ 86.843469][ T5056] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5056] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5056] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5056] chdir("./file0") = 0 [pid 5056] ioctl(4, LOOP_CLR_FD) = 0 [pid 5056] close(4) = 0 [pid 5056] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5055] <... futex resumed>) = 0 [pid 5055] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5055] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5056] open("./file0", O_RDONLY) = 4 [pid 5056] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5055] <... futex resumed>) = 0 [pid 5055] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5056] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5055] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5056] <... open resumed>) = 5 [pid 5056] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5055] <... futex resumed>) = 0 [pid 5056] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5055] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5055] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5056] <... ioctl resumed>) = 0 [pid 5056] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5056] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5055] <... futex resumed>) = 0 [pid 5055] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5055] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5056] <... futex resumed>) = 0 [pid 5056] creat("./bus", 000) = 6 [pid 5056] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5055] <... futex resumed>) = 0 [pid 5056] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5055] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5055] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5056] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5056] ftruncate(6, 2048) = 0 [pid 5056] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5055] <... futex resumed>) = 0 [pid 5056] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5055] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5056] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5055] <... futex resumed>) = 0 [pid 5056] open("./bus", O_RDONLY [pid 5055] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5056] <... open resumed>) = 7 [pid 5056] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5055] <... futex resumed>) = 0 [pid 5056] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5055] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5056] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5055] <... futex resumed>) = 0 [pid 5056] sendfile(6, 7, NULL, 65536 [pid 5055] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5056] <... sendfile resumed>) = 2048 [pid 5056] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5055] <... futex resumed>) = 0 [pid 5056] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 5055] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 86.853439][ T5056] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 86.866734][ T5056] BTRFS info (device loop0): checking UUID tree [pid 5055] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5056] <... openat resumed>) = 8 [pid 5056] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5056] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5055] <... futex resumed>) = 0 [pid 5055] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5055] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5056] <... futex resumed>) = 0 [ 86.916383][ T33] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 86.937126][ T5056] BTRFS info (device loop0): balance: start -s [ 86.945894][ T5056] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5056] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5055] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5055] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5055] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 5055] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5055] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5076 attached , parent_tid=[5076], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 5076 [pid 5076] set_robust_list(0x7fdb617d59e0, 24 [pid 5055] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5076] <... set_robust_list resumed>) = 0 [pid 5055] <... futex resumed>) = 0 [pid 5076] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [ 86.975928][ T5056] BTRFS info (device loop0): balance: ended with status: 0 [pid 5055] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5076] <... ioctl resumed>) = 0 [pid 5076] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5076] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5056] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5055] <... futex resumed>) = 0 [pid 5056] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5056] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5055] exit_group(0 [pid 5076] <... futex resumed>) = ? [pid 5055] <... exit_group resumed>) = ? [pid 5056] <... futex resumed>) = ? [pid 5076] +++ exited with 0 +++ [pid 5056] +++ exited with 0 +++ [pid 5055] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5055, si_uid=0, si_status=0, si_utime=2, si_stime=32} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./65", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./65/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./65/binderfs") = 0 umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./65/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./65/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./65") = 0 mkdir("./66", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 5078 ./strace-static-x86_64: Process 5078 attached [pid 5078] set_robust_list(0x55555746f5e0, 24) = 0 [pid 5078] chdir("./66") = 0 [pid 5078] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5078] setpgid(0, 0) = 0 [pid 5078] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5078] write(3, "1000", 4) = 4 [pid 5078] close(3) = 0 [pid 5078] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5078] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5078] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 5078] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5078] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5079 attached [pid 5079] set_robust_list(0x7fdb617f69e0, 24 [pid 5078] <... clone resumed>, parent_tid=[5079], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 5079 [pid 5079] <... set_robust_list resumed>) = 0 [pid 5079] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5078] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5079] <... futex resumed>) = 0 [pid 5078] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5079] memfd_create("syzkaller", 0) = 3 [pid 5079] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 5079] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5079] munmap(0x7fdb59200000, 16777216) = 0 [pid 5079] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5079] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5079] close(3) = 0 [pid 5079] mkdir("./file0", 0777) = 0 [ 87.333442][ T5079] loop0: detected capacity change from 0 to 32768 [ 87.345733][ T5079] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 87.355433][ T5079] BTRFS info (device loop0): force clearing of disk cache [ 87.362868][ T5079] BTRFS info (device loop0): setting nodatasum [ 87.369439][ T5079] BTRFS info (device loop0): allowing degraded mounts [ 87.376213][ T5079] BTRFS info (device loop0): enabling disk space caching [ 87.383885][ T5079] BTRFS info (device loop0): disk space caching is enabled [ 87.402668][ T5079] BTRFS info (device loop0): enabling ssd optimizations [ 87.410567][ T5079] BTRFS info (device loop0): clearing free space tree [ 87.417465][ T5079] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5079] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5079] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5079] chdir("./file0") = 0 [pid 5079] ioctl(4, LOOP_CLR_FD) = 0 [pid 5079] close(4) = 0 [pid 5079] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5079] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5078] <... futex resumed>) = 0 [pid 5078] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5078] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] <... futex resumed>) = 0 [pid 5079] open("./file0", O_RDONLY) = 4 [pid 5079] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5078] <... futex resumed>) = 0 [pid 5079] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5078] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 87.427110][ T5079] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 87.440355][ T5079] BTRFS info (device loop0): checking UUID tree [ 87.471349][ T27] kauditd_printk_skb: 10 callbacks suppressed [pid 5078] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] <... open resumed>) = 5 [pid 5079] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5078] <... futex resumed>) = 0 [pid 5078] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5078] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] <... futex resumed>) = 1 [pid 5079] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5079] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5078] <... futex resumed>) = 0 [pid 5079] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5078] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5078] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5079] creat("./bus", 000) = 6 [pid 5079] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5078] <... futex resumed>) = 0 [pid 5078] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5078] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] ftruncate(6, 2048) = 0 [pid 5079] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5078] <... futex resumed>) = 0 [pid 5079] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5078] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5078] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 87.471362][ T27] audit: type=1800 audit(1670043467.975:134): pid=5079 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 87.509956][ T9] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 5079] open("./bus", O_RDONLY) = 7 [pid 5079] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5078] <... futex resumed>) = 0 [pid 5078] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5078] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] sendfile(6, 7, NULL, 65536) = 2048 [pid 5079] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5078] <... futex resumed>) = 0 [pid 5078] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5078] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 5079] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5078] <... futex resumed>) = 0 [pid 5079] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5078] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5079] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5079] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 87.528761][ T27] audit: type=1804 audit(1670043468.035:135): pid=5079 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/66/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 87.568723][ T5079] BTRFS info (device loop0): balance: start -s [pid 5078] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5078] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5078] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 5078] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5078] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5099], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 5099 [pid 5078] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5078] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5099 attached [pid 5099] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 5099] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 5079] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5079] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5079] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5099] <... ioctl resumed>) = 0 [pid 5099] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5078] <... futex resumed>) = 0 [pid 5078] exit_group(0) = ? [pid 5079] <... futex resumed>) = ? [pid 5079] +++ exited with 0 +++ [pid 5099] +++ exited with 0 +++ [pid 5078] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5078, si_uid=0, si_status=0, si_utime=2, si_stime=25} --- umount2("./66", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./66/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./66/binderfs") = 0 [ 87.577676][ T5079] BTRFS info (device loop0): relocating block group 1048576 flags system [ 87.603591][ T5079] BTRFS info (device loop0): balance: ended with status: 0 umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./66/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./66/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./66") = 0 mkdir("./67", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 5100 ./strace-static-x86_64: Process 5100 attached [pid 5100] set_robust_list(0x55555746f5e0, 24) = 0 [pid 5100] chdir("./67") = 0 [pid 5100] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5100] setpgid(0, 0) = 0 [pid 5100] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5100] write(3, "1000", 4) = 4 [pid 5100] close(3) = 0 [pid 5100] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5100] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5100] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 5100] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5100] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5101 attached , parent_tid=[5101], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 5101 [pid 5101] set_robust_list(0x7fdb617f69e0, 24 [pid 5100] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5101] <... set_robust_list resumed>) = 0 [pid 5100] <... futex resumed>) = 0 [pid 5101] memfd_create("syzkaller", 0 [pid 5100] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5101] <... memfd_create resumed>) = 3 [pid 5101] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 5101] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5101] munmap(0x7fdb59200000, 16777216) = 0 [pid 5101] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5101] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5101] close(3) = 0 [pid 5101] mkdir("./file0", 0777) = 0 [ 87.936601][ T5101] loop0: detected capacity change from 0 to 32768 [ 87.951398][ T5101] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 87.960893][ T5101] BTRFS info (device loop0): force clearing of disk cache [ 87.968149][ T5101] BTRFS info (device loop0): setting nodatasum [ 87.974385][ T5101] BTRFS info (device loop0): allowing degraded mounts [ 87.981287][ T5101] BTRFS info (device loop0): enabling disk space caching [ 87.988347][ T5101] BTRFS info (device loop0): disk space caching is enabled [ 88.006821][ T5101] BTRFS info (device loop0): enabling ssd optimizations [ 88.014761][ T5101] BTRFS info (device loop0): clearing free space tree [ 88.021644][ T5101] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5101] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5101] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5101] chdir("./file0") = 0 [pid 5101] ioctl(4, LOOP_CLR_FD) = 0 [pid 5101] close(4) = 0 [pid 5101] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5100] <... futex resumed>) = 0 [pid 5100] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5100] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5101] open("./file0", O_RDONLY) = 4 [pid 5101] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5100] <... futex resumed>) = 0 [pid 5100] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5100] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 88.031356][ T5101] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 88.044725][ T5101] BTRFS info (device loop0): checking UUID tree [pid 5101] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5101] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5100] <... futex resumed>) = 0 [pid 5101] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5100] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5100] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5101] <... ioctl resumed>) = 0 [pid 5101] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5100] <... futex resumed>) = 0 [pid 5100] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5101] <... futex resumed>) = 1 [pid 5100] <... futex resumed>) = 0 [pid 5101] creat("./bus", 000 [pid 5100] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5101] <... creat resumed>) = 6 [pid 5101] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5100] <... futex resumed>) = 0 [pid 5100] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5100] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5101] <... futex resumed>) = 1 [pid 5101] ftruncate(6, 2048) = 0 [pid 5101] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5100] <... futex resumed>) = 0 [pid 5100] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5101] <... futex resumed>) = 1 [pid 5100] <... futex resumed>) = 0 [pid 5101] open("./bus", O_RDONLY [ 88.076888][ T27] audit: type=1800 audit(1670043468.575:136): pid=5101 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5100] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5101] <... open resumed>) = 7 [pid 5101] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5100] <... futex resumed>) = 0 [pid 5101] <... futex resumed>) = 1 [pid 5100] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5101] sendfile(6, 7, NULL, 65536 [pid 5100] <... futex resumed>) = 0 [pid 5101] <... sendfile resumed>) = 2048 [pid 5100] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5101] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5100] <... futex resumed>) = 0 [pid 5101] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 5100] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5101] <... openat resumed>) = 8 [pid 5100] <... futex resumed>) = 0 [pid 5100] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5101] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5100] <... futex resumed>) = 0 [pid 5101] <... futex resumed>) = 1 [pid 5100] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5101] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5100] <... futex resumed>) = 0 [ 88.129338][ T27] audit: type=1804 audit(1670043468.635:137): pid=5101 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/67/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 88.149428][ T9] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 88.164137][ T5101] BTRFS info (device loop0): balance: start -s [pid 5100] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5100] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5100] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 5100] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5100] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5121], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 5121 [pid 5100] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5100] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5121 attached [pid 5121] set_robust_list(0x7fdb617d59e0, 24) = 0 [ 88.172809][ T5101] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5121] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 5100] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5121] <... ioctl resumed>) = 0 [pid 5121] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5121] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5101] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5101] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5101] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5100] exit_group(0) = ? [pid 5121] <... futex resumed>) = ? [pid 5121] +++ exited with 0 +++ [pid 5101] <... futex resumed>) = ? [pid 5101] +++ exited with 0 +++ [pid 5100] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5100, si_uid=0, si_status=0, si_utime=3, si_stime=28} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./67", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./67/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./67/binderfs") = 0 [ 88.217492][ T5101] BTRFS info (device loop0): balance: ended with status: 0 umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./67/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./67/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./67") = 0 mkdir("./68", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 5122 ./strace-static-x86_64: Process 5122 attached [pid 5122] set_robust_list(0x55555746f5e0, 24) = 0 [pid 5122] chdir("./68") = 0 [pid 5122] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5122] setpgid(0, 0) = 0 [pid 5122] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5122] write(3, "1000", 4) = 4 [pid 5122] close(3) = 0 [pid 5122] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5122] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 5122] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5122] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5123 attached , parent_tid=[5123], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 5123 [pid 5123] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 5122] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5123] memfd_create("syzkaller", 0) = 3 [pid 5123] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 5123] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5123] munmap(0x7fdb59200000, 16777216) = 0 [pid 5123] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5123] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5123] close(3) = 0 [pid 5123] mkdir("./file0", 0777) = 0 [ 88.532618][ T5123] loop0: detected capacity change from 0 to 32768 [ 88.546782][ T5123] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 88.556138][ T5123] BTRFS info (device loop0): force clearing of disk cache [ 88.563335][ T5123] BTRFS info (device loop0): setting nodatasum [ 88.569551][ T5123] BTRFS info (device loop0): allowing degraded mounts [ 88.576319][ T5123] BTRFS info (device loop0): enabling disk space caching [ 88.583488][ T5123] BTRFS info (device loop0): disk space caching is enabled [ 88.603153][ T5123] BTRFS info (device loop0): enabling ssd optimizations [ 88.611595][ T5123] BTRFS info (device loop0): clearing free space tree [ 88.618651][ T5123] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5123] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5123] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5123] chdir("./file0") = 0 [pid 5123] ioctl(4, LOOP_CLR_FD) = 0 [pid 5123] close(4) = 0 [pid 5123] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5122] <... futex resumed>) = 0 [pid 5122] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5123] <... futex resumed>) = 1 [pid 5122] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5123] open("./file0", O_RDONLY) = 4 [pid 5123] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5122] <... futex resumed>) = 0 [pid 5123] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5122] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5123] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5122] <... futex resumed>) = 0 [pid 5123] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [ 88.628386][ T5123] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 88.641734][ T5123] BTRFS info (device loop0): checking UUID tree [pid 5122] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5123] <... open resumed>) = 5 [pid 5123] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5122] <... futex resumed>) = 0 [pid 5123] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5122] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5123] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5122] <... futex resumed>) = 0 [pid 5123] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5122] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5123] <... ioctl resumed>) = 0 [pid 5123] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5122] <... futex resumed>) = 0 [pid 5123] creat("./bus", 000 [pid 5122] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5123] <... creat resumed>) = 6 [pid 5123] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5122] <... futex resumed>) = 0 [pid 5122] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5123] ftruncate(6, 2048 [pid 5122] <... futex resumed>) = 0 [pid 5122] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5123] <... ftruncate resumed>) = 0 [pid 5123] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5122] <... futex resumed>) = 0 [pid 5122] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5123] open("./bus", O_RDONLY [pid 5122] <... futex resumed>) = 0 [pid 5122] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5123] <... open resumed>) = 7 [ 88.667553][ T27] audit: type=1800 audit(1670043469.175:138): pid=5123 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5123] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5122] <... futex resumed>) = 0 [pid 5123] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5122] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5123] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5122] <... futex resumed>) = 0 [pid 5123] sendfile(6, 7, NULL, 65536 [pid 5122] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5123] <... sendfile resumed>) = 2048 [pid 5123] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5122] <... futex resumed>) = 0 [pid 5123] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5122] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5123] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5122] <... futex resumed>) = 0 [pid 5123] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 5122] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5123] <... openat resumed>) = 8 [pid 5123] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5122] <... futex resumed>) = 0 [pid 5123] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5122] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5123] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5122] <... futex resumed>) = 0 [pid 5123] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 88.708130][ T27] audit: type=1804 audit(1670043469.205:139): pid=5123 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/68/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 88.718566][ T33] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 88.751042][ T5123] BTRFS info (device loop0): balance: start -s [pid 5122] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5122] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 5122] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5122] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5143], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 5143 [pid 5122] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5123] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5123] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5123] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5143 attached [pid 5143] set_robust_list(0x7fdb617d59e0, 24) = 0 [ 88.759358][ T5123] BTRFS info (device loop0): relocating block group 1048576 flags system [ 88.796778][ T5123] BTRFS info (device loop0): balance: ended with status: 0 [pid 5143] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 5143] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5122] <... futex resumed>) = 0 [pid 5122] exit_group(0 [pid 5123] <... futex resumed>) = ? [pid 5122] <... exit_group resumed>) = ? [pid 5123] +++ exited with 0 +++ [pid 5143] +++ exited with 0 +++ [pid 5122] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5122, si_uid=0, si_status=0, si_utime=2, si_stime=31} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./68", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./68/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./68/binderfs") = 0 umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./68/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./68/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./68") = 0 mkdir("./69", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5144 attached , child_tidptr=0x55555746f5d0) = 5144 [pid 5144] set_robust_list(0x55555746f5e0, 24) = 0 [pid 5144] chdir("./69") = 0 [pid 5144] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5144] setpgid(0, 0) = 0 [pid 5144] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5144] write(3, "1000", 4) = 4 [pid 5144] close(3) = 0 [pid 5144] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5144] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 5144] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5144] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5145 attached , parent_tid=[5145], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 5145 [pid 5145] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 5145] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5144] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5145] <... futex resumed>) = 0 [pid 5144] <... futex resumed>) = 1 [pid 5145] memfd_create("syzkaller", 0 [pid 5144] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5145] <... memfd_create resumed>) = 3 [pid 5145] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 5145] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5145] munmap(0x7fdb59200000, 16777216) = 0 [pid 5145] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5145] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5145] close(3) = 0 [pid 5145] mkdir("./file0", 0777) = 0 [ 89.135124][ T5145] loop0: detected capacity change from 0 to 32768 [ 89.148923][ T5145] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 89.158206][ T5145] BTRFS info (device loop0): force clearing of disk cache [ 89.165308][ T5145] BTRFS info (device loop0): setting nodatasum [ 89.171540][ T5145] BTRFS info (device loop0): allowing degraded mounts [ 89.178390][ T5145] BTRFS info (device loop0): enabling disk space caching [ 89.185401][ T5145] BTRFS info (device loop0): disk space caching is enabled [ 89.205498][ T5145] BTRFS info (device loop0): enabling ssd optimizations [ 89.213339][ T5145] BTRFS info (device loop0): clearing free space tree [ 89.220272][ T5145] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5145] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5145] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5145] chdir("./file0") = 0 [pid 5145] ioctl(4, LOOP_CLR_FD) = 0 [pid 5145] close(4) = 0 [pid 5145] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5144] <... futex resumed>) = 0 [pid 5145] <... futex resumed>) = 1 [pid 5144] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5145] open("./file0", O_RDONLY [pid 5144] <... futex resumed>) = 0 [pid 5144] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] <... open resumed>) = 4 [pid 5145] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5144] <... futex resumed>) = 0 [pid 5145] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5144] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 89.229991][ T5145] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 89.243308][ T5145] BTRFS info (device loop0): checking UUID tree [pid 5144] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] <... open resumed>) = 5 [pid 5145] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5144] <... futex resumed>) = 0 [pid 5145] <... futex resumed>) = 1 [pid 5145] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5144] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] <... ioctl resumed>) = 0 [pid 5145] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5144] <... futex resumed>) = 0 [pid 5145] <... futex resumed>) = 1 [pid 5144] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5145] creat("./bus", 000 [pid 5144] <... futex resumed>) = 0 [pid 5144] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] <... creat resumed>) = 6 [pid 5145] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5144] <... futex resumed>) = 0 [pid 5145] <... futex resumed>) = 1 [pid 5144] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5145] ftruncate(6, 2048 [pid 5144] <... futex resumed>) = 0 [pid 5144] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] <... ftruncate resumed>) = 0 [pid 5145] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5144] <... futex resumed>) = 0 [pid 5145] <... futex resumed>) = 1 [pid 5144] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] open("./bus", O_RDONLY) = 7 [ 89.275357][ T27] audit: type=1800 audit(1670043469.775:140): pid=5145 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5145] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5145] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5144] <... futex resumed>) = 0 [pid 5144] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5145] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5144] <... futex resumed>) = 0 [pid 5145] sendfile(6, 7, NULL, 65536) = 2048 [pid 5144] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5144] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5144] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5145] <... futex resumed>) = 0 [pid 5144] <... futex resumed>) = 0 [pid 5145] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 5144] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] <... openat resumed>) = 8 [pid 5145] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5144] <... futex resumed>) = 0 [pid 5144] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 89.329713][ T33] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 89.339720][ T27] audit: type=1804 audit(1670043469.835:141): pid=5145 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/69/file0/bus" dev="loop0" ino=263 res=1 errno=0 [pid 5145] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5144] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5144] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5144] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5144] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 5145] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5144] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE [pid 5145] <... futex resumed>) = 0 [pid 5144] <... mprotect resumed>) = 0 [pid 5144] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5165], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 5165 [pid 5145] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5144] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5165 attached [pid 5165] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 5165] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 5165] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5144] <... futex resumed>) = 0 [pid 5144] exit_group(0) = ? [pid 5145] <... futex resumed>) = ? [pid 5145] +++ exited with 0 +++ [pid 5165] +++ exited with 0 +++ [pid 5144] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5144, si_uid=0, si_status=0, si_utime=3, si_stime=30} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./69", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 89.377072][ T5145] BTRFS info (device loop0): balance: start -s [ 89.384861][ T5145] BTRFS info (device loop0): relocating block group 1048576 flags system [ 89.408018][ T5145] BTRFS info (device loop0): balance: ended with status: 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./69/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./69/binderfs") = 0 umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./69/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./69/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./69") = 0 mkdir("./70", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 5166 ./strace-static-x86_64: Process 5166 attached [pid 5166] set_robust_list(0x55555746f5e0, 24) = 0 [pid 5166] chdir("./70") = 0 [pid 5166] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5166] setpgid(0, 0) = 0 [pid 5166] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5166] write(3, "1000", 4) = 4 [pid 5166] close(3) = 0 [pid 5166] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5166] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5166] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 5166] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5166] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5167 attached [pid 5167] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 5167] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5166] <... clone resumed>, parent_tid=[5167], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 5167 [pid 5166] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5167] <... futex resumed>) = 0 [pid 5166] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5167] memfd_create("syzkaller", 0) = 3 [pid 5167] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 5167] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5167] munmap(0x7fdb59200000, 16777216) = 0 [pid 5167] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5167] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5167] close(3) = 0 [pid 5167] mkdir("./file0", 0777) = 0 [ 89.729518][ T5167] loop0: detected capacity change from 0 to 32768 [ 89.743834][ T5167] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 89.753134][ T5167] BTRFS info (device loop0): force clearing of disk cache [ 89.760339][ T5167] BTRFS info (device loop0): setting nodatasum [ 89.766643][ T5167] BTRFS info (device loop0): allowing degraded mounts [ 89.773459][ T5167] BTRFS info (device loop0): enabling disk space caching [ 89.780752][ T5167] BTRFS info (device loop0): disk space caching is enabled [ 89.801855][ T5167] BTRFS info (device loop0): enabling ssd optimizations [ 89.809838][ T5167] BTRFS info (device loop0): clearing free space tree [ 89.816728][ T5167] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5167] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5167] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5167] chdir("./file0") = 0 [pid 5167] ioctl(4, LOOP_CLR_FD) = 0 [pid 5167] close(4) = 0 [pid 5167] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5166] <... futex resumed>) = 0 [pid 5166] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5167] open("./file0", O_RDONLY) = 4 [pid 5166] <... futex resumed>) = 0 [pid 5167] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5166] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5167] <... futex resumed>) = 0 [pid 5166] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5167] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5166] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5167] <... open resumed>) = 5 [pid 5166] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5167] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5166] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5167] <... futex resumed>) = 0 [pid 5166] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5167] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5166] <... futex resumed>) = 0 [pid 5166] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5167] <... ioctl resumed>) = 0 [pid 5167] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5166] <... futex resumed>) = 0 [pid 5167] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5166] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5167] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5166] <... futex resumed>) = 0 [pid 5167] creat("./bus", 000 [pid 5166] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5167] <... creat resumed>) = 6 [pid 5167] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5166] <... futex resumed>) = 0 [pid 5167] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5166] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5167] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5166] <... futex resumed>) = 0 [pid 5167] ftruncate(6, 2048 [pid 5166] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5167] <... ftruncate resumed>) = 0 [pid 5167] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5166] <... futex resumed>) = 0 [pid 5167] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5166] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5167] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5166] <... futex resumed>) = 0 [pid 5167] open("./bus", O_RDONLY [pid 5166] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5167] <... open resumed>) = 7 [pid 5167] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5166] <... futex resumed>) = 0 [pid 5167] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5166] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5167] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5166] <... futex resumed>) = 0 [pid 5167] sendfile(6, 7, NULL, 65536 [pid 5166] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5167] <... sendfile resumed>) = 2048 [pid 5167] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5166] <... futex resumed>) = 0 [pid 5167] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5166] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5167] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5166] <... futex resumed>) = 0 [pid 5167] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 5166] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5167] <... openat resumed>) = 8 [pid 5167] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5166] <... futex resumed>) = 0 [pid 5167] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5166] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5167] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5166] <... futex resumed>) = 0 [pid 5167] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 89.826447][ T5167] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 89.851138][ T27] audit: type=1800 audit(1670043470.355:142): pid=5167 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5166] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5167] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5167] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5166] <... futex resumed>) = 0 [pid 5166] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5166] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5167] <... futex resumed>) = 1 [ 89.910491][ T27] audit: type=1804 audit(1670043470.395:143): pid=5167 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/70/file0/bus" dev="loop0" ino=263 res=1 errno=0 [pid 5167] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 5167] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5166] <... futex resumed>) = 0 [pid 5166] exit_group(0) = ? [pid 5167] <... futex resumed>) = ? [pid 5167] +++ exited with 0 +++ [pid 5166] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5166, si_uid=0, si_status=0, si_utime=2, si_stime=20} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./70", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./70/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./70/binderfs") = 0 umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./70/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./70/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./70") = 0 mkdir("./71", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 5187 ./strace-static-x86_64: Process 5187 attached [pid 5187] set_robust_list(0x55555746f5e0, 24) = 0 [pid 5187] chdir("./71") = 0 [pid 5187] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5187] setpgid(0, 0) = 0 [pid 5187] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5187] write(3, "1000", 4) = 4 [pid 5187] close(3) = 0 [pid 5187] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5187] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5187] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 5187] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5187] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5188], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 5188 [pid 5187] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5187] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5188 attached [pid 5188] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 5188] memfd_create("syzkaller", 0) = 3 [pid 5188] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 5188] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5188] munmap(0x7fdb59200000, 16777216) = 0 [pid 5188] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5188] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5188] close(3) = 0 [pid 5188] mkdir("./file0", 0777) = 0 [pid 5188] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5188] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5188] chdir("./file0") = 0 [pid 5188] ioctl(4, LOOP_CLR_FD) = 0 [pid 5188] close(4) = 0 [pid 5188] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5187] <... futex resumed>) = 0 [pid 5187] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5187] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5188] <... futex resumed>) = 1 [pid 5188] open("./file0", O_RDONLY) = 4 [pid 5188] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5187] <... futex resumed>) = 0 [pid 5187] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5187] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5188] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5188] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5187] <... futex resumed>) = 0 [pid 5187] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5188] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5187] <... futex resumed>) = 0 [ 90.271377][ T5188] loop0: detected capacity change from 0 to 32768 [pid 5187] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5188] <... ioctl resumed>) = 0 [pid 5188] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5187] <... futex resumed>) = 0 [pid 5188] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5187] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5187] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5188] <... futex resumed>) = 0 [pid 5188] creat("./bus", 000) = 6 [pid 5188] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5187] <... futex resumed>) = 0 [pid 5187] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5187] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5188] <... futex resumed>) = 1 [pid 5188] ftruncate(6, 2048) = 0 [pid 5188] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5187] <... futex resumed>) = 0 [pid 5187] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5187] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5188] <... futex resumed>) = 1 [pid 5188] open("./bus", O_RDONLY) = 7 [pid 5188] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5187] <... futex resumed>) = 0 [pid 5187] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5187] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5188] <... futex resumed>) = 1 [pid 5188] sendfile(6, 7, NULL, 65536) = 2048 [pid 5188] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5187] <... futex resumed>) = 0 [pid 5187] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5187] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5188] <... futex resumed>) = 1 [pid 5188] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 5188] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5187] <... futex resumed>) = 0 [pid 5187] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5187] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5188] <... futex resumed>) = 1 [pid 5188] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5188] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5187] <... futex resumed>) = 0 [pid 5187] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5187] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5188] <... futex resumed>) = 1 [pid 5188] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 5188] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5187] <... futex resumed>) = 0 [pid 5187] exit_group(0) = ? [pid 5188] <... futex resumed>) = ? [pid 5188] +++ exited with 0 +++ [pid 5187] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5187, si_uid=0, si_status=0, si_utime=0, si_stime=22} --- umount2("./71", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./71/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./71/binderfs") = 0 umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./71/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./71/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./71") = 0 mkdir("./72", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 5208 ./strace-static-x86_64: Process 5208 attached [pid 5208] set_robust_list(0x55555746f5e0, 24) = 0 [pid 5208] chdir("./72") = 0 [pid 5208] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5208] setpgid(0, 0) = 0 [pid 5208] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5208] write(3, "1000", 4) = 4 [pid 5208] close(3) = 0 [pid 5208] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5208] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5208] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 5208] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5208] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5209], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 5209 [pid 5208] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5208] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5209 attached [pid 5209] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 5209] memfd_create("syzkaller", 0) = 3 [pid 5209] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 5209] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5209] munmap(0x7fdb59200000, 16777216) = 0 [pid 5209] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5209] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5209] close(3) = 0 [pid 5209] mkdir("./file0", 0777) = 0 [pid 5209] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5209] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5209] chdir("./file0") = 0 [pid 5209] ioctl(4, LOOP_CLR_FD) = 0 [pid 5209] close(4) = 0 [pid 5209] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5208] <... futex resumed>) = 0 [pid 5208] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5208] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5209] open("./file0", O_RDONLY) = 4 [pid 5209] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5208] <... futex resumed>) = 0 [pid 5209] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5208] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5209] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5208] <... futex resumed>) = 0 [pid 5209] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5208] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5209] <... open resumed>) = 5 [pid 5209] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5208] <... futex resumed>) = 0 [pid 5208] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5209] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5208] <... futex resumed>) = 0 [ 90.726021][ T5209] loop0: detected capacity change from 0 to 32768 [pid 5208] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5209] <... ioctl resumed>) = 0 [pid 5209] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5208] <... futex resumed>) = 0 [pid 5209] creat("./bus", 000 [pid 5208] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5208] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5209] <... creat resumed>) = 6 [pid 5209] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5208] <... futex resumed>) = 0 [pid 5209] ftruncate(6, 2048 [pid 5208] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5209] <... ftruncate resumed>) = 0 [pid 5208] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5209] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5208] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5209] <... futex resumed>) = 0 [pid 5208] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5209] open("./bus", O_RDONLY [pid 5208] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5209] <... open resumed>) = 7 [pid 5209] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5208] <... futex resumed>) = 0 [pid 5209] sendfile(6, 7, NULL, 65536 [pid 5208] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5209] <... sendfile resumed>) = 2048 [pid 5208] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5209] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5208] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5209] <... futex resumed>) = 0 [pid 5208] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5209] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 5208] <... futex resumed>) = 0 [pid 5208] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5209] <... openat resumed>) = 8 [pid 5209] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5208] <... futex resumed>) = 0 [pid 5209] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5208] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5208] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5209] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5209] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5208] <... futex resumed>) = 0 [pid 5209] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5208] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5209] <... futex resumed>) = 0 [pid 5208] <... futex resumed>) = 1 [pid 5208] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5209] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 5209] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5208] <... futex resumed>) = 0 [pid 5209] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5208] exit_group(0 [pid 5209] <... futex resumed>) = ? [pid 5208] <... exit_group resumed>) = ? [pid 5209] +++ exited with 0 +++ [pid 5208] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5208, si_uid=0, si_status=0, si_utime=2, si_stime=16} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./72", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./72/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./72/binderfs") = 0 umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./72/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./72/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./72") = 0 mkdir("./73", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5229 attached , child_tidptr=0x55555746f5d0) = 5229 [pid 5229] set_robust_list(0x55555746f5e0, 24) = 0 [pid 5229] chdir("./73") = 0 [pid 5229] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5229] setpgid(0, 0) = 0 [pid 5229] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5229] write(3, "1000", 4) = 4 [pid 5229] close(3) = 0 [pid 5229] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5229] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5229] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 5229] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5229] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5230 attached [pid 5230] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 5230] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5229] <... clone resumed>, parent_tid=[5230], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 5230 [pid 5229] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5230] <... futex resumed>) = 0 [pid 5229] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5230] memfd_create("syzkaller", 0) = 3 [pid 5230] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 5230] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5230] munmap(0x7fdb59200000, 16777216) = 0 [pid 5230] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5230] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5230] close(3) = 0 [pid 5230] mkdir("./file0", 0777) = 0 [pid 5230] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5230] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5230] chdir("./file0") = 0 [pid 5230] ioctl(4, LOOP_CLR_FD) = 0 [pid 5230] close(4) = 0 [pid 5230] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5230] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5229] <... futex resumed>) = 0 [pid 5229] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5229] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5230] <... futex resumed>) = 0 [pid 5230] open("./file0", O_RDONLY) = 4 [pid 5230] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5229] <... futex resumed>) = 0 [pid 5229] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5229] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5230] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5230] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5229] <... futex resumed>) = 0 [pid 5230] <... futex resumed>) = 1 [pid 5229] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5230] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [ 91.157112][ T5230] loop0: detected capacity change from 0 to 32768 [ 91.188854][ T5230] _btrfs_printk: 45 callbacks suppressed [ 91.188866][ T5230] BTRFS info (device loop0): checking UUID tree [pid 5229] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5230] <... ioctl resumed>) = 0 [pid 5230] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5229] <... futex resumed>) = 0 [pid 5229] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5230] <... futex resumed>) = 1 [pid 5229] <... futex resumed>) = 0 [pid 5229] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5230] creat("./bus", 000) = 6 [pid 5230] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5229] <... futex resumed>) = 0 [pid 5230] <... futex resumed>) = 1 [pid 5229] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5229] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5230] ftruncate(6, 2048) = 0 [pid 5230] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5229] <... futex resumed>) = 0 [pid 5230] <... futex resumed>) = 1 [pid 5229] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5230] open("./bus", O_RDONLY [pid 5229] <... futex resumed>) = 0 [pid 5229] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5230] <... open resumed>) = 7 [pid 5230] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5229] <... futex resumed>) = 0 [pid 5230] <... futex resumed>) = 1 [pid 5229] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5229] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5230] sendfile(6, 7, NULL, 65536) = 2048 [pid 5230] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5229] <... futex resumed>) = 0 [pid 5230] <... futex resumed>) = 1 [pid 5229] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5229] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5230] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 5230] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5229] <... futex resumed>) = 0 [pid 5230] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5229] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5230] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5229] <... futex resumed>) = 0 [pid 5230] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 91.276422][ T56] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 91.296018][ T5230] BTRFS info (device loop0): balance: start -s [ 91.305112][ T5230] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5229] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5229] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5229] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 5229] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5229] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5250], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 5250 [pid 5229] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5229] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5230] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5230] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5250 attached [pid 5250] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 5250] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 5230] <... futex resumed>) = 0 [pid 5230] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5250] <... ioctl resumed>) = 0 [pid 5250] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5250] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5229] <... futex resumed>) = 0 [pid 5229] exit_group(0) = ? [pid 5250] <... futex resumed>) = ? [pid 5250] +++ exited with 0 +++ [pid 5230] <... futex resumed>) = ? [pid 5230] +++ exited with 0 +++ [pid 5229] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5229, si_uid=0, si_status=0, si_utime=2, si_stime=29} --- umount2("./73", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./73/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./73/binderfs") = 0 [ 91.332669][ T5230] BTRFS info (device loop0): balance: ended with status: 0 umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./73/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./73/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./73") = 0 mkdir("./74", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 5251 ./strace-static-x86_64: Process 5251 attached [pid 5251] set_robust_list(0x55555746f5e0, 24) = 0 [pid 5251] chdir("./74") = 0 [pid 5251] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5251] setpgid(0, 0) = 0 [pid 5251] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5251] write(3, "1000", 4) = 4 [pid 5251] close(3) = 0 [pid 5251] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5251] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5251] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 5251] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5251] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5252 attached , parent_tid=[5252], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 5252 [pid 5252] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 5252] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5251] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5252] <... futex resumed>) = 0 [pid 5251] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5252] memfd_create("syzkaller", 0) = 3 [pid 5252] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 5252] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5252] munmap(0x7fdb59200000, 16777216) = 0 [pid 5252] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5252] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5252] close(3) = 0 [pid 5252] mkdir("./file0", 0777) = 0 [ 91.656972][ T5252] loop0: detected capacity change from 0 to 32768 [ 91.669668][ T5252] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 91.679185][ T5252] BTRFS info (device loop0): force clearing of disk cache [ 91.686294][ T5252] BTRFS info (device loop0): setting nodatasum [ 91.692505][ T5252] BTRFS info (device loop0): allowing degraded mounts [ 91.699448][ T5252] BTRFS info (device loop0): enabling disk space caching [ 91.706470][ T5252] BTRFS info (device loop0): disk space caching is enabled [ 91.725930][ T5252] BTRFS info (device loop0): enabling ssd optimizations [ 91.733681][ T5252] BTRFS info (device loop0): clearing free space tree [ 91.740956][ T5252] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5252] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5252] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5252] chdir("./file0") = 0 [pid 5252] ioctl(4, LOOP_CLR_FD) = 0 [pid 5252] close(4) = 0 [pid 5252] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5251] <... futex resumed>) = 0 [pid 5251] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5251] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5252] open("./file0", O_RDONLY) = 4 [pid 5252] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5251] <... futex resumed>) = 0 [pid 