./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3112146075 <...> Warning: Permanently added '10.128.1.63' (ECDSA) to the list of known hosts. execve("./syz-executor3112146075", ["./syz-executor3112146075"], 0x7ffe2bbed220 /* 10 vars */) = 0 brk(NULL) = 0x55555746f000 brk(0x55555746fc40) = 0x55555746fc40 arch_prctl(ARCH_SET_FS, 0x55555746f300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x55555746f5d0) = 3630 set_robust_list(0x55555746f5e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7fdb618079c0, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7fdb61808090}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7fdb61807a60, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fdb61808090}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3112146075", 4096) = 28 brk(0x555557490c40) = 0x555557490c40 brk(0x555557491000) = 0x555557491000 mprotect(0x7fdb618cf000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 3630 mkdir("./syzkaller.1ZDoxE", 0700) = 0 chmod("./syzkaller.1ZDoxE", 0777) = 0 chdir("./syzkaller.1ZDoxE") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 3631 ./strace-static-x86_64: Process 3631 attached [pid 3631] set_robust_list(0x55555746f5e0, 24) = 0 [pid 3631] chdir("./0") = 0 [pid 3631] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3631] setpgid(0, 0) = 0 [pid 3631] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3631] write(3, "1000", 4) = 4 [pid 3631] close(3) = 0 [pid 3631] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3631] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3631] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 3631] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3631] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3633], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 3633 [pid 3631] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3631] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3633 attached [pid 3633] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 3633] memfd_create("syzkaller", 0) = 3 [pid 3633] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 3633] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 3633] munmap(0x7fdb59200000, 16777216) = 0 [pid 3633] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3633] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3633] close(3) = 0 [pid 3633] mkdir("./file0", 0777) = 0 [ 50.583661][ T3633] loop0: detected capacity change from 0 to 32768 [ 50.596649][ T3633] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor311 (3633) [ 50.617192][ T3633] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 50.627201][ T3633] BTRFS info (device loop0): force clearing of disk cache [ 50.634739][ T3633] BTRFS info (device loop0): setting nodatasum [ 50.641033][ T3633] BTRFS info (device loop0): allowing degraded mounts [ 50.648249][ T3633] BTRFS info (device loop0): enabling disk space caching [ 50.655501][ T3633] BTRFS info (device loop0): disk space caching is enabled [ 50.680354][ T3633] BTRFS info (device loop0): enabling ssd optimizations [ 50.689018][ T3633] BTRFS info (device loop0): clearing free space tree [ 50.696322][ T3633] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 50.706853][ T3633] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 3633] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 3633] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3633] chdir("./file0") = 0 [pid 3633] ioctl(4, LOOP_CLR_FD) = 0 [pid 3633] close(4) = 0 [pid 3633] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3633] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3631] <... futex resumed>) = 0 [pid 3631] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3633] <... futex resumed>) = 0 [pid 3633] open("./file0", O_RDONLY [pid 3631] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3633] <... open resumed>) = 4 [pid 3633] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3631] <... futex resumed>) = 0 [pid 3631] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3631] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3633] <... futex resumed>) = 1 [ 50.728876][ T3633] BTRFS info (device loop0): checking UUID tree [pid 3633] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 3633] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3633] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3631] <... futex resumed>) = 0 [pid 3631] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3631] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3633] <... futex resumed>) = 0 [pid 3633] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 3633] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3631] <... futex resumed>) = 0 [pid 3631] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3631] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3633] <... futex resumed>) = 1 [pid 3633] creat("./bus", 000) = 6 [pid 3633] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3631] <... futex resumed>) = 0 [pid 3631] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3631] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3633] <... futex resumed>) = 1 [pid 3633] ftruncate(6, 2048) = 0 [pid 3633] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3631] <... futex resumed>) = 0 [pid 3631] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3631] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3633] <... futex resumed>) = 1 [ 50.760883][ T27] audit: type=1800 audit(1670043431.265:2): pid=3633 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 50.792938][ T33] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 3633] open("./bus", O_RDONLY) = 7 [pid 3633] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3631] <... futex resumed>) = 0 [pid 3631] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3631] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3633] <... futex resumed>) = 1 [pid 3633] sendfile(6, 7, NULL, 65536) = 2048 [pid 3633] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3631] <... futex resumed>) = 0 [pid 3631] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3631] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3633] <... futex resumed>) = 1 [pid 3633] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 3633] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3631] <... futex resumed>) = 0 [pid 3631] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3631] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3633] <... futex resumed>) = 1 [ 50.811445][ T27] audit: type=1804 audit(1670043431.315:3): pid=3633 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/0/file0/bus" dev="loop0" ino=263 res=1 errno=0 [pid 3633] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 3631] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3631] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3631] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 3631] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3631] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3653], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 3653 [pid 3631] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3631] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3653 attached [pid 3653] set_robust_list(0x7fdb617d59e0, 24) = 0 [ 50.870196][ T3633] BTRFS info (device loop0): balance: start -s [ 50.880104][ T3633] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 3653] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 3631] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3653] <... ioctl resumed>) = 0 [pid 3653] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3653] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3633] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 3633] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3631] exit_group(0 [pid 3653] <... futex resumed>) = ? [pid 3631] <... exit_group resumed>) = ? [pid 3653] +++ exited with 0 +++ [pid 3633] +++ exited with 0 +++ [pid 3631] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3631, si_uid=0, si_status=0, si_utime=3, si_stime=36} --- umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./0/binderfs") = 0 [ 51.006404][ T3633] BTRFS info (device loop0): balance: ended with status: 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 3664 ./strace-static-x86_64: Process 3664 attached [pid 3664] set_robust_list(0x55555746f5e0, 24) = 0 [pid 3664] chdir("./1") = 0 [pid 3664] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3664] setpgid(0, 0) = 0 [pid 3664] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3664] write(3, "1000", 4) = 4 [pid 3664] close(3) = 0 [pid 3664] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3664] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3664] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 3664] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3664] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3665 attached , parent_tid=[3665], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 3665 [pid 3665] set_robust_list(0x7fdb617f69e0, 24 [pid 3664] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3665] <... set_robust_list resumed>) = 0 [pid 3664] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3665] memfd_create("syzkaller", 0) = 3 [pid 3665] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 3665] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 3665] munmap(0x7fdb59200000, 16777216) = 0 [pid 3665] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3665] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3665] close(3) = 0 [pid 3665] mkdir("./file0", 0777) = 0 [ 51.321300][ T3665] loop0: detected capacity change from 0 to 32768 [ 51.334277][ T3665] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 51.343929][ T3665] BTRFS info (device loop0): force clearing of disk cache [ 51.351161][ T3665] BTRFS info (device loop0): setting nodatasum [ 51.357385][ T3665] BTRFS info (device loop0): allowing degraded mounts [ 51.364154][ T3665] BTRFS info (device loop0): enabling disk space caching [ 51.371235][ T3665] BTRFS info (device loop0): disk space caching is enabled [ 51.391663][ T3665] BTRFS info (device loop0): enabling ssd optimizations [ 51.399852][ T3665] BTRFS info (device loop0): clearing free space tree [ 51.406921][ T3665] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 3665] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 3665] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3665] chdir("./file0") = 0 [pid 3665] ioctl(4, LOOP_CLR_FD) = 0 [pid 3665] close(4) = 0 [pid 3665] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3664] <... futex resumed>) = 0 [pid 3664] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3664] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3665] <... futex resumed>) = 1 [pid 3665] open("./file0", O_RDONLY) = 4 [pid 3665] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3664] <... futex resumed>) = 0 [pid 3664] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3664] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3665] <... futex resumed>) = 1 [ 51.416699][ T3665] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 51.431106][ T3665] BTRFS info (device loop0): checking UUID tree [pid 3665] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 3665] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3664] <... futex resumed>) = 0 [pid 3664] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3664] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3665] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 3665] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3664] <... futex resumed>) = 0 [pid 3665] creat("./bus", 000 [pid 3664] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3664] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3665] <... creat resumed>) = 6 [pid 3665] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3664] <... futex resumed>) = 0 [pid 3665] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3664] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3665] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3664] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3665] ftruncate(6, 2048) = 0 [pid 3665] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3664] <... futex resumed>) = 0 [pid 3664] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 51.468578][ T27] audit: type=1800 audit(1670043431.975:4): pid=3665 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 51.508692][ T33] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 3664] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3665] open("./bus", O_RDONLY) = 7 [pid 3665] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3664] <... futex resumed>) = 0 [pid 3664] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3664] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3665] sendfile(6, 7, NULL, 65536) = 2048 [pid 3665] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3664] <... futex resumed>) = 0 [pid 3664] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3664] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3665] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 3665] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3664] <... futex resumed>) = 0 [pid 3664] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3664] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 51.523582][ T27] audit: type=1804 audit(1670043432.025:5): pid=3665 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/1/file0/bus" dev="loop0" ino=263 res=1 errno=0 [pid 3665] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 3664] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3664] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3664] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 3664] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3664] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3685], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 3685 [pid 3664] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3664] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3665] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 3665] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3665] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3685 attached [pid 3685] set_robust_list(0x7fdb617d59e0, 24) = 0 [ 51.563962][ T3665] BTRFS info (device loop0): balance: start -s [ 51.572468][ T3665] BTRFS info (device loop0): relocating block group 1048576 flags system [ 51.601566][ T3665] BTRFS info (device loop0): balance: ended with status: 0 [pid 3685] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 3685] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3685] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3664] <... futex resumed>) = 0 [pid 3664] exit_group(0) = ? [pid 3665] <... futex resumed>) = ? [pid 3665] +++ exited with 0 +++ [pid 3685] <... futex resumed>) = ? [pid 3685] +++ exited with 0 +++ [pid 3664] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3664, si_uid=0, si_status=0, si_utime=1, si_stime=30} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./1/binderfs") = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 3686 ./strace-static-x86_64: Process 3686 attached [pid 3686] set_robust_list(0x55555746f5e0, 24) = 0 [pid 3686] chdir("./2") = 0 [pid 3686] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3686] setpgid(0, 0) = 0 [pid 3686] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3686] write(3, "1000", 4) = 4 [pid 3686] close(3) = 0 [pid 3686] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3686] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3686] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 3686] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3686] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3687], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 3687 [pid 3686] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 3687 attached [pid 3687] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 3686] <... futex resumed>) = 0 [pid 3687] memfd_create("syzkaller", 0 [pid 3686] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3687] <... memfd_create resumed>) = 3 [pid 3687] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 3687] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 3687] munmap(0x7fdb59200000, 16777216) = 0 [pid 3687] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3687] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3687] close(3) = 0 [pid 3687] mkdir("./file0", 0777) = 0 [ 51.937978][ T3687] loop0: detected capacity change from 0 to 32768 [ 51.951189][ T3687] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 51.960938][ T3687] BTRFS info (device loop0): force clearing of disk cache [ 51.968196][ T3687] BTRFS info (device loop0): setting nodatasum [ 51.974377][ T3687] BTRFS info (device loop0): allowing degraded mounts [ 51.981556][ T3687] BTRFS info (device loop0): enabling disk space caching [ 51.988659][ T3687] BTRFS info (device loop0): disk space caching is enabled [ 52.009335][ T3687] BTRFS info (device loop0): enabling ssd optimizations [ 52.017791][ T3687] BTRFS info (device loop0): clearing free space tree [ 52.024635][ T3687] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 3687] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 3687] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3687] chdir("./file0") = 0 [pid 3687] ioctl(4, LOOP_CLR_FD) = 0 [pid 3687] close(4) = 0 [pid 3687] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3686] <... futex resumed>) = 0 [pid 3687] open("./file0", O_RDONLY [pid 3686] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3687] <... open resumed>) = 4 [pid 3686] <... futex resumed>) = 0 [pid 3686] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3687] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3686] <... futex resumed>) = 0 [pid 3687] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3686] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3686] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3687] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 52.034383][ T3687] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 52.048349][ T3687] BTRFS info (device loop0): checking UUID tree [pid 3687] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 3687] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3686] <... futex resumed>) = 0 [pid 3687] <... futex resumed>) = 1 [pid 3686] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3687] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 3686] <... futex resumed>) = 0 [pid 3686] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3687] <... ioctl resumed>) = 0 [pid 3687] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3686] <... futex resumed>) = 0 [pid 3686] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3686] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3687] <... futex resumed>) = 1 [pid 3687] creat("./bus", 000) = 6 [pid 3687] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3686] <... futex resumed>) = 0 [pid 3686] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3686] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3687] <... futex resumed>) = 1 [pid 3687] ftruncate(6, 2048) = 0 [pid 3687] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3686] <... futex resumed>) = 0 [pid 3686] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3686] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3687] <... futex resumed>) = 1 [pid 3687] open("./bus", O_RDONLY) = 7 [pid 3687] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3686] <... futex resumed>) = 0 [pid 3686] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3686] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3687] <... futex resumed>) = 1 [pid 3687] sendfile(6, 7, NULL, 65536) = 2048 [pid 3687] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3686] <... futex resumed>) = 0 [pid 3686] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3686] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3687] <... futex resumed>) = 1 [pid 3687] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 3687] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3686] <... futex resumed>) = 0 [pid 3686] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3686] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3687] <... futex resumed>) = 1 [ 52.073281][ T27] audit: type=1800 audit(1670043432.575:6): pid=3687 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 52.098923][ T27] audit: type=1804 audit(1670043432.605:7): pid=3687 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/2/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 52.099009][ T9] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 3687] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 3686] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3686] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 3686] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3686] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 3686] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3686] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3707], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 3707 [pid 3686] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 52.150119][ T3687] BTRFS info (device loop0): balance: start -s [ 52.159201][ T3687] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 3686] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3707 attached [pid 3707] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 3707] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 3687] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 3687] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3687] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3707] <... ioctl resumed>) = 0 [pid 3707] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3686] <... futex resumed>) = 0 [pid 3707] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3686] exit_group(0 [pid 3707] <... futex resumed>) = ? [pid 3687] <... futex resumed>) = ? [pid 3686] <... exit_group resumed>) = ? [pid 3687] +++ exited with 0 +++ [pid 3707] +++ exited with 0 +++ [pid 3686] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3686, si_uid=0, si_status=0, si_utime=1, si_stime=33} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 [ 52.195785][ T3687] BTRFS info (device loop0): balance: ended with status: 0 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./2/binderfs") = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 3711 ./strace-static-x86_64: Process 3711 attached [pid 3711] set_robust_list(0x55555746f5e0, 24) = 0 [pid 3711] chdir("./3") = 0 [pid 3711] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3711] setpgid(0, 0) = 0 [pid 3711] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3711] write(3, "1000", 4) = 4 [pid 3711] close(3) = 0 [pid 3711] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3711] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3711] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 3711] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3711] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3712], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 3712 ./strace-static-x86_64: Process 3712 attached [pid 3712] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 3712] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3711] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3712] <... futex resumed>) = 0 [pid 3711] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3712] memfd_create("syzkaller", 0) = 3 [pid 3712] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 3712] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 3712] munmap(0x7fdb59200000, 16777216) = 0 [pid 3712] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3712] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3712] close(3) = 0 [pid 3712] mkdir("./file0", 0777) = 0 [ 52.540974][ T3712] loop0: detected capacity change from 0 to 32768 [ 52.555627][ T3712] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 52.565234][ T3712] BTRFS info (device loop0): force clearing of disk cache [ 52.572520][ T3712] BTRFS info (device loop0): setting nodatasum [ 52.578964][ T3712] BTRFS info (device loop0): allowing degraded mounts [ 52.585740][ T3712] BTRFS info (device loop0): enabling disk space caching [ 52.593087][ T3712] BTRFS info (device loop0): disk space caching is enabled [ 52.611684][ T3712] BTRFS info (device loop0): enabling ssd optimizations [ 52.619435][ T3712] BTRFS info (device loop0): clearing free space tree [ 52.626475][ T3712] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 3712] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 3712] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3712] chdir("./file0") = 0 [pid 3712] ioctl(4, LOOP_CLR_FD) = 0 [pid 3712] close(4) = 0 [pid 3712] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3712] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3711] <... futex resumed>) = 0 [pid 3711] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3711] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3712] <... futex resumed>) = 0 [pid 3712] open("./file0", O_RDONLY) = 4 [pid 3712] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3711] <... futex resumed>) = 0 [pid 3711] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3711] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3712] <... futex resumed>) = 1 [pid 3712] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 3712] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3711] <... futex resumed>) = 0 [pid 3711] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3711] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3712] <... futex resumed>) = 1 [ 52.636423][ T3712] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 52.649995][ T3712] BTRFS info (device loop0): checking UUID tree [pid 3712] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 3712] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3712] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3711] <... futex resumed>) = 0 [pid 3711] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3711] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3712] <... futex resumed>) = 0 [pid 3712] creat("./bus", 000) = 6 [pid 3712] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3711] <... futex resumed>) = 0 [pid 3712] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3711] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3712] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3711] <... futex resumed>) = 0 [pid 3712] ftruncate(6, 2048 [pid 3711] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3712] <... ftruncate resumed>) = 0 [pid 3712] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3711] <... futex resumed>) = 0 [pid 3711] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3711] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 52.679760][ T27] audit: type=1800 audit(1670043433.185:8): pid=3712 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 52.715622][ T27] audit: type=1804 audit(1670043433.215:9): pid=3712 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/3/file0/bus" dev="loop0" ino=263 res=1 errno=0 [pid 3712] open("./bus", O_RDONLY) = 7 [pid 3712] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3711] <... futex resumed>) = 0 [pid 3711] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3711] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3712] sendfile(6, 7, NULL, 65536) = 2048 [pid 3712] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3711] <... futex resumed>) = 0 [pid 3712] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 3711] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3712] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 3711] <... futex resumed>) = 0 [pid 3711] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3712] <... openat resumed>) = 8 [pid 3712] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3711] <... futex resumed>) = 0 [pid 3712] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3711] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3712] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3711] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 52.715978][ T9] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 52.762371][ T3712] BTRFS info (device loop0): balance: start -s [ 52.770762][ T3712] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 3712] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 3711] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3711] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3711] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 3711] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3711] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3732], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 3732 [pid 3711] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3711] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3712] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 ./strace-static-x86_64: Process 3732 attached [pid 3732] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 3732] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 3712] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3712] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3732] <... ioctl resumed>) = 0 [pid 3732] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3711] <... futex resumed>) = 0 [pid 3732] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3711] exit_group(0 [pid 3732] <... futex resumed>) = ? [pid 3712] <... futex resumed>) = ? [pid 3711] <... exit_group resumed>) = ? [pid 3712] +++ exited with 0 +++ [pid 3732] +++ exited with 0 +++ [pid 3711] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3711, si_uid=0, si_status=0, si_utime=0, si_stime=30} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 52.799743][ T3712] BTRFS info (device loop0): balance: ended with status: 0 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./3/binderfs") = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 3733 ./strace-static-x86_64: Process 3733 attached [pid 3733] set_robust_list(0x55555746f5e0, 24) = 0 [pid 3733] chdir("./4") = 0 [pid 3733] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3733] setpgid(0, 0) = 0 [pid 3733] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3733] write(3, "1000", 4) = 4 [pid 3733] close(3) = 0 [pid 3733] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3733] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3733] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 3733] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3733] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3734], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 3734 [pid 3733] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3733] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3734 attached [pid 3734] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 3734] memfd_create("syzkaller", 0) = 3 [pid 3734] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 3734] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 3734] munmap(0x7fdb59200000, 16777216) = 0 [pid 3734] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3734] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3734] close(3) = 0 [pid 3734] mkdir("./file0", 0777) = 0 [ 53.136121][ T3734] loop0: detected capacity change from 0 to 32768 [ 53.150745][ T3734] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 53.160086][ T3734] BTRFS info (device loop0): force clearing of disk cache [ 53.167318][ T3734] BTRFS info (device loop0): setting nodatasum [ 53.173486][ T3734] BTRFS info (device loop0): allowing degraded mounts [ 53.180374][ T3734] BTRFS info (device loop0): enabling disk space caching [ 53.187431][ T3734] BTRFS info (device loop0): disk space caching is enabled [ 53.206178][ T3734] BTRFS info (device loop0): enabling ssd optimizations [ 53.214196][ T3734] BTRFS info (device loop0): clearing free space tree [ 53.221303][ T3734] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 3734] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 3734] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3734] chdir("./file0") = 0 [pid 3734] ioctl(4, LOOP_CLR_FD) = 0 [pid 3734] close(4) = 0 [pid 3734] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3733] <... futex resumed>) = 0 [pid 3734] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3733] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3734] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3733] <... futex resumed>) = 0 [pid 3734] open("./file0", O_RDONLY [pid 3733] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3734] <... open resumed>) = 4 [pid 3734] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3733] <... futex resumed>) = 0 [pid 3734] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 3733] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3734] <... open resumed>) = 5 [pid 3733] <... futex resumed>) = 0 [pid 3734] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3734] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3733] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 3733] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3733] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3734] <... futex resumed>) = 0 [ 53.231348][ T3734] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 53.245319][ T3734] BTRFS info (device loop0): checking UUID tree [pid 3734] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 3734] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3733] <... futex resumed>) = 0 [pid 3733] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3733] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3734] <... futex resumed>) = 1 [pid 3734] creat("./bus", 000) = 6 [pid 3734] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3733] <... futex resumed>) = 0 [pid 3733] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3733] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3734] <... futex resumed>) = 1 [pid 3734] ftruncate(6, 2048) = 0 [pid 3734] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3733] <... futex resumed>) = 0 [pid 3733] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3733] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3734] <... futex resumed>) = 1 [pid 3734] open("./bus", O_RDONLY) = 7 [pid 3734] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3733] <... futex resumed>) = 0 [pid 3733] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3733] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3734] <... futex resumed>) = 1 [pid 3734] sendfile(6, 7, NULL, 65536) = 2048 [pid 3734] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3733] <... futex resumed>) = 0 [pid 3733] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3733] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3734] <... futex resumed>) = 1 [pid 3734] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 3734] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3733] <... futex resumed>) = 0 [pid 3733] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3733] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3734] <... futex resumed>) = 1 [ 53.269270][ T27] audit: type=1800 audit(1670043433.775:10): pid=3734 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 53.302395][ T33] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 53.311721][ T27] audit: type=1804 audit(1670043433.815:11): pid=3734 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/4/file0/bus" dev="loop0" ino=263 res=1 errno=0 [pid 3734] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 3733] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3733] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3733] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 3733] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3733] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3754], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 3754 [pid 3733] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3733] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3754 attached [pid 3754] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 3754] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 3734] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 3734] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 53.333847][ T3734] BTRFS info (device loop0): balance: start -s [ 53.343424][ T3734] BTRFS info (device loop0): relocating block group 1048576 flags system [ 53.370555][ T3734] BTRFS info (device loop0): balance: ended with status: 0 [pid 3734] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3754] <... ioctl resumed>) = 0 [pid 3754] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3733] <... futex resumed>) = 0 [pid 3754] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3733] exit_group(0 [pid 3754] <... futex resumed>) = ? [pid 3734] <... futex resumed>) = ? [pid 3733] <... exit_group resumed>) = ? [pid 3734] +++ exited with 0 +++ [pid 3754] +++ exited with 0 +++ [pid 3733] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3733, si_uid=0, si_status=0, si_utime=3, si_stime=25} --- umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./4/binderfs") = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 3755 ./strace-static-x86_64: Process 3755 attached [pid 3755] set_robust_list(0x55555746f5e0, 24) = 0 [pid 3755] chdir("./5") = 0 [pid 3755] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3755] setpgid(0, 0) = 0 [pid 3755] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3755] write(3, "1000", 4) = 4 [pid 3755] close(3) = 0 [pid 3755] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3755] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3755] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 3755] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3755] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3756], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 3756 [pid 3755] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3755] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3756 attached [pid 3756] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 3756] memfd_create("syzkaller", 0) = 3 [pid 3756] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 3756] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 3756] munmap(0x7fdb59200000, 16777216) = 0 [pid 3756] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3756] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3756] close(3) = 0 [pid 3756] mkdir("./file0", 0777) = 0 [ 53.703760][ T3756] loop0: detected capacity change from 0 to 32768 [ 53.716176][ T3756] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 53.725527][ T3756] BTRFS info (device loop0): force clearing of disk cache [ 53.732781][ T3756] BTRFS info (device loop0): setting nodatasum [ 53.739083][ T3756] BTRFS info (device loop0): allowing degraded mounts [ 53.745963][ T3756] BTRFS info (device loop0): enabling disk space caching [ 53.753096][ T3756] BTRFS info (device loop0): disk space caching is enabled [ 53.771303][ T3756] BTRFS info (device loop0): enabling ssd optimizations [ 53.779306][ T3756] BTRFS info (device loop0): clearing free space tree [ 53.786365][ T3756] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 3756] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 3756] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3756] chdir("./file0") = 0 [pid 3756] ioctl(4, LOOP_CLR_FD) = 0 [pid 3756] close(4) = 0 [pid 3756] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3755] <... futex resumed>) = 0 [pid 3755] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3755] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3756] <... futex resumed>) = 1 [pid 3756] open("./file0", O_RDONLY) = 4 [pid 3756] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3755] <... futex resumed>) = 0 [pid 3755] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3755] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3756] <... futex resumed>) = 1 [pid 3756] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 3756] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3755] <... futex resumed>) = 0 [pid 3755] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3755] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3756] <... futex resumed>) = 1 [pid 3756] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 3756] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3755] <... futex resumed>) = 0 [pid 3755] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3755] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3756] <... futex resumed>) = 1 [pid 3756] creat("./bus", 000) = 6 [ 53.796314][ T3756] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 53.809996][ T3756] BTRFS info (device loop0): checking UUID tree [pid 3756] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3755] <... futex resumed>) = 0 [pid 3755] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3755] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3756] <... futex resumed>) = 1 [pid 3756] ftruncate(6, 2048) = 0 [pid 3756] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3755] <... futex resumed>) = 0 [pid 3755] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3755] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3756] <... futex resumed>) = 1 [pid 3756] open("./bus", O_RDONLY) = 7 [pid 3756] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3755] <... futex resumed>) = 0 [pid 3755] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3755] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3756] <... futex resumed>) = 1 [pid 3756] sendfile(6, 7, NULL, 65536) = 2048 [pid 3756] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3755] <... futex resumed>) = 0 [pid 3755] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3755] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3756] <... futex resumed>) = 1 [pid 3756] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 3756] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3755] <... futex resumed>) = 0 [pid 3755] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3755] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3756] <... futex resumed>) = 1 [pid 3756] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 3755] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3755] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 3755] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3755] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 3755] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3755] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3776 attached , parent_tid=[3776], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 3776 [pid 3755] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3776] set_robust_list(0x7fdb617d59e0, 24 [pid 3755] <... futex resumed>) = 0 [pid 3755] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3776] <... set_robust_list resumed>) = 0 [ 53.850423][ T9] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 53.875888][ T3756] BTRFS info (device loop0): balance: start -s [ 53.884874][ T3756] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 3776] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 3776] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3755] <... futex resumed>) = 0 [pid 3776] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3756] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 3756] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3756] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3755] exit_group(0 [pid 3776] <... futex resumed>) = ? [pid 3755] <... exit_group resumed>) = ? [pid 3756] <... futex resumed>) = ? [pid 3756] +++ exited with 0 +++ [pid 3776] +++ exited with 0 +++ [pid 3755] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3755, si_uid=0, si_status=0, si_utime=3, si_stime=29} --- umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./5/binderfs") = 0 [ 53.920572][ T3756] BTRFS info (device loop0): balance: ended with status: 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 3777 ./strace-static-x86_64: Process 3777 attached [pid 3777] set_robust_list(0x55555746f5e0, 24) = 0 [pid 3777] chdir("./6") = 0 [pid 3777] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3777] setpgid(0, 0) = 0 [pid 3777] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3777] write(3, "1000", 4) = 4 [pid 3777] close(3) = 0 [pid 3777] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3777] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3777] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 3777] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3777] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3778 attached , parent_tid=[3778], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 3778 [pid 3778] set_robust_list(0x7fdb617f69e0, 24 [pid 3777] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3778] <... set_robust_list resumed>) = 0 [pid 3777] <... futex resumed>) = 0 [pid 3777] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3778] memfd_create("syzkaller", 0) = 3 [pid 3778] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 3778] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 3778] munmap(0x7fdb59200000, 16777216) = 0 [pid 3778] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3778] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3778] close(3) = 0 [pid 3778] mkdir("./file0", 0777) = 0 [ 54.249485][ T3778] loop0: detected capacity change from 0 to 32768 [ 54.262449][ T3778] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 54.272043][ T3778] BTRFS info (device loop0): force clearing of disk cache [ 54.279584][ T3778] BTRFS info (device loop0): setting nodatasum [ 54.285812][ T3778] BTRFS info (device loop0): allowing degraded mounts [ 54.292998][ T3778] BTRFS info (device loop0): enabling disk space caching [ 54.300309][ T3778] BTRFS info (device loop0): disk space caching is enabled [ 54.320008][ T3778] BTRFS info (device loop0): enabling ssd optimizations [ 54.328049][ T3778] BTRFS info (device loop0): clearing free space tree [ 54.335136][ T3778] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 3778] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 3778] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3778] chdir("./file0") = 0 [pid 3778] ioctl(4, LOOP_CLR_FD) = 0 [pid 3778] close(4) = 0 [pid 3778] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3778] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3777] <... futex resumed>) = 0 [pid 3777] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3777] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3778] <... futex resumed>) = 0 [pid 3778] open("./file0", O_RDONLY) = 4 [pid 3778] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3777] <... futex resumed>) = 0 [pid 3777] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3777] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3778] <... futex resumed>) = 1 [pid 3778] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 3778] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3777] <... futex resumed>) = 0 [pid 3777] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3777] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3778] <... futex resumed>) = 1 [pid 3778] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 3778] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3777] <... futex resumed>) = 0 [pid 3777] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3777] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3778] <... futex resumed>) = 1 [pid 3778] creat("./bus", 000) = 6 [pid 3778] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3777] <... futex resumed>) = 0 [pid 3777] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3777] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3778] <... futex resumed>) = 1 [pid 3778] ftruncate(6, 2048) = 0 [pid 3778] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3777] <... futex resumed>) = 0 [pid 3777] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3777] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3778] <... futex resumed>) = 1 [pid 3778] open("./bus", O_RDONLY) = 7 [pid 3778] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3777] <... futex resumed>) = 0 [pid 3777] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3777] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3778] <... futex resumed>) = 1 [pid 3778] sendfile(6, 7, NULL, 65536) = 2048 [ 54.345318][ T3778] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 3778] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3777] <... futex resumed>) = 0 [pid 3777] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3777] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3778] <... futex resumed>) = 1 [pid 3778] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 3778] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3777] <... futex resumed>) = 0 [pid 3777] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3777] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3778] <... futex resumed>) = 1 [pid 3778] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 3778] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3777] <... futex resumed>) = 0 [pid 3777] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3777] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3778] <... futex resumed>) = 1 [pid 3778] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 3778] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3778] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3777] <... futex resumed>) = 0 [pid 3777] exit_group(0 [pid 3778] <... futex resumed>) = ? [pid 3777] <... exit_group resumed>) = ? [pid 3778] +++ exited with 0 +++ [pid 3777] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3777, si_uid=0, si_status=0, si_utime=1, si_stime=27} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./6/binderfs") = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3801 attached , child_tidptr=0x55555746f5d0) = 3801 [pid 3801] set_robust_list(0x55555746f5e0, 24) = 0 [pid 3801] chdir("./7") = 0 [pid 3801] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3801] setpgid(0, 0) = 0 [pid 3801] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3801] write(3, "1000", 4) = 4 [pid 3801] close(3) = 0 [pid 3801] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3801] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3801] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 3801] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3801] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3802 attached [pid 3802] set_robust_list(0x7fdb617f69e0, 24 [pid 3801] <... clone resumed>, parent_tid=[3802], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 3802 [pid 3802] <... set_robust_list resumed>) = 0 [pid 3801] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3801] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3802] memfd_create("syzkaller", 0) = 3 [pid 3802] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 3802] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 3802] munmap(0x7fdb59200000, 16777216) = 0 [pid 3802] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3802] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3802] close(3) = 0 [pid 3802] mkdir("./file0", 0777) = 0 [pid 3802] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 3802] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3802] chdir("./file0") = 0 [pid 3802] ioctl(4, LOOP_CLR_FD) = 0 [pid 3802] close(4) = 0 [pid 3802] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3801] <... futex resumed>) = 0 [pid 3801] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3801] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3802] <... futex resumed>) = 1 [pid 3802] open("./file0", O_RDONLY) = 4 [pid 3802] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3801] <... futex resumed>) = 0 [pid 3801] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3801] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3802] <... futex resumed>) = 1 [pid 3802] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 3802] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3801] <... futex resumed>) = 0 [pid 3801] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3801] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3802] <... futex resumed>) = 1 [pid 3802] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 3802] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3801] <... futex resumed>) = 0 [pid 3801] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3801] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 54.782738][ T3802] loop0: detected capacity change from 0 to 32768 [pid 3802] creat("./bus", 000) = 6 [pid 3802] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3801] <... futex resumed>) = 0 [pid 3801] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3801] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3802] <... futex resumed>) = 1 [pid 3802] ftruncate(6, 2048) = 0 [pid 3802] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3801] <... futex resumed>) = 0 [pid 3801] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3801] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3802] <... futex resumed>) = 1 [pid 3802] open("./bus", O_RDONLY) = 7 [pid 3802] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3801] <... futex resumed>) = 0 [pid 3801] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3801] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3802] <... futex resumed>) = 1 [pid 3802] sendfile(6, 7, NULL, 65536) = 2048 [pid 3802] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3801] <... futex resumed>) = 0 [pid 3801] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3801] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3802] <... futex resumed>) = 1 [pid 3802] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 3802] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3801] <... futex resumed>) = 0 [pid 3801] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3801] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3802] <... futex resumed>) = 1 [pid 3802] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 3802] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3801] <... futex resumed>) = 0 [pid 3801] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3801] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3802] <... futex resumed>) = 1 [pid 3802] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 3802] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3801] <... futex resumed>) = 0 [pid 3801] exit_group(0) = ? [pid 3802] <... futex resumed>) = ? [pid 3802] +++ exited with 0 +++ [pid 3801] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3801, si_uid=0, si_status=0, si_utime=2, si_stime=21} --- umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./7/binderfs") = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 3822 ./strace-static-x86_64: Process 3822 attached [pid 3822] set_robust_list(0x55555746f5e0, 24) = 0 [pid 3822] chdir("./8") = 0 [pid 3822] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3822] setpgid(0, 0) = 0 [pid 3822] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3822] write(3, "1000", 4) = 4 [pid 3822] close(3) = 0 [pid 3822] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3822] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3822] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 3822] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3822] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3823], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 3823 [pid 3822] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3822] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3823 attached [pid 3823] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 3823] memfd_create("syzkaller", 0) = 3 [pid 3823] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 3823] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 3823] munmap(0x7fdb59200000, 16777216) = 0 [pid 3823] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3823] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3823] close(3) = 0 [pid 3823] mkdir("./file0", 0777) = 0 [pid 3823] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 3823] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3823] chdir("./file0") = 0 [pid 3823] ioctl(4, LOOP_CLR_FD) = 0 [pid 3823] close(4) = 0 [pid 3823] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3822] <... futex resumed>) = 0 [pid 3822] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3822] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3823] <... futex resumed>) = 1 [pid 3823] open("./file0", O_RDONLY) = 4 [pid 3823] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3822] <... futex resumed>) = 0 [pid 3822] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3822] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3823] <... futex resumed>) = 1 [pid 3823] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 3823] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3822] <... futex resumed>) = 0 [pid 3822] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3822] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3823] <... futex resumed>) = 1 [pid 3823] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 3823] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3822] <... futex resumed>) = 0 [pid 3822] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3822] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3823] <... futex resumed>) = 1 [ 55.229772][ T3823] loop0: detected capacity change from 0 to 32768 [pid 3823] creat("./bus", 000) = 6 [pid 3823] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3822] <... futex resumed>) = 0 [pid 3822] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3822] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3823] <... futex resumed>) = 1 [pid 3823] ftruncate(6, 2048) = 0 [pid 3823] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3822] <... futex resumed>) = 0 [pid 3822] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3822] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3823] <... futex resumed>) = 1 [pid 3823] open("./bus", O_RDONLY) = 7 [pid 3823] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3822] <... futex resumed>) = 0 [pid 3822] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3822] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3823] <... futex resumed>) = 1 [pid 3823] sendfile(6, 7, NULL, 65536) = 2048 [pid 3823] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3822] <... futex resumed>) = 0 [pid 3822] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3822] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3823] <... futex resumed>) = 1 [pid 3823] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 3823] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3822] <... futex resumed>) = 0 [pid 3822] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3822] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3823] <... futex resumed>) = 1 [pid 3823] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 3823] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3822] <... futex resumed>) = 0 [pid 3822] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3822] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3823] <... futex resumed>) = 1 [pid 3823] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 3823] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3822] <... futex resumed>) = 0 [pid 3822] exit_group(0) = ? [pid 3823] <... futex resumed>) = ? [pid 3823] +++ exited with 0 +++ [pid 3822] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3822, si_uid=0, si_status=0, si_utime=4, si_stime=19} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./8/binderfs") = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 3843 ./strace-static-x86_64: Process 3843 attached [pid 3843] set_robust_list(0x55555746f5e0, 24) = 0 [pid 3843] chdir("./9") = 0 [pid 3843] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3843] setpgid(0, 0) = 0 [pid 3843] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3843] write(3, "1000", 4) = 4 [pid 3843] close(3) = 0 [pid 3843] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3843] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3843] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 3843] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3843] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3844 attached , parent_tid=[3844], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 3844 [pid 3844] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 3844] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3843] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3844] <... futex resumed>) = 0 [pid 3844] memfd_create("syzkaller", 0) = 3 [pid 3844] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 3843] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3844] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 3844] munmap(0x7fdb59200000, 16777216) = 0 [pid 3844] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3844] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3844] close(3) = 0 [pid 3844] mkdir("./file0", 0777) = 0 [ 55.672701][ T3844] loop0: detected capacity change from 0 to 32768 [ 55.686632][ T3844] _btrfs_printk: 35 callbacks suppressed [ 55.686647][ T3844] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 55.701713][ T3844] BTRFS info (device loop0): force clearing of disk cache [ 55.708910][ T3844] BTRFS info (device loop0): setting nodatasum [ 55.715068][ T3844] BTRFS info (device loop0): allowing degraded mounts [ 55.721891][ T3844] BTRFS info (device loop0): enabling disk space caching [ 55.728944][ T3844] BTRFS info (device loop0): disk space caching is enabled [ 55.745723][ T3844] BTRFS info (device loop0): enabling ssd optimizations [ 55.753474][ T3844] BTRFS info (device loop0): clearing free space tree [ 55.760865][ T3844] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 3844] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 3844] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3844] chdir("./file0") = 0 [pid 3844] ioctl(4, LOOP_CLR_FD) = 0 [pid 3844] close(4) = 0 [pid 3844] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3843] <... futex resumed>) = 0 [pid 3844] open("./file0", O_RDONLY [pid 3843] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3844] <... open resumed>) = 4 [pid 3843] <... futex resumed>) = 0 [pid 3844] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3843] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3844] <... futex resumed>) = 0 [pid 3843] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 55.770571][ T3844] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 55.784215][ T3844] BTRFS info (device loop0): checking UUID tree [ 55.800460][ T27] kauditd_printk_skb: 8 callbacks suppressed [pid 3844] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 3843] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3843] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3844] <... open resumed>) = 5 [pid 3844] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3843] <... futex resumed>) = 0 [pid 3843] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3844] <... futex resumed>) = 1 [pid 3843] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3844] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 3844] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3843] <... futex resumed>) = 0 [pid 3843] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3843] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3844] creat("./bus", 000) = 6 [pid 3844] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3843] <... futex resumed>) = 0 [pid 3843] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 55.800473][ T27] audit: type=1800 audit(1670043436.305:20): pid=3844 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 3843] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3844] ftruncate(6, 2048) = 0 [pid 3844] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3843] <... futex resumed>) = 0 [pid 3843] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3843] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3844] <... futex resumed>) = 1 [pid 3844] open("./bus", O_RDONLY) = 7 [pid 3844] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3843] <... futex resumed>) = 0 [pid 3844] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3843] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3844] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3843] <... futex resumed>) = 0 [pid 3844] sendfile(6, 7, NULL, 65536 [pid 3843] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3844] <... sendfile resumed>) = 2048 [pid 3844] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3843] <... futex resumed>) = 0 [pid 3844] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3843] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3844] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3843] <... futex resumed>) = 0 [pid 3844] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 3843] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3844] <... openat resumed>) = 8 [pid 3844] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3843] <... futex resumed>) = 0 [pid 3844] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3843] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3844] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3843] <... futex resumed>) = 0 [pid 3844] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 55.847126][ T9] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 55.855258][ T27] audit: type=1804 audit(1670043436.355:21): pid=3844 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/9/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 55.891375][ T3844] BTRFS info (device loop0): balance: start -s [pid 3843] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3844] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 3844] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3843] <... futex resumed>) = 0 [pid 3843] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3843] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3844] <... futex resumed>) = 1 [pid 3844] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 3844] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3843] <... futex resumed>) = 0 [pid 3843] exit_group(0) = ? [pid 3844] <... futex resumed>) = ? [ 55.899135][ T3844] BTRFS info (device loop0): relocating block group 1048576 flags system [ 55.922686][ T3844] BTRFS info (device loop0): balance: ended with status: 0 [pid 3844] +++ exited with 0 +++ [pid 3843] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3843, si_uid=0, si_status=0, si_utime=3, si_stime=24} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./9/binderfs") = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 3864 ./strace-static-x86_64: Process 3864 attached [pid 3864] set_robust_list(0x55555746f5e0, 24) = 0 [pid 3864] chdir("./10") = 0 [pid 3864] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3864] setpgid(0, 0) = 0 [pid 3864] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3864] write(3, "1000", 4) = 4 [pid 3864] close(3) = 0 [pid 3864] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3864] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3864] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 