5251] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5251] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5252] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5252] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5252] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5251] <... futex resumed>) = 0 [pid 5251] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5251] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5252] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5252] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5252] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5252] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5251] <... futex resumed>) = 0 [pid 5251] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5251] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5252] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5252] creat("./bus", 000) = 6 [pid 5252] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5251] <... futex resumed>) = 0 [pid 5251] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5251] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5252] ftruncate(6, 2048) = 0 [pid 5252] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5251] <... futex resumed>) = 0 [pid 5251] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5251] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 91.750856][ T5252] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 91.764055][ T5252] BTRFS info (device loop0): checking UUID tree [pid 5252] open("./bus", O_RDONLY) = 7 [pid 5252] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5251] <... futex resumed>) = 0 [pid 5252] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5251] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5252] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5251] <... futex resumed>) = 0 [pid 5252] sendfile(6, 7, NULL, 65536 [pid 5251] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5252] <... sendfile resumed>) = 2048 [pid 5252] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5252] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5251] <... futex resumed>) = 0 [pid 5251] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5252] <... futex resumed>) = 0 [pid 5251] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5252] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 5252] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5251] <... futex resumed>) = 0 [pid 5252] <... futex resumed>) = 1 [pid 5251] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5252] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5251] <... futex resumed>) = 0 [pid 5251] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5251] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5251] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 5251] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5251] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5272], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 5272 [pid 5251] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5251] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5252] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5252] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5252] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5272 attached [pid 5272] set_robust_list(0x7fdb617d59e0, 24) = 0 [ 91.834192][ T56] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 91.844612][ T5252] BTRFS info (device loop0): balance: start -s [ 91.852433][ T5252] BTRFS info (device loop0): relocating block group 1048576 flags system [ 91.876117][ T5252] BTRFS info (device loop0): balance: ended with status: 0 [pid 5272] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 5272] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5251] <... futex resumed>) = 0 [pid 5251] exit_group(0 [pid 5252] <... futex resumed>) = ? [pid 5251] <... exit_group resumed>) = ? [pid 5252] +++ exited with 0 +++ [pid 5272] <... futex resumed>) = ? [pid 5272] +++ exited with 0 +++ [pid 5251] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5251, si_uid=0, si_status=0, si_utime=2, si_stime=29} --- umount2("./74", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./74/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./74/binderfs") = 0 umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./74/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./74/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./74") = 0 mkdir("./75", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 5273 ./strace-static-x86_64: Process 5273 attached [pid 5273] set_robust_list(0x55555746f5e0, 24) = 0 [pid 5273] chdir("./75") = 0 [pid 5273] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5273] setpgid(0, 0) = 0 [pid 5273] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5273] write(3, "1000", 4) = 4 [pid 5273] close(3) = 0 [pid 5273] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5273] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5273] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 5273] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5273] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5274 attached , parent_tid=[5274], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 5274 [pid 5274] set_robust_list(0x7fdb617f69e0, 24 [pid 5273] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5274] <... set_robust_list resumed>) = 0 [pid 5273] <... futex resumed>) = 0 [pid 5273] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5274] memfd_create("syzkaller", 0) = 3 [pid 5274] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 5274] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5274] munmap(0x7fdb59200000, 16777216) = 0 [pid 5274] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5274] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5274] close(3) = 0 [pid 5274] mkdir("./file0", 0777) = 0 [ 92.219496][ T5274] loop0: detected capacity change from 0 to 32768 [ 92.233246][ T5274] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 92.242557][ T5274] BTRFS info (device loop0): force clearing of disk cache [ 92.249758][ T5274] BTRFS info (device loop0): setting nodatasum [ 92.255915][ T5274] BTRFS info (device loop0): allowing degraded mounts [ 92.262955][ T5274] BTRFS info (device loop0): enabling disk space caching [ 92.270068][ T5274] BTRFS info (device loop0): disk space caching is enabled [ 92.291262][ T5274] BTRFS info (device loop0): enabling ssd optimizations [ 92.299262][ T5274] BTRFS info (device loop0): clearing free space tree [ 92.306117][ T5274] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5274] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5274] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5274] chdir("./file0") = 0 [pid 5274] ioctl(4, LOOP_CLR_FD) = 0 [pid 5274] close(4) = 0 [pid 5274] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5273] <... futex resumed>) = 0 [pid 5273] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5274] open("./file0", O_RDONLY [pid 5273] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5274] <... open resumed>) = 4 [pid 5274] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5273] <... futex resumed>) = 0 [pid 5273] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5273] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5274] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5274] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5273] <... futex resumed>) = 0 [pid 5274] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5273] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5273] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5274] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5274] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5274] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5274] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5273] <... futex resumed>) = 0 [pid 5273] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5274] <... futex resumed>) = 0 [pid 5273] <... futex resumed>) = 1 [ 92.315953][ T5274] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 92.329341][ T5274] BTRFS info (device loop0): checking UUID tree [pid 5274] creat("./bus", 000) = 6 [pid 5273] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5274] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5274] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5273] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5273] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5274] <... futex resumed>) = 0 [pid 5273] <... futex resumed>) = 1 [pid 5274] ftruncate(6, 2048) = 0 [pid 5274] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5274] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5273] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5273] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5274] <... futex resumed>) = 0 [pid 5273] <... futex resumed>) = 1 [pid 5274] open("./bus", O_RDONLY) = 7 [pid 5273] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5274] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5273] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5274] <... futex resumed>) = 0 [pid 5274] sendfile(6, 7, NULL, 65536 [pid 5273] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5274] <... sendfile resumed>) = 2048 [pid 5274] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5273] <... futex resumed>) = 0 [pid 5274] <... futex resumed>) = 0 [pid 5273] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5274] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5273] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5273] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5274] <... futex resumed>) = 0 [pid 5273] <... futex resumed>) = 1 [pid 5274] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 5273] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5274] <... openat resumed>) = 8 [pid 5274] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5273] <... futex resumed>) = 0 [pid 5274] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5273] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5274] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5273] <... futex resumed>) = 0 [pid 5274] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 92.382332][ T56] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 5273] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5273] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5273] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 5273] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5273] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5296], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 5296 [pid 5273] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5273] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5296 attached [pid 5296] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 5296] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 5274] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5274] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 92.424262][ T5274] BTRFS info (device loop0): balance: start -s [ 92.433158][ T5274] BTRFS info (device loop0): relocating block group 1048576 flags system [ 92.461562][ T5274] BTRFS info (device loop0): balance: ended with status: 0 [pid 5274] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5296] <... ioctl resumed>) = 0 [pid 5296] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5273] <... futex resumed>) = 0 [pid 5273] exit_group(0 [pid 5274] <... futex resumed>) = ? [pid 5273] <... exit_group resumed>) = ? [pid 5274] +++ exited with 0 +++ [pid 5296] <... futex resumed>) = ? [pid 5296] +++ exited with 0 +++ [pid 5273] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5273, si_uid=0, si_status=0, si_utime=3, si_stime=27} --- umount2("./75", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./75/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./75/binderfs") = 0 umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./75/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./75/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./75") = 0 mkdir("./76", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5297 attached , child_tidptr=0x55555746f5d0) = 5297 [pid 5297] set_robust_list(0x55555746f5e0, 24) = 0 [pid 5297] chdir("./76") = 0 [pid 5297] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5297] setpgid(0, 0) = 0 [pid 5297] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5297] write(3, "1000", 4) = 4 [pid 5297] close(3) = 0 [pid 5297] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5297] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5297] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 5297] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5297] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5298], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 5298 ./strace-static-x86_64: Process 5298 attached [pid 5298] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 5298] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5297] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5298] <... futex resumed>) = 0 [pid 5297] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5298] memfd_create("syzkaller", 0) = 3 [pid 5298] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 5298] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5298] munmap(0x7fdb59200000, 16777216) = 0 [pid 5298] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5298] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5298] close(3) = 0 [pid 5298] mkdir("./file0", 0777) = 0 [ 92.806981][ T5298] loop0: detected capacity change from 0 to 32768 [ 92.822179][ T5298] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 92.831495][ T5298] BTRFS info (device loop0): force clearing of disk cache [ 92.838855][ T5298] BTRFS info (device loop0): setting nodatasum [ 92.845019][ T5298] BTRFS info (device loop0): allowing degraded mounts [ 92.851994][ T5298] BTRFS info (device loop0): enabling disk space caching [ 92.859459][ T5298] BTRFS info (device loop0): disk space caching is enabled [ 92.878665][ T5298] BTRFS info (device loop0): enabling ssd optimizations [ 92.886303][ T5298] BTRFS info (device loop0): clearing free space tree [ 92.893221][ T5298] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5298] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5298] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5298] chdir("./file0") = 0 [pid 5298] ioctl(4, LOOP_CLR_FD) = 0 [pid 5298] close(4) = 0 [pid 5298] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5297] <... futex resumed>) = 0 [pid 5298] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5297] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5297] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5298] <... futex resumed>) = 0 [pid 5298] open("./file0", O_RDONLY) = 4 [pid 5298] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5297] <... futex resumed>) = 0 [pid 5298] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5297] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5297] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5298] <... futex resumed>) = 0 [ 92.902938][ T5298] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 92.916285][ T5298] BTRFS info (device loop0): checking UUID tree [ 92.941689][ T27] kauditd_printk_skb: 10 callbacks suppressed [pid 5298] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5298] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5297] <... futex resumed>) = 0 [pid 5298] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5297] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5298] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5297] <... futex resumed>) = 0 [pid 5298] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5297] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5298] <... ioctl resumed>) = 0 [pid 5298] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5297] <... futex resumed>) = 0 [pid 5298] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5297] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5298] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5297] <... futex resumed>) = 0 [pid 5298] creat("./bus", 000 [pid 5297] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5298] <... creat resumed>) = 6 [pid 5298] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5297] <... futex resumed>) = 0 [pid 5298] ftruncate(6, 2048 [pid 5297] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5298] <... ftruncate resumed>) = 0 [pid 5297] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5298] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5297] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5298] <... futex resumed>) = 0 [pid 5297] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5298] open("./bus", O_RDONLY [pid 5297] <... futex resumed>) = 0 [pid 5297] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5298] <... open resumed>) = 7 [ 92.941702][ T27] audit: type=1800 audit(1670043473.445:154): pid=5298 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5298] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5297] <... futex resumed>) = 0 [pid 5298] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5297] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5298] sendfile(6, 7, NULL, 65536 [pid 5297] <... futex resumed>) = 0 [pid 5297] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5298] <... sendfile resumed>) = 2048 [pid 5298] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5297] <... futex resumed>) = 0 [pid 5298] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5297] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5298] <... futex resumed>) = 0 [pid 5297] <... futex resumed>) = 1 [pid 5298] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 5297] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5298] <... openat resumed>) = 8 [pid 5298] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5297] <... futex resumed>) = 0 [pid 5298] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5297] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5298] <... futex resumed>) = 0 [pid 5297] <... futex resumed>) = 1 [pid 5298] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 93.004325][ T27] audit: type=1804 audit(1670043473.505:155): pid=5298 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/76/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 93.006625][ T56] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 93.048388][ T5298] BTRFS info (device loop0): balance: start -s [pid 5297] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5297] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5297] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 5297] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5297] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5319], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 5319 [pid 5297] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 93.055624][ T5298] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5297] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5319 attached [pid 5319] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 5319] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 5297] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5298] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5319] <... ioctl resumed>) = 0 [pid 5319] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5319] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5298] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5297] exit_group(0) = ? [pid 5319] <... futex resumed>) = ? [pid 5319] +++ exited with 0 +++ [pid 5298] <... futex resumed>) = ? [pid 5298] +++ exited with 0 +++ [pid 5297] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5297, si_uid=0, si_status=0, si_utime=3, si_stime=27} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./76", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./76/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./76/binderfs") = 0 [ 93.103786][ T5298] BTRFS info (device loop0): balance: ended with status: 0 umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./76/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./76/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./76") = 0 mkdir("./77", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 5320 ./strace-static-x86_64: Process 5320 attached [pid 5320] set_robust_list(0x55555746f5e0, 24) = 0 [pid 5320] chdir("./77") = 0 [pid 5320] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5320] setpgid(0, 0) = 0 [pid 5320] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5320] write(3, "1000", 4) = 4 [pid 5320] close(3) = 0 [pid 5320] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5320] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5320] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 5320] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5320] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5321], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 5321 ./strace-static-x86_64: Process 5321 attached [pid 5320] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5321] set_robust_list(0x7fdb617f69e0, 24 [pid 5320] <... futex resumed>) = 0 [pid 5320] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5321] <... set_robust_list resumed>) = 0 [pid 5321] memfd_create("syzkaller", 0) = 3 [pid 5321] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 5321] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5321] munmap(0x7fdb59200000, 16777216) = 0 [pid 5321] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5321] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5321] close(3) = 0 [pid 5321] mkdir("./file0", 0777) = 0 [ 93.426966][ T5321] loop0: detected capacity change from 0 to 32768 [ 93.440425][ T5321] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 93.449773][ T5321] BTRFS info (device loop0): force clearing of disk cache [ 93.456907][ T5321] BTRFS info (device loop0): setting nodatasum [ 93.463166][ T5321] BTRFS info (device loop0): allowing degraded mounts [ 93.469970][ T5321] BTRFS info (device loop0): enabling disk space caching [ 93.476976][ T5321] BTRFS info (device loop0): disk space caching is enabled [ 93.496775][ T5321] BTRFS info (device loop0): enabling ssd optimizations [ 93.504519][ T5321] BTRFS info (device loop0): clearing free space tree [ 93.511902][ T5321] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5321] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5321] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5321] chdir("./file0") = 0 [pid 5321] ioctl(4, LOOP_CLR_FD) = 0 [pid 5321] close(4) = 0 [pid 5321] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5320] <... futex resumed>) = 0 [pid 5321] open("./file0", O_RDONLY [pid 5320] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5321] <... open resumed>) = 4 [pid 5320] <... futex resumed>) = 0 [pid 5320] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5321] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5320] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5321] <... futex resumed>) = 0 [pid 5320] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5321] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5320] <... futex resumed>) = 0 [ 93.521899][ T5321] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 93.535774][ T5321] BTRFS info (device loop0): checking UUID tree [pid 5320] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5321] <... open resumed>) = 5 [pid 5321] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5320] <... futex resumed>) = 0 [pid 5321] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5320] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5321] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5320] <... futex resumed>) = 0 [pid 5321] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5320] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5321] <... ioctl resumed>) = 0 [pid 5321] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5320] <... futex resumed>) = 0 [pid 5321] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5320] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5321] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5320] <... futex resumed>) = 0 [pid 5321] creat("./bus", 000 [pid 5320] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5321] <... creat resumed>) = 6 [pid 5321] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5320] <... futex resumed>) = 0 [pid 5321] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5320] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5321] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5320] <... futex resumed>) = 0 [pid 5321] ftruncate(6, 2048 [pid 5320] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5321] <... ftruncate resumed>) = 0 [pid 5321] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5320] <... futex resumed>) = 0 [pid 5321] open("./bus", O_RDONLY [pid 5320] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 93.562635][ T27] audit: type=1800 audit(1670043474.065:156): pid=5321 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 93.601613][ T27] audit: type=1804 audit(1670043474.105:157): pid=5321 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/77/file0/bus" dev="loop0" ino=263 res=1 errno=0 [pid 5320] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5321] <... open resumed>) = 7 [pid 5321] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5321] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5320] <... futex resumed>) = 0 [pid 5320] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5321] <... futex resumed>) = 0 [pid 5320] <... futex resumed>) = 1 [pid 5321] sendfile(6, 7, NULL, 65536 [pid 5320] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5321] <... sendfile resumed>) = 2048 [pid 5321] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5320] <... futex resumed>) = 0 [pid 5321] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5320] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5321] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5320] <... futex resumed>) = 0 [pid 5321] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 5320] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5321] <... openat resumed>) = 8 [pid 5321] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5320] <... futex resumed>) = 0 [pid 5321] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5320] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5321] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5320] <... futex resumed>) = 0 [pid 5321] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 93.602732][ T56] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 93.643961][ T5321] BTRFS info (device loop0): balance: start -s [ 93.655965][ T5321] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5320] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5320] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5320] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 5320] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5321] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5320] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5341 attached [pid 5321] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5320] <... clone resumed>, parent_tid=[5341], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 5341 [pid 5341] set_robust_list(0x7fdb617d59e0, 24 [pid 5321] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5320] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5341] <... set_robust_list resumed>) = 0 [pid 5320] <... futex resumed>) = 0 [pid 5341] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 5320] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5341] <... ioctl resumed>) = 0 [pid 5341] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5320] <... futex resumed>) = 0 [pid 5341] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5320] exit_group(0 [pid 5341] <... futex resumed>) = ? [pid 5321] <... futex resumed>) = ? [pid 5320] <... exit_group resumed>) = ? [pid 5341] +++ exited with 0 +++ [pid 5321] +++ exited with 0 +++ [pid 5320] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5320, si_uid=0, si_status=0, si_utime=1, si_stime=33} --- umount2("./77", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./77/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./77/binderfs") = 0 [ 93.681743][ T5321] BTRFS info (device loop0): balance: ended with status: 0 umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./77/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./77/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./77") = 0 mkdir("./78", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 5342 ./strace-static-x86_64: Process 5342 attached [pid 5342] set_robust_list(0x55555746f5e0, 24) = 0 [pid 5342] chdir("./78") = 0 [pid 5342] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5342] setpgid(0, 0) = 0 [pid 5342] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5342] write(3, "1000", 4) = 4 [pid 5342] close(3) = 0 [pid 5342] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5342] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5342] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 5342] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5342] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5343 attached , parent_tid=[5343], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 5343 [pid 5343] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 5343] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5342] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5343] <... futex resumed>) = 0 [pid 5342] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5343] memfd_create("syzkaller", 0) = 3 [pid 5343] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 5343] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5343] munmap(0x7fdb59200000, 16777216) = 0 [pid 5343] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5343] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5343] close(3) = 0 [pid 5343] mkdir("./file0", 0777) = 0 [ 94.020760][ T5343] loop0: detected capacity change from 0 to 32768 [ 94.034011][ T5343] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 94.043324][ T5343] BTRFS info (device loop0): force clearing of disk cache [ 94.050718][ T5343] BTRFS info (device loop0): setting nodatasum [ 94.056873][ T5343] BTRFS info (device loop0): allowing degraded mounts [ 94.063980][ T5343] BTRFS info (device loop0): enabling disk space caching [ 94.071187][ T5343] BTRFS info (device loop0): disk space caching is enabled [ 94.088640][ T5343] BTRFS info (device loop0): enabling ssd optimizations [ 94.096532][ T5343] BTRFS info (device loop0): clearing free space tree [ 94.103459][ T5343] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5343] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5343] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5343] chdir("./file0") = 0 [pid 5343] ioctl(4, LOOP_CLR_FD) = 0 [pid 5343] close(4) = 0 [pid 5343] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5342] <... futex resumed>) = 0 [pid 5342] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5342] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5343] <... futex resumed>) = 1 [pid 5343] open("./file0", O_RDONLY) = 4 [pid 5343] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5342] <... futex resumed>) = 0 [pid 5342] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5342] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5343] <... futex resumed>) = 1 [pid 5343] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5343] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5342] <... futex resumed>) = 0 [pid 5342] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5342] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5343] <... futex resumed>) = 1 [pid 5343] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5343] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5342] <... futex resumed>) = 0 [pid 5342] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5342] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5343] <... futex resumed>) = 1 [ 94.113243][ T5343] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 94.126589][ T5343] BTRFS info (device loop0): checking UUID tree [pid 5343] creat("./bus", 000) = 6 [pid 5343] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5342] <... futex resumed>) = 0 [pid 5342] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5342] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5343] <... futex resumed>) = 1 [pid 5343] ftruncate(6, 2048) = 0 [pid 5343] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5342] <... futex resumed>) = 0 [pid 5342] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5342] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5343] <... futex resumed>) = 1 [pid 5343] open("./bus", O_RDONLY) = 7 [pid 5343] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5342] <... futex resumed>) = 0 [pid 5343] sendfile(6, 7, NULL, 65536 [pid 5342] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5342] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5343] <... sendfile resumed>) = 2048 [pid 5343] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5342] <... futex resumed>) = 0 [pid 5342] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5343] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 5342] <... futex resumed>) = 0 [pid 5342] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5343] <... openat resumed>) = 8 [pid 5343] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5343] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5342] <... futex resumed>) = 0 [pid 5342] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5343] <... futex resumed>) = 0 [pid 5342] <... futex resumed>) = 1 [pid 5343] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 94.154851][ T27] audit: type=1800 audit(1670043474.655:158): pid=5343 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 94.179524][ T56] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 94.194431][ T27] audit: type=1804 audit(1670043474.695:159): pid=5343 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/78/file0/bus" dev="loop0" ino=263 res=1 errno=0 [pid 5342] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5342] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5342] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 5342] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5342] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5364], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 5364 [pid 5342] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5342] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5343] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5343] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5343] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5364 attached [pid 5364] set_robust_list(0x7fdb617d59e0, 24) = 0 [ 94.228120][ T5343] BTRFS info (device loop0): balance: start -s [ 94.235976][ T5343] BTRFS info (device loop0): relocating block group 1048576 flags system [ 94.262988][ T5343] BTRFS info (device loop0): balance: ended with status: 0 [pid 5364] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 5364] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5342] <... futex resumed>) = 0 [pid 5364] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5342] exit_group(0 [pid 5364] <... futex resumed>) = ? [pid 5343] <... futex resumed>) = ? [pid 5342] <... exit_group resumed>) = ? [pid 5343] +++ exited with 0 +++ [pid 5364] +++ exited with 0 +++ [pid 5342] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5342, si_uid=0, si_status=0, si_utime=2, si_stime=28} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./78", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./78/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./78/binderfs") = 0 umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./78/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./78/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./78") = 0 mkdir("./79", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 5365 ./strace-static-x86_64: Process 5365 attached [pid 5365] set_robust_list(0x55555746f5e0, 24) = 0 [pid 5365] chdir("./79") = 0 [pid 5365] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5365] setpgid(0, 0) = 0 [pid 5365] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5365] write(3, "1000", 4) = 4 [pid 5365] close(3) = 0 [pid 5365] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5365] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5365] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 5365] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5365] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5366 attached , parent_tid=[5366], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 5366 [pid 5366] set_robust_list(0x7fdb617f69e0, 24 [pid 5365] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5366] <... set_robust_list resumed>) = 0 [pid 5365] <... futex resumed>) = 0 [pid 5365] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5366] memfd_create("syzkaller", 0) = 3 [pid 5366] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 5366] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5366] munmap(0x7fdb59200000, 16777216) = 0 [pid 5366] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5366] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5366] close(3) = 0 [pid 5366] mkdir("./file0", 0777) = 0 [ 94.608043][ T5366] loop0: detected capacity change from 0 to 32768 [ 94.620678][ T5366] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 94.630035][ T5366] BTRFS info (device loop0): force clearing of disk cache [ 94.637209][ T5366] BTRFS info (device loop0): setting nodatasum [ 94.643433][ T5366] BTRFS info (device loop0): allowing degraded mounts [ 94.650450][ T5366] BTRFS info (device loop0): enabling disk space caching [ 94.657585][ T5366] BTRFS info (device loop0): disk space caching is enabled [ 94.683000][ T5366] BTRFS info (device loop0): enabling ssd optimizations [ 94.690942][ T5366] BTRFS info (device loop0): clearing free space tree [pid 5366] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5366] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5366] chdir("./file0") = 0 [pid 5366] ioctl(4, LOOP_CLR_FD) = 0 [pid 5366] close(4) = 0 [pid 5366] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5365] <... futex resumed>) = 0 [pid 5365] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5365] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5366] <... futex resumed>) = 1 [pid 5366] open("./file0", O_RDONLY) = 4 [pid 5366] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5365] <... futex resumed>) = 0 [pid 5365] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5365] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5366] <... futex resumed>) = 1 [pid 5366] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5366] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5365] <... futex resumed>) = 0 [pid 5365] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5365] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5366] <... futex resumed>) = 1 [ 94.700577][ T5366] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 94.711074][ T5366] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 94.725524][ T5366] BTRFS info (device loop0): checking UUID tree [pid 5366] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5366] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5365] <... futex resumed>) = 0 [pid 5365] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5365] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5366] <... futex resumed>) = 1 [pid 5366] creat("./bus", 000) = 6 [pid 5366] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5365] <... futex resumed>) = 0 [pid 5365] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5365] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5366] <... futex resumed>) = 1 [pid 5366] ftruncate(6, 2048) = 0 [pid 5366] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5366] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5365] <... futex resumed>) = 0 [pid 5365] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5366] <... futex resumed>) = 0 [pid 5365] <... futex resumed>) = 1 [pid 5366] open("./bus", O_RDONLY [pid 5365] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5366] <... open resumed>) = 7 [pid 5366] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 94.740853][ T27] audit: type=1800 audit(1670043475.245:160): pid=5366 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5366] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5365] <... futex resumed>) = 0 [pid 5365] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5366] <... futex resumed>) = 0 [pid 5365] <... futex resumed>) = 1 [pid 5366] sendfile(6, 7, NULL, 65536 [pid 5365] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5366] <... sendfile resumed>) = 2048 [pid 5366] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5365] <... futex resumed>) = 0 [pid 5366] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5365] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5366] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5365] <... futex resumed>) = 0 [pid 5366] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 5365] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5366] <... openat resumed>) = 8 [pid 5366] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5365] <... futex resumed>) = 0 [pid 5366] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5365] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5366] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5365] <... futex resumed>) = 0 [pid 5366] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 94.783235][ T27] audit: type=1804 audit(1670043475.285:161): pid=5366 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/79/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 94.787061][ T56] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 5365] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5365] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5365] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 5365] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5365] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5388], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 5388 [pid 5365] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5365] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5388 attached [pid 5366] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5366] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5366] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5388] set_robust_list(0x7fdb617d59e0, 24) = 0 [ 94.836742][ T5366] BTRFS info (device loop0): balance: start -s [ 94.844465][ T5366] BTRFS info (device loop0): relocating block group 1048576 flags system [ 94.871567][ T5366] BTRFS info (device loop0): balance: ended with status: 0 [pid 5388] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 5388] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5365] <... futex resumed>) = 0 [pid 5388] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5365] exit_group(0 [pid 5388] <... futex resumed>) = ? [pid 5366] <... futex resumed>) = ? [pid 5365] <... exit_group resumed>) = ? [pid 5366] +++ exited with 0 +++ [pid 5388] +++ exited with 0 +++ [pid 5365] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5365, si_uid=0, si_status=0, si_utime=4, si_stime=25} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./79", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./79/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./79/binderfs") = 0 umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./79/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./79/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./79") = 0 mkdir("./80", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 5389 ./strace-static-x86_64: Process 5389 attached [pid 5389] set_robust_list(0x55555746f5e0, 24) = 0 [pid 5389] chdir("./80") = 0 [pid 5389] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5389] setpgid(0, 0) = 0 [pid 5389] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5389] write(3, "1000", 4) = 4 [pid 5389] close(3) = 0 [pid 5389] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5389] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5389] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 5389] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5389] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5390 attached , parent_tid=[5390], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 5390 [pid 5390] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 5390] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5389] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5390] <... futex resumed>) = 0 [pid 5389] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5390] memfd_create("syzkaller", 0) = 3 [pid 5390] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 5390] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5390] munmap(0x7fdb59200000, 16777216) = 0 [pid 5390] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5390] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5390] close(3) = 0 [pid 5390] mkdir("./file0", 0777) = 0 [pid 5390] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5390] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5390] chdir("./file0") = 0 [pid 5390] ioctl(4, LOOP_CLR_FD) = 0 [pid 5390] close(4) = 0 [pid 5390] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5389] <... futex resumed>) = 0 [pid 5389] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5389] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5390] <... futex resumed>) = 1 [pid 5390] open("./file0", O_RDONLY) = 4 [pid 5390] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5389] <... futex resumed>) = 0 [pid 5389] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5389] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5390] <... futex resumed>) = 1 [ 95.239919][ T5390] loop0: detected capacity change from 0 to 32768 [ 95.251869][ T5390] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 95.261143][ T5390] BTRFS info (device loop0): force clearing of disk cache [ 95.268343][ T5390] BTRFS info (device loop0): setting nodatasum [ 95.274512][ T5390] BTRFS info (device loop0): allowing degraded mounts [ 95.281329][ T5390] BTRFS info (device loop0): enabling disk space caching [pid 5390] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5390] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5389] <... futex resumed>) = 0 [pid 5390] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5389] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5390] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5389] <... futex resumed>) = 0 [pid 5390] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5389] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5390] <... ioctl resumed>) = 0 [pid 5390] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5389] <... futex resumed>) = 0 [pid 5390] creat("./bus", 000 [pid 5389] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5390] <... creat resumed>) = 6 [pid 5389] <... futex resumed>) = 0 [pid 5389] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5390] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5389] <... futex resumed>) = 0 [pid 5390] ftruncate(6, 2048 [pid 5389] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5390] <... ftruncate resumed>) = 0 [pid 5389] <... futex resumed>) = 0 [pid 5390] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5389] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5390] <... futex resumed>) = 0 [pid 5389] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5390] open("./bus", O_RDONLY [pid 5389] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5390] <... open resumed>) = 7 [pid 5389] <... futex resumed>) = 0 [pid 5390] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5389] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5390] <... futex resumed>) = 0 [pid 5389] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5390] sendfile(6, 7, NULL, 65536 [pid 5389] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5390] <... sendfile resumed>) = 2048 [pid 5389] <... futex resumed>) = 0 [pid 5390] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5389] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5390] <... futex resumed>) = 0 [pid 5389] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5390] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 5389] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5389] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5390] <... openat resumed>) = 8 [pid 5390] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5389] <... futex resumed>) = 0 [pid 5390] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5389] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 95.322074][ T27] audit: type=1800 audit(1670043475.825:162): pid=5390 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5389] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5390] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5390] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5389] <... futex resumed>) = 0 [pid 5389] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5390] <... futex resumed>) = 1 [pid 5389] <... futex resumed>) = 0 [pid 5389] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 95.357706][ T27] audit: type=1804 audit(1670043475.865:163): pid=5390 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/80/file0/bus" dev="loop0" ino=263 res=1 errno=0 [pid 5390] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 5390] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5389] <... futex resumed>) = 0 [pid 5390] <... futex resumed>) = 1 [pid 5389] exit_group(0 [pid 5390] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5389] <... exit_group resumed>) = ? [pid 5390] +++ exited with 0 +++ [pid 5389] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5389, si_uid=0, si_status=0, si_utime=0, si_stime=22} --- umount2("./80", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./80/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./80/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./80/binderfs") = 0 umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./80/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./80/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./80") = 0 mkdir("./81", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 5410 ./strace-static-x86_64: Process 5410 attached [pid 5410] set_robust_list(0x55555746f5e0, 24) = 0 [pid 5410] chdir("./81") = 0 [pid 5410] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5410] setpgid(0, 0) = 0 [pid 5410] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5410] write(3, "1000", 4) = 4 [pid 5410] close(3) = 0 [pid 5410] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5410] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5410] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 5410] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5410] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5411], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 5411 [pid 5410] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5410] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5411 attached [pid 5411] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 5411] memfd_create("syzkaller", 0) = 3 [pid 5411] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 5411] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5411] munmap(0x7fdb59200000, 16777216) = 0 [pid 5411] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5411] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5411] close(3) = 0 [pid 5411] mkdir("./file0", 0777) = 0 [pid 5411] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5411] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5411] chdir("./file0") = 0 [pid 5411] ioctl(4, LOOP_CLR_FD) = 0 [pid 5411] close(4) = 0 [pid 5411] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5410] <... futex resumed>) = 0 [pid 5410] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5410] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5411] open("./file0", O_RDONLY) = 4 [pid 5411] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5410] <... futex resumed>) = 0 [pid 5410] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5410] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5411] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5411] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5410] <... futex resumed>) = 0 [pid 5410] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 95.719162][ T5411] loop0: detected capacity change from 0 to 32768 [pid 5410] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5411] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5411] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5410] <... futex resumed>) = 0 [pid 5410] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5410] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5411] creat("./bus", 000) = 6 [pid 5411] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5410] <... futex resumed>) = 0 [pid 5410] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5410] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5411] <... futex resumed>) = 1 [pid 5411] ftruncate(6, 2048) = 0 [pid 5411] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5410] <... futex resumed>) = 0 [pid 5410] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5410] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5411] open("./bus", O_RDONLY) = 7 [pid 5411] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5410] <... futex resumed>) = 0 [pid 5410] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5410] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5411] sendfile(6, 7, NULL, 65536) = 2048 [pid 5411] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5410] <... futex resumed>) = 0 [pid 5410] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5410] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5411] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 5411] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5410] <... futex resumed>) = 0 [pid 5410] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5410] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5411] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5411] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5410] <... futex resumed>) = 0 [pid 5410] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5410] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5411] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 5411] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5410] <... futex resumed>) = 0 [pid 5410] exit_group(0) = ? [pid 5411] +++ exited with 0 +++ [pid 5410] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5410, si_uid=0, si_status=0, si_utime=2, si_stime=18} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./81", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./81/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./81/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./81/binderfs") = 0 umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./81/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./81/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./81") = 0 mkdir("./82", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 5431 ./strace-static-x86_64: Process 5431 attached [pid 5431] set_robust_list(0x55555746f5e0, 24) = 0 [pid 5431] chdir("./82") = 0 [pid 5431] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5431] setpgid(0, 0) = 0 [pid 5431] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5431] write(3, "1000", 4) = 4 [pid 5431] close(3) = 0 [pid 5431] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5431] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5431] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 5431] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5431] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5432 attached , parent_tid=[5432], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 5432 [pid 5432] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 5431] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5432] memfd_create("syzkaller", 0 [pid 5431] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5432] <... memfd_create resumed>) = 3 [pid 5432] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 5432] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5432] munmap(0x7fdb59200000, 16777216) = 0 [pid 5432] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5432] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5432] close(3) = 0 [pid 5432] mkdir("./file0", 0777) = 0 [ 96.216966][ T5432] loop0: detected capacity change from 0 to 32768 [ 96.230257][ T5432] _btrfs_printk: 25 callbacks suppressed [ 96.230284][ T5432] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 96.245243][ T5432] BTRFS info (device loop0): force clearing of disk cache [ 96.252444][ T5432] BTRFS info (device loop0): setting nodatasum [ 96.258640][ T5432] BTRFS info (device loop0): allowing degraded mounts [ 96.265422][ T5432] BTRFS info (device loop0): enabling disk space caching [ 96.272492][ T5432] BTRFS info (device loop0): disk space caching is enabled [ 96.290861][ T5432] BTRFS info (device loop0): enabling ssd optimizations [ 96.298762][ T5432] BTRFS info (device loop0): clearing free space tree [ 96.305666][ T5432] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5432] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5432] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5432] chdir("./file0") = 0 [pid 5432] ioctl(4, LOOP_CLR_FD) = 0 [pid 5432] close(4) = 0 [pid 5432] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5431] <... futex resumed>) = 0 [pid 5432] open("./file0", O_RDONLY [pid 5431] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5431] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5432] <... open resumed>) = 4 [pid 5432] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5431] <... futex resumed>) = 0 [pid 5432] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5431] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5431] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5432] <... open resumed>) = 5 [pid 5432] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5431] <... futex resumed>) = 0 [pid 5431] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5431] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5432] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5432] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5432] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5431] <... futex resumed>) = 0 [pid 5431] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5431] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5432] <... futex resumed>) = 0 [ 96.315692][ T5432] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 96.329301][ T5432] BTRFS info (device loop0): checking UUID tree [pid 5432] creat("./bus", 000) = 6 [pid 5432] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5432] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5431] <... futex resumed>) = 0 [pid 5431] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5432] <... futex resumed>) = 0 [pid 5431] <... futex resumed>) = 1 [pid 5431] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5432] ftruncate(6, 2048) = 0 [pid 5432] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5431] <... futex resumed>) = 0 [pid 5431] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5432] open("./bus", O_RDONLY [pid 5431] <... futex resumed>) = 0 [pid 5431] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5432] <... open resumed>) = 7 [pid 5432] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5431] <... futex resumed>) = 0 [pid 5431] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5431] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5432] sendfile(6, 7, NULL, 65536) = 2048 [pid 5432] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5431] <... futex resumed>) = 0 [pid 5431] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5431] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5432] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 5432] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5431] <... futex resumed>) = 0 [pid 5431] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5431] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 96.380184][ T46] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 96.410389][ T5432] BTRFS info (device loop0): balance: start -s [ 96.418610][ T5432] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5432] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5431] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5431] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5431] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 5431] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5431] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5452], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 5452 [pid 5431] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5431] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5432] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5432] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5432] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5452 attached [pid 5452] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 5452] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 5452] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5431] <... futex resumed>) = 0 [pid 5452] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5431] exit_group(0) = ? [pid 5452] <... futex resumed>) = ? [pid 5452] +++ exited with 0 +++ [pid 5432] <... futex resumed>) = ? [pid 5432] +++ exited with 0 +++ [pid 5431] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5431, si_uid=0, si_status=0, si_utime=1, si_stime=30} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./82", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./82/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./82/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./82/binderfs") = 0 [ 96.443339][ T5432] BTRFS info (device loop0): balance: ended with status: 0 umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./82/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./82/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./82") = 0 mkdir("./83", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 5453 ./strace-static-x86_64: Process 5453 attached [pid 5453] set_robust_list(0x55555746f5e0, 24) = 0 [pid 5453] chdir("./83") = 0 [pid 5453] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5453] setpgid(0, 0) = 0 [pid 5453] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5453] write(3, "1000", 4) = 4 [pid 5453] close(3) = 0 [pid 5453] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5453] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5453] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 5453] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5453] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5454], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 5454 [pid 5453] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5453] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5454 attached [pid 5454] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 5454] memfd_create("syzkaller", 0) = 3 [pid 5454] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 5454] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5454] munmap(0x7fdb59200000, 16777216) = 0 [pid 5454] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5454] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5454] close(3) = 0 [pid 5454] mkdir("./file0", 0777) = 0 [ 96.784969][ T5454] loop0: detected capacity change from 0 to 32768 [ 96.797744][ T5454] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 96.806983][ T5454] BTRFS info (device loop0): force clearing of disk cache [ 96.814307][ T5454] BTRFS info (device loop0): setting nodatasum [ 96.820656][ T5454] BTRFS info (device loop0): allowing degraded mounts [ 96.827591][ T5454] BTRFS info (device loop0): enabling disk space caching [ 96.834971][ T5454] BTRFS info (device loop0): disk space caching is enabled [ 96.854178][ T5454] BTRFS info (device loop0): enabling ssd optimizations [ 96.861969][ T5454] BTRFS info (device loop0): clearing free space tree [ 96.869014][ T5454] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5454] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5454] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5454] chdir("./file0") = 0 [pid 5454] ioctl(4, LOOP_CLR_FD) = 0 [pid 5454] close(4) = 0 [pid 5454] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5453] <... futex resumed>) = 0 [pid 5454] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5453] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5454] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5453] <... futex resumed>) = 0 [pid 5454] open("./file0", O_RDONLY [pid 5453] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5454] <... open resumed>) = 4 [pid 5454] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5453] <... futex resumed>) = 0 [pid 5454] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5453] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5454] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5453] <... futex resumed>) = 0 [pid 5454] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5453] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5454] <... open resumed>) = 5 [pid 5454] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5453] <... futex resumed>) = 0 [pid 5454] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5453] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5454] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5453] <... futex resumed>) = 0 [pid 5454] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5453] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5454] <... ioctl resumed>) = 0 [pid 5454] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5453] <... futex resumed>) = 0 [pid 5454] <... futex resumed>) = 1 [pid 5453] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5454] creat("./bus", 000 [pid 5453] <... futex resumed>) = 0 [pid 5453] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5454] <... creat resumed>) = 6 [pid 5454] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5453] <... futex resumed>) = 0 [pid 5454] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5453] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5454] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5453] <... futex resumed>) = 0 [pid 5454] ftruncate(6, 2048 [pid 5453] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5454] <... ftruncate resumed>) = 0 [ 96.878717][ T5454] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 96.892015][ T5454] BTRFS info (device loop0): checking UUID tree [pid 5454] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5453] <... futex resumed>) = 0 [pid 5454] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5453] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5454] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5453] <... futex resumed>) = 0 [pid 5454] open("./bus", O_RDONLY [pid 5453] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5454] <... open resumed>) = 7 [pid 5454] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5453] <... futex resumed>) = 0 [pid 5454] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5453] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5454] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5453] <... futex resumed>) = 0 [pid 5454] sendfile(6, 7, NULL, 65536 [pid 5453] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5454] <... sendfile resumed>) = 2048 [pid 5454] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5453] <... futex resumed>) = 0 [pid 5454] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5453] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5454] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5453] <... futex resumed>) = 0 [pid 5454] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 5453] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5454] <... openat resumed>) = 8 [pid 5454] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5453] <... futex resumed>) = 0 [pid 5454] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5453] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5454] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5453] <... futex resumed>) = 0 [pid 5454] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 96.944631][ T46] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 96.967865][ T5454] BTRFS info (device loop0): balance: start -s [ 96.975876][ T5454] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5453] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5454] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5454] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5453] <... futex resumed>) = 0 [pid 5454] <... futex resumed>) = 1 [pid 5453] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5453] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5454] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 5454] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5453] <... futex resumed>) = 0 [pid 5453] exit_group(0 [pid 5454] ????( [pid 5453] <... exit_group resumed>) = ? [pid 5454] <... ???? resumed>) = ? [pid 5454] +++ exited with 0 +++ [pid 5453] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5453, si_uid=0, si_status=0, si_utime=1, si_stime=32} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./83", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./83/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./83/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./83/binderfs") = 0 [ 96.998523][ T5454] BTRFS info (device loop0): balance: ended with status: 0 umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./83/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./83/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./83") = 0 mkdir("./84", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 5474 ./strace-static-x86_64: Process 5474 attached [pid 5474] set_robust_list(0x55555746f5e0, 24) = 0 [pid 5474] chdir("./84") = 0 [pid 5474] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5474] setpgid(0, 0) = 0 [pid 5474] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5474] write(3, "1000", 4) = 4 [pid 5474] close(3) = 0 [pid 5474] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5474] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5474] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 5474] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5474] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5475], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 5475 [pid 5474] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5474] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5475 attached [pid 5475] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 5475] memfd_create("syzkaller", 0) = 3 [pid 5475] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 5475] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5475] munmap(0x7fdb59200000, 16777216) = 0 [pid 5475] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5475] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5475] close(3) = 0 [pid 5475] mkdir("./file0", 0777) = 0 [ 97.341719][ T5475] loop0: detected capacity change from 0 to 32768 [ 97.354853][ T5475] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 97.364181][ T5475] BTRFS info (device loop0): force clearing of disk cache [ 97.371368][ T5475] BTRFS info (device loop0): setting nodatasum [ 97.377601][ T5475] BTRFS info (device loop0): allowing degraded mounts [ 97.384359][ T5475] BTRFS info (device loop0): enabling disk space caching [ 97.391443][ T5475] BTRFS info (device loop0): disk space caching is enabled [ 97.410414][ T5475] BTRFS info (device loop0): enabling ssd optimizations [ 97.418522][ T5475] BTRFS info (device loop0): clearing free space tree [ 97.425416][ T5475] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5475] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5475] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5475] chdir("./file0") = 0 [pid 5475] ioctl(4, LOOP_CLR_FD) = 0 [pid 5475] close(4) = 0 [pid 5475] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5474] <... futex resumed>) = 0 [pid 5474] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5474] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5475] <... futex resumed>) = 1 [pid 5475] open("./file0", O_RDONLY) = 4 [pid 5475] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5474] <... futex resumed>) = 0 [pid 5474] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5474] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5475] <... futex resumed>) = 1 [pid 5475] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5475] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5474] <... futex resumed>) = 0 [pid 5474] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5474] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5475] <... futex resumed>) = 1 [pid 5475] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5475] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5474] <... futex resumed>) = 0 [pid 5474] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5474] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5475] <... futex resumed>) = 1 [pid 5475] creat("./bus", 000) = 6 [pid 5475] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5474] <... futex resumed>) = 0 [pid 5474] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5474] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5475] <... futex resumed>) = 1 [pid 5475] ftruncate(6, 2048) = 0 [pid 5475] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5474] <... futex resumed>) = 0 [pid 5474] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5474] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5475] <... futex resumed>) = 1 [pid 5475] open("./bus", O_RDONLY) = 7 [pid 5475] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5474] <... futex resumed>) = 0 [pid 5474] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5474] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5475] <... futex resumed>) = 1 [pid 5475] sendfile(6, 7, NULL, 65536) = 2048 [pid 5475] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5474] <... futex resumed>) = 0 [pid 5474] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5474] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5475] <... futex resumed>) = 1 [pid 5475] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 5475] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5474] <... futex resumed>) = 0 [pid 5474] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5474] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5475] <... futex resumed>) = 1 [ 97.435419][ T5475] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 97.449175][ T5475] BTRFS info (device loop0): checking UUID tree [pid 5475] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5474] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5474] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5474] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 5474] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5474] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5495], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 5495 [pid 5474] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5474] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5495 attached [pid 5495] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 5495] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 5495] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5474] <... futex resumed>) = 0 [pid 5495] <... futex resumed>) = 1 [ 97.511318][ T56] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 97.521922][ T5475] BTRFS info (device loop0): balance: start -s [ 97.530611][ T5475] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5495] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5475] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5475] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5475] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5474] exit_group(0) = ? [pid 5475] <... futex resumed>) = ? [pid 5495] <... futex resumed>) = ? [pid 5475] +++ exited with 0 +++ [pid 5495] +++ exited with 0 +++ [pid 5474] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5474, si_uid=0, si_status=0, si_utime=2, si_stime=29} --- umount2("./84", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./84/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./84/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./84/binderfs") = 0 [ 97.583833][ T5475] BTRFS info (device loop0): balance: ended with status: 0 umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./84/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./84/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./84") = 0 mkdir("./85", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 5496 ./strace-static-x86_64: Process 5496 attached [pid 5496] set_robust_list(0x55555746f5e0, 24) = 0 [pid 5496] chdir("./85") = 0 [pid 5496] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5496] setpgid(0, 0) = 0 [pid 5496] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5496] write(3, "1000", 4) = 4 [pid 5496] close(3) = 0 [pid 5496] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5496] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5496] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 5496] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5496] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5497 attached [pid 5497] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 5497] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5496] <... clone resumed>, parent_tid=[5497], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 5497 [pid 5496] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5497] <... futex resumed>) = 0 [pid 5497] memfd_create("syzkaller", 0 [pid 5496] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5497] <... memfd_create resumed>) = 3 [pid 5497] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 5497] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5497] munmap(0x7fdb59200000, 16777216) = 0 [pid 5497] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5497] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5497] close(3) = 0 [pid 5497] mkdir("./file0", 0777) = 0 [ 97.896227][ T5497] loop0: detected capacity change from 0 to 32768 [ 97.908598][ T5497] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 97.918028][ T5497] BTRFS info (device loop0): force clearing of disk cache [ 97.925211][ T5497] BTRFS info (device loop0): setting nodatasum [ 97.933230][ T5497] BTRFS info (device loop0): allowing degraded mounts [ 97.940323][ T5497] BTRFS info (device loop0): enabling disk space caching [ 97.947517][ T5497] BTRFS info (device loop0): disk space caching is enabled [ 97.967656][ T5497] BTRFS info (device loop0): enabling ssd optimizations [ 97.975629][ T5497] BTRFS info (device loop0): clearing free space tree [ 97.982889][ T5497] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5497] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5497] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5497] chdir("./file0") = 0 [pid 5497] ioctl(4, LOOP_CLR_FD) = 0 [pid 5497] close(4) = 0 [pid 5497] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5496] <... futex resumed>) = 0 [pid 5497] open("./file0", O_RDONLY [pid 5496] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5496] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5497] <... open resumed>) = 4 [pid 5497] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5496] <... futex resumed>) = 0 [pid 5496] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5496] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 97.992841][ T5497] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 98.006178][ T5497] BTRFS info (device loop0): checking UUID tree [ 98.031980][ T27] kauditd_printk_skb: 8 callbacks suppressed [pid 5497] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5497] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5497] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5496] <... futex resumed>) = 0 [pid 5496] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5497] <... futex resumed>) = 0 [pid 5496] <... futex resumed>) = 1 [pid 5497] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5496] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5497] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5496] <... futex resumed>) = 0 [pid 5497] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5496] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5497] creat("./bus", 000) = 6 [pid 5496] <... futex resumed>) = 0 [pid 5497] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5496] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5497] <... futex resumed>) = 0 [pid 5496] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5497] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5496] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5497] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5496] <... futex resumed>) = 0 [pid 5497] ftruncate(6, 2048) = 0 [pid 5496] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5497] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5496] <... futex resumed>) = 0 [pid 5497] open("./bus", O_RDONLY [pid 5496] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5497] <... open resumed>) = 7 [pid 5496] <... futex resumed>) = 0 [ 98.031994][ T27] audit: type=1800 audit(1670043478.535:172): pid=5497 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5497] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5496] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5497] <... futex resumed>) = 0 [pid 5497] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5496] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5496] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5497] <... futex resumed>) = 0 [pid 5496] <... futex resumed>) = 1 [pid 5497] sendfile(6, 7, NULL, 65536 [pid 5496] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5497] <... sendfile resumed>) = 2048 [pid 5497] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5497] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5496] <... futex resumed>) = 0 [pid 5496] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5497] <... futex resumed>) = 0 [pid 5496] <... futex resumed>) = 1 [pid 5497] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 5496] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5497] <... openat resumed>) = 8 [pid 5497] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5497] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5496] <... futex resumed>) = 0 [pid 5496] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5497] <... futex resumed>) = 0 [pid 5496] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 98.080636][ T27] audit: type=1804 audit(1670043478.585:173): pid=5497 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/85/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 98.105609][ T46] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 98.122863][ T5497] BTRFS info (device loop0): balance: start -s [ 98.131518][ T5497] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5497] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5497] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5496] <... futex resumed>) = 0 [pid 5496] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5496] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5497] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 5497] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5496] <... futex resumed>) = 0 [pid 5496] exit_group(0) = ? [pid 5497] <... futex resumed>) = ? [pid 5497] +++ exited with 0 +++ [pid 5496] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5496, si_uid=0, si_status=0, si_utime=1, si_stime=29} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./85", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./85/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./85/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./85/binderfs") = 0 [ 98.155100][ T5497] BTRFS info (device loop0): balance: ended with status: 0 umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./85/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./85/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./85") = 0 mkdir("./86", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 5517 ./strace-static-x86_64: Process 5517 attached [pid 5517] set_robust_list(0x55555746f5e0, 24) = 0 [pid 5517] chdir("./86") = 0 [pid 5517] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5517] setpgid(0, 0) = 0 [pid 5517] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5517] write(3, "1000", 4) = 4 [pid 5517] close(3) = 0 [pid 5517] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5517] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5517] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 5517] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5517] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5518], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 5518 [pid 5517] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5517] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5518 attached [pid 5518] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 5518] memfd_create("syzkaller", 0) = 3 [pid 5518] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 5518] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5518] munmap(0x7fdb59200000, 16777216) = 0 [pid 5518] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5518] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5518] close(3) = 0 [pid 5518] mkdir("./file0", 0777) = 0 [ 98.485861][ T5518] loop0: detected capacity change from 0 to 32768 [ 98.497025][ T5518] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 98.506734][ T5518] BTRFS info (device loop0): force clearing of disk cache [ 98.514073][ T5518] BTRFS info (device loop0): setting nodatasum [ 98.520506][ T5518] BTRFS info (device loop0): allowing degraded mounts [ 98.527556][ T5518] BTRFS info (device loop0): enabling disk space caching [ 98.534601][ T5518] BTRFS info (device loop0): disk space caching is enabled [ 98.552819][ T5518] BTRFS info (device loop0): enabling ssd optimizations [ 98.560540][ T5518] BTRFS info (device loop0): clearing free space tree [ 98.567418][ T5518] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5518] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5518] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5518] chdir("./file0") = 0 [pid 5518] ioctl(4, LOOP_CLR_FD) = 0 [pid 5518] close(4) = 0 [pid 5518] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5517] <... futex resumed>) = 0 [pid 5517] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5517] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5518] <... futex resumed>) = 1 [pid 5518] open("./file0", O_RDONLY) = 4 [pid 5518] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5517] <... futex resumed>) = 0 [pid 5517] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5517] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5518] <... futex resumed>) = 1 [ 98.577062][ T5518] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 98.590817][ T5518] BTRFS info (device loop0): checking UUID tree [pid 5518] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5518] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5517] <... futex resumed>) = 0 [pid 5517] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5517] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5518] <... futex resumed>) = 1 [pid 5518] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5518] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5517] <... futex resumed>) = 0 [pid 5518] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5517] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5518] creat("./bus", 000 [pid 5517] <... futex resumed>) = 0 [pid 5518] <... creat resumed>) = 6 [pid 5517] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5518] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5517] <... futex resumed>) = 0 [pid 5518] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5517] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5518] ftruncate(6, 2048 [pid 5517] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5518] <... ftruncate resumed>) = 0 [pid 5518] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5517] <... futex resumed>) = 0 [pid 5518] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5517] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5518] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5517] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 98.621568][ T27] audit: type=1800 audit(1670043479.125:174): pid=5518 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5518] open("./bus", O_RDONLY) = 7 [pid 5518] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5517] <... futex resumed>) = 0 [pid 5518] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5517] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5518] <... futex resumed>) = 0 [pid 5518] sendfile(6, 7, NULL, 65536 [pid 5517] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5518] <... sendfile resumed>) = 2048 [pid 5518] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5517] <... futex resumed>) = 0 [pid 5517] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5517] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5518] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 5518] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5518] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5517] <... futex resumed>) = 0 [pid 5517] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5517] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5518] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5518] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5517] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5517] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5517] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5517] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 5517] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5517] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5538], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 5538 [pid 5517] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 98.666087][ T27] audit: type=1804 audit(1670043479.165:175): pid=5518 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/86/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 98.682582][ T46] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 98.718451][ T5518] BTRFS info (device loop0): balance: start -s [ 98.725736][ T5518] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5517] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5538 attached [pid 5538] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 5538] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 5518] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5538] <... ioctl resumed>) = 0 [pid 5518] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5538] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5517] <... futex resumed>) = 0 [pid 5538] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5517] exit_group(0 [pid 5538] <... futex resumed>) = ? [pid 5517] <... exit_group resumed>) = ? [pid 5538] +++ exited with 0 +++ [pid 5518] <... futex resumed>) = ? [pid 5518] +++ exited with 0 +++ [pid 5517] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5517, si_uid=0, si_status=0, si_utime=1, si_stime=25} --- umount2("./86", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./86/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./86/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./86/binderfs") = 0 [ 98.764433][ T5518] BTRFS info (device loop0): balance: ended with status: 0 umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./86/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./86/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./86") = 0 mkdir("./87", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 5539 ./strace-static-x86_64: Process 5539 attached [pid 5539] set_robust_list(0x55555746f5e0, 24) = 0 [pid 5539] chdir("./87") = 0 [pid 5539] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5539] setpgid(0, 0) = 0 [pid 5539] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5539] write(3, "1000", 4) = 4 [pid 5539] close(3) = 0 [pid 5539] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5539] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5539] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 5539] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5539] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5540], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 5540 [pid 5539] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5539] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5540 attached [pid 5540] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 5540] memfd_create("syzkaller", 0) = 3 [pid 5540] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 5540] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5540] munmap(0x7fdb59200000, 16777216) = 0 [pid 5540] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5540] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5540] close(3) = 0 [pid 5540] mkdir("./file0", 0777) = 0 [ 99.106321][ T5540] loop0: detected capacity change from 0 to 32768 [ 99.120072][ T5540] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 99.129362][ T5540] BTRFS info (device loop0): force clearing of disk cache [ 99.136517][ T5540] BTRFS info (device loop0): setting nodatasum [ 99.142745][ T5540] BTRFS info (device loop0): allowing degraded mounts [ 99.149590][ T5540] BTRFS info (device loop0): enabling disk space caching [ 99.156616][ T5540] BTRFS info (device loop0): disk space caching is enabled [ 99.176118][ T5540] BTRFS info (device loop0): enabling ssd optimizations [ 99.183991][ T5540] BTRFS info (device loop0): clearing free space tree [ 99.191203][ T5540] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5540] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5540] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5540] chdir("./file0") = 0 [pid 5540] ioctl(4, LOOP_CLR_FD) = 0 [pid 5540] close(4) = 0 [pid 5540] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5539] <... futex resumed>) = 0 [pid 5539] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5540] open("./file0", O_RDONLY [pid 5539] <... futex resumed>) = 0 [pid 5539] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5540] <... open resumed>) = 4 [pid 5540] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5539] <... futex resumed>) = 0 [pid 5539] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5539] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 99.201152][ T5540] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 99.214416][ T5540] BTRFS info (device loop0): checking UUID tree [pid 5540] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5540] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5539] <... futex resumed>) = 0 [pid 5539] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5539] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5540] <... futex resumed>) = 1 [pid 5540] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5540] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5539] <... futex resumed>) = 0 [pid 5539] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5539] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5540] <... futex resumed>) = 1 [pid 5540] creat("./bus", 000) = 6 [pid 5540] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5539] <... futex resumed>) = 0 [pid 5539] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5539] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5540] <... futex resumed>) = 1 [pid 5540] ftruncate(6, 2048) = 0 [pid 5540] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5539] <... futex resumed>) = 0 [pid 5539] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5539] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5540] <... futex resumed>) = 1 [ 99.242011][ T27] audit: type=1800 audit(1670043479.745:176): pid=5540 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5540] open("./bus", O_RDONLY) = 7 [pid 5540] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5539] <... futex resumed>) = 0 [pid 5539] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5539] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5540] <... futex resumed>) = 1 [pid 5540] sendfile(6, 7, NULL, 65536) = 2048 [pid 5540] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5539] <... futex resumed>) = 0 [pid 5539] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5539] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5540] <... futex resumed>) = 1 [pid 5540] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 5540] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5539] <... futex resumed>) = 0 [pid 5539] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5539] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5540] <... futex resumed>) = 1 [pid 5540] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5539] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5539] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5539] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 5539] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5539] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5560], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 5560 [pid 5539] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5539] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5560 attached [pid 5560] set_robust_list(0x7fdb617d59e0, 24) = 0 [ 99.284687][ T27] audit: type=1804 audit(1670043479.785:177): pid=5540 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/87/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 99.309550][ T56] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 99.318877][ T5540] BTRFS info (device loop0): balance: start -s [ 99.328258][ T5540] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5560] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 5539] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5560] <... ioctl resumed>) = 0 [pid 5560] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5560] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5540] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5540] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5540] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5539] exit_group(0 [pid 5560] <... futex resumed>) = ? [pid 5539] <... exit_group resumed>) = ? [pid 5560] +++ exited with 0 +++ [pid 5540] <... futex resumed>) = ? [pid 5540] +++ exited with 0 +++ [pid 5539] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5539, si_uid=0, si_status=0, si_utime=1, si_stime=26} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./87", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./87/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./87/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./87/binderfs") = 0 [ 99.392424][ T5540] BTRFS info (device loop0): balance: ended with status: 0 umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./87/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./87/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./87") = 0 mkdir("./88", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 5561 ./strace-static-x86_64: Process 5561 attached [pid 5561] set_robust_list(0x55555746f5e0, 24) = 0 [pid 5561] chdir("./88") = 0 [pid 5561] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5561] setpgid(0, 0) = 0 [pid 5561] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5561] write(3, "1000", 4) = 4 [pid 5561] close(3) = 0 [pid 5561] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5561] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5561] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 5561] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5561] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5562 attached , parent_tid=[5562], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 5562 [pid 5561] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5561] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5562] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 5562] memfd_create("syzkaller", 0) = 3 [pid 5562] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 5562] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5562] munmap(0x7fdb59200000, 16777216) = 0 [pid 5562] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5562] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5562] close(3) = 0 [pid 5562] mkdir("./file0", 0777) = 0 [ 99.713305][ T5562] loop0: detected capacity change from 0 to 32768 [ 99.726499][ T5562] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 99.736385][ T5562] BTRFS info (device loop0): force clearing of disk cache [ 99.743741][ T5562] BTRFS info (device loop0): setting nodatasum [ 99.750156][ T5562] BTRFS info (device loop0): allowing degraded mounts [ 99.756938][ T5562] BTRFS info (device loop0): enabling disk space caching [ 99.764349][ T5562] BTRFS info (device loop0): disk space caching is enabled [ 99.784348][ T5562] BTRFS info (device loop0): enabling ssd optimizations [ 99.792199][ T5562] BTRFS info (device loop0): clearing free space tree [ 99.799256][ T5562] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5562] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5562] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5562] chdir("./file0") = 0 [pid 5562] ioctl(4, LOOP_CLR_FD) = 0 [pid 5562] close(4) = 0 [pid 5562] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5561] <... futex resumed>) = 0 [pid 5561] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5561] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5562] <... futex resumed>) = 1 [pid 5562] open("./file0", O_RDONLY) = 4 [pid 5562] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5561] <... futex resumed>) = 0 [pid 5561] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5561] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5562] <... futex resumed>) = 1 [pid 5562] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5562] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5561] <... futex resumed>) = 0 [pid 5561] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5561] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5562] <... futex resumed>) = 1 [pid 5562] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5562] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5561] <... futex resumed>) = 0 [pid 5561] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5561] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5562] <... futex resumed>) = 1 [pid 5562] creat("./bus", 000) = 6 [pid 5562] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5561] <... futex resumed>) = 0 [pid 5561] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5561] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5562] <... futex resumed>) = 1 [pid 5562] ftruncate(6, 2048) = 0 [pid 5562] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5561] <... futex resumed>) = 0 [pid 5561] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5561] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5562] <... futex resumed>) = 1 [pid 5562] open("./bus", O_RDONLY) = 7 [pid 5562] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5561] <... futex resumed>) = 0 [pid 5561] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5561] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5562] <... futex resumed>) = 1 [pid 5562] sendfile(6, 7, NULL, 65536) = 2048 [pid 5562] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5561] <... futex resumed>) = 0 [pid 5561] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5561] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5562] <... futex resumed>) = 1 [pid 5562] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 5562] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5561] <... futex resumed>) = 0 [pid 5561] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5561] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5562] <... futex resumed>) = 1 [ 99.809123][ T5562] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 99.832024][ T27] audit: type=1800 audit(1670043480.335:178): pid=5562 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5562] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5561] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5561] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5561] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5561] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 5561] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5561] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5582], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 5582 [pid 5561] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5561] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5582 attached [pid 5582] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 5582] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 5562] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5562] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 99.897633][ T27] audit: type=1804 audit(1670043480.375:179): pid=5562 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/88/file0/bus" dev="loop0" ino=263 res=1 errno=0 [pid 5562] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5582] <... ioctl resumed>) = 0 [pid 5582] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5561] <... futex resumed>) = 0 [pid 5561] exit_group(0 [pid 5562] <... futex resumed>) = ? [pid 5561] <... exit_group resumed>) = ? [pid 5562] +++ exited with 0 +++ [pid 5582] <... futex resumed>) = ? [pid 5582] +++ exited with 0 +++ [pid 5561] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5561, si_uid=0, si_status=0, si_utime=1, si_stime=26} --- umount2("./88", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./88/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./88/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./88/binderfs") = 0 umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./88/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./88/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./88") = 0 mkdir("./89", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 5583 ./strace-static-x86_64: Process 5583 attached [pid 5583] set_robust_list(0x55555746f5e0, 24) = 0 [pid 5583] chdir("./89") = 0 [pid 5583] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5583] setpgid(0, 0) = 0 [pid 5583] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5583] write(3, "1000", 4) = 4 [pid 5583] close(3) = 0 [pid 5583] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5583] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5583] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 5583] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5583] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5584 attached [pid 5584] set_robust_list(0x7fdb617f69e0, 24 [pid 5583] <... clone resumed>, parent_tid=[5584], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 5584 [pid 5584] <... set_robust_list resumed>) = 0 [pid 5583] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5583] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5584] memfd_create("syzkaller", 0) = 3 [pid 5584] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 5584] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5584] munmap(0x7fdb59200000, 16777216) = 0 [pid 5584] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5584] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5584] close(3) = 0 [pid 5584] mkdir("./file0", 0777) = 0 [pid 5584] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5584] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5584] chdir("./file0") = 0 [pid 5584] ioctl(4, LOOP_CLR_FD) = 0 [pid 5584] close(4) = 0 [pid 5584] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5584] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5583] <... futex resumed>) = 0 [pid 5583] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5584] <... futex resumed>) = 0 [pid 5584] open("./file0", O_RDONLY) = 4 [pid 5584] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5584] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5583] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5583] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5584] <... futex resumed>) = 0 [pid 5583] <... futex resumed>) = 1 [pid 5583] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 100.250636][ T5584] loop0: detected capacity change from 0 to 32768 [pid 5584] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5584] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5584] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5583] <... futex resumed>) = 0 [pid 5583] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5584] <... futex resumed>) = 0 [pid 5583] <... futex resumed>) = 1 [pid 5584] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5583] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5584] <... ioctl resumed>) = 0 [pid 5584] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5584] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5583] <... futex resumed>) = 0 [pid 5583] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5584] <... futex resumed>) = 0 [pid 5583] <... futex resumed>) = 1 [pid 5584] creat("./bus", 000 [pid 5583] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5584] <... creat resumed>) = 6 [pid 5584] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5583] <... futex resumed>) = 0 [pid 5584] <... futex resumed>) = 1 [pid 5583] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5584] ftruncate(6, 2048 [pid 5583] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5584] <... ftruncate resumed>) = 0 [pid 5584] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5583] <... futex resumed>) = 0 [pid 5583] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5583] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5584] <... futex resumed>) = 1 [ 100.303124][ T27] audit: type=1800 audit(1670043480.805:180): pid=5584 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5584] open("./bus", O_RDONLY) = 7 [pid 5584] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5583] <... futex resumed>) = 0 [pid 5584] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5583] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5584] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5583] <... futex resumed>) = 0 [pid 5584] sendfile(6, 7, NULL, 65536 [pid 5583] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5584] <... sendfile resumed>) = 2048 [pid 5584] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5583] <... futex resumed>) = 0 [pid 5583] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5584] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 5583] <... futex resumed>) = 0 [pid 5584] <... openat resumed>) = 8 [pid 5583] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5584] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5583] <... futex resumed>) = 0 [pid 5584] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5583] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5583] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 100.345923][ T27] audit: type=1804 audit(1670043480.845:181): pid=5584 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/89/file0/bus" dev="loop0" ino=263 res=1 errno=0 [pid 5584] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5584] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5583] <... futex resumed>) = 0 [pid 5583] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5584] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 5583] <... futex resumed>) = 0 [pid 5583] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5584] <... ioctl resumed>) = 0 [pid 5584] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5583] <... futex resumed>) = 0 [pid 5584] <... futex resumed>) = 1 [pid 5583] exit_group(0 [pid 5584] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5583] <... exit_group resumed>) = ? [pid 5584] <... futex resumed>) = ? [pid 5584] +++ exited with 0 +++ [pid 5583] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5583, si_uid=0, si_status=0, si_utime=1, si_stime=20} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./89", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./89/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./89/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./89/binderfs") = 0 umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./89/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./89/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./89") = 0 mkdir("./90", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 5604 ./strace-static-x86_64: Process 5604 attached [pid 5604] set_robust_list(0x55555746f5e0, 24) = 0 [pid 5604] chdir("./90") = 0 [pid 5604] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5604] setpgid(0, 0) = 0 [pid 5604] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5604] write(3, "1000", 4) = 4 [pid 5604] close(3) = 0 [pid 5604] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5604] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5604] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 5604] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5604] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5605 attached , parent_tid=[5605], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 5605 [pid 5605] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 5604] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5604] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5605] memfd_create("syzkaller", 0) = 3 [pid 5605] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 5605] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5605] munmap(0x7fdb59200000, 16777216) = 0 [pid 5605] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5605] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5605] close(3) = 0 [pid 5605] mkdir("./file0", 0777) = 0 [pid 5605] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5605] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5605] chdir("./file0") = 0 [pid 5605] ioctl(4, LOOP_CLR_FD) = 0 [pid 5605] close(4) = 0 [pid 5605] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5604] <... futex resumed>) = 0 [pid 5605] open("./file0", O_RDONLY [pid 5604] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5605] <... open resumed>) = 4 [pid 5604] <... futex resumed>) = 0 [pid 5605] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5604] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5605] <... futex resumed>) = 0 [pid 5604] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5605] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5604] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5605] <... open resumed>) = 5 [pid 5604] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5605] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5604] <... futex resumed>) = 0 [pid 5605] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5604] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5604] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5605] <... ioctl resumed>) = 0 [pid 5605] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5604] <... futex resumed>) = 0 [pid 5604] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 100.731220][ T5605] loop0: detected capacity change from 0 to 32768 [pid 5604] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5605] <... futex resumed>) = 1 [pid 5605] creat("./bus", 000) = 6 [pid 5605] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5604] <... futex resumed>) = 0 [pid 5604] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5604] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5605] ftruncate(6, 2048) = 0 [pid 5605] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5604] <... futex resumed>) = 0 [pid 5604] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5604] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5605] open("./bus", O_RDONLY) = 7 [pid 5605] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5604] <... futex resumed>) = 0 [pid 5604] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5604] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5605] sendfile(6, 7, NULL, 65536) = 2048 [pid 5605] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5604] <... futex resumed>) = 0 [pid 5604] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5604] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5605] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 5605] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5604] <... futex resumed>) = 0 [pid 5604] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5604] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5605] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5605] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5604] <... futex resumed>) = 0 [pid 5604] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5604] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5605] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 5605] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5604] <... futex resumed>) = 0 [pid 5604] exit_group(0) = ? [pid 5605] <... futex resumed>) = ? [pid 5605] +++ exited with 0 +++ [pid 5604] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5604, si_uid=0, si_status=0, si_utime=2, si_stime=17} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./90", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./90/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./90/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./90/binderfs") = 0 umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./90/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./90/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./90") = 0 mkdir("./91", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 5625 ./strace-static-x86_64: Process 5625 attached [pid 5625] set_robust_list(0x55555746f5e0, 24) = 0 [pid 5625] chdir("./91") = 0 [pid 5625] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5625] setpgid(0, 0) = 0 [pid 5625] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5625] write(3, "1000", 4) = 4 [pid 5625] close(3) = 0 [pid 5625] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5625] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5625] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 5625] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5625] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5626], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 5626 [pid 5625] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5625] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5626 attached [pid 5626] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 5626] memfd_create("syzkaller", 0) = 3 [pid 5626] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 5626] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5626] munmap(0x7fdb59200000, 16777216) = 0 [pid 5626] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5626] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5626] close(3) = 0 [pid 5626] mkdir("./file0", 0777) = 0 [pid 5626] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5626] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5626] chdir("./file0") = 0 [pid 5626] ioctl(4, LOOP_CLR_FD) = 0 [pid 5626] close(4) = 0 [pid 5626] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5626] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5625] <... futex resumed>) = 0 [pid 5625] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5626] <... futex resumed>) = 0 [pid 5625] <... futex resumed>) = 1 [pid 5626] open("./file0", O_RDONLY [pid 5625] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5626] <... open resumed>) = 4 [pid 5626] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5625] <... futex resumed>) = 0 [pid 5626] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5625] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5626] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5625] <... futex resumed>) = 0 [pid 5626] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5625] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5626] <... open resumed>) = 5 [pid 5626] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5625] <... futex resumed>) = 0 [pid 5626] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5625] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5626] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5625] <... futex resumed>) = 0 [pid 5626] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [ 101.186971][ T5626] loop0: detected capacity change from 0 to 32768 [pid 5625] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5626] <... ioctl resumed>) = 0 [pid 5626] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5625] <... futex resumed>) = 0 [pid 5625] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5626] creat("./bus", 000 [pid 5625] <... futex resumed>) = 0 [pid 5625] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5626] <... creat resumed>) = 6 [pid 5626] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5625] <... futex resumed>) = 0 [pid 5626] ftruncate(6, 2048 [pid 5625] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5625] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5626] <... ftruncate resumed>) = 0 [pid 5626] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5625] <... futex resumed>) = 0 [pid 5626] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5625] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5626] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5625] <... futex resumed>) = 0 [pid 5625] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5626] open("./bus", O_RDONLY) = 7 [pid 5626] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5625] <... futex resumed>) = 0 [pid 5626] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5625] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5626] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5625] <... futex resumed>) = 0 [pid 5626] sendfile(6, 7, NULL, 65536 [pid 5625] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5626] <... sendfile resumed>) = 2048 [pid 5626] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5625] <... futex resumed>) = 0 [pid 5626] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5625] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5626] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5625] <... futex resumed>) = 0 [pid 5626] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 5625] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5626] <... openat resumed>) = 8 [pid 5626] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5625] <... futex resumed>) = 0 [pid 5626] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5625] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5626] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5625] <... futex resumed>) = 0 [pid 5626] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 101.261262][ T56] _btrfs_printk: 46 callbacks suppressed [ 101.261279][ T56] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 101.292273][ T5626] BTRFS info (device loop0): balance: start -s [ 101.300662][ T5626] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5625] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5625] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5625] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 5625] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5625] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5646], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 5646 [pid 5625] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5625] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5646 attached [pid 5626] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5646] set_robust_list(0x7fdb617d59e0, 24 [pid 5626] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5646] <... set_robust_list resumed>) = 0 [pid 5626] <... futex resumed>) = 0 [pid 5646] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 5626] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5646] <... ioctl resumed>) = 0 [pid 5646] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5625] <... futex resumed>) = 0 [pid 5646] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5625] exit_group(0) = ? [pid 5626] <... futex resumed>) = ? [pid 5646] <... futex resumed>) = ? [pid 5626] +++ exited with 0 +++ [pid 5646] +++ exited with 0 +++ [pid 5625] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5625, si_uid=0, si_status=0, si_utime=4, si_stime=21} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./91", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./91/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./91/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./91/binderfs") = 0 [ 101.327962][ T5626] BTRFS info (device loop0): balance: ended with status: 0 umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./91/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./91/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./91") = 0 mkdir("./92", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 5647 ./strace-static-x86_64: Process 5647 attached [pid 5647] set_robust_list(0x55555746f5e0, 24) = 0 [pid 5647] chdir("./92") = 0 [pid 5647] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5647] setpgid(0, 0) = 0 [pid 5647] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5647] write(3, "1000", 4) = 4 [pid 5647] close(3) = 0 [pid 5647] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5647] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5647] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 5647] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5647] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5648 attached [pid 5648] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 5648] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5647] <... clone resumed>, parent_tid=[5648], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 5648 [pid 5647] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5648] <... futex resumed>) = 0 [pid 5648] memfd_create("syzkaller", 0 [pid 5647] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5648] <... memfd_create resumed>) = 3 [pid 5648] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 