3864] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3864] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3865 attached , parent_tid=[3865], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 3865 [pid 3865] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 3865] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3864] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3865] <... futex resumed>) = 0 [pid 3864] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3865] memfd_create("syzkaller", 0) = 3 [pid 3865] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 3865] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 3865] munmap(0x7fdb59200000, 16777216) = 0 [pid 3865] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3865] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3865] close(3) = 0 [pid 3865] mkdir("./file0", 0777) = 0 [ 56.248575][ T3865] loop0: detected capacity change from 0 to 32768 [ 56.263608][ T3865] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 56.272936][ T3865] BTRFS info (device loop0): force clearing of disk cache [ 56.280212][ T3865] BTRFS info (device loop0): setting nodatasum [ 56.286396][ T3865] BTRFS info (device loop0): allowing degraded mounts [ 56.293256][ T3865] BTRFS info (device loop0): enabling disk space caching [ 56.300358][ T3865] BTRFS info (device loop0): disk space caching is enabled [ 56.319375][ T3865] BTRFS info (device loop0): enabling ssd optimizations [ 56.327180][ T3865] BTRFS info (device loop0): clearing free space tree [ 56.334307][ T3865] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 3865] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 3865] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3865] chdir("./file0") = 0 [pid 3865] ioctl(4, LOOP_CLR_FD) = 0 [pid 3865] close(4) = 0 [pid 3865] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3864] <... futex resumed>) = 0 [pid 3864] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3864] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3865] open("./file0", O_RDONLY) = 4 [pid 3865] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3864] <... futex resumed>) = 0 [pid 3864] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3864] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 56.344029][ T3865] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 56.357339][ T3865] BTRFS info (device loop0): checking UUID tree [pid 3865] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 3865] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3864] <... futex resumed>) = 0 [pid 3864] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3864] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3865] <... futex resumed>) = 1 [pid 3865] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 3865] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3864] <... futex resumed>) = 0 [pid 3864] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3864] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3865] <... futex resumed>) = 1 [pid 3865] creat("./bus", 000) = 6 [pid 3865] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3864] <... futex resumed>) = 0 [pid 3864] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3864] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3865] <... futex resumed>) = 1 [pid 3865] ftruncate(6, 2048) = 0 [pid 3865] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3864] <... futex resumed>) = 0 [pid 3864] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3864] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3865] <... futex resumed>) = 1 [ 56.386705][ T27] audit: type=1800 audit(1670043436.885:22): pid=3865 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 56.425334][ T27] audit: type=1804 audit(1670043436.925:23): pid=3865 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/10/file0/bus" dev="loop0" ino=263 res=1 errno=0 [pid 3865] open("./bus", O_RDONLY) = 7 [pid 3865] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3864] <... futex resumed>) = 0 [pid 3864] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3864] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3865] <... futex resumed>) = 1 [pid 3865] sendfile(6, 7, NULL, 65536) = 2048 [pid 3865] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3864] <... futex resumed>) = 0 [pid 3864] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3864] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3865] <... futex resumed>) = 1 [pid 3865] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 3865] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3864] <... futex resumed>) = 0 [pid 3864] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3864] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3865] <... futex resumed>) = 1 [ 56.426264][ T9] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 56.479313][ T3865] BTRFS info (device loop0): balance: start -s [ 56.488333][ T3865] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 3865] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 3864] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3864] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3864] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 3864] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3864] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3885], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 3885 [pid 3864] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3864] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3885 attached [pid 3885] set_robust_list(0x7fdb617d59e0, 24 [pid 3865] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 3885] <... set_robust_list resumed>) = 0 [pid 3885] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 3865] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3865] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3885] <... ioctl resumed>) = 0 [pid 3885] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3885] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3864] <... futex resumed>) = 0 [pid 3864] exit_group(0 [pid 3865] <... futex resumed>) = ? [pid 3864] <... exit_group resumed>) = ? [pid 3885] <... futex resumed>) = ? [pid 3885] +++ exited with 0 +++ [pid 3865] +++ exited with 0 +++ [pid 3864] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3864, si_uid=0, si_status=0, si_utime=3, si_stime=31} --- [ 56.518730][ T3865] BTRFS info (device loop0): balance: ended with status: 0 umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./10/binderfs") = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 3886 ./strace-static-x86_64: Process 3886 attached [pid 3886] set_robust_list(0x55555746f5e0, 24) = 0 [pid 3886] chdir("./11") = 0 [pid 3886] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3886] setpgid(0, 0) = 0 [pid 3886] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3886] write(3, "1000", 4) = 4 [pid 3886] close(3) = 0 [pid 3886] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3886] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3886] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 3886] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3886] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3887], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 3887 [pid 3886] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3886] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3887 attached [pid 3887] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 3887] memfd_create("syzkaller", 0) = 3 [pid 3887] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 3887] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 3887] munmap(0x7fdb59200000, 16777216) = 0 [pid 3887] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3887] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3887] close(3) = 0 [pid 3887] mkdir("./file0", 0777) = 0 [ 56.867461][ T3887] loop0: detected capacity change from 0 to 32768 [ 56.880622][ T3887] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 56.890233][ T3887] BTRFS info (device loop0): force clearing of disk cache [ 56.897781][ T3887] BTRFS info (device loop0): setting nodatasum [ 56.904191][ T3887] BTRFS info (device loop0): allowing degraded mounts [ 56.911352][ T3887] BTRFS info (device loop0): enabling disk space caching [ 56.918852][ T3887] BTRFS info (device loop0): disk space caching is enabled [ 56.937663][ T3887] BTRFS info (device loop0): enabling ssd optimizations [ 56.945590][ T3887] BTRFS info (device loop0): clearing free space tree [ 56.952518][ T3887] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 3887] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 3887] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3887] chdir("./file0") = 0 [pid 3887] ioctl(4, LOOP_CLR_FD) = 0 [pid 3887] close(4) = 0 [pid 3887] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3886] <... futex resumed>) = 0 [pid 3886] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3886] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3887] <... futex resumed>) = 1 [pid 3887] open("./file0", O_RDONLY) = 4 [pid 3887] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3886] <... futex resumed>) = 0 [pid 3886] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3886] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3887] <... futex resumed>) = 1 [pid 3887] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [ 56.962234][ T3887] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 56.976145][ T3887] BTRFS info (device loop0): checking UUID tree [pid 3887] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3886] <... futex resumed>) = 0 [pid 3886] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3886] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3887] <... futex resumed>) = 1 [pid 3887] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 3887] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3886] <... futex resumed>) = 0 [pid 3886] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3886] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3887] <... futex resumed>) = 1 [pid 3887] creat("./bus", 000) = 6 [pid 3887] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3886] <... futex resumed>) = 0 [pid 3886] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3886] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3887] <... futex resumed>) = 1 [pid 3887] ftruncate(6, 2048) = 0 [pid 3887] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3886] <... futex resumed>) = 0 [pid 3886] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3886] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3887] <... futex resumed>) = 1 [pid 3887] open("./bus", O_RDONLY) = 7 [ 57.008626][ T27] audit: type=1800 audit(1670043437.515:24): pid=3887 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 57.037867][ T9] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 3887] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3886] <... futex resumed>) = 0 [pid 3886] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3886] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3887] <... futex resumed>) = 1 [pid 3887] sendfile(6, 7, NULL, 65536) = 2048 [pid 3887] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3886] <... futex resumed>) = 0 [pid 3886] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3886] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3887] <... futex resumed>) = 1 [pid 3887] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 3887] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3886] <... futex resumed>) = 0 [pid 3886] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3886] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3887] <... futex resumed>) = 1 [pid 3887] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 3886] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3886] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3886] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 3886] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3886] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3907], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 3907 [pid 3886] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 57.061599][ T27] audit: type=1804 audit(1670043437.565:25): pid=3887 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/11/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 57.079507][ T3887] BTRFS info (device loop0): balance: start -s [ 57.093618][ T3887] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 3886] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3907 attached [pid 3907] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 3907] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 3887] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 3887] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3887] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3907] <... ioctl resumed>) = 0 [pid 3907] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3886] <... futex resumed>) = 0 [pid 3907] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3886] exit_group(0 [pid 3907] <... futex resumed>) = ? [pid 3887] <... futex resumed>) = ? [pid 3886] <... exit_group resumed>) = ? [pid 3887] +++ exited with 0 +++ [pid 3907] +++ exited with 0 +++ [pid 3886] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3886, si_uid=0, si_status=0, si_utime=0, si_stime=32} --- umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./11/binderfs") = 0 [ 57.127473][ T3887] BTRFS info (device loop0): balance: ended with status: 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 3911 ./strace-static-x86_64: Process 3911 attached [pid 3911] set_robust_list(0x55555746f5e0, 24) = 0 [pid 3911] chdir("./12") = 0 [pid 3911] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3911] setpgid(0, 0) = 0 [pid 3911] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3911] write(3, "1000", 4) = 4 [pid 3911] close(3) = 0 [pid 3911] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3911] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3911] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 3911] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3911] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3912], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 3912 [pid 3911] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3911] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3912 attached [pid 3912] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 3912] memfd_create("syzkaller", 0) = 3 [pid 3912] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 3912] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 3912] munmap(0x7fdb59200000, 16777216) = 0 [pid 3912] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3912] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3912] close(3) = 0 [pid 3912] mkdir("./file0", 0777) = 0 [ 57.446588][ T3912] loop0: detected capacity change from 0 to 32768 [ 57.462241][ T3912] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 57.471546][ T3912] BTRFS info (device loop0): force clearing of disk cache [ 57.478822][ T3912] BTRFS info (device loop0): setting nodatasum [ 57.485265][ T3912] BTRFS info (device loop0): allowing degraded mounts [ 57.492106][ T3912] BTRFS info (device loop0): enabling disk space caching [ 57.499628][ T3912] BTRFS info (device loop0): disk space caching is enabled [ 57.519096][ T3912] BTRFS info (device loop0): enabling ssd optimizations [ 57.526765][ T3912] BTRFS info (device loop0): clearing free space tree [ 57.533687][ T3912] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 3912] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 3912] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3912] chdir("./file0") = 0 [pid 3912] ioctl(4, LOOP_CLR_FD) = 0 [pid 3912] close(4) = 0 [pid 3912] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3911] <... futex resumed>) = 0 [pid 3912] open("./file0", O_RDONLY [pid 3911] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3912] <... open resumed>) = 4 [pid 3911] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3912] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3911] <... futex resumed>) = 0 [pid 3911] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3912] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [ 57.543536][ T3912] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 57.557138][ T3912] BTRFS info (device loop0): checking UUID tree [pid 3911] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3912] <... open resumed>) = 5 [pid 3912] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3911] <... futex resumed>) = 0 [pid 3911] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3911] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3912] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 3912] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3912] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3911] <... futex resumed>) = 0 [pid 3911] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3912] <... futex resumed>) = 0 [pid 3911] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3912] creat("./bus", 000) = 6 [pid 3912] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3912] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3911] <... futex resumed>) = 0 [pid 3911] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3912] <... futex resumed>) = 0 [pid 3912] ftruncate(6, 2048 [pid 3911] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3912] <... ftruncate resumed>) = 0 [pid 3912] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3912] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3911] <... futex resumed>) = 0 [pid 3911] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3912] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3911] <... futex resumed>) = 0 [pid 3912] open("./bus", O_RDONLY [ 57.584367][ T27] audit: type=1800 audit(1670043438.085:26): pid=3912 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 57.629698][ T9] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 3911] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3912] <... open resumed>) = 7 [pid 3912] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3912] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3911] <... futex resumed>) = 0 [pid 3911] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3912] <... futex resumed>) = 0 [pid 3911] <... futex resumed>) = 1 [pid 3912] sendfile(6, 7, NULL, 65536) = 2048 [pid 3911] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3912] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3911] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3912] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3911] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3912] <... futex resumed>) = 0 [pid 3911] <... futex resumed>) = 1 [pid 3912] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 3911] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3912] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3911] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3912] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3911] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3912] <... futex resumed>) = 0 [pid 3912] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 57.644363][ T27] audit: type=1804 audit(1670043438.145:27): pid=3912 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/12/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 57.684553][ T3912] BTRFS info (device loop0): balance: start -s [ 57.693252][ T3912] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 3911] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 3911] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3911] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 3911] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3911] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3932], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 3932 [pid 3911] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3911] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3912] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 3912] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3912] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3932 attached [pid 3932] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 3932] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 3932] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3932] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3911] <... futex resumed>) = 0 [pid 3911] exit_group(0 [pid 3912] <... futex resumed>) = ? [ 57.721495][ T3912] BTRFS info (device loop0): balance: ended with status: 0 [pid 3911] <... exit_group resumed>) = ? [pid 3912] +++ exited with 0 +++ [pid 3932] <... futex resumed>) = ? [pid 3932] +++ exited with 0 +++ [pid 3911] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3911, si_uid=0, si_status=0, si_utime=4, si_stime=27} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./12/binderfs") = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 3933 ./strace-static-x86_64: Process 3933 attached [pid 3933] set_robust_list(0x55555746f5e0, 24) = 0 [pid 3933] chdir("./13") = 0 [pid 3933] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3933] setpgid(0, 0) = 0 [pid 3933] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3933] write(3, "1000", 4) = 4 [pid 3933] close(3) = 0 [pid 3933] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3933] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3933] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 3933] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3933] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3934], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 3934 [pid 3933] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3933] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3934 attached [pid 3934] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 3934] memfd_create("syzkaller", 0) = 3 [pid 3934] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 3934] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 3934] munmap(0x7fdb59200000, 16777216) = 0 [pid 3934] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3934] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3934] close(3) = 0 [pid 3934] mkdir("./file0", 0777) = 0 [ 58.064303][ T3934] loop0: detected capacity change from 0 to 32768 [ 58.077943][ T3934] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 58.087291][ T3934] BTRFS info (device loop0): force clearing of disk cache [ 58.094556][ T3934] BTRFS info (device loop0): setting nodatasum [ 58.100789][ T3934] BTRFS info (device loop0): allowing degraded mounts [ 58.107848][ T3934] BTRFS info (device loop0): enabling disk space caching [ 58.114879][ T3934] BTRFS info (device loop0): disk space caching is enabled [ 58.133508][ T3934] BTRFS info (device loop0): enabling ssd optimizations [ 58.141272][ T3934] BTRFS info (device loop0): clearing free space tree [ 58.148545][ T3934] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 3934] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 3934] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3934] chdir("./file0") = 0 [pid 3934] ioctl(4, LOOP_CLR_FD) = 0 [pid 3934] close(4) = 0 [pid 3934] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3933] <... futex resumed>) = 0 [pid 3934] <... futex resumed>) = 1 [pid 3933] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3934] open("./file0", O_RDONLY [pid 3933] <... futex resumed>) = 0 [pid 3933] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3934] <... open resumed>) = 4 [pid 3934] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3933] <... futex resumed>) = 0 [pid 3934] <... futex resumed>) = 1 [pid 3933] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3933] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 58.158635][ T3934] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 58.172285][ T3934] BTRFS info (device loop0): checking UUID tree [pid 3934] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 3934] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3934] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3933] <... futex resumed>) = 0 [pid 3933] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3934] <... futex resumed>) = 0 [pid 3933] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3934] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 3934] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3933] <... futex resumed>) = 0 [pid 3934] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3933] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3934] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3933] <... futex resumed>) = 0 [pid 3934] creat("./bus", 000 [pid 3933] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3934] <... creat resumed>) = 6 [pid 3934] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3933] <... futex resumed>) = 0 [pid 3934] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3933] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3934] <... futex resumed>) = 0 [pid 3933] <... futex resumed>) = 1 [pid 3934] ftruncate(6, 2048 [pid 3933] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3934] <... ftruncate resumed>) = 0 [ 58.195320][ T27] audit: type=1800 audit(1670043438.695:28): pid=3934 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 58.231215][ T33] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 3934] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3933] <... futex resumed>) = 0 [pid 3934] open("./bus", O_RDONLY [pid 3933] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3934] <... open resumed>) = 7 [pid 3933] <... futex resumed>) = 0 [pid 3934] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3933] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3934] <... futex resumed>) = 0 [pid 3933] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3934] sendfile(6, 7, NULL, 65536 [pid 3933] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3934] <... sendfile resumed>) = 2048 [pid 3933] <... futex resumed>) = 0 [pid 3934] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3933] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3934] <... futex resumed>) = 0 [pid 3933] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3934] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 3933] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3934] <... openat resumed>) = 8 [pid 3933] <... futex resumed>) = 0 [pid 3933] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3934] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3933] <... futex resumed>) = 0 [pid 3934] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 3933] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 58.252254][ T27] audit: type=1804 audit(1670043438.755:29): pid=3934 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/13/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 58.294928][ T3934] BTRFS info (device loop0): balance: start -s [ 58.303582][ T3934] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 3933] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 3933] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3933] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 3933] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3933] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3954], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 3954 [pid 3933] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3933] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3934] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 3934] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3934] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3954 attached [pid 3954] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 3954] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 3954] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3933] <... futex resumed>) = 0 [pid 3954] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3933] exit_group(0) = ? [pid 3954] <... futex resumed>) = ? [pid 3934] <... futex resumed>) = ? [pid 3934] +++ exited with 0 +++ [pid 3954] +++ exited with 0 +++ [pid 3933] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3933, si_uid=0, si_status=0, si_utime=3, si_stime=30} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./13/binderfs") = 0 [ 58.333667][ T3934] BTRFS info (device loop0): balance: ended with status: 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 3955 ./strace-static-x86_64: Process 3955 attached [pid 3955] set_robust_list(0x55555746f5e0, 24) = 0 [pid 3955] chdir("./14") = 0 [pid 3955] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3955] setpgid(0, 0) = 0 [pid 3955] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3955] write(3, "1000", 4) = 4 [pid 3955] close(3) = 0 [pid 3955] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3955] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3955] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 3955] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3955] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3956], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 3956 [pid 3955] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3955] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3956 attached [pid 3956] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 3956] memfd_create("syzkaller", 0) = 3 [pid 3956] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 3956] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 3956] munmap(0x7fdb59200000, 16777216) = 0 [pid 3956] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3956] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3956] close(3) = 0 [pid 3956] mkdir("./file0", 0777) = 0 [ 58.663432][ T3956] loop0: detected capacity change from 0 to 32768 [ 58.676226][ T3956] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 58.685587][ T3956] BTRFS info (device loop0): force clearing of disk cache [ 58.692796][ T3956] BTRFS info (device loop0): setting nodatasum [ 58.699117][ T3956] BTRFS info (device loop0): allowing degraded mounts [ 58.705904][ T3956] BTRFS info (device loop0): enabling disk space caching [ 58.713271][ T3956] BTRFS info (device loop0): disk space caching is enabled [ 58.731094][ T3956] BTRFS info (device loop0): enabling ssd optimizations [ 58.739330][ T3956] BTRFS info (device loop0): clearing free space tree [ 58.746127][ T3956] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 3956] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 3956] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3956] chdir("./file0") = 0 [pid 3956] ioctl(4, LOOP_CLR_FD) = 0 [pid 3956] close(4) = 0 [pid 3956] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3955] <... futex resumed>) = 0 [pid 3955] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3955] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3956] <... futex resumed>) = 1 [pid 3956] open("./file0", O_RDONLY) = 4 [pid 3956] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3955] <... futex resumed>) = 0 [pid 3955] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3955] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3956] <... futex resumed>) = 1 [pid 3956] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 3956] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3955] <... futex resumed>) = 0 [pid 3955] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3955] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3956] <... futex resumed>) = 1 [pid 3956] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 3956] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3955] <... futex resumed>) = 0 [pid 3955] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3955] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3956] creat("./bus", 000) = 6 [pid 3956] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3955] <... futex resumed>) = 0 [pid 3955] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3955] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 58.756160][ T3956] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 58.769692][ T3956] BTRFS info (device loop0): checking UUID tree [pid 3956] ftruncate(6, 2048) = 0 [pid 3956] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3955] <... futex resumed>) = 0 [pid 3955] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3956] open("./bus", O_RDONLY [pid 3955] <... futex resumed>) = 0 [pid 3955] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3956] <... open resumed>) = 7 [pid 3956] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3955] <... futex resumed>) = 0 [pid 3955] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3955] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3956] sendfile(6, 7, NULL, 65536) = 2048 [pid 3956] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3955] <... futex resumed>) = 0 [pid 3955] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3955] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3956] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 3956] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3955] <... futex resumed>) = 0 [pid 3956] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3955] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3956] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3955] <... futex resumed>) = 0 [pid 3956] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 58.820630][ T9] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 58.857968][ T3956] BTRFS info (device loop0): balance: start -s [pid 3955] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 3955] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3955] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 3955] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3955] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3976], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 3976 [pid 3955] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3955] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3976 attached [pid 3976] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 3976] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 3976] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3955] <... futex resumed>) = 0 [pid 3976] <... futex resumed>) = 1 [ 58.881388][ T3956] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 3976] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3956] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 3956] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3955] exit_group(0 [pid 3976] <... futex resumed>) = ? [pid 3955] <... exit_group resumed>) = ? [pid 3976] +++ exited with 0 +++ [pid 3956] +++ exited with 0 +++ [pid 3955] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3955, si_uid=0, si_status=0, si_utime=2, si_stime=31} --- umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./14/binderfs") = 0 [ 58.951675][ T3956] BTRFS info (device loop0): balance: ended with status: 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 3977 ./strace-static-x86_64: Process 3977 attached [pid 3977] set_robust_list(0x55555746f5e0, 24) = 0 [pid 3977] chdir("./15") = 0 [pid 3977] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3977] setpgid(0, 0) = 0 [pid 3977] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3977] write(3, "1000", 4) = 4 [pid 3977] close(3) = 0 [pid 3977] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3977] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3977] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 3977] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3977] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3978 attached , parent_tid=[3978], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 3978 [pid 3978] set_robust_list(0x7fdb617f69e0, 24 [pid 3977] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3978] <... set_robust_list resumed>) = 0 [pid 3977] <... futex resumed>) = 0 [pid 3978] memfd_create("syzkaller", 0 [pid 3977] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 3978] <... memfd_create resumed>) = 3 [pid 3978] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 3978] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 3978] munmap(0x7fdb59200000, 16777216) = 0 [pid 3978] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3978] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3978] close(3) = 0 [pid 3978] mkdir("./file0", 0777) = 0 [ 59.263305][ T3978] loop0: detected capacity change from 0 to 32768 [ 59.277504][ T3978] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 59.286819][ T3978] BTRFS info (device loop0): force clearing of disk cache [ 59.294008][ T3978] BTRFS info (device loop0): setting nodatasum [ 59.300430][ T3978] BTRFS info (device loop0): allowing degraded mounts [ 59.307203][ T3978] BTRFS info (device loop0): enabling disk space caching [ 59.314637][ T3978] BTRFS info (device loop0): disk space caching is enabled [ 59.335373][ T3978] BTRFS info (device loop0): enabling ssd optimizations [ 59.343445][ T3978] BTRFS info (device loop0): clearing free space tree [ 59.350650][ T3978] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 3978] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 3978] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3978] chdir("./file0") = 0 [pid 3978] ioctl(4, LOOP_CLR_FD) = 0 [pid 3978] close(4) = 0 [pid 3978] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3977] <... futex resumed>) = 0 [pid 3978] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3977] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3978] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3977] <... futex resumed>) = 0 [pid 3978] open("./file0", O_RDONLY [pid 3977] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3978] <... open resumed>) = 4 [pid 3978] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3977] <... futex resumed>) = 0 [pid 3978] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3977] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3978] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3977] <... futex resumed>) = 0 [pid 3978] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 3977] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3978] <... open resumed>) = 5 [pid 3978] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3977] <... futex resumed>) = 0 [pid 3978] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3977] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3978] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3977] <... futex resumed>) = 0 [pid 3978] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 3977] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3978] <... ioctl resumed>) = 0 [pid 3978] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3977] <... futex resumed>) = 0 [pid 3978] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3977] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3978] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3977] <... futex resumed>) = 0 [pid 3978] creat("./bus", 000 [ 59.360636][ T3978] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 3977] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3978] <... creat resumed>) = 6 [pid 3978] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3977] <... futex resumed>) = 0 [pid 3978] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3977] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3978] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3977] <... futex resumed>) = 0 [pid 3978] ftruncate(6, 2048 [pid 3977] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3978] <... ftruncate resumed>) = 0 [pid 3978] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3977] <... futex resumed>) = 0 [pid 3978] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3977] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3978] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3977] <... futex resumed>) = 0 [pid 3978] open("./bus", O_RDONLY [pid 3977] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3978] <... open resumed>) = 7 [pid 3978] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3977] <... futex resumed>) = 0 [pid 3978] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3977] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3978] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3977] <... futex resumed>) = 0 [pid 3978] sendfile(6, 7, NULL, 65536 [pid 3977] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3978] <... sendfile resumed>) = 2048 [pid 3978] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3977] <... futex resumed>) = 0 [pid 3978] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3977] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3978] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3977] <... futex resumed>) = 0 [pid 3978] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 3977] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3978] <... openat resumed>) = 8 [pid 3978] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3977] <... futex resumed>) = 0 [pid 3978] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3977] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3978] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3977] <... futex resumed>) = 0 [pid 3978] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 3977] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 3977] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3977] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 3977] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3977] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3998 attached , parent_tid=[3998], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 3998 [pid 3998] set_robust_list(0x7fdb617d59e0, 24 [pid 3977] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3998] <... set_robust_list resumed>) = 0 [pid 3998] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 3977] <... futex resumed>) = 0 [pid 3977] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3998] <... ioctl resumed>) = 0 [pid 3998] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3998] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3978] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 3978] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3978] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3977] <... futex resumed>) = 0 [pid 3977] exit_group(0) = ? [pid 3998] <... futex resumed>) = ? [pid 3998] +++ exited with 0 +++ [pid 3978] <... futex resumed>) = ? [pid 3978] +++ exited with 0 +++ [pid 3977] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3977, si_uid=0, si_status=0, si_utime=1, si_stime=23} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./15/binderfs") = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 3999 ./strace-static-x86_64: Process 3999 attached [pid 3999] set_robust_list(0x55555746f5e0, 24) = 0 [pid 3999] chdir("./16") = 0 [pid 3999] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3999] setpgid(0, 0) = 0 [pid 3999] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3999] write(3, "1000", 4) = 4 [pid 3999] close(3) = 0 [pid 3999] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3999] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3999] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 3999] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3999] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4000 attached , parent_tid=[4000], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4000 [pid 4000] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4000] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3999] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4000] <... futex resumed>) = 0 [pid 3999] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4000] memfd_create("syzkaller", 0) = 3 [pid 4000] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4000] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4000] munmap(0x7fdb59200000, 16777216) = 0 [pid 4000] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4000] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4000] close(3) = 0 [pid 4000] mkdir("./file0", 0777) = 0 [pid 4000] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4000] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4000] chdir("./file0") = 0 [pid 4000] ioctl(4, LOOP_CLR_FD) = 0 [pid 4000] close(4) = 0 [pid 4000] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4000] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3999] <... futex resumed>) = 0 [pid 3999] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3999] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4000] <... futex resumed>) = 0 [pid 4000] open("./file0", O_RDONLY) = 4 [pid 4000] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3999] <... futex resumed>) = 0 [pid 4000] <... futex resumed>) = 1 [pid 3999] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4000] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 3999] <... futex resumed>) = 0 [pid 3999] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4000] <... open resumed>) = 5 [ 59.825887][ T4000] loop0: detected capacity change from 0 to 32768 [pid 4000] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3999] <... futex resumed>) = 0 [pid 4000] <... futex resumed>) = 1 [pid 3999] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3999] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4000] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 4000] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3999] <... futex resumed>) = 0 [pid 4000] <... futex resumed>) = 1 [pid 3999] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4000] creat("./bus", 000 [pid 3999] <... futex resumed>) = 0 [pid 3999] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4000] <... creat resumed>) = 6 [pid 4000] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3999] <... futex resumed>) = 0 [pid 3999] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3999] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4000] <... futex resumed>) = 1 [pid 4000] ftruncate(6, 2048) = 0 [pid 4000] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3999] <... futex resumed>) = 0 [pid 4000] <... futex resumed>) = 1 [pid 3999] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3999] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4000] open("./bus", O_RDONLY) = 7 [pid 4000] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3999] <... futex resumed>) = 0 [pid 3999] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3999] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4000] <... futex resumed>) = 1 [pid 4000] sendfile(6, 7, NULL, 65536) = 2048 [pid 4000] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3999] <... futex resumed>) = 0 [pid 4000] <... futex resumed>) = 1 [pid 3999] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3999] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4000] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 4000] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3999] <... futex resumed>) = 0 [pid 4000] <... futex resumed>) = 1 [pid 3999] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3999] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4000] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4000] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3999] <... futex resumed>) = 0 [pid 4000] <... futex resumed>) = 1 [pid 3999] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3999] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4000] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 4000] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3999] <... futex resumed>) = 0 [pid 4000] <... futex resumed>) = 1 [pid 3999] exit_group(0 [pid 4000] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3999] <... exit_group resumed>) = ? [pid 4000] <... futex resumed>) = ? [pid 4000] +++ exited with 0 +++ [pid 3999] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3999, si_uid=0, si_status=0, si_utime=1, si_stime=19} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./16/binderfs") = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4020 ./strace-static-x86_64: Process 4020 attached [pid 4020] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4020] chdir("./17") = 0 [pid 4020] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4020] setpgid(0, 0) = 0 [pid 4020] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4020] write(3, "1000", 4) = 4 [pid 4020] close(3) = 0 [pid 4020] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4020] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4020] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4020] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4020] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4021], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4021 [pid 4020] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4020] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4021 attached [pid 4021] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4021] memfd_create("syzkaller", 0) = 3 [pid 4021] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4021] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4021] munmap(0x7fdb59200000, 16777216) = 0 [pid 4021] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4021] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4021] close(3) = 0 [pid 4021] mkdir("./file0", 0777) = 0 [pid 4021] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4021] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4021] chdir("./file0") = 0 [pid 4021] ioctl(4, LOOP_CLR_FD) = 0 [pid 4021] close(4) = 0 [pid 4021] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4020] <... futex resumed>) = 0 [pid 4020] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4020] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4021] <... futex resumed>) = 1 [pid 4021] open("./file0", O_RDONLY) = 4 [pid 4021] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4020] <... futex resumed>) = 0 [pid 4020] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4020] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4021] <... futex resumed>) = 1 [pid 4021] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 4021] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4020] <... futex resumed>) = 0 [pid 4020] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4020] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4021] <... futex resumed>) = 1 [pid 4021] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [ 60.290505][ T4021] loop0: detected capacity change from 0 to 32768 [pid 4021] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4020] <... futex resumed>) = 0 [pid 4020] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4020] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4021] creat("./bus", 000) = 6 [pid 4021] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4020] <... futex resumed>) = 0 [pid 4020] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4020] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4021] <... futex resumed>) = 1 [pid 4021] ftruncate(6, 2048) = 0 [pid 4021] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4020] <... futex resumed>) = 0 [pid 4020] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4020] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4021] <... futex resumed>) = 1 [pid 4021] open("./bus", O_RDONLY) = 7 [pid 4021] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4020] <... futex resumed>) = 0 [pid 4020] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4020] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4021] <... futex resumed>) = 1 [pid 4021] sendfile(6, 7, NULL, 65536) = 2048 [pid 4021] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4020] <... futex resumed>) = 0 [pid 4020] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4020] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4021] <... futex resumed>) = 1 [pid 4021] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 4021] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4020] <... futex resumed>) = 0 [pid 4020] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4020] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4021] <... futex resumed>) = 1 [pid 4021] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4021] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4020] <... futex resumed>) = 0 [pid 4020] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4020] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4021] <... futex resumed>) = 1 [pid 4021] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 4021] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4020] <... futex resumed>) = 0 [pid 4020] exit_group(0) = ? [pid 4021] <... futex resumed>) = ? [pid 4021] +++ exited with 0 +++ [pid 4020] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4020, si_uid=0, si_status=0, si_utime=1, si_stime=16} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./17/binderfs") = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4041 attached , child_tidptr=0x55555746f5d0) = 4041 [pid 4041] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4041] chdir("./18") = 0 [pid 4041] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4041] setpgid(0, 0) = 0 [pid 4041] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4041] write(3, "1000", 4) = 4 [pid 4041] close(3) = 0 [pid 4041] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4041] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4041] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4041] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4041] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4042 attached , parent_tid=[4042], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4042 [pid 4042] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4042] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4041] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4042] <... futex resumed>) = 0 [pid 4042] memfd_create("syzkaller", 0) = 3 [pid 4042] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4041] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4042] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4042] munmap(0x7fdb59200000, 16777216) = 0 [pid 4042] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4042] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4042] close(3) = 0 [pid 4042] mkdir("./file0", 0777) = 0 [ 60.738376][ T4042] loop0: detected capacity change from 0 to 32768 [ 60.753591][ T4042] _btrfs_printk: 35 callbacks suppressed [ 60.753655][ T4042] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 60.768675][ T4042] BTRFS info (device loop0): force clearing of disk cache [ 60.775809][ T4042] BTRFS info (device loop0): setting nodatasum [ 60.782019][ T4042] BTRFS info (device loop0): allowing degraded mounts [ 60.788957][ T4042] BTRFS info (device loop0): enabling disk space caching [ 60.795975][ T4042] BTRFS info (device loop0): disk space caching is enabled [ 60.815298][ T4042] BTRFS info (device loop0): enabling ssd optimizations [ 60.822863][ T4042] BTRFS info (device loop0): clearing free space tree [ 60.829739][ T4042] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 4042] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4042] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4042] chdir("./file0") = 0 [pid 4042] ioctl(4, LOOP_CLR_FD) = 0 [pid 4042] close(4) = 0 [pid 4042] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4041] <... futex resumed>) = 0 [pid 4041] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4041] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4042] <... futex resumed>) = 1 [pid 4042] open("./file0", O_RDONLY) = 4 [pid 4042] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4041] <... futex resumed>) = 0 [pid 4041] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4041] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4042] <... futex resumed>) = 1 [ 60.839441][ T4042] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 60.852689][ T4042] BTRFS info (device loop0): checking UUID tree [pid 4042] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 4042] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4041] <... futex resumed>) = 0 [pid 4041] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4041] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4042] <... futex resumed>) = 1 [pid 4042] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 4042] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4041] <... futex resumed>) = 0 [pid 4041] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4042] creat("./bus", 000 [pid 4041] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4042] <... creat resumed>) = 6 [pid 4042] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4041] <... futex resumed>) = 0 [pid 4041] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4041] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4042] ftruncate(6, 2048) = 0 [pid 4042] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4041] <... futex resumed>) = 0 [pid 4041] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4041] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4042] <... futex resumed>) = 1 [ 60.882651][ T27] kauditd_printk_skb: 8 callbacks suppressed [ 60.882664][ T27] audit: type=1800 audit(1670043441.385:38): pid=4042 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 4042] open("./bus", O_RDONLY) = 7 [pid 4042] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4041] <... futex resumed>) = 0 [pid 4041] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4041] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4042] sendfile(6, 7, NULL, 65536) = 2048 [pid 4042] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4041] <... futex resumed>) = 0 [pid 4041] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4041] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4042] <... futex resumed>) = 1 [pid 4042] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 4042] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4041] <... futex resumed>) = 0 [pid 4041] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4041] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4042] <... futex resumed>) = 1 [ 60.923078][ T27] audit: type=1804 audit(1670043441.425:39): pid=4042 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/18/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 60.972156][ T33] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 4042] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 4041] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 4041] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4041] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 4041] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4041] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4062], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 4062 [pid 4041] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4041] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4062 attached [pid 4062] set_robust_list(0x7fdb617d59e0, 24) = 0 [ 60.984010][ T4042] BTRFS info (device loop0): balance: start -s [ 60.993069][ T4042] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 4062] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 4062] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4041] <... futex resumed>) = 0 [pid 4062] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4042] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4042] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4041] exit_group(0) = ? [pid 4042] <... futex resumed>) = ? [pid 4042] +++ exited with 0 +++ [pid 4062] <... futex resumed>) = ? [pid 4062] +++ exited with 0 +++ [pid 4041] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4041, si_uid=0, si_status=0, si_utime=1, si_stime=28} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./18/binderfs") = 0 [ 61.025779][ T4042] BTRFS info (device loop0): balance: ended with status: 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4063 ./strace-static-x86_64: Process 4063 attached [pid 4063] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4063] chdir("./19") = 0 [pid 4063] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4063] setpgid(0, 0) = 0 [pid 4063] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4063] write(3, "1000", 4) = 4 [pid 4063] close(3) = 0 [pid 4063] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4063] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4063] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4063] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4063] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4064 attached , parent_tid=[4064], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4064 [pid 4063] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4063] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4064] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4064] memfd_create("syzkaller", 0) = 3 [pid 4064] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4064] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4064] munmap(0x7fdb59200000, 16777216) = 0 [pid 4064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4064] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4064] close(3) = 0 [pid 4064] mkdir("./file0", 0777) = 0 [ 61.331094][ T4064] loop0: detected capacity change from 0 to 32768 [ 61.344072][ T4064] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 61.353544][ T4064] BTRFS info (device loop0): force clearing of disk cache [ 61.360811][ T4064] BTRFS info (device loop0): setting nodatasum [ 61.366971][ T4064] BTRFS info (device loop0): allowing degraded mounts [ 61.373937][ T4064] BTRFS info (device loop0): enabling disk space caching [ 61.381131][ T4064] BTRFS info (device loop0): disk space caching is enabled [ 61.398101][ T4064] BTRFS info (device loop0): enabling ssd optimizations [ 61.405649][ T4064] BTRFS info (device loop0): clearing free space tree [ 61.412915][ T4064] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 4064] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4064] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4064] chdir("./file0") = 0 [pid 4064] ioctl(4, LOOP_CLR_FD) = 0 [pid 4064] close(4) = 0 [pid 4064] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4063] <... futex resumed>) = 0 [pid 4063] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4063] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4064] open("./file0", O_RDONLY) = 4 [pid 4064] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4063] <... futex resumed>) = 0 [pid 4064] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4063] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4064] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4063] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 61.423085][ T4064] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 61.437646][ T4064] BTRFS info (device loop0): checking UUID tree [pid 4064] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 4064] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4063] <... futex resumed>) = 0 [pid 4063] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4063] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4064] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 4064] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4063] <... futex resumed>) = 0 [pid 4063] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4063] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 61.464577][ T27] audit: type=1800 audit(1670043441.965:40): pid=4064 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 4064] creat("./bus", 000) = 6 [pid 4064] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4063] <... futex resumed>) = 0 [pid 4063] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4063] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4064] ftruncate(6, 2048) = 0 [pid 4064] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4063] <... futex resumed>) = 0 [pid 4063] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4063] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4064] open("./bus", O_RDONLY) = 7 [pid 4064] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4063] <... futex resumed>) = 0 [pid 4063] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4063] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4064] sendfile(6, 7, NULL, 65536) = 2048 [pid 4064] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4063] <... futex resumed>) = 0 [pid 4063] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4063] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4064] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 4064] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4064] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4063] <... futex resumed>) = 0 [pid 4063] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4063] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4064] <... futex resumed>) = 0 [ 61.502781][ T9] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 61.518361][ T27] audit: type=1804 audit(1670043442.025:41): pid=4064 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/19/file0/bus" dev="loop0" ino=263 res=1 errno=0 [pid 4064] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 4063] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 4063] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 4063] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4063] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 4063] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4063] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4084], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 4084 [pid 4063] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4063] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4084 attached [pid 4064] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4064] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4084] set_robust_list(0x7fdb617d59e0, 24 [pid 4064] <... futex resumed>) = 0 [pid 4084] <... set_robust_list resumed>) = 0 [pid 4084] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [ 61.557472][ T4064] BTRFS info (device loop0): balance: start -s [ 61.565180][ T4064] BTRFS info (device loop0): relocating block group 1048576 flags system [ 61.592349][ T4064] BTRFS info (device loop0): balance: ended with status: 0 [pid 4064] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4084] <... ioctl resumed>) = 0 [pid 4084] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4063] <... futex resumed>) = 0 [pid 4063] exit_group(0) = ? [pid 4064] <... futex resumed>) = ? [pid 4084] <... futex resumed>) = ? [pid 4064] +++ exited with 0 +++ [pid 4084] +++ exited with 0 +++ [pid 4063] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4063, si_uid=0, si_status=0, si_utime=3, si_stime=27} --- umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./19/binderfs") = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4085 attached , child_tidptr=0x55555746f5d0) = 4085 [pid 4085] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4085] chdir("./20") = 0 [pid 4085] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4085] setpgid(0, 0) = 0 [pid 4085] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4085] write(3, "1000", 4) = 4 [pid 4085] close(3) = 0 [pid 