5648] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5648] munmap(0x7fdb59200000, 16777216) = 0 [pid 5648] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5648] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5648] close(3) = 0 [pid 5648] mkdir("./file0", 0777) = 0 [ 101.659667][ T5648] loop0: detected capacity change from 0 to 32768 [ 101.671229][ T5648] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 101.680506][ T5648] BTRFS info (device loop0): force clearing of disk cache [ 101.687885][ T5648] BTRFS info (device loop0): setting nodatasum [ 101.694054][ T5648] BTRFS info (device loop0): allowing degraded mounts [ 101.701206][ T5648] BTRFS info (device loop0): enabling disk space caching [ 101.708477][ T5648] BTRFS info (device loop0): disk space caching is enabled [ 101.727211][ T5648] BTRFS info (device loop0): enabling ssd optimizations [ 101.735765][ T5648] BTRFS info (device loop0): clearing free space tree [ 101.742736][ T5648] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5648] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5648] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5648] chdir("./file0") = 0 [pid 5648] ioctl(4, LOOP_CLR_FD) = 0 [pid 5648] close(4) = 0 [pid 5648] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5647] <... futex resumed>) = 0 [pid 5647] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5647] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5648] <... futex resumed>) = 1 [pid 5648] open("./file0", O_RDONLY) = 4 [pid 5648] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5647] <... futex resumed>) = 0 [pid 5647] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5647] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5648] <... futex resumed>) = 1 [pid 5648] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5648] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5647] <... futex resumed>) = 0 [pid 5647] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5647] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5648] <... futex resumed>) = 1 [pid 5648] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5648] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5647] <... futex resumed>) = 0 [pid 5647] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5647] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5648] <... futex resumed>) = 1 [pid 5648] creat("./bus", 000) = 6 [pid 5648] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5647] <... futex resumed>) = 0 [pid 5647] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5647] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5648] <... futex resumed>) = 1 [pid 5648] ftruncate(6, 2048) = 0 [pid 5648] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5647] <... futex resumed>) = 0 [pid 5647] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5647] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5648] <... futex resumed>) = 1 [pid 5648] open("./bus", O_RDONLY) = 7 [pid 5648] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5647] <... futex resumed>) = 0 [pid 5647] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5647] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5648] <... futex resumed>) = 1 [pid 5648] sendfile(6, 7, NULL, 65536) = 2048 [pid 5648] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5647] <... futex resumed>) = 0 [pid 5647] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5647] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5648] <... futex resumed>) = 1 [ 101.752764][ T5648] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 101.765996][ T5648] BTRFS info (device loop0): checking UUID tree [pid 5648] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 5648] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5647] <... futex resumed>) = 0 [pid 5647] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5647] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5648] <... futex resumed>) = 1 [ 101.811301][ T33] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 101.829135][ T5648] BTRFS info (device loop0): balance: start -s [ 101.836936][ T5648] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5648] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5647] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5647] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5647] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 5647] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5647] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5668], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 5668 [pid 5647] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5647] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5668 attached [pid 5668] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 5668] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 5668] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5647] <... futex resumed>) = 0 [pid 5668] <... futex resumed>) = 1 [pid 5668] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5648] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5648] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5648] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5647] exit_group(0 [pid 5668] <... futex resumed>) = ? [pid 5647] <... exit_group resumed>) = ? [ 101.865432][ T5648] BTRFS info (device loop0): balance: ended with status: 0 [pid 5668] +++ exited with 0 +++ [pid 5648] <... futex resumed>) = ? [pid 5648] +++ exited with 0 +++ [pid 5647] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5647, si_uid=0, si_status=0, si_utime=3, si_stime=29} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./92", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./92/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./92/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./92/binderfs") = 0 umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./92/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./92/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./92") = 0 mkdir("./93", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 5669 ./strace-static-x86_64: Process 5669 attached [pid 5669] set_robust_list(0x55555746f5e0, 24) = 0 [pid 5669] chdir("./93") = 0 [pid 5669] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5669] setpgid(0, 0) = 0 [pid 5669] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5669] write(3, "1000", 4) = 4 [pid 5669] close(3) = 0 [pid 5669] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5669] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5669] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 5669] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5669] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5670 attached [pid 5670] set_robust_list(0x7fdb617f69e0, 24 [pid 5669] <... clone resumed>, parent_tid=[5670], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 5670 [pid 5670] <... set_robust_list resumed>) = 0 [pid 5669] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5670] memfd_create("syzkaller", 0 [pid 5669] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5670] <... memfd_create resumed>) = 3 [pid 5670] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 5670] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5670] munmap(0x7fdb59200000, 16777216) = 0 [pid 5670] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5670] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5670] close(3) = 0 [pid 5670] mkdir("./file0", 0777) = 0 [ 102.200289][ T5670] loop0: detected capacity change from 0 to 32768 [ 102.213266][ T5670] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 102.222581][ T5670] BTRFS info (device loop0): force clearing of disk cache [ 102.230097][ T5670] BTRFS info (device loop0): setting nodatasum [ 102.236266][ T5670] BTRFS info (device loop0): allowing degraded mounts [ 102.243338][ T5670] BTRFS info (device loop0): enabling disk space caching [ 102.250573][ T5670] BTRFS info (device loop0): disk space caching is enabled [ 102.269129][ T5670] BTRFS info (device loop0): enabling ssd optimizations [ 102.277757][ T5670] BTRFS info (device loop0): clearing free space tree [ 102.284731][ T5670] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5670] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5670] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5670] chdir("./file0") = 0 [pid 5670] ioctl(4, LOOP_CLR_FD) = 0 [pid 5670] close(4) = 0 [pid 5670] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5669] <... futex resumed>) = 0 [pid 5669] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5669] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5670] <... futex resumed>) = 1 [pid 5670] open("./file0", O_RDONLY) = 4 [pid 5670] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5669] <... futex resumed>) = 0 [pid 5669] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5669] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5670] <... futex resumed>) = 1 [pid 5670] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5670] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5669] <... futex resumed>) = 0 [pid 5669] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5669] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5670] <... futex resumed>) = 1 [ 102.294802][ T5670] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 102.308515][ T5670] BTRFS info (device loop0): checking UUID tree [pid 5670] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5670] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5669] <... futex resumed>) = 0 [pid 5670] creat("./bus", 000 [pid 5669] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5670] <... creat resumed>) = 6 [pid 5669] <... futex resumed>) = 0 [pid 5669] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5670] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5669] <... futex resumed>) = 0 [pid 5669] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5669] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5670] ftruncate(6, 2048) = 0 [pid 5670] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5669] <... futex resumed>) = 0 [pid 5670] open("./bus", O_RDONLY [pid 5669] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5670] <... open resumed>) = 7 [pid 5669] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5670] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5669] <... futex resumed>) = 0 [pid 5669] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5669] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5670] <... futex resumed>) = 1 [pid 5670] sendfile(6, 7, NULL, 65536) = 2048 [pid 5670] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5669] <... futex resumed>) = 0 [pid 5669] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5669] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5670] <... futex resumed>) = 1 [pid 5670] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 5670] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5669] <... futex resumed>) = 0 [pid 5669] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5669] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5670] <... futex resumed>) = 1 [ 102.358961][ T33] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 102.398734][ T5670] BTRFS info (device loop0): balance: start -s [ 102.405917][ T5670] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5670] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5669] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5669] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5669] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 5669] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5669] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5690], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 5690 [pid 5669] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5669] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5690 attached [pid 5690] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 5690] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 5670] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5670] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5670] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5690] <... ioctl resumed>) = 0 [pid 5690] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5669] <... futex resumed>) = 0 [pid 5669] exit_group(0 [pid 5670] <... futex resumed>) = ? [pid 5669] <... exit_group resumed>) = ? [pid 5670] +++ exited with 0 +++ [pid 5690] <... futex resumed>) = ? [pid 5690] +++ exited with 0 +++ [pid 5669] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5669, si_uid=0, si_status=0, si_utime=2, si_stime=28} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./93", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./93/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./93/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./93/binderfs") = 0 [ 102.432578][ T5670] BTRFS info (device loop0): balance: ended with status: 0 umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./93/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./93/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./93") = 0 mkdir("./94", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 5691 ./strace-static-x86_64: Process 5691 attached [pid 5691] set_robust_list(0x55555746f5e0, 24) = 0 [pid 5691] chdir("./94") = 0 [pid 5691] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5691] setpgid(0, 0) = 0 [pid 5691] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5691] write(3, "1000", 4) = 4 [pid 5691] close(3) = 0 [pid 5691] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5691] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5691] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 5691] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5691] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5692 attached , parent_tid=[5692], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 5692 [pid 5692] set_robust_list(0x7fdb617f69e0, 24 [pid 5691] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5692] <... set_robust_list resumed>) = 0 [pid 5691] <... futex resumed>) = 0 [pid 5691] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5692] memfd_create("syzkaller", 0) = 3 [pid 5692] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 5692] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5692] munmap(0x7fdb59200000, 16777216) = 0 [pid 5692] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5692] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5692] close(3) = 0 [pid 5692] mkdir("./file0", 0777) = 0 [ 102.753104][ T5692] loop0: detected capacity change from 0 to 32768 [ 102.767143][ T5692] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 102.777047][ T5692] BTRFS info (device loop0): force clearing of disk cache [ 102.784387][ T5692] BTRFS info (device loop0): setting nodatasum [ 102.790860][ T5692] BTRFS info (device loop0): allowing degraded mounts [ 102.798038][ T5692] BTRFS info (device loop0): enabling disk space caching [ 102.805060][ T5692] BTRFS info (device loop0): disk space caching is enabled [ 102.824988][ T5692] BTRFS info (device loop0): enabling ssd optimizations [ 102.833157][ T5692] BTRFS info (device loop0): clearing free space tree [ 102.840056][ T5692] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5692] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5692] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5692] chdir("./file0") = 0 [pid 5692] ioctl(4, LOOP_CLR_FD) = 0 [pid 5692] close(4) = 0 [pid 5692] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5691] <... futex resumed>) = 0 [pid 5691] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5691] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5692] open("./file0", O_RDONLY) = 4 [pid 5692] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5691] <... futex resumed>) = 0 [pid 5691] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5691] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5692] <... futex resumed>) = 1 [pid 5692] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5692] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5692] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5691] <... futex resumed>) = 0 [pid 5691] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5691] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5692] <... futex resumed>) = 0 [pid 5692] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5692] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5692] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5691] <... futex resumed>) = 0 [pid 5691] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5692] <... futex resumed>) = 0 [pid 5692] creat("./bus", 000 [pid 5691] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5692] <... creat resumed>) = 6 [pid 5692] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5691] <... futex resumed>) = 0 [pid 5692] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5691] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [ 102.851395][ T5692] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 102.864605][ T5692] BTRFS info (device loop0): checking UUID tree [pid 5692] <... futex resumed>) = 0 [pid 5691] <... futex resumed>) = 1 [pid 5692] ftruncate(6, 2048) = 0 [pid 5692] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5692] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5691] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5691] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5692] <... futex resumed>) = 0 [pid 5691] <... futex resumed>) = 1 [pid 5692] open("./bus", O_RDONLY [pid 5691] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5692] <... open resumed>) = 7 [pid 5692] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5691] <... futex resumed>) = 0 [pid 5692] sendfile(6, 7, NULL, 65536 [pid 5691] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5692] <... sendfile resumed>) = 2048 [pid 5691] <... futex resumed>) = 0 [pid 5692] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5691] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5691] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5692] <... futex resumed>) = 0 [pid 5691] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5692] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 5692] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5692] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5691] <... futex resumed>) = 0 [pid 5691] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5692] <... futex resumed>) = 0 [pid 5691] <... futex resumed>) = 1 [pid 5692] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5691] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5691] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5691] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 5691] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5691] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5712], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 5712 [pid 5691] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 102.931744][ T56] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 102.932446][ T5692] BTRFS info (device loop0): balance: start -s [ 102.951582][ T5692] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5691] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5712 attached [pid 5712] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 5712] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 5692] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5692] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 102.979923][ T5692] BTRFS info (device loop0): balance: ended with status: 0 [pid 5692] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5712] <... ioctl resumed>) = 0 [pid 5712] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5712] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5691] <... futex resumed>) = 0 [pid 5691] exit_group(0 [pid 5692] <... futex resumed>) = ? [pid 5691] <... exit_group resumed>) = ? [pid 5692] +++ exited with 0 +++ [pid 5712] <... futex resumed>) = ? [pid 5712] +++ exited with 0 +++ [pid 5691] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5691, si_uid=0, si_status=0, si_utime=2, si_stime=27} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./94", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./94/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./94/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./94/binderfs") = 0 umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./94/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./94/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./94") = 0 mkdir("./95", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 5713 ./strace-static-x86_64: Process 5713 attached [pid 5713] set_robust_list(0x55555746f5e0, 24) = 0 [pid 5713] chdir("./95") = 0 [pid 5713] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5713] setpgid(0, 0) = 0 [pid 5713] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5713] write(3, "1000", 4) = 4 [pid 5713] close(3) = 0 [pid 5713] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5713] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5713] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 5713] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5713] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5714], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 5714 [pid 5713] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5713] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5714 attached [pid 5714] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 5714] memfd_create("syzkaller", 0) = 3 [pid 5714] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 5714] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5714] munmap(0x7fdb59200000, 16777216) = 0 [pid 5714] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5714] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5714] close(3) = 0 [pid 5714] mkdir("./file0", 0777) = 0 [ 103.305676][ T5714] loop0: detected capacity change from 0 to 32768 [ 103.319358][ T5714] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 103.328758][ T5714] BTRFS info (device loop0): force clearing of disk cache [ 103.335913][ T5714] BTRFS info (device loop0): setting nodatasum [ 103.342171][ T5714] BTRFS info (device loop0): allowing degraded mounts [ 103.349011][ T5714] BTRFS info (device loop0): enabling disk space caching [ 103.356069][ T5714] BTRFS info (device loop0): disk space caching is enabled [ 103.375877][ T5714] BTRFS info (device loop0): enabling ssd optimizations [ 103.383836][ T5714] BTRFS info (device loop0): clearing free space tree [ 103.390924][ T5714] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5714] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5714] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5714] chdir("./file0") = 0 [pid 5714] ioctl(4, LOOP_CLR_FD) = 0 [pid 5714] close(4) = 0 [pid 5714] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5713] <... futex resumed>) = 0 [pid 5713] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5713] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5714] open("./file0", O_RDONLY) = 4 [pid 5714] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5713] <... futex resumed>) = 0 [pid 5713] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5713] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5714] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5714] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 103.401138][ T5714] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 103.414320][ T5714] BTRFS info (device loop0): checking UUID tree [ 103.442655][ T27] kauditd_printk_skb: 10 callbacks suppressed [pid 5714] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5713] <... futex resumed>) = 0 [pid 5713] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5714] <... futex resumed>) = 0 [pid 5713] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5714] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5714] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5713] <... futex resumed>) = 0 [pid 5714] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5713] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5714] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5713] <... futex resumed>) = 0 [pid 5714] creat("./bus", 000 [pid 5713] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5714] <... creat resumed>) = 6 [pid 5714] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5713] <... futex resumed>) = 0 [pid 5714] ftruncate(6, 2048 [pid 5713] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5714] <... ftruncate resumed>) = 0 [pid 5713] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5714] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5713] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5714] <... futex resumed>) = 0 [pid 5713] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5714] open("./bus", O_RDONLY [pid 5713] <... futex resumed>) = 0 [pid 5713] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5714] <... open resumed>) = 7 [ 103.442669][ T27] audit: type=1800 audit(1670043483.945:192): pid=5714 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5714] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5713] <... futex resumed>) = 0 [pid 5714] sendfile(6, 7, NULL, 65536 [pid 5713] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5714] <... sendfile resumed>) = 2048 [pid 5713] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5714] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5713] <... futex resumed>) = 0 [pid 5713] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5714] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 5713] <... futex resumed>) = 0 [pid 5713] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5714] <... openat resumed>) = 8 [pid 5714] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5713] <... futex resumed>) = 0 [pid 5713] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5714] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5713] <... futex resumed>) = 0 [ 103.486340][ T27] audit: type=1804 audit(1670043483.985:193): pid=5714 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/95/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 103.492268][ T33] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 103.532656][ T5714] BTRFS info (device loop0): balance: start -s [ 103.540835][ T5714] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5713] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5713] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5713] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 5713] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5713] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5734], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 5734 [pid 5713] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5713] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5714] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5714] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5714] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5734 attached [pid 5734] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 5734] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 5734] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5713] <... futex resumed>) = 0 [pid 5734] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5713] exit_group(0) = ? [pid 5714] <... futex resumed>) = ? [pid 5714] +++ exited with 0 +++ [pid 5734] <... futex resumed>) = ? [pid 5734] +++ exited with 0 +++ [pid 5713] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5713, si_uid=0, si_status=0, si_utime=3, si_stime=29} --- umount2("./95", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./95/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 103.568227][ T5714] BTRFS info (device loop0): balance: ended with status: 0 lstat("./95/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./95/binderfs") = 0 umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./95/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./95/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./95") = 0 mkdir("./96", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 5735 ./strace-static-x86_64: Process 5735 attached [pid 5735] set_robust_list(0x55555746f5e0, 24) = 0 [pid 5735] chdir("./96") = 0 [pid 5735] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5735] setpgid(0, 0) = 0 [pid 5735] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5735] write(3, "1000", 4) = 4 [pid 5735] close(3) = 0 [pid 5735] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5735] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5735] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 5735] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5735] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5736 attached , parent_tid=[5736], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 5736 [pid 5735] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5735] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5736] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 5736] memfd_create("syzkaller", 0) = 3 [pid 5736] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 5736] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5736] munmap(0x7fdb59200000, 16777216) = 0 [pid 5736] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5736] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5736] close(3) = 0 [pid 5736] mkdir("./file0", 0777) = 0 [ 103.914709][ T5736] loop0: detected capacity change from 0 to 32768 [ 103.927346][ T5736] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 103.936828][ T5736] BTRFS info (device loop0): force clearing of disk cache [ 103.944286][ T5736] BTRFS info (device loop0): setting nodatasum [ 103.950694][ T5736] BTRFS info (device loop0): allowing degraded mounts [ 103.957651][ T5736] BTRFS info (device loop0): enabling disk space caching [ 103.964665][ T5736] BTRFS info (device loop0): disk space caching is enabled [ 103.983473][ T5736] BTRFS info (device loop0): enabling ssd optimizations [ 103.991115][ T5736] BTRFS info (device loop0): clearing free space tree [ 103.998181][ T5736] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5736] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5736] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5736] chdir("./file0") = 0 [pid 5736] ioctl(4, LOOP_CLR_FD) = 0 [pid 5736] close(4) = 0 [pid 5736] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5735] <... futex resumed>) = 0 [pid 5735] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5735] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5736] <... futex resumed>) = 1 [pid 5736] open("./file0", O_RDONLY) = 4 [pid 5736] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5735] <... futex resumed>) = 0 [pid 5735] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5735] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5736] <... futex resumed>) = 1 [ 104.008031][ T5736] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 104.021208][ T5736] BTRFS info (device loop0): checking UUID tree [pid 5736] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5736] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5735] <... futex resumed>) = 0 [pid 5735] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5735] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5736] <... futex resumed>) = 1 [pid 5736] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5736] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5735] <... futex resumed>) = 0 [pid 5735] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5735] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5736] <... futex resumed>) = 1 [pid 5736] creat("./bus", 000) = 6 [pid 5736] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5735] <... futex resumed>) = 0 [pid 5735] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5735] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5736] <... futex resumed>) = 1 [pid 5736] ftruncate(6, 2048) = 0 [pid 5736] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5735] <... futex resumed>) = 0 [pid 5735] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5735] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5736] <... futex resumed>) = 1 [ 104.046693][ T27] audit: type=1800 audit(1670043484.545:194): pid=5736 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5736] open("./bus", O_RDONLY) = 7 [pid 5736] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5735] <... futex resumed>) = 0 [pid 5735] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5735] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5736] <... futex resumed>) = 1 [pid 5736] sendfile(6, 7, NULL, 65536) = 2048 [pid 5736] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5735] <... futex resumed>) = 0 [pid 5735] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5735] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5736] <... futex resumed>) = 1 [pid 5736] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 5736] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5735] <... futex resumed>) = 0 [pid 5735] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5735] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5736] <... futex resumed>) = 1 [ 104.096011][ T33] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 104.105538][ T27] audit: type=1804 audit(1670043484.595:195): pid=5736 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/96/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 104.129531][ T5736] BTRFS info (device loop0): balance: start -s [pid 5736] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5735] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5735] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5735] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5735] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 5735] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5735] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5756], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 5756 [pid 5735] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5735] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5756 attached [pid 5756] set_robust_list(0x7fdb617d59e0, 24) = 0 [ 104.139392][ T5736] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5756] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 5735] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5756] <... ioctl resumed>) = 0 [pid 5756] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5756] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5736] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5736] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5735] exit_group(0 [pid 5756] <... futex resumed>) = ? [pid 5735] <... exit_group resumed>) = ? [pid 5756] +++ exited with 0 +++ [pid 5736] <... futex resumed>) = ? [pid 5736] +++ exited with 0 +++ [pid 5735] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5735, si_uid=0, si_status=0, si_utime=0, si_stime=32} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./96", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./96/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 104.172884][ T5736] BTRFS info (device loop0): balance: ended with status: 0 lstat("./96/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./96/binderfs") = 0 umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./96/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./96/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./96") = 0 mkdir("./97", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 5757 ./strace-static-x86_64: Process 5757 attached [pid 5757] set_robust_list(0x55555746f5e0, 24) = 0 [pid 5757] chdir("./97") = 0 [pid 5757] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5757] setpgid(0, 0) = 0 [pid 5757] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5757] write(3, "1000", 4) = 4 [pid 5757] close(3) = 0 [pid 5757] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5757] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5757] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 5757] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5757] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5758], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 5758 ./strace-static-x86_64: Process 5758 attached [pid 5757] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5757] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5758] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 5758] memfd_create("syzkaller", 0) = 3 [pid 5758] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 5758] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5758] munmap(0x7fdb59200000, 16777216) = 0 [pid 5758] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5758] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5758] close(3) = 0 [pid 5758] mkdir("./file0", 0777) = 0 [ 104.572048][ T5758] loop0: detected capacity change from 0 to 32768 [ 104.585464][ T5758] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 104.595186][ T5758] BTRFS info (device loop0): force clearing of disk cache [ 104.602597][ T5758] BTRFS info (device loop0): setting nodatasum [ 104.609063][ T5758] BTRFS info (device loop0): allowing degraded mounts [ 104.615826][ T5758] BTRFS info (device loop0): enabling disk space caching [ 104.623142][ T5758] BTRFS info (device loop0): disk space caching is enabled [ 104.641809][ T5758] BTRFS info (device loop0): enabling ssd optimizations [ 104.649545][ T5758] BTRFS info (device loop0): clearing free space tree [ 104.656823][ T5758] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5758] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5758] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5758] chdir("./file0") = 0 [pid 5758] ioctl(4, LOOP_CLR_FD) = 0 [pid 5758] close(4) = 0 [pid 5758] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5757] <... futex resumed>) = 0 [pid 5758] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5757] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5758] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5757] <... futex resumed>) = 0 [pid 5758] open("./file0", O_RDONLY [pid 5757] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5758] <... open resumed>) = 4 [pid 5758] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5757] <... futex resumed>) = 0 [pid 5758] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5757] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 104.666837][ T5758] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 104.680210][ T5758] BTRFS info (device loop0): checking UUID tree [pid 5758] <... open resumed>) = 5 [pid 5757] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5758] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5757] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5758] <... futex resumed>) = 0 [pid 5757] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5758] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5757] <... futex resumed>) = 0 [pid 5758] <... ioctl resumed>) = 0 [pid 5757] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5758] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5757] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5758] <... futex resumed>) = 0 [pid 5757] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5758] creat("./bus", 000 [pid 5757] <... futex resumed>) = 0 [pid 5758] <... creat resumed>) = 6 [pid 5757] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5758] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5757] <... futex resumed>) = 0 [pid 5758] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5757] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5758] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5757] <... futex resumed>) = 0 [pid 5758] ftruncate(6, 2048 [pid 5757] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5758] <... ftruncate resumed>) = 0 [pid 5758] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5757] <... futex resumed>) = 0 [pid 5758] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5757] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5758] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 104.716563][ T27] audit: type=1800 audit(1670043485.215:196): pid=5758 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5757] <... futex resumed>) = 0 [pid 5758] open("./bus", O_RDONLY [pid 5757] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5758] <... open resumed>) = 7 [pid 5758] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5757] <... futex resumed>) = 0 [pid 5758] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5757] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5758] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5757] <... futex resumed>) = 0 [pid 5758] sendfile(6, 7, NULL, 65536 [pid 5757] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5758] <... sendfile resumed>) = 2048 [pid 5758] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5757] <... futex resumed>) = 0 [pid 5758] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5757] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5758] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5757] <... futex resumed>) = 0 [pid 5758] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 5757] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5758] <... openat resumed>) = 8 [pid 5758] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5757] <... futex resumed>) = 0 [pid 5758] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5757] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5758] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5757] <... futex resumed>) = 0 [pid 5758] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 104.761919][ T27] audit: type=1804 audit(1670043485.265:197): pid=5758 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/97/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 104.770531][ T33] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 104.806074][ T5758] BTRFS info (device loop0): balance: start -s [pid 5757] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5757] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5757] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 5757] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5757] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5778], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 5778 [pid 5757] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5757] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5758] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5758] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5758] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5778 attached [pid 5778] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 5778] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 5778] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5757] <... futex resumed>) = 0 [ 104.814790][ T5758] BTRFS info (device loop0): relocating block group 1048576 flags system [ 104.842039][ T5758] BTRFS info (device loop0): balance: ended with status: 0 [pid 5757] exit_group(0 [pid 5758] <... futex resumed>) = ? [pid 5757] <... exit_group resumed>) = ? [pid 5758] +++ exited with 0 +++ [pid 5778] <... futex resumed>) = ? [pid 5778] +++ exited with 0 +++ [pid 5757] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5757, si_uid=0, si_status=0, si_utime=1, si_stime=28} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./97", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./97/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./97/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./97/binderfs") = 0 umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./97/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./97/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./97") = 0 mkdir("./98", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 5779 ./strace-static-x86_64: Process 5779 attached [pid 5779] set_robust_list(0x55555746f5e0, 24) = 0 [pid 5779] chdir("./98") = 0 [pid 5779] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5779] setpgid(0, 0) = 0 [pid 5779] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5779] write(3, "1000", 4) = 4 [pid 5779] close(3) = 0 [pid 5779] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5779] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5779] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 5779] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5779] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5780 attached , parent_tid=[5780], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 5780 [pid 5779] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5779] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5780] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 5780] memfd_create("syzkaller", 0) = 3 [pid 5780] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 5780] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5780] munmap(0x7fdb59200000, 16777216) = 0 [pid 5780] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5780] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5780] close(3) = 0 [pid 5780] mkdir("./file0", 0777) = 0 [ 105.188543][ T5780] loop0: detected capacity change from 0 to 32768 [ 105.202236][ T5780] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 105.211507][ T5780] BTRFS info (device loop0): force clearing of disk cache [ 105.218872][ T5780] BTRFS info (device loop0): setting nodatasum [ 105.225027][ T5780] BTRFS info (device loop0): allowing degraded mounts [pid 5780] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5780] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5780] chdir("./file0") = 0 [pid 5780] ioctl(4, LOOP_CLR_FD) = 0 [pid 5780] close(4) = 0 [pid 5780] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5779] <... futex resumed>) = 0 [pid 5780] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5779] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5780] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5779] <... futex resumed>) = 0 [pid 5780] open("./file0", O_RDONLY [pid 5779] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5780] <... open resumed>) = 4 [pid 5780] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5779] <... futex resumed>) = 0 [pid 5780] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [ 105.232095][ T5780] BTRFS info (device loop0): enabling disk space caching [ 105.239288][ T5780] BTRFS info (device loop0): disk space caching is enabled [pid 5779] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5780] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5779] <... futex resumed>) = 0 [pid 5780] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5779] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5780] <... open resumed>) = 5 [pid 5780] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5780] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5779] <... futex resumed>) = 0 [pid 5779] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5780] <... futex resumed>) = 0 [pid 5779] <... futex resumed>) = 1 [pid 5780] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5779] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5780] <... ioctl resumed>) = 0 [pid 5780] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5779] <... futex resumed>) = 0 [pid 5780] creat("./bus", 000 [pid 5779] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5779] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5780] <... creat resumed>) = 6 [pid 5780] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5779] <... futex resumed>) = 0 [pid 5780] <... futex resumed>) = 1 [pid 5779] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5780] ftruncate(6, 2048 [pid 5779] <... futex resumed>) = 0 [pid 5779] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5780] <... ftruncate resumed>) = 0 [pid 5780] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5779] <... futex resumed>) = 0 [pid 5780] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5779] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5780] open("./bus", O_RDONLY [pid 5779] <... futex resumed>) = 0 [ 105.279114][ T27] audit: type=1800 audit(1670043485.785:198): pid=5780 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5779] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5780] <... open resumed>) = 7 [pid 5780] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5779] <... futex resumed>) = 0 [pid 5780] <... futex resumed>) = 1 [pid 5779] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5780] sendfile(6, 7, NULL, 65536 [pid 5779] <... futex resumed>) = 0 [pid 5779] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5780] <... sendfile resumed>) = 2048 [pid 5780] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5779] <... futex resumed>) = 0 [pid 5780] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 5779] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5780] <... openat resumed>) = 8 [pid 5779] <... futex resumed>) = 0 [pid 5780] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5779] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5780] <... futex resumed>) = 0 [pid 5779] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5780] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5779] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5780] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5779] <... futex resumed>) = 0 [pid 5780] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 105.330344][ T27] audit: type=1804 audit(1670043485.835:199): pid=5780 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/98/file0/bus" dev="loop0" ino=263 res=1 errno=0 [pid 5779] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5780] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5780] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5779] <... futex resumed>) = 0 [pid 5780] <... futex resumed>) = 1 [pid 5779] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5780] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 5779] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5780] <... ioctl resumed>) = 0 [pid 5780] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5779] <... futex resumed>) = 0 [pid 5780] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5779] exit_group(0) = ? [pid 5780] <... futex resumed>) = ? [pid 5780] +++ exited with 0 +++ [pid 5779] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5779, si_uid=0, si_status=0, si_utime=2, si_stime=19} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./98", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./98/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./98/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./98/binderfs") = 0 umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./98/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./98/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./98") = 0 mkdir("./99", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 5800 ./strace-static-x86_64: Process 5800 attached [pid 5800] set_robust_list(0x55555746f5e0, 24) = 0 [pid 5800] chdir("./99") = 0 [pid 5800] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5800] setpgid(0, 0) = 0 [pid 5800] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5800] write(3, "1000", 4) = 4 [pid 5800] close(3) = 0 [pid 5800] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5800] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5800] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 5800] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5800] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5801 attached , parent_tid=[5801], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 5801 [pid 5800] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5800] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5801] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 5801] memfd_create("syzkaller", 0) = 3 [pid 5801] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 5801] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5801] munmap(0x7fdb59200000, 16777216) = 0 [pid 5801] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5801] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5801] close(3) = 0 [pid 5801] mkdir("./file0", 0777) = 0 [pid 5801] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5801] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5801] chdir("./file0") = 0 [pid 5801] ioctl(4, LOOP_CLR_FD) = 0 [pid 5801] close(4) = 0 [pid 5801] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5801] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5800] <... futex resumed>) = 0 [pid 5800] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5800] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5801] <... futex resumed>) = 0 [pid 5801] open("./file0", O_RDONLY) = 4 [pid 5801] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5800] <... futex resumed>) = 0 [pid 5800] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5800] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5801] <... futex resumed>) = 1 [ 105.709430][ T5801] loop0: detected capacity change from 0 to 32768 [pid 5801] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5801] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5801] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5800] <... futex resumed>) = 0 [pid 5800] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5801] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5800] <... futex resumed>) = 0 [pid 5801] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5800] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5801] <... ioctl resumed>) = 0 [pid 5801] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5800] <... futex resumed>) = 0 [pid 5800] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5801] creat("./bus", 000 [pid 5800] <... futex resumed>) = 0 [pid 5801] <... creat resumed>) = 6 [pid 5800] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5801] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5800] <... futex resumed>) = 0 [pid 5801] <... futex resumed>) = 1 [pid 5800] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5801] ftruncate(6, 2048 [pid 5800] <... futex resumed>) = 0 [pid 5800] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5801] <... ftruncate resumed>) = 0 [pid 5801] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5800] <... futex resumed>) = 0 [pid 5801] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5800] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5801] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5800] <... futex resumed>) = 0 [ 105.756336][ T27] audit: type=1800 audit(1670043486.255:200): pid=5801 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5801] open("./bus", O_RDONLY [pid 5800] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5801] <... open resumed>) = 7 [pid 5801] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5800] <... futex resumed>) = 0 [pid 5800] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5801] sendfile(6, 7, NULL, 65536 [pid 5800] <... futex resumed>) = 0 [pid 5800] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5801] <... sendfile resumed>) = 2048 [pid 5801] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5800] <... futex resumed>) = 0 [pid 5801] <... futex resumed>) = 1 [pid 5800] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5801] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 5800] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5801] <... openat resumed>) = 8 [pid 5801] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5800] <... futex resumed>) = 0 [pid 5800] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5801] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5800] <... futex resumed>) = 0 [ 105.816384][ T27] audit: type=1804 audit(1670043486.315:201): pid=5801 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/99/file0/bus" dev="loop0" ino=263 res=1 errno=0 [pid 5800] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5801] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5801] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5800] <... futex resumed>) = 0 [pid 5801] <... futex resumed>) = 1 [pid 5800] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5801] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 5800] <... futex resumed>) = 0 [pid 5800] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5801] <... ioctl resumed>) = 0 [pid 5801] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5800] <... futex resumed>) = 0 [pid 5800] exit_group(0) = ? [pid 5801] +++ exited with 0 +++ [pid 5800] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5800, si_uid=0, si_status=0, si_utime=0, si_stime=18} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./99", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./99/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./99/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./99/binderfs") = 0 umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./99/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./99/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./99") = 0 mkdir("./100", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 5821 ./strace-static-x86_64: Process 5821 attached [pid 5821] set_robust_list(0x55555746f5e0, 24) = 0 [pid 5821] chdir("./100") = 0 [pid 5821] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5821] setpgid(0, 0) = 0 [pid 5821] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5821] write(3, "1000", 4) = 4 [pid 5821] close(3) = 0 [pid 5821] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5821] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5821] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 5821] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5821] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5822 attached , parent_tid=[5822], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 5822 [pid 5821] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5821] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5822] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 5822] memfd_create("syzkaller", 0) = 3 [pid 5822] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 5822] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5822] munmap(0x7fdb59200000, 16777216) = 0 [pid 5822] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5822] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5822] close(3) = 0 [pid 5822] mkdir("./file0", 0777) = 0 [pid 5822] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5822] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5822] chdir("./file0") = 0 [pid 5822] ioctl(4, LOOP_CLR_FD) = 0 [pid 5822] close(4) = 0 [pid 5822] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5821] <... futex resumed>) = 0 [pid 5822] open("./file0", O_RDONLY [pid 5821] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5821] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5822] <... open resumed>) = 4 [pid 5822] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5821] <... futex resumed>) = 0 [pid 5821] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5821] <... futex resumed>) = 0 [pid 5821] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5822] <... open resumed>) = 5 [pid 5822] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5821] <... futex resumed>) = 0 [pid 5821] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5821] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 106.191890][ T5822] loop0: detected capacity change from 0 to 32768 [pid 5822] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5822] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5821] <... futex resumed>) = 0 [pid 5822] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5821] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5821] <... futex resumed>) = 0 [pid 5822] creat("./bus", 000 [pid 5821] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5822] <... creat resumed>) = 6 [pid 5822] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5821] <... futex resumed>) = 0 [pid 5822] ftruncate(6, 2048 [pid 5821] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5822] <... ftruncate resumed>) = 0 [pid 5821] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5822] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5821] <... futex resumed>) = 0 [pid 5822] open("./bus", O_RDONLY [pid 5821] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5822] <... open resumed>) = 7 [pid 5821] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5822] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5821] <... futex resumed>) = 0 [pid 5822] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5821] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5821] <... futex resumed>) = 0 [pid 5822] sendfile(6, 7, NULL, 65536 [pid 5821] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5822] <... sendfile resumed>) = 2048 [pid 5822] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5821] <... futex resumed>) = 0 [pid 5822] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 5821] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5821] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5822] <... openat resumed>) = 8 [pid 5822] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] <... futex resumed>) = 0 [pid 5822] <... futex resumed>) = 1 [pid 5821] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5822] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5821] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5821] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5821] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 5821] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5821] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5842], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 5842 [pid 5821] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5821] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5822] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5822] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5822] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5842 attached [pid 5842] set_robust_list(0x7fdb617d59e0, 24) = 0 [ 106.279021][ T5822] _btrfs_printk: 36 callbacks suppressed [ 106.279037][ T5822] BTRFS info (device loop0): balance: start -s [ 106.292901][ T5822] BTRFS info (device loop0): relocating block group 1048576 flags system [ 106.317108][ T5822] BTRFS info (device loop0): balance: ended with status: 0 [pid 5842] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 5842] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5821] <... futex resumed>) = 0 [pid 5842] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5821] exit_group(0 [pid 5842] <... futex resumed>) = ? [pid 5822] <... futex resumed>) = ? [pid 5821] <... exit_group resumed>) = ? [pid 5822] +++ exited with 0 +++ [pid 5842] +++ exited with 0 +++ [pid 5821] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5821, si_uid=0, si_status=0, si_utime=1, si_stime=17} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./100", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./100", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./100/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./100/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./100/binderfs") = 0 umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./100/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./100/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./100/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./100") = 