4085] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4085] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4085] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4085] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4085] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4086 attached , parent_tid=[4086], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4086 [pid 4085] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4086] set_robust_list(0x7fdb617f69e0, 24 [pid 4085] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4086] <... set_robust_list resumed>) = 0 [pid 4086] memfd_create("syzkaller", 0) = 3 [pid 4086] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4086] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4086] munmap(0x7fdb59200000, 16777216) = 0 [pid 4086] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4086] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4086] close(3) = 0 [pid 4086] mkdir("./file0", 0777) = 0 [ 61.930384][ T4086] loop0: detected capacity change from 0 to 32768 [ 61.944579][ T4086] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 61.953853][ T4086] BTRFS info (device loop0): force clearing of disk cache [ 61.961175][ T4086] BTRFS info (device loop0): setting nodatasum [ 61.967579][ T4086] BTRFS info (device loop0): allowing degraded mounts [ 61.974478][ T4086] BTRFS info (device loop0): enabling disk space caching [ 61.981744][ T4086] BTRFS info (device loop0): disk space caching is enabled [ 62.000758][ T4086] BTRFS info (device loop0): enabling ssd optimizations [ 62.008632][ T4086] BTRFS info (device loop0): clearing free space tree [ 62.015505][ T4086] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 4086] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4086] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4086] chdir("./file0") = 0 [pid 4086] ioctl(4, LOOP_CLR_FD) = 0 [pid 4086] close(4) = 0 [pid 4086] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4085] <... futex resumed>) = 0 [pid 4085] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4085] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4086] open("./file0", O_RDONLY) = 4 [pid 4086] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4085] <... futex resumed>) = 0 [pid 4085] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4085] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 62.025283][ T4086] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 62.038777][ T4086] BTRFS info (device loop0): checking UUID tree [pid 4086] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 4086] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4085] <... futex resumed>) = 0 [pid 4085] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4085] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4086] <... futex resumed>) = 1 [pid 4086] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 4086] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4085] <... futex resumed>) = 0 [pid 4085] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4085] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4086] <... futex resumed>) = 1 [pid 4086] creat("./bus", 000) = 6 [pid 4086] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4085] <... futex resumed>) = 0 [pid 4085] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4085] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4086] <... futex resumed>) = 1 [pid 4086] ftruncate(6, 2048) = 0 [pid 4086] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4085] <... futex resumed>) = 0 [pid 4085] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4085] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4086] <... futex resumed>) = 1 [ 62.065242][ T27] audit: type=1800 audit(1670043442.565:42): pid=4086 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 4086] open("./bus", O_RDONLY) = 7 [pid 4086] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4085] <... futex resumed>) = 0 [pid 4085] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4085] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4086] <... futex resumed>) = 1 [pid 4086] sendfile(6, 7, NULL, 65536) = 2048 [pid 4086] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4085] <... futex resumed>) = 0 [pid 4085] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4085] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4086] <... futex resumed>) = 1 [pid 4086] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 4086] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4085] <... futex resumed>) = 0 [pid 4085] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4085] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4086] <... futex resumed>) = 1 [ 62.107190][ T27] audit: type=1804 audit(1670043442.605:43): pid=4086 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/20/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 62.107850][ T9] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 4086] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 4085] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 4085] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4085] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 4085] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4085] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4106], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 4106 [pid 4085] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4085] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4106 attached [pid 4086] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4106] set_robust_list(0x7fdb617d59e0, 24 [pid 4086] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4106] <... set_robust_list resumed>) = 0 [pid 4086] <... futex resumed>) = 0 [pid 4106] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 4086] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4106] <... ioctl resumed>) = 0 [pid 4106] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4085] <... futex resumed>) = 0 [pid 4085] exit_group(0 [pid 4086] <... futex resumed>) = ? [pid 4085] <... exit_group resumed>) = ? [pid 4086] +++ exited with 0 +++ [pid 4106] +++ exited with 0 +++ [pid 4085] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4085, si_uid=0, si_status=0, si_utime=3, si_stime=25} --- [ 62.160097][ T4086] BTRFS info (device loop0): balance: start -s [ 62.169358][ T4086] BTRFS info (device loop0): relocating block group 1048576 flags system [ 62.192904][ T4086] BTRFS info (device loop0): balance: ended with status: 0 restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./20/binderfs") = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4107 ./strace-static-x86_64: Process 4107 attached [pid 4107] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4107] chdir("./21") = 0 [pid 4107] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4107] setpgid(0, 0) = 0 [pid 4107] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4107] write(3, "1000", 4) = 4 [pid 4107] close(3) = 0 [pid 4107] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4107] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4107] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4107] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4107] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4108], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4108 [pid 4107] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4107] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4108 attached [pid 4108] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4108] memfd_create("syzkaller", 0) = 3 [pid 4108] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4108] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4108] munmap(0x7fdb59200000, 16777216) = 0 [pid 4108] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4108] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4108] close(3) = 0 [pid 4108] mkdir("./file0", 0777) = 0 [ 62.523821][ T4108] loop0: detected capacity change from 0 to 32768 [ 62.538411][ T4108] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 62.547802][ T4108] BTRFS info (device loop0): force clearing of disk cache [ 62.555118][ T4108] BTRFS info (device loop0): setting nodatasum [ 62.561878][ T4108] BTRFS info (device loop0): allowing degraded mounts [ 62.569133][ T4108] BTRFS info (device loop0): enabling disk space caching [ 62.576224][ T4108] BTRFS info (device loop0): disk space caching is enabled [pid 4108] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4108] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4108] chdir("./file0") = 0 [pid 4108] ioctl(4, LOOP_CLR_FD) = 0 [pid 4108] close(4) = 0 [pid 4108] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4107] <... futex resumed>) = 0 [pid 4107] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4107] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4108] open("./file0", O_RDONLY) = 4 [pid 4108] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4107] <... futex resumed>) = 0 [pid 4107] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4107] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 62.625196][ T4108] BTRFS info (device loop0): enabling ssd optimizations [ 62.633086][ T4108] BTRFS info (device loop0): clearing free space tree [ 62.640332][ T4108] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 62.650464][ T4108] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 62.664013][ T4108] BTRFS info (device loop0): checking UUID tree [pid 4108] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 4108] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4108] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4107] <... futex resumed>) = 0 [pid 4107] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4108] <... futex resumed>) = 0 [pid 4107] <... futex resumed>) = 1 [pid 4108] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 4107] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4108] <... ioctl resumed>) = 0 [pid 4108] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4108] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4107] <... futex resumed>) = 0 [pid 4107] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4108] <... futex resumed>) = 0 [pid 4108] creat("./bus", 000 [pid 4107] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4108] <... creat resumed>) = 6 [pid 4108] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4108] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4107] <... futex resumed>) = 0 [pid 4107] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4108] <... futex resumed>) = 0 [pid 4107] <... futex resumed>) = 1 [pid 4108] ftruncate(6, 2048) = 0 [pid 4107] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4108] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4108] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4107] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4107] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4108] <... futex resumed>) = 0 [pid 4107] <... futex resumed>) = 1 [pid 4108] open("./bus", O_RDONLY [ 62.697158][ T27] audit: type=1800 audit(1670043443.195:44): pid=4108 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 4107] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4108] <... open resumed>) = 7 [pid 4108] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4108] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4107] <... futex resumed>) = 0 [pid 4107] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4108] <... futex resumed>) = 0 [pid 4107] <... futex resumed>) = 1 [pid 4108] sendfile(6, 7, NULL, 65536) = 2048 [pid 4107] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4108] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4108] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4107] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4107] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4108] <... futex resumed>) = 0 [pid 4107] <... futex resumed>) = 1 [pid 4108] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 4107] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4108] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4108] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4107] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4107] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4108] <... futex resumed>) = 0 [pid 4107] <... futex resumed>) = 1 [pid 4108] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 62.745756][ T27] audit: type=1804 audit(1670043443.245:45): pid=4108 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/21/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 62.775264][ T33] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 4107] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 4107] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4107] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 4108] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4107] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE [pid 4108] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4108] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4107] <... mprotect resumed>) = 0 [pid 4107] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4128 attached [pid 4128] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 4128] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4107] <... clone resumed>, parent_tid=[4128], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 4128 [pid 4107] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4128] <... futex resumed>) = 0 [pid 4107] <... futex resumed>) = 1 [pid 4107] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4128] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 4128] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4107] <... futex resumed>) = 0 [pid 4107] exit_group(0 [pid 4108] <... futex resumed>) = ? [pid 4107] <... exit_group resumed>) = ? [pid 4108] +++ exited with 0 +++ [pid 4128] <... futex resumed>) = ? [ 62.794790][ T4108] BTRFS info (device loop0): balance: start -s [ 62.803666][ T4108] BTRFS info (device loop0): relocating block group 1048576 flags system [ 62.833983][ T4108] BTRFS info (device loop0): balance: ended with status: 0 [pid 4128] +++ exited with 0 +++ [pid 4107] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4107, si_uid=0, si_status=0, si_utime=3, si_stime=29} --- umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./21/binderfs") = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4129 ./strace-static-x86_64: Process 4129 attached [pid 4129] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4129] chdir("./22") = 0 [pid 4129] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4129] setpgid(0, 0) = 0 [pid 4129] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4129] write(3, "1000", 4) = 4 [pid 4129] close(3) = 0 [pid 4129] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4129] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4129] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4129] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4129] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4130 attached , parent_tid=[4130], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4130 [pid 4129] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4129] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4130] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4130] memfd_create("syzkaller", 0) = 3 [pid 4130] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4130] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4130] munmap(0x7fdb59200000, 16777216) = 0 [pid 4130] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4130] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4130] close(3) = 0 [pid 4130] mkdir("./file0", 0777) = 0 [ 63.178189][ T4130] loop0: detected capacity change from 0 to 32768 [ 63.190775][ T4130] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 63.200293][ T4130] BTRFS info (device loop0): force clearing of disk cache [ 63.207857][ T4130] BTRFS info (device loop0): setting nodatasum [ 63.214358][ T4130] BTRFS info (device loop0): allowing degraded mounts [ 63.221514][ T4130] BTRFS info (device loop0): enabling disk space caching [ 63.228939][ T4130] BTRFS info (device loop0): disk space caching is enabled [ 63.247709][ T4130] BTRFS info (device loop0): enabling ssd optimizations [ 63.255499][ T4130] BTRFS info (device loop0): clearing free space tree [ 63.262437][ T4130] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 4130] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4130] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4130] chdir("./file0") = 0 [pid 4130] ioctl(4, LOOP_CLR_FD) = 0 [pid 4130] close(4) = 0 [pid 4130] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4129] <... futex resumed>) = 0 [pid 4130] <... futex resumed>) = 1 [pid 4129] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4130] open("./file0", O_RDONLY [pid 4129] <... futex resumed>) = 0 [pid 4129] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4130] <... open resumed>) = 4 [pid 4130] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4129] <... futex resumed>) = 0 [pid 4130] <... futex resumed>) = 1 [pid 4129] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4129] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 63.272173][ T4130] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 63.285705][ T4130] BTRFS info (device loop0): checking UUID tree [pid 4130] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 4130] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4129] <... futex resumed>) = 0 [pid 4129] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4130] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 4129] <... futex resumed>) = 0 [pid 4129] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4130] <... ioctl resumed>) = 0 [pid 4130] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4129] <... futex resumed>) = 0 [pid 4129] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4130] creat("./bus", 000 [pid 4129] <... futex resumed>) = 0 [pid 4130] <... creat resumed>) = 6 [pid 4129] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4130] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4129] <... futex resumed>) = 0 [pid 4130] <... futex resumed>) = 1 [pid 4129] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4130] ftruncate(6, 2048 [pid 4129] <... futex resumed>) = 0 [pid 4129] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4130] <... ftruncate resumed>) = 0 [pid 4130] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4129] <... futex resumed>) = 0 [ 63.319344][ T27] audit: type=1800 audit(1670043443.825:46): pid=4130 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 4130] <... futex resumed>) = 1 [pid 4129] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4130] open("./bus", O_RDONLY [pid 4129] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4130] <... open resumed>) = 7 [pid 4130] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4129] <... futex resumed>) = 0 [pid 4130] <... futex resumed>) = 1 [pid 4129] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4130] sendfile(6, 7, NULL, 65536 [pid 4129] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4130] <... sendfile resumed>) = 2048 [pid 4130] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4129] <... futex resumed>) = 0 [pid 4130] <... futex resumed>) = 1 [pid 4129] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4130] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 4129] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4130] <... openat resumed>) = 8 [pid 4130] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4129] <... futex resumed>) = 0 [pid 4129] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4130] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 63.367640][ T27] audit: type=1804 audit(1670043443.865:47): pid=4130 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/22/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 63.407662][ T33] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 4129] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 4129] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 4129] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4129] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 4129] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4129] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4150], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 4150 [pid 4129] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4129] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4150 attached [ 63.418870][ T4130] BTRFS info (device loop0): balance: start -s [ 63.426571][ T4130] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 4150] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 4150] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 4130] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4150] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4130] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4150] <... futex resumed>) = 1 [pid 4129] <... futex resumed>) = 0 [pid 4150] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4130] <... futex resumed>) = 0 [pid 4129] exit_group(0) = ? [pid 4150] <... futex resumed>) = ? [pid 4150] +++ exited with 0 +++ [pid 4130] +++ exited with 0 +++ [pid 4129] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4129, si_uid=0, si_status=0, si_utime=3, si_stime=29} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./22/binderfs") = 0 [ 63.460342][ T4130] BTRFS info (device loop0): balance: ended with status: 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4151 ./strace-static-x86_64: Process 4151 attached [pid 4151] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4151] chdir("./23") = 0 [pid 4151] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4151] setpgid(0, 0) = 0 [pid 4151] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4151] write(3, "1000", 4) = 4 [pid 4151] close(3) = 0 [pid 4151] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4151] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4151] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4151] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4151] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4152 attached , parent_tid=[4152], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4152 [pid 4152] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4151] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4151] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4152] memfd_create("syzkaller", 0) = 3 [pid 4152] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4152] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4152] munmap(0x7fdb59200000, 16777216) = 0 [pid 4152] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4152] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4152] close(3) = 0 [pid 4152] mkdir("./file0", 0777) = 0 [ 63.775850][ T4152] loop0: detected capacity change from 0 to 32768 [ 63.790166][ T4152] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 63.799474][ T4152] BTRFS info (device loop0): force clearing of disk cache [ 63.806632][ T4152] BTRFS info (device loop0): setting nodatasum [ 63.813158][ T4152] BTRFS info (device loop0): allowing degraded mounts [ 63.820146][ T4152] BTRFS info (device loop0): enabling disk space caching [ 63.827159][ T4152] BTRFS info (device loop0): disk space caching is enabled [ 63.845500][ T4152] BTRFS info (device loop0): enabling ssd optimizations [ 63.853260][ T4152] BTRFS info (device loop0): clearing free space tree [ 63.860331][ T4152] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 4152] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4152] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4152] chdir("./file0") = 0 [pid 4152] ioctl(4, LOOP_CLR_FD) = 0 [pid 4152] close(4) = 0 [pid 4152] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4151] <... futex resumed>) = 0 [pid 4152] open("./file0", O_RDONLY [pid 4151] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4152] <... open resumed>) = 4 [pid 4151] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4152] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4151] <... futex resumed>) = 0 [pid 4152] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 4151] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4151] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4152] <... open resumed>) = 5 [pid 4152] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4151] <... futex resumed>) = 0 [pid 4152] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4151] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4152] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4151] <... futex resumed>) = 0 [pid 4152] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 4151] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4152] <... ioctl resumed>) = 0 [pid 4152] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4151] <... futex resumed>) = 0 [pid 4152] <... futex resumed>) = 1 [pid 4151] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4152] creat("./bus", 000 [pid 4151] <... futex resumed>) = 0 [pid 4151] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4152] <... creat resumed>) = 6 [ 63.870229][ T4152] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 63.883548][ T4152] BTRFS info (device loop0): checking UUID tree [pid 4152] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4151] <... futex resumed>) = 0 [pid 4152] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4151] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4152] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4151] <... futex resumed>) = 0 [pid 4151] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4152] ftruncate(6, 2048) = 0 [pid 4152] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4151] <... futex resumed>) = 0 [pid 4152] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4151] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4152] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4151] <... futex resumed>) = 0 [pid 4152] open("./bus", O_RDONLY [pid 4151] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4152] <... open resumed>) = 7 [pid 4152] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4151] <... futex resumed>) = 0 [pid 4152] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4151] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4152] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4151] <... futex resumed>) = 0 [pid 4152] sendfile(6, 7, NULL, 65536 [pid 4151] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4152] <... sendfile resumed>) = 2048 [pid 4152] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4151] <... futex resumed>) = 0 [pid 4151] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4152] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 4151] <... futex resumed>) = 0 [pid 4152] <... openat resumed>) = 8 [pid 4151] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4152] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4151] <... futex resumed>) = 0 [pid 4152] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 4151] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 63.930165][ T33] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 63.955832][ T4152] BTRFS info (device loop0): balance: start -s [ 63.964722][ T4152] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 4151] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 4151] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4151] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 4151] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4151] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4172], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 4172 [pid 4151] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4151] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4172 attached [pid 4172] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 4172] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 4152] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4152] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4152] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4172] <... ioctl resumed>) = 0 [pid 4172] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4151] <... futex resumed>) = 0 [pid 4172] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4151] exit_group(0 [pid 4172] <... futex resumed>) = ? [pid 4152] <... futex resumed>) = ? [pid 4151] <... exit_group resumed>) = ? [pid 4152] +++ exited with 0 +++ [pid 4172] +++ exited with 0 +++ [pid 4151] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4151, si_uid=0, si_status=0, si_utime=1, si_stime=29} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./23/binderfs") = 0 [ 63.992885][ T4152] BTRFS info (device loop0): balance: ended with status: 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4173 ./strace-static-x86_64: Process 4173 attached [pid 4173] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4173] chdir("./24") = 0 [pid 4173] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4173] setpgid(0, 0) = 0 [pid 4173] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4173] write(3, "1000", 4) = 4 [pid 4173] close(3) = 0 [pid 4173] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4173] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4173] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4173] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4173] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4174], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4174 [pid 4173] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4173] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4174 attached [pid 4174] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4174] memfd_create("syzkaller", 0) = 3 [pid 4174] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4174] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4174] munmap(0x7fdb59200000, 16777216) = 0 [pid 4174] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4174] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4174] close(3) = 0 [pid 4174] mkdir("./file0", 0777) = 0 [ 64.328099][ T4174] loop0: detected capacity change from 0 to 32768 [ 64.340738][ T4174] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 64.350187][ T4174] BTRFS info (device loop0): force clearing of disk cache [ 64.357361][ T4174] BTRFS info (device loop0): setting nodatasum [ 64.363666][ T4174] BTRFS info (device loop0): allowing degraded mounts [ 64.370643][ T4174] BTRFS info (device loop0): enabling disk space caching [ 64.377717][ T4174] BTRFS info (device loop0): disk space caching is enabled [ 64.395859][ T4174] BTRFS info (device loop0): enabling ssd optimizations [ 64.404079][ T4174] BTRFS info (device loop0): clearing free space tree [ 64.411214][ T4174] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 4174] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4174] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4174] chdir("./file0") = 0 [pid 4174] ioctl(4, LOOP_CLR_FD) = 0 [pid 4174] close(4) = 0 [pid 4174] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4173] <... futex resumed>) = 0 [pid 4174] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4173] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4174] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4173] <... futex resumed>) = 0 [pid 4174] open("./file0", O_RDONLY [pid 4173] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4174] <... open resumed>) = 4 [pid 4174] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4173] <... futex resumed>) = 0 [pid 4174] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4173] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4174] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4173] <... futex resumed>) = 0 [pid 4174] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 4173] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4174] <... open resumed>) = 5 [pid 4174] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4173] <... futex resumed>) = 0 [pid 4174] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 4173] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 64.421026][ T4174] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 4173] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4174] <... ioctl resumed>) = 0 [pid 4174] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4173] <... futex resumed>) = 0 [pid 4173] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4173] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4174] <... futex resumed>) = 1 [pid 4174] creat("./bus", 000) = 6 [pid 4174] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4173] <... futex resumed>) = 0 [pid 4173] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4173] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4174] <... futex resumed>) = 1 [pid 4174] ftruncate(6, 2048) = 0 [pid 4174] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4173] <... futex resumed>) = 0 [pid 4173] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4174] <... futex resumed>) = 1 [pid 4173] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4174] open("./bus", O_RDONLY) = 7 [pid 4174] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4173] <... futex resumed>) = 0 [pid 4173] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4174] <... futex resumed>) = 1 [pid 4173] <... futex resumed>) = 0 [pid 4174] sendfile(6, 7, NULL, 65536 [pid 4173] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4174] <... sendfile resumed>) = 2048 [pid 4174] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4173] <... futex resumed>) = 0 [pid 4173] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4174] <... futex resumed>) = 1 [pid 4173] <... futex resumed>) = 0 [pid 4174] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 4173] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4174] <... openat resumed>) = 8 [pid 4174] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4173] <... futex resumed>) = 0 [pid 4173] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4173] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4174] <... futex resumed>) = 1 [pid 4174] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4174] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4173] <... futex resumed>) = 0 [pid 4173] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4173] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4174] <... futex resumed>) = 1 [pid 4174] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 4174] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4173] <... futex resumed>) = 0 [pid 4174] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4173] exit_group(0 [pid 4174] <... futex resumed>) = ? [pid 4173] <... exit_group resumed>) = ? [pid 4174] +++ exited with 0 +++ [pid 4173] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4173, si_uid=0, si_status=0, si_utime=1, si_stime=23} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./24/binderfs") = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4194 ./strace-static-x86_64: Process 4194 attached [pid 4194] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4194] chdir("./25") = 0 [pid 4194] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4194] setpgid(0, 0) = 0 [pid 4194] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4194] write(3, "1000", 4) = 4 [pid 4194] close(3) = 0 [pid 4194] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4194] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4194] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4194] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4194] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4195 attached , parent_tid=[4195], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4195 [pid 4195] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4195] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4194] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4195] <... futex resumed>) = 0 [pid 4194] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4195] memfd_create("syzkaller", 0) = 3 [pid 4195] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4195] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4195] munmap(0x7fdb59200000, 16777216) = 0 [pid 4195] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4195] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4195] close(3) = 0 [pid 4195] mkdir("./file0", 0777) = 0 [pid 4195] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4195] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4195] chdir("./file0") = 0 [pid 4195] ioctl(4, LOOP_CLR_FD) = 0 [pid 4195] close(4) = 0 [pid 4195] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4194] <... futex resumed>) = 0 [pid 4195] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4194] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4194] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4195] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4195] open("./file0", O_RDONLY) = 4 [pid 4195] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4194] <... futex resumed>) = 0 [pid 4194] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4194] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4195] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 4195] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4194] <... futex resumed>) = 0 [pid 4195] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4194] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4195] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4194] <... futex resumed>) = 0 [pid 4195] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 4194] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4195] <... ioctl resumed>) = 0 [pid 4195] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 64.878012][ T4195] loop0: detected capacity change from 0 to 32768 [pid 4195] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4194] <... futex resumed>) = 0 [pid 4194] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4195] <... futex resumed>) = 0 [pid 4194] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4195] creat("./bus", 000) = 6 [pid 4195] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4194] <... futex resumed>) = 0 [pid 4195] ftruncate(6, 2048 [pid 4194] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4194] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4195] <... ftruncate resumed>) = 0 [pid 4195] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4194] <... futex resumed>) = 0 [pid 4195] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4194] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4195] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4194] <... futex resumed>) = 0 [pid 4195] open("./bus", O_RDONLY [pid 4194] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4195] <... open resumed>) = 7 [pid 4195] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4194] <... futex resumed>) = 0 [pid 4195] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4194] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4195] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4194] <... futex resumed>) = 0 [pid 4195] sendfile(6, 7, NULL, 65536 [pid 4194] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4195] <... sendfile resumed>) = 2048 [pid 4195] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4194] <... futex resumed>) = 0 [pid 4194] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4194] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4195] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 4195] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4194] <... futex resumed>) = 0 [pid 4194] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4194] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4195] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4195] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4194] <... futex resumed>) = 0 [pid 4195] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 4194] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4194] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4195] <... ioctl resumed>) = 0 [pid 4195] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4194] <... futex resumed>) = 0 [pid 4195] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4194] exit_group(0) = ? [pid 4195] <... futex resumed>) = ? [pid 4195] +++ exited with 0 +++ [pid 4194] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4194, si_uid=0, si_status=0, si_utime=1, si_stime=18} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./25/binderfs") = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4216 ./strace-static-x86_64: Process 4216 attached [pid 4216] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4216] chdir("./26") = 0 [pid 4216] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4216] setpgid(0, 0) = 0 [pid 4216] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4216] write(3, "1000", 4) = 4 [pid 4216] close(3) = 0 [pid 4216] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4216] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4216] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4216] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4216] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4217], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4217 [pid 4216] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4216] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4217 attached [pid 4217] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4217] memfd_create("syzkaller", 0) = 3 [pid 4217] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4217] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4217] munmap(0x7fdb59200000, 16777216) = 0 [pid 4217] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4217] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4217] close(3) = 0 [pid 4217] mkdir("./file0", 0777) = 0 [pid 4217] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4217] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4217] chdir("./file0") = 0 [pid 4217] ioctl(4, LOOP_CLR_FD) = 0 [pid 4217] close(4) = 0 [pid 4217] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4216] <... futex resumed>) = 0 [pid 4217] open("./file0", O_RDONLY [pid 4216] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4216] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4217] <... open resumed>) = 4 [pid 4217] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4216] <... futex resumed>) = 0 [pid 4217] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 4216] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4216] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4217] <... open resumed>) = 5 [pid 4217] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4216] <... futex resumed>) = 0 [pid 4217] <... futex resumed>) = 1 [pid 4216] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4217] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 4216] <... futex resumed>) = 0 [pid 4216] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4217] <... ioctl resumed>) = 0 [ 65.312436][ T4217] loop0: detected capacity change from 0 to 32768 [pid 4217] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4216] <... futex resumed>) = 0 [pid 4217] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4216] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4217] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4216] <... futex resumed>) = 0 [pid 4217] creat("./bus", 000 [pid 4216] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4217] <... creat resumed>) = 6 [pid 4217] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4216] <... futex resumed>) = 0 [pid 4217] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 4216] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4217] ftruncate(6, 2048 [pid 4216] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4217] <... ftruncate resumed>) = 0 [pid 4217] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4216] <... futex resumed>) = 0 [pid 4217] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4216] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4217] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4216] <... futex resumed>) = 0 [pid 4217] open("./bus", O_RDONLY [pid 4216] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4217] <... open resumed>) = 7 [pid 4217] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4216] <... futex resumed>) = 0 [pid 4217] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4216] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4217] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4216] <... futex resumed>) = 0 [pid 4217] sendfile(6, 7, NULL, 65536 [pid 4216] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4217] <... sendfile resumed>) = 2048 [pid 4217] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4216] <... futex resumed>) = 0 [pid 4217] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 4216] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4217] <... openat resumed>) = 8 [pid 4216] <... futex resumed>) = 0 [pid 4216] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4217] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4216] <... futex resumed>) = 0 [pid 4217] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 4216] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4216] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4217] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4217] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4216] <... futex resumed>) = 0 [pid 4216] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4216] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4217] <... futex resumed>) = 1 [pid 4217] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 4217] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4216] <... futex resumed>) = 0 [pid 4216] exit_group(0) = ? [pid 4217] <... futex resumed>) = ? [pid 4217] +++ exited with 0 +++ [pid 4216] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4216, si_uid=0, si_status=0, si_utime=2, si_stime=17} --- umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./26/binderfs") = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4237 ./strace-static-x86_64: Process 4237 attached [pid 4237] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4237] chdir("./27") = 0 [pid 4237] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4237] setpgid(0, 0) = 0 [pid 4237] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4237] write(3, "1000", 4) = 4 [pid 4237] close(3) = 0 [pid 4237] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4237] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4237] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4237] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4237] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4238], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4238 [pid 4237] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4237] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4238 attached [pid 4238] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4238] memfd_create("syzkaller", 0) = 3 [pid 4238] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4238] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4238] munmap(0x7fdb59200000, 16777216) = 0 [pid 4238] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4238] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4238] close(3) = 0 [pid 4238] mkdir("./file0", 0777) = 0 [ 65.744747][ T4238] loop0: detected capacity change from 0 to 32768 [ 65.758829][ T4238] _btrfs_printk: 35 callbacks suppressed [ 65.758840][ T4238] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 65.774002][ T4238] BTRFS info (device loop0): force clearing of disk cache [ 65.781363][ T4238] BTRFS info (device loop0): setting nodatasum [ 65.787731][ T4238] BTRFS info (device loop0): allowing degraded mounts [ 65.794516][ T4238] BTRFS info (device loop0): enabling disk space caching [ 65.801893][ T4238] BTRFS info (device loop0): disk space caching is enabled [ 65.820837][ T4238] BTRFS info (device loop0): enabling ssd optimizations [ 65.829222][ T4238] BTRFS info (device loop0): clearing free space tree [pid 4238] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4238] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4238] chdir("./file0") = 0 [pid 4238] ioctl(4, LOOP_CLR_FD) = 0 [pid 4238] close(4) = 0 [pid 4238] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4237] <... futex resumed>) = 0 [pid 4237] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4237] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4238] open("./file0", O_RDONLY) = 4 [pid 4238] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4237] <... futex resumed>) = 0 [pid 4238] <... futex resumed>) = 1 [pid 4237] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4237] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 65.836142][ T4238] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 65.846173][ T4238] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 65.860133][ T4238] BTRFS info (device loop0): checking UUID tree [pid 4238] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 4238] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4237] <... futex resumed>) = 0 [pid 4238] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4237] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4238] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4237] <... futex resumed>) = 0 [pid 4238] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 4237] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4238] <... ioctl resumed>) = 0 [pid 4238] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4237] <... futex resumed>) = 0 [pid 4238] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4237] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4238] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4237] <... futex resumed>) = 0 [pid 4238] creat("./bus", 000 [pid 4237] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4238] <... creat resumed>) = 6 [pid 4238] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4237] <... futex resumed>) = 0 [pid 4238] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4237] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4238] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4237] <... futex resumed>) = 0 [pid 4238] ftruncate(6, 2048 [pid 4237] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4238] <... ftruncate resumed>) = 0 [pid 4238] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4237] <... futex resumed>) = 0 [pid 4238] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [ 65.892542][ T27] kauditd_printk_skb: 8 callbacks suppressed [ 65.892556][ T27] audit: type=1800 audit(1670043446.395:56): pid=4238 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 4237] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4238] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4237] <... futex resumed>) = 0 [pid 4238] open("./bus", O_RDONLY [pid 4237] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4238] <... open resumed>) = 7 [pid 4238] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4237] <... futex resumed>) = 0 [pid 4238] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4237] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4238] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4237] <... futex resumed>) = 0 [pid 4238] sendfile(6, 7, NULL, 65536 [pid 4237] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4238] <... sendfile resumed>) = 2048 [pid 4238] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4237] <... futex resumed>) = 0 [pid 4238] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4237] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4238] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4237] <... futex resumed>) = 0 [pid 4238] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 4237] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4238] <... openat resumed>) = 8 [pid 4238] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4237] <... futex resumed>) = 0 [pid 4238] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4237] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4238] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4237] <... futex resumed>) = 0 [pid 4238] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 65.946609][ T33] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 65.957601][ T27] audit: type=1804 audit(1670043446.465:57): pid=4238 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/27/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 65.969206][ T4238] BTRFS info (device loop0): balance: start -s [pid 4237] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 4237] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4237] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 4237] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4237] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4258 attached [pid 4258] set_robust_list(0x7fdb617d59e0, 24 [pid 4237] <... clone resumed>, parent_tid=[4258], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 4258 [pid 4237] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4237] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4258] <... set_robust_list resumed>) = 0 [ 65.989753][ T4238] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 4258] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 4258] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4237] <... futex resumed>) = 0 [pid 4258] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4238] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4238] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4238] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4237] exit_group(0 [pid 4258] <... futex resumed>) = ? [pid 4237] <... exit_group resumed>) = ? [pid 4238] <... futex resumed>) = ? [pid 4238] +++ exited with 0 +++ [pid 4258] +++ exited with 0 +++ [pid 4237] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4237, si_uid=0, si_status=0, si_utime=4, si_stime=33} --- umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./27/binderfs") = 0 [ 66.025772][ T4238] BTRFS info (device loop0): balance: ended with status: 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4259 ./strace-static-x86_64: Process 4259 attached [pid 4259] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4259] chdir("./28") = 0 [pid 4259] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4259] setpgid(0, 0) = 0 [pid 4259] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4259] write(3, "1000", 4) = 4 [pid 4259] close(3) = 0 [pid 4259] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4259] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4259] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4259] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4259] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4260], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4260 [pid 4259] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4259] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4260 attached [pid 4260] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4260] memfd_create("syzkaller", 0) = 3 [pid 4260] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4260] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4260] munmap(0x7fdb59200000, 16777216) = 0 [pid 4260] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4260] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4260] close(3) = 0 [pid 4260] mkdir("./file0", 0777) = 0 [ 66.332948][ T4260] loop0: detected capacity change from 0 to 32768 [ 66.347786][ T4260] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 66.357031][ T4260] BTRFS info (device loop0): force clearing of disk cache [ 66.364490][ T4260] BTRFS info (device loop0): setting nodatasum [ 66.370925][ T4260] BTRFS info (device loop0): allowing degraded mounts [ 66.378335][ T4260] BTRFS info (device loop0): enabling disk space caching [ 66.385359][ T4260] BTRFS info (device loop0): disk space caching is enabled [ 66.403422][ T4260] BTRFS info (device loop0): enabling ssd optimizations [ 66.411346][ T4260] BTRFS info (device loop0): clearing free space tree [ 66.418596][ T4260] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 4260] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4260] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4260] chdir("./file0") = 0 [pid 4260] ioctl(4, LOOP_CLR_FD) = 0 [pid 4260] close(4) = 0 [pid 4260] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4259] <... futex resumed>) = 0 [pid 4259] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4259] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4260] <... futex resumed>) = 1 [pid 4260] open("./file0", O_RDONLY) = 4 [pid 4260] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4259] <... futex resumed>) = 0 [pid 4259] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4259] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4260] <... futex resumed>) = 1 [ 66.428343][ T4260] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 66.441552][ T4260] BTRFS info (device loop0): checking UUID tree [pid 4260] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 4260] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4259] <... futex resumed>) = 0 [pid 4259] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4259] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4260] <... futex resumed>) = 1 [pid 4260] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 4260] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4259] <... futex resumed>) = 0 [pid 4259] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4259] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4260] <... futex resumed>) = 1 [pid 4260] creat("./bus", 000) = 6 [pid 4260] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4259] <... futex resumed>) = 0 [pid 4259] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4259] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4260] <... futex resumed>) = 1 [pid 4260] ftruncate(6, 2048) = 0 [pid 4260] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4259] <... futex resumed>) = 0 [pid 4259] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4259] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4260] <... futex resumed>) = 1 [pid 4260] open("./bus", O_RDONLY) = 7 [pid 4260] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4259] <... futex resumed>) = 0 [pid 4259] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4259] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4260] <... futex resumed>) = 1 [pid 4260] sendfile(6, 7, NULL, 65536) = 2048 [pid 4260] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4259] <... futex resumed>) = 0 [pid 4259] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4259] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4260] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 4260] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4259] <... futex resumed>) = 0 [pid 4259] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4259] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 66.464133][ T27] audit: type=1800 audit(1670043446.965:58): pid=4260 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 66.494875][ T27] audit: type=1804 audit(1670043446.995:59): pid=4260 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/28/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 66.497200][ T33] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 4260] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 4259] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 4259] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 4259] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4259] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 4259] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4259] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4280], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 4280 [pid 4259] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4259] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4280 attached [pid 4280] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 4280] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 4260] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4260] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 66.541536][ T4260] BTRFS info (device loop0): balance: start -s [ 66.549467][ T4260] BTRFS info (device loop0): relocating block group 1048576 flags system [ 66.575815][ T4260] BTRFS info (device loop0): balance: ended with status: 0 [pid 4260] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4280] <... ioctl resumed>) = 0 [pid 4280] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4259] <... futex resumed>) = 0 [pid 4259] exit_group(0) = ? [pid 4260] <... futex resumed>) = ? [pid 4280] +++ exited with 0 +++ [pid 4260] +++ exited with 0 +++ [pid 4259] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4259, si_uid=0, si_status=0, si_utime=2, si_stime=33} --- umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./28/binderfs") = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4281 ./strace-static-x86_64: Process 4281 attached [pid 4281] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4281] chdir("./29") = 0 [pid 4281] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4281] setpgid(0, 0) = 0 [pid 4281] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4281] write(3, "1000", 4) = 4 [pid 4281] close(3) = 0 [pid 4281] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4281] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4281] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4281] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4281] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4282], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4282 [pid 4281] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4281] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4282 attached [pid 4282] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4282] memfd_create("syzkaller", 0) = 3 [pid 4282] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4282] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4282] munmap(0x7fdb59200000, 16777216) = 0 [pid 4282] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4282] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4282] close(3) = 0 [pid 4282] mkdir("./file0", 0777) = 0 [ 66.931758][ T4282] loop0: detected capacity change from 0 to 32768 [ 66.945256][ T4282] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 66.954719][ T4282] BTRFS info (device loop0): force clearing of disk cache [ 66.961885][ T4282] BTRFS info (device loop0): setting nodatasum [ 66.968102][ T4282] BTRFS info (device loop0): allowing degraded mounts [ 66.974963][ T4282] BTRFS info (device loop0): enabling disk space caching [ 66.982194][ T4282] BTRFS info (device loop0): disk space caching is enabled [ 67.001980][ T4282] BTRFS info (device loop0): enabling ssd optimizations [ 67.009637][ T4282] BTRFS info (device loop0): clearing free space tree [ 67.016453][ T4282] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 4282] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4282] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4282] chdir("./file0") = 0 [pid 4282] ioctl(4, LOOP_CLR_FD) = 0 [pid 4282] close(4) = 0 [pid 4282] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4281] <... futex resumed>) = 0 [pid 4281] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4281] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4282] <... futex resumed>) = 1 [pid 4282] open("./file0", O_RDONLY) = 4 [pid 4282] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4281] <... futex resumed>) = 0 [pid 4281] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4281] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4282] <... futex resumed>) = 1 [ 67.026495][ T4282] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 67.040661][ T4282] BTRFS info (device loop0): checking UUID tree [pid 4282] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 4282] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4281] <... futex resumed>) = 0 [pid 4281] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4281] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4282] <... futex resumed>) = 1 [pid 4282] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 4282] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4281] <... futex resumed>) = 0 [pid 4281] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4281] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4282] <... futex resumed>) = 1 [pid 4282] creat("./bus", 000) = 6 [pid 4282] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4281] <... futex resumed>) = 0 [pid 4281] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4281] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4282] <... futex resumed>) = 1 [pid 4282] ftruncate(6, 2048) = 0 [pid 4282] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4281] <... futex resumed>) = 0 [pid 4281] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4281] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4282] <... futex resumed>) = 1 [ 67.072665][ T27] audit: type=1800 audit(1670043447.575:60): pid=4282 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 4282] open("./bus", O_RDONLY) = 7 [pid 4282] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4281] <... futex resumed>) = 0 [pid 4281] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4281] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4282] <... futex resumed>) = 1 [pid 4282] sendfile(6, 7, NULL, 65536) = 2048 [pid 4282] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4281] <... futex resumed>) = 0 [pid 4281] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4281] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4282] <... futex resumed>) = 1 [pid 4282] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 4282] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4281] <... futex resumed>) = 0 [pid 4281] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4281] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4282] <... futex resumed>) = 1 [ 67.120379][ T33] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 67.144092][ T27] audit: type=1804 audit(1670043447.635:61): pid=4282 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/29/file0/bus" dev="loop0" ino=263 res=1 errno=0 [pid 4282] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 4281] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 4281] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4281] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 4281] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4281] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4302], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 4302 [pid 4281] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4281] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4302 attached [pid 4302] set_robust_list(0x7fdb617d59e0, 24) = 0 [ 67.168744][ T4282] BTRFS info (device loop0): balance: start -s [ 67.177931][ T4282] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 4302] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 4302] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4281] <... futex resumed>) = 0 [pid 4302] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4282] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4282] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4282] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4281] exit_group(0) = ? [pid 4282] <... futex resumed>) = ? [pid 4282] +++ exited with 0 +++ [pid 4302] <... futex resumed>) = ? [pid 4302] +++ exited with 0 +++ [pid 4281] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4281, si_uid=0, si_status=0, si_utime=2, si_stime=31} --- umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./29/binderfs") = 0 [ 67.231220][ T4282] BTRFS info (device loop0): balance: ended with status: 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4303 ./strace-static-x86_64: Process 4303 attached [pid 4303] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4303] chdir("./30") = 0 [pid 4303] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4303] setpgid(0, 0) = 0 [pid 4303] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4303] write(3, "1000", 4) = 4 [pid 4303] close(3) = 0 [pid 4303] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4303] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4303] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4303] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4303] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4304 attached [pid 4304] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4304] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4303] <... clone resumed>, parent_tid=[4304], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4304 [pid 4303] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4304] <... futex resumed>) = 0 [pid 4303] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4304] memfd_create("syzkaller", 0) = 3 [pid 4304] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4304] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4304] munmap(0x7fdb59200000, 16777216) = 0 [pid 4304] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4304] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4304] close(3) = 0 [pid 4304] mkdir("./file0", 0777) = 0 [ 67.525052][ T4304] loop0: detected capacity change from 0 to 32768 [ 67.539373][ T4304] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 67.548658][ T4304] BTRFS info (device loop0): force clearing of disk cache [ 67.555766][ T4304] BTRFS info (device loop0): setting nodatasum [ 67.561995][ T4304] BTRFS info (device loop0): allowing degraded mounts [ 67.568891][ T4304] BTRFS info (device loop0): enabling disk space caching [ 67.575945][ T4304] BTRFS info (device loop0): disk space caching is enabled [ 67.595070][ T4304] BTRFS info (device loop0): enabling ssd optimizations [ 67.603285][ T4304] BTRFS info (device loop0): clearing free space tree [ 67.610663][ T4304] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 4304] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4304] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4304] chdir("./file0") = 0 [pid 4304] ioctl(4, LOOP_CLR_FD) = 0 [pid 4304] close(4) = 0 [pid 4304] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4303] <... futex resumed>) = 0 [pid 4304] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4303] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4304] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4303] <... futex resumed>) = 0 [pid 4304] open("./file0", O_RDONLY [pid 4303] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4304] <... open resumed>) = 4 [pid 4304] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4303] <... futex resumed>) = 0 [pid 4304] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4303] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4304] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4303] <... futex resumed>) = 0 [pid 4304] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 4303] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4304] <... open resumed>) = 5 [ 67.620732][ T4304] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 67.634788][ T4304] BTRFS info (device loop0): checking UUID tree [pid 4304] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4303] <... futex resumed>) = 0 [pid 4304] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4303] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4304] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4303] <... futex resumed>) = 0 [pid 4304] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 4303] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4304] <... ioctl resumed>) = 0 [pid 4304] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4303] <... futex resumed>) = 0 [pid 4304] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4303] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4304] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4303] <... futex resumed>) = 0 [pid 4304] creat("./bus", 000 [pid 4303] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4304] <... creat resumed>) = 6 [pid 4304] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4303] <... futex resumed>) = 0 [pid 4304] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4303] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4304] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4303] <... futex resumed>) = 0 [pid 4304] ftruncate(6, 2048 [pid 4303] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4304] <... ftruncate resumed>) = 0 [pid 4304] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4303] <... futex resumed>) = 0 [pid 4304] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4303] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4304] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4303] <... futex resumed>) = 0 [pid 4304] open("./bus", O_RDONLY [pid 4303] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4304] <... open resumed>) = 7 [pid 4304] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4303] <... futex resumed>) = 0 [pid 4304] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4303] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4304] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4303] <... futex resumed>) = 0 [pid 4304] sendfile(6, 7, NULL, 65536 [pid 4303] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4304] <... sendfile resumed>) = 2048 [ 67.664377][ T27] audit: type=1800 audit(1670043448.165:62): pid=4304 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 4304] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4303] <... futex resumed>) = 0 [pid 4304] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4303] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4304] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4303] <... futex resumed>) = 0 [pid 4304] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 4303] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4304] <... openat resumed>) = 8 [pid 4304] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4303] <... futex resumed>) = 0 [pid 4304] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 4303] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4303] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 4303] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 4303] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4303] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [ 67.710982][ T27] audit: type=1804 audit(1670043448.205:63): pid=4304 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/30/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 67.720903][ T33] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 67.748872][ T4304] BTRFS info (device loop0): balance: start -s [ 67.758892][ T4304] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 4303] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4303] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4324], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 4324 [pid 4303] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4303] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4324 attached [pid 4324] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 4324] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 4304] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4304] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4304] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4324] <... ioctl resumed>) = 0 [pid 4324] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4303] <... futex resumed>) = 0 [pid 4303] exit_group(0 [pid 4304] <... futex resumed>) = ? [pid 4303] <... exit_group resumed>) = ? [pid 4304] +++ exited with 0 +++ [pid 4324] <... futex resumed>) = ? [pid 4324] +++ exited with 0 +++ [pid 4303] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4303, si_uid=0, si_status=0, si_utime=2, si_stime=28} --- umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./30/binderfs") = 0 [ 67.799746][ T4304] BTRFS info (device loop0): balance: ended with status: 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4325 ./strace-static-x86_64: Process 4325 attached [pid 4325] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4325] chdir("./31") = 0 [pid 4325] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4325] setpgid(0, 0) = 0 [pid 4325] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4325] write(3, "1000", 4) = 4 [pid 4325] close(3) = 0 [pid 4325] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4325] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4325] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4325] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4325] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4326], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4326 [pid 4325] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4325] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4326 attached [pid 4326] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4326] memfd_create("syzkaller", 0) = 3 [pid 4326] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4326] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4326] munmap(0x7fdb59200000, 16777216) = 0 [pid 4326] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4326] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4326] close(3) = 0 [pid 4326] mkdir("./file0", 0777) = 0 [ 68.141362][ T4326] loop0: detected capacity change from 0 to 32768 [ 68.152216][ T4326] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 68.161814][ T4326] BTRFS info (device loop0): force clearing of disk cache [ 68.169181][ T4326] BTRFS info (device loop0): setting nodatasum [ 68.175342][ T4326] BTRFS info (device loop0): allowing degraded mounts [ 68.182368][ T4326] BTRFS info (device loop0): enabling disk space caching [ 68.189630][ T4326] BTRFS info (device loop0): disk space caching is enabled [ 68.209674][ T4326] BTRFS info (device loop0): enabling ssd optimizations [ 68.217174][ T4326] BTRFS info (device loop0): clearing free space tree [ 68.224110][ T4326] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 4326] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4326] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4326] chdir("./file0") = 0 [pid 4326] ioctl(4, LOOP_CLR_FD) = 0 [pid 4326] close(4) = 0 [pid 4326] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4325] <... futex resumed>) = 0 [pid 4325] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4325] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4326] <... futex resumed>) = 1 [pid 4326] open("./file0", O_RDONLY) = 4 [pid 4326] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4325] <... futex resumed>) = 0 [pid 4325] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4325] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4326] <... futex resumed>) = 1 [pid 4326] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 4326] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4325] <... futex resumed>) = 0 [pid 4325] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4325] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4326] <... futex resumed>) = 1 [pid 4326] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 4326] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4325] <... futex resumed>) = 0 [pid 4325] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4326] creat("./bus", 000 [pid 4325] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4326] <... creat resumed>) = 6 [pid 4326] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4325] <... futex resumed>) = 0 [pid 4326] ftruncate(6, 2048 [pid 4325] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4325] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4326] <... ftruncate resumed>) = 0 [pid 4326] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4325] <... futex resumed>) = 0 [pid 4325] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4326] open("./bus", O_RDONLY [ 68.233983][ T4326] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 68.247969][ T4326] BTRFS info (device loop0): checking UUID tree [ 68.262454][ T27] audit: type=1800 audit(1670043448.765:64): pid=4326 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 4325] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4326] <... open resumed>) = 7 [pid 4326] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4325] <... futex resumed>) = 0 [pid 4326] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4325] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4326] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4326] sendfile(6, 7, NULL, 65536 [pid 4325] <... futex resumed>) = 0 [pid 4326] <... sendfile resumed>) = 2048 [pid 4325] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4326] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4325] <... futex resumed>) = 0 [pid 4326] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 4325] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4326] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 4325] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4326] <... openat resumed>) = 8 [pid 4326] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4325] <... futex resumed>) = 0 [pid 4326] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 4325] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 68.310438][ T27] audit: type=1804 audit(1670043448.815:65): pid=4326 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/31/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 68.311305][ T56] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 4325] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4326] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4326] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4325] <... futex resumed>) = 0 [pid 4326] <... futex resumed>) = 1 [pid 4326] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 4325] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4325] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4326] <... ioctl resumed>) = 0 [pid 4326] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4325] <... futex resumed>) = 0 [pid 4326] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4325] exit_group(0 [pid 4326] <... futex resumed>) = ? [pid 4325] <... exit_group resumed>) = ? [pid 4326] +++ exited with 0 +++ [pid 4325] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4325, si_uid=0, si_status=0, si_utime=2, si_stime=30} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 68.359818][ T4326] BTRFS info (device loop0): balance: start -s [ 68.368044][ T4326] BTRFS info (device loop0): relocating block group 1048576 flags system [ 68.392550][ T4326] BTRFS info (device loop0): balance: ended with status: 0 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./31/binderfs") = 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4346 ./strace-static-x86_64: Process 4346 attached [pid 4346] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4346] chdir("./32") = 0 [pid 4346] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4346] setpgid(0, 0) = 0 [pid 4346] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4346] write(3, "1000", 4) = 4 [pid 4346] close(3) = 0 [pid 4346] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4346] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4346] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4346] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4346] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4347], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4347 [pid 4346] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4346] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4347 attached [pid 4347] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4347] memfd_create("syzkaller", 0) = 3 [pid 4347] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4347] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4347] munmap(0x7fdb59200000, 16777216) = 0 [pid 4347] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4347] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4347] close(3) = 0 [pid 4347] mkdir("./file0", 0777) = 0 [ 68.732150][ T4347] loop0: detected capacity change from 0 to 32768 [ 68.756363][ T4347] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 68.765765][ T4347] BTRFS info (device loop0): force clearing of disk cache [ 68.773010][ T4347] BTRFS info (device loop0): setting nodatasum [ 68.779207][ T4347] BTRFS info (device loop0): allowing degraded mounts [ 68.785979][ T4347] BTRFS info (device loop0): enabling disk space caching [ 68.793066][ T4347] BTRFS info (device loop0): disk space caching is enabled [ 68.811624][ T4347] BTRFS info (device loop0): enabling ssd optimizations [ 68.819747][ T4347] BTRFS info (device loop0): clearing free space tree [pid 4347] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4347] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4347] chdir("./file0") = 0 [pid 4347] ioctl(4, LOOP_CLR_FD) = 0 [pid 4347] close(4) = 0 [pid 4347] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4347] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4346] <... futex resumed>) = 0 [pid 4346] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4346] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4347] <... futex resumed>) = 0 [pid 4347] open("./file0", O_RDONLY) = 4 [pid 4347] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4346] <... futex resumed>) = 0 [pid 4346] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4346] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4347] <... futex resumed>) = 1 [pid 4347] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 4347] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4346] <... futex resumed>) = 0 [pid 4346] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4346] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4347] <... futex resumed>) = 1 [ 68.826791][ T4347] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 68.837094][ T4347] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 68.850855][ T4347] BTRFS info (device loop0): checking UUID tree [pid 4347] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 4347] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4346] <... futex resumed>) = 0 [pid 4346] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4346] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4347] <... futex resumed>) = 1 [pid 4347] creat("./bus", 000) = 6 [pid 4347] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4346] <... futex resumed>) = 0 [pid 4346] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4346] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4347] ftruncate(6, 2048) = 0 [pid 4347] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4346] <... futex resumed>) = 0 [pid 4346] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4346] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4347] open("./bus", O_RDONLY) = 7 [pid 4347] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4346] <... futex resumed>) = 0 [pid 4346] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4346] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4347] <... futex resumed>) = 1 [pid 4347] sendfile(6, 7, NULL, 65536) = 2048 [pid 4347] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4346] <... futex resumed>) = 0 [pid 4346] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4346] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4347] <... futex resumed>) = 1 [pid 4347] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 4347] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4346] <... futex resumed>) = 0 [pid 4346] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4346] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4347] <... futex resumed>) = 1 [ 68.908731][ T56] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 68.918057][ T4347] BTRFS info (device loop0): balance: start -s [ 68.927130][ T4347] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 4347] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 4346] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 4346] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4346] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 4346] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4346] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4367], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 4367 [pid 4346] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4346] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4347] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4347] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4347] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 4367 attached [pid 4367] set_robust_list(0x7fdb617d59e0, 24) = 0 [ 68.955986][ T4347] BTRFS info (device loop0): balance: ended with status: 0 [pid 4367] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 4367] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4346] <... futex resumed>) = 0 [pid 4346] exit_group(0 [pid 4347] <... futex resumed>) = ? [pid 4346] <... exit_group resumed>) = ? [pid 4347] +++ exited with 0 +++ [pid 4367] <... futex resumed>) = ? [pid 4367] +++ exited with 0 +++ [pid 4346] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4346, si_uid=0, si_status=0, si_utime=0, si_stime=28} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./32/binderfs") = 0 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4368 ./strace-static-x86_64: Process 4368 attached [pid 4368] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4368] chdir("./33") = 0 [pid 4368] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4368] setpgid(0, 0) = 0 [pid 4368] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4368] write(3, "1000", 4) = 4 [pid 4368] close(3) = 0 [pid 4368] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4368] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4368] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4368] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4368] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4369], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4369 [pid 4368] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4368] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4369 attached [pid 4369] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4369] memfd_create("syzkaller", 0) = 3 [pid 4369] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4369] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4369] munmap(0x7fdb59200000, 16777216) = 0 [pid 4369] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4369] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4369] close(3) = 0 [pid 4369] mkdir("./file0", 0777) = 0 [ 69.284034][ T4369] loop0: detected capacity change from 0 to 32768 [ 69.298645][ T4369] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 69.307945][ T4369] BTRFS info (device loop0): force clearing of disk cache [ 69.315081][ T4369] BTRFS info (device loop0): setting nodatasum [ 69.321286][ T4369] BTRFS info (device loop0): allowing degraded mounts [ 69.328112][ T4369] BTRFS info (device loop0): enabling disk space caching [ 69.335150][ T4369] BTRFS info (device loop0): disk space caching is enabled [ 69.353734][ T4369] BTRFS info (device loop0): enabling ssd optimizations [ 69.361578][ T4369] BTRFS info (device loop0): clearing free space tree [ 69.368725][ T4369] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 4369] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4369] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4369] chdir("./file0") = 0 [pid 4369] ioctl(4, LOOP_CLR_FD) = 0 [pid 4369] close(4) = 0 [pid 4369] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4368] <... futex resumed>) = 0 [pid 4369] <... futex resumed>) = 1 [pid 4368] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4369] open("./file0", O_RDONLY [pid 4368] <... futex resumed>) = 0 [pid 4369] <... open resumed>) = 4 [pid 4368] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4369] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4368] <... futex resumed>) = 0 [pid 4368] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4368] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4369] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 4369] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4368] <... futex resumed>) = 0 [pid 4368] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4368] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4369] <... futex resumed>) = 1 [ 69.378815][ T4369] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 4369] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 4369] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4368] <... futex resumed>) = 0 [pid 4368] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4368] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4369] <... futex resumed>) = 1 [pid 4369] creat("./bus", 000) = 6 [pid 4369] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4368] <... futex resumed>) = 0 [pid 4368] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4368] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4369] <... futex resumed>) = 1 [pid 4369] ftruncate(6, 2048) = 0 [pid 4369] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4368] <... futex resumed>) = 0 [pid 4368] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4368] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4369] <... futex resumed>) = 1 [pid 4369] open("./bus", O_RDONLY) = 7 [pid 4369] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4368] <... futex resumed>) = 0 [pid 4368] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4368] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4369] <... futex resumed>) = 1 [pid 4369] sendfile(6, 7, NULL, 65536) = 2048 [pid 4369] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4368] <... futex resumed>) = 0 [pid 4368] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4368] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4369] <... futex resumed>) = 1 [pid 4369] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 4369] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4368] <... futex resumed>) = 0 [pid 4368] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4368] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4369] <... futex resumed>) = 1 [pid 4369] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4369] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4368] <... futex resumed>) = 0 [pid 4368] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4368] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4369] <... futex resumed>) = 1 [pid 4369] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 4369] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4368] <... futex resumed>) = 0 [pid 4368] exit_group(0) = ? [pid 4369] <... futex resumed>) = ? [pid 4369] +++ exited with 0 +++ [pid 4368] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4368, si_uid=0, si_status=0, si_utime=0, si_stime=26} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./33/binderfs") = 0 umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./33/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4389 ./strace-static-x86_64: Process 4389 attached [pid 4389] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4389] chdir("./34") = 0 [pid 4389] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4389] setpgid(0, 0) = 0 [pid 4389] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4389] write(3, "1000", 4) = 4 [pid 4389] close(3) = 0 [pid 4389] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4389] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4389] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4389] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4389] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4390], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4390 [pid 4389] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4389] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4390 attached [pid 4390] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4390] memfd_create("syzkaller", 0) = 3 [pid 4390] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4390] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4390] munmap(0x7fdb59200000, 16777216) = 0 [pid 4390] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4390] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4390] close(3) = 0 [pid 4390] mkdir("./file0", 0777) = 0 [pid 4390] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4390] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4390] chdir("./file0") = 0 [pid 4390] ioctl(4, LOOP_CLR_FD) = 0 [pid 4390] close(4) = 0 [pid 4390] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4389] <... futex resumed>) = 0 [pid 4389] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4389] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4390] <... futex resumed>) = 1 [pid 4390] open("./file0", O_RDONLY) = 4 [pid 4390] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4389] <... futex resumed>) = 0 [pid 4389] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4389] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4390] <... futex resumed>) = 1 [pid 4390] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 4390] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4389] <... futex resumed>) = 0 [pid 4389] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4389] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4390] <... futex resumed>) = 1 [ 69.808879][ T4390] loop0: detected capacity change from 0 to 32768 [pid 4390] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 4390] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4389] <... futex resumed>) = 0 [pid 4389] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4389] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4390] <... futex resumed>) = 1 [pid 4390] creat("./bus", 000) = 6 [pid 4390] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4389] <... futex resumed>) = 0 [pid 4389] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4389] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4390] <... futex resumed>) = 1 [pid 4390] ftruncate(6, 2048) = 0 [pid 4390] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4389] <... futex resumed>) = 0 [pid 4389] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4389] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4390] <... futex resumed>) = 1 [pid 4390] open("./bus", O_RDONLY) = 7 [pid 4390] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4389] <... futex resumed>) = 0 [pid 4389] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4389] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4390] <... futex resumed>) = 1 [pid 4390] sendfile(6, 7, NULL, 65536) = 2048 [pid 4390] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4389] <... futex resumed>) = 0 [pid 4389] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4389] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4390] <... futex resumed>) = 1 [pid 4390] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 4390] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4389] <... futex resumed>) = 0 [pid 4389] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4389] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4390] <... futex resumed>) = 1 [pid 4390] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4390] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4389] <... futex resumed>) = 0 [pid 4389] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4389] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4390] <... futex resumed>) = 1 [pid 4390] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 4390] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4389] <... futex resumed>) = 0 [pid 4389] exit_group(0) = ? [pid 4390] <... futex resumed>) = ? [pid 4390] +++ exited with 0 +++ [pid 4389] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4389, si_uid=0, si_status=0, si_utime=1, si_stime=16} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./34/binderfs") = 0 umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./34/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4410 ./strace-static-x86_64: Process 4410 attached [pid 4410] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4410] chdir("./35") = 0 [pid 4410] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4410] setpgid(0, 0) = 0 [pid 4410] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4410] write(3, "1000", 4) = 4 [pid 4410] close(3) = 0 [pid 4410] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4410] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4410] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4410] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4410] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4411 attached , parent_tid=[4411], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4411 [pid 4411] set_robust_list(0x7fdb617f69e0, 24 [pid 4410] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4411] <... set_robust_list resumed>) = 0 [pid 4410] <... futex resumed>) = 0 [pid 4411] memfd_create("syzkaller", 0 [pid 4410] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4411] <... memfd_create resumed>) = 3 [pid 4411] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4411] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4411] munmap(0x7fdb59200000, 16777216) = 0 [pid 4411] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4411] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4411] close(3) = 0 [pid 4411] mkdir("./file0", 0777) = 0 [pid 4411] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4411] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4411] chdir("./file0") = 0 [pid 4411] ioctl(4, LOOP_CLR_FD) = 0 [pid 4411] close(4) = 0 [pid 4411] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4410] <... futex resumed>) = 0 [pid 4410] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4410] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4411] <... futex resumed>) = 1 [pid 4411] open("./file0", O_RDONLY) = 4 [pid 4411] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4410] <... futex resumed>) = 0 [pid 4410] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4410] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4411] <... futex resumed>) = 1 [pid 4411] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 4411] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4410] <... futex resumed>) = 0 [pid 4410] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4410] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4411] <... futex resumed>) = 1 [pid 4411] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 4411] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4410] <... futex resumed>) = 0 [pid 4410] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4410] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4411] <... futex resumed>) = 1 [pid 4411] creat("./bus", 000) = 6 [pid 4411] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4410] <... futex resumed>) = 0 [pid 4410] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4410] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4411] <... futex resumed>) = 1 [pid 4411] ftruncate(6, 2048) = 0 [pid 4411] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4410] <... futex resumed>) = 0 [pid 4410] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4410] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4411] <... futex resumed>) = 1 [pid 4411] open("./bus", O_RDONLY) = 7 [pid 4411] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4410] <... futex resumed>) = 0 [pid 4410] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4410] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4411] <... futex resumed>) = 1 [pid 4411] sendfile(6, 7, NULL, 65536) = 2048 [pid 4411] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4410] <... futex resumed>) = 0 [pid 4410] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4410] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4411] <... futex resumed>) = 1 [ 70.243826][ T4411] loop0: detected capacity change from 0 to 32768 [pid 4411] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 4411] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4410] <... futex resumed>) = 0 [pid 4410] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4410] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4411] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4411] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4410] <... futex resumed>) = 0 [pid 4410] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4410] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4411] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 4411] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4410] <... futex resumed>) = 0 [pid 4410] exit_group(0) = ? [pid 4411] +++ exited with 0 +++ [pid 4410] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4410, si_uid=0, si_status=0, si_utime=3, si_stime=19} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./35/binderfs") = 0 umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./35/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4431 ./strace-static-x86_64: Process 4431 attached [pid 4431] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4431] chdir("./36") = 0 [pid 4431] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4431] setpgid(0, 0) = 0 [pid 4431] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4431] write(3, "1000", 4) = 4 [pid 4431] close(3) = 0 [pid 4431] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4431] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4431] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4431] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4431] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4432], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4432 [pid 4431] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4431] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4432 attached [pid 4432] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4432] memfd_create("syzkaller", 0) = 3 [pid 4432] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4432] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4432] munmap(0x7fdb59200000, 16777216) = 0 [pid 4432] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4432] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4432] close(3) = 0 [pid 4432] mkdir("./file0", 0777) = 0 [pid 4432] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4432] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4432] chdir("./file0") = 0 [pid 4432] ioctl(4, LOOP_CLR_FD) = 0 [pid 4432] close(4) = 0 [pid 4432] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4431] <... futex resumed>) = 0 [pid 4432] open("./file0", O_RDONLY [pid 4431] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4432] <... open resumed>) = 4 [pid 4432] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4431] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4432] <... futex resumed>) = 0 [pid 4431] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4432] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 4431] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4432] <... open resumed>) = 5 [pid 4431] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4432] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4431] <... futex resumed>) = 0 [pid 4432] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 4431] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 70.677653][ T4432] loop0: detected capacity change from 0 to 32768 [pid 4432] <... ioctl resumed>) = 0 [pid 4431] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4432] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4431] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4432] <... futex resumed>) = 0 [pid 4431] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4432] creat("./bus", 000 [pid 4431] <... futex resumed>) = 0 [pid 4431] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4432] <... creat resumed>) = 6 [pid 4432] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4431] <... futex resumed>) = 0 [pid 4432] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4431] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4432] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4431] <... futex resumed>) = 0 [pid 4432] ftruncate(6, 2048 [pid 4431] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4432] <... ftruncate resumed>) = 0 [pid 4432] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4431] <... futex resumed>) = 0 [pid 4432] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4431] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4432] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4431] <... futex resumed>) = 0 [pid 4432] open("./bus", O_RDONLY [pid 4431] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4432] <... open resumed>) = 7 [pid 4432] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4431] <... futex resumed>) = 0 [pid 4432] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4431] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4432] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4431] <... futex resumed>) = 0 [pid 4432] sendfile(6, 7, NULL, 65536 [pid 4431] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4432] <... sendfile resumed>) = 2048 [pid 4432] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4431] <... futex resumed>) = 0 [pid 4432] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4431] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4432] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4431] <... futex resumed>) = 0 [pid 4432] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 4431] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4432] <... openat resumed>) = 8 [pid 4432] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4431] <... futex resumed>) = 0 [pid 4432] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4431] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4432] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4431] <... futex resumed>) = 0 [pid 4432] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 70.779115][ T4432] _btrfs_printk: 47 callbacks suppressed [ 70.779131][ T4432] BTRFS info (device loop0): balance: start -s [ 70.794297][ T4432] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 4431] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 4431] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4431] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 4431] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4431] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4452], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 4452 [pid 4431] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4431] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4452 attached [pid 4432] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4452] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 4452] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 4432] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4432] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4452] <... ioctl resumed>) = 0 [pid 4452] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4431] <... futex resumed>) = 0 [pid 4452] <... futex resumed>) = 1 [pid 4431] exit_group(0 [pid 4452] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4431] <... exit_group resumed>) = ? [pid 4452] <... futex resumed>) = ? [pid 4432] <... futex resumed>) = ? [pid 4432] +++ exited with 0 +++ [pid 4452] +++ exited with 0 +++ [pid 4431] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4431, si_uid=0, si_status=0, si_utime=2, si_stime=19} --- umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 70.825484][ T4432] BTRFS info (device loop0): balance: ended with status: 0 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./36/binderfs") = 0 umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./36/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4453 ./strace-static-x86_64: Process 4453 attached [pid 4453] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4453] chdir("./37") = 0 [pid 4453] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4453] setpgid(0, 0) = 0 [pid 4453] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4453] write(3, "1000", 4) = 4 [pid 4453] close(3) = 0 [pid 4453] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4453] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4453] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4453] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4453] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4454], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4454 [pid 4453] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4453] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4454 attached [pid 4454] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4454] memfd_create("syzkaller", 0) = 3 [pid 4454] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4454] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4454] munmap(0x7fdb59200000, 16777216) = 0 [pid 4454] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4454] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4454] close(3) = 0 [pid 4454] mkdir("./file0", 0777) = 0 [ 71.140292][ T4454] loop0: detected capacity change from 0 to 32768 [ 71.155123][ T4454] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 71.177462][ T4454] BTRFS info (device loop0): force clearing of disk cache [ 71.184616][ T4454] BTRFS info (device loop0): setting nodatasum [ 71.191077][ T4454] BTRFS info (device loop0): allowing degraded mounts [ 71.198006][ T4454] BTRFS info (device loop0): enabling disk space caching [ 71.205196][ T4454] BTRFS info (device loop0): disk space caching is enabled [ 71.226853][ T4454] BTRFS info (device loop0): enabling ssd optimizations [pid 4454] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4454] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4454] chdir("./file0") = 0 [pid 4454] ioctl(4, LOOP_CLR_FD) = 0 [pid 4454] close(4) = 0 [pid 4454] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4453] <... futex resumed>) = 0 [pid 4453] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4453] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4454] <... futex resumed>) = 1 [pid 4454] open("./file0", O_RDONLY) = 4 [pid 4454] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4453] <... futex resumed>) = 0 [pid 4453] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4453] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4454] <... futex resumed>) = 1 [pid 4454] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 4454] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4453] <... futex resumed>) = 0 [pid 4453] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4453] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4454] <... futex resumed>) = 1 [ 71.235025][ T4454] BTRFS info (device loop0): clearing free space tree [ 71.241975][ T4454] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 71.251791][ T4454] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 71.266420][ T4454] BTRFS info (device loop0): checking UUID tree [ 71.283107][ T27] kauditd_printk_skb: 10 callbacks suppressed [pid 4454] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 4454] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4453] <... futex resumed>) = 0 [pid 4453] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4453] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4454] <... futex resumed>) = 1 [pid 4454] creat("./bus", 000) = 6 [pid 4454] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4453] <... futex resumed>) = 0 [pid 4453] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4453] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4454] <... futex resumed>) = 1 [pid 4454] ftruncate(6, 2048) = 0 [pid 4454] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4453] <... futex resumed>) = 0 [pid 4453] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4453] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4454] <... futex resumed>) = 1 [pid 4454] open("./bus", O_RDONLY) = 7 [pid 4454] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4453] <... futex resumed>) = 0 [pid 4453] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4453] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4454] <... futex resumed>) = 1 [pid 4454] sendfile(6, 7, NULL, 65536) = 2048 [pid 4454] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4453] <... futex resumed>) = 0 [pid 4453] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4453] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4454] <... futex resumed>) = 1 [pid 4454] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 4454] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4453] <... futex resumed>) = 0 [pid 4453] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4453] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4454] <... futex resumed>) = 1 [ 71.283117][ T27] audit: type=1800 audit(1670043451.785:76): pid=4454 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 71.330729][ T56] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 4454] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 4453] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 4453] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4453] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 4453] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4453] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4474], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 4474 [pid 4453] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4453] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4474 attached [pid 4474] set_robust_list(0x7fdb617d59e0, 24) = 0 [ 71.358372][ T4454] BTRFS info (device loop0): balance: start -s [ 71.366467][ T4454] BTRFS info (device loop0): relocating block group 1048576 flags system [ 71.375754][ T27] audit: type=1804 audit(1670043451.835:77): pid=4454 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/37/file0/bus" dev="loop0" ino=263 res=1 errno=0 [pid 4474] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 4453] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 4474] <... ioctl resumed>) = 0 [pid 4474] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4474] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4454] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4454] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4454] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4453] exit_group(0 [pid 4474] <... futex resumed>) = ? [pid 4454] <... futex resumed>) = ? [pid 4453] <... exit_group resumed>) = ? [pid 4474] +++ exited with 0 +++ [pid 4454] +++ exited with 0 +++ [pid 4453] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4453, si_uid=0, si_status=0, si_utime=2, si_stime=25} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./37/binderfs") = 0 [ 71.493823][ T4454] BTRFS info (device loop0): balance: ended with status: 0 umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4475 ./strace-static-x86_64: Process 4475 attached [pid 4475] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4475] chdir("./38") = 0 [pid 4475] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4475] setpgid(0, 0) = 0 [pid 4475] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4475] write(3, "1000", 4) = 4 [pid 4475] close(3) = 0 [pid 4475] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4475] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4475] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4475] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4475] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4476], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4476 [pid 4475] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4475] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4476 attached [pid 4476] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4476] memfd_create("syzkaller", 0) = 3 [pid 4476] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4476] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4476] munmap(0x7fdb59200000, 16777216) = 0 [pid 4476] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4476] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4476] close(3) = 0 [pid 4476] mkdir("./file0", 0777) = 0 [ 71.947480][ T4476] loop0: detected capacity change from 0 to 32768 [ 71.960515][ T4476] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 71.970072][ T4476] BTRFS info (device loop0): force clearing of disk cache [ 71.977621][ T4476] BTRFS info (device loop0): setting nodatasum [ 71.984041][ T4476] BTRFS info (device loop0): allowing degraded mounts [ 71.991247][ T4476] BTRFS info (device loop0): enabling disk space caching [ 71.998572][ T4476] BTRFS info (device loop0): disk space caching is enabled [ 72.018877][ T4476] BTRFS info (device loop0): enabling ssd optimizations [ 72.026775][ T4476] BTRFS info (device loop0): clearing free space tree [ 72.034165][ T4476] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 4476] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4476] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4476] chdir("./file0") = 0 [pid 4476] ioctl(4, LOOP_CLR_FD) = 0 [pid 4476] close(4) = 0 [pid 4476] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4476] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4475] <... futex resumed>) = 0 [pid 4475] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4476] <... futex resumed>) = 0 [pid 4475] <... futex resumed>) = 1 [pid 4476] open("./file0", O_RDONLY [pid 4475] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4476] <... open resumed>) = 4 [pid 4476] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4475] <... futex resumed>) = 0 [pid 4476] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 4475] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4475] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4476] <... open resumed>) = 5 [pid 4476] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4475] <... futex resumed>) = 0 [pid 4476] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4475] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4476] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4475] <... futex resumed>) = 0 [pid 4476] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 4475] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4476] <... ioctl resumed>) = 0 [pid 4476] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4475] <... futex resumed>) = 0 [pid 4475] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4476] creat("./bus", 000 [pid 4475] <... futex resumed>) = 0 [pid 4476] <... creat resumed>) = 6 [pid 4475] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4476] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4475] <... futex resumed>) = 0 [pid 4475] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4475] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4476] ftruncate(6, 2048) = 0 [pid 4476] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4475] <... futex resumed>) = 0 [pid 4475] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4475] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4476] <... futex resumed>) = 1 [ 72.044212][ T4476] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 72.058989][ T4476] BTRFS info (device loop0): checking UUID tree [ 72.073984][ T27] audit: type=1800 audit(1670043452.575:78): pid=4476 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 4476] open("./bus", O_RDONLY) = 7 [pid 4476] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4475] <... futex resumed>) = 0 [pid 4475] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4475] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4476] <... futex resumed>) = 1 [pid 4476] sendfile(6, 7, NULL, 65536) = 2048 [pid 4476] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4475] <... futex resumed>) = 0 [pid 4475] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4475] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4476] <... futex resumed>) = 1 [pid 4476] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 4476] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4475] <... futex resumed>) = 0 [pid 4475] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4475] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4476] <... futex resumed>) = 1 [ 72.108758][ T27] audit: type=1804 audit(1670043452.615:79): pid=4476 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/38/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 72.115460][ T9] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 72.152813][ T4476] BTRFS info (device loop0): balance: start -s [pid 4476] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 4475] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 4475] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4475] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 4475] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4475] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4496], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 4496 [pid 4475] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4475] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4496 attached [pid 4496] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 4496] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 4476] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4476] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4476] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4496] <... ioctl resumed>) = 0 [pid 4496] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4475] <... futex resumed>) = 0 [pid 4496] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4475] exit_group(0 [pid 4496] <... futex resumed>) = ? [pid 4476] <... futex resumed>) = ? [pid 4475] <... exit_group resumed>) = ? [pid 4476] +++ exited with 0 +++ [ 72.161413][ T4476] BTRFS info (device loop0): relocating block group 1048576 flags system [ 72.196893][ T4476] BTRFS info (device loop0): balance: ended with status: 0 [pid 4496] +++ exited with 0 +++ [pid 4475] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4475, si_uid=0, si_status=0, si_utime=1, si_stime=32} --- umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./38/binderfs") = 0 umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./38/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4497 ./strace-static-x86_64: Process 4497 attached [pid 4497] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4497] chdir("./39") = 0 [pid 4497] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4497] setpgid(0, 0) = 0 [pid 4497] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4497] write(3, "1000", 4) = 4 [pid 4497] close(3) = 0 [pid 4497] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4497] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4497] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4497] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4497] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4498], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4498 [pid 4497] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4497] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4498 attached [pid 4498] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4498] memfd_create("syzkaller", 0) = 3 [pid 4498] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4498] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4498] munmap(0x7fdb59200000, 16777216) = 0 [pid 4498] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4498] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4498] close(3) = 0 [pid 4498] mkdir("./file0", 0777) = 0 [ 72.510081][ T4498] loop0: detected capacity change from 0 to 32768 [ 72.522515][ T4498] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 72.531851][ T4498] BTRFS info (device loop0): force clearing of disk cache [ 72.539060][ T4498] BTRFS info (device loop0): setting nodatasum [ 72.545264][ T4498] BTRFS info (device loop0): allowing degraded mounts [ 72.552094][ T4498] BTRFS info (device loop0): enabling disk space caching [ 72.559143][ T4498] BTRFS info (device loop0): disk space caching is enabled [ 72.575813][ T4498] BTRFS info (device loop0): enabling ssd optimizations [ 72.583930][ T4498] BTRFS info (device loop0): clearing free space tree [ 72.590759][ T4498] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 4498] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4498] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4498] chdir("./file0") = 0 [pid 4498] ioctl(4, LOOP_CLR_FD) = 0 [pid 4498] close(4) = 0 [pid 4498] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4497] <... futex resumed>) = 0 [pid 4498] open("./file0", O_RDONLY [pid 4497] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4497] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4498] <... open resumed>) = 4 [pid 4498] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4497] <... futex resumed>) = 0 [pid 4497] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4497] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 72.600768][ T4498] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 72.613962][ T4498] BTRFS info (device loop0): checking UUID tree [pid 4498] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 4498] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4497] <... futex resumed>) = 0 [pid 4497] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4497] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4498] <... futex resumed>) = 1 [pid 4498] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 4498] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4497] <... futex resumed>) = 0 [pid 4497] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4497] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4498] <... futex resumed>) = 1 [pid 4498] creat("./bus", 000) = 6 [pid 4498] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4497] <... futex resumed>) = 0 [pid 4497] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4497] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4498] <... futex resumed>) = 1 [pid 4498] ftruncate(6, 2048) = 0 [pid 4498] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4497] <... futex resumed>) = 0 [pid 4497] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4497] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4498] <... futex resumed>) = 1 [pid 4498] open("./bus", O_RDONLY) = 7 [ 72.660108][ T27] audit: type=1800 audit(1670043453.165:80): pid=4498 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 4498] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4497] <... futex resumed>) = 0 [pid 4497] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4497] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4498] <... futex resumed>) = 1 [pid 4498] sendfile(6, 7, NULL, 65536) = 2048 [pid 4498] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4497] <... futex resumed>) = 0 [pid 4497] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4497] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4498] <... futex resumed>) = 1 [pid 4498] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 4498] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4497] <... futex resumed>) = 0 [pid 4497] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4497] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4498] <... futex resumed>) = 1 [ 72.710879][ T27] audit: type=1804 audit(1670043453.215:81): pid=4498 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/39/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 72.712858][ T33] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 4498] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 4497] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 4497] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4497] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 4497] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4497] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4518], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 4518 [pid 4497] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4497] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4518 attached [pid 4518] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 4518] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 4498] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4498] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 72.761541][ T4498] BTRFS info (device loop0): balance: start -s [ 72.769929][ T4498] BTRFS info (device loop0): relocating block group 1048576 flags system [ 72.799538][ T4498] BTRFS info (device loop0): balance: ended with status: 0 [pid 4498] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4518] <... ioctl resumed>) = 0 [pid 4518] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4497] <... futex resumed>) = 0 [pid 4518] <... futex resumed>) = 1 [pid 4497] exit_group(0 [pid 4518] ????