0 mkdir("./101", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 5843 ./strace-static-x86_64: Process 5843 attached [pid 5843] set_robust_list(0x55555746f5e0, 24) = 0 [pid 5843] chdir("./101") = 0 [pid 5843] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5843] setpgid(0, 0) = 0 [pid 5843] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5843] write(3, "1000", 4) = 4 [pid 5843] close(3) = 0 [pid 5843] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5843] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5843] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 5843] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5843] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5844], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 5844 [pid 5843] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5843] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5844 attached [pid 5844] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 5844] memfd_create("syzkaller", 0) = 3 [pid 5844] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 5844] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5844] munmap(0x7fdb59200000, 16777216) = 0 [pid 5844] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5844] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5844] close(3) = 0 [pid 5844] mkdir("./file0", 0777) = 0 [ 106.644158][ T5844] loop0: detected capacity change from 0 to 32768 [ 106.656897][ T5844] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 106.666248][ T5844] BTRFS info (device loop0): force clearing of disk cache [ 106.673740][ T5844] BTRFS info (device loop0): setting nodatasum [ 106.680147][ T5844] BTRFS info (device loop0): allowing degraded mounts [ 106.686998][ T5844] BTRFS info (device loop0): enabling disk space caching [ 106.694080][ T5844] BTRFS info (device loop0): disk space caching is enabled [ 106.713982][ T5844] BTRFS info (device loop0): enabling ssd optimizations [ 106.721713][ T5844] BTRFS info (device loop0): clearing free space tree [ 106.728580][ T5844] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5844] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5844] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5844] chdir("./file0") = 0 [pid 5844] ioctl(4, LOOP_CLR_FD) = 0 [pid 5844] close(4) = 0 [pid 5844] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5843] <... futex resumed>) = 0 [pid 5844] open("./file0", O_RDONLY [pid 5843] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5844] <... open resumed>) = 4 [pid 5843] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5844] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5843] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5844] <... futex resumed>) = 0 [pid 5843] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5844] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5843] <... futex resumed>) = 0 [pid 5843] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5844] <... open resumed>) = 5 [pid 5844] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5843] <... futex resumed>) = 0 [pid 5844] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5843] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5844] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5843] <... futex resumed>) = 0 [pid 5844] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5843] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5844] <... ioctl resumed>) = 0 [pid 5844] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5843] <... futex resumed>) = 0 [pid 5844] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5843] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5844] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5843] <... futex resumed>) = 0 [pid 5844] creat("./bus", 000 [pid 5843] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5844] <... creat resumed>) = 6 [pid 5844] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5843] <... futex resumed>) = 0 [pid 5844] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5843] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5844] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5843] <... futex resumed>) = 0 [pid 5844] ftruncate(6, 2048 [pid 5843] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5844] <... ftruncate resumed>) = 0 [ 106.738271][ T5844] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 106.751588][ T5844] BTRFS info (device loop0): checking UUID tree [pid 5844] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5843] <... futex resumed>) = 0 [pid 5844] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5843] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5844] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5843] <... futex resumed>) = 0 [pid 5844] open("./bus", O_RDONLY [pid 5843] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5844] <... open resumed>) = 7 [pid 5844] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5843] <... futex resumed>) = 0 [pid 5844] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5843] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5844] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5843] <... futex resumed>) = 0 [pid 5844] sendfile(6, 7, NULL, 65536 [pid 5843] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5844] <... sendfile resumed>) = 2048 [pid 5844] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5843] <... futex resumed>) = 0 [pid 5844] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5843] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5844] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5844] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 5844] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5844] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5843] <... futex resumed>) = 0 [pid 5843] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5843] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5844] <... futex resumed>) = 0 [pid 5843] <... futex resumed>) = 1 [pid 5844] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5843] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5843] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5843] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 5843] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5843] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5864], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 5864 [pid 5843] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5843] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5864 attached [pid 5864] set_robust_list(0x7fdb617d59e0, 24) = 0 [ 106.813305][ T33] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 106.832917][ T5844] BTRFS info (device loop0): balance: start -s [ 106.842184][ T5844] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5864] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 5843] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5864] <... ioctl resumed>) = 0 [pid 5864] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5864] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5844] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5844] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5844] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5843] exit_group(0) = ? [pid 5864] <... futex resumed>) = ? [pid 5864] +++ exited with 0 +++ [pid 5844] <... futex resumed>) = ? [pid 5844] +++ exited with 0 +++ [pid 5843] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5843, si_uid=0, si_status=0, si_utime=2, si_stime=33} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./101", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./101", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./101/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./101/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 106.892810][ T5844] BTRFS info (device loop0): balance: ended with status: 0 unlink("./101/binderfs") = 0 umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./101/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./101/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./101/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./101") = 0 mkdir("./102", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 5865 ./strace-static-x86_64: Process 5865 attached [pid 5865] set_robust_list(0x55555746f5e0, 24) = 0 [pid 5865] chdir("./102") = 0 [pid 5865] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5865] setpgid(0, 0) = 0 [pid 5865] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5865] write(3, "1000", 4) = 4 [pid 5865] close(3) = 0 [pid 5865] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5865] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5865] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 5865] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5865] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5866 attached , parent_tid=[5866], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 5866 [pid 5865] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5865] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5866] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 5866] memfd_create("syzkaller", 0) = 3 [pid 5866] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 5866] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5866] munmap(0x7fdb59200000, 16777216) = 0 [pid 5866] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5866] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5866] close(3) = 0 [pid 5866] mkdir("./file0", 0777) = 0 [ 107.216615][ T5866] loop0: detected capacity change from 0 to 32768 [ 107.230628][ T5866] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 107.239925][ T5866] BTRFS info (device loop0): force clearing of disk cache [ 107.247041][ T5866] BTRFS info (device loop0): setting nodatasum [ 107.253253][ T5866] BTRFS info (device loop0): allowing degraded mounts [ 107.260053][ T5866] BTRFS info (device loop0): enabling disk space caching [ 107.267063][ T5866] BTRFS info (device loop0): disk space caching is enabled [ 107.286721][ T5866] BTRFS info (device loop0): enabling ssd optimizations [ 107.294893][ T5866] BTRFS info (device loop0): clearing free space tree [ 107.302104][ T5866] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5866] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5866] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5866] chdir("./file0") = 0 [pid 5866] ioctl(4, LOOP_CLR_FD) = 0 [pid 5866] close(4) = 0 [pid 5866] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5865] <... futex resumed>) = 0 [pid 5865] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5865] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5866] <... futex resumed>) = 1 [pid 5866] open("./file0", O_RDONLY) = 4 [pid 5866] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5865] <... futex resumed>) = 0 [pid 5865] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5865] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5866] <... futex resumed>) = 1 [pid 5866] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5866] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5865] <... futex resumed>) = 0 [pid 5865] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5865] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5866] <... futex resumed>) = 1 [pid 5866] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5866] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5865] <... futex resumed>) = 0 [pid 5865] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5865] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5866] <... futex resumed>) = 1 [pid 5866] creat("./bus", 000) = 6 [pid 5866] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5865] <... futex resumed>) = 0 [pid 5865] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5865] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5866] <... futex resumed>) = 1 [pid 5866] ftruncate(6, 2048) = 0 [ 107.312023][ T5866] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 107.325287][ T5866] BTRFS info (device loop0): checking UUID tree [pid 5866] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5865] <... futex resumed>) = 0 [pid 5865] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5865] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5866] <... futex resumed>) = 1 [pid 5866] open("./bus", O_RDONLY) = 7 [pid 5866] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5865] <... futex resumed>) = 0 [pid 5865] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5865] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5866] <... futex resumed>) = 1 [pid 5866] sendfile(6, 7, NULL, 65536) = 2048 [pid 5866] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5865] <... futex resumed>) = 0 [pid 5865] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5865] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5866] <... futex resumed>) = 1 [pid 5866] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 5866] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5865] <... futex resumed>) = 0 [pid 5865] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5865] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5866] <... futex resumed>) = 1 [pid 5866] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5865] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5865] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5865] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5865] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 5865] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5865] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5886], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 5886 [pid 5865] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 107.394322][ T56] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 107.412031][ T5866] BTRFS info (device loop0): balance: start -s [ 107.420854][ T5866] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5865] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5886 attached [pid 5886] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 5886] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 5866] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5866] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5865] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5865] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0} [pid 5866] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5865] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5886] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5886] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5865] exit_group(0) = ? [pid 5866] <... futex resumed>) = ? [pid 5866] +++ exited with 0 +++ [pid 5886] <... futex resumed>) = ? [pid 5886] +++ exited with 0 +++ [pid 5865] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5865, si_uid=0, si_status=0, si_utime=2, si_stime=23} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./102", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./102", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./102/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./102/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./102/binderfs") = 0 [ 107.455699][ T5866] BTRFS info (device loop0): balance: ended with status: 0 umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./102/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./102/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./102/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./102") = 0 mkdir("./103", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 5887 ./strace-static-x86_64: Process 5887 attached [pid 5887] set_robust_list(0x55555746f5e0, 24) = 0 [pid 5887] chdir("./103") = 0 [pid 5887] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5887] setpgid(0, 0) = 0 [pid 5887] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5887] write(3, "1000", 4) = 4 [pid 5887] close(3) = 0 [pid 5887] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5887] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5887] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 5887] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5887] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5888 attached , parent_tid=[5888], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 5888 [pid 5887] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5887] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5888] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 5888] memfd_create("syzkaller", 0) = 3 [pid 5888] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 5888] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5888] munmap(0x7fdb59200000, 16777216) = 0 [pid 5888] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5888] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5888] close(3) = 0 [pid 5888] mkdir("./file0", 0777) = 0 [ 107.759639][ T5888] loop0: detected capacity change from 0 to 32768 [ 107.773293][ T5888] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 107.782594][ T5888] BTRFS info (device loop0): force clearing of disk cache [ 107.789836][ T5888] BTRFS info (device loop0): setting nodatasum [ 107.796176][ T5888] BTRFS info (device loop0): allowing degraded mounts [ 107.802998][ T5888] BTRFS info (device loop0): enabling disk space caching [ 107.810050][ T5888] BTRFS info (device loop0): disk space caching is enabled [ 107.829270][ T5888] BTRFS info (device loop0): enabling ssd optimizations [ 107.837162][ T5888] BTRFS info (device loop0): clearing free space tree [ 107.844077][ T5888] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5888] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5888] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5888] chdir("./file0") = 0 [pid 5888] ioctl(4, LOOP_CLR_FD) = 0 [pid 5888] close(4) = 0 [pid 5888] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5887] <... futex resumed>) = 0 [pid 5888] open("./file0", O_RDONLY [pid 5887] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5888] <... open resumed>) = 4 [pid 5887] <... futex resumed>) = 0 [pid 5888] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5887] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5888] <... futex resumed>) = 0 [pid 5887] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5888] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5887] <... futex resumed>) = 0 [pid 5887] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5888] <... open resumed>) = 5 [pid 5888] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5887] <... futex resumed>) = 0 [pid 5888] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5887] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5887] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5888] <... ioctl resumed>) = 0 [pid 5888] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5887] <... futex resumed>) = 0 [pid 5888] creat("./bus", 000 [pid 5887] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 107.853935][ T5888] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 107.867886][ T5888] BTRFS info (device loop0): checking UUID tree [pid 5887] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5888] <... creat resumed>) = 6 [pid 5888] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5887] <... futex resumed>) = 0 [pid 5887] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5887] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5888] ftruncate(6, 2048) = 0 [pid 5888] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5887] <... futex resumed>) = 0 [pid 5887] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5887] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5888] open("./bus", O_RDONLY) = 7 [pid 5888] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5887] <... futex resumed>) = 0 [pid 5887] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5887] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5888] sendfile(6, 7, NULL, 65536) = 2048 [pid 5888] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5887] <... futex resumed>) = 0 [pid 5887] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5888] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 5887] <... futex resumed>) = 0 [pid 5887] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5888] <... openat resumed>) = 8 [pid 5888] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5887] <... futex resumed>) = 0 [pid 5888] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5887] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 107.932589][ T33] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 107.949273][ T5888] BTRFS info (device loop0): balance: start -s [ 107.962725][ T5888] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5887] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5887] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5887] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 5887] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5887] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5908], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 5908 [pid 5887] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5887] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5888] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5888] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5888] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5908 attached [pid 5908] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 5908] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 5908] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5908] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5887] <... futex resumed>) = 0 [pid 5887] exit_group(0 [pid 5888] <... futex resumed>) = ? [pid 5887] <... exit_group resumed>) = ? [pid 5888] +++ exited with 0 +++ [pid 5908] <... futex resumed>) = ? [pid 5908] +++ exited with 0 +++ [pid 5887] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5887, si_uid=0, si_status=0, si_utime=0, si_stime=31} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./103", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./103", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./103/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./103/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 107.995165][ T5888] BTRFS info (device loop0): balance: ended with status: 0 unlink("./103/binderfs") = 0 umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./103/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./103/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./103/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./103") = 0 mkdir("./104", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 5909 ./strace-static-x86_64: Process 5909 attached [pid 5909] set_robust_list(0x55555746f5e0, 24) = 0 [pid 5909] chdir("./104") = 0 [pid 5909] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5909] setpgid(0, 0) = 0 [pid 5909] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5909] write(3, "1000", 4) = 4 [pid 5909] close(3) = 0 [pid 5909] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5909] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5909] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 5909] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5909] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5910], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 5910 [pid 5909] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5909] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5910 attached [pid 5910] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 5910] memfd_create("syzkaller", 0) = 3 [pid 5910] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 5910] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5910] munmap(0x7fdb59200000, 16777216) = 0 [pid 5910] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5910] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5910] close(3) = 0 [pid 5910] mkdir("./file0", 0777) = 0 [ 108.336535][ T5910] loop0: detected capacity change from 0 to 32768 [ 108.349807][ T5910] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 108.359065][ T5910] BTRFS info (device loop0): force clearing of disk cache [ 108.366163][ T5910] BTRFS info (device loop0): setting nodatasum [ 108.372358][ T5910] BTRFS info (device loop0): allowing degraded mounts [ 108.379160][ T5910] BTRFS info (device loop0): enabling disk space caching [ 108.386169][ T5910] BTRFS info (device loop0): disk space caching is enabled [ 108.404745][ T5910] BTRFS info (device loop0): enabling ssd optimizations [ 108.412687][ T5910] BTRFS info (device loop0): clearing free space tree [ 108.419885][ T5910] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5910] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5910] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5910] chdir("./file0") = 0 [pid 5910] ioctl(4, LOOP_CLR_FD) = 0 [pid 5910] close(4) = 0 [pid 5910] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5910] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5909] <... futex resumed>) = 0 [pid 5909] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5909] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5910] <... futex resumed>) = 0 [pid 5910] open("./file0", O_RDONLY) = 4 [pid 5910] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5909] <... futex resumed>) = 0 [pid 5909] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5909] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5910] <... futex resumed>) = 1 [ 108.429923][ T5910] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 108.443541][ T5910] BTRFS info (device loop0): checking UUID tree [ 108.471637][ T27] kauditd_printk_skb: 8 callbacks suppressed [pid 5910] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5910] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5909] <... futex resumed>) = 0 [pid 5909] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5909] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5910] <... futex resumed>) = 1 [pid 5910] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5910] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5909] <... futex resumed>) = 0 [pid 5909] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5909] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5910] <... futex resumed>) = 1 [pid 5910] creat("./bus", 000) = 6 [pid 5910] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5909] <... futex resumed>) = 0 [pid 5909] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5909] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5910] <... futex resumed>) = 1 [pid 5910] ftruncate(6, 2048) = 0 [pid 5910] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5909] <... futex resumed>) = 0 [pid 5909] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5909] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5910] <... futex resumed>) = 1 [pid 5910] open("./bus", O_RDONLY) = 7 [pid 5910] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5909] <... futex resumed>) = 0 [pid 5909] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5909] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5910] <... futex resumed>) = 1 [pid 5910] sendfile(6, 7, NULL, 65536) = 2048 [pid 5910] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5909] <... futex resumed>) = 0 [pid 5909] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5909] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5910] <... futex resumed>) = 1 [pid 5910] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 5910] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5909] <... futex resumed>) = 0 [pid 5909] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5909] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5910] <... futex resumed>) = 1 [ 108.471650][ T27] audit: type=1800 audit(1670043488.975:210): pid=5910 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 108.503439][ T27] audit: type=1804 audit(1670043489.005:211): pid=5910 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/104/file0/bus" dev="loop0" ino=263 res=1 errno=0 [pid 5910] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5909] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5909] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5909] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 5909] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5909] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5930], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 5930 [pid 5909] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5909] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5930 attached [pid 5930] set_robust_list(0x7fdb617d59e0, 24) = 0 [ 108.531874][ T33] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 108.542013][ T5910] BTRFS info (device loop0): balance: start -s [ 108.550597][ T5910] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5930] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 5930] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5909] <... futex resumed>) = 0 [pid 5930] <... futex resumed>) = 1 [pid 5930] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5910] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5910] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5910] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5909] exit_group(0 [pid 5930] <... futex resumed>) = ? [pid 5910] <... futex resumed>) = ? [pid 5909] <... exit_group resumed>) = ? [pid 5930] +++ exited with 0 +++ [pid 5910] +++ exited with 0 +++ [pid 5909] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5909, si_uid=0, si_status=0, si_utime=1, si_stime=34} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./104", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./104", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./104/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./104/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./104/binderfs") = 0 [ 108.632397][ T5910] BTRFS info (device loop0): balance: ended with status: 0 umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./104/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./104/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./104/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./104") = 0 mkdir("./105", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 5931 ./strace-static-x86_64: Process 5931 attached [pid 5931] set_robust_list(0x55555746f5e0, 24) = 0 [pid 5931] chdir("./105") = 0 [pid 5931] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5931] setpgid(0, 0) = 0 [pid 5931] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5931] write(3, "1000", 4) = 4 [pid 5931] close(3) = 0 [pid 5931] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5931] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5931] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 5931] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5931] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5932 attached , parent_tid=[5932], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 5932 [pid 5931] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5932] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 5931] <... futex resumed>) = 0 [pid 5931] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5932] memfd_create("syzkaller", 0) = 3 [pid 5932] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 5932] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5932] munmap(0x7fdb59200000, 16777216) = 0 [pid 5932] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5932] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5932] close(3) = 0 [pid 5932] mkdir("./file0", 0777) = 0 [ 108.934950][ T5932] loop0: detected capacity change from 0 to 32768 [ 108.949969][ T5932] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 108.959303][ T5932] BTRFS info (device loop0): force clearing of disk cache [ 108.966516][ T5932] BTRFS info (device loop0): setting nodatasum [ 108.972755][ T5932] BTRFS info (device loop0): allowing degraded mounts [ 108.979640][ T5932] BTRFS info (device loop0): enabling disk space caching [ 108.986680][ T5932] BTRFS info (device loop0): disk space caching is enabled [ 109.003848][ T5932] BTRFS info (device loop0): enabling ssd optimizations [ 109.011565][ T5932] BTRFS info (device loop0): clearing free space tree [ 109.018775][ T5932] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5932] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5932] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5932] chdir("./file0") = 0 [pid 5932] ioctl(4, LOOP_CLR_FD) = 0 [pid 5932] close(4) = 0 [pid 5932] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5931] <... futex resumed>) = 0 [pid 5932] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5931] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5932] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5931] <... futex resumed>) = 0 [pid 5932] open("./file0", O_RDONLY [pid 5931] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5932] <... open resumed>) = 4 [pid 5932] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5931] <... futex resumed>) = 0 [pid 5932] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5931] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5932] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5931] <... futex resumed>) = 0 [pid 5932] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5931] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5932] <... open resumed>) = 5 [pid 5932] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5931] <... futex resumed>) = 0 [pid 5932] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5931] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5932] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5931] <... futex resumed>) = 0 [pid 5932] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5931] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5932] <... ioctl resumed>) = 0 [pid 5932] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5931] <... futex resumed>) = 0 [pid 5932] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5931] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5932] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5931] <... futex resumed>) = 0 [pid 5932] creat("./bus", 000 [pid 5931] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5932] <... creat resumed>) = 6 [pid 5932] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5931] <... futex resumed>) = 0 [pid 5932] ftruncate(6, 2048 [pid 5931] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5931] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5932] <... ftruncate resumed>) = 0 [pid 5932] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5931] <... futex resumed>) = 0 [pid 5931] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5931] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 109.028700][ T5932] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 109.042102][ T5932] BTRFS info (device loop0): checking UUID tree [ 109.061845][ T27] audit: type=1800 audit(1670043489.565:212): pid=5932 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5932] open("./bus", O_RDONLY) = 7 [pid 5932] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5931] <... futex resumed>) = 0 [pid 5932] sendfile(6, 7, NULL, 65536 [pid 5931] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5932] <... sendfile resumed>) = 2048 [pid 5931] <... futex resumed>) = 0 [pid 5932] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5931] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5932] <... futex resumed>) = 0 [pid 5931] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5932] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 5931] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5932] <... openat resumed>) = 8 [pid 5931] <... futex resumed>) = 0 [pid 5932] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5931] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5932] <... futex resumed>) = 0 [pid 5931] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5932] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5931] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 109.102975][ T27] audit: type=1804 audit(1670043489.605:213): pid=5932 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/105/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 109.105631][ T33] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 5931] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5932] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5932] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5931] <... futex resumed>) = 0 [pid 5931] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5932] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 5931] <... futex resumed>) = 0 [pid 5931] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5932] <... ioctl resumed>) = 0 [pid 5932] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5931] <... futex resumed>) = 0 [pid 5932] <... futex resumed>) = 1 [pid 5932] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5931] exit_group(0 [pid 5932] <... futex resumed>) = ? [pid 5931] <... exit_group resumed>) = ? [pid 5932] +++ exited with 0 +++ [pid 5931] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5931, si_uid=0, si_status=0, si_utime=4, si_stime=29} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./105", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./105", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./105/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./105/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./105/binderfs") = 0 [ 109.149013][ T5932] BTRFS info (device loop0): balance: start -s [ 109.156730][ T5932] BTRFS info (device loop0): relocating block group 1048576 flags system [ 109.183300][ T5932] BTRFS info (device loop0): balance: ended with status: 0 umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./105/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./105/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./105/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./105") = 0 mkdir("./106", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 5954 ./strace-static-x86_64: Process 5954 attached [pid 5954] set_robust_list(0x55555746f5e0, 24) = 0 [pid 5954] chdir("./106") = 0 [pid 5954] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5954] setpgid(0, 0) = 0 [pid 5954] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5954] write(3, "1000", 4) = 4 [pid 5954] close(3) = 0 [pid 5954] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5954] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5954] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 5954] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5954] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5955 attached [pid 5955] set_robust_list(0x7fdb617f69e0, 24 [pid 5954] <... clone resumed>, parent_tid=[5955], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 5955 [pid 5954] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5954] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5955] <... set_robust_list resumed>) = 0 [pid 5955] memfd_create("syzkaller", 0) = 3 [pid 5955] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 5955] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5955] munmap(0x7fdb59200000, 16777216) = 0 [pid 5955] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5955] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5955] close(3) = 0 [pid 5955] mkdir("./file0", 0777) = 0 [ 109.512974][ T5955] loop0: detected capacity change from 0 to 32768 [ 109.526777][ T5955] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 109.536584][ T5955] BTRFS info (device loop0): force clearing of disk cache [ 109.543941][ T5955] BTRFS info (device loop0): setting nodatasum [ 109.550428][ T5955] BTRFS info (device loop0): allowing degraded mounts [ 109.557193][ T5955] BTRFS info (device loop0): enabling disk space caching [ 109.564546][ T5955] BTRFS info (device loop0): disk space caching is enabled [ 109.584484][ T5955] BTRFS info (device loop0): enabling ssd optimizations [ 109.592210][ T5955] BTRFS info (device loop0): clearing free space tree [ 109.599349][ T5955] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5955] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5955] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5955] chdir("./file0") = 0 [pid 5955] ioctl(4, LOOP_CLR_FD) = 0 [pid 5955] close(4) = 0 [pid 5955] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5954] <... futex resumed>) = 0 [pid 5954] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5954] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5955] <... futex resumed>) = 1 [pid 5955] open("./file0", O_RDONLY) = 4 [pid 5955] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5954] <... futex resumed>) = 0 [pid 5954] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5954] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5955] <... futex resumed>) = 1 [ 109.609172][ T5955] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 109.622453][ T5955] BTRFS info (device loop0): checking UUID tree [pid 5955] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5955] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5954] <... futex resumed>) = 0 [pid 5954] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5954] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5955] <... futex resumed>) = 1 [pid 5955] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5955] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5954] <... futex resumed>) = 0 [pid 5955] creat("./bus", 000 [pid 5954] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5954] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5955] <... creat resumed>) = 6 [ 109.654512][ T27] audit: type=1800 audit(1670043490.155:214): pid=5955 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5955] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5954] <... futex resumed>) = 0 [pid 5955] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5954] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5955] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5954] <... futex resumed>) = 0 [pid 5955] ftruncate(6, 2048 [pid 5954] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5955] <... ftruncate resumed>) = 0 [pid 5955] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5954] <... futex resumed>) = 0 [pid 5955] open("./bus", O_RDONLY [pid 5954] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5955] <... open resumed>) = 7 [pid 5954] <... futex resumed>) = 0 [pid 5955] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5954] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5954] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5955] <... futex resumed>) = 0 [pid 5955] sendfile(6, 7, NULL, 65536 [pid 5954] <... futex resumed>) = 0 [pid 5955] <... sendfile resumed>) = 2048 [pid 5954] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5955] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5954] <... futex resumed>) = 0 [pid 5955] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5954] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5955] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5954] <... futex resumed>) = 0 [pid 5954] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5955] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 5955] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5954] <... futex resumed>) = 0 [pid 5955] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5954] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5955] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5954] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 109.700207][ T33] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 109.714749][ T27] audit: type=1804 audit(1670043490.215:215): pid=5955 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/106/file0/bus" dev="loop0" ino=263 res=1 errno=0 [pid 5955] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5954] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5954] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5954] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 5954] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE [pid 5955] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5954] <... mprotect resumed>) = 0 [pid 5955] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5954] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5975], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 5975 [pid 5955] <... futex resumed>) = 0 [pid 5954] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5955] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5954] <... futex resumed>) = 0 [pid 5954] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5975 attached [pid 5975] set_robust_list(0x7fdb617d59e0, 24) = 0 [ 109.754417][ T5955] BTRFS info (device loop0): balance: start -s [ 109.762269][ T5955] BTRFS info (device loop0): relocating block group 1048576 flags system [ 109.785779][ T5955] BTRFS info (device loop0): balance: ended with status: 0 [pid 5975] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 5975] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5954] <... futex resumed>) = 0 [pid 5954] exit_group(0) = ? [pid 5955] <... futex resumed>) = ? [pid 5955] +++ exited with 0 +++ [pid 5975] +++ exited with 0 +++ [pid 5954] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5954, si_uid=0, si_status=0, si_utime=1, si_stime=28} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./106", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./106", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./106/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./106/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./106/binderfs") = 0 umount2("./106/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./106/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./106/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./106/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./106/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./106/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./106") = 0 mkdir("./107", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 5976 ./strace-static-x86_64: Process 5976 attached [pid 5976] set_robust_list(0x55555746f5e0, 24) = 0 [pid 5976] chdir("./107") = 0 [pid 5976] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5976] setpgid(0, 0) = 0 [pid 5976] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5976] write(3, "1000", 4) = 4 [pid 5976] close(3) = 0 [pid 5976] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5976] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5976] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 5976] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5976] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5977], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 5977 [pid 5976] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5976] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5977 attached [pid 5977] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 5977] memfd_create("syzkaller", 0) = 3 [pid 5977] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 5977] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5977] munmap(0x7fdb59200000, 16777216) = 0 [pid 5977] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5977] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5977] close(3) = 0 [pid 5977] mkdir("./file0", 0777) = 0 [ 110.113459][ T5977] loop0: detected capacity change from 0 to 32768 [ 110.125725][ T5977] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 110.135557][ T5977] BTRFS info (device loop0): force clearing of disk cache [ 110.143277][ T5977] BTRFS info (device loop0): setting nodatasum [ 110.149630][ T5977] BTRFS info (device loop0): allowing degraded mounts [ 110.156405][ T5977] BTRFS info (device loop0): enabling disk space caching [pid 5977] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5977] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5977] chdir("./file0") = 0 [pid 5977] ioctl(4, LOOP_CLR_FD) = 0 [pid 5977] close(4) = 0 [pid 5977] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5976] <... futex resumed>) = 0 [pid 5976] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5976] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5977] open("./file0", O_RDONLY) = 4 [pid 5977] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5976] <... futex resumed>) = 0 [pid 5976] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5976] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5977] <... futex resumed>) = 1 [pid 5977] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [ 110.163689][ T5977] BTRFS info (device loop0): disk space caching is enabled [ 110.183915][ T5977] BTRFS info (device loop0): enabling ssd optimizations [pid 5977] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5977] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5976] <... futex resumed>) = 0 [pid 5976] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5976] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5977] <... futex resumed>) = 0 [pid 5977] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5977] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5976] <... futex resumed>) = 0 [pid 5977] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5976] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5977] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5977] creat("./bus", 000 [pid 5976] <... futex resumed>) = 0 [pid 5976] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5977] <... creat resumed>) = 6 [pid 5977] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5976] <... futex resumed>) = 0 [pid 5976] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5977] ftruncate(6, 2048 [pid 5976] <... futex resumed>) = 0 [pid 5976] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5977] <... ftruncate resumed>) = 0 [pid 5977] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5976] <... futex resumed>) = 0 [pid 5976] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5977] open("./bus", O_RDONLY [pid 5976] <... futex resumed>) = 0 [ 110.216442][ T27] audit: type=1800 audit(1670043490.715:216): pid=5977 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5976] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5977] <... open resumed>) = 7 [pid 5977] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5977] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5976] <... futex resumed>) = 0 [pid 5976] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5976] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5977] <... futex resumed>) = 0 [pid 5977] sendfile(6, 7, NULL, 65536) = 2048 [pid 5977] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5976] <... futex resumed>) = 0 [pid 5976] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5976] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5977] <... futex resumed>) = 1 [pid 5977] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 5977] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5976] <... futex resumed>) = 0 [pid 5976] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5976] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5977] <... futex resumed>) = 1 [pid 5977] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5977] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5976] <... futex resumed>) = 0 [pid 5976] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5976] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5977] <... futex resumed>) = 1 [ 110.261228][ T27] audit: type=1804 audit(1670043490.765:217): pid=5977 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/107/file0/bus" dev="loop0" ino=263 res=1 errno=0 [pid 5977] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 5977] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5976] <... futex resumed>) = 0 [pid 5976] exit_group(0) = ? [pid 5977] <... futex resumed>) = ? [pid 5977] +++ exited with 0 +++ [pid 5976] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5976, si_uid=0, si_status=0, si_utime=2, si_stime=24} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./107", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./107", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./107/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./107/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./107/binderfs") = 0 umount2("./107/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./107/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./107/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./107/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./107/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./107/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./107") = 0 mkdir("./108", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 5997 ./strace-static-x86_64: Process 5997 attached [pid 5997] set_robust_list(0x55555746f5e0, 24) = 0 [pid 5997] chdir("./108") = 0 [pid 5997] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5997] setpgid(0, 0) = 0 [pid 5997] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5997] write(3, "1000", 4) = 4 [pid 5997] close(3) = 0 [pid 5997] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5997] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5997] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 5997] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5997] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5998], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 5998 [pid 5997] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5997] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5998 attached [pid 5998] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 5998] memfd_create("syzkaller", 0) = 3 [pid 5998] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 5998] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5998] munmap(0x7fdb59200000, 16777216) = 0 [pid 5998] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5998] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5998] close(3) = 0 [pid 5998] mkdir("./file0", 0777) = 0 [pid 5998] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5998] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5998] chdir("./file0") = 0 [pid 5998] ioctl(4, LOOP_CLR_FD) = 0 [pid 5998] close(4) = 0 [pid 5998] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5997] <... futex resumed>) = 0 [pid 5997] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5997] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5998] <... futex resumed>) = 1 [pid 5998] open("./file0", O_RDONLY) = 4 [pid 5998] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5997] <... futex resumed>) = 0 [pid 5997] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5998] <... futex resumed>) = 1 [pid 5997] <... futex resumed>) = 0 [pid 5998] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5997] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5998] <... open resumed>) = 5 [pid 5998] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 110.619448][ T5998] loop0: detected capacity change from 0 to 32768 [pid 5998] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5997] <... futex resumed>) = 0 [pid 5997] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5998] <... futex resumed>) = 0 [pid 5997] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5998] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5998] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5997] <... futex resumed>) = 0 [pid 5998] <... futex resumed>) = 1 [pid 5997] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5998] creat("./bus", 000 [pid 5997] <... futex resumed>) = 0 [pid 5998] <... creat resumed>) = 6 [pid 5997] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5998] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5997] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5998] <... futex resumed>) = 0 [pid 5997] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5998] ftruncate(6, 2048 [pid 5997] <... futex resumed>) = 0 [pid 5998] <... ftruncate resumed>) = 0 [pid 5997] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5998] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5997] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5998] <... futex resumed>) = 0 [pid 5997] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5998] open("./bus", O_RDONLY [pid 5997] <... futex resumed>) = 0 [pid 5998] <... open resumed>) = 7 [ 110.655142][ T27] audit: type=1800 audit(1670043491.155:218): pid=5998 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5997] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5998] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5998] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5997] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5997] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5998] <... futex resumed>) = 0 [pid 5997] <... futex resumed>) = 1 [pid 5998] sendfile(6, 7, NULL, 65536 [pid 5997] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5998] <... sendfile resumed>) = 2048 [pid 5998] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5997] <... futex resumed>) = 0 [pid 5998] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5997] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5998] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5997] <... futex resumed>) = 0 [pid 5998] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 5997] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5998] <... openat resumed>) = 8 [pid 5998] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5998] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5997] <... futex resumed>) = 0 [pid 5997] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5998] <... futex resumed>) = 0 [pid 5997] <... futex resumed>) = 1 [pid 5998] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5997] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5998] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5998] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5997] <... futex resumed>) = 0 [ 110.707305][ T27] audit: type=1804 audit(1670043491.205:219): pid=5998 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/108/file0/bus" dev="loop0" ino=263 res=1 errno=0 [pid 5998] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5997] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5998] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5997] <... futex resumed>) = 0 [pid 5997] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5998] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 5998] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5997] <... futex resumed>) = 0 [pid 5998] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5997] exit_group(0 [pid 5998] <... futex resumed>) = ? [pid 5997] <... exit_group resumed>) = ? [pid 5998] +++ exited with 0 +++ [pid 5997] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5997, si_uid=0, si_status=0, si_utime=1, si_stime=22} --- umount2("./108", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./108", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./108/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./108/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./108/binderfs") = 0 umount2("./108/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./108/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./108/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./108/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./108/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./108/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./108") = 0 mkdir("./109", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 6018 ./strace-static-x86_64: Process 6018 attached [pid 6018] set_robust_list(0x55555746f5e0, 24) = 0 [pid 6018] chdir("./109") = 0 [pid 6018] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6018] setpgid(0, 0) = 0 [pid 6018] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6018] write(3, "1000", 4) = 4 [pid 6018] close(3) = 0 [pid 6018] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6018] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6018] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 6018] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6018] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6019 attached [pid 6019] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 6019] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6018] <... clone resumed>, parent_tid=[6019], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 6019 [pid 6018] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6019] <... futex resumed>) = 0 [pid 6019] memfd_create("syzkaller", 0 [pid 6018] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6019] <... memfd_create resumed>) = 3 [pid 6019] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 6019] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6019] munmap(0x7fdb59200000, 16777216) = 0 [pid 6019] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6019] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6019] close(3) = 0 [pid 6019] mkdir("./file0", 0777) = 0 [pid 6019] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6019] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6019] chdir("./file0") = 0 [pid 6019] ioctl(4, LOOP_CLR_FD) = 0 [pid 6019] close(4) = 0 [pid 6019] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6018] <... futex resumed>) = 0 [pid 6018] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6018] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6019] <... futex resumed>) = 1 [pid 6019] open("./file0", O_RDONLY) = 4 [pid 6019] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6018] <... futex resumed>) = 0 [pid 6018] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6018] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6019] <... futex resumed>) = 1 [pid 6019] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6019] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6018] <... futex resumed>) = 0 [pid 6018] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6018] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6019] <... futex resumed>) = 1 [pid 6019] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 6019] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6018] <... futex resumed>) = 0 [pid 6018] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6018] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6019] <... futex resumed>) = 1 [pid 6019] creat("./bus", 000) = 6 [pid 6019] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6018] <... futex resumed>) = 0 [pid 6018] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6018] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6019] <... futex resumed>) = 1 [pid 6019] ftruncate(6, 2048) = 0 [pid 6019] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6018] <... futex resumed>) = 0 [pid 6018] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6018] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6019] <... futex resumed>) = 1 [pid 6019] open("./bus", O_RDONLY) = 7 [pid 6019] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6018] <... futex resumed>) = 0 [pid 6018] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6018] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6019] <... futex resumed>) = 1 [pid 6019] sendfile(6, 7, NULL, 65536) = 2048 [pid 6019] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6018] <... futex resumed>) = 0 [pid 6018] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6018] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6019] <... futex resumed>) = 1 [pid 6019] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 6019] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6018] <... futex resumed>) = 0 [pid 6018] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 111.099377][ T6019] loop0: detected capacity change from 0 to 32768 [pid 6018] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6019] <... futex resumed>) = 1 [pid 6019] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6019] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6018] <... futex resumed>) = 0 [pid 6018] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6018] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6019] <... futex resumed>) = 1 [pid 6019] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 6019] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6018] <... futex resumed>) = 0 [pid 6018] exit_group(0) = ? [pid 6019] <... futex resumed>) = ? [pid 6019] +++ exited with 0 +++ [pid 6018] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6018, si_uid=0, si_status=0, si_utime=2, si_stime=14} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./109", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./109", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./109/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./109/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./109/binderfs") = 0 umount2("./109/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./109/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./109/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./109/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./109/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./109/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./109") = 0 mkdir("./110", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 6039 ./strace-static-x86_64: Process 6039 attached [pid 6039] set_robust_list(0x55555746f5e0, 24) = 0 [pid 6039] chdir("./110") = 0 [pid 6039] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6039] setpgid(0, 0) = 0 [pid 6039] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6039] write(3, "1000", 4) = 4 [pid 6039] close(3) = 0 [pid 6039] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6039] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6039] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 6039] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6039] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6040], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 6040 [pid 6039] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6039] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6040 attached [pid 6040] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 6040] memfd_create("syzkaller", 0) = 3 [pid 6040] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 6040] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6040] munmap(0x7fdb59200000, 16777216) = 0 [pid 6040] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6040] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6040] close(3) = 0 [pid 6040] mkdir("./file0", 0777) = 0 [ 111.513178][ T6040] loop0: detected capacity change from 0 to 32768 [ 111.529527][ T6040] _btrfs_printk: 38 callbacks suppressed [ 111.529538][ T6040] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 111.544481][ T6040] BTRFS info (device loop0): force clearing of disk cache [ 111.551697][ T6040] BTRFS info (device loop0): setting nodatasum [ 111.557949][ T6040] BTRFS info (device loop0): allowing degraded mounts [ 111.564720][ T6040] BTRFS info (device loop0): enabling disk space caching [ 111.571802][ T6040] BTRFS info (device loop0): disk space caching is enabled [ 111.588946][ T6040] BTRFS info (device loop0): enabling ssd optimizations [ 111.596523][ T6040] BTRFS info (device loop0): clearing free space tree [pid 6040] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6040] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6040] chdir("./file0") = 0 [pid 6040] ioctl(4, LOOP_CLR_FD) = 0 [pid 6040] close(4) = 0 [pid 6040] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6039] <... futex resumed>) = 0 [pid 6039] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6039] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6040] <... futex resumed>) = 1 [pid 6040] open("./file0", O_RDONLY) = 4 [pid 6040] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6039] <... futex resumed>) = 0 [pid 6039] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6039] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6040] <... futex resumed>) = 1 [pid 6040] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6040] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6039] <... futex resumed>) = 0 [pid 6039] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6039] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6040] <... futex resumed>) = 1 [pid 6040] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 6040] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6039] <... futex resumed>) = 0 [pid 6039] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6039] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6040] <... futex resumed>) = 1 [pid 6040] creat("./bus", 000) = 6 [pid 6040] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6039] <... futex resumed>) = 0 [pid 6039] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6039] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6040] <... futex resumed>) = 1 [pid 6040] ftruncate(6, 2048) = 0 [pid 6040] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6039] <... futex resumed>) = 0 [pid 6039] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6039] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6040] <... futex resumed>) = 1 [pid 6040] open("./bus", O_RDONLY) = 7 [pid 6040] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6039] <... futex resumed>) = 0 [pid 6039] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6039] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6040] <... futex resumed>) = 1 [pid 6040] sendfile(6, 7, NULL, 65536) = 2048 [pid 6040] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6039] <... futex resumed>) = 0 [pid 6039] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6039] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6040] <... futex resumed>) = 1 [pid 6040] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 6040] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6039] <... futex resumed>) = 0 [pid 6039] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6039] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6040] <... futex resumed>) = 1 [ 111.604268][ T6040] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 111.614185][ T6040] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 111.628979][ T6040] BTRFS info (device loop0): checking UUID tree [pid 6040] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6039] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6039] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6039] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6039] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 6039] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6039] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6060], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 6060 [pid 6039] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6039] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6060 attached [pid 6060] set_robust_list(0x7fdb617d59e0, 24) = 0 [ 111.678245][ T46] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 111.679172][ T6040] BTRFS info (device loop0): balance: start -s [ 111.695520][ T6040] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 6060] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 6039] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6060] <... ioctl resumed>) = 0 [pid 6060] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 111.727469][ T6040] BTRFS info (device loop0): balance: ended with status: 0 [pid 6060] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6040] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6040] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6040] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6039] exit_group(0) = ? [pid 6060] <... futex resumed>) = ? [pid 6060] +++ exited with 0 +++ [pid 6040] <... futex resumed>) = ? [pid 6040] +++ exited with 0 +++ [pid 6039] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6039, si_uid=0, si_status=0, si_utime=4, si_stime=31} --- umount2("./110", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./110", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./110/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./110/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./110/binderfs") = 0 umount2("./110/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./110/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./110/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./110/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./110/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./110/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./110") = 0 mkdir("./111", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 6061 ./strace-static-x86_64: Process 6061 attached [pid 6061] set_robust_list(0x55555746f5e0, 24) = 0 [pid 6061] chdir("./111") = 0 [pid 6061] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6061] setpgid(0, 0) = 0 [pid 6061] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6061] write(3, "1000", 4) = 4 [pid 6061] close(3) = 0 [pid 6061] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6061] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6061] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 6061] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6061] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6062 attached , parent_tid=[6062], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 6062 [pid 6062] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 6062] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6061] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6062] <... futex resumed>) = 0 [pid 6062] memfd_create("syzkaller", 0 [pid 6061] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6062] <... memfd_create resumed>) = 3 [pid 6062] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 6062] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6062] munmap(0x7fdb59200000, 16777216) = 0 [pid 6062] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6062] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6062] close(3) = 0 [pid 6062] mkdir("./file0", 0777) = 0 [ 112.084245][ T6062] loop0: detected capacity change from 0 to 32768 [ 112.099391][ T6062] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 112.108821][ T6062] BTRFS info (device loop0): force clearing of disk cache [ 112.115979][ T6062] BTRFS info (device loop0): setting nodatasum [ 112.122215][ T6062] BTRFS info (device loop0): allowing degraded mounts [ 112.129148][ T6062] BTRFS info (device loop0): enabling disk space caching [ 112.136179][ T6062] BTRFS info (device loop0): disk space caching is enabled [ 112.155573][ T6062] BTRFS info (device loop0): enabling ssd optimizations [ 112.163506][ T6062] BTRFS info (device loop0): clearing free space tree [ 112.170417][ T6062] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 6062] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6062] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6062] chdir("./file0") = 0 [pid 6062] ioctl(4, LOOP_CLR_FD) = 0 [pid 6062] close(4) = 0 [pid 6062] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6061] <... futex resumed>) = 0 [pid 6061] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6061] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6062] open("./file0", O_RDONLY) = 4 [pid 6062] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6061] <... futex resumed>) = 0 [pid 6061] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6061] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6062] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6062] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6061] <... futex resumed>) = 0 [pid 6061] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6061] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6062] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [ 112.180134][ T6062] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 112.193766][ T6062] BTRFS info (device loop0): checking UUID tree [pid 6062] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6061] <... futex resumed>) = 0 [pid 6062] <... futex resumed>) = 1 [pid 6061] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6062] creat("./bus", 000 [pid 6061] <... futex resumed>) = 0 [pid 6061] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6062] <... creat resumed>) = 6 [pid 6062] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6061] <... futex resumed>) = 0 [pid 6062] <... futex resumed>) = 1 [pid 6061] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6062] ftruncate(6, 2048 [pid 6061] <... futex resumed>) = 0 [pid 6061] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6062] <... ftruncate resumed>) = 0 [pid 6062] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6061] <... futex resumed>) = 0 [pid 6062] <... futex resumed>) = 1 [pid 6061] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6062] open("./bus", O_RDONLY [pid 6061] <... futex resumed>) = 0 [pid 6061] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6062] <... open resumed>) = 7 [pid 6062] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6061] <... futex resumed>) = 0 [pid 6061] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6062] sendfile(6, 7, NULL, 65536 [pid 6061] <... futex resumed>) = 0 [pid 6062] <... sendfile resumed>) = 2048 [pid 6061] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6062] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6061] <... futex resumed>) = 0 [pid 6061] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6062] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 6061] <... futex resumed>) = 0 [pid 6062] <... openat resumed>) = 8 [pid 6061] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6062] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6061] <... futex resumed>) = 0 [pid 6062] <... futex resumed>) = 1 [pid 6061] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6062] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 112.258143][ T56] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 112.282720][ T6062] BTRFS info (device loop0): balance: start -s [ 112.290541][ T6062] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 6061] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6062] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6062] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6061] <... futex resumed>) = 0 [pid 6062] <... futex resumed>) = 1 [pid 6061] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6062] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 6061] <... futex resumed>) = 0 [pid 6061] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6062] <... ioctl resumed>) = 0 [pid 6062] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6061] <... futex resumed>) = 0 [pid 6062] <... futex resumed>) = 1 [pid 6061] exit_group(0 [pid 6062] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6061] <... exit_group resumed>) = ? [pid 6062] <... futex resumed>) = ? [pid 6062] +++ exited with 0 +++ [pid 6061] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6061, si_uid=0, si_status=0, si_utime=2, si_stime=27} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./111", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./111", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./111/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./111/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./111/binderfs") = 0 [ 112.312954][ T6062] BTRFS info (device loop0): balance: ended with status: 0 umount2("./111/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./111/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./111/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./111/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./111/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./111/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./111") = 0 mkdir("./112", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 6082 ./strace-static-x86_64: Process 6082 attached [pid 6082] set_robust_list(0x55555746f5e0, 24) = 0 [pid 6082] chdir("./112") = 0 [pid 6082] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6082] setpgid(0, 0) = 0 [pid 6082] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6082] write(3, "1000", 4) = 4 [pid 6082] close(3) = 0 [pid 6082] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6082] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6082] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 6082] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6082] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6083 attached , parent_tid=[6083], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 6083 [pid 6082] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6083] set_robust_list(0x7fdb617f69e0, 24 [pid 6082] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6083] <... set_robust_list resumed>) = 0 [pid 6083] memfd_create("syzkaller", 0) = 3 [pid 6083] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 6083] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6083] munmap(0x7fdb59200000, 16777216) = 0 [pid 6083] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6083] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6083] close(3) = 0 [pid 6083] mkdir("./file0", 0777) = 0 [ 112.640373][ T6083] loop0: detected capacity change from 0 to 32768 [ 112.653810][ T6083] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 112.663104][ T6083] BTRFS info (device loop0): force clearing of disk cache [ 112.670298][ T6083] BTRFS info (device loop0): setting nodatasum [ 112.676458][ T6083] BTRFS info (device loop0): allowing degraded mounts [ 112.683527][ T6083] BTRFS info (device loop0): enabling disk space caching [ 112.690719][ T6083] BTRFS info (device loop0): disk space caching is enabled [ 112.709948][ T6083] BTRFS info (device loop0): enabling ssd optimizations [ 112.719159][ T6083] BTRFS info (device loop0): clearing free space tree [ 112.726041][ T6083] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 6083] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6083] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6083] chdir("./file0") = 0 [pid 6083] ioctl(4, LOOP_CLR_FD) = 0 [pid 6083] close(4) = 0 [pid 6083] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6082] <... futex resumed>) = 0 [pid 6082] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6083] <... futex resumed>) = 1 [pid 6082] <... futex resumed>) = 0 [pid 6082] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6083] open("./file0", O_RDONLY) = 4 [pid 6083] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6082] <... futex resumed>) = 0 [pid 6082] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6083] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6082] <... futex resumed>) = 0 [pid 6082] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6083] <... open resumed>) = 5 [pid 6083] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6082] <... futex resumed>) = 0 [pid 6082] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6082] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6083] <... futex resumed>) = 1 [pid 6083] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 6083] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6082] <... futex resumed>) = 0 [pid 6083] creat("./bus", 000 [ 112.735824][ T6083] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 112.749362][ T6083] BTRFS info (device loop0): checking UUID tree [pid 6082] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6083] <... creat resumed>) = 6 [pid 6082] <... futex resumed>) = 0 [pid 6082] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6083] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6082] <... futex resumed>) = 0 [pid 6082] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6082] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6083] <... futex resumed>) = 1 [pid 6083] ftruncate(6, 2048) = 0 [pid 6083] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6082] <... futex resumed>) = 0 [pid 6083] open("./bus", O_RDONLY [pid 6082] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6083] <... open resumed>) = 7 [pid 6082] <... futex resumed>) = 0 [pid 6082] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6083] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6082] <... futex resumed>) = 0 [pid 6083] sendfile(6, 7, NULL, 65536 [pid 6082] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6083] <... sendfile resumed>) = 2048 [pid 6082] <... futex resumed>) = 0 [pid 6083] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6082] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6083] <... futex resumed>) = 0 [pid 6082] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6083] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6082] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6083] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6082] <... futex resumed>) = 0 [pid 6083] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 6082] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6083] <... openat resumed>) = 8 [pid 6083] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6082] <... futex resumed>) = 0 [pid 6083] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6082] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 112.789375][ T46] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 112.817425][ T6083] BTRFS info (device loop0): balance: start -s [ 112.825956][ T6083] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 6082] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6082] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6082] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6082] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 6082] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6082] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6103], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 6103 [pid 6082] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6082] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6103 attached [pid 6103] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 6103] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 6083] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6083] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6083] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6103] <... ioctl resumed>) = 0 [pid 6103] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6082] <... futex resumed>) = 0 [pid 6082] exit_group(0 [pid 6083] <... futex resumed>) = ? [pid 6082] <... exit_group resumed>) = ? [pid 6083] +++ exited with 0 +++ [pid 6103] <... futex resumed>) = ? [pid 6103] +++ exited with 0 +++ [pid 6082] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6082, si_uid=0, si_status=0, si_utime=2, si_stime=30} --- umount2("./112", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./112", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./112/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 112.854589][ T6083] BTRFS info (device loop0): balance: ended with status: 0 lstat("./112/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./112/binderfs") = 0 umount2("./112/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./112/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./112/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./112/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./112/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./112/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./112") = 0 mkdir("./113", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 6104 ./strace-static-x86_64: Process 6104 attached [pid 6104] set_robust_list(0x55555746f5e0, 24) = 0 [pid 6104] chdir("./113") = 0 [pid 6104] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6104] setpgid(0, 0) = 0 [pid 6104] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6104] write(3, "1000", 4) = 4 [pid 6104] close(3) = 0 [pid 6104] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6104] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6104] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 6104] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6104] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6105 attached , parent_tid=[6105], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 6105 [pid 6105] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 6105] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6104] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6105] <... futex resumed>) = 0 [pid 6104] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6105] memfd_create("syzkaller", 0) = 3 [pid 6105] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 6105] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6105] munmap(0x7fdb59200000, 16777216) = 0 [pid 6105] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6105] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6105] close(3) = 0 [pid 6105] mkdir("./file0", 0777) = 0 [ 113.186942][ T6105] loop0: detected capacity change from 0 to 32768 [ 113.200690][ T6105] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 113.210204][ T6105] BTRFS info (device loop0): force clearing of disk cache [ 113.217468][ T6105] BTRFS info (device loop0): setting nodatasum [ 113.223686][ T6105] BTRFS info (device loop0): allowing degraded mounts [ 113.230528][ T6105] BTRFS info (device loop0): enabling disk space caching [ 113.237624][ T6105] BTRFS info (device loop0): disk space caching is enabled [ 113.255698][ T6105] BTRFS info (device loop0): enabling ssd optimizations [ 113.263368][ T6105] BTRFS info (device loop0): clearing free space tree [ 113.270488][ T6105] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 6105] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6105] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6105] chdir("./file0") = 0 [pid 6105] ioctl(4, LOOP_CLR_FD) = 0 [pid 6105] close(4) = 0 [pid 6105] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6104] <... futex resumed>) = 0 [pid 6104] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6104] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6105] open("./file0", O_RDONLY) = 4 [pid 6105] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6104] <... futex resumed>) = 0 [pid 6104] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6104] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6105] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6105] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6104] <... futex resumed>) = 0 [pid 6104] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6104] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6105] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 6105] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6104] <... futex resumed>) = 0 [pid 6104] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6104] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 113.280530][ T6105] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 113.294274][ T6105] BTRFS info (device loop0): checking UUID tree [pid 6105] creat("./bus", 000) = 6 [pid 6105] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6104] <... futex resumed>) = 0 [pid 6104] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6104] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6105] ftruncate(6, 2048) = 0 [pid 6105] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6104] <... futex resumed>) = 0 [pid 6104] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6104] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6105] open("./bus", O_RDONLY) = 7 [pid 6105] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6104] <... futex resumed>) = 0 [pid 6104] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6104] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6105] sendfile(6, 7, NULL, 65536) = 2048 [pid 6105] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6104] <... futex resumed>) = 0 [pid 6105] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6104] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6105] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6104] <... futex resumed>) = 0 [pid 6105] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 6104] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6105] <... openat resumed>) = 8 [pid 6105] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6104] <... futex resumed>) = 0 [pid 6105] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6104] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6105] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6104] <... futex resumed>) = 0 [pid 6105] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 113.338507][ T46] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 113.366082][ T6105] BTRFS info (device loop0): balance: start -s [ 113.373900][ T6105] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 6104] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6105] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6104] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6104] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6104] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6105] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6104] <... mmap resumed>) = 0x7fdb617b5000 [pid 6104] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE [pid 6105] <... futex resumed>) = 0 [pid 6104] <... mprotect resumed>) = 0 [pid 6104] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6105] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6125 attached [pid 6104] <... clone resumed>, parent_tid=[6125], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 6125 [pid 6104] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6104] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6125] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 6125] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 6125] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6104] <... futex resumed>) = 0 [pid 6104] exit_group(0) = ? [pid 6125] <... futex resumed>) = ? [pid 6125] +++ exited with 0 +++ [pid 6105] <... futex resumed>) = ? [pid 6105] +++ exited with 0 +++ [pid 6104] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6104, si_uid=0, si_status=0, si_utime=1, si_stime=32} --- [ 113.398144][ T6105] BTRFS info (device loop0): balance: ended with status: 0 umount2("./113", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./113", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./113/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./113/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./113/binderfs") = 0 umount2("./113/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./113/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./113/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./113/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./113/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./113/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./113") = 0 mkdir("./114", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 6126 ./strace-static-x86_64: Process 6126 attached [pid 6126] set_robust_list(0x55555746f5e0, 24) = 0 [pid 6126] chdir("./114") = 0 [pid 6126] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6126] setpgid(0, 0) = 0 [pid 6126] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6126] write(3, "1000", 4) = 4 [pid 6126] close(3) = 0 [pid 6126] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6126] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6126] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 6126] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6126] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6127 attached , parent_tid=[6127], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 6127 [pid 6127] set_robust_list(0x7fdb617f69e0, 24 [pid 6126] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6127] <... set_robust_list resumed>) = 0 [pid 6126] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6127] memfd_create("syzkaller", 0) = 3 [pid 6127] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 6127] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6127] munmap(0x7fdb59200000, 16777216) = 0 [pid 6127] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6127] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6127] close(3) = 0 [pid 6127] mkdir("./file0", 0777) = 0 [ 113.714740][ T6127] loop0: detected capacity change from 0 to 32768 [ 113.728165][ T6127] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 113.737432][ T6127] BTRFS info (device loop0): force clearing of disk cache [ 113.744529][ T6127] BTRFS info (device loop0): setting nodatasum [ 113.750821][ T6127] BTRFS info (device loop0): allowing degraded mounts [ 113.757652][ T6127] BTRFS info (device loop0): enabling disk space caching [ 113.764679][ T6127] BTRFS info (device loop0): disk space caching is enabled [ 113.783449][ T6127] BTRFS info (device loop0): enabling ssd optimizations [ 113.791368][ T6127] BTRFS info (device loop0): clearing free space tree [ 113.798713][ T6127] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 6127] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6127] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6127] chdir("./file0") = 0 [pid 6127] ioctl(4, LOOP_CLR_FD) = 0 [pid 6127] close(4) = 0 [pid 6127] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6127] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6126] <... futex resumed>) = 0 [pid 6126] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6127] <... futex resumed>) = 0 [pid 6127] open("./file0", O_RDONLY) = 4 [pid 6126] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6127] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6126] <... futex resumed>) = 0 [pid 6126] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6126] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6127] <... futex resumed>) = 1 [pid 6127] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6127] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 113.808813][ T6127] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 113.822454][ T6127] BTRFS info (device loop0): checking UUID tree [ 113.846195][ T27] kauditd_printk_skb: 10 callbacks suppressed [pid 6127] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6126] <... futex resumed>) = 0 [pid 6126] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6127] <... futex resumed>) = 0 [pid 6126] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6127] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 6127] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6126] <... futex resumed>) = 0 [pid 6126] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6126] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6127] creat("./bus", 000) = 6 [pid 6127] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6126] <... futex resumed>) = 0 [pid 6126] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6126] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6127] ftruncate(6, 2048) = 0 [pid 6127] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6126] <... futex resumed>) = 0 [pid 6126] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6126] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6127] open("./bus", O_RDONLY) = 7 [pid 6127] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 113.846209][ T27] audit: type=1800 audit(1670043494.345:230): pid=6127 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6127] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6126] <... futex resumed>) = 0 [pid 6126] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6127] <... futex resumed>) = 0 [pid 6126] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6127] sendfile(6, 7, NULL, 65536) = 2048 [pid 6127] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6126] <... futex resumed>) = 0 [pid 6127] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 6126] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6127] <... openat resumed>) = 8 [pid 6126] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6127] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6126] <... futex resumed>) = 0 [pid 6127] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6126] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 113.900142][ T27] audit: type=1804 audit(1670043494.405:231): pid=6127 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/114/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 113.906499][ T56] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 113.947156][ T6127] BTRFS info (device loop0): balance: start -s [ 113.955463][ T6127] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 6126] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6126] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6126] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6126] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 6126] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6126] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6147], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 6147 [pid 6126] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6126] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6127] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6127] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6127] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6147 attached [pid 6147] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 6147] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 6147] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6126] <... futex resumed>) = 0 [pid 6126] exit_group(0 [pid 6127] <... futex resumed>) = ? [pid 6126] <... exit_group resumed>) = ? [pid 6127] +++ exited with 0 +++ [pid 6147] <... futex resumed>) = ? [pid 6147] +++ exited with 0 +++ [pid 6126] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6126, si_uid=0, si_status=0, si_utime=1, si_stime=32} --- umount2("./114", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 113.981882][ T6127] BTRFS info (device loop0): balance: ended with status: 0 openat(AT_FDCWD, "./114", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./114/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./114/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./114/binderfs") = 0 umount2("./114/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./114/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./114/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./114/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./114/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./114/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./114") = 0 mkdir("./115", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 6148 ./strace-static-x86_64: Process 6148 attached [pid 6148] set_robust_list(0x55555746f5e0, 24) = 0 [pid 6148] chdir("./115") = 0 [pid 6148] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6148] setpgid(0, 0) = 0 [pid 6148] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6148] write(3, "1000", 4) = 4 [pid 6148] close(3) = 0 [pid 6148] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6148] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6148] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 6148] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6148] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6149 attached , parent_tid=[6149], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 6149 [pid 6149] set_robust_list(0x7fdb617f69e0, 24 [pid 6148] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6149] <... set_robust_list resumed>) = 0 [pid 6148] <... futex resumed>) = 0 [pid 6148] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6149] memfd_create("syzkaller", 0) = 3 [pid 6149] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 6149] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6149] munmap(0x7fdb59200000, 16777216) = 0 [pid 6149] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6149] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6149] close(3) = 0 [pid 6149] mkdir("./file0", 0777) = 0 [ 114.318842][ T6149] loop0: detected capacity change from 0 to 32768 [ 114.332696][ T6149] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 114.342068][ T6149] BTRFS info (device loop0): force clearing of disk cache [ 114.349238][ T6149] BTRFS info (device loop0): setting nodatasum [ 114.355403][ T6149] BTRFS info (device loop0): allowing degraded mounts [ 114.362394][ T6149] BTRFS info (device loop0): enabling disk space caching [ 114.369488][ T6149] BTRFS info (device loop0): disk space caching is enabled [ 114.388412][ T6149] BTRFS info (device loop0): enabling ssd optimizations [ 114.396260][ T6149] BTRFS info (device loop0): clearing free space tree [ 114.403178][ T6149] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 6149] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6149] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6149] chdir("./file0") = 0 [pid 6149] ioctl(4, LOOP_CLR_FD) = 0 [pid 6149] close(4) = 0 [pid 6149] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6148] <... futex resumed>) = 0 [pid 6149] <... futex resumed>) = 1 [pid 6148] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6149] open("./file0", O_RDONLY [pid 6148] <... futex resumed>) = 0 [pid 6149] <... open resumed>) = 4 [pid 6148] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6149] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6148] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6149] <... futex resumed>) = 0 [pid 6148] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6149] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6148] <... futex resumed>) = 0 [pid 6148] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6149] <... open resumed>) = 5 [pid 6149] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6148] <... futex resumed>) = 0 [pid 6148] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6149] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 6148] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6149] <... ioctl resumed>) = 0 [pid 6149] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6148] <... futex resumed>) = 0 [pid 6148] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6149] creat("./bus", 000 [pid 6148] <... futex resumed>) = 0 [pid 6148] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6149] <... creat resumed>) = 6 [ 114.412858][ T6149] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 114.426089][ T6149] BTRFS info (device loop0): checking UUID tree [ 114.447145][ T27] audit: type=1800 audit(1670043494.945:232): pid=6149 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6149] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6148] <... futex resumed>) = 0 [pid 6149] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6148] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6149] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6148] <... futex resumed>) = 0 [pid 6149] ftruncate(6, 2048 [pid 6148] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6149] <... ftruncate resumed>) = 0 [pid 6149] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6148] <... futex resumed>) = 0 [pid 6149] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6148] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6149] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6148] <... futex resumed>) = 0 [pid 6149] open("./bus", O_RDONLY [pid 6148] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6149] <... open resumed>) = 7 [pid 6149] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6149] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6148] <... futex resumed>) = 0 [pid 6148] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6148] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6149] <... futex resumed>) = 0 [pid 6149] sendfile(6, 7, NULL, 65536) = 2048 [pid 6149] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6148] <... futex resumed>) = 0 [pid 6149] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6148] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6149] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6148] <... futex resumed>) = 0 [pid 6149] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 6148] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6149] <... openat resumed>) = 8 [pid 6149] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6148] <... futex resumed>) = 0 [pid 6149] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6148] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 114.498002][ T56] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 114.510801][ T27] audit: type=1804 audit(1670043495.015:233): pid=6149 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/115/file0/bus" dev="loop0" ino=263 res=1 errno=0 [pid 6148] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6149] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6149] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6148] <... futex resumed>) = 0 [pid 6149] <... futex resumed>) = 1 [pid 6148] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6149] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 6148] <... futex resumed>) = 0 [pid 6148] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6149] <... ioctl resumed>) = 0 [pid 6149] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6148] <... futex resumed>) = 0 [pid 6149] <... futex resumed>) = 1 [pid 6149] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6148] exit_group(0 [pid 6149] <... futex resumed>) = ? [pid 6148] <... exit_group resumed>) = ? [pid 6149] +++ exited with 0 +++ [pid 6148] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6148, si_uid=0, si_status=0, si_utime=1, si_stime=28} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./115", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./115", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./115/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./115/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./115/binderfs") = 0 [ 114.554750][ T6149] BTRFS info (device loop0): balance: start -s [ 114.562775][ T6149] BTRFS info (device loop0): relocating block group 1048576 flags system [ 114.585665][ T6149] BTRFS info (device loop0): balance: ended with status: 0 umount2("./115/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./115/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./115/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./115/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./115/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./115/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./115") = 0 mkdir("./116", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 6169 ./strace-static-x86_64: Process 6169 attached [pid 6169] set_robust_list(0x55555746f5e0, 24) = 0 [pid 6169] chdir("./116") = 0 [pid 6169] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6169] setpgid(0, 0) = 0 [pid 6169] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6169] write(3, "1000", 4) = 4 [pid 6169] close(3) = 0 [pid 6169] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6169] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6169] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 6169] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6169] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6170], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 6170 [pid 6169] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6169] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6170 attached [pid 6170] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 6170] memfd_create("syzkaller", 0) = 3 [pid 6170] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 6170] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6170] munmap(0x7fdb59200000, 16777216) = 0 [pid 6170] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6170] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6170] close(3) = 0 [pid 6170] mkdir("./file0", 0777) = 0 [ 114.912523][ T6170] loop0: detected capacity change from 0 to 32768 [ 114.926449][ T6170] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 114.936105][ T6170] BTRFS info (device loop0): force clearing of disk cache [ 114.943480][ T6170] BTRFS info (device loop0): setting nodatasum [ 114.949913][ T6170] BTRFS info (device loop0): allowing degraded mounts [ 114.956687][ T6170] BTRFS info (device loop0): enabling disk space caching [ 114.964028][ T6170] BTRFS info (device loop0): disk space caching is enabled [ 114.983420][ T6170] BTRFS info (device loop0): enabling ssd optimizations [ 114.991222][ T6170] BTRFS info (device loop0): clearing free space tree [ 114.998355][ T6170] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 6170] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6170] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6170] chdir("./file0") = 0 [pid 6170] ioctl(4, LOOP_CLR_FD) = 0 [pid 6170] close(4) = 0 [pid 6170] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6169] <... futex resumed>) = 0 [pid 6169] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6169] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6170] <... futex resumed>) = 1 [pid 6170] open("./file0", O_RDONLY) = 4 [pid 6170] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6169] <... futex resumed>) = 0 [pid 6169] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6169] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6170] <... futex resumed>) = 1 [pid 6170] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6170] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6169] <... futex resumed>) = 0 [pid 6169] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6169] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6170] <... futex resumed>) = 1 [ 115.008295][ T6170] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 6170] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 6170] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6169] <... futex resumed>) = 0 [pid 6169] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6169] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6170] <... futex resumed>) = 1 [pid 6170] creat("./bus", 000) = 6 [pid 6170] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6169] <... futex resumed>) = 0 [pid 6169] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6169] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6170] <... futex resumed>) = 1 [pid 6170] ftruncate(6, 2048) = 0 [pid 6170] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6169] <... futex resumed>) = 0 [pid 6169] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6169] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6170] <... futex resumed>) = 1 [pid 6170] open("./bus", O_RDONLY) = 7 [pid 6170] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6169] <... futex resumed>) = 0 [pid 6169] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6169] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6170] <... futex resumed>) = 1 [pid 6170] sendfile(6, 7, NULL, 65536) = 2048 [pid 6170] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6169] <... futex resumed>) = 0 [pid 6169] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6169] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6170] <... futex resumed>) = 1 [pid 6170] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 6170] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6169] <... futex resumed>) = 0 [pid 6169] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6169] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6170] <... futex resumed>) = 1 [ 115.052355][ T27] audit: type=1800 audit(1670043495.555:234): pid=6170 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6170] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6170] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6169] <... futex resumed>) = 0 [pid 6169] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6169] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6170] <... futex resumed>) = 1 [ 115.093568][ T27] audit: type=1804 audit(1670043495.595:235): pid=6170 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/116/file0/bus" dev="loop0" ino=263 res=1 errno=0 [pid 6170] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 6170] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6169] <... futex resumed>) = 0 [pid 6169] exit_group(0) = ? [pid 6170] <... futex resumed>) = ? [pid 6170] +++ exited with 0 +++ [pid 6169] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6169, si_uid=0, si_status=0, si_utime=2, si_stime=24} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./116", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./116", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./116/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./116/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./116/binderfs") = 0 umount2("./116/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./116/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./116/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./116/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./116/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./116/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./116") = 0 mkdir("./117", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6190 attached , child_tidptr=0x55555746f5d0) = 6190 [pid 6190] set_robust_list(0x55555746f5e0, 24) = 0 [pid 6190] chdir("./117") = 0 [pid 6190] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6190] setpgid(0, 0) = 0 [pid 6190] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6190] write(3, "1000", 4) = 4 [pid 6190] close(3) = 0 [pid 6190] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6190] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6190] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 6190] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6190] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6191], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 6191 [pid 6190] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6190] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6191 attached [pid 6191] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 6191] memfd_create("syzkaller", 0) = 3 [pid 6191] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 6191] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6191] munmap(0x7fdb59200000, 16777216) = 0 [pid 6191] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6191] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6191] close(3) = 0 [pid 6191] mkdir("./file0", 0777) = 0 [pid 6191] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6191] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6191] chdir("./file0") = 0 [pid 6191] ioctl(4, LOOP_CLR_FD) = 0 [pid 6191] close(4) = 0 [pid 6191] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6190] <... futex resumed>) = 0 [pid 6190] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6190] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6191] open("./file0", O_RDONLY) = 4 [pid 6191] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6190] <... futex resumed>) = 0 [pid 6190] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6190] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 115.471720][ T6191] loop0: detected capacity change from 0 to 32768 [pid 6191] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6191] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6190] <... futex resumed>) = 0 [pid 6191] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 6190] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6190] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6191] <... ioctl resumed>) = 0 [pid 6191] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6190] <... futex resumed>) = 0 [pid 6191] creat("./bus", 000 [pid 6190] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6191] <... creat resumed>) = 6 [pid 6190] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6191] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6190] <... futex resumed>) = 0 [pid 6190] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6191] ftruncate(6, 2048 [pid 6190] <... futex resumed>) = 0 [pid 6190] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6191] <... ftruncate resumed>) = 0 [pid 6191] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6190] <... futex resumed>) = 0 [pid 6191] open("./bus", O_RDONLY [pid 6190] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6190] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6191] <... open resumed>) = 7 [ 115.518941][ T27] audit: type=1800 audit(1670043496.025:236): pid=6191 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6191] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6190] <... futex resumed>) = 0 [pid 6191] sendfile(6, 7, NULL, 65536 [pid 6190] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6190] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6191] <... sendfile resumed>) = 2048 [pid 6191] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6190] <... futex resumed>) = 0 [pid 6191] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6190] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6191] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6190] <... futex resumed>) = 0 [pid 6191] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 6190] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6191] <... openat resumed>) = 8 [pid 6191] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6190] <... futex resumed>) = 0 [pid 6190] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6191] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6190] <... futex resumed>) = 0 [pid 6190] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6191] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6191] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6190] <... futex resumed>) = 0 [pid 6190] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6191] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 6190] <... futex resumed>) = 0 [ 115.565008][ T27] audit: type=1804 audit(1670043496.065:237): pid=6191 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/117/file0/bus" dev="loop0" ino=263 res=1 errno=0 [pid 6190] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6191] <... ioctl resumed>) = 0 [pid 6191] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6190] <... futex resumed>) = 0 [pid 6190] exit_group(0 [pid 6191] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 6190] <... exit_group resumed>) = ? [pid 6191] +++ exited with 0 +++ [pid 6190] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6190, si_uid=0, si_status=0, si_utime=1, si_stime=18} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./117", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./117", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./117/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./117/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./117/binderfs") = 0 umount2("./117/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./117/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./117/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./117/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./117/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./117/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./117") = 0 mkdir("./118", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 6211 ./strace-static-x86_64: Process 6211 attached [pid 6211] set_robust_list(0x55555746f5e0, 24) = 0 [pid 6211] chdir("./118") = 0 [pid 6211] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6211] setpgid(0, 0) = 0 [pid 6211] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6211] write(3, "1000", 4) = 4 [pid 6211] close(3) = 0 [pid 6211] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6211] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6211] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 6211] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6211] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6212 attached [pid 6212] set_robust_list(0x7fdb617f69e0, 24 [pid 6211] <... clone resumed>, parent_tid=[6212], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 6212 [pid 6212] <... set_robust_list resumed>) = 0 [pid 6211] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6211] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6212] memfd_create("syzkaller", 0) = 3 [pid 6212] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 6212] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6212] munmap(0x7fdb59200000, 16777216) = 0 [pid 6212] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6212] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6212] close(3) = 0 [pid 6212] mkdir("./file0", 0777) = 0 [pid 6212] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6212] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6212] chdir("./file0") = 0 [pid 6212] ioctl(4, LOOP_CLR_FD) = 0 [pid 6212] close(4) = 0 [pid 6212] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6211] <... futex resumed>) = 0 [pid 6211] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6212] open("./file0", O_RDONLY [pid 6211] <... futex resumed>) = 0 [pid 6211] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6212] <... open resumed>) = 4 [pid 6212] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6211] <... futex resumed>) = 0 [pid 6212] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6211] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6212] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6211] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 115.945104][ T6212] loop0: detected capacity change from 0 to 32768 [pid 6212] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6212] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6211] <... futex resumed>) = 0 [pid 6212] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 6211] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6211] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6212] <... ioctl resumed>) = 0 [pid 6212] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6211] <... futex resumed>) = 0 [pid 6212] creat("./bus", 000 [pid 6211] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6212] <... creat resumed>) = 6 [pid 6211] <... futex resumed>) = 0 [pid 6212] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6211] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6212] <... futex resumed>) = 0 [pid 6211] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6212] ftruncate(6, 2048 [pid 6211] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6212] <... ftruncate resumed>) = 0 [pid 6211] <... futex resumed>) = 0 [pid 6212] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6211] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6212] <... futex