( [pid 4497] <... exit_group resumed>) = ? [pid 4518] <... ???? resumed>) = ? [pid 4518] +++ exited with 0 +++ [pid 4498] <... futex resumed>) = ? [pid 4498] +++ exited with 0 +++ [pid 4497] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4497, si_uid=0, si_status=0, si_utime=3, si_stime=28} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./39/binderfs") = 0 umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4519 ./strace-static-x86_64: Process 4519 attached [pid 4519] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4519] chdir("./40") = 0 [pid 4519] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4519] setpgid(0, 0) = 0 [pid 4519] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4519] write(3, "1000", 4) = 4 [pid 4519] close(3) = 0 [pid 4519] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4519] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4519] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4519] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4519] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4520], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4520 [pid 4519] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4519] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4520 attached [pid 4520] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4520] memfd_create("syzkaller", 0) = 3 [pid 4520] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4520] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4520] munmap(0x7fdb59200000, 16777216) = 0 [pid 4520] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4520] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4520] close(3) = 0 [pid 4520] mkdir("./file0", 0777) = 0 [ 73.120758][ T4520] loop0: detected capacity change from 0 to 32768 [ 73.134786][ T4520] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 73.144517][ T4520] BTRFS info (device loop0): force clearing of disk cache [ 73.151840][ T4520] BTRFS info (device loop0): setting nodatasum [ 73.158258][ T4520] BTRFS info (device loop0): allowing degraded mounts [ 73.165047][ T4520] BTRFS info (device loop0): enabling disk space caching [ 73.172480][ T4520] BTRFS info (device loop0): disk space caching is enabled [ 73.191388][ T4520] BTRFS info (device loop0): enabling ssd optimizations [ 73.203811][ T4520] BTRFS info (device loop0): clearing free space tree [ 73.210750][ T4520] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 4520] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4520] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4520] chdir("./file0") = 0 [pid 4520] ioctl(4, LOOP_CLR_FD) = 0 [pid 4520] close(4) = 0 [pid 4520] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4519] <... futex resumed>) = 0 [pid 4520] open("./file0", O_RDONLY [pid 4519] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4520] <... open resumed>) = 4 [pid 4519] <... futex resumed>) = 0 [pid 4520] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4519] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4520] <... futex resumed>) = 0 [pid 4519] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4520] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4519] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4520] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4519] <... futex resumed>) = 0 [pid 4520] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 4519] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4520] <... open resumed>) = 5 [pid 4520] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 73.220466][ T4520] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 73.234089][ T4520] BTRFS info (device loop0): checking UUID tree [pid 4520] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4519] <... futex resumed>) = 0 [pid 4519] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4520] <... futex resumed>) = 0 [pid 4519] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4520] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 4520] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4519] <... futex resumed>) = 0 [pid 4520] creat("./bus", 000 [pid 4519] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4520] <... creat resumed>) = 6 [pid 4519] <... futex resumed>) = 0 [pid 4519] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4520] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4519] <... futex resumed>) = 0 [pid 4519] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4519] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4520] <... futex resumed>) = 1 [pid 4520] ftruncate(6, 2048) = 0 [pid 4520] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4519] <... futex resumed>) = 0 [pid 4519] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4519] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4520] <... futex resumed>) = 1 [ 73.258808][ T27] audit: type=1800 audit(1670043453.765:82): pid=4520 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 73.300111][ T9] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 4520] open("./bus", O_RDONLY) = 7 [pid 4520] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4520] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4519] <... futex resumed>) = 0 [pid 4519] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4520] <... futex resumed>) = 0 [pid 4519] <... futex resumed>) = 1 [pid 4519] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4520] sendfile(6, 7, NULL, 65536) = 2048 [pid 4520] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4520] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4519] <... futex resumed>) = 0 [pid 4519] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4520] <... futex resumed>) = 0 [pid 4519] <... futex resumed>) = 1 [pid 4520] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 4519] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4520] <... openat resumed>) = 8 [pid 4520] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4519] <... futex resumed>) = 0 [pid 4520] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4519] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4520] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4519] <... futex resumed>) = 0 [pid 4520] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 73.302636][ T27] audit: type=1804 audit(1670043453.805:83): pid=4520 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/40/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 73.350982][ T4520] BTRFS info (device loop0): balance: start -s [ 73.359129][ T4520] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 4519] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4520] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4520] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4519] <... futex resumed>) = 0 [pid 4520] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4519] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4520] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4519] <... futex resumed>) = 0 [pid 4520] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 4519] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4520] <... ioctl resumed>) = 0 [pid 4520] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4519] <... futex resumed>) = 0 [pid 4520] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4519] exit_group(0 [pid 4520] <... futex resumed>) = ? [pid 4519] <... exit_group resumed>) = ? [pid 4520] +++ exited with 0 +++ [pid 4519] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4519, si_uid=0, si_status=0, si_utime=0, si_stime=30} --- umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./40/binderfs") = 0 [ 73.382617][ T4520] BTRFS info (device loop0): balance: ended with status: 0 umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./40/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4540 attached , child_tidptr=0x55555746f5d0) = 4540 [pid 4540] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4540] chdir("./41") = 0 [pid 4540] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4540] setpgid(0, 0) = 0 [pid 4540] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4540] write(3, "1000", 4) = 4 [pid 4540] close(3) = 0 [pid 4540] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4540] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4540] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4540] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4540] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4541], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4541 ./strace-static-x86_64: Process 4541 attached [pid 4541] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4541] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4540] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4541] <... futex resumed>) = 0 [pid 4541] memfd_create("syzkaller", 0) = 3 [pid 4541] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4540] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4541] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4541] munmap(0x7fdb59200000, 16777216) = 0 [pid 4541] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4541] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4541] close(3) = 0 [pid 4541] mkdir("./file0", 0777) = 0 [ 73.723073][ T4541] loop0: detected capacity change from 0 to 32768 [ 73.735505][ T4541] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 73.745174][ T4541] BTRFS info (device loop0): force clearing of disk cache [ 73.752530][ T4541] BTRFS info (device loop0): setting nodatasum [ 73.758960][ T4541] BTRFS info (device loop0): allowing degraded mounts [ 73.765735][ T4541] BTRFS info (device loop0): enabling disk space caching [ 73.773128][ T4541] BTRFS info (device loop0): disk space caching is enabled [ 73.790351][ T4541] BTRFS info (device loop0): enabling ssd optimizations [ 73.798320][ T4541] BTRFS info (device loop0): clearing free space tree [ 73.805128][ T4541] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 4541] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4541] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4541] chdir("./file0") = 0 [pid 4541] ioctl(4, LOOP_CLR_FD) = 0 [pid 4541] close(4) = 0 [pid 4541] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4541] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4540] <... futex resumed>) = 0 [pid 4540] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4540] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4541] <... futex resumed>) = 0 [pid 4541] open("./file0", O_RDONLY) = 4 [pid 4541] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4540] <... futex resumed>) = 0 [pid 4540] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4540] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 73.814868][ T4541] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 73.828495][ T4541] BTRFS info (device loop0): checking UUID tree [pid 4541] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 4541] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4540] <... futex resumed>) = 0 [pid 4540] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4541] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 4540] <... futex resumed>) = 0 [pid 4540] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4541] <... ioctl resumed>) = 0 [pid 4541] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4540] <... futex resumed>) = 0 [pid 4541] <... futex resumed>) = 1 [pid 4540] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4540] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4541] creat("./bus", 000) = 6 [pid 4541] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4540] <... futex resumed>) = 0 [pid 4541] <... futex resumed>) = 1 [pid 4540] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4541] ftruncate(6, 2048 [pid 4540] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4541] <... ftruncate resumed>) = 0 [pid 4541] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4540] <... futex resumed>) = 0 [pid 4541] <... futex resumed>) = 1 [pid 4540] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4540] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 73.860123][ T27] audit: type=1800 audit(1670043454.365:84): pid=4541 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 4541] open("./bus", O_RDONLY) = 7 [pid 4541] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4540] <... futex resumed>) = 0 [pid 4541] <... futex resumed>) = 1 [pid 4540] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4541] sendfile(6, 7, NULL, 65536 [pid 4540] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4541] <... sendfile resumed>) = 2048 [pid 4541] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4540] <... futex resumed>) = 0 [pid 4541] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 4540] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4540] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4541] <... openat resumed>) = 8 [pid 4541] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4540] <... futex resumed>) = 0 [pid 4541] <... futex resumed>) = 1 [pid 4540] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4541] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 4540] <... futex resumed>) = 0 [ 73.913053][ T27] audit: type=1804 audit(1670043454.415:85): pid=4541 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/41/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 73.944580][ T9] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 73.962830][ T4541] BTRFS info (device loop0): balance: start -s [pid 4540] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4541] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4541] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4540] <... futex resumed>) = 0 [pid 4541] <... futex resumed>) = 1 [pid 4540] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4541] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 4540] <... futex resumed>) = 0 [pid 4540] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4541] <... ioctl resumed>) = 0 [pid 4541] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4540] <... futex resumed>) = 0 [pid 4541] <... futex resumed>) = 1 [pid 4540] exit_group(0 [pid 4541] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4540] <... exit_group resumed>) = ? [pid 4541] <... futex resumed>) = ? [pid 4541] +++ exited with 0 +++ [pid 4540] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4540, si_uid=0, si_status=0, si_utime=2, si_stime=30} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./41/binderfs") = 0 [ 73.971106][ T4541] BTRFS info (device loop0): relocating block group 1048576 flags system [ 73.994606][ T4541] BTRFS info (device loop0): balance: ended with status: 0 umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./41/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4561 ./strace-static-x86_64: Process 4561 attached [pid 4561] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4561] chdir("./42") = 0 [pid 4561] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4561] setpgid(0, 0) = 0 [pid 4561] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4561] write(3, "1000", 4) = 4 [pid 4561] close(3) = 0 [pid 4561] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4561] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4561] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4561] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4561] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4562 attached , parent_tid=[4562], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4562 [pid 4562] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4562] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4561] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4562] <... futex resumed>) = 0 [pid 4562] memfd_create("syzkaller", 0) = 3 [pid 4562] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4561] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4562] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4562] munmap(0x7fdb59200000, 16777216) = 0 [pid 4562] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4562] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4562] close(3) = 0 [pid 4562] mkdir("./file0", 0777) = 0 [ 74.314951][ T4562] loop0: detected capacity change from 0 to 32768 [ 74.328149][ T4562] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 74.337444][ T4562] BTRFS info (device loop0): force clearing of disk cache [ 74.344563][ T4562] BTRFS info (device loop0): setting nodatasum [ 74.350960][ T4562] BTRFS info (device loop0): allowing degraded mounts [ 74.358040][ T4562] BTRFS info (device loop0): enabling disk space caching [ 74.365091][ T4562] BTRFS info (device loop0): disk space caching is enabled [ 74.382848][ T4562] BTRFS info (device loop0): enabling ssd optimizations [ 74.390695][ T4562] BTRFS info (device loop0): clearing free space tree [ 74.397919][ T4562] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 4562] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4562] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4562] chdir("./file0") = 0 [pid 4562] ioctl(4, LOOP_CLR_FD) = 0 [pid 4562] close(4) = 0 [pid 4562] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4561] <... futex resumed>) = 0 [pid 4562] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4561] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4561] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4562] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4562] open("./file0", O_RDONLY) = 4 [pid 4562] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4561] <... futex resumed>) = 0 [pid 4562] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4561] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4562] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4561] <... futex resumed>) = 0 [pid 4562] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 4561] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4562] <... open resumed>) = 5 [pid 4562] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4561] <... futex resumed>) = 0 [pid 4562] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4561] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4561] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4562] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4562] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 4562] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4561] <... futex resumed>) = 0 [pid 4561] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4562] creat("./bus", 000 [pid 4561] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4562] <... creat resumed>) = 6 [pid 4562] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4561] <... futex resumed>) = 0 [pid 4561] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 74.407975][ T4562] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 74.422244][ T4562] BTRFS info (device loop0): checking UUID tree [pid 4561] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4562] ftruncate(6, 2048) = 0 [pid 4562] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4562] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4561] <... futex resumed>) = 0 [pid 4561] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4562] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4561] <... futex resumed>) = 0 [pid 4561] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4562] open("./bus", O_RDONLY) = 7 [pid 4562] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4561] <... futex resumed>) = 0 [pid 4561] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4562] sendfile(6, 7, NULL, 65536 [pid 4561] <... futex resumed>) = 0 [pid 4561] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4562] <... sendfile resumed>) = 2048 [pid 4562] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4561] <... futex resumed>) = 0 [pid 4562] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 4561] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4561] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4562] <... openat resumed>) = 8 [pid 4562] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4562] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4561] <... futex resumed>) = 0 [pid 4561] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4561] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4562] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 74.467625][ T9] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 74.498593][ T4562] BTRFS info (device loop0): balance: start -s [ 74.506872][ T4562] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 4562] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 4561] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 4561] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4561] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 4561] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4561] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4582], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 4582 [pid 4561] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4561] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4562] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4562] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4562] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 4582 attached [pid 4582] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 4582] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 4582] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4561] <... futex resumed>) = 0 [pid 4561] exit_group(0) = ? [pid 4562] <... futex resumed>) = ? [pid 4582] <... futex resumed>) = ? [pid 4582] +++ exited with 0 +++ [pid 4562] +++ exited with 0 +++ [pid 4561] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4561, si_uid=0, si_status=0, si_utime=2, si_stime=27} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./42/binderfs") = 0 [ 74.532914][ T4562] BTRFS info (device loop0): balance: ended with status: 0 umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./42/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4584 ./strace-static-x86_64: Process 4584 attached [pid 4584] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4584] chdir("./43") = 0 [pid 4584] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4584] setpgid(0, 0) = 0 [pid 4584] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4584] write(3, "1000", 4) = 4 [pid 4584] close(3) = 0 [pid 4584] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4584] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4584] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4584] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4584] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4585], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4585 [pid 4584] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4584] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4585 attached [pid 4585] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4585] memfd_create("syzkaller", 0) = 3 [pid 4585] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4585] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4585] munmap(0x7fdb59200000, 16777216) = 0 [pid 4585] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4585] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4585] close(3) = 0 [pid 4585] mkdir("./file0", 0777) = 0 [ 74.860050][ T4585] loop0: detected capacity change from 0 to 32768 [ 74.874221][ T4585] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 74.883603][ T4585] BTRFS info (device loop0): force clearing of disk cache [ 74.891081][ T4585] BTRFS info (device loop0): setting nodatasum [ 74.897319][ T4585] BTRFS info (device loop0): allowing degraded mounts [pid 4585] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4585] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4585] chdir("./file0") = 0 [pid 4585] ioctl(4, LOOP_CLR_FD) = 0 [pid 4585] close(4) = 0 [pid 4585] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4585] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4584] <... futex resumed>) = 0 [pid 4584] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4584] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4585] <... futex resumed>) = 0 [pid 4585] open("./file0", O_RDONLY) = 4 [pid 4585] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4584] <... futex resumed>) = 0 [pid 4584] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4584] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4585] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 4585] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4584] <... futex resumed>) = 0 [pid 4585] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4584] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4585] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4584] <... futex resumed>) = 0 [pid 4585] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 4584] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4585] <... ioctl resumed>) = 0 [pid 4585] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4584] <... futex resumed>) = 0 [pid 4585] <... futex resumed>) = 1 [ 74.904097][ T4585] BTRFS info (device loop0): enabling disk space caching [ 74.911463][ T4585] BTRFS info (device loop0): disk space caching is enabled [ 74.930890][ T4585] BTRFS info (device loop0): enabling ssd optimizations [pid 4584] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4585] creat("./bus", 000 [pid 4584] <... futex resumed>) = 0 [pid 4584] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4585] <... creat resumed>) = 6 [pid 4585] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4584] <... futex resumed>) = 0 [pid 4585] <... futex resumed>) = 1 [pid 4584] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4585] ftruncate(6, 2048 [pid 4584] <... futex resumed>) = 0 [pid 4584] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4585] <... ftruncate resumed>) = 0 [pid 4585] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4584] <... futex resumed>) = 0 [pid 4584] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4585] open("./bus", O_RDONLY [pid 4584] <... futex resumed>) = 0 [pid 4585] <... open resumed>) = 7 [pid 4584] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4585] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4584] <... futex resumed>) = 0 [pid 4584] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4585] sendfile(6, 7, NULL, 65536 [pid 4584] <... futex resumed>) = 0 [pid 4584] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4585] <... sendfile resumed>) = 2048 [pid 4585] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4584] <... futex resumed>) = 0 [pid 4585] <... futex resumed>) = 1 [pid 4584] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4585] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 4584] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4585] <... openat resumed>) = 8 [pid 4585] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4584] <... futex resumed>) = 0 [pid 4585] <... futex resumed>) = 1 [pid 4584] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4585] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 4584] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4585] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4585] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4584] <... futex resumed>) = 0 [pid 4585] <... futex resumed>) = 1 [pid 4584] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4585] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 4584] <... futex resumed>) = 0 [pid 4584] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4585] <... ioctl resumed>) = 0 [pid 4585] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4584] <... futex resumed>) = 0 [pid 4585] <... futex resumed>) = 1 [pid 4584] exit_group(0 [pid 4585] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4584] <... exit_group resumed>) = ? [pid 4585] <... futex resumed>) = ? [pid 4585] +++ exited with 0 +++ [pid 4584] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4584, si_uid=0, si_status=0, si_utime=3, si_stime=21} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./43/binderfs") = 0 umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./43/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4605 ./strace-static-x86_64: Process 4605 attached [pid 4605] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4605] chdir("./44") = 0 [pid 4605] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4605] setpgid(0, 0) = 0 [pid 4605] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4605] write(3, "1000", 4) = 4 [pid 4605] close(3) = 0 [pid 4605] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4605] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4605] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4605] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4605] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4606], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4606 [pid 4605] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4605] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4606 attached [pid 4606] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4606] memfd_create("syzkaller", 0) = 3 [pid 4606] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4606] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4606] munmap(0x7fdb59200000, 16777216) = 0 [pid 4606] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4606] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4606] close(3) = 0 [pid 4606] mkdir("./file0", 0777) = 0 [pid 4606] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4606] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4606] chdir("./file0") = 0 [pid 4606] ioctl(4, LOOP_CLR_FD) = 0 [pid 4606] close(4) = 0 [pid 4606] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4605] <... futex resumed>) = 0 [pid 4605] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4605] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4606] <... futex resumed>) = 1 [pid 4606] open("./file0", O_RDONLY) = 4 [pid 4606] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4605] <... futex resumed>) = 0 [pid 4605] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4605] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4606] <... futex resumed>) = 1 [pid 4606] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 4606] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4605] <... futex resumed>) = 0 [pid 4605] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4605] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4606] <... futex resumed>) = 1 [pid 4606] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 4606] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4605] <... futex resumed>) = 0 [pid 4605] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4605] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4606] <... futex resumed>) = 1 [pid 4606] creat("./bus", 000) = 6 [pid 4606] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4605] <... futex resumed>) = 0 [pid 4605] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4605] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4606] <... futex resumed>) = 1 [pid 4606] ftruncate(6, 2048) = 0 [pid 4606] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4605] <... futex resumed>) = 0 [pid 4605] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4605] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4606] <... futex resumed>) = 1 [pid 4606] open("./bus", O_RDONLY) = 7 [pid 4606] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4605] <... futex resumed>) = 0 [pid 4605] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4605] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4606] <... futex resumed>) = 1 [pid 4606] sendfile(6, 7, NULL, 65536) = 2048 [pid 4606] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4605] <... futex resumed>) = 0 [pid 4605] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4605] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4606] <... futex resumed>) = 1 [ 75.382679][ T4606] loop0: detected capacity change from 0 to 32768 [pid 4606] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 4606] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4605] <... futex resumed>) = 0 [pid 4605] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4605] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4606] <... futex resumed>) = 1 [pid 4606] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4606] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4605] <... futex resumed>) = 0 [pid 4605] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4605] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4606] <... futex resumed>) = 1 [pid 4606] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 4606] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4605] <... futex resumed>) = 0 [pid 4606] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4605] exit_group(0 [pid 4606] <... futex resumed>) = ? [pid 4605] <... exit_group resumed>) = ? [pid 4606] +++ exited with 0 +++ [pid 4605] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4605, si_uid=0, si_status=0, si_utime=1, si_stime=18} --- umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./44/binderfs") = 0 umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./44/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4626 ./strace-static-x86_64: Process 4626 attached [pid 4626] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4626] chdir("./45") = 0 [pid 4626] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4626] setpgid(0, 0) = 0 [pid 4626] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4626] write(3, "1000", 4) = 4 [pid 4626] close(3) = 0 [pid 4626] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4626] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4626] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4626] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4626] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4627 attached , parent_tid=[4627], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4627 [pid 4627] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4627] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4626] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4627] <... futex resumed>) = 0 [pid 4626] <... futex resumed>) = 1 [pid 4626] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4627] memfd_create("syzkaller", 0) = 3 [pid 4627] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4627] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4627] munmap(0x7fdb59200000, 16777216) = 0 [pid 4627] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4627] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4627] close(3) = 0 [pid 4627] mkdir("./file0", 0777) = 0 [ 75.858566][ T4627] loop0: detected capacity change from 0 to 32768 [ 75.870265][ T4627] _btrfs_printk: 23 callbacks suppressed [ 75.870280][ T4627] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 75.885632][ T4627] BTRFS info (device loop0): force clearing of disk cache [ 75.893120][ T4627] BTRFS info (device loop0): setting nodatasum [ 75.899361][ T4627] BTRFS info (device loop0): allowing degraded mounts [ 75.906134][ T4627] BTRFS info (device loop0): enabling disk space caching [ 75.913243][ T4627] BTRFS info (device loop0): disk space caching is enabled [ 75.932136][ T4627] BTRFS info (device loop0): enabling ssd optimizations [ 75.940176][ T4627] BTRFS info (device loop0): clearing free space tree [ 75.947031][ T4627] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 4627] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4627] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4627] chdir("./file0") = 0 [pid 4627] ioctl(4, LOOP_CLR_FD) = 0 [pid 4627] close(4) = 0 [pid 4627] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4626] <... futex resumed>) = 0 [pid 4627] open("./file0", O_RDONLY [pid 4626] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4627] <... open resumed>) = 4 [pid 4626] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4627] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4626] <... futex resumed>) = 0 [pid 4626] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4626] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4627] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 4627] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4627] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4626] <... futex resumed>) = 0 [pid 4626] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4626] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4627] <... futex resumed>) = 0 [ 75.957670][ T4627] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 75.971148][ T4627] BTRFS info (device loop0): checking UUID tree [pid 4627] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 4627] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4626] <... futex resumed>) = 0 [pid 4626] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4627] creat("./bus", 000 [pid 4626] <... futex resumed>) = 0 [pid 4626] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4627] <... creat resumed>) = 6 [pid 4627] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4626] <... futex resumed>) = 0 [pid 4627] ftruncate(6, 2048 [pid 4626] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4626] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4627] <... ftruncate resumed>) = 0 [pid 4627] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4626] <... futex resumed>) = 0 [pid 4626] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4626] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4627] open("./bus", O_RDONLY) = 7 [pid 4627] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4627] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4626] <... futex resumed>) = 0 [pid 4627] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4626] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4627] sendfile(6, 7, NULL, 65536 [pid 4626] <... futex resumed>) = 0 [pid 4627] <... sendfile resumed>) = 2048 [pid 4626] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4627] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4626] <... futex resumed>) = 0 [pid 4627] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 4626] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4627] <... openat resumed>) = 8 [pid 4626] <... futex resumed>) = 0 [pid 4627] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4626] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4627] <... futex resumed>) = 0 [pid 4626] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4627] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 4626] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 76.035592][ T56] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 76.060606][ T4627] BTRFS info (device loop0): balance: start -s [ 76.068921][ T4627] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 4626] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4627] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4627] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4626] <... futex resumed>) = 0 [pid 4626] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4627] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 4626] <... futex resumed>) = 0 [pid 4626] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4627] <... ioctl resumed>) = 0 [pid 4627] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4626] <... futex resumed>) = 0 [pid 4627] <... futex resumed>) = 1 [pid 4627] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4626] exit_group(0 [pid 4627] <... futex resumed>) = ? [pid 4626] <... exit_group resumed>) = ? [pid 4627] +++ exited with 0 +++ [pid 4626] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4626, si_uid=0, si_status=0, si_utime=0, si_stime=29} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./45/binderfs") = 0 [ 76.092930][ T4627] BTRFS info (device loop0): balance: ended with status: 0 umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./45/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4647 ./strace-static-x86_64: Process 4647 attached [pid 4647] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4647] chdir("./46") = 0 [pid 4647] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4647] setpgid(0, 0) = 0 [pid 4647] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4647] write(3, "1000", 4) = 4 [pid 4647] close(3) = 0 [pid 4647] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4647] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4647] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4647] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4647] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4648], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4648 [pid 4647] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4647] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4648 attached [pid 4648] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4648] memfd_create("syzkaller", 0) = 3 [pid 4648] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [ 76.278664][ T14] cfg80211: failed to load regulatory.db [pid 4648] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4648] munmap(0x7fdb59200000, 16777216) = 0 [pid 4648] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4648] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4648] close(3) = 0 [pid 4648] mkdir("./file0", 0777) = 0 [ 76.430182][ T4648] loop0: detected capacity change from 0 to 32768 [ 76.443738][ T4648] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 76.453090][ T4648] BTRFS info (device loop0): force clearing of disk cache [ 76.460312][ T4648] BTRFS info (device loop0): setting nodatasum [ 76.466524][ T4648] BTRFS info (device loop0): allowing degraded mounts [ 76.473375][ T4648] BTRFS info (device loop0): enabling disk space caching [ 76.480429][ T4648] BTRFS info (device loop0): disk space caching is enabled [ 76.499442][ T4648] BTRFS info (device loop0): enabling ssd optimizations [ 76.507807][ T4648] BTRFS info (device loop0): clearing free space tree [ 76.514678][ T4648] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 4648] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4648] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4648] chdir("./file0") = 0 [pid 4648] ioctl(4, LOOP_CLR_FD) = 0 [pid 4648] close(4) = 0 [pid 4648] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4647] <... futex resumed>) = 0 [pid 4648] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4647] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4648] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4647] <... futex resumed>) = 0 [pid 4648] open("./file0", O_RDONLY [pid 4647] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4648] <... open resumed>) = 4 [pid 4648] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4647] <... futex resumed>) = 0 [pid 4648] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 4647] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 76.524768][ T4648] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 76.538936][ T4648] BTRFS info (device loop0): checking UUID tree [pid 4647] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4648] <... open resumed>) = 5 [pid 4648] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4647] <... futex resumed>) = 0 [pid 4648] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 4647] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4647] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4648] <... ioctl resumed>) = 0 [pid 4648] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4647] <... futex resumed>) = 0 [pid 4648] creat("./bus", 000 [pid 4647] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4648] <... creat resumed>) = 6 [pid 4647] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4648] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4647] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4648] <... futex resumed>) = 0 [pid 4647] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4648] ftruncate(6, 2048 [pid 4647] <... futex resumed>) = 0 [pid 4647] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4648] <... ftruncate resumed>) = 0 [pid 4648] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4647] <... futex resumed>) = 0 [pid 4648] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4647] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4648] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4647] <... futex resumed>) = 0 [pid 4648] open("./bus", O_RDONLY [pid 4647] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4648] <... open resumed>) = 7 [ 76.572481][ T27] kauditd_printk_skb: 8 callbacks suppressed [ 76.572494][ T27] audit: type=1800 audit(1670043457.075:94): pid=4648 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 4648] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4648] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4647] <... futex resumed>) = 0 [pid 4647] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4648] <... futex resumed>) = 0 [pid 4647] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4648] sendfile(6, 7, NULL, 65536) = 2048 [pid 4648] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4647] <... futex resumed>) = 0 [pid 4648] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 4647] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4648] <... openat resumed>) = 8 [pid 4647] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4648] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4647] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4648] <... futex resumed>) = 0 [pid 4647] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4648] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 4647] <... futex resumed>) = 0 [ 76.621324][ T27] audit: type=1804 audit(1670043457.125:95): pid=4648 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/46/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 76.644734][ T33] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 76.665607][ T4648] BTRFS info (device loop0): balance: start -s [pid 4647] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4648] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4648] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4647] <... futex resumed>) = 0 [pid 4647] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4648] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 4647] <... futex resumed>) = 0 [pid 4647] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4648] <... ioctl resumed>) = 0 [pid 4648] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4647] <... futex resumed>) = 0 [pid 4648] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4647] exit_group(0) = ? [pid 4648] <... futex resumed>) = ? [pid 4648] +++ exited with 0 +++ [pid 4647] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4647, si_uid=0, si_status=0, si_utime=3, si_stime=29} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./46/binderfs") = 0 [ 76.673401][ T4648] BTRFS info (device loop0): relocating block group 1048576 flags system [ 76.696741][ T4648] BTRFS info (device loop0): balance: ended with status: 0 umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./46/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4668 attached , child_tidptr=0x55555746f5d0) = 4668 [pid 4668] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4668] chdir("./47") = 0 [pid 4668] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4668] setpgid(0, 0) = 0 [pid 4668] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4668] write(3, "1000", 4) = 4 [pid 4668] close(3) = 0 [pid 4668] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4668] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4668] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4668] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4668] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4669], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4669 ./strace-static-x86_64: Process 4669 attached [pid 4669] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4669] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4668] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4669] <... futex resumed>) = 0 [pid 4668] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4669] memfd_create("syzkaller", 0) = 3 [pid 4669] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4669] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4669] munmap(0x7fdb59200000, 16777216) = 0 [pid 4669] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4669] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4669] close(3) = 0 [pid 4669] mkdir("./file0", 0777) = 0 [ 77.012498][ T4669] loop0: detected capacity change from 0 to 32768 [ 77.026594][ T4669] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 77.036186][ T4669] BTRFS info (device loop0): force clearing of disk cache [ 77.043653][ T4669] BTRFS info (device loop0): setting nodatasum [ 77.050078][ T4669] BTRFS info (device loop0): allowing degraded mounts [ 77.057137][ T4669] BTRFS info (device loop0): enabling disk space caching [ 77.064550][ T4669] BTRFS info (device loop0): disk space caching is enabled [ 77.084039][ T4669] BTRFS info (device loop0): enabling ssd optimizations [ 77.092412][ T4669] BTRFS info (device loop0): clearing free space tree [ 77.099256][ T4669] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 4669] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4669] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4669] chdir("./file0") = 0 [pid 4669] ioctl(4, LOOP_CLR_FD) = 0 [pid 4669] close(4) = 0 [pid 4669] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4668] <... futex resumed>) = 0 [pid 4669] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4668] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4669] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4668] <... futex resumed>) = 0 [pid 4669] open("./file0", O_RDONLY [pid 4668] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4669] <... open resumed>) = 4 [pid 4669] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4668] <... futex resumed>) = 0 [pid 4669] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4668] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4669] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4668] <... futex resumed>) = 0 [pid 4669] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 4668] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4669] <... open resumed>) = 5 [pid 4669] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4668] <... futex resumed>) = 0 [pid 4669] <... futex resumed>) = 1 [pid 4668] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4669] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 4668] <... futex resumed>) = 0 [pid 4668] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4669] <... ioctl resumed>) = 0 [pid 4669] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4668] <... futex resumed>) = 0 [pid 4669] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4668] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4669] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4668] <... futex resumed>) = 0 [pid 4669] creat("./bus", 000 [pid 4668] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4669] <... creat resumed>) = 6 [pid 4669] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4668] <... futex resumed>) = 0 [pid 4669] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4668] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4669] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4668] <... futex resumed>) = 0 [pid 4669] ftruncate(6, 2048 [pid 4668] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4669] <... ftruncate resumed>) = 0 [pid 4669] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4668] <... futex resumed>) = 0 [pid 4669] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4668] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4669] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4668] <... futex resumed>) = 0 [pid 4669] open("./bus", O_RDONLY [pid 4668] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4669] <... open resumed>) = 7 [ 77.109250][ T4669] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 77.122463][ T4669] BTRFS info (device loop0): checking UUID tree [ 77.141917][ T27] audit: type=1800 audit(1670043457.645:96): pid=4669 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 4669] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4669] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4668] <... futex resumed>) = 0 [pid 4668] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4669] <... futex resumed>) = 0 [pid 4668] <... futex resumed>) = 1 [pid 4669] sendfile(6, 7, NULL, 65536 [pid 4668] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4669] <... sendfile resumed>) = 2048 [pid 4669] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4668] <... futex resumed>) = 0 [pid 4669] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 4668] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4669] <... openat resumed>) = 8 [pid 4668] <... futex resumed>) = 0 [pid 4668] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4669] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4668] <... futex resumed>) = 0 [pid 4668] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4669] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 4668] <... futex resumed>) = 0 [ 77.192955][ T27] audit: type=1804 audit(1670043457.695:97): pid=4669 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/47/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 77.218941][ T56] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 4668] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4669] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4669] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4669] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4668] <... futex resumed>) = 0 [pid 4668] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4669] <... futex resumed>) = 0 [pid 4669] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 4668] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4669] <... ioctl resumed>) = 0 [pid 4669] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4669] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4668] <... futex resumed>) = 0 [ 77.242301][ T4669] BTRFS info (device loop0): balance: start -s [ 77.250922][ T4669] BTRFS info (device loop0): relocating block group 1048576 flags system [ 77.278682][ T4669] BTRFS info (device loop0): balance: ended with status: 0 [pid 4668] exit_group(0) = ? [pid 4669] <... futex resumed>) = ? [pid 4669] +++ exited with 0 +++ [pid 4668] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4668, si_uid=0, si_status=0, si_utime=1, si_stime=28} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./47/binderfs") = 0 umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./47/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4689 ./strace-static-x86_64: Process 4689 attached [pid 4689] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4689] chdir("./48") = 0 [pid 4689] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4689] setpgid(0, 0) = 0 [pid 4689] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4689] write(3, "1000", 4) = 4 [pid 4689] close(3) = 0 [pid 4689] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4689] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4689] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4689] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4689] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4690 attached , parent_tid=[4690], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4690 [pid 4690] set_robust_list(0x7fdb617f69e0, 24 [pid 4689] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4689] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4690] <... set_robust_list resumed>) = 0 [pid 4690] memfd_create("syzkaller", 0) = 3 [pid 4690] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4690] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4690] munmap(0x7fdb59200000, 16777216) = 0 [pid 4690] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4690] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4690] close(3) = 0 [pid 4690] mkdir("./file0", 0777) = 0 [ 77.597065][ T4690] loop0: detected capacity change from 0 to 32768 [ 77.620579][ T4690] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 77.629902][ T4690] BTRFS info (device loop0): force clearing of disk cache [ 77.637043][ T4690] BTRFS info (device loop0): setting nodatasum [ 77.643522][ T4690] BTRFS info (device loop0): allowing degraded mounts [ 77.650350][ T4690] BTRFS info (device loop0): enabling disk space caching [ 77.657442][ T4690] BTRFS info (device loop0): disk space caching is enabled [ 77.675676][ T4690] BTRFS info (device loop0): enabling ssd optimizations [ 77.683737][ T4690] BTRFS info (device loop0): clearing free space tree [pid 4690] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4690] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4690] chdir("./file0") = 0 [pid 4690] ioctl(4, LOOP_CLR_FD) = 0 [pid 4690] close(4) = 0 [pid 4690] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4689] <... futex resumed>) = 0 [pid 4689] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4690] open("./file0", O_RDONLY [pid 4689] <... futex resumed>) = 0 [pid 4689] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4690] <... open resumed>) = 4 [pid 4690] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4689] <... futex resumed>) = 0 [pid 4690] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 4689] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 77.690676][ T4690] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 77.700802][ T4690] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 77.714266][ T4690] BTRFS info (device loop0): checking UUID tree [pid 4689] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4690] <... open resumed>) = 5 [pid 4690] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4689] <... futex resumed>) = 0 [pid 4690] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 4689] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4689] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4690] <... ioctl resumed>) = 0 [pid 4690] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4689] <... futex resumed>) = 0 [pid 4690] creat("./bus", 000 [pid 4689] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4689] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4690] <... creat resumed>) = 6 [pid 4690] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4689] <... futex resumed>) = 0 [pid 4690] ftruncate(6, 2048 [pid 4689] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4689] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4690] <... ftruncate resumed>) = 0 [pid 4690] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4689] <... futex resumed>) = 0 [pid 4690] <... futex resumed>) = 1 [pid 4689] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4690] open("./bus", O_RDONLY [pid 4689] <... futex resumed>) = 0 [ 77.729549][ T27] audit: type=1800 audit(1670043458.235:98): pid=4690 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 4689] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4690] <... open resumed>) = 7 [pid 4690] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4689] <... futex resumed>) = 0 [pid 4690] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4689] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4690] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4689] <... futex resumed>) = 0 [pid 4690] sendfile(6, 7, NULL, 65536 [pid 4689] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4690] <... sendfile resumed>) = 2048 [pid 4690] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4689] <... futex resumed>) = 0 [pid 4690] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4689] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4690] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4689] <... futex resumed>) = 0 [pid 4690] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 4689] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4690] <... openat resumed>) = 8 [pid 4690] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4689] <... futex resumed>) = 0 [pid 4690] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 4689] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 77.769323][ T27] audit: type=1804 audit(1670043458.275:99): pid=4690 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/48/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 77.770364][ T56] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 77.812563][ T4690] BTRFS info (device loop0): balance: start -s [pid 4689] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4690] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4690] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4689] <... futex resumed>) = 0 [pid 4689] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4690] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 4689] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4690] <... ioctl resumed>) = 0 [pid 4690] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4689] <... futex resumed>) = 0 [pid 4690] <... futex resumed>) = 1 [pid 4689] exit_group(0 [pid 4690] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4689] <... exit_group resumed>) = ? [pid 4690] +++ exited with 0 +++ [pid 4689] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4689, si_uid=0, si_status=0, si_utime=1, si_stime=29} --- umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./48/binderfs") = 0 [ 77.820007][ T4690] BTRFS info (device loop0): relocating block group 1048576 flags system [ 77.840539][ T4690] BTRFS info (device loop0): balance: ended with status: 0 umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./48/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4709 ./strace-static-x86_64: Process 4709 attached [pid 4709] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4709] chdir("./49") = 0 [pid 4709] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4709] setpgid(0, 0) = 0 [pid 4709] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4709] write(3, "1000", 4) = 4 [pid 4709] close(3) = 0 [pid 4709] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4709] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4709] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4709] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4709] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4710 attached [pid 4710] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4710] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4709] <... clone resumed>, parent_tid=[4710], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4710 [pid 4709] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4710] <... futex resumed>) = 0 [pid 4709] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4710] memfd_create("syzkaller", 0) = 3 [pid 4710] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4710] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4710] munmap(0x7fdb59200000, 16777216) = 0 [pid 4710] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4710] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4710] close(3) = 0 [pid 4710] mkdir("./file0", 0777) = 0 [ 78.148042][ T4710] loop0: detected capacity change from 0 to 32768 [ 78.161392][ T4710] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 78.170718][ T4710] BTRFS info (device loop0): force clearing of disk cache [ 78.177964][ T4710] BTRFS info (device loop0): setting nodatasum [ 78.184194][ T4710] BTRFS info (device loop0): allowing degraded mounts [ 78.191070][ T4710] BTRFS info (device loop0): enabling disk space caching [ 78.198240][ T4710] BTRFS info (device loop0): disk space caching is enabled [ 78.217716][ T4710] BTRFS info (device loop0): enabling ssd optimizations [ 78.225395][ T4710] BTRFS info (device loop0): clearing free space tree [ 78.232401][ T4710] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 4710] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4710] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4710] chdir("./file0") = 0 [pid 4710] ioctl(4, LOOP_CLR_FD) = 0 [pid 4710] close(4) = 0 [pid 4710] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4710] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4709] <... futex resumed>) = 0 [pid 4709] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4709] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4710] <... futex resumed>) = 0 [pid 4710] open("./file0", O_RDONLY) = 4 [pid 4710] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4709] <... futex resumed>) = 0 [pid 4709] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4709] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 78.242123][ T4710] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 78.256254][ T4710] BTRFS info (device loop0): checking UUID tree [pid 4710] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 4710] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4709] <... futex resumed>) = 0 [pid 4710] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 4709] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4709] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4710] <... ioctl resumed>) = 0 [pid 4710] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4709] <... futex resumed>) = 0 [pid 4709] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4710] creat("./bus", 000 [pid 4709] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4710] <... creat resumed>) = 6 [pid 4710] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4709] <... futex resumed>) = 0 [pid 4710] <... futex resumed>) = 1 [pid 4709] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4709] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4710] ftruncate(6, 2048) = 0 [pid 4710] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4709] <... futex resumed>) = 0 [pid 4709] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4709] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 78.293788][ T27] audit: type=1800 audit(1670043458.795:100): pid=4710 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 4710] open("./bus", O_RDONLY) = 7 [pid 4710] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4709] <... futex resumed>) = 0 [pid 4710] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4709] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4710] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4709] <... futex resumed>) = 0 [pid 4710] sendfile(6, 7, NULL, 65536 [pid 4709] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4710] <... sendfile resumed>) = 2048 [pid 4710] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4709] <... futex resumed>) = 0 [pid 4710] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 4709] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4710] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 4709] <... futex resumed>) = 0 [pid 4710] <... openat resumed>) = 8 [pid 4709] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4710] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4709] <... futex resumed>) = 0 [pid 4710] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4709] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4710] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4709] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 78.338013][ T27] audit: type=1804 audit(1670043458.845:101): pid=4710 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/49/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 78.362358][ T56] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 4710] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 4709] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 4709] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4709] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 4709] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4709] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4730], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 4730 [pid 4709] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4709] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4710] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 ./strace-static-x86_64: Process 4730 attached [pid 4730] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 4730] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 4710] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 78.387709][ T4710] BTRFS info (device loop0): balance: start -s [ 78.395947][ T4710] BTRFS info (device loop0): relocating block group 1048576 flags system [ 78.423293][ T4710] BTRFS info (device loop0): balance: ended with status: 0 [pid 4710] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4730] <... ioctl resumed>) = 0 [pid 4730] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4709] <... futex resumed>) = 0 [pid 4709] exit_group(0) = ? [pid 4710] <... futex resumed>) = ? [pid 4730] +++ exited with 0 +++ [pid 4710] +++ exited with 0 +++ [pid 4709] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4709, si_uid=0, si_status=0, si_utime=3, si_stime=23} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./49/binderfs") = 0 umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./49/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4731 ./strace-static-x86_64: Process 4731 attached [pid 4731] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4731] chdir("./50") = 0 [pid 4731] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4731] setpgid(0, 0) = 0 [pid 4731] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4731] write(3, "1000", 4) = 4 [pid 4731] close(3) = 0 [pid 4731] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4731] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4731] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4731] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4731] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4732 attached , parent_tid=[4732], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4732 [pid 4732] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4732] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4731] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4732] <... futex resumed>) = 0 [pid 4732] memfd_create("syzkaller", 0) = 3 [pid 4732] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4731] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4732] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4732] munmap(0x7fdb59200000, 16777216) = 0 [pid 4732] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4732] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4732] close(3) = 0 [pid 4732] mkdir("./file0", 0777) = 0 [ 78.745872][ T4732] loop0: detected capacity change from 0 to 32768 [ 78.758479][ T4732] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 78.767761][ T4732] BTRFS info (device loop0): force clearing of disk cache [ 78.775051][ T4732] BTRFS info (device loop0): setting nodatasum [ 78.781690][ T4732] BTRFS info (device loop0): allowing degraded mounts [ 78.788716][ T4732] BTRFS info (device loop0): enabling disk space caching [ 78.795748][ T4732] BTRFS info (device loop0): disk space caching is enabled [ 78.812969][ T4732] BTRFS info (device loop0): enabling ssd optimizations [ 78.821154][ T4732] BTRFS info (device loop0): clearing free space tree [ 78.828302][ T4732] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 4732] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4732] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4732] chdir("./file0") = 0 [pid 4732] ioctl(4, LOOP_CLR_FD) = 0 [pid 4732] close(4) = 0 [pid 4732] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4731] <... futex resumed>) = 0 [pid 4732] open("./file0", O_RDONLY [pid 4731] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4731] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4732] <... open resumed>) = 4 [pid 4732] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4731] <... futex resumed>) = 0 [pid 4731] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4731] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4732] <... futex resumed>) = 1 [ 78.838183][ T4732] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 78.851854][ T4732] BTRFS info (device loop0): checking UUID tree [pid 4732] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 4732] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4731] <... futex resumed>) = 0 [pid 4732] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4731] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4732] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4731] <... futex resumed>) = 0 [pid 4732] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 4731] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4732] <... ioctl resumed>) = 0 [pid 4732] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4731] <... futex resumed>) = 0 [pid 4732] creat("./bus", 000 [pid 4731] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4732] <... creat resumed>) = 6 [pid 4731] <... futex resumed>) = 0 [pid 4732] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4731] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4732] <... futex resumed>) = 0 [pid 4731] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4732] ftruncate(6, 2048 [pid 4731] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4732] <... ftruncate resumed>) = 0 [pid 4731] <... futex resumed>) = 0 [pid 4732] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4731] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4732] <... futex resumed>) = 0 [pid 4731] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4732] open("./bus", O_RDONLY [pid 4731] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4732] <... open resumed>) = 7 [pid 4731] <... futex resumed>) = 0 [pid 4732] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4731] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4732] <... futex resumed>) = 0 [pid 4731] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4732] sendfile(6, 7, NULL, 65536 [pid 4731] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4732] <... sendfile resumed>) = 2048 [pid 4731] <... futex resumed>) = 0 [pid 4732] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4731] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4732] <... futex resumed>) = 0 [pid 4731] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4732] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 4731] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4732] <... openat resumed>) = 8 [pid 4731] <... futex resumed>) = 0 [pid 4732] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4731] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4732] <... futex resumed>) = 0 [pid 4731] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4732] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 4731] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 78.886279][ T27] audit: type=1800 audit(1670043459.385:102): pid=4732 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 4731] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 4731] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4731] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 4731] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4731] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4752], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 4752 [pid 4731] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4731] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4752 attached [pid 4752] set_robust_list(0x7fdb617d59e0, 24) = 0 [ 78.925679][ T27] audit: type=1804 audit(1670043459.425:103): pid=4732 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/50/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 78.948824][ T56] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 78.953737][ T4732] BTRFS info (device loop0): balance: start -s [ 78.965795][ T4732] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 4752] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 4752] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4731] <... futex resumed>) = 0 [pid 4752] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4732] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4732] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4732] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4731] exit_group(0 [pid 4752] <... futex resumed>) = ? [pid 4731] <... exit_group resumed>) = ? [pid 4752] +++ exited with 0 +++ [pid 4732] <... futex resumed>) = ? [pid 4732] +++ exited with 0 +++ [pid 4731] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4731, si_uid=0, si_status=0, si_utime=1, si_stime=30} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./50/binderfs") = 0 [ 79.004301][ T4732] BTRFS info (device loop0): balance: ended with status: 0 umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./50/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./50/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./50") = 0 mkdir("./51", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4753 ./strace-static-x86_64: Process 4753 attached [pid 4753] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4753] chdir("./51") = 0 [pid 4753] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4753] setpgid(0, 0) = 0 [pid 4753] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4753] write(3, "1000", 4) = 4 [pid 4753] close(3) = 0 [pid 4753] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4753] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4753] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4753] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4753] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4754], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4754 ./strace-static-x86_64: Process 4754 attached [pid 4754] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4754] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4753] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4754] <... futex resumed>) = 0 [pid 4753] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4754] memfd_create("syzkaller", 0) = 3 [pid 4754] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4754] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4754] munmap(0x7fdb59200000, 16777216) = 0 [pid 4754] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4754] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4754] close(3) = 0 [pid 4754] mkdir("./file0", 0777) = 0 [ 79.353102][ T4754] loop0: detected capacity change from 0 to 32768 [ 79.365074][ T4754] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 79.374742][ T4754] BTRFS info (device loop0): force clearing of disk cache [ 79.382150][ T4754] BTRFS info (device loop0): setting nodatasum [ 79.388508][ T4754] BTRFS info (device loop0): allowing degraded mounts [ 79.395274][ T4754] BTRFS info (device loop0): enabling disk space caching [ 79.402670][ T4754] BTRFS info (device loop0): disk space caching is enabled [ 79.421662][ T4754] BTRFS info (device loop0): enabling ssd optimizations [ 79.429512][ T4754] BTRFS info (device loop0): clearing free space tree [ 79.436392][ T4754] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 4754] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4754] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4754] chdir("./file0") = 0 [pid 4754] ioctl(4, LOOP_CLR_FD) = 0 [pid 4754] close(4) = 0 [pid 4754] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4754] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4753] <... futex resumed>) = 0 [pid 4753] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4754] <... futex resumed>) = 0 [pid 4753] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4754] open("./file0", O_RDONLY) = 4 [pid 4754] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4753] <... futex resumed>) = 0 [pid 4754] <... futex resumed>) = 1 [pid 4753] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4753] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4754] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 4754] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4753] <... futex resumed>) = 0 [ 79.446608][ T4754] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 4753] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4753] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4754] <... futex resumed>) = 1 [pid 4754] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 4754] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4753] <... futex resumed>) = 0 [pid 4754] <... futex resumed>) = 1 [pid 4753] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4754] creat("./bus", 000 [pid 4753] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4754] <... creat resumed>) = 6 [pid 4754] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4753] <... futex resumed>) = 0 [pid 4754] <... futex resumed>) = 1 [pid 4753] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4754] ftruncate(6, 2048 [pid 4753] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4754] <... ftruncate resumed>) = 0 [pid 4754] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4753] <... futex resumed>) = 0 [pid 4754] <... futex resumed>) = 1 [pid 4753] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4753] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4754] open("./bus", O_RDONLY) = 7 [pid 4754] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4753] <... futex resumed>) = 0 [pid 4754] <... futex resumed>) = 1 [pid 4753] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4753] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4754] sendfile(6, 7, NULL, 65536) = 2048 [pid 4754] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4754] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4753] <... futex resumed>) = 0 [pid 4753] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4754] <... futex resumed>) = 0 [pid 4753] <... futex resumed>) = 1 [pid 4753] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4754] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 4754] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4754] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4753] <... futex resumed>) = 0 [pid 4753] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4754] <... futex resumed>) = 0 [pid 4754] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 4753] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4754] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4754] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4754] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4753] <... futex resumed>) = 0 [pid 4753] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4754] <... futex resumed>) = 0 [pid 4754] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 4753] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4754] <... ioctl resumed>) = 0 [pid 4754] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4753] <... futex resumed>) = 0 [pid 4753] exit_group(0) = ? [pid 4754] <... futex resumed>) = ? [pid 4754] +++ exited with 0 +++ [pid 4753] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4753, si_uid=0, si_status=0, si_utime=0, si_stime=30} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./51/binderfs") = 0 umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./51/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./51/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./51") = 0 mkdir("./52", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4774 ./strace-static-x86_64: Process 4774 attached [pid 4774] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4774] chdir("./52") = 0 [pid 4774] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4774] setpgid(0, 0) = 0 [pid 4774] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4774] write(3, "1000", 4) = 4 [pid 4774] close(3) = 0 [pid 4774] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4774] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4774] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4774] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4774] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4775 attached , parent_tid=[4775], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4775 [pid 4774] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4774] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4775] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4775] memfd_create("syzkaller", 0) = 3 [pid 4775] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4775] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4775] munmap(0x7fdb59200000, 16777216) = 0 [pid 4775] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4775] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4775] close(3) = 0 [pid 4775] mkdir("./file0", 0777) = 0 [pid 4775] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4775] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4775] chdir("./file0") = 0 [pid 4775] ioctl(4, LOOP_CLR_FD) = 0 [pid 4775] close(4) = 0 [pid 4775] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4774] <... futex resumed>) = 0 [pid 4774] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4774] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4775] <... futex resumed>) = 1 [pid 4775] open("./file0", O_RDONLY) = 4 [pid 4775] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4774] <... futex resumed>) = 0 [pid 4774] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4774] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4775] <... futex resumed>) = 1 [pid 4775] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 4775] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4774] <... futex resumed>) = 0 [pid 4774] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4774] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4775] <... futex resumed>) = 1 [pid 4775] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 4775] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4774] <... futex resumed>) = 0 [pid 4774] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4774] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4775] <... futex resumed>) = 1 [ 79.891011][ T4775] loop0: detected capacity change from 0 to 32768 [pid 4775] creat("./bus", 000) = 6 [pid 4775] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4774] <... futex resumed>) = 0 [pid 4774] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4774] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4775] <... futex resumed>) = 1 [pid 4775] ftruncate(6, 2048) = 0 [pid 4775] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4774] <... futex resumed>) = 0 [pid 4774] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4774] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4775] <... futex resumed>) = 1 [pid 4775] open("./bus", O_RDONLY) = 7 [pid 4775] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4774] <... futex resumed>) = 0 [pid 4774] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4774] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4775] <... futex resumed>) = 1 [pid 4775] sendfile(6, 7, NULL, 65536) = 2048 [pid 4775] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4774] <... futex resumed>) = 0 [pid 4774] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4774] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4775] <... futex resumed>) = 1 [pid 4775] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 4775] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4774] <... futex resumed>) = 0 [pid 4774] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4774] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4775] <... futex resumed>) = 1 [pid 4775] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4775] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4774] <... futex resumed>) = 0 [pid 4774] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4774] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4775] <... futex resumed>) = 1 [pid 4775] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 4775] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4774] <... futex resumed>) = 0 [pid 4774] exit_group(0) = ? [pid 4775] <... futex resumed>) = ? [pid 4775] +++ exited with 0 +++ [pid 4774] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4774, si_uid=0, si_status=0, si_utime=2, si_stime=18} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./52/binderfs") = 0 umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./52/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./52/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./52") = 0 mkdir("./53", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4795 ./strace-static-x86_64: Process 4795 attached [pid 4795] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4795] chdir("./53") = 0 [pid 4795] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4795] setpgid(0, 0) = 0 [pid 4795] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4795] write(3, "1000", 4) = 4 [pid 4795] close(3) = 0 [pid 4795] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4795] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4795] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4795] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4795] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4796], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4796 [pid 4795] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4795] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4796 attached [pid 4796] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4796] memfd_create("syzkaller", 0) = 3 [pid 4796] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4796] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4796] munmap(0x7fdb59200000, 16777216) = 0 [pid 4796] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4796] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4796] close(3) = 0 [pid 4796] mkdir("./file0", 0777) = 0 [pid 4796] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4796] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4796] chdir("./file0") = 0 [pid 4796] ioctl(4, LOOP_CLR_FD) = 0 [pid 4796] close(4) = 0 [pid 4796] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4795] <... futex resumed>) = 0 [pid 4795] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4795] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4796] <... futex resumed>) = 1 [pid 4796] open("./file0", O_RDONLY) = 4 [pid 4796] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4795] <... futex resumed>) = 0 [pid 4795] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4795] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4796] <... futex resumed>) = 1 [pid 4796] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 4796] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4795] <... futex resumed>) = 0 [pid 4795] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4795] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4796] <... futex resumed>) = 1 [ 80.352830][ T4796] loop0: detected capacity change from 0 to 32768 [pid 4796] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 4796] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4795] <... futex resumed>) = 0 [pid 4795] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4795] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4796] <... futex resumed>) = 1 [pid 4796] creat("./bus", 000) = 6 [pid 4796] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4795] <... futex resumed>) = 0 [pid 4795] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4795] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4796] <... futex resumed>) = 1 [pid 4796] ftruncate(6, 2048) = 0 [pid 4796] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4795] <... futex resumed>) = 0 [pid 4795] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4795] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4796] <... futex resumed>) = 1 [pid 4796] open("./bus", O_RDONLY) = 7 [pid 4796] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4795] <... futex resumed>) = 0 [pid 4795] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4795] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4796] <... futex resumed>) = 1 [pid 4796] sendfile(6, 7, NULL, 65536) = 2048 [pid 4796] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4795] <... futex resumed>) = 0 [pid 4795] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4795] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4796] <... futex resumed>) = 1 [pid 4796] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 4796] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4795] <... futex resumed>) = 0 [pid 4795] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4795] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4796] <... futex resumed>) = 1 [pid 4796] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4796] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4795] <... futex resumed>) = 0 [pid 4795] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4795] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4796] <... futex resumed>) = 1 [pid 4796] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 4796] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4795] <... futex resumed>) = 0 [pid 4795] exit_group(0) = ? [pid 4796] <... futex resumed>) = ? [pid 4796] +++ exited with 0 +++ [pid 4795] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4795, si_uid=0, si_status=0, si_utime=1, si_stime=22} --- umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./53/binderfs") = 0 umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./53/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./53/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./53") = 0 mkdir("./54", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4816 ./strace-static-x86_64: Process 4816 attached [pid 4816] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4816] chdir("./54") = 0 [pid 4816] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4816] setpgid(0, 0) = 0 [pid 4816] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4816] write(3, "1000", 4) = 4 [pid 4816] close(3) = 0 [pid 4816] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4816] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4816] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4816] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4816] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4817], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4817 [pid 4816] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4816] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4817 attached [pid 4817] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4817] memfd_create("syzkaller", 0) = 3 [pid 4817] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4817] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4817] munmap(0x7fdb59200000, 16777216) = 0 [pid 4817] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4817] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4817] close(3) = 0 [pid 4817] mkdir("./file0", 0777) = 0 [pid 4817] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4817] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4817] chdir("./file0") = 0 [pid 4817] ioctl(4, LOOP_CLR_FD) = 0 [pid 4817] close(4) = 0 [pid 4817] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4816] <... futex resumed>) = 0 [pid 4816] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4816] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4817] <... futex resumed>) = 1 [pid 4817] open("./file0", O_RDONLY) = 4 [pid 4817] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4816] <... futex resumed>) = 0 [pid 4816] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4816] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4817] <... futex resumed>) = 1 [pid 4817] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 4817] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4816] <... futex resumed>) = 0 [pid 4816] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4816] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4817] <... futex resumed>) = 1 [ 80.826175][ T4817] loop0: detected capacity change from 0 to 32768 [pid 4817] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 4817] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4816] <... futex resumed>) = 0 [pid 4816] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4816] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4817] <... futex resumed>) = 1 [pid 4817] creat("./bus", 000) = 6 [pid 4817] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4816] <... futex resumed>) = 0 [pid 4816] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4816] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4817] <... futex resumed>) = 1 [pid 4817] ftruncate(6, 2048) = 0 [pid 4817] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4816] <... futex resumed>) = 0 [pid 4816] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4816] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4817] <... futex resumed>) = 1 [pid 4817] open("./bus", O_RDONLY) = 7 [pid 4817] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4816] <... futex resumed>) = 0 [pid 4816] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4816] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4817] <... futex resumed>) = 1 [pid 4817] sendfile(6, 7, NULL, 65536) = 2048 [pid 4817] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4816] <... futex resumed>) = 0 [pid 4816] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4816] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4817] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 4817] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4816] <... futex resumed>) = 0 [pid 4816] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4816] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4817] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 4816] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 4816] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 4816] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 4816] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4816] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 4816] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4816] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4837], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 4837 [pid 4816] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 80.910932][ T9] _btrfs_printk: 46 callbacks suppressed [ 80.910949][ T9] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 80.927033][ T4817] BTRFS info (device loop0): balance: start -s [ 80.936058][ T4817] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 4816] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4837 attached [pid 4837] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 4837] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 4817] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4817] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4837] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4817] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4816] <... futex resumed>) = 0 [pid 4816] exit_group(0) = ? [pid 4837] <... futex resumed>) = ? [pid 4817] <... futex resumed>) = ? [pid 4837] +++ exited with 0 +++ [pid 4817] +++ exited with 0 +++ [pid 4816] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4816, si_uid=0, si_status=0, si_utime=2, si_stime=20} --- umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./54/binderfs") = 0 [ 80.967736][ T4817] BTRFS info (device loop0): balance: ended with status: 0 umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./54/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./54/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./54") = 0 mkdir("./55", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4838 ./strace-static-x86_64: Process 4838 attached [pid 4838] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4838] chdir("./55") = 0 [pid 4838] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4838] setpgid(0, 0) = 0 [pid 4838] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4838] write(3, "1000", 4) = 4 [pid 4838] close(3) = 0 [pid 4838] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4838] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4838] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4838] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4838] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4839], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4839 [pid 4838] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4838] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4839 attached [pid 4839] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4839] memfd_create("syzkaller", 0) = 3 [pid 4839] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4839] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4839] munmap(0x7fdb59200000, 16777216) = 0 [pid 4839] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4839] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4839] close(3) = 0 [pid 4839] mkdir("./file0", 0777) = 0 [ 81.303212][ T4839] loop0: detected capacity change from 0 to 32768 [ 81.317792][ T4839] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 81.327087][ T4839] BTRFS info (device loop0): force clearing of disk cache [ 81.334283][ T4839] BTRFS info (device loop0): setting nodatasum [ 81.340507][ T4839] BTRFS info (device loop0): allowing degraded mounts [ 81.347503][ T4839] BTRFS info (device loop0): enabling disk space caching [ 81.354532][ T4839] BTRFS info (device loop0): disk space caching is enabled [ 81.371961][ T4839] BTRFS info (device loop0): enabling ssd optimizations [ 81.379692][ T4839] BTRFS info (device loop0): clearing free space tree [ 81.386566][ T4839] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 4839] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4839] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4839] chdir("./file0") = 0 [pid 4839] ioctl(4, LOOP_CLR_FD) = 0 [pid 4839] close(4) = 0 [pid 4839] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4838] <... futex resumed>) = 0 [pid 4839] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4838] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4839] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4838] <... futex resumed>) = 0 [pid 4839] open("./file0", O_RDONLY) = 4 [pid 4838] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4839] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4838] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4839] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4838] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4839] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4838] <... futex resumed>) = 0 [pid 4839] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 4838] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4839] <... open resumed>) = 5 [pid 4839] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4838] <... futex resumed>) = 0 [pid 4839] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4838] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4839] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4838] <... futex resumed>) = 0 [pid 4839] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 4838] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4839] <... ioctl resumed>) = 0 [pid 4839] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4838] <... futex resumed>) = 0 [pid 4839] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4838] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4839] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4838] <... futex resumed>) = 0 [pid 4839] creat("./bus", 000 [pid 4838] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4839] <... creat resumed>) = 6 [pid 4839] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4838] <... futex resumed>) = 0 [pid 4838] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 81.396721][ T4839] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 81.410955][ T4839] BTRFS info (device loop0): checking UUID tree [pid 4838] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4839] ftruncate(6, 2048) = 0 [pid 4839] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4838] <... futex resumed>) = 0 [pid 4839] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4838] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4839] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4838] <... futex resumed>) = 0 [pid 4839] open("./bus", O_RDONLY [pid 4838] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4839] <... open resumed>) = 7 [pid 4839] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4839] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4838] <... futex resumed>) = 0 [pid 4838] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4839] <... futex resumed>) = 0 [pid 4838] <... futex resumed>) = 1 [pid 4839] sendfile(6, 7, NULL, 65536 [pid 4838] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4839] <... sendfile resumed>) = 2048 [pid 4839] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4838] <... futex resumed>) = 0 [pid 4839] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 4838] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4839] <... openat resumed>) = 8 [pid 4838] <... futex resumed>) = 0 [pid 4838] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4839] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4838] <... futex resumed>) = 0 [pid 4839] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 4838] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 81.456123][ T9] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 81.479144][ T4839] BTRFS info (device loop0): balance: start -s [ 81.486911][ T4839] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 4838] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4839] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4839] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4839] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4838] <... futex resumed>) = 0 [pid 4838] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4838] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4839] <... futex resumed>) = 0 [pid 4839] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 4839] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4838] <... futex resumed>) = 0 [pid 4839] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4838] exit_group(0 [pid 4839] <... futex resumed>) = ? [pid 4838] <... exit_group resumed>) = ? [pid 4839] +++ exited with 0 +++ [pid 4838] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4838, si_uid=0, si_status=0, si_utime=2, si_stime=28} --- umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./55/binderfs") = 0 [ 81.509890][ T4839] BTRFS info (device loop0): balance: ended with status: 0 umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./55/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./55/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./55") = 0 mkdir("./56", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4860 ./strace-static-x86_64: Process 4860 attached [pid 4860] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4860] chdir("./56") = 0 [pid 4860] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4860] setpgid(0, 0) = 0 [pid 4860] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4860] write(3, "1000", 4) = 4 [pid 4860] close(3) = 0 [pid 4860] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4860] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4860] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4860] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4860] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4861 attached , parent_tid=[4861], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4861 [pid 4861] set_robust_list(0x7fdb617f69e0, 24 [pid 4860] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4861] <... set_robust_list resumed>) = 0 [pid 4860] <... futex resumed>) = 0 [pid 4860] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4861] memfd_create("syzkaller", 0) = 3 [pid 4861] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4861] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4861] munmap(0x7fdb59200000, 16777216) = 0 [pid 4861] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4861] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4861] close(3) = 0 [pid 4861] mkdir("./file0", 0777) = 0 [ 81.839831][ T4861] loop0: detected capacity change from 0 to 32768 [ 81.853089][ T4861] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 81.862378][ T4861] BTRFS info (device loop0): force clearing of disk cache [ 81.870108][ T4861] BTRFS info (device loop0): setting nodatasum [ 81.876283][ T4861] BTRFS info (device loop0): allowing degraded mounts [ 81.883241][ T4861] BTRFS info (device loop0): enabling disk space caching [ 81.890459][ T4861] BTRFS info (device loop0): disk space caching is enabled [ 81.909195][ T4861] BTRFS info (device loop0): enabling ssd optimizations [ 81.916982][ T4861] BTRFS info (device loop0): clearing free space tree [ 81.924233][ T4861] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 4861] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4861] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4861] chdir("./file0") = 0 [pid 4861] ioctl(4, LOOP_CLR_FD) = 0 [pid 4861] close(4) = 0 [pid 4861] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4860] <... futex resumed>) = 0 [pid 4860] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4860] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4861] <... futex resumed>) = 1 [pid 4861] open("./file0", O_RDONLY) = 4 [pid 4861] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4860] <... futex resumed>) = 0 [pid 4860] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4861] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 4860] <... futex resumed>) = 0 [ 81.934185][ T4861] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 81.947944][ T4861] BTRFS info (device loop0): checking UUID tree [pid 4860] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4861] <... open resumed>) = 5 [pid 4861] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4860] <... futex resumed>) = 0 [pid 4861] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4860] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4861] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4860] <... futex resumed>) = 0 [pid 4861] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 4860] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4861] <... ioctl resumed>) = 0 [pid 4861] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4860] <... futex resumed>) = 0 [pid 4861] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4860] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4861] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4860] <... futex resumed>) = 0 [pid 4861] creat("./bus", 000 [pid 4860] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4861] <... creat resumed>) = 6 [pid 4861] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4860] <... futex resumed>) = 0 [pid 4861] ftruncate(6, 2048 [pid 4860] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4861] <... ftruncate resumed>) = 0 [pid 4860] <... futex resumed>) = 0 [pid 4861] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4860] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4861] <... futex resumed>) = 0 [pid 4860] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4861] open("./bus", O_RDONLY [pid 4860] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4861] <... open resumed>) = 7 [pid 4860] <... futex resumed>) = 0 [pid 4861] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4860] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4861] <... futex resumed>) = 0 [pid 4860] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4861] sendfile(6, 7, NULL, 65536 [pid 4860] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4861] <... sendfile resumed>) = 2048 [pid 4860] <... futex resumed>) = 0 [pid 4861] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4860] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4861] <... futex resumed>) = 0 [pid 4860] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4861] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 4860] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4861] <... openat resumed>) = 8 [pid 4860] <... futex resumed>) = 0 [pid 4861] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4860] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4861] <... futex resumed>) = 0 [pid 4860] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 81.989514][ T27] kauditd_printk_skb: 10 callbacks suppressed [ 81.989528][ T27] audit: type=1800 audit(1670043462.495:114): pid=4861 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 82.024308][ T56] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 4861] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 4860] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4860] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 4860] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4860] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [ 82.038267][ T27] audit: type=1804 audit(1670043462.515:115): pid=4861 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/56/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 82.069917][ T4861] BTRFS info (device loop0): balance: start -s [ 82.078980][ T4861] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 4860] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4860] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4881], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 4881 [pid 4860] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4860] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4881 attached [pid 4881] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 4881] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 4881] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4861] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4881] <... futex resumed>) = 1 [pid 4861] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4860] <... futex resumed>) = 0 [pid 4881] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4861] <... futex resumed>) = 0 [pid 4860] exit_group(0 [pid 4881] <... futex resumed>) = ? [pid 4860] <... exit_group resumed>) = ? [pid 4881] +++ exited with 0 +++ [pid 4861] +++ exited with 0 +++ [pid 4860] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4860, si_uid=0, si_status=0, si_utime=6, si_stime=29} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./56/binderfs") = 0 [ 82.125549][ T4861] BTRFS info (device loop0): balance: ended with status: 0 umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./56/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./56/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./56") = 0 mkdir("./57", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4882 ./strace-static-x86_64: Process 4882 attached [pid 4882] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4882] chdir("./57") = 0 [pid 4882] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4882] setpgid(0, 0) = 0 [pid 4882] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4882] write(3, "1000", 4) = 4 [pid 4882] close(3) = 0 [pid 4882] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4882] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4882] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4882] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4882] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4883 attached , parent_tid=[4883], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4883 [pid 4883] set_robust_list(0x7fdb617f69e0, 24 [pid 4882] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4883] <... set_robust_list resumed>) = 0 [pid 4882] <... futex resumed>) = 0 [pid 4883] memfd_create("syzkaller", 0 [pid 4882] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4883] <... memfd_create resumed>) = 3 [pid 4883] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4883] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4883] munmap(0x7fdb59200000, 16777216) = 0 [pid 4883] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4883] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4883] close(3) = 0 [pid 4883] mkdir("./file0", 0777) = 0 [ 82.437881][ T4883] loop0: detected capacity change from 0 to 32768 [ 82.449619][ T4883] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 82.458994][ T4883] BTRFS info (device loop0): force clearing of disk cache [ 82.466105][ T4883] BTRFS info (device loop0): setting nodatasum [ 82.472323][ T4883] BTRFS info (device loop0): allowing degraded mounts [ 82.479165][ T4883] BTRFS info (device loop0): enabling disk space caching [ 82.486182][ T4883] BTRFS info (device loop0): disk space caching is enabled [ 82.504399][ T4883] BTRFS info (device loop0): enabling ssd optimizations [ 82.512129][ T4883] BTRFS info (device loop0): clearing free space tree [ 82.519486][ T4883] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 4883] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4883] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4883] chdir("./file0") = 0 [pid 4883] ioctl(4, LOOP_CLR_FD) = 0 [pid 4883] close(4) = 0 [pid 4883] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4882] <... futex resumed>) = 0 [pid 4882] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4882] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4883] <... futex resumed>) = 1 [pid 4883] open("./file0", O_RDONLY) = 4 [pid 4883] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4882] <... futex resumed>) = 0 [pid 4883] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 4882] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 82.529483][ T4883] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 82.542673][ T4883] BTRFS info (device loop0): checking UUID tree [pid 4882] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4883] <... open resumed>) = 5 [pid 4883] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4883] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4882] <... futex resumed>) = 0 [pid 4882] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4883] <... futex resumed>) = 0 [pid 4882] <... futex resumed>) = 1 [pid 4883] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 4882] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4883] <... ioctl resumed>) = 0 [pid 4883] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4882] <... futex resumed>) = 0 [pid 4883] <... futex resumed>) = 1 [pid 4882] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4883] creat("./bus", 000 [pid 4882] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4883] <... creat resumed>) = 6 [pid 4883] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4882] <... futex resumed>) = 0 [pid 4883] ftruncate(6, 2048 [pid 4882] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4882] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4883] <... ftruncate resumed>) = 0 [pid 4883] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4882] <... futex resumed>) = 0 [pid 4882] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4883] open("./bus", O_RDONLY [pid 4882] <... futex resumed>) = 0 [pid 4882] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4883] <... open resumed>) = 7 [pid 4883] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4882] <... futex resumed>) = 0 [pid 4883] sendfile(6, 7, NULL, 65536 [pid 4882] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4882] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4883] <... sendfile resumed>) = 2048 [ 82.585353][ T27] audit: type=1800 audit(1670043463.085:116): pid=4883 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 4883] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4882] <... futex resumed>) = 0 [pid 4882] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4883] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 4882] <... futex resumed>) = 0 [pid 4882] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4883] <... openat resumed>) = 8 [pid 4883] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4882] <... futex resumed>) = 0 [pid 4882] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4883] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 4882] <... futex resumed>) = 0 [ 82.632632][ T33] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 82.650252][ T4883] BTRFS info (device loop0): balance: start -s [ 82.667692][ T4883] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 4882] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 4882] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4882] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 4882] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4882] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4903], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 4903 [pid 4882] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4882] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4903 attached [pid 4903] set_robust_list(0x7fdb617d59e0, 24) = 0 [ 82.677359][ T27] audit: type=1804 audit(1670043463.135:117): pid=4883 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/57/file0/bus" dev="loop0" ino=263 res=1 errno=0 [pid 4903] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 4903] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4882] <... futex resumed>) = 0 [pid 4903] <... futex resumed>) = 1 [pid 4903] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4883] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4883] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4882] exit_group(0 [pid 4903] <... futex resumed>) = ? [pid 4882] <... exit_group resumed>) = ? [pid 4903] +++ exited with 0 +++ [pid 4883] +++ exited with 0 +++ [pid 4882] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4882, si_uid=0, si_status=0, si_utime=1, si_stime=28} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./57/binderfs") = 0 [ 82.744690][ T4883] BTRFS info (device loop0): balance: ended with status: 0 umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./57/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./57/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./57") = 0 mkdir("./58", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4904 ./strace-static-x86_64: Process 4904 attached [pid 4904] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4904] chdir("./58") = 0 [pid 4904] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4904] setpgid(0, 0) = 0 [pid 4904] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4904] write(3, "1000", 4) = 4 [pid 4904] close(3) = 0 [pid 4904] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4904] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4904] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4904] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4904] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4905], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4905 [pid 4904] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4904] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4905 attached [pid 4905] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4905] memfd_create("syzkaller", 0) = 3 [pid 4905] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4905] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4905] munmap(0x7fdb59200000, 16777216) = 0 [pid 4905] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4905] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4905] close(3) = 0 [pid 4905] mkdir("./file0", 0777) = 0 [ 83.065767][ T4905] loop0: detected capacity change from 0 to 32768 [ 83.079525][ T4905] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 83.088823][ T4905] BTRFS info (device loop0): force clearing of disk cache [ 83.095955][ T4905] BTRFS info (device loop0): setting nodatasum [ 83.102250][ T4905] BTRFS info (device loop0): allowing degraded mounts [ 83.109106][ T4905] BTRFS info (device loop0): enabling disk space caching [ 83.116133][ T4905] BTRFS info (device loop0): disk space caching is enabled [ 83.135306][ T4905] BTRFS info (device loop0): enabling ssd optimizations [ 83.143384][ T4905] BTRFS info (device loop0): clearing free space tree [ 83.150590][ T4905] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 4905] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4905] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4905] chdir("./file0") = 0 [pid 4905] ioctl(4, LOOP_CLR_FD) = 0 [pid 4905] close(4) = 0 [pid 4905] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4904] <... futex resumed>) = 0 [pid 4905] open("./file0", O_RDONLY [pid 4904] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4905] <... open resumed>) = 4 [pid 4904] <... futex resumed>) = 0 [pid 4905] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4904] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4905] <... futex resumed>) = 0 [pid 4904] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4905] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 4904] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 83.160570][ T4905] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 83.174783][ T4905] BTRFS info (device loop0): checking UUID tree [pid 4904] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4905] <... open resumed>) = 5 [pid 4905] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4904] <... futex resumed>) = 0 [pid 4905] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4904] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4905] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4904] <... futex resumed>) = 0 [pid 4905] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 4904] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4905] <... ioctl resumed>) = 0 [pid 4905] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4904] <... futex resumed>) = 0 [pid 4905] creat("./bus", 000 [pid 4904] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4905] <... creat resumed>) = 6 [pid 4904] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4905] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4904] <... futex resumed>) = 0 [pid 4905] ftruncate(6, 2048 [pid 4904] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4905] <... ftruncate resumed>) = 0 [pid 4904] <... futex resumed>) = 0 [pid 4905] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4904] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4905] <... futex resumed>) = 0 [pid 4904] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4905] open("./bus", O_RDONLY [pid 4904] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4905] <... open resumed>) = 7 [pid 4904] <... futex resumed>) = 0 [pid 4905] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4904] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4905] <... futex resumed>) = 0 [pid 4904] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4905] sendfile(6, 7, NULL, 65536 [pid 4904] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4905] <... sendfile resumed>) = 2048 [pid 4904] <... futex resumed>) = 0 [pid 4905] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4904] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4905] <... futex resumed>) = 0 [pid 4904] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4905] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 4904] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4905] <... openat resumed>) = 8 [pid 4904] <... futex resumed>) = 0 [pid 4904] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4905] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4904] <... futex resumed>) = 0 [pid 4904] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4904] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4905] <... futex resumed>) = 1 [ 83.205461][ T27] audit: type=1800 audit(1670043463.705:118): pid=4905 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 83.236222][ T27] audit: type=1804 audit(1670043463.735:119): pid=4905 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/58/file0/bus" dev="loop0" ino=263 res=1 errno=0 [pid 4905] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 4904] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 4904] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 4904] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4904] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 4904] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4904] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4925], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 4925 [pid 4904] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4904] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4925 attached [pid 4925] set_robust_list(0x7fdb617d59e0, 24) = 0 [ 83.262582][ T33] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 83.274430][ T4905] BTRFS info (device loop0): balance: start -s [ 83.282790][ T4905] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 4925] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 4925] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4904] <... futex resumed>) = 0 [pid 4925] <... futex resumed>) = 1 [pid 4925] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4905] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4905] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4905] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4904] exit_group(0 [pid 4925] <... futex resumed>) = ? [pid 4904] <... exit_group resumed>) = ? [pid 4925] +++ exited with 0 +++ [pid 4905] <... futex resumed>) = ? [pid 4905] +++ exited with 0 +++ [pid 4904] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4904, si_uid=0, si_status=0, si_utime=2, si_stime=24} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./58", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./58/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./58/binderfs") = 0 [ 83.335433][ T4905] BTRFS info (device loop0): balance: ended with status: 0 umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./58/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./58/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./58") = 0 mkdir("./59", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4926 ./strace-static-x86_64: Process 4926 attached [pid 4926] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4926] chdir("./59") = 0 [pid 4926] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4926] setpgid(0, 0) = 0 [pid 4926] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4926] write(3, "1000", 4) = 4 [pid 4926] close(3) = 0 [pid 4926] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4926] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4926] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4926] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4926] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4927], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4927 [pid 4926] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4926] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4927 attached [pid 4927] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4927] memfd_create("syzkaller", 0) = 3 [pid 4927] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4927] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4927] munmap(0x7fdb59200000, 16777216) = 0 [pid 4927] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4927] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4927] close(3) = 0 [pid 4927] mkdir("./file0", 0777) = 0 [ 83.635367][ T4927] loop0: detected capacity change from 0 to 32768 [ 83.648726][ T4927] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 83.658114][ T4927] BTRFS info (device loop0): force clearing of disk cache [ 83.665228][ T4927] BTRFS info (device loop0): setting nodatasum [ 83.671635][ T4927] BTRFS info (device loop0): allowing degraded mounts [ 83.678621][ T4927] BTRFS info (device loop0): enabling disk space caching [ 83.685656][ T4927] BTRFS info (device loop0): disk space caching is enabled [ 83.705905][ T4927] BTRFS info (device loop0): enabling ssd optimizations [ 83.713822][ T4927] BTRFS info (device loop0): clearing free space tree [ 83.720766][ T4927] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 4927] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4927] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4927] chdir("./file0") = 0 [pid 4927] ioctl(4, LOOP_CLR_FD) = 0 [pid 4927] close(4) = 0 [pid 4927] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4926] <... futex resumed>) = 0 [pid 4926] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4927] open("./file0", O_RDONLY [pid 4926] <... futex resumed>) = 0 [pid 4927] <... open resumed>) = 4 [pid 4926] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4927] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4926] <... futex resumed>) = 0 [ 83.730514][ T4927] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 83.744132][ T4927] BTRFS info (device loop0): checking UUID tree [pid 4926] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4927] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 4926] <... futex resumed>) = 0 [pid 4926] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4927] <... open resumed>) = 5 [pid 4927] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4926] <... futex resumed>) = 0 [pid 4927] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 4926] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4926] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4927] <... ioctl resumed>) = 0 [pid 4927] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4926] <... futex resumed>) = 0 [pid 4926] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4927] creat("./bus", 000 [pid 4926] <... futex resumed>) = 0 [pid 4926] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4927] <... creat resumed>) = 6 [pid 4927] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4926] <... futex resumed>) = 0 [pid 4927] ftruncate(6, 2048 [pid 4926] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4926] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4927] <... ftruncate resumed>) = 0 [pid 4927] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4926] <... futex resumed>) = 0 [pid 4927] open("./bus", O_RDONLY [pid 4926] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4926] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4927] <... open resumed>) = 7 [pid 4927] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4926] <... futex resumed>) = 0 [pid 4927] sendfile(6, 7, NULL, 65536 [ 83.771476][ T27] audit: type=1800 audit(1670043464.275:120): pid=4927 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 4926] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4926] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4927] <... sendfile resumed>) = 2048 [pid 4927] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4927] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4926] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4926] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4927] <... futex resumed>) = 0 [pid 4926] <... futex resumed>) = 1 [pid 4927] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 4926] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4927] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4927] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4926] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4926] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4927] <... futex resumed>) = 0 [pid 4926] <... futex resumed>) = 1 [pid 4927] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 83.814385][ T27] audit: type=1804 audit(1670043464.315:121): pid=4927 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/59/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 83.827319][ T33] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 83.855704][ T4927] BTRFS info (device loop0): balance: start -s [ 83.863993][ T4927] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 4926] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 4927] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4926] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4927] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4926] <... futex resumed>) = 0 [pid 4927] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4926] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 4926] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4926] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4947 attached , parent_tid=[4947], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 4947 [pid 4947] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 4947] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4926] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4926] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4947] <... futex resumed>) = 0 [pid 4947] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 4947] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4947] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4926] <... futex resumed>) = 0 [pid 4926] exit_group(0 [pid 4927] <... futex resumed>) = ? [pid 4926] <... exit_group resumed>) = ? [pid 4927] +++ exited with 0 +++ [pid 4947] <... futex resumed>) = ? [pid 4947] +++ exited with 0 +++ [pid 4926] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4926, si_uid=0, si_status=0, si_utime=3, si_stime=29} --- umount2("./59", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 83.891921][ T4927] BTRFS info (device loop0): balance: ended with status: 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./59/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./59/binderfs") = 0 umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./59/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./59/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./59") = 0 mkdir("./60", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4948 ./strace-static-x86_64: Process 4948 attached [pid 4948] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4948] chdir("./60") = 0 [pid 4948] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4948] setpgid(0, 0) = 0 [pid 4948] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4948] write(3, "1000", 4) = 4 [pid 4948] close(3) = 0 [pid 4948] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4948] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4948] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4948] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4948] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4949], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4949 ./strace-static-x86_64: Process 4949 attached [pid 4949] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4949] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4948] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4949] <... futex resumed>) = 0 [pid 4948] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4949] memfd_create("syzkaller", 0) = 3 [pid 4949] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4949] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4949] munmap(0x7fdb59200000, 16777216) = 0 [pid 4949] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4949] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4949] close(3) = 0 [pid 4949] mkdir("./file0", 0777) = 0 [ 84.242126][ T4949] loop0: detected capacity change from 0 to 32768 [ 84.256009][ T4949] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 84.265320][ T4949] BTRFS info (device loop0): force clearing of disk cache [ 84.272474][ T4949] BTRFS info (device loop0): setting nodatasum [ 84.278676][ T4949] BTRFS info (device loop0): allowing degraded mounts [ 84.285447][ T4949] BTRFS info (device loop0): enabling disk space caching [ 84.292522][ T4949] BTRFS info (device loop0): disk space caching is enabled [ 84.312604][ T4949] BTRFS info (device loop0): enabling ssd optimizations [ 84.320599][ T4949] BTRFS info (device loop0): clearing free space tree [ 84.327483][ T4949] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 4949] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4949] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4949] chdir("./file0") = 0 [pid 4949] ioctl(4, LOOP_CLR_FD) = 0 [pid 4949] close(4) = 0 [pid 4949] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4948] <... futex resumed>) = 0 [pid 4949] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 4948] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4949] open("./file0", O_RDONLY) = 4 [pid 4948] <... futex resumed>) = 0 [pid 4949] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4948] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4949] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4948] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4948] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4949] <... futex resumed>) = 0 [pid 4948] <... futex resumed>) = 1 [pid 4949] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [ 84.337125][ T4949] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 84.350602][ T4949] BTRFS info (device loop0): checking UUID tree [pid 4948] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4949] <... open resumed>) = 5 [pid 4949] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4948] <... futex resumed>) = 0 [pid 4949] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4948] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4949] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4948] <... futex resumed>) = 0 [pid 4949] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 4948] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4949] <... ioctl resumed>) = 0 [pid 4949] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4948] <... futex resumed>) = 0 [pid 4949] creat("./bus", 000 [pid 4948] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4948] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4949] <... creat resumed>) = 6 [pid 4949] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4948] <... futex resumed>) = 0 [pid 4949] ftruncate(6, 2048 [pid 4948] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4949] <... ftruncate resumed>) = 0 [pid 4948] <... futex resumed>) = 0 [pid 4949] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4948] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4949] <... futex resumed>) = 0 [pid 4948] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4949] open("./bus", O_RDONLY [pid 4948] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4949] <... open resumed>) = 7 [pid 4948] <... futex resumed>) = 0 [pid 4949] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4948] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4949] <... futex resumed>) = 0 [pid 4948] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4949] sendfile(6, 7, NULL, 65536 [pid 4948] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4949] <... sendfile resumed>) = 2048 [pid 4948] <... futex resumed>) = 0 [pid 4949] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4948] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4949] <... futex resumed>) = 0 [pid 4948] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4949] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 4948] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4949] <... openat resumed>) = 8 [pid 4948] <... futex resumed>) = 0 [pid 4948] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4949] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4948] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4949] <... futex resumed>) = 0 [pid 4948] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4949] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 4948] <... futex resumed>) = 0 [ 84.383623][ T27] audit: type=1800 audit(1670043464.885:122): pid=4949 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 4948] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 4948] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4948] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 4948] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4948] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4969], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 4969 [pid 4948] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4948] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4969 attached [pid 4969] set_robust_list(0x7fdb617d59e0, 24) = 0 [ 84.413652][ T27] audit: type=1804 audit(1670043464.915:123): pid=4949 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/60/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 84.427973][ T33] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 84.451388][ T4949] BTRFS info (device loop0): balance: start -s [ 84.460038][ T4949] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 4969] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 4969] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4948] <... futex resumed>) = 0 [pid 4969] <... futex resumed>) = 1 [pid 4969] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4949] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4949] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4949] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4948] exit_group(0 [pid 4969] <... futex resumed>) = ? [pid 4949] <... futex resumed>) = ? [pid 4948] <... exit_group resumed>) = ? [pid 4969] +++ exited with 0 +++ [pid 4949] +++ exited with 0 +++ [pid 4948] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4948, si_uid=0, si_status=0, si_utime=2, si_stime=28} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./60", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./60/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./60/binderfs") = 0 [ 84.529423][ T4949] BTRFS info (device loop0): balance: ended with status: 0 umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./60/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./60/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./60") = 0 mkdir("./61", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4970 ./strace-static-x86_64: Process 4970 attached [pid 4970] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4970] chdir("./61") = 0 [pid 4970] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4970] setpgid(0, 0) = 0 [pid 4970] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4970] write(3, "1000", 4) = 4 [pid 4970] close(3) = 0 [pid 4970] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4970] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4970] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4970] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4970] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4971 attached , parent_tid=[4971], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4971 [pid 4970] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4970] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4971] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4971] memfd_create("syzkaller", 0) = 3 [pid 4971] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4971] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4971] munmap(0x7fdb59200000, 16777216) = 0 [pid 4971] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4971] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4971] close(3) = 0 [pid 4971] mkdir("./file0", 0777) = 0 [ 84.834230][ T4971] loop0: detected capacity change from 0 to 32768 [ 84.847593][ T4971] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 84.856841][ T4971] BTRFS info (device loop0): force clearing of disk cache [ 84.864240][ T4971] BTRFS info (device loop0): setting nodatasum [ 84.870707][ T4971] BTRFS info (device loop0): allowing degraded mounts [pid 4971] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4971] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4971] chdir("./file0") = 0 [pid 4971] ioctl(4, LOOP_CLR_FD) = 0 [pid 4971] close(4) = 0 [pid 4971] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4970] <... futex resumed>) = 0 [pid 4970] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4970] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4971] <... futex resumed>) = 1 [pid 4971] open("./file0", O_RDONLY) = 4 [pid 4971] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4970] <... futex resumed>) = 0 [pid 4970] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4970] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4971] <... futex resumed>) = 1 [pid 4971] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 4971] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4970] <... futex resumed>) = 0 [pid 4970] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4970] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4971] <... futex resumed>) = 1 [pid 4971] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 4971] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4970] <... futex resumed>) = 0 [pid 4970] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4970] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4971] <... futex resumed>) = 1 [pid 4971] creat("./bus", 000) = 6 [pid 4971] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4970] <... futex resumed>) = 0 [pid 4970] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4970] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4971] <... futex resumed>) = 1 [pid 4971] ftruncate(6, 2048) = 0 [pid 4971] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4970] <... futex resumed>) = 0 [pid 4970] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4970] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4971] <... futex resumed>) = 1 [pid 4971] open("./bus", O_RDONLY) = 7 [pid 4971] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4970] <... futex resumed>) = 0 [pid 4970] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4970] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4971] <... futex resumed>) = 1 [pid 4971] sendfile(6, 7, NULL, 65536) = 2048 [pid 4971] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4970] <... futex resumed>) = 0 [pid 4970] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4970] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4971] <... futex resumed>) = 1 [pid 4971] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 4971] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4970] <... futex resumed>) = 0 [pid 4970] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4970] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4971] <... futex resumed>) = 1 [ 84.877953][ T4971] BTRFS info (device loop0): enabling disk space caching [ 84.885002][ T4971] BTRFS info (device loop0): disk space caching is enabled [pid 4971] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4971] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4970] <... futex resumed>) = 0 [pid 4971] <... futex resumed>) = 1 [pid 4970] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4971] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 4970] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4971] <... ioctl resumed>) = 0 [pid 4971] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4970] <... futex resumed>) = 0 [pid 4971] <... futex resumed>) = 1 [pid 4970] exit_group(0 [pid 4971] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4970] <... exit_group resumed>) = ? [pid 4971] <... futex resumed>) = ? [pid 4971] +++ exited with 0 +++ [pid 4970] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4970, si_uid=0, si_status=0, si_utime=2, si_stime=19} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./61", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./61/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./61/binderfs") = 0 umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./61/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./61/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./61") = 0 mkdir("./62", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 4991 ./strace-static-x86_64: Process 4991 attached [pid 4991] set_robust_list(0x55555746f5e0, 24) = 0 [pid 4991] chdir("./62") = 0 [pid 4991] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4991] setpgid(0, 0) = 0 [pid 4991] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4991] write(3, "1000", 4) = 4 [pid 4991] close(3) = 0 [pid 4991] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4991] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4991] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 4991] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4991] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4992], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 4992 [pid 4991] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4991] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4992 attached [pid 4992] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 4992] memfd_create("syzkaller", 0) = 3 [pid 4992] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 4992] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4992] munmap(0x7fdb59200000, 16777216) = 0 [pid 4992] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4992] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4992] close(3) = 0 [pid 4992] mkdir("./file0", 0777) = 0 [pid 4992] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 4992] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4992] chdir("./file0") = 0 [pid 4992] ioctl(4, LOOP_CLR_FD) = 0 [pid 4992] close(4) = 0 [pid 4992] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4991] <... futex resumed>) = 0 [pid 4992] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4991] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4991] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4992] <... futex resumed>) = 0 [pid 4992] open("./file0", O_RDONLY) = 4 [pid 4992] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4991] <... futex resumed>) = 0 [pid 4991] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4992] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 4991] <... futex resumed>) = 0 [ 85.290994][ T4992] loop0: detected capacity change from 0 to 32768 [pid 4991] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4992] <... open resumed>) = 5 [pid 4992] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4991] <... futex resumed>) = 0 [pid 4991] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4991] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4992] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 4992] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4992] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4991] <... futex resumed>) = 0 [pid 4991] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4992] <... futex resumed>) = 0 [pid 4991] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4992] creat("./bus", 000) = 6 [pid 4992] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4991] <... futex resumed>) = 0 [pid 4992] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 4991] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4992] ftruncate(6, 2048 [pid 4991] <... futex resumed>) = 0 [pid 4992] <... ftruncate resumed>) = 0 [pid 4991] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4992] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 4991] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4992] <... futex resumed>) = 0 [pid 4991] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4991] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4992] open("./bus", O_RDONLY) = 7 [pid 4992] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4991] <... futex resumed>) = 0 [pid 4992] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4991] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4992] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4991] <... futex resumed>) = 0 [pid 4992] sendfile(6, 7, NULL, 65536 [pid 4991] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4992] <... sendfile resumed>) = 2048 [pid 4992] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4991] <... futex resumed>) = 0 [pid 4992] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4991] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4992] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4991] <... futex resumed>) = 0 [pid 4992] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 4991] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4992] <... openat resumed>) = 8 [pid 4992] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4991] <... futex resumed>) = 0 [pid 4992] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4991] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4992] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4991] <... futex resumed>) = 0 [pid 4992] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 4991] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4992] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 4992] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4991] <... futex resumed>) = 0 [pid 4992] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4991] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4992] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4991] <... futex resumed>) = 0 [pid 4992] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 4991] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4992] <... ioctl resumed>) = 0 [pid 4992] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4991] <... futex resumed>) = 0 [pid 4992] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4991] exit_group(0 [pid 4992] <... futex resumed>) = ? [pid 4991] <... exit_group resumed>) = ? [pid 4992] +++ exited with 0 +++ [pid 4991] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4991, si_uid=0, si_status=0, si_utime=2, si_stime=17} --- umount2("./62", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./62/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./62/binderfs") = 0 umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./62/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./62/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./62") = 0 mkdir("./63", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 5012 ./strace-static-x86_64: Process 5012 attached [pid 5012] set_robust_list(0x55555746f5e0, 24) = 0 [pid 5012] chdir("./63") = 0 [pid 5012] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5012] setpgid(0, 0) = 0 [pid 5012] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5012] write(3, "1000", 4) = 4 [pid 5012] close(3) = 0 [pid 5012] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5012] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5012] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 5012] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5012] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5013 attached , parent_tid=[5013], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 5013 [pid 5012] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5012] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5013] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 5013] memfd_create("syzkaller", 0) = 3 [pid 5013] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 5013] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5013] munmap(0x7fdb59200000, 16777216) = 0 [pid 5013] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5013] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5013] close(3) = 0 [pid 5013] mkdir("./file0", 0777) = 0 [pid 5013] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5013] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5013] chdir("./file0") = 0 [pid 5013] ioctl(4, LOOP_CLR_FD) = 0 [pid 5013] close(4) = 0 [pid 5013] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5012] <... futex resumed>) = 0 [pid 5012] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5012] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5013] <... futex resumed>) = 1 [pid 5013] open("./file0", O_RDONLY) = 4 [pid 5013] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5012] <... futex resumed>) = 0 [pid 5012] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5012] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5013] <... futex resumed>) = 1 [pid 5013] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5013] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5012] <... futex resumed>) = 0 [pid 5012] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5012] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5013] <... futex resumed>) = 1 [ 85.727009][ T5013] loop0: detected capacity change from 0 to 32768 [pid 5013] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5013] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5012] <... futex resumed>) = 0 [pid 5012] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5012] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5013] <... futex resumed>) = 1 [pid 5013] creat("./bus", 000) = 6 [pid 5013] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5012] <... futex resumed>) = 0 [pid 5012] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5012] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5013] <... futex resumed>) = 1 [pid 5013] ftruncate(6, 2048) = 0 [pid 5013] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5012] <... futex resumed>) = 0 [pid 5012] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5012] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5013] <... futex resumed>) = 1 [pid 5013] open("./bus", O_RDONLY) = 7 [pid 5013] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5012] <... futex resumed>) = 0 [pid 5012] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5012] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5013] <... futex resumed>) = 1 [pid 5013] sendfile(6, 7, NULL, 65536) = 2048 [pid 5013] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5012] <... futex resumed>) = 0 [pid 5012] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5012] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5013] <... futex resumed>) = 1 [pid 5013] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 5013] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5012] <... futex resumed>) = 0 [pid 5012] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5012] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5013] <... futex resumed>) = 1 [pid 5013] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5013] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5012] <... futex resumed>) = 0 [pid 5012] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5012] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5013] <... futex resumed>) = 1 [pid 5013] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 5013] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5012] <... futex resumed>) = 0 [pid 5012] exit_group(0) = ? [pid 5013] <... futex resumed>) = ? [pid 5013] +++ exited with 0 +++ [pid 5012] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5012, si_uid=0, si_status=0, si_utime=2, si_stime=19} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./63", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./63/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./63/binderfs") = 0 umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./63/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./63/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./63") = 0 mkdir("./64", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 5033 ./strace-static-x86_64: Process 5033 attached [pid 5033] set_robust_list(0x55555746f5e0, 24) = 0 [pid 5033] chdir("./64") = 0 [pid 5033] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5033] setpgid(0, 0) = 0 [pid 5033] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5033] write(3, "1000", 4) = 4 [pid 5033] close(3) = 0 [pid 5033] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5033] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5033] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 5033] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5033] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5034], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 5034 ./strace-static-x86_64: Process 5034 attached [pid 5033] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5033] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5034] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 5034] memfd_create("syzkaller", 0) = 3 [pid 5034] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 5034] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5034] munmap(0x7fdb59200000, 16777216) = 0 [pid 5034] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5034] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5034] close(3) = 0 [pid 5034] mkdir("./file0", 0777) = 0 [ 86.172908][ T5034] loop0: detected capacity change from 0 to 32768 [ 86.186498][ T5034] _btrfs_printk: 39 callbacks suppressed [ 86.186513][ T5034] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 86.201533][ T5034] BTRFS info (device loop0): force clearing of disk cache [ 86.208705][ T5034] BTRFS info (device loop0): setting nodatasum [ 86.214866][ T5034] BTRFS info (device loop0): allowing degraded mounts [ 86.221701][ T5034] BTRFS info (device loop0): enabling disk space caching [ 86.228751][ T5034] BTRFS info (device loop0): disk space caching is enabled [ 86.248563][ T5034] BTRFS info (device loop0): enabling ssd optimizations [ 86.256228][ T5034] BTRFS info (device loop0): clearing free space tree [ 86.263476][ T5034] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5034] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5034] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5034] chdir("./file0") = 0 [pid 5034] ioctl(4, LOOP_CLR_FD) = 0 [pid 5034] close(4) = 0 [pid 5034] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5033] <... futex resumed>) = 0 [pid 5033] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5034] <... futex resumed>) = 1 [pid 5033] <... futex resumed>) = 0 [pid 5033] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5034] open("./file0", O_RDONLY) = 4 [pid 5034] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5033] <... futex resumed>) = 0 [pid 5033] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5033] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5034] <... futex resumed>) = 1 [pid 5034] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5034] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5033] <... futex resumed>) = 0 [pid 5034] <... futex resumed>) = 1 [pid 5033] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5033] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 86.273422][ T5034] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 86.286612][ T5034] BTRFS info (device loop0): checking UUID tree [pid 5034] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5034] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5033] <... futex resumed>) = 0 [pid 5034] creat("./bus", 000 [pid 5033] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5033] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5034] <... creat resumed>) = 6 [pid 5034] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5033] <... futex resumed>) = 0 [pid 5033] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5033] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5034] ftruncate(6, 2048) = 0 [pid 5034] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5033] <... futex resumed>) = 0 [pid 5034] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5033] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5033] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5034] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5034] open("./bus", O_RDONLY) = 7 [pid 5034] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5033] <... futex resumed>) = 0 [pid 5033] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5033] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5034] sendfile(6, 7, NULL, 65536) = 2048 [pid 5034] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5033] <... futex resumed>) = 0 [pid 5034] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5033] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5034] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5033] <... futex resumed>) = 0 [pid 5034] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 5033] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5034] <... openat resumed>) = 8 [pid 5034] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5033] <... futex resumed>) = 0 [pid 5033] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5033] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 86.342691][ T33] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 86.368269][ T5034] BTRFS info (device loop0): balance: start -s [ 86.376824][ T5034] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5034] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5033] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5033] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5033] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 5033] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5033] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5054], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 5054 [pid 5033] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5033] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5054 attached [pid 5054] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 5054] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 5034] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5034] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5034] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5054] <... ioctl resumed>) = 0 [pid 5054] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5033] <... futex resumed>) = 0 [pid 5033] exit_group(0 [pid 5034] <... futex resumed>) = ? [pid 5033] <... exit_group resumed>) = ? [pid 5034] +++ exited with 0 +++ [pid 5054] <... futex resumed>) = ? [pid 5054] +++ exited with 0 +++ [pid 5033] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5033, si_uid=0, si_status=0, si_utime=0, si_stime=32} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./64", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./64/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./64/binderfs") = 0 [ 86.406885][ T5034] BTRFS info (device loop0): balance: ended with status: 0 umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./64/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./64/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./64") = 0 mkdir("./65", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 5055 ./strace-static-x86_64: Process 5055 attached [pid 5055] set_robust_list(0x55555746f5e0, 24) = 0 [pid 5055] chdir("./65") = 0 [pid 5055] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5055] setpgid(0, 0) = 0 [pid 5055] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5055] write(3, "1000", 4) = 4 [pid 5055] close(3) = 0 [pid 5055] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5055] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5055] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 5055] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5055] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5056], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 5056 ./strace-static-x86_64: Process 5056 attached [pid 5055] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5056] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 5055] <... futex resumed>) = 0 [pid 5056] memfd_create("syzkaller", 0 [pid 5055] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5056] <... memfd_create resumed>) = 3 [pid 5056] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 5056] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5056] munmap(0x7fdb59200000, 16777216) = 0 [pid 5056] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5056] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5056] close(3) = 0 [pid 5056] mkdir("./file0", 0777) = 0 [ 86.759966][ T5056] loop0: detected capacity change from 0 to 32768 [ 86.771561][ T5056] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 86.781131][ T5056] BTRFS info (device loop0): force clearing of disk cache [ 86.788710][ T5056] BTRFS info (device loop0): setting nodatasum [ 86.794881][ T5056] BTRFS info (device loop0): allowing degraded mounts [ 86.801720][ T5056] BTRFS info (device loop0): enabling disk space caching [ 86.808803][ T5056] BTRFS info (device loop0): disk space caching is enabled [ 86.828427][ T5056] BTRFS info (device loop0): enabling ssd optimizations [ 86.836207][ T5056] BTRFS info (device loop0): clearing free space tree [ 86.843469][ T5056] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5056] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5056] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5056] chdir("./file0") = 0 [pid 5056] ioctl(4, LOOP_CLR_FD) = 0 [pid 5056] close(4) = 0 [pid 5056] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5055] <... futex resumed>) = 0 [pid 5055] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5055] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5056] open("./file0", O_RDONLY) = 4 [pid 5056] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5055] <... futex resumed>) = 0 [pid 5055] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5056] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5055] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5056] <... open resumed>) = 5 [pid 5056] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5055] <... futex resumed>) = 0 [pid 5056] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5055] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5055] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5056] <... ioctl resumed>) = 0 [pid 5056] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5056] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5055] <... futex resumed>) = 0 [pid 5055] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5055] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5056] <... futex resumed>) = 0 [pid 5056] creat("./bus", 000) = 6 [pid 5056] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5055] <... futex resumed>) = 0 [pid 5056] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5055] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5055] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5056] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5056] ftruncate(6, 2048) = 0 [pid 5056] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5055] <... futex resumed>) = 0 [pid 5056] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5055] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5056] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5055] <... futex resumed>) = 0 [pid 5056] open("./bus", O_RDONLY [pid 5055] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5056] <... open resumed>) = 7 [pid 5056] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5055] <... futex resumed>) = 0 [pid 5056] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5055] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5056] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5055] <... futex resumed>) = 0 [pid 5056] sendfile(6, 7, NULL, 65536 [pid 5055] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5056] <... sendfile resumed>) = 2048 [pid 5056] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5055] <... futex resumed>) = 0 [pid 5056] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 5055] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 86.853439][ T5056] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 86.866734][ T5056] BTRFS info (device loop0): checking UUID tree [pid 5055] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5056] <... openat resumed>) = 8 [pid 5056] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5056] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5055] <... futex resumed>) = 0 [pid 5055] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5055] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5056] <... futex resumed>) = 0 [ 86.916383][ T33] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 86.937126][ T5056] BTRFS info (device loop0): balance: start -s [ 86.945894][ T5056] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5056] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5055] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5055] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5055] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 5055] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5055] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5076 attached , parent_tid=[5076], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 5076 [pid 5076] set_robust_list(0x7fdb617d59e0, 24 [pid 5055] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5076] <... set_robust_list resumed>) = 0 [pid 5055] <... futex resumed>) = 0 [pid 5076] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [ 86.975928][ T5056] BTRFS info (device loop0): balance: ended with status: 0 [pid 5055] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5076] <... ioctl resumed>) = 0 [pid 5076] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5076] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5056] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5055] <... futex resumed>) = 0 [pid 5056] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5056] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5055] exit_group(0 [pid 5076] <... futex resumed>) = ? [pid 5055] <... exit_group resumed>) = ? [pid 5056] <... futex resumed>) = ? [pid 5076] +++ exited with 0 +++ [pid 5056] +++ exited with 0 +++ [pid 5055] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5055, si_uid=0, si_status=0, si_utime=2, si_stime=32} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./65", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./65/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./65/binderfs") = 0 umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./65/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./65/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./65") = 0 mkdir("./66", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 5078 ./strace-static-x86_64: Process 5078 attached [pid 5078] set_robust_list(0x55555746f5e0, 24) = 0 [pid 5078] chdir("./66") = 0 [pid 5078] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5078] setpgid(0, 0) = 0 [pid 5078] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5078] write(3, "1000", 4) = 4 [pid 5078] close(3) = 0 [pid 5078] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5078] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5078] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 5078] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5078] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5079 attached [pid 5079] set_robust_list(0x7fdb617f69e0, 24 [pid 5078] <... clone resumed>, parent_tid=[5079], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 5079 [pid 5079] <... set_robust_list resumed>) = 0 [pid 5079] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5078] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5079] <... futex resumed>) = 0 [pid 5078] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5079] memfd_create("syzkaller", 0) = 3 [pid 5079] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 5079] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5079] munmap(0x7fdb59200000, 16777216) = 0 [pid 5079] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5079] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5079] close(3) = 0 [pid 5079] mkdir("./file0", 0777) = 0 [ 87.333442][ T5079] loop0: detected capacity change from 0 to 32768 [ 87.345733][ T5079] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 87.355433][ T5079] BTRFS info (device loop0): force clearing of disk cache [ 87.362868][ T5079] BTRFS info (device loop0): setting nodatasum [ 87.369439][ T5079] BTRFS info (device loop0): allowing degraded mounts [ 87.376213][ T5079] BTRFS info (device loop0): enabling disk space caching [ 87.383885][ T5079] BTRFS info (device loop0): disk space caching is enabled [ 87.402668][ T5079] BTRFS info (device loop0): enabling ssd optimizations [ 87.410567][ T5079] BTRFS info (device loop0): clearing free space tree [ 87.417465][ T5079] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5079] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5079] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5079] chdir("./file0") = 0 [pid 5079] ioctl(4, LOOP_CLR_FD) = 0 [pid 5079] close(4) = 0 [pid 5079] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5079] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5078] <... futex resumed>) = 0 [pid 5078] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5078] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] <... futex resumed>) = 0 [pid 5079] open("./file0", O_RDONLY) = 4 [pid 5079] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5078] <... futex resumed>) = 0 [pid 5079] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5078] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 87.427110][ T5079] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 87.440355][ T5079] BTRFS info (device loop0): checking UUID tree [ 87.471349][ T27] kauditd_printk_skb: 10 callbacks suppressed [pid 5078] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] <... open resumed>) = 5 [pid 5079] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5078] <... futex resumed>) = 0 [pid 5078] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5078] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] <... futex resumed>) = 1 [pid 5079] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5079] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5078] <... futex resumed>) = 0 [pid 5079] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5078] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5078] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5079] creat("./bus", 000) = 6 [pid 5079] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5078] <... futex resumed>) = 0 [pid 5078] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5078] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] ftruncate(6, 2048) = 0 [pid 5079] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5078] <... futex resumed>) = 0 [pid 5079] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5078] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5078] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 87.471362][ T27] audit: type=1800 audit(1670043467.975:134): pid=5079 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 87.509956][ T9] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 5079] open("./bus", O_RDONLY) = 7 [pid 5079] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5078] <... futex resumed>) = 0 [pid 5078] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5078] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] sendfile(6, 7, NULL, 65536) = 2048 [pid 5079] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5078] <... futex resumed>) = 0 [pid 5078] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5078] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 5079] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5078] <... futex resumed>) = 0 [pid 5079] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5078] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5079] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5079] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 87.528761][ T27] audit: type=1804 audit(1670043468.035:135): pid=5079 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/66/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 87.568723][ T5079] BTRFS info (device loop0): balance: start -s [pid 5078] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5078] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5078] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 5078] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5078] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5099], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 5099 [pid 5078] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5078] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5099 attached [pid 5099] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 5099] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 5079] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5079] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5079] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5099] <... ioctl resumed>) = 0 [pid 5099] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5078] <... futex resumed>) = 0 [pid 5078] exit_group(0) = ? [pid 5079] <... futex resumed>) = ? [pid 5079] +++ exited with 0 +++ [pid 5099] +++ exited with 0 +++ [pid 5078] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5078, si_uid=0, si_status=0, si_utime=2, si_stime=25} --- umount2("./66", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./66/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./66/binderfs") = 0 [ 87.577676][ T5079] BTRFS info (device loop0): relocating block group 1048576 flags system [ 87.603591][ T5079] BTRFS info (device loop0): balance: ended with status: 0 umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./66/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./66/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./66") = 0 mkdir("./67", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 5100 ./strace-static-x86_64: Process 5100 attached [pid 5100] set_robust_list(0x55555746f5e0, 24) = 0 [pid 5100] chdir("./67") = 0 [pid 5100] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5100] setpgid(0, 0) = 0 [pid 5100] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5100] write(3, "1000", 4) = 4 [pid 5100] close(3) = 0 [pid 5100] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5100] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5100] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 5100] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5100] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5101 attached , parent_tid=[5101], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 5101 [pid 5101] set_robust_list(0x7fdb617f69e0, 24 [pid 5100] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5101] <... set_robust_list resumed>) = 0 [pid 5100] <... futex resumed>) = 0 [pid 5101] memfd_create("syzkaller", 0 [pid 5100] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5101] <... memfd_create resumed>) = 3 [pid 5101] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 5101] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5101] munmap(0x7fdb59200000, 16777216) = 0 [pid 5101] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5101] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5101] close(3) = 0 [pid 5101] mkdir("./file0", 0777) = 0 [ 87.936601][ T5101] loop0: detected capacity change from 0 to 32768 [ 87.951398][ T5101] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 87.960893][ T5101] BTRFS info (device loop0): force clearing of disk cache [ 87.968149][ T5101] BTRFS info (device loop0): setting nodatasum [ 87.974385][ T5101] BTRFS info (device loop0): allowing degraded mounts [ 87.981287][ T5101] BTRFS info (device loop0): enabling disk space caching [ 87.988347][ T5101] BTRFS info (device loop0): disk space caching is enabled [ 88.006821][ T5101] BTRFS info (device loop0): enabling ssd optimizations [ 88.014761][ T5101] BTRFS info (device loop0): clearing free space tree [ 88.021644][ T5101] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5101] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5101] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5101] chdir("./file0") = 0 [pid 5101] ioctl(4, LOOP_CLR_FD) = 0 [pid 5101] close(4) = 0 [pid 5101] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5100] <... futex resumed>) = 0 [pid 5100] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5100] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5101] open("./file0", O_RDONLY) = 4 [pid 5101] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5100] <... futex resumed>) = 0 [pid 5100] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5100] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 88.031356][ T5101] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 88.044725][ T5101] BTRFS info (device loop0): checking UUID tree [pid 5101] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5101] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5100] <... futex resumed>) = 0 [pid 5101] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5100] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5100] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5101] <... ioctl resumed>) = 0 [pid 5101] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5100] <... futex resumed>) = 0 [pid 5100] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5101] <... futex resumed>) = 1 [pid 5100] <... futex resumed>) = 0 [pid 5101] creat("./bus", 000 [pid 5100] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5101] <... creat resumed>) = 6 [pid 5101] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5100] <... futex resumed>) = 0 [pid 5100] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5100] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5101] <... futex resumed>) = 1 [pid 5101] ftruncate(6, 2048) = 0 [pid 5101] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5100] <... futex resumed>) = 0 [pid 5100] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5101] <... futex resumed>) = 1 [pid 5100] <... futex resumed>) = 0 [pid 5101] open("./bus", O_RDONLY [ 88.076888][ T27] audit: type=1800 audit(1670043468.575:136): pid=5101 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5100] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5101] <... open resumed>) = 7 [pid 5101] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5100] <... futex resumed>) = 0 [pid 5101] <... futex resumed>) = 1 [pid 5100] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5101] sendfile(6, 7, NULL, 65536 [pid 5100] <... futex resumed>) = 0 [pid 5101] <... sendfile resumed>) = 2048 [pid 5100] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5101] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5100] <... futex resumed>) = 0 [pid 5101] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 5100] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5101] <... openat resumed>) = 8 [pid 5100] <... futex resumed>) = 0 [pid 5100] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5101] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5100] <... futex resumed>) = 0 [pid 5101] <... futex resumed>) = 1 [pid 5100] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5101] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5100] <... futex resumed>) = 0 [ 88.129338][ T27] audit: type=1804 audit(1670043468.635:137): pid=5101 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/67/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 88.149428][ T9] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 88.164137][ T5101] BTRFS info (device loop0): balance: start -s [pid 5100] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5100] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5100] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 5100] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5100] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5121], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 5121 [pid 5100] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5100] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5121 attached [pid 5121] set_robust_list(0x7fdb617d59e0, 24) = 0 [ 88.172809][ T5101] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5121] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 5100] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5121] <... ioctl resumed>) = 0 [pid 5121] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5121] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5101] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5101] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5101] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5100] exit_group(0) = ? [pid 5121] <... futex resumed>) = ? [pid 5121] +++ exited with 0 +++ [pid 5101] <... futex resumed>) = ? [pid 5101] +++ exited with 0 +++ [pid 5100] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5100, si_uid=0, si_status=0, si_utime=3, si_stime=28} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./67", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./67/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./67/binderfs") = 0 [ 88.217492][ T5101] BTRFS info (device loop0): balance: ended with status: 0 umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./67/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./67/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./67") = 0 mkdir("./68", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 5122 ./strace-static-x86_64: Process 5122 attached [pid 5122] set_robust_list(0x55555746f5e0, 24) = 0 [pid 5122] chdir("./68") = 0 [pid 5122] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5122] setpgid(0, 0) = 0 [pid 5122] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5122] write(3, "1000", 4) = 4 [pid 5122] close(3) = 0 [pid 5122] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5122] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 5122] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5122] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5123 attached , parent_tid=[5123], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 5123 [pid 5123] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 5122] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5123] memfd_create("syzkaller", 0) = 3 [pid 5123] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 5123] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5123] munmap(0x7fdb59200000, 16777216) = 0 [pid 5123] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5123] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5123] close(3) = 0 [pid 5123] mkdir("./file0", 0777) = 0 [ 88.532618][ T5123] loop0: detected capacity change from 0 to 32768 [ 88.546782][ T5123] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 88.556138][ T5123] BTRFS info (device loop0): force clearing of disk cache [ 88.563335][ T5123] BTRFS info (device loop0): setting nodatasum [ 88.569551][ T5123] BTRFS info (device loop0): allowing degraded mounts [ 88.576319][ T5123] BTRFS info (device loop0): enabling disk space caching [ 88.583488][ T5123] BTRFS info (device loop0): disk space caching is enabled [ 88.603153][ T5123] BTRFS info (device loop0): enabling ssd optimizations [ 88.611595][ T5123] BTRFS info (device loop0): clearing free space tree [ 88.618651][ T5123] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5123] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5123] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5123] chdir("./file0") = 0 [pid 5123] ioctl(4, LOOP_CLR_FD) = 0 [pid 5123] close(4) = 0 [pid 5123] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5122] <... futex resumed>) = 0 [pid 5122] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5123] <... futex resumed>) = 1 [pid 5122] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5123] open("./file0", O_RDONLY) = 4 [pid 5123] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5122] <... futex resumed>) = 0 [pid 5123] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5122] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5123] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5122] <... futex resumed>) = 0 [pid 5123] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [ 88.628386][ T5123] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 88.641734][ T5123] BTRFS info (device loop0): checking UUID tree [pid 5122] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5123] <... open resumed>) = 5 [pid 5123] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5122] <... futex resumed>) = 0 [pid 5123] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5122] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5123] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5122] <... futex resumed>) = 0 [pid 5123] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5122] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5123] <... ioctl resumed>) = 0 [pid 5123] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5122] <... futex resumed>) = 0 [pid 5123] creat("./bus", 000 [pid 5122] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5123] <... creat resumed>) = 6 [pid 5123] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5122] <... futex resumed>) = 0 [pid 5122] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5123] ftruncate(6, 2048 [pid 5122] <... futex resumed>) = 0 [pid 5122] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5123] <... ftruncate resumed>) = 0 [pid 5123] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5122] <... futex resumed>) = 0 [pid 5122] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5123] open("./bus", O_RDONLY [pid 5122] <... futex resumed>) = 0 [pid 5122] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5123] <... open resumed>) = 7 [ 88.667553][ T27] audit: type=1800 audit(1670043469.175:138): pid=5123 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5123] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5122] <... futex resumed>) = 0 [pid 5123] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5122] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5123] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5122] <... futex resumed>) = 0 [pid 5123] sendfile(6, 7, NULL, 65536 [pid 5122] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5123] <... sendfile resumed>) = 2048 [pid 5123] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5122] <... futex resumed>) = 0 [pid 5123] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5122] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5123] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5122] <... futex resumed>) = 0 [pid 5123] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 5122] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5123] <... openat resumed>) = 8 [pid 5123] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5122] <... futex resumed>) = 0 [pid 5123] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5122] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5123] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5122] <... futex resumed>) = 0 [pid 5123] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 88.708130][ T27] audit: type=1804 audit(1670043469.205:139): pid=5123 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/68/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 88.718566][ T33] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 88.751042][ T5123] BTRFS info (device loop0): balance: start -s [pid 5122] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5122] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 5122] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5122] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5143], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 5143 [pid 5122] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5123] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5123] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5123] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5143 attached [pid 5143] set_robust_list(0x7fdb617d59e0, 24) = 0 [ 88.759358][ T5123] BTRFS info (device loop0): relocating block group 1048576 flags system [ 88.796778][ T5123] BTRFS info (device loop0): balance: ended with status: 0 [pid 5143] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 5143] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5122] <... futex resumed>) = 0 [pid 5122] exit_group(0 [pid 5123] <... futex resumed>) = ? [pid 5122] <... exit_group resumed>) = ? [pid 5123] +++ exited with 0 +++ [pid 5143] +++ exited with 0 +++ [pid 5122] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5122, si_uid=0, si_status=0, si_utime=2, si_stime=31} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./68", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./68/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./68/binderfs") = 0 umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./68/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./68/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./68") = 0 mkdir("./69", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5144 attached , child_tidptr=0x55555746f5d0) = 5144 [pid 5144] set_robust_list(0x55555746f5e0, 24) = 0 [pid 5144] chdir("./69") = 0 [pid 5144] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5144] setpgid(0, 0) = 0 [pid 5144] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5144] write(3, "1000", 4) = 4 [pid 5144] close(3) = 0 [pid 5144] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5144] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 5144] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5144] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5145 attached , parent_tid=[5145], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 5145 [pid 5145] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 5145] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5144] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5145] <... futex resumed>) = 0 [pid 5144] <... futex resumed>) = 1 [pid 5145] memfd_create("syzkaller", 0 [pid 5144] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5145] <... memfd_create resumed>) = 3 [pid 5145] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 5145] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5145] munmap(0x7fdb59200000, 16777216) = 0 [pid 5145] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5145] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5145] close(3) = 0 [pid 5145] mkdir("./file0", 0777) = 0 [ 89.135124][ T5145] loop0: detected capacity change from 0 to 32768 [ 89.148923][ T5145] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 89.158206][ T5145] BTRFS info (device loop0): force clearing of disk cache [ 89.165308][ T5145] BTRFS info (device loop0): setting nodatasum [ 89.171540][ T5145] BTRFS info (device loop0): allowing degraded mounts [ 89.178390][ T5145] BTRFS info (device loop0): enabling disk space caching [ 89.185401][ T5145] BTRFS info (device loop0): disk space caching is enabled [ 89.205498][ T5145] BTRFS info (device loop0): enabling ssd optimizations [ 89.213339][ T5145] BTRFS info (device loop0): clearing free space tree [ 89.220272][ T5145] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5145] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5145] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5145] chdir("./file0") = 0 [pid 5145] ioctl(4, LOOP_CLR_FD) = 0 [pid 5145] close(4) = 0 [pid 5145] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5144] <... futex resumed>) = 0 [pid 5145] <... futex resumed>) = 1 [pid 5144] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5145] open("./file0", O_RDONLY [pid 5144] <... futex resumed>) = 0 [pid 5144] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] <... open resumed>) = 4 [pid 5145] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5144] <... futex resumed>) = 0 [pid 5145] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5144] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 89.229991][ T5145] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 89.243308][ T5145] BTRFS info (device loop0): checking UUID tree [pid 5144] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] <... open resumed>) = 5 [pid 5145] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5144] <... futex resumed>) = 0 [pid 5145] <... futex resumed>) = 1 [pid 5145] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5144] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] <... ioctl resumed>) = 0 [pid 5145] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5144] <... futex resumed>) = 0 [pid 5145] <... futex resumed>) = 1 [pid 