resumed>) = 0 [pid 6211] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6212] open("./bus", O_RDONLY [pid 6211] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6212] <... open resumed>) = 7 [pid 6211] <... futex resumed>) = 0 [pid 6212] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6211] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6212] <... futex resumed>) = 0 [pid 6211] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6212] sendfile(6, 7, NULL, 65536 [pid 6211] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6212] <... sendfile resumed>) = 2048 [pid 6211] <... futex resumed>) = 0 [pid 6212] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6211] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6212] <... futex resumed>) = 0 [pid 6211] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6212] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 6211] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6212] <... openat resumed>) = 8 [pid 6211] <... futex resumed>) = 0 [pid 6212] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6211] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6212] <... futex resumed>) = 0 [pid 6211] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6212] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6211] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 116.005846][ T27] audit: type=1800 audit(1670043496.505:238): pid=6212 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6211] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6212] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6212] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6211] <... futex resumed>) = 0 [pid 6211] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6211] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6212] <... futex resumed>) = 1 [ 116.045476][ T27] audit: type=1804 audit(1670043496.545:239): pid=6212 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/118/file0/bus" dev="loop0" ino=263 res=1 errno=0 [pid 6212] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 6212] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6211] <... futex resumed>) = 0 [pid 6211] exit_group(0) = ? [pid 6212] <... futex resumed>) = ? [pid 6212] +++ exited with 0 +++ [pid 6211] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6211, si_uid=0, si_status=0, si_utime=0, si_stime=20} --- umount2("./118", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./118", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./118/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./118/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./118/binderfs") = 0 umount2("./118/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./118/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./118/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./118/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./118/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./118/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./118") = 0 mkdir("./119", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 6232 ./strace-static-x86_64: Process 6232 attached [pid 6232] set_robust_list(0x55555746f5e0, 24) = 0 [pid 6232] chdir("./119") = 0 [pid 6232] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6232] setpgid(0, 0) = 0 [pid 6232] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6232] write(3, "1000", 4) = 4 [pid 6232] close(3) = 0 [pid 6232] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6232] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6232] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 6232] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6232] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6233 attached [pid 6233] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 6233] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6232] <... clone resumed>, parent_tid=[6233], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 6233 [pid 6232] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6233] <... futex resumed>) = 0 [pid 6232] <... futex resumed>) = 1 [pid 6233] memfd_create("syzkaller", 0 [pid 6232] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6233] <... memfd_create resumed>) = 3 [pid 6233] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 6233] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6233] munmap(0x7fdb59200000, 16777216) = 0 [pid 6233] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6233] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6233] close(3) = 0 [pid 6233] mkdir("./file0", 0777) = 0 [pid 6233] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6233] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6233] chdir("./file0") = 0 [pid 6233] ioctl(4, LOOP_CLR_FD) = 0 [pid 6233] close(4) = 0 [pid 6233] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6232] <... futex resumed>) = 0 [pid 6233] open("./file0", O_RDONLY [pid 6232] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6233] <... open resumed>) = 4 [pid 6232] <... futex resumed>) = 0 [pid 6233] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6232] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6233] <... futex resumed>) = 0 [pid 6232] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6233] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6232] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6233] <... open resumed>) = 5 [pid 6232] <... futex resumed>) = 0 [pid 6232] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6233] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6232] <... futex resumed>) = 0 [pid 6233] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 6232] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 116.451195][ T6233] loop0: detected capacity change from 0 to 32768 [pid 6232] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6233] <... ioctl resumed>) = 0 [pid 6233] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6233] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6232] <... futex resumed>) = 0 [pid 6232] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6232] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6233] <... futex resumed>) = 0 [pid 6233] creat("./bus", 000) = 6 [pid 6233] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6232] <... futex resumed>) = 0 [pid 6232] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6233] ftruncate(6, 2048 [pid 6232] <... futex resumed>) = 0 [pid 6232] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6233] <... ftruncate resumed>) = 0 [pid 6233] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6232] <... futex resumed>) = 0 [pid 6232] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6233] open("./bus", O_RDONLY [pid 6232] <... futex resumed>) = 0 [pid 6232] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6233] <... open resumed>) = 7 [pid 6233] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6232] <... futex resumed>) = 0 [pid 6233] sendfile(6, 7, NULL, 65536 [pid 6232] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6232] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6233] <... sendfile resumed>) = 2048 [pid 6233] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6232] <... futex resumed>) = 0 [pid 6233] <... futex resumed>) = 1 [pid 6232] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6233] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 6232] <... futex resumed>) = 0 [pid 6232] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6233] <... openat resumed>) = 8 [pid 6233] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6232] <... futex resumed>) = 0 [pid 6232] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6233] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6232] <... futex resumed>) = 0 [pid 6232] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6232] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6232] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 6232] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6232] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6253], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 6253 [pid 6232] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6232] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6233] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6233] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6233] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6253 attached [pid 6253] set_robust_list(0x7fdb617d59e0, 24) = 0 [ 116.546897][ T6233] _btrfs_printk: 47 callbacks suppressed [ 116.546913][ T6233] BTRFS info (device loop0): balance: start -s [ 116.561381][ T6233] BTRFS info (device loop0): relocating block group 1048576 flags system [ 116.584906][ T6233] BTRFS info (device loop0): balance: ended with status: 0 [pid 6253] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 6253] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6232] <... futex resumed>) = 0 [pid 6232] exit_group(0) = ? [pid 6233] <... futex resumed>) = ? [pid 6253] <... futex resumed>) = ? [pid 6233] +++ exited with 0 +++ [pid 6253] +++ exited with 0 +++ [pid 6232] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6232, si_uid=0, si_status=0, si_utime=3, si_stime=19} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./119", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./119", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./119/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./119/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./119/binderfs") = 0 umount2("./119/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./119/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./119/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./119/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./119/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./119/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./119") = 0 mkdir("./120", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 6254 ./strace-static-x86_64: Process 6254 attached [pid 6254] set_robust_list(0x55555746f5e0, 24) = 0 [pid 6254] chdir("./120") = 0 [pid 6254] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6254] setpgid(0, 0) = 0 [pid 6254] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6254] write(3, "1000", 4) = 4 [pid 6254] close(3) = 0 [pid 6254] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6254] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6254] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 6254] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6254] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6255 attached , parent_tid=[6255], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 6255 [pid 6254] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6254] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6255] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 6255] memfd_create("syzkaller", 0) = 3 [pid 6255] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 6255] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6255] munmap(0x7fdb59200000, 16777216) = 0 [pid 6255] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6255] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6255] close(3) = 0 [pid 6255] mkdir("./file0", 0777) = 0 [ 116.931483][ T6255] loop0: detected capacity change from 0 to 32768 [ 116.947677][ T6255] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 116.956983][ T6255] BTRFS info (device loop0): force clearing of disk cache [ 116.964169][ T6255] BTRFS info (device loop0): setting nodatasum [ 116.970452][ T6255] BTRFS info (device loop0): allowing degraded mounts [ 116.977482][ T6255] BTRFS info (device loop0): enabling disk space caching [ 116.984529][ T6255] BTRFS info (device loop0): disk space caching is enabled [ 117.002490][ T6255] BTRFS info (device loop0): enabling ssd optimizations [ 117.010135][ T6255] BTRFS info (device loop0): clearing free space tree [ 117.017010][ T6255] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 6255] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6255] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6255] chdir("./file0") = 0 [pid 6255] ioctl(4, LOOP_CLR_FD) = 0 [pid 6255] close(4) = 0 [pid 6255] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6254] <... futex resumed>) = 0 [pid 6255] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6254] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6255] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6254] <... futex resumed>) = 0 [pid 6255] open("./file0", O_RDONLY [pid 6254] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6255] <... open resumed>) = 4 [pid 6255] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6254] <... futex resumed>) = 0 [pid 6255] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6254] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6255] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6254] <... futex resumed>) = 0 [pid 6255] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6254] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6255] <... open resumed>) = 5 [pid 6255] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6254] <... futex resumed>) = 0 [pid 6255] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6254] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6255] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6254] <... futex resumed>) = 0 [pid 6255] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 6254] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6255] <... ioctl resumed>) = 0 [pid 6255] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6254] <... futex resumed>) = 0 [pid 6255] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6254] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6255] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6254] <... futex resumed>) = 0 [pid 6255] creat("./bus", 000 [pid 6254] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6255] <... creat resumed>) = 6 [pid 6255] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6254] <... futex resumed>) = 0 [pid 6255] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6254] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6255] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6254] <... futex resumed>) = 0 [pid 6255] ftruncate(6, 2048 [ 117.027111][ T6255] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 117.041005][ T6255] BTRFS info (device loop0): checking UUID tree [pid 6254] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6255] <... ftruncate resumed>) = 0 [pid 6255] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6254] <... futex resumed>) = 0 [pid 6255] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6254] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6255] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6254] <... futex resumed>) = 0 [pid 6255] open("./bus", O_RDONLY [pid 6254] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6255] <... open resumed>) = 7 [pid 6255] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6254] <... futex resumed>) = 0 [pid 6255] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6254] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6255] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6254] <... futex resumed>) = 0 [pid 6255] sendfile(6, 7, NULL, 65536 [pid 6254] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6255] <... sendfile resumed>) = 2048 [pid 6255] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6254] <... futex resumed>) = 0 [pid 6255] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6254] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6255] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6254] <... futex resumed>) = 0 [pid 6255] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 6254] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6255] <... openat resumed>) = 8 [pid 6255] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6254] <... futex resumed>) = 0 [pid 6255] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6254] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6255] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6254] <... futex resumed>) = 0 [pid 6255] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6254] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6254] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6254] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 6254] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6254] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6275], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 6275 [pid 6254] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6254] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6275 attached [pid 6275] set_robust_list(0x7fdb617d59e0, 24) = 0 [ 117.113270][ T46] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 117.113572][ T6255] BTRFS info (device loop0): balance: start -s [ 117.149921][ T6255] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 6275] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 6254] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6275] <... ioctl resumed>) = 0 [pid 6275] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6275] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6255] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6255] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6254] exit_group(0 [pid 6275] <... futex resumed>) = ? [pid 6254] <... exit_group resumed>) = ? [pid 6275] +++ exited with 0 +++ [pid 6255] <... futex resumed>) = ? [pid 6255] +++ exited with 0 +++ [pid 6254] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6254, si_uid=0, si_status=0, si_utime=3, si_stime=31} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./120", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./120", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./120/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./120/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./120/binderfs") = 0 [ 117.231672][ T6255] BTRFS info (device loop0): balance: ended with status: 0 umount2("./120/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./120/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./120/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./120/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./120/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./120/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./120") = 0 mkdir("./121", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 6276 ./strace-static-x86_64: Process 6276 attached [pid 6276] set_robust_list(0x55555746f5e0, 24) = 0 [pid 6276] chdir("./121") = 0 [pid 6276] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6276] setpgid(0, 0) = 0 [pid 6276] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6276] write(3, "1000", 4) = 4 [pid 6276] close(3) = 0 [pid 6276] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6276] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6276] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 6276] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6276] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6277 attached [pid 6277] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 6277] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6276] <... clone resumed>, parent_tid=[6277], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 6277 [pid 6276] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6277] <... futex resumed>) = 0 [pid 6277] memfd_create("syzkaller", 0 [pid 6276] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6277] <... memfd_create resumed>) = 3 [pid 6277] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 6277] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6277] munmap(0x7fdb59200000, 16777216) = 0 [pid 6277] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6277] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6277] close(3) = 0 [pid 6277] mkdir("./file0", 0777) = 0 [ 117.520170][ T6277] loop0: detected capacity change from 0 to 32768 [ 117.532953][ T6277] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 117.542225][ T6277] BTRFS info (device loop0): force clearing of disk cache [ 117.549395][ T6277] BTRFS info (device loop0): setting nodatasum [ 117.555559][ T6277] BTRFS info (device loop0): allowing degraded mounts [ 117.562602][ T6277] BTRFS info (device loop0): enabling disk space caching [ 117.569684][ T6277] BTRFS info (device loop0): disk space caching is enabled [ 117.587846][ T6277] BTRFS info (device loop0): enabling ssd optimizations [ 117.595512][ T6277] BTRFS info (device loop0): clearing free space tree [ 117.604303][ T6277] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 6277] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6277] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6277] chdir("./file0") = 0 [pid 6277] ioctl(4, LOOP_CLR_FD) = 0 [pid 6277] close(4) = 0 [pid 6277] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6276] <... futex resumed>) = 0 [pid 6277] open("./file0", O_RDONLY [pid 6276] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6277] <... open resumed>) = 4 [pid 6276] <... futex resumed>) = 0 [pid 6277] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6276] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6277] <... futex resumed>) = 0 [pid 6276] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6277] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6276] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6276] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6277] <... open resumed>) = 5 [pid 6277] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6276] <... futex resumed>) = 0 [pid 6277] <... futex resumed>) = 1 [pid 6276] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6277] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 6276] <... futex resumed>) = 0 [pid 6276] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6277] <... ioctl resumed>) = 0 [pid 6277] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6276] <... futex resumed>) = 0 [pid 6277] <... futex resumed>) = 1 [pid 6276] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6277] creat("./bus", 000 [pid 6276] <... futex resumed>) = 0 [pid 6276] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6277] <... creat resumed>) = 6 [ 117.614195][ T6277] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 117.628355][ T6277] BTRFS info (device loop0): checking UUID tree [pid 6277] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6276] <... futex resumed>) = 0 [pid 6277] ftruncate(6, 2048 [pid 6276] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6277] <... ftruncate resumed>) = 0 [pid 6276] <... futex resumed>) = 0 [pid 6277] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6276] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6277] <... futex resumed>) = 0 [pid 6276] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6277] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6276] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6277] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6276] <... futex resumed>) = 0 [pid 6277] open("./bus", O_RDONLY [pid 6276] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6277] <... open resumed>) = 7 [pid 6277] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6276] <... futex resumed>) = 0 [pid 6277] sendfile(6, 7, NULL, 65536 [pid 6276] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6277] <... sendfile resumed>) = 2048 [pid 6276] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6277] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6276] <... futex resumed>) = 0 [pid 6277] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 6276] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6277] <... openat resumed>) = 8 [pid 6276] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6277] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6276] <... futex resumed>) = 0 [pid 6276] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6276] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6277] <... futex resumed>) = 1 [pid 6277] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6276] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6276] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6276] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [ 117.679884][ T46] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 117.708132][ T6277] BTRFS info (device loop0): balance: start -s [ 117.716649][ T6277] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 6276] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6276] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6297], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 6297 [pid 6276] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6276] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6297 attached [pid 6297] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 6297] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 6297] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6276] <... futex resumed>) = 0 [pid 6297] <... futex resumed>) = 1 [pid 6297] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6277] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6277] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6277] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6276] exit_group(0) = ? [pid 6297] <... futex resumed>) = ? [pid 6297] +++ exited with 0 +++ [pid 6277] <... futex resumed>) = ? [pid 6277] +++ exited with 0 +++ [pid 6276] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6276, si_uid=0, si_status=0, si_utime=0, si_stime=24} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./121", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./121", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 117.753345][ T6277] BTRFS info (device loop0): balance: ended with status: 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./121/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./121/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./121/binderfs") = 0 umount2("./121/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./121/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./121/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./121/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./121/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./121/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./121") = 0 mkdir("./122", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 6298 ./strace-static-x86_64: Process 6298 attached [pid 6298] set_robust_list(0x55555746f5e0, 24) = 0 [pid 6298] chdir("./122") = 0 [pid 6298] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6298] setpgid(0, 0) = 0 [pid 6298] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6298] write(3, "1000", 4) = 4 [pid 6298] close(3) = 0 [pid 6298] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6298] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6298] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 6298] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6298] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6299], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 6299 [pid 6298] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6298] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6299 attached [pid 6299] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 6299] memfd_create("syzkaller", 0) = 3 [pid 6299] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 6299] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6299] munmap(0x7fdb59200000, 16777216) = 0 [pid 6299] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6299] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6299] close(3) = 0 [pid 6299] mkdir("./file0", 0777) = 0 [ 118.103581][ T6299] loop0: detected capacity change from 0 to 32768 [ 118.117649][ T6299] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 118.126887][ T6299] BTRFS info (device loop0): force clearing of disk cache [ 118.134138][ T6299] BTRFS info (device loop0): setting nodatasum [ 118.140476][ T6299] BTRFS info (device loop0): allowing degraded mounts [ 118.147318][ T6299] BTRFS info (device loop0): enabling disk space caching [ 118.154345][ T6299] BTRFS info (device loop0): disk space caching is enabled [ 118.173052][ T6299] BTRFS info (device loop0): enabling ssd optimizations [ 118.180944][ T6299] BTRFS info (device loop0): clearing free space tree [ 118.187840][ T6299] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 6299] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6299] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6299] chdir("./file0") = 0 [pid 6299] ioctl(4, LOOP_CLR_FD) = 0 [pid 6299] close(4) = 0 [pid 6299] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6298] <... futex resumed>) = 0 [pid 6299] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6298] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6299] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6298] <... futex resumed>) = 0 [pid 6299] open("./file0", O_RDONLY [pid 6298] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6299] <... open resumed>) = 4 [pid 6299] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6298] <... futex resumed>) = 0 [pid 6299] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6298] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6299] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6298] <... futex resumed>) = 0 [pid 6299] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6298] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6299] <... open resumed>) = 5 [pid 6299] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6298] <... futex resumed>) = 0 [pid 6298] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6298] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6299] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 6299] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6298] <... futex resumed>) = 0 [pid 6298] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6298] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6299] <... futex resumed>) = 1 [pid 6299] creat("./bus", 000) = 6 [pid 6299] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6298] <... futex resumed>) = 0 [pid 6298] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6298] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6299] <... futex resumed>) = 1 [pid 6299] ftruncate(6, 2048) = 0 [pid 6299] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6298] <... futex resumed>) = 0 [pid 6298] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6298] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6299] <... futex resumed>) = 1 [pid 6299] open("./bus", O_RDONLY) = 7 [pid 6299] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6298] <... futex resumed>) = 0 [pid 6298] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6298] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6299] sendfile(6, 7, NULL, 65536) = 2048 [pid 6299] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6298] <... futex resumed>) = 0 [pid 6298] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6298] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 118.197581][ T6299] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 118.211280][ T6299] BTRFS info (device loop0): checking UUID tree [pid 6299] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 6299] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6298] <... futex resumed>) = 0 [pid 6298] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6298] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 118.269160][ T56] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 118.288119][ T6299] BTRFS info (device loop0): balance: start -s [ 118.296482][ T6299] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 6299] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6298] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6298] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6298] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6298] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6298] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 6298] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6298] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6319], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 6319 [pid 6298] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6298] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6319 attached [pid 6319] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 6319] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 6299] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6299] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6299] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6319] <... ioctl resumed>) = 0 [pid 6319] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6298] <... futex resumed>) = 0 [pid 6298] exit_group(0) = ? [pid 6319] <... futex resumed>) = ? [pid 6319] +++ exited with 0 +++ [pid 6299] <... futex resumed>) = ? [pid 6299] +++ exited with 0 +++ [pid 6298] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6298, si_uid=0, si_status=0, si_utime=0, si_stime=28} --- umount2("./122", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./122", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./122/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./122/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./122/binderfs") = 0 [ 118.325271][ T6299] BTRFS info (device loop0): balance: ended with status: 0 umount2("./122/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./122/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./122/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./122/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./122/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./122/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./122") = 0 mkdir("./123", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 6320 ./strace-static-x86_64: Process 6320 attached [pid 6320] set_robust_list(0x55555746f5e0, 24) = 0 [pid 6320] chdir("./123") = 0 [pid 6320] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6320] setpgid(0, 0) = 0 [pid 6320] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6320] write(3, "1000", 4) = 4 [pid 6320] close(3) = 0 [pid 6320] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6320] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6320] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 6320] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6320] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6321], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 6321 ./strace-static-x86_64: Process 6321 attached [pid 6321] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 6321] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6320] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6321] <... futex resumed>) = 0 [pid 6320] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6321] memfd_create("syzkaller", 0) = 3 [pid 6321] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 6321] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6321] munmap(0x7fdb59200000, 16777216) = 0 [pid 6321] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6321] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6321] close(3) = 0 [pid 6321] mkdir("./file0", 0777) = 0 [ 118.671699][ T6321] loop0: detected capacity change from 0 to 32768 [ 118.683936][ T6321] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 118.693728][ T6321] BTRFS info (device loop0): force clearing of disk cache [ 118.701058][ T6321] BTRFS info (device loop0): setting nodatasum [ 118.707437][ T6321] BTRFS info (device loop0): allowing degraded mounts [ 118.714214][ T6321] BTRFS info (device loop0): enabling disk space caching [ 118.721304][ T6321] BTRFS info (device loop0): disk space caching is enabled [ 118.740417][ T6321] BTRFS info (device loop0): enabling ssd optimizations [ 118.747966][ T6321] BTRFS info (device loop0): clearing free space tree [ 118.754759][ T6321] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 6321] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6321] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6321] chdir("./file0") = 0 [pid 6321] ioctl(4, LOOP_CLR_FD) = 0 [pid 6321] close(4) = 0 [pid 6321] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6320] <... futex resumed>) = 0 [pid 6320] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6320] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6321] open("./file0", O_RDONLY) = 4 [pid 6321] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6320] <... futex resumed>) = 0 [pid 6320] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6320] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6321] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6321] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6320] <... futex resumed>) = 0 [pid 6320] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6320] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6321] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 6321] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6320] <... futex resumed>) = 0 [pid 6321] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6320] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6321] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6320] <... futex resumed>) = 0 [pid 6321] creat("./bus", 000 [ 118.764709][ T6321] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 118.778279][ T6321] BTRFS info (device loop0): checking UUID tree [pid 6320] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6321] <... creat resumed>) = 6 [pid 6321] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6320] <... futex resumed>) = 0 [pid 6321] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6320] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6321] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6320] <... futex resumed>) = 0 [pid 6321] ftruncate(6, 2048 [pid 6320] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6321] <... ftruncate resumed>) = 0 [pid 6321] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6320] <... futex resumed>) = 0 [pid 6321] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6320] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6321] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6320] <... futex resumed>) = 0 [pid 6321] open("./bus", O_RDONLY [pid 6320] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6321] <... open resumed>) = 7 [pid 6321] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6320] <... futex resumed>) = 0 [pid 6321] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6320] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6321] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6320] <... futex resumed>) = 0 [pid 6321] sendfile(6, 7, NULL, 65536 [pid 6320] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6321] <... sendfile resumed>) = 2048 [pid 6321] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6320] <... futex resumed>) = 0 [pid 6321] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6320] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6321] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6320] <... futex resumed>) = 0 [pid 6321] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 6320] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6321] <... openat resumed>) = 8 [pid 6321] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6320] <... futex resumed>) = 0 [pid 6321] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6320] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6321] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6320] <... futex resumed>) = 0 [pid 6321] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 118.849338][ T56] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 118.865131][ T6321] BTRFS info (device loop0): balance: start -s [ 118.879312][ T6321] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 6320] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6320] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6320] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 6320] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6320] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6341], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 6341 [pid 6320] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6320] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6341 attached [pid 6341] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 6341] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 6321] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6321] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6321] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6341] <... ioctl resumed>) = 0 [pid 6341] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6320] <... futex resumed>) = 0 [pid 6320] exit_group(0) = ? [pid 6321] <... futex resumed>) = ? [pid 6341] +++ exited with 0 +++ [pid 6321] +++ exited with 0 +++ [pid 6320] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6320, si_uid=0, si_status=0, si_utime=1, si_stime=27} --- [ 118.908607][ T6321] BTRFS info (device loop0): balance: ended with status: 0 umount2("./123", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./123", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./123/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./123/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./123/binderfs") = 0 umount2("./123/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./123/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./123/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./123/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./123/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./123/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./123") = 0 mkdir("./124", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 6342 ./strace-static-x86_64: Process 6342 attached [pid 6342] set_robust_list(0x55555746f5e0, 24) = 0 [pid 6342] chdir("./124") = 0 [pid 6342] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6342] setpgid(0, 0) = 0 [pid 6342] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6342] write(3, "1000", 4) = 4 [pid 6342] close(3) = 0 [pid 6342] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6342] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6342] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 6342] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6342] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6343], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 6343 [pid 6342] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6342] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6343 attached [pid 6343] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 6343] memfd_create("syzkaller", 0) = 3 [pid 6343] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 6343] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6343] munmap(0x7fdb59200000, 16777216) = 0 [pid 6343] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6343] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6343] close(3) = 0 [pid 6343] mkdir("./file0", 0777) = 0 [ 119.228188][ T6343] loop0: detected capacity change from 0 to 32768 [ 119.241930][ T6343] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 119.251222][ T6343] BTRFS info (device loop0): force clearing of disk cache [ 119.258371][ T6343] BTRFS info (device loop0): setting nodatasum [ 119.264556][ T6343] BTRFS info (device loop0): allowing degraded mounts [ 119.271379][ T6343] BTRFS info (device loop0): enabling disk space caching [ 119.278444][ T6343] BTRFS info (device loop0): disk space caching is enabled [ 119.298804][ T6343] BTRFS info (device loop0): enabling ssd optimizations [ 119.306929][ T6343] BTRFS info (device loop0): clearing free space tree [ 119.314263][ T6343] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 6343] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6343] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6343] chdir("./file0") = 0 [pid 6343] ioctl(4, LOOP_CLR_FD) = 0 [pid 6343] close(4) = 0 [pid 6343] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6342] <... futex resumed>) = 0 [pid 6342] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6343] open("./file0", O_RDONLY [pid 6342] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6343] <... open resumed>) = 4 [pid 6343] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6342] <... futex resumed>) = 0 [pid 6343] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6342] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6343] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6342] <... futex resumed>) = 0 [pid 6342] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 119.324230][ T6343] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 119.337811][ T6343] BTRFS info (device loop0): checking UUID tree [ 119.366615][ T27] kauditd_printk_skb: 10 callbacks suppressed [pid 6343] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6343] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6343] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6342] <... futex resumed>) = 0 [pid 6342] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6343] <... futex resumed>) = 0 [pid 6342] <... futex resumed>) = 1 [pid 6343] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 6342] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6343] <... ioctl resumed>) = 0 [pid 6343] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6342] <... futex resumed>) = 0 [pid 6342] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6342] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6343] creat("./bus", 000) = 6 [pid 6343] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6342] <... futex resumed>) = 0 [pid 6342] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6342] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6343] ftruncate(6, 2048) = 0 [pid 6343] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6342] <... futex resumed>) = 0 [pid 6342] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6342] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 119.366630][ T27] audit: type=1800 audit(1670043499.865:250): pid=6343 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6343] open("./bus", O_RDONLY) = 7 [pid 6343] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6343] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6342] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6342] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6343] <... futex resumed>) = 0 [pid 6342] <... futex resumed>) = 1 [pid 6343] sendfile(6, 7, NULL, 65536 [pid 6342] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6343] <... sendfile resumed>) = 2048 [pid 6343] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6342] <... futex resumed>) = 0 [pid 6343] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6342] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6343] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6342] <... futex resumed>) = 0 [pid 6343] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 6342] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6343] <... openat resumed>) = 8 [pid 6343] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6342] <... futex resumed>) = 0 [pid 6343] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6342] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6343] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6342] <... futex resumed>) = 0 [pid 6343] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 119.425681][ T56] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 119.434992][ T27] audit: type=1804 audit(1670043499.925:251): pid=6343 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/124/file0/bus" dev="loop0" ino=263 res=1 errno=0 [pid 6342] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6342] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6342] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 6342] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6342] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6363], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 6363 [pid 6342] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6342] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6343] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6343] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6363 attached ) = 0 [pid 6343] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6363] set_robust_list(0x7fdb617d59e0, 24) = 0 [ 119.479853][ T6343] BTRFS info (device loop0): balance: start -s [ 119.488554][ T6343] BTRFS info (device loop0): relocating block group 1048576 flags system [ 119.516860][ T6343] BTRFS info (device loop0): balance: ended with status: 0 [pid 6363] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 6363] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6342] <... futex resumed>) = 0 [pid 6342] exit_group(0 [pid 6363] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 6342] <... exit_group resumed>) = ? [pid 6343] <... futex resumed>) = ? [pid 6343] +++ exited with 0 +++ [pid 6363] +++ exited with 0 +++ [pid 6342] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6342, si_uid=0, si_status=0, si_utime=2, si_stime=28} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./124", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./124", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./124/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./124/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./124/binderfs") = 0 umount2("./124/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./124/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./124/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./124/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./124/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./124/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./124") = 0 mkdir("./125", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 6364 ./strace-static-x86_64: Process 6364 attached [pid 6364] set_robust_list(0x55555746f5e0, 24) = 0 [pid 6364] chdir("./125") = 0 [pid 6364] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6364] setpgid(0, 0) = 0 [pid 6364] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6364] write(3, "1000", 4) = 4 [pid 6364] close(3) = 0 [pid 6364] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6364] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6364] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 6364] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6364] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6365 attached , parent_tid=[6365], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 6365 [pid 6365] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 6364] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6364] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6365] memfd_create("syzkaller", 0) = 3 [pid 6365] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 6365] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6365] munmap(0x7fdb59200000, 16777216) = 0 [pid 6365] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6365] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6365] close(3) = 0 [pid 6365] mkdir("./file0", 0777) = 0 [ 119.864611][ T6365] loop0: detected capacity change from 0 to 32768 [ 119.877780][ T6365] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 119.887070][ T6365] BTRFS info (device loop0): force clearing of disk cache [ 119.894274][ T6365] BTRFS info (device loop0): setting nodatasum [ 119.900495][ T6365] BTRFS info (device loop0): allowing degraded mounts [ 119.907311][ T6365] BTRFS info (device loop0): enabling disk space caching [ 119.914355][ T6365] BTRFS info (device loop0): disk space caching is enabled [ 119.932601][ T6365] BTRFS info (device loop0): enabling ssd optimizations [ 119.940340][ T6365] BTRFS info (device loop0): clearing free space tree [ 119.947175][ T6365] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 6365] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6365] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6365] chdir("./file0") = 0 [pid 6365] ioctl(4, LOOP_CLR_FD) = 0 [pid 6365] close(4) = 0 [pid 6365] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6364] <... futex resumed>) = 0 [pid 6365] <... futex resumed>) = 1 [pid 6364] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6364] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6365] open("./file0", O_RDONLY) = 4 [pid 6365] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6364] <... futex resumed>) = 0 [pid 6364] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6364] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 119.957332][ T6365] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 119.970707][ T6365] BTRFS info (device loop0): checking UUID tree [pid 6365] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6365] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6365] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6364] <... futex resumed>) = 0 [pid 6364] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6364] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6365] <... futex resumed>) = 0 [pid 6365] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 6365] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6364] <... futex resumed>) = 0 [pid 6365] creat("./bus", 000 [pid 6364] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6364] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6365] <... creat resumed>) = 6 [pid 6365] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6364] <... futex resumed>) = 0 [pid 6364] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6365] ftruncate(6, 2048 [pid 6364] <... futex resumed>) = 0 [pid 6364] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6365] <... ftruncate resumed>) = 0 [pid 6365] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6364] <... futex resumed>) = 0 [pid 6364] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6365] open("./bus", O_RDONLY [pid 6364] <... futex resumed>) = 0 [ 120.002408][ T27] audit: type=1800 audit(1670043500.505:252): pid=6365 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6364] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6365] <... open resumed>) = 7 [pid 6365] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6364] <... futex resumed>) = 0 [pid 6364] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6365] sendfile(6, 7, NULL, 65536 [pid 6364] <... futex resumed>) = 0 [pid 6364] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6365] <... sendfile resumed>) = 2048 [pid 6365] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6364] <... futex resumed>) = 0 [pid 6365] <... futex resumed>) = 1 [pid 6364] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6365] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 6364] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6365] <... openat resumed>) = 8 [pid 6365] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6365] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6364] <... futex resumed>) = 0 [pid 6365] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6364] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6365] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6364] <... futex resumed>) = 0 [ 120.049801][ T27] audit: type=1804 audit(1670043500.555:253): pid=6365 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/125/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 120.078951][ T56] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 120.096824][ T6365] BTRFS info (device loop0): balance: start -s [ 120.105388][ T6365] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 6364] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6365] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6365] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6364] <... futex resumed>) = 0 [pid 6365] <... futex resumed>) = 1 [pid 6364] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6365] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 6364] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6365] <... ioctl resumed>) = 0 [pid 6365] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6364] <... futex resumed>) = 0 [pid 6365] <... futex resumed>) = 1 [pid 6365] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6364] exit_group(0 [pid 6365] <... futex resumed>) = ? [pid 6364] <... exit_group resumed>) = ? [pid 6365] +++ exited with 0 +++ [pid 6364] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6364, si_uid=0, si_status=0, si_utime=1, si_stime=26} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./125", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./125", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./125/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./125/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./125/binderfs") = 0 [ 120.131201][ T6365] BTRFS info (device loop0): balance: ended with status: 0 umount2("./125/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./125/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./125/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./125/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./125/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./125/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./125") = 0 mkdir("./126", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 6385 ./strace-static-x86_64: Process 6385 attached [pid 6385] set_robust_list(0x55555746f5e0, 24) = 0 [pid 6385] chdir("./126") = 0 [pid 6385] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6385] setpgid(0, 0) = 0 [pid 6385] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6385] write(3, "1000", 4) = 4 [pid 6385] close(3) = 0 [pid 6385] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6385] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6385] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 6385] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6385] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6386], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 6386 [pid 6385] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6385] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6386 attached [pid 6386] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 6386] memfd_create("syzkaller", 0) = 3 [pid 6386] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 6386] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6386] munmap(0x7fdb59200000, 16777216) = 0 [pid 6386] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6386] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6386] close(3) = 0 [pid 6386] mkdir("./file0", 0777) = 0 [ 120.454424][ T6386] loop0: detected capacity change from 0 to 32768 [ 120.468693][ T6386] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 120.478027][ T6386] BTRFS info (device loop0): force clearing of disk cache [ 120.485194][ T6386] BTRFS info (device loop0): setting nodatasum [ 120.491426][ T6386] BTRFS info (device loop0): allowing degraded mounts [pid 6386] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6386] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6386] chdir("./file0") = 0 [pid 6386] ioctl(4, LOOP_CLR_FD) = 0 [pid 6386] close(4) = 0 [pid 6386] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6385] <... futex resumed>) = 0 [pid 6386] <... futex resumed>) = 1 [pid 6386] open("./file0", O_RDONLY [pid 6385] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6386] <... open resumed>) = 4 [pid 6385] <... futex resumed>) = 0 [pid 6386] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6385] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6386] <... futex resumed>) = 0 [pid 6385] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6386] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6385] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6386] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6385] <... futex resumed>) = 0 [pid 6386] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [ 120.498376][ T6386] BTRFS info (device loop0): enabling disk space caching [ 120.505404][ T6386] BTRFS info (device loop0): disk space caching is enabled [ 120.522537][ T6386] BTRFS info (device loop0): enabling ssd optimizations [pid 6385] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6386] <... open resumed>) = 5 [pid 6386] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6385] <... futex resumed>) = 0 [pid 6386] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6385] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6386] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6385] <... futex resumed>) = 0 [pid 6386] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 6385] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6386] <... ioctl resumed>) = 0 [pid 6386] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6385] <... futex resumed>) = 0 [pid 6386] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6385] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6386] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6385] <... futex resumed>) = 0 [pid 6386] creat("./bus", 000 [pid 6385] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6386] <... creat resumed>) = 6 [pid 6386] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6385] <... futex resumed>) = 0 [pid 6386] ftruncate(6, 2048 [pid 6385] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6386] <... ftruncate resumed>) = 0 [pid 6385] <... futex resumed>) = 0 [pid 6386] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6385] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6386] <... futex resumed>) = 0 [pid 6385] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6386] open("./bus", O_RDONLY [ 120.554628][ T27] audit: type=1800 audit(1670043501.055:254): pid=6386 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6385] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6386] <... open resumed>) = 7 [pid 6385] <... futex resumed>) = 0 [pid 6385] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6386] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6385] <... futex resumed>) = 0 [pid 6386] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6385] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6386] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6385] <... futex resumed>) = 0 [pid 6386] sendfile(6, 7, NULL, 65536 [pid 6385] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6386] <... sendfile resumed>) = 2048 [pid 6386] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6385] <... futex resumed>) = 0 [pid 6386] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6385] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6386] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6385] <... futex resumed>) = 0 [pid 6386] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 6385] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6386] <... openat resumed>) = 8 [pid 6386] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6385] <... futex resumed>) = 0 [pid 6386] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6385] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6386] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6385] <... futex resumed>) = 0 [pid 6386] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 120.600356][ T27] audit: type=1804 