5144] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5145] creat("./bus", 000 [pid 5144] <... futex resumed>) = 0 [pid 5144] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] <... creat resumed>) = 6 [pid 5145] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5144] <... futex resumed>) = 0 [pid 5145] <... futex resumed>) = 1 [pid 5144] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5145] ftruncate(6, 2048 [pid 5144] <... futex resumed>) = 0 [pid 5144] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] <... ftruncate resumed>) = 0 [pid 5145] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5144] <... futex resumed>) = 0 [pid 5145] <... futex resumed>) = 1 [pid 5144] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] open("./bus", O_RDONLY) = 7 [ 89.275357][ T27] audit: type=1800 audit(1670043469.775:140): pid=5145 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5145] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5145] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5144] <... futex resumed>) = 0 [pid 5144] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5145] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5144] <... futex resumed>) = 0 [pid 5145] sendfile(6, 7, NULL, 65536) = 2048 [pid 5144] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5144] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5144] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5145] <... futex resumed>) = 0 [pid 5144] <... futex resumed>) = 0 [pid 5145] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 5144] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] <... openat resumed>) = 8 [pid 5145] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5144] <... futex resumed>) = 0 [pid 5144] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 89.329713][ T33] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 89.339720][ T27] audit: type=1804 audit(1670043469.835:141): pid=5145 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/69/file0/bus" dev="loop0" ino=263 res=1 errno=0 [pid 5145] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5144] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5144] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5144] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5144] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 5145] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5144] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE [pid 5145] <... futex resumed>) = 0 [pid 5144] <... mprotect resumed>) = 0 [pid 5144] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5165], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 5165 [pid 5145] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5144] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5165 attached [pid 5165] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 5165] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 5165] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5144] <... futex resumed>) = 0 [pid 5144] exit_group(0) = ? [pid 5145] <... futex resumed>) = ? [pid 5145] +++ exited with 0 +++ [pid 5165] +++ exited with 0 +++ [pid 5144] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5144, si_uid=0, si_status=0, si_utime=3, si_stime=30} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./69", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 89.377072][ T5145] BTRFS info (device loop0): balance: start -s [ 89.384861][ T5145] BTRFS info (device loop0): relocating block group 1048576 flags system [ 89.408018][ T5145] BTRFS info (device loop0): balance: ended with status: 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./69/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./69/binderfs") = 0 umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./69/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./69/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./69") = 0 mkdir("./70", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 5166 ./strace-static-x86_64: Process 5166 attached [pid 5166] set_robust_list(0x55555746f5e0, 24) = 0 [pid 5166] chdir("./70") = 0 [pid 5166] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5166] setpgid(0, 0) = 0 [pid 5166] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5166] write(3, "1000", 4) = 4 [pid 5166] close(3) = 0 [pid 5166] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5166] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5166] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 5166] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5166] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5167 attached [pid 5167] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 5167] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5166] <... clone resumed>, parent_tid=[5167], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 5167 [pid 5166] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5167] <... futex resumed>) = 0 [pid 5166] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5167] memfd_create("syzkaller", 0) = 3 [pid 5167] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 5167] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5167] munmap(0x7fdb59200000, 16777216) = 0 [pid 5167] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5167] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5167] close(3) = 0 [pid 5167] mkdir("./file0", 0777) = 0 [ 89.729518][ T5167] loop0: detected capacity change from 0 to 32768 [ 89.743834][ T5167] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 89.753134][ T5167] BTRFS info (device loop0): force clearing of disk cache [ 89.760339][ T5167] BTRFS info (device loop0): setting nodatasum [ 89.766643][ T5167] BTRFS info (device loop0): allowing degraded mounts [ 89.773459][ T5167] BTRFS info (device loop0): enabling disk space caching [ 89.780752][ T5167] BTRFS info (device loop0): disk space caching is enabled [ 89.801855][ T5167] BTRFS info (device loop0): enabling ssd optimizations [ 89.809838][ T5167] BTRFS info (device loop0): clearing free space tree [ 89.816728][ T5167] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5167] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5167] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5167] chdir("./file0") = 0 [pid 5167] ioctl(4, LOOP_CLR_FD) = 0 [pid 5167] close(4) = 0 [pid 5167] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5166] <... futex resumed>) = 0 [pid 5166] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5167] open("./file0", O_RDONLY) = 4 [pid 5166] <... futex resumed>) = 0 [pid 5167] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5166] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5167] <... futex resumed>) = 0 [pid 5166] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5167] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5166] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5167] <... open resumed>) = 5 [pid 5166] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5167] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5166] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5167] <... futex resumed>) = 0 [pid 5166] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5167] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5166] <... futex resumed>) = 0 [pid 5166] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5167] <... ioctl resumed>) = 0 [pid 5167] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5166] <... futex resumed>) = 0 [pid 5167] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5166] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5167] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5166] <... futex resumed>) = 0 [pid 5167] creat("./bus", 000 [pid 5166] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5167] <... creat resumed>) = 6 [pid 5167] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5166] <... futex resumed>) = 0 [pid 5167] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5166] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5167] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5166] <... futex resumed>) = 0 [pid 5167] ftruncate(6, 2048 [pid 5166] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5167] <... ftruncate resumed>) = 0 [pid 5167] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5166] <... futex resumed>) = 0 [pid 5167] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5166] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5167] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5166] <... futex resumed>) = 0 [pid 5167] open("./bus", O_RDONLY [pid 5166] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5167] <... open resumed>) = 7 [pid 5167] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5166] <... futex resumed>) = 0 [pid 5167] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5166] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5167] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5166] <... futex resumed>) = 0 [pid 5167] sendfile(6, 7, NULL, 65536 [pid 5166] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5167] <... sendfile resumed>) = 2048 [pid 5167] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5166] <... futex resumed>) = 0 [pid 5167] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5166] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5167] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5166] <... futex resumed>) = 0 [pid 5167] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 5166] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5167] <... openat resumed>) = 8 [pid 5167] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5166] <... futex resumed>) = 0 [pid 5167] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5166] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5167] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5166] <... futex resumed>) = 0 [pid 5167] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 89.826447][ T5167] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 89.851138][ T27] audit: type=1800 audit(1670043470.355:142): pid=5167 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5166] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5167] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5167] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5166] <... futex resumed>) = 0 [pid 5166] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5166] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5167] <... futex resumed>) = 1 [ 89.910491][ T27] audit: type=1804 audit(1670043470.395:143): pid=5167 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/70/file0/bus" dev="loop0" ino=263 res=1 errno=0 [pid 5167] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 5167] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5166] <... futex resumed>) = 0 [pid 5166] exit_group(0) = ? [pid 5167] <... futex resumed>) = ? [pid 5167] +++ exited with 0 +++ [pid 5166] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5166, si_uid=0, si_status=0, si_utime=2, si_stime=20} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./70", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./70/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./70/binderfs") = 0 umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./70/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./70/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./70") = 0 mkdir("./71", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 5187 ./strace-static-x86_64: Process 5187 attached [pid 5187] set_robust_list(0x55555746f5e0, 24) = 0 [pid 5187] chdir("./71") = 0 [pid 5187] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5187] setpgid(0, 0) = 0 [pid 5187] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5187] write(3, "1000", 4) = 4 [pid 5187] close(3) = 0 [pid 5187] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5187] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5187] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 5187] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5187] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5188], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 5188 [pid 5187] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5187] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5188 attached [pid 5188] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 5188] memfd_create("syzkaller", 0) = 3 [pid 5188] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 5188] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5188] munmap(0x7fdb59200000, 16777216) = 0 [pid 5188] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5188] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5188] close(3) = 0 [pid 5188] mkdir("./file0", 0777) = 0 [pid 5188] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5188] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5188] chdir("./file0") = 0 [pid 5188] ioctl(4, LOOP_CLR_FD) = 0 [pid 5188] close(4) = 0 [pid 5188] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5187] <... futex resumed>) = 0 [pid 5187] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5187] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5188] <... futex resumed>) = 1 [pid 5188] open("./file0", O_RDONLY) = 4 [pid 5188] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5187] <... futex resumed>) = 0 [pid 5187] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5187] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5188] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5188] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5187] <... futex resumed>) = 0 [pid 5187] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5188] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5187] <... futex resumed>) = 0 [ 90.271377][ T5188] loop0: detected capacity change from 0 to 32768 [pid 5187] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5188] <... ioctl resumed>) = 0 [pid 5188] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5187] <... futex resumed>) = 0 [pid 5188] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5187] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5187] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5188] <... futex resumed>) = 0 [pid 5188] creat("./bus", 000) = 6 [pid 5188] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5187] <... futex resumed>) = 0 [pid 5187] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5187] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5188] <... futex resumed>) = 1 [pid 5188] ftruncate(6, 2048) = 0 [pid 5188] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5187] <... futex resumed>) = 0 [pid 5187] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5187] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5188] <... futex resumed>) = 1 [pid 5188] open("./bus", O_RDONLY) = 7 [pid 5188] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5187] <... futex resumed>) = 0 [pid 5187] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5187] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5188] <... futex resumed>) = 1 [pid 5188] sendfile(6, 7, NULL, 65536) = 2048 [pid 5188] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5187] <... futex resumed>) = 0 [pid 5187] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5187] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5188] <... futex resumed>) = 1 [pid 5188] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 5188] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5187] <... futex resumed>) = 0 [pid 5187] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5187] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5188] <... futex resumed>) = 1 [pid 5188] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5188] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5187] <... futex resumed>) = 0 [pid 5187] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5187] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5188] <... futex resumed>) = 1 [pid 5188] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 5188] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5187] <... futex resumed>) = 0 [pid 5187] exit_group(0) = ? [pid 5188] <... futex resumed>) = ? [pid 5188] +++ exited with 0 +++ [pid 5187] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5187, si_uid=0, si_status=0, si_utime=0, si_stime=22} --- umount2("./71", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./71/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./71/binderfs") = 0 umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./71/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./71/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./71") = 0 mkdir("./72", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 5208 ./strace-static-x86_64: Process 5208 attached [pid 5208] set_robust_list(0x55555746f5e0, 24) = 0 [pid 5208] chdir("./72") = 0 [pid 5208] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5208] setpgid(0, 0) = 0 [pid 5208] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5208] write(3, "1000", 4) = 4 [pid 5208] close(3) = 0 [pid 5208] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5208] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5208] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 5208] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5208] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5209], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 5209 [pid 5208] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5208] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5209 attached [pid 5209] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 5209] memfd_create("syzkaller", 0) = 3 [pid 5209] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 5209] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5209] munmap(0x7fdb59200000, 16777216) = 0 [pid 5209] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5209] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5209] close(3) = 0 [pid 5209] mkdir("./file0", 0777) = 0 [pid 5209] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5209] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5209] chdir("./file0") = 0 [pid 5209] ioctl(4, LOOP_CLR_FD) = 0 [pid 5209] close(4) = 0 [pid 5209] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5208] <... futex resumed>) = 0 [pid 5208] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5208] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5209] open("./file0", O_RDONLY) = 4 [pid 5209] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5208] <... futex resumed>) = 0 [pid 5209] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5208] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5209] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5208] <... futex resumed>) = 0 [pid 5209] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5208] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5209] <... open resumed>) = 5 [pid 5209] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5208] <... futex resumed>) = 0 [pid 5208] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5209] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5208] <... futex resumed>) = 0 [ 90.726021][ T5209] loop0: detected capacity change from 0 to 32768 [pid 5208] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5209] <... ioctl resumed>) = 0 [pid 5209] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5208] <... futex resumed>) = 0 [pid 5209] creat("./bus", 000 [pid 5208] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5208] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5209] <... creat resumed>) = 6 [pid 5209] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5208] <... futex resumed>) = 0 [pid 5209] ftruncate(6, 2048 [pid 5208] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5209] <... ftruncate resumed>) = 0 [pid 5208] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5209] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5208] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5209] <... futex resumed>) = 0 [pid 5208] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5209] open("./bus", O_RDONLY [pid 5208] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5209] <... open resumed>) = 7 [pid 5209] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5208] <... futex resumed>) = 0 [pid 5209] sendfile(6, 7, NULL, 65536 [pid 5208] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5209] <... sendfile resumed>) = 2048 [pid 5208] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5209] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5208] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5209] <... futex resumed>) = 0 [pid 5208] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5209] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 5208] <... futex resumed>) = 0 [pid 5208] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5209] <... openat resumed>) = 8 [pid 5209] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5208] <... futex resumed>) = 0 [pid 5209] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5208] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5208] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5209] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5209] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5208] <... futex resumed>) = 0 [pid 5209] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5208] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5209] <... futex resumed>) = 0 [pid 5208] <... futex resumed>) = 1 [pid 5208] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5209] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 5209] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5208] <... futex resumed>) = 0 [pid 5209] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5208] exit_group(0 [pid 5209] <... futex resumed>) = ? [pid 5208] <... exit_group resumed>) = ? [pid 5209] +++ exited with 0 +++ [pid 5208] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5208, si_uid=0, si_status=0, si_utime=2, si_stime=16} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./72", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./72/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./72/binderfs") = 0 umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./72/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./72/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./72") = 0 mkdir("./73", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5229 attached , child_tidptr=0x55555746f5d0) = 5229 [pid 5229] set_robust_list(0x55555746f5e0, 24) = 0 [pid 5229] chdir("./73") = 0 [pid 5229] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5229] setpgid(0, 0) = 0 [pid 5229] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5229] write(3, "1000", 4) = 4 [pid 5229] close(3) = 0 [pid 5229] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5229] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5229] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 5229] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5229] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5230 attached [pid 5230] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 5230] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5229] <... clone resumed>, parent_tid=[5230], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 5230 [pid 5229] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5230] <... futex resumed>) = 0 [pid 5229] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5230] memfd_create("syzkaller", 0) = 3 [pid 5230] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 5230] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5230] munmap(0x7fdb59200000, 16777216) = 0 [pid 5230] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5230] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5230] close(3) = 0 [pid 5230] mkdir("./file0", 0777) = 0 [pid 5230] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5230] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5230] chdir("./file0") = 0 [pid 5230] ioctl(4, LOOP_CLR_FD) = 0 [pid 5230] close(4) = 0 [pid 5230] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5230] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5229] <... futex resumed>) = 0 [pid 5229] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5229] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5230] <... futex resumed>) = 0 [pid 5230] open("./file0", O_RDONLY) = 4 [pid 5230] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5229] <... futex resumed>) = 0 [pid 5229] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5229] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5230] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5230] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5229] <... futex resumed>) = 0 [pid 5230] <... futex resumed>) = 1 [pid 5229] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5230] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [ 91.157112][ T5230] loop0: detected capacity change from 0 to 32768 [ 91.188854][ T5230] _btrfs_printk: 45 callbacks suppressed [ 91.188866][ T5230] BTRFS info (device loop0): checking UUID tree [pid 5229] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5230] <... ioctl resumed>) = 0 [pid 5230] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5229] <... futex resumed>) = 0 [pid 5229] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5230] <... futex resumed>) = 1 [pid 5229] <... futex resumed>) = 0 [pid 5229] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5230] creat("./bus", 000) = 6 [pid 5230] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5229] <... futex resumed>) = 0 [pid 5230] <... futex resumed>) = 1 [pid 5229] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5229] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5230] ftruncate(6, 2048) = 0 [pid 5230] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5229] <... futex resumed>) = 0 [pid 5230] <... futex resumed>) = 1 [pid 5229] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5230] open("./bus", O_RDONLY [pid 5229] <... futex resumed>) = 0 [pid 5229] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5230] <... open resumed>) = 7 [pid 5230] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5229] <... futex resumed>) = 0 [pid 5230] <... futex resumed>) = 1 [pid 5229] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5229] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5230] sendfile(6, 7, NULL, 65536) = 2048 [pid 5230] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5229] <... futex resumed>) = 0 [pid 5230] <... futex resumed>) = 1 [pid 5229] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5229] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5230] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 5230] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5229] <... futex resumed>) = 0 [pid 5230] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5229] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5230] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5229] <... futex resumed>) = 0 [pid 5230] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 91.276422][ T56] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 91.296018][ T5230] BTRFS info (device loop0): balance: start -s [ 91.305112][ T5230] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5229] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5229] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5229] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 5229] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5229] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5250], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 5250 [pid 5229] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5229] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5230] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5230] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5250 attached [pid 5250] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 5250] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 5230] <... futex resumed>) = 0 [pid 5230] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5250] <... ioctl resumed>) = 0 [pid 5250] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5250] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5229] <... futex resumed>) = 0 [pid 5229] exit_group(0) = ? [pid 5250] <... futex resumed>) = ? [pid 5250] +++ exited with 0 +++ [pid 5230] <... futex resumed>) = ? [pid 5230] +++ exited with 0 +++ [pid 5229] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5229, si_uid=0, si_status=0, si_utime=2, si_stime=29} --- umount2("./73", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./73/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./73/binderfs") = 0 [ 91.332669][ T5230] BTRFS info (device loop0): balance: ended with status: 0 umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./73/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./73/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./73") = 0 mkdir("./74", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 5251 ./strace-static-x86_64: Process 5251 attached [pid 5251] set_robust_list(0x55555746f5e0, 24) = 0 [pid 5251] chdir("./74") = 0 [pid 5251] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5251] setpgid(0, 0) = 0 [pid 5251] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5251] write(3, "1000", 4) = 4 [pid 5251] close(3) = 0 [pid 5251] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5251] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5251] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 5251] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5251] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5252 attached , parent_tid=[5252], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 5252 [pid 5252] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 5252] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5251] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5252] <... futex resumed>) = 0 [pid 5251] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5252] memfd_create("syzkaller", 0) = 3 [pid 5252] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 5252] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5252] munmap(0x7fdb59200000, 16777216) = 0 [pid 5252] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5252] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5252] close(3) = 0 [pid 5252] mkdir("./file0", 0777) = 0 [ 91.656972][ T5252] loop0: detected capacity change from 0 to 32768 [ 91.669668][ T5252] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 91.679185][ T5252] BTRFS info (device loop0): force clearing of disk cache [ 91.686294][ T5252] BTRFS info (device loop0): setting nodatasum [ 91.692505][ T5252] BTRFS info (device loop0): allowing degraded mounts [ 91.699448][ T5252] BTRFS info (device loop0): enabling disk space caching [ 91.706470][ T5252] BTRFS info (device loop0): disk space caching is enabled [ 91.725930][ T5252] BTRFS info (device loop0): enabling ssd optimizations [ 91.733681][ T5252] BTRFS info (device loop0): clearing free space tree [ 91.740956][ T5252] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5252] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5252] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5252] chdir("./file0") = 0 [pid 5252] ioctl(4, LOOP_CLR_FD) = 0 [pid 5252] close(4) = 0 [pid 5252] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5251] <... futex resumed>) = 0 [pid 5251] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5251] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5252] open("./file0", O_RDONLY) = 4 [pid 5252] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5251] <... futex resumed>) = 0 [pid 5251] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5251] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5252] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5252] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5252] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5251] <... futex resumed>) = 0 [pid 5251] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5251] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5252] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5252] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5252] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5252] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5251] <... futex resumed>) = 0 [pid 5251] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5251] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5252] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5252] creat("./bus", 000) = 6 [pid 5252] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5251] <... futex resumed>) = 0 [pid 5251] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5251] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5252] ftruncate(6, 2048) = 0 [pid 5252] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5251] <... futex resumed>) = 0 [pid 5251] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5251] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 91.750856][ T5252] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 91.764055][ T5252] BTRFS info (device loop0): checking UUID tree [pid 5252] open("./bus", O_RDONLY) = 7 [pid 5252] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5251] <... futex resumed>) = 0 [pid 5252] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5251] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5252] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5251] <... futex resumed>) = 0 [pid 5252] sendfile(6, 7, NULL, 65536 [pid 5251] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5252] <... sendfile resumed>) = 2048 [pid 5252] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5252] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5251] <... futex resumed>) = 0 [pid 5251] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5252] <... futex resumed>) = 0 [pid 5251] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5252] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 5252] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5251] <... futex resumed>) = 0 [pid 5252] <... futex resumed>) = 1 [pid 5251] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5252] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5251] <... futex resumed>) = 0 [pid 5251] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5251] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5251] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 5251] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5251] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5272], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 5272 [pid 5251] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5251] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5252] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5252] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5252] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5272 attached [pid 5272] set_robust_list(0x7fdb617d59e0, 24) = 0 [ 91.834192][ T56] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 91.844612][ T5252] BTRFS info (device loop0): balance: start -s [ 91.852433][ T5252] BTRFS info (device loop0): relocating block group 1048576 flags system [ 91.876117][ T5252] BTRFS info (device loop0): balance: ended with status: 0 [pid 5272] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 5272] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5251] <... futex resumed>) = 0 [pid 5251] exit_group(0 [pid 5252] <... futex resumed>) = ? [pid 5251] <... exit_group resumed>) = ? [pid 5252] +++ exited with 0 +++ [pid 5272] <... futex resumed>) = ? [pid 5272] +++ exited with 0 +++ [pid 5251] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5251, si_uid=0, si_status=0, si_utime=2, si_stime=29} --- umount2("./74", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./74/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./74/binderfs") = 0 umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./74/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./74/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./74") = 0 mkdir("./75", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 5273 ./strace-static-x86_64: Process 5273 attached [pid 5273] set_robust_list(0x55555746f5e0, 24) = 0 [pid 5273] chdir("./75") = 0 [pid 5273] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5273] setpgid(0, 0) = 0 [pid 5273] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5273] write(3, "1000", 4) = 4 [pid 5273] close(3) = 0 [pid 5273] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5273] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5273] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 5273] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5273] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5274 attached , parent_tid=[5274], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 5274 [pid 5274] set_robust_list(0x7fdb617f69e0, 24 [pid 5273] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5274] <... set_robust_list resumed>) = 0 [pid 5273] <... futex resumed>) = 0 [pid 5273] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5274] memfd_create("syzkaller", 0) = 3 [pid 5274] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 5274] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5274] munmap(0x7fdb59200000, 16777216) = 0 [pid 5274] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5274] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5274] close(3) = 0 [pid 5274] mkdir("./file0", 0777) = 0 [ 92.219496][ T5274] loop0: detected capacity change from 0 to 32768 [ 92.233246][ T5274] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 92.242557][ T5274] BTRFS info (device loop0): force clearing of disk cache [ 92.249758][ T5274] BTRFS info (device loop0): setting nodatasum [ 92.255915][ T5274] BTRFS info (device loop0): allowing degraded mounts [ 92.262955][ T5274] BTRFS info (device loop0): enabling disk space caching [ 92.270068][ T5274] BTRFS info (device loop0): disk space caching is enabled [ 92.291262][ T5274] BTRFS info (device loop0): enabling ssd optimizations [ 92.299262][ T5274] BTRFS info (device loop0): clearing free space tree [ 92.306117][ T5274] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5274] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5274] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5274] chdir("./file0") = 0 [pid 5274] ioctl(4, LOOP_CLR_FD) = 0 [pid 5274] close(4) = 0 [pid 5274] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5273] <... futex resumed>) = 0 [pid 5273] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5274] open("./file0", O_RDONLY [pid 5273] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5274] <... open resumed>) = 4 [pid 5274] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5273] <... futex resumed>) = 0 [pid 5273] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5273] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5274] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5274] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5273] <... futex resumed>) = 0 [pid 5274] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5273] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5273] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5274] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5274] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5274] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5274] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5273] <... futex resumed>) = 0 [pid 5273] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5274] <... futex resumed>) = 0 [pid 5273] <... futex resumed>) = 1 [ 92.315953][ T5274] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 92.329341][ T5274] BTRFS info (device loop0): checking UUID tree [pid 5274] creat("./bus", 000) = 6 [pid 5273] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5274] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5274] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5273] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5273] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5274] <... futex resumed>) = 0 [pid 5273] <... futex resumed>) = 1 [pid 5274] ftruncate(6, 2048) = 0 [pid 5274] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5274] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5273] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5273] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5274] <... futex resumed>) = 0 [pid 5273] <... futex resumed>) = 1 [pid 5274] open("./bus", O_RDONLY) = 7 [pid 5273] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5274] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5273] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5274] <... futex resumed>) = 0 [pid 5274] sendfile(6, 7, NULL, 65536 [pid 5273] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5274] <... sendfile resumed>) = 2048 [pid 5274] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5273] <... futex resumed>) = 0 [pid 5274] <... futex resumed>) = 0 [pid 5273] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5274] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5273] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5273] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5274] <... futex resumed>) = 0 [pid 5273] <... futex resumed>) = 1 [pid 5274] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 5273] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5274] <... openat resumed>) = 8 [pid 5274] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5273] <... futex resumed>) = 0 [pid 5274] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5273] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5274] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5273] <... futex resumed>) = 0 [pid 5274] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 92.382332][ T56] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 5273] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5273] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5273] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 5273] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5273] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5296], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 5296 [pid 5273] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5273] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5296 attached [pid 5296] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 5296] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 5274] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5274] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 92.424262][ T5274] BTRFS info (device loop0): balance: start -s [ 92.433158][ T5274] BTRFS info (device loop0): relocating block group 1048576 flags system [ 92.461562][ T5274] BTRFS info (device loop0): balance: ended with status: 0 [pid 5274] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5296] <... ioctl resumed>) = 0 [pid 5296] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5273] <... futex resumed>) = 0 [pid 5273] exit_group(0 [pid 5274] <... futex resumed>) = ? [pid 5273] <... exit_group resumed>) = ? [pid 5274] +++ exited with 0 +++ [pid 5296] <... futex resumed>) = ? [pid 5296] +++ exited with 0 +++ [pid 5273] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5273, si_uid=0, si_status=0, si_utime=3, si_stime=27} --- umount2("./75", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./75/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./75/binderfs") = 0 umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./75/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./75/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./75") = 0 mkdir("./76", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5297 attached , child_tidptr=0x55555746f5d0) = 5297 [pid 5297] set_robust_list(0x55555746f5e0, 24) = 0 [pid 5297] chdir("./76") = 0 [pid 5297] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5297] setpgid(0, 0) = 0 [pid 5297] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5297] write(3, "1000", 4) = 4 [pid 5297] close(3) = 0 [pid 5297] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5297] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5297] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 5297] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5297] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5298], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 5298 ./strace-static-x86_64: Process 5298 attached [pid 5298] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 5298] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5297] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5298] <... futex resumed>) = 0 [pid 5297] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5298] memfd_create("syzkaller", 0) = 3 [pid 5298] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 5298] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5298] munmap(0x7fdb59200000, 16777216) = 0 [pid 5298] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5298] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5298] close(3) = 0 [pid 5298] mkdir("./file0", 0777) = 0 [ 92.806981][ T5298] loop0: detected capacity change from 0 to 32768 [ 92.822179][ T5298] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 92.831495][ T5298] BTRFS info (device loop0): force clearing of disk cache [ 92.838855][ T5298] BTRFS info (device loop0): setting nodatasum [ 92.845019][ T5298] BTRFS info (device loop0): allowing degraded mounts [ 92.851994][ T5298] BTRFS info (device loop0): enabling disk space caching [ 92.859459][ T5298] BTRFS info (device loop0): disk space caching is enabled [ 92.878665][ T5298] BTRFS info (device loop0): enabling ssd optimizations [ 92.886303][ T5298] BTRFS info (device loop0): clearing free space tree [ 92.893221][ T5298] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5298] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5298] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5298] chdir("./file0") = 0 [pid 5298] ioctl(4, LOOP_CLR_FD) = 0 [pid 5298] close(4) = 0 [pid 5298] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5297] <... futex resumed>) = 0 [pid 5298] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5297] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5297] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5298] <... futex resumed>) = 0 [pid 5298] open("./file0", O_RDONLY) = 4 [pid 5298] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5297] <... futex resumed>) = 0 [pid 5298] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5297] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5297] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5298] <... futex resumed>) = 0 [ 92.902938][ T5298] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 92.916285][ T5298] BTRFS info (device loop0): checking UUID tree [ 92.941689][ T27] kauditd_printk_skb: 10 callbacks suppressed [pid 5298] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5298] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5297] <... futex resumed>) = 0 [pid 5298] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5297] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5298] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5297] <... futex resumed>) = 0 [pid 5298] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5297] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5298] <... ioctl resumed>) = 0 [pid 5298] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5297] <... futex resumed>) = 0 [pid 5298] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5297] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5298] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5297] <... futex resumed>) = 0 [pid 5298] creat("./bus", 000 [pid 5297] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5298] <... creat resumed>) = 6 [pid 5298] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5297] <... futex resumed>) = 0 [pid 5298] ftruncate(6, 2048 [pid 5297] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5298] <... ftruncate resumed>) = 0 [pid 5297] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5298] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5297] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5298] <... futex resumed>) = 0 [pid 5297] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5298] open("./bus", O_RDONLY [pid 5297] <... futex resumed>) = 0 [pid 5297] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5298] <... open resumed>) = 7 [ 92.941702][ T27] audit: type=1800 audit(1670043473.445:154): pid=5298 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5298] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5297] <... futex resumed>) = 0 [pid 5298] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5297] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5298] sendfile(6, 7, NULL, 65536 [pid 5297] <... futex resumed>) = 0 [pid 5297] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5298] <... sendfile resumed>) = 2048 [pid 5298] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5297] <... futex resumed>) = 0 [pid 5298] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5297] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5298] <... futex resumed>) = 0 [pid 5297] <... futex resumed>) = 1 [pid 5298] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 5297] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5298] <... openat resumed>) = 8 [pid 5298] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5297] <... futex resumed>) = 0 [pid 5298] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5297] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5298] <... futex resumed>) = 0 [pid 5297] <... futex resumed>) = 1 [pid 5298] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 93.004325][ T27] audit: type=1804 audit(1670043473.505:155): pid=5298 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/76/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 93.006625][ T56] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 93.048388][ T5298] BTRFS info (device loop0): balance: start -s [pid 5297] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5297] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5297] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 5297] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5297] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5319], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 5319 [pid 5297] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 93.055624][ T5298] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5297] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5319 attached [pid 5319] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 5319] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 5297] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5298] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5319] <... ioctl resumed>) = 0 [pid 5319] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5319] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5298] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5297] exit_group(0) = ? [pid 5319] <... futex resumed>) = ? [pid 5319] +++ exited with 0 +++ [pid 5298] <... futex resumed>) = ? [pid 5298] +++ exited with 0 +++ [pid 5297] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5297, si_uid=0, si_status=0, si_utime=3, si_stime=27} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./76", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./76/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./76/binderfs") = 0 [ 93.103786][ T5298] BTRFS info (device loop0): balance: ended with status: 0 umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./76/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./76/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./76") = 0 mkdir("./77", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 5320 ./strace-static-x86_64: Process 5320 attached [pid 5320] set_robust_list(0x55555746f5e0, 24) = 0 [pid 5320] chdir("./77") = 0 [pid 5320] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5320] setpgid(0, 0) = 0 [pid 5320] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5320] write(3, "1000", 4) = 4 [pid 5320] close(3) = 0 [pid 5320] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5320] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5320] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 5320] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5320] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5321], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 5321 ./strace-static-x86_64: Process 5321 attached [pid 5320] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5321] set_robust_list(0x7fdb617f69e0, 24 [pid 5320] <... futex resumed>) = 0 [pid 5320] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5321] <... set_robust_list resumed>) = 0 [pid 5321] memfd_create("syzkaller", 0) = 3 [pid 5321] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 5321] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5321] munmap(0x7fdb59200000, 16777216) = 0 [pid 5321] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5321] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5321] close(3) = 0 [pid 5321] mkdir("./file0", 0777) = 0 [ 93.426966][ T5321] loop0: detected capacity change from 0 to 32768 [ 93.440425][ T5321] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 93.449773][ T5321] BTRFS info (device loop0): force clearing of disk cache [ 93.456907][ T5321] BTRFS info (device loop0): setting nodatasum [ 93.463166][ T5321] BTRFS info (device loop0): allowing degraded mounts [ 93.469970][ T5321] BTRFS info (device loop0): enabling disk space caching [ 93.476976][ T5321] BTRFS info (device loop0): disk space caching is enabled [ 93.496775][ T5321] BTRFS info (device loop0): enabling ssd optimizations [ 93.504519][ T5321] BTRFS info (device loop0): clearing free space tree [ 93.511902][ T5321] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5321] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5321] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5321] chdir("./file0") = 0 [pid 5321] ioctl(4, LOOP_CLR_FD) = 0 [pid 5321] close(4) = 0 [pid 5321] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5320] <... futex resumed>) = 0 [pid 5321] open("./file0", O_RDONLY [pid 5320] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5321] <... open resumed>) = 4 [pid 5320] <... futex resumed>) = 0 [pid 5320] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5321] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5320] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5321] <... futex resumed>) = 0 [pid 5320] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5321] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5320] <... futex resumed>) = 0 [ 93.521899][ T5321] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 93.535774][ T5321] BTRFS info (device loop0): checking UUID tree [pid 5320] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5321] <... open resumed>) = 5 [pid 5321] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5320] <... futex resumed>) = 0 [pid 5321] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5320] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5321] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5320] <... futex resumed>) = 0 [pid 5321] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5320] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5321] <... ioctl resumed>) = 0 [pid 5321] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5320] <... futex resumed>) = 0 [pid 5321] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5320] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5321] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5320] <... futex resumed>) = 0 [pid 5321] creat("./bus", 000 [pid 5320] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5321] <... creat resumed>) = 6 [pid 5321] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5320] <... futex resumed>) = 0 [pid 5321] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5320] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5321] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5320] <... futex resumed>) = 0 [pid 5321] ftruncate(6, 2048 [pid 5320] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5321] <... ftruncate resumed>) = 0 [pid 5321] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5320] <... futex resumed>) = 0 [pid 5321] open("./bus", O_RDONLY [pid 5320] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 93.562635][ T27] audit: type=1800 audit(1670043474.065:156): pid=5321 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 93.601613][ T27] audit: type=1804 audit(1670043474.105:157): pid=5321 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/77/file0/bus" dev="loop0" ino=263 res=1 errno=0 [pid 5320] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5321] <... open resumed>) = 7 [pid 5321] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5321] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5320] <... futex resumed>) = 0 [pid 5320] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5321] <... futex resumed>) = 0 [pid 5320] <... futex resumed>) = 1 [pid 5321] sendfile(6, 7, NULL, 65536 [pid 5320] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5321] <... sendfile resumed>) = 2048 [pid 5321] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5320] <... futex resumed>) = 0 [pid 5321] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5320] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5321] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5320] <... futex resumed>) = 0 [pid 5321] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 5320] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5321] <... openat resumed>) = 8 [pid 5321] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5320] <... futex resumed>) = 0 [pid 5321] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5320] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5321] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5320] <... futex resumed>) = 0 [pid 5321] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 93.602732][ T56] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 93.643961][ T5321] BTRFS info (device loop0): balance: start -s [ 93.655965][ T5321] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5320] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5320] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5320] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 5320] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5321] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5320] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5341 attached [pid 5321] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5320] <... clone resumed>, parent_tid=[5341], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 5341 [pid 5341] set_robust_list(0x7fdb617d59e0, 24 [pid 5321] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5320] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5341] <... set_robust_list resumed>) = 0 [pid 5320] <... futex resumed>) = 0 [pid 5341] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 5320] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5341] <... ioctl resumed>) = 0 [pid 5341] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5320] <... futex resumed>) = 0 [pid 5341] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5320] exit_group(0 [pid 5341] <... futex resumed>) = ? [pid 5321] <... futex resumed>) = ? [pid 5320] <... exit_group resumed>) = ? [pid 5341] +++ exited with 0 +++ [pid 5321] +++ exited with 0 +++ [pid 5320] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5320, si_uid=0, si_status=0, si_utime=1, si_stime=33} --- umount2("./77", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./77/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./77/binderfs") = 0 [ 93.681743][ T5321] BTRFS info (device loop0): balance: ended with status: 0 umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./77/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./77/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./77") = 0 mkdir("./78", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 5342 ./strace-static-x86_64: Process 5342 attached [pid 5342] set_robust_list(0x55555746f5e0, 24) = 0 [pid 5342] chdir("./78") = 0 [pid 5342] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5342] setpgid(0, 0) = 0 [pid 5342] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5342] write(3, "1000", 4) = 4 [pid 5342] close(3) = 0 [pid 5342] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5342] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5342] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 5342] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5342] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5343 attached , parent_tid=[5343], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 5343 [pid 5343] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 5343] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5342] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5343] <... futex resumed>) = 0 [pid 5342] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5343] memfd_create("syzkaller", 0) = 3 [pid 5343] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 5343] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5343] munmap(0x7fdb59200000, 16777216) = 0 [pid 5343] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5343] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5343] close(3) = 0 [pid 5343] mkdir("./file0", 0777) = 0 [ 94.020760][ T5343] loop0: detected capacity change from 0 to 32768 [ 94.034011][ T5343] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 94.043324][ T5343] BTRFS info (device loop0): force clearing of disk cache [ 94.050718][ T5343] BTRFS info (device loop0): setting nodatasum [ 94.056873][ T5343] BTRFS info (device loop0): allowing degraded mounts [ 94.063980][ T5343] BTRFS info (device loop0): enabling disk space caching [ 94.071187][ T5343] BTRFS info (device loop0): disk space caching is enabled [ 94.088640][ T5343] BTRFS info (device loop0): enabling ssd optimizations [ 94.096532][ T5343] BTRFS info (device loop0): clearing free space tree [ 94.103459][ T5343] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5343] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5343] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5343] chdir("./file0") = 0 [pid 5343] ioctl(4, LOOP_CLR_FD) = 0 [pid 5343] close(4) = 0 [pid 5343] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5342] <... futex resumed>) = 0 [pid 5342] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5342] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5343] <... futex resumed>) = 1 [pid 5343] open("./file0", O_RDONLY) = 4 [pid 5343] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5342] <... futex resumed>) = 0 [pid 5342] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5342] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5343] <... futex resumed>) = 1 [pid 5343] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5343] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5342] <... futex resumed>) = 0 [pid 5342] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5342] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5343] <... futex resumed>) = 1 [pid 5343] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5343] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5342] <... futex resumed>) = 0 [pid 5342] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5342] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5343] <... futex resumed>) = 1 [ 94.113243][ T5343] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 94.126589][ T5343] BTRFS info (device loop0): checking UUID tree [pid 5343] creat("./bus", 000) = 6 [pid 5343] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5342] <... futex resumed>) = 0 [pid 5342] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5342] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5343] <... futex resumed>) = 1 [pid 5343] ftruncate(6, 2048) = 0 [pid 5343] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5342] <... futex resumed>) = 0 [pid 5342] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5342] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5343] <... futex resumed>) = 1 [pid 5343] open("./bus", O_RDONLY) = 7 [pid 5343] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5342] <... futex resumed>) = 0 [pid 5343] sendfile(6, 7, NULL, 65536 [pid 5342] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5342] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5343] <... sendfile resumed>) = 2048 [pid 5343] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5342] <... futex resumed>) = 0 [pid 5342] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5343] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 5342] <... futex resumed>) = 0 [pid 5342] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5343] <... openat resumed>) = 8 [pid 5343] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5343] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5342] <... futex resumed>) = 0 [pid 5342] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5343] <... futex resumed>) = 0 [pid 5342] <... futex resumed>) = 1 [pid 5343] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 94.154851][ T27] audit: type=1800 audit(1670043474.655:158): pid=5343 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 94.179524][ T56] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 94.194431][ T27] audit: type=1804 audit(1670043474.695:159): pid=5343 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/78/file0/bus" dev="loop0" ino=263 res=1 errno=0 [pid 5342] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5342] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5342] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 5342] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5342] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5364], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 5364 [pid 5342] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5342] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5343] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5343] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5343] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5364 attached [pid 5364] set_robust_list(0x7fdb617d59e0, 24) = 0 [ 94.228120][ T5343] BTRFS info (device loop0): balance: start -s [ 94.235976][ T5343] BTRFS info (device loop0): relocating block group 1048576 flags system [ 94.262988][ T5343] BTRFS info (device loop0): balance: ended with status: 0 [pid 5364] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 5364] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5342] <... futex resumed>) = 0 [pid 5364] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5342] exit_group(0 [pid 5364] <... futex resumed>) = ? [pid 5343] <... futex resumed>) = ? [pid 5342] <... exit_group resumed>) = ? [pid 5343] +++ exited with 0 +++ [pid 5364] +++ exited with 0 +++ [pid 5342] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5342, si_uid=0, si