audit(1670043501.105:255): pid=6386 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/126/file0/bus" dev="loop0" ino=263 res=1 errno=0 [pid 6385] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6386] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6386] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6385] <... futex resumed>) = 0 [pid 6386] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6385] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6386] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6385] <... futex resumed>) = 0 [pid 6386] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 6385] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6386] <... ioctl resumed>) = 0 [pid 6386] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6385] <... futex resumed>) = 0 [pid 6386] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6385] exit_group(0 [pid 6386] <... futex resumed>) = ? [pid 6385] <... exit_group resumed>) = ? [pid 6386] +++ exited with 0 +++ [pid 6385] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6385, si_uid=0, si_status=0, si_utime=0, si_stime=22} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./126", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./126", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./126/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./126/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./126/binderfs") = 0 umount2("./126/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./126/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./126/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./126/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./126/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./126/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./126") = 0 mkdir("./127", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 6407 ./strace-static-x86_64: Process 6407 attached [pid 6407] set_robust_list(0x55555746f5e0, 24) = 0 [pid 6407] chdir("./127") = 0 [pid 6407] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6407] setpgid(0, 0) = 0 [pid 6407] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6407] write(3, "1000", 4) = 4 [pid 6407] close(3) = 0 [pid 6407] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6407] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6407] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 6407] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6407] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6408], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 6408 [pid 6407] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6407] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6408 attached [pid 6408] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 6408] memfd_create("syzkaller", 0) = 3 [pid 6408] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 6408] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6408] munmap(0x7fdb59200000, 16777216) = 0 [pid 6408] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6408] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6408] close(3) = 0 [pid 6408] mkdir("./file0", 0777) = 0 [pid 6408] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6408] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6408] chdir("./file0") = 0 [pid 6408] ioctl(4, LOOP_CLR_FD) = 0 [pid 6408] close(4) = 0 [pid 6408] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6408] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6407] <... futex resumed>) = 0 [pid 6407] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6408] <... futex resumed>) = 0 [pid 6407] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6408] open("./file0", O_RDONLY) = 4 [pid 6408] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6407] <... futex resumed>) = 0 [pid 6408] <... futex resumed>) = 1 [pid 6407] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6407] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 120.985123][ T6408] loop0: detected capacity change from 0 to 32768 [pid 6408] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6408] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6407] <... futex resumed>) = 0 [pid 6408] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 6407] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6407] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6408] <... ioctl resumed>) = 0 [pid 6408] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6407] <... futex resumed>) = 0 [pid 6407] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6407] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6408] <... futex resumed>) = 1 [pid 6408] creat("./bus", 000) = 6 [pid 6408] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6407] <... futex resumed>) = 0 [pid 6407] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6408] <... futex resumed>) = 1 [pid 6407] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6408] ftruncate(6, 2048) = 0 [pid 6408] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6407] <... futex resumed>) = 0 [pid 6408] open("./bus", O_RDONLY [pid 6407] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6408] <... open resumed>) = 7 [pid 6407] <... futex resumed>) = 0 [pid 6408] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6407] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6408] <... futex resumed>) = 0 [pid 6407] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6408] sendfile(6, 7, NULL, 65536 [pid 6407] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6408] <... sendfile resumed>) = 2048 [pid 6407] <... futex resumed>) = 0 [ 121.040751][ T27] audit: type=1800 audit(1670043501.545:256): pid=6408 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6408] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6407] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6408] <... futex resumed>) = 0 [pid 6407] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6408] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 6407] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6408] <... openat resumed>) = 8 [pid 6407] <... futex resumed>) = 0 [pid 6408] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6407] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6408] <... futex resumed>) = 0 [pid 6407] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6408] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6407] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6407] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6408] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6408] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6407] <... futex resumed>) = 0 [pid 6407] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6407] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6408] <... futex resumed>) = 1 [ 121.073719][ T27] audit: type=1804 audit(1670043501.575:257): pid=6408 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/127/file0/bus" dev="loop0" ino=263 res=1 errno=0 [pid 6408] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 6408] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6407] <... futex resumed>) = 0 [pid 6407] exit_group(0) = ? [pid 6408] <... futex resumed>) = ? [pid 6408] +++ exited with 0 +++ [pid 6407] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6407, si_uid=0, si_status=0, si_utime=1, si_stime=17} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./127", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./127", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./127/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./127/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./127/binderfs") = 0 umount2("./127/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./127/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./127/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./127/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./127/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./127/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./127") = 0 mkdir("./128", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 6428 ./strace-static-x86_64: Process 6428 attached [pid 6428] set_robust_list(0x55555746f5e0, 24) = 0 [pid 6428] chdir("./128") = 0 [pid 6428] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6428] setpgid(0, 0) = 0 [pid 6428] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6428] write(3, "1000", 4) = 4 [pid 6428] close(3) = 0 [pid 6428] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6428] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6428] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 6428] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6428] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6429 attached , parent_tid=[6429], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 6429 [pid 6429] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 6428] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6428] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6429] memfd_create("syzkaller", 0) = 3 [pid 6429] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 6429] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6429] munmap(0x7fdb59200000, 16777216) = 0 [pid 6429] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6429] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6429] close(3) = 0 [pid 6429] mkdir("./file0", 0777) = 0 [pid 6429] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6429] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6429] chdir("./file0") = 0 [pid 6429] ioctl(4, LOOP_CLR_FD) = 0 [pid 6429] close(4) = 0 [pid 6429] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6429] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6428] <... futex resumed>) = 0 [ 121.475211][ T6429] loop0: detected capacity change from 0 to 32768 [pid 6428] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6429] <... futex resumed>) = 0 [pid 6428] <... futex resumed>) = 1 [pid 6429] open("./file0", O_RDONLY [pid 6428] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6429] <... open resumed>) = 4 [pid 6429] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6428] <... futex resumed>) = 0 [pid 6429] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6428] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6429] <... open resumed>) = 5 [pid 6428] <... futex resumed>) = 0 [pid 6429] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6428] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6429] <... futex resumed>) = 0 [pid 6428] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6429] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 6428] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6428] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6429] <... ioctl resumed>) = 0 [pid 6429] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6429] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6428] <... futex resumed>) = 0 [pid 6428] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6428] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6429] <... futex resumed>) = 0 [ 121.519472][ T27] audit: type=1800 audit(1670043502.025:258): pid=6429 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6429] creat("./bus", 000) = 6 [pid 6429] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6428] <... futex resumed>) = 0 [pid 6429] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6428] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6429] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6428] <... futex resumed>) = 0 [pid 6429] ftruncate(6, 2048 [pid 6428] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6429] <... ftruncate resumed>) = 0 [pid 6429] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6428] <... futex resumed>) = 0 [pid 6428] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6429] open("./bus", O_RDONLY [pid 6428] <... futex resumed>) = 0 [pid 6428] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6429] <... open resumed>) = 7 [pid 6429] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6428] <... futex resumed>) = 0 [pid 6429] sendfile(6, 7, NULL, 65536 [pid 6428] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6429] <... sendfile resumed>) = 2048 [pid 6428] <... futex resumed>) = 0 [pid 6428] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6429] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6428] <... futex resumed>) = 0 [pid 6429] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 6428] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6429] <... openat resumed>) = 8 [pid 6428] <... futex resumed>) = 0 [pid 6428] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6429] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6428] <... futex resumed>) = 0 [pid 6429] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6428] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 121.565665][ T46] _btrfs_printk: 34 callbacks suppressed [ 121.565683][ T46] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 121.587186][ T27] audit: type=1804 audit(1670043502.085:259): pid=6429 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/128/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 121.625386][ T6429] BTRFS info (device loop0): balance: start -s [ 121.634049][ T6429] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 6428] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6428] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6428] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 6428] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6428] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6449], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 6449 [pid 6428] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6428] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6449 attached [pid 6449] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 6449] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 6429] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6429] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6429] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6449] <... ioctl resumed>) = 0 [pid 6449] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6428] <... futex resumed>) = 0 [pid 6428] exit_group(0 [pid 6429] <... futex resumed>) = ? [pid 6428] <... exit_group resumed>) = ? [pid 6429] +++ exited with 0 +++ [pid 6449] <... futex resumed>) = ? [pid 6449] +++ exited with 0 +++ [pid 6428] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6428, si_uid=0, si_status=0, si_utime=2, si_stime=21} --- umount2("./128", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./128", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./128/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./128/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./128/binderfs") = 0 [ 121.665732][ T6429] BTRFS info (device loop0): balance: ended with status: 0 umount2("./128/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./128/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./128/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./128/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./128/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./128/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./128") = 0 mkdir("./129", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 6450 ./strace-static-x86_64: Process 6450 attached [pid 6450] set_robust_list(0x55555746f5e0, 24) = 0 [pid 6450] chdir("./129") = 0 [pid 6450] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6450] setpgid(0, 0) = 0 [pid 6450] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6450] write(3, "1000", 4) = 4 [pid 6450] close(3) = 0 [pid 6450] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6450] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6450] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 6450] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6450] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6451], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 6451 ./strace-static-x86_64: Process 6451 attached [pid 6451] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 6451] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6450] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6451] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6450] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6451] memfd_create("syzkaller", 0) = 3 [pid 6451] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 6451] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6451] munmap(0x7fdb59200000, 16777216) = 0 [pid 6451] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6451] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6451] close(3) = 0 [pid 6451] mkdir("./file0", 0777) = 0 [ 121.990705][ T6451] loop0: detected capacity change from 0 to 32768 [ 122.003559][ T6451] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 122.012906][ T6451] BTRFS info (device loop0): force clearing of disk cache [ 122.020406][ T6451] BTRFS info (device loop0): setting nodatasum [ 122.026594][ T6451] BTRFS info (device loop0): allowing degraded mounts [ 122.033816][ T6451] BTRFS info (device loop0): enabling disk space caching [ 122.041449][ T6451] BTRFS info (device loop0): disk space caching is enabled [ 122.060404][ T6451] BTRFS info (device loop0): enabling ssd optimizations [ 122.068046][ T6451] BTRFS info (device loop0): clearing free space tree [ 122.074852][ T6451] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 6451] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6451] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6451] chdir("./file0") = 0 [pid 6451] ioctl(4, LOOP_CLR_FD) = 0 [pid 6451] close(4) = 0 [pid 6451] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6450] <... futex resumed>) = 0 [pid 6450] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6451] open("./file0", O_RDONLY [pid 6450] <... futex resumed>) = 0 [pid 6450] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6451] <... open resumed>) = 4 [pid 6451] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6450] <... futex resumed>) = 0 [pid 6450] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6451] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6450] <... futex resumed>) = 0 [pid 6450] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6451] <... open resumed>) = 5 [pid 6451] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6450] <... futex resumed>) = 0 [pid 6451] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6450] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6451] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6450] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6451] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 6451] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6451] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6450] <... futex resumed>) = 0 [ 122.084887][ T6451] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 122.098330][ T6451] BTRFS info (device loop0): checking UUID tree [pid 6450] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6451] <... futex resumed>) = 0 [pid 6450] <... futex resumed>) = 1 [pid 6451] creat("./bus", 000) = 6 [pid 6450] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6451] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6451] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6450] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6450] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6451] <... futex resumed>) = 0 [pid 6450] <... futex resumed>) = 1 [pid 6451] ftruncate(6, 2048) = 0 [pid 6450] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6451] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6451] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6450] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6450] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6451] <... futex resumed>) = 0 [pid 6450] <... futex resumed>) = 1 [pid 6451] open("./bus", O_RDONLY [pid 6450] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6451] <... open resumed>) = 7 [pid 6451] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6450] <... futex resumed>) = 0 [pid 6451] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6450] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6451] sendfile(6, 7, NULL, 65536) = 2048 [pid 6450] <... futex resumed>) = 0 [pid 6451] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6450] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6451] <... futex resumed>) = 0 [pid 6451] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6450] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6450] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6451] <... futex resumed>) = 0 [pid 6450] <... futex resumed>) = 1 [pid 6451] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 6450] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6451] <... openat resumed>) = 8 [pid 6451] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6450] <... futex resumed>) = 0 [pid 6451] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6450] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6451] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6450] <... futex resumed>) = 0 [ 122.141867][ T46] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 122.171546][ T6451] BTRFS info (device loop0): balance: start -s [ 122.180174][ T6451] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 6450] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6450] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6450] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 6450] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6450] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6471], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 6471 [pid 6450] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6451] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6450] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6451] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6451] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6471 attached [pid 6471] set_robust_list(0x7fdb617d59e0, 24) = 0 [ 122.210586][ T6451] BTRFS info (device loop0): balance: ended with status: 0 [pid 6471] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 6471] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6471] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6450] <... futex resumed>) = 0 [pid 6450] exit_group(0 [pid 6451] <... futex resumed>) = ? [pid 6450] <... exit_group resumed>) = ? [pid 6451] +++ exited with 0 +++ [pid 6471] <... futex resumed>) = ? [pid 6471] +++ exited with 0 +++ [pid 6450] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6450, si_uid=0, si_status=0, si_utime=2, si_stime=29} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./129", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./129", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./129/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./129/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./129/binderfs") = 0 umount2("./129/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./129/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./129/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./129/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./129/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./129/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./129") = 0 mkdir("./130", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 6472 ./strace-static-x86_64: Process 6472 attached [pid 6472] set_robust_list(0x55555746f5e0, 24) = 0 [pid 6472] chdir("./130") = 0 [pid 6472] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6472] setpgid(0, 0) = 0 [pid 6472] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6472] write(3, "1000", 4) = 4 [pid 6472] close(3) = 0 [pid 6472] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6472] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6472] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 6472] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6472] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6473 attached , parent_tid=[6473], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 6473 [pid 6472] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6472] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6473] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 6473] memfd_create("syzkaller", 0) = 3 [pid 6473] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 6473] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6473] munmap(0x7fdb59200000, 16777216) = 0 [pid 6473] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6473] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6473] close(3) = 0 [pid 6473] mkdir("./file0", 0777) = 0 [ 122.563090][ T6473] loop0: detected capacity change from 0 to 32768 [ 122.577106][ T6473] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 122.586665][ T6473] BTRFS info (device loop0): force clearing of disk cache [ 122.593976][ T6473] BTRFS info (device loop0): setting nodatasum [ 122.600447][ T6473] BTRFS info (device loop0): allowing degraded mounts [ 122.607438][ T6473] BTRFS info (device loop0): enabling disk space caching [ 122.614570][ T6473] BTRFS info (device loop0): disk space caching is enabled [ 122.634704][ T6473] BTRFS info (device loop0): enabling ssd optimizations [ 122.642524][ T6473] BTRFS info (device loop0): clearing free space tree [ 122.649389][ T6473] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 6473] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6473] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6473] chdir("./file0") = 0 [pid 6473] ioctl(4, LOOP_CLR_FD) = 0 [pid 6473] close(4) = 0 [pid 6473] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6472] <... futex resumed>) = 0 [pid 6472] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6472] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6473] <... futex resumed>) = 1 [pid 6473] open("./file0", O_RDONLY) = 4 [pid 6473] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6472] <... futex resumed>) = 0 [pid 6472] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6472] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6473] <... futex resumed>) = 1 [pid 6473] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6473] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6472] <... futex resumed>) = 0 [pid 6472] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6472] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6473] <... futex resumed>) = 1 [pid 6473] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 6473] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6472] <... futex resumed>) = 0 [pid 6472] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6472] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6473] <... futex resumed>) = 1 [pid 6473] creat("./bus", 000) = 6 [pid 6473] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6472] <... futex resumed>) = 0 [pid 6472] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6472] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6473] <... futex resumed>) = 1 [pid 6473] ftruncate(6, 2048) = 0 [pid 6473] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6472] <... futex resumed>) = 0 [pid 6472] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6472] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6473] <... futex resumed>) = 1 [pid 6473] open("./bus", O_RDONLY) = 7 [ 122.659101][ T6473] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 122.672465][ T6473] BTRFS info (device loop0): checking UUID tree [pid 6473] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6472] <... futex resumed>) = 0 [pid 6472] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6472] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6473] <... futex resumed>) = 1 [pid 6473] sendfile(6, 7, NULL, 65536) = 2048 [pid 6473] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6472] <... futex resumed>) = 0 [pid 6472] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6472] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6473] <... futex resumed>) = 1 [pid 6473] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 6473] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6472] <... futex resumed>) = 0 [pid 6472] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6472] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6473] <... futex resumed>) = 1 [ 122.723085][ T46] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 122.743872][ T6473] BTRFS info (device loop0): balance: start -s [ 122.752415][ T6473] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 6473] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6472] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6472] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6472] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 6472] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6472] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6493], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 6493 [pid 6472] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6472] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6473] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6473] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 6493 attached [pid 6473] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6493] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 6493] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 6493] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6472] <... futex resumed>) = 0 [pid 6472] exit_group(0 [pid 6473] <... futex resumed>) = ? [pid 6472] <... exit_group resumed>) = ? [pid 6473] +++ exited with 0 +++ [pid 6493] <... futex resumed>) = ? [pid 6493] +++ exited with 0 +++ [pid 6472] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6472, si_uid=0, si_status=0, si_utime=2, si_stime=30} --- [ 122.778245][ T6473] BTRFS info (device loop0): balance: ended with status: 0 restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./130", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./130", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./130/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./130/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./130/binderfs") = 0 umount2("./130/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./130/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./130/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./130/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./130/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./130/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./130") = 0 mkdir("./131", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 6494 ./strace-static-x86_64: Process 6494 attached [pid 6494] set_robust_list(0x55555746f5e0, 24) = 0 [pid 6494] chdir("./131") = 0 [pid 6494] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6494] setpgid(0, 0) = 0 [pid 6494] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6494] write(3, "1000", 4) = 4 [pid 6494] close(3) = 0 [pid 6494] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6494] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6494] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 6494] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6494] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6495], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 6495 ./strace-static-x86_64: Process 6495 attached [pid 6495] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 6495] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6494] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6495] <... futex resumed>) = 0 [pid 6494] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6495] memfd_create("syzkaller", 0) = 3 [pid 6495] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 6495] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6495] munmap(0x7fdb59200000, 16777216) = 0 [pid 6495] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6495] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6495] close(3) = 0 [pid 6495] mkdir("./file0", 0777) = 0 [ 123.124695][ T6495] loop0: detected capacity change from 0 to 32768 [ 123.138191][ T6495] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 123.147471][ T6495] BTRFS info (device loop0): force clearing of disk cache [ 123.154592][ T6495] BTRFS info (device loop0): setting nodatasum [ 123.161183][ T6495] BTRFS info (device loop0): allowing degraded mounts [ 123.168417][ T6495] BTRFS info (device loop0): enabling disk space caching [ 123.175579][ T6495] BTRFS info (device loop0): disk space caching is enabled [ 123.195212][ T6495] BTRFS info (device loop0): enabling ssd optimizations [ 123.203605][ T6495] BTRFS info (device loop0): clearing free space tree [ 123.210850][ T6495] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 6495] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6495] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6495] chdir("./file0") = 0 [pid 6495] ioctl(4, LOOP_CLR_FD) = 0 [pid 6495] close(4) = 0 [pid 6495] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6494] <... futex resumed>) = 0 [pid 6495] open("./file0", O_RDONLY [pid 6494] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6494] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6495] <... open resumed>) = 4 [pid 6495] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6494] <... futex resumed>) = 0 [pid 6494] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6494] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6495] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6495] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6494] <... futex resumed>) = 0 [pid 6494] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6495] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 6494] <... futex resumed>) = 0 [pid 6494] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6495] <... ioctl resumed>) = 0 [ 123.220862][ T6495] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 123.234140][ T6495] BTRFS info (device loop0): checking UUID tree [pid 6495] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6494] <... futex resumed>) = 0 [pid 6495] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6494] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6495] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6494] <... futex resumed>) = 0 [pid 6495] creat("./bus", 000 [pid 6494] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6495] <... creat resumed>) = 6 [pid 6495] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6494] <... futex resumed>) = 0 [pid 6495] ftruncate(6, 2048 [pid 6494] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6495] <... ftruncate resumed>) = 0 [pid 6494] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6495] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6494] <... futex resumed>) = 0 [pid 6495] <... futex resumed>) = 1 [pid 6494] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6495] open("./bus", O_RDONLY [pid 6494] <... futex resumed>) = 0 [pid 6494] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6495] <... open resumed>) = 7 [pid 6495] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6494] <... futex resumed>) = 0 [pid 6495] <... futex resumed>) = 1 [pid 6494] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6495] sendfile(6, 7, NULL, 65536 [pid 6494] <... futex resumed>) = 0 [pid 6494] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6495] <... sendfile resumed>) = 2048 [pid 6495] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6494] <... futex resumed>) = 0 [pid 6494] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6495] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 6494] <... futex resumed>) = 0 [pid 6494] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6495] <... openat resumed>) = 8 [pid 6495] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6494] <... futex resumed>) = 0 [pid 6495] <... futex resumed>) = 1 [pid 6494] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6495] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 123.278723][ T56] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 123.309115][ T6495] BTRFS info (device loop0): balance: start -s [ 123.316829][ T6495] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 6494] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6494] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6494] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 6494] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6494] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6495] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6494] <... clone resumed>, parent_tid=[6515], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 6515 [pid 6494] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6495] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6494] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6495] <... futex resumed>) = 0 [pid 6495] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6515 attached [pid 6515] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 6515] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 6515] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6494] <... futex resumed>) = 0 [pid 6515] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6494] exit_group(0 [pid 6495] <... futex resumed>) = ? [pid 6494] <... exit_group resumed>) = ? [pid 6515] <... futex resumed>) = ? [pid 6515] +++ exited with 0 +++ [pid 6495] +++ exited with 0 +++ [pid 6494] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6494, si_uid=0, si_status=0, si_utime=1, si_stime=30} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./131", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./131", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./131/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./131/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 123.341700][ T6495] BTRFS info (device loop0): balance: ended with status: 0 unlink("./131/binderfs") = 0 umount2("./131/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./131/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./131/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./131/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./131/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./131/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./131") = 0 mkdir("./132", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 6516 ./strace-static-x86_64: Process 6516 attached [pid 6516] set_robust_list(0x55555746f5e0, 24) = 0 [pid 6516] chdir("./132") = 0 [pid 6516] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6516] setpgid(0, 0) = 0 [pid 6516] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6516] write(3, "1000", 4) = 4 [pid 6516] close(3) = 0 [pid 6516] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6516] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6516] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 6516] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6516] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6517], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 6517 [pid 6516] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6516] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6517 attached [pid 6517] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 6517] memfd_create("syzkaller", 0) = 3 [pid 6517] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 6517] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6517] munmap(0x7fdb59200000, 16777216) = 0 [pid 6517] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6517] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6517] close(3) = 0 [pid 6517] mkdir("./file0", 0777) = 0 [ 123.686976][ T6517] loop0: detected capacity change from 0 to 32768 [ 123.701151][ T6517] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 123.710463][ T6517] BTRFS info (device loop0): force clearing of disk cache [ 123.718044][ T6517] BTRFS info (device loop0): setting nodatasum [ 123.724202][ T6517] BTRFS info (device loop0): allowing degraded mounts [ 123.731505][ T6517] BTRFS info (device loop0): enabling disk space caching [ 123.738784][ T6517] BTRFS info (device loop0): disk space caching is enabled [ 123.759825][ T6517] BTRFS info (device loop0): enabling ssd optimizations [ 123.768178][ T6517] BTRFS info (device loop0): clearing free space tree [ 123.775064][ T6517] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 6517] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6517] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6517] chdir("./file0") = 0 [pid 6517] ioctl(4, LOOP_CLR_FD) = 0 [pid 6517] close(4) = 0 [pid 6517] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6516] <... futex resumed>) = 0 [pid 6517] open("./file0", O_RDONLY [pid 6516] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6517] <... open resumed>) = 4 [pid 6516] <... futex resumed>) = 0 [pid 6517] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6516] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6517] <... futex resumed>) = 0 [pid 6516] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6517] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6516] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6516] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6517] <... open resumed>) = 5 [pid 6517] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6516] <... futex resumed>) = 0 [pid 6516] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6517] <... futex resumed>) = 1 [pid 6516] <... futex resumed>) = 0 [pid 6516] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 123.784943][ T6517] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 123.798330][ T6517] BTRFS info (device loop0): checking UUID tree [pid 6517] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 6517] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6516] <... futex resumed>) = 0 [pid 6516] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6516] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6517] <... futex resumed>) = 1 [pid 6517] creat("./bus", 000) = 6 [pid 6517] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6516] <... futex resumed>) = 0 [pid 6516] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6516] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6517] <... futex resumed>) = 1 [pid 6517] ftruncate(6, 2048) = 0 [pid 6517] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6516] <... futex resumed>) = 0 [pid 6516] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6516] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6517] <... futex resumed>) = 1 [pid 6517] open("./bus", O_RDONLY) = 7 [pid 6517] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6516] <... futex resumed>) = 0 [pid 6516] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6516] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6517] <... futex resumed>) = 1 [pid 6517] sendfile(6, 7, NULL, 65536) = 2048 [pid 6517] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6516] <... futex resumed>) = 0 [pid 6516] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6516] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6517] <... futex resumed>) = 1 [pid 6517] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 6517] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6516] <... futex resumed>) = 0 [pid 6516] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6516] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6517] <... futex resumed>) = 1 [ 123.859673][ T33] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 123.881380][ T6517] BTRFS info (device loop0): balance: start -s [ 123.892174][ T6517] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 6517] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6516] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6516] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6516] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 6516] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6516] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6537], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 6537 [pid 6516] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6516] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6537 attached [pid 6537] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 6537] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 6537] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6517] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6537] <... futex resumed>) = 1 [pid 6517] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6516] <... futex resumed>) = 0 [pid 6516] exit_group(0) = ? [pid 6517] <... futex resumed>) = ? [pid 6537] +++ exited with 0 +++ [pid 6517] +++ exited with 0 +++ [pid 6516] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6516, si_uid=0, si_status=0, si_utime=3, si_stime=30} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./132", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./132", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./132/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./132/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 123.918869][ T6517] BTRFS info (device loop0): balance: ended with status: 0 unlink("./132/binderfs") = 0 umount2("./132/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./132/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./132/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./132/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./132/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./132/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./132") = 0 mkdir("./133", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 6538 ./strace-static-x86_64: Process 6538 attached [pid 6538] set_robust_list(0x55555746f5e0, 24) = 0 [pid 6538] chdir("./133") = 0 [pid 6538] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6538] setpgid(0, 0) = 0 [pid 6538] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6538] write(3, "1000", 4) = 4 [pid 6538] close(3) = 0 [pid 6538] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6538] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6538] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 6538] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6538] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6539 attached , parent_tid=[6539], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 6539 [pid 6538] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6538] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6539] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 6539] memfd_create("syzkaller", 0) = 3 [pid 6539] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 6539] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6539] munmap(0x7fdb59200000, 16777216) = 0 [pid 6539] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6539] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6539] close(3) = 0 [pid 6539] mkdir("./file0", 0777) = 0 [ 124.253861][ T6539] loop0: detected capacity change from 0 to 32768 [ 124.265752][ T6539] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 124.275264][ T6539] BTRFS info (device loop0): force clearing of disk cache [ 124.282714][ T6539] BTRFS info (device loop0): setting nodatasum [ 124.289077][ T6539] BTRFS info (device loop0): allowing degraded mounts [ 124.295839][ T6539] BTRFS info (device loop0): enabling disk space caching [ 124.303326][ T6539] BTRFS info (device loop0): disk space caching is enabled [ 124.322973][ T6539] BTRFS info (device loop0): enabling ssd optimizations [ 124.330773][ T6539] BTRFS info (device loop0): clearing free space tree [ 124.337681][ T6539] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 6539] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6539] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6539] chdir("./file0") = 0 [pid 6539] ioctl(4, LOOP_CLR_FD) = 0 [pid 6539] close(4) = 0 [pid 6539] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6538] <... futex resumed>) = 0 [pid 6538] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6538] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6539] <... futex resumed>) = 1 [pid 6539] open("./file0", O_RDONLY) = 4 [pid 6539] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6538] <... futex resumed>) = 0 [pid 6538] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6538] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6539] <... futex resumed>) = 1 [pid 6539] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6539] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6538] <... futex resumed>) = 0 [pid 6538] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6538] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6539] <... futex resumed>) = 1 [ 124.347411][ T6539] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 124.360737][ T6539] BTRFS info (device loop0): checking UUID tree [ 124.381781][ T27] kauditd_printk_skb: 8 callbacks suppressed [pid 6539] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 6539] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6538] <... futex resumed>) = 0 [pid 6538] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6538] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6539] <... futex resumed>) = 1 [pid 6539] creat("./bus", 000) = 6 [pid 6539] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6538] <... futex resumed>) = 0 [pid 6538] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6538] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6539] <... futex resumed>) = 1 [pid 6539] ftruncate(6, 2048) = 0 [pid 6539] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6538] <... futex resumed>) = 0 [pid 6538] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6538] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6539] <... futex resumed>) = 1 [pid 6539] open("./bus", O_RDONLY) = 7 [ 124.381794][ T27] audit: type=1800 audit(1670043504.885:268): pid=6539 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 6539] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6538] <... futex resumed>) = 0 [pid 6538] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6538] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6539] <... futex resumed>) = 1 [pid 6539] sendfile(6, 7, NULL, 65536) = 2048 [pid 6539] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6538] <... futex resumed>) = 0 [pid 6538] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6538] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6539] <... futex resumed>) = 1 [pid 6539] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 6539] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6538] <... futex resumed>) = 0 [pid 6538] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6538] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6539] <... futex resumed>) = 1 [ 124.432818][ T27] audit: type=1804 audit(1670043504.935:269): pid=6539 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/133/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 124.461739][ T33] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 124.472238][ T6539] BTRFS info (device loop0): balance: start -s [pid 6539] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6538] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6538] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6538] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6538] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 6538] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6538] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6559], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 6559 [pid 6538] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6538] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6559 attached [pid 6559] set_robust_list(0x7fdb617d59e0, 24) = 0 [ 124.481195][ T6539] BTRFS info (device loop0): relocating block group 1048576 flags system [ 124.515796][ T6559] ------------[ cut here ]------------ [ 124.522470][ T6559] WARNING: CPU: 0 PID: 6559 at fs/btrfs/extent-tree.c:865 lookup_inline_extent_backref+0x8c1/0x13f0 [pid 6559] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 6538] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 124.534324][ T6559] Modules linked in: [ 124.539001][ T6559] CPU: 0 PID: 6559 Comm: syz-executor311 Not tainted 6.1.0-rc7-syzkaller-00123-ga4412fdd49dc #0 [ 124.550779][ T6559] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 124.561782][ T6559] RIP: 0010:lookup_inline_extent_backref+0x8c1/0x13f0 [ 124.569609][ T6559] Code: 98 00 00 00 0f 87 42 0b 00 00 e8 5a 9c 07 fe 4c 8b 6c 24 28 eb 3d 83 7d 28 00 4c 8b 6c 24 28 0f 84 b0 04 00 00 e8 3f 9c 07 fe <0f> 0b 41 bc fb ff ff ff e9 f3 05 00 00 e8 2d 9c 07 fe e9 ca 05 00 [ 124.589439][ T6559] RSP: 0018:ffffc90006296e40 EFLAGS: 00010293 [ 124.595565][ T6559] RAX: ffffffff8382fbb1 RBX: 0000000000000000 RCX: ffff88801eab1d40 [ 124.604193][ T6559] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 124.613458][ T6559] RBP: ffffc90006296ff0 R08: ffffffff8382f700 R09: ffffed100faf1008 [ 124.621505][ T6559] R10: ffffed100faf1008 R11: 1ffff1100faf1007 R12: dffffc0000000000 [ 124.629529][ T6559] R13: ffff888075edcd10 R14: ffffc90006296f60 R15: ffff88807d788000 [ 124.637582][ T6559] FS: 00007fdb617d5700(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 124.646541][ T6559] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 124.653201][ T6559] CR2: 000055912e028900 CR3: 000000001954b000 CR4: 00000000003506e0 [ 124.661221][ T6559] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 124.669246][ T6559] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 124.677272][ T6559] Call Trace: [ 124.680561][ T6559] [pid 6538] exit_group(0) = ? [ 124.683530][ T6559] ? insert_extent_data_ref+0xa00/0xa00 [ 124.689221][ T6559] insert_inline_extent_backref+0xcc/0x260 [ 124.695056][ T6559] ? trace_btrfs_reserved_extent_alloc+0x300/0x300 [ 124.701611][ T6559] ? trace_kmem_cache_alloc+0x30/0xe0 [ 124.706994][ T6559] ? kmem_cache_alloc+0x85/0x300 [ 124.711973][ T6559] ? __btrfs_inc_extent_ref+0xcf/0x5e0 [ 124.717516][ T6559] __btrfs_inc_extent_ref+0x108/0x5e0 [ 124.722903][ T6559] ? trace_run_delayed_tree_ref+0x320/0x320 [ 124.729266][ T6559] ? rcu_read_lock_sched_held+0x87/0x110 [ 124.734940][ T6559] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 124.741010][ T6559] ? __lock_acquire+0x1292/0x1f60 [ 124.746068][ T6559] ? do_raw_spin_unlock+0x134/0x8a0 [ 124.751425][ T6559] btrfs_run_delayed_refs_for_head+0xf00/0x1df0 [ 124.757791][ T6559] ? btrfs_issue_discard+0x700/0x700 [ 124.763129][ T6559] ? read_lock_is_recursive+0x10/0x10 [ 124.768606][ T6559] ? __btrfs_run_delayed_refs+0x1d5/0x490 [ 124.774357][ T6559] ? do_raw_read_unlock+0x37/0x70 [ 124.779458][ T6559] ? _raw_read_unlock+0x24/0x40 [ 124.784349][ T6559] ? btrfs_tree_mod_log_lowest_seq+0x92/0xa0 [ 124.790401][ T6559] ? btrfs_merge_delayed_refs+0x5db/0x650 [ 124.796135][ T6559] ? do_raw_spin_unlock+0x134/0x8a0 [ 124.801420][ T6559] __btrfs_run_delayed_refs+0x25f/0x490 [ 124.807015][ T6559] ? btrfs_run_delayed_refs+0x490/0x490 [ 124.812703][ T6559] ? do_raw_spin_unlock+0x134/0x8a0 [ 124.817962][ T6559] ? btrfs_init_reloc_root+0x392/0x4d0 [ 124.823460][ T6559] btrfs_run_delayed_refs+0x312/0x490 [ 124.828910][ T6559] qgroup_account_snapshot+0xce/0x340 [ 124.834309][ T6559] create_pending_snapshot+0xf35/0x2560 [ 124.839968][ T6559] ? trace_btrfs_space_reservation+0x320/0x320 [ 124.846141][ T6559] ? __mutex_lock_common+0x45f/0x26e0 [ 124.851579][ T6559] ? read_lock_is_recursive+0x10/0x10 [ 124.856961][ T6559] ? do_raw_spin_unlock+0x134/0x8a0 [ 124.862707][ T6559] ? mutex_lock_io_nested+0x60/0x60 [ 124.868006][ T6559] ? lockdep_hardirqs_on+0x8d/0x130 [ 124.873221][ T6559] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 124.879267][ T6559] create_pending_snapshots+0x1a8/0x1e0 [ 124.884947][ T6559] btrfs_commit_transaction+0x13f0/0x3760 [ 124.890773][ T6559] ? _raw_spin_unlock+0x24/0x40 [ 124.895648][ T6559] ? btrfs_commit_transaction_async+0x440/0x440 [ 124.901955][ T6559] ? join_transaction+0xc45/0xe60 [ 124.906990][ T6559] ? join_transaction+0xc1f/0xe60 [ 124.912100][ T6559] ? btrfs_record_root_in_trans+0x129/0x180 [ 124.918089][ T6559] ? start_transaction+0x3da/0x1180 [ 124.923321][ T6559] ? wake_bit_function+0x240/0x240 [ 124.928489][ T6559] create_snapshot+0x4aa/0x7e0 [ 124.933276][ T6559] btrfs_mksubvol+0x62e/0x760 [ 124.938026][ T6559] btrfs_mksnapshot+0xb5/0xf0 [ 124.942736][ T6559] __btrfs_ioctl_snap_create+0x339/0x450 [ 124.948471][ T6559] btrfs_ioctl_snap_create+0x134/0x190 [ 124.953953][ T6559] btrfs_ioctl+0x15c/0xc10 [ 124.958428][ T6559] ? btrfs_ioctl_get_supported_features+0x40/0x40 [ 124.964851][ T6559] __se_sys_ioctl+0xfb/0x170 [ 124.969571][ T6559] do_syscall_64+0x3d/0xb0 [ 124.974014][ T6559] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 124.979971][ T6559] RIP: 0033:0x7fdb6184aa69 [ 124.984423][ T6559] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 125.004113][ T6559] RSP: 002b:00007fdb617d52f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 125.012588][ T6559] RAX: ffffffffffffffda RBX: 00007fdb618d57f0 RCX: 00007fdb6184aa69 [ 125.020686][ T6559] RDX: 00000000200000c0 RSI: 0000000050009401 RDI: 0000000000000004 [ 125.028718][ T6559] RBP: 00007fdb618a226c R08: 00007fdb617d5700 R09: 0000000000000000 [ 125.036708][ T6559] R10: 00007fdb617d5700 R11: 0000000000000246 R12: 8000000000000000 [ 125.044747][ T6559] R13: 00007fdb618a1270 R14: 0000000100000000 R15: 00007fdb618d57f8 [ 125.052790][ T6559] [ 125.055803][ T6559] Kernel panic - not syncing: panic_on_warn set ... [ 125.062373][ T6559] CPU: 1 PID: 6559 Comm: syz-executor311 Not tainted 6.1.0-rc7-syzkaller-00123-ga4412fdd49dc #0 [ 125.072769][ T6559] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 125.082815][ T6559] Call Trace: [ 125.086096][ T6559] [ 125.089045][ T6559] dump_stack_lvl+0x1b1/0x28e [ 125.093733][ T6559] ? nf_tcp_handle_invalid+0x62e/0x62e [ 125.099181][ T6559] ? panic+0x710/0x710 [ 125.103252][ T6559] ? vscnprintf+0x59/0x80 [ 125.107571][ T6559] ? lookup_inline_extent_backref+0x810/0x13f0 [ 125.113722][ T6559] panic+0x2d6/0x710 [ 125.117608][ T6559] ? __warn+0x131/0x220 [ 125.121753][ T6559] ? memcpy_page_flushcache+0xfc/0xfc [ 125.127153][ T6559] ? lookup_inline_extent_backref+0x8c1/0x13f0 [ 125.133322][ T6559] __warn+0x1fa/0x220 [ 125.137309][ T6559] ? lookup_inline_extent_backref+0x8c1/0x13f0 [ 125.143483][ T6559] report_bug+0x1b3/0x2d0 [ 125.147818][ T6559] handle_bug+0x3d/0x70 [ 125.151989][ T6559] exc_invalid_op+0x16/0x40 [ 125.156491][ T6559] asm_exc_invalid_op+0x16/0x20 [ 125.161349][ T6559] RIP: 0010:lookup_inline_extent_backref+0x8c1/0x13f0 [ 125.168117][ T6559] Code: 98 00 00 00 0f 87 42 0b 00 00 e8 5a 9c 07 fe 4c 8b 6c 24 28 eb 3d 83 7d 28 00 4c 8b 6c 24 28 0f 84 b0 04 00 00 e8 3f 9c 07 fe <0f> 0b 41 bc fb ff ff ff e9 f3 05 00 00 e8 2d 9c 07 fe e9 ca 05 00 [ 125.187818][ T6559] RSP: 0018:ffffc90006296e40 EFLAGS: 00010293 [ 125.193884][ T6559] RAX: ffffffff8382fbb1 RBX: 0000000000000000 RCX: ffff88801eab1d40 [ 125.201854][ T6559] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 125.209821][ T6559] RBP: ffffc90006296ff0 R08: ffffffff8382f700 R09: ffffed100faf1008 [ 125.217877][ T6559] R10: ffffed100faf1008 R11: 1ffff1100faf1007 R12: dffffc0000000000 [ 125.226105][ T6559] R13: ffff888075edcd10 R14: ffffc90006296f60 R15: ffff88807d788000 [ 125.234087][ T6559] ? lookup_inline_extent_backref+0x410/0x13f0 [ 125.240259][ T6559] ? lookup_inline_extent_backref+0x8c1/0x13f0 [ 125.246468][ T6559] ? insert_extent_data_ref+0xa00/0xa00 [ 125.252061][ T6559] insert_inline_extent_backref+0xcc/0x260 [ 125.257892][ T6559] ? trace_btrfs_reserved_extent_alloc+0x300/0x300 [ 125.264405][ T6559] ? trace_kmem_cache_alloc+0x30/0xe0 [ 125.269778][ T6559] ? kmem_cache_alloc+0x85/0x300 [ 125.274717][ T6559] ? __btrfs_inc_extent_ref+0xcf/0x5e0 [ 125.280309][ T6559] __btrfs_inc_extent_ref+0x108/0x5e0 [ 125.285796][ T6559] ? trace_run_delayed_tree_ref+0x320/0x320 [ 125.291782][ T6559] ? rcu_read_lock_sched_held+0x87/0x110 [ 125.297503][ T6559] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 125.303487][ T6559] ? __lock_acquire+0x1292/0x1f60 [ 125.308512][ T6559] ? do_raw_spin_unlock+0x134/0x8a0 [ 125.313726][ T6559] btrfs_run_delayed_refs_for_head+0xf00/0x1df0 [ 125.320017][ T6559] ? btrfs_issue_discard+0x700/0x700 [ 125.325306][ T6559] ? read_lock_is_recursive+0x10/0x10 [ 125.330768][ T6559] ? __btrfs_run_delayed_refs+0x1d5/0x490 [ 125.336492][ T6559] ? do_raw_read_unlock+0x37/0x70 [ 125.341518][ T6559] ? _raw_read_unlock+0x24/0x40 [ 125.346372][ T6559] ? btrfs_tree_mod_log_lowest_seq+0x92/0xa0 [ 125.352389][ T6559] ? btrfs_merge_delayed_refs+0x5db/0x650 [ 125.358124][ T6559] ? do_raw_spin_unlock+0x134/0x8a0 [ 125.363334][ T6559] __btrfs_run_delayed_refs+0x25f/0x490 [ 125.368894][ T6559] ? btrfs_run_delayed_refs+0x490/0x490 [ 125.374439][ T6559] ? do_raw_spin_unlock+0x134/0x8a0 [ 125.379633][ T6559] ? btrfs_init_reloc_root+0x392/0x4d0 [ 125.385103][ T6559] btrfs_run_delayed_refs+0x312/0x490 [ 125.390486][ T6559] qgroup_account_snapshot+0xce/0x340 [ 125.395866][ T6559] create_pending_snapshot+0xf35/0x2560 [ 125.401451][ T6559] ? trace_btrfs_space_reservation+0x320/0x320 [ 125.407606][ T6559] ? __mutex_lock_common+0x45f/0x26e0 [ 125.413032][ T6559] ? read_lock_is_recursive+0x10/0x10 [ 125.418401][ T6559] ? do_raw_spin_unlock+0x134/0x8a0 [ 125.423612][ T6559] ? mutex_lock_io_nested+0x60/0x60 [ 125.428821][ T6559] ? lockdep_hardirqs_on+0x8d/0x130 [ 125.434023][ T6559] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 125.439921][ T6559] create_pending_snapshots+0x1a8/0x1e0 [ 125.445827][ T6559] btrfs_commit_transaction+0x13f0/0x3760 [ 125.451570][ T6559] ? _raw_spin_unlock+0x24/0x40 [ 125.456455][ T6559] ? btrfs_commit_transaction_async+0x440/0x440 [ 125.462704][ T6559] ? join_transaction+0xc45/0xe60 [ 125.467901][ T6559] ? join_transaction+0xc1f/0xe60 [ 125.472931][ T6559] ? btrfs_record_root_in_trans+0x129/0x180 [ 125.478833][ T6559] ? start_transaction+0x3da/0x1180 [ 125.484036][ T6559] ? wake_bit_function+0x240/0x240 [ 125.489162][ T6559] create_snapshot+0x4aa/0x7e0 [ 125.493937][ T6559] btrfs_mksubvol+0x62e/0x760 [ 125.498627][ T6559] btrfs_mksnapshot+0xb5/0xf0 [ 125.503311][ T6559] __btrfs_ioctl_snap_create+0x339/0x450 [ 125.508959][ T6559] btrfs_ioctl_snap_create+0x134/0x190 [ 125.514426][ T6559] btrfs_ioctl+0x15c/0xc10 [ 125.518846][ T6559] ? btrfs_ioctl_get_supported_features+0x40/0x40 [ 125.525259][ T6559] __se_sys_ioctl+0xfb/0x170 [ 125.529870][ T6559] do_syscall_64+0x3d/0xb0 [ 125.534287][ T6559] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 125.540193][ T6559] RIP: 0033:0x7fdb6184aa69 [ 125.544606][ T6559] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 125.564296][ T6559] RSP: 002b:00007fdb617d52f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 125.572713][ T6559] RAX: ffffffffffffffda RBX: 00007fdb618d57f0 RCX: 00007fdb6184aa69 [ 125.580685][ T6559] RDX: 00000000200000c0 RSI: 0000000050009401 RDI: 0000000000000004 [ 125.588659][ T6559] RBP: 00007fdb618a226c R08: 00007fdb617d5700 R09: 0000000000000000 [ 125.596627][ T6559] R10: 00007fdb617d5700 R11: 0000000000000246 R12: 8000000000000000 [ 125.604595][ T6559] R13: 00007fdb618a1270 R14: 0000000100000000 R15: 00007fdb618d57f8 [ 125.612582][ T6559] [ 125.615748][ T6559] Kernel Offset: disabled [ 125.620270][ T6559] Rebooting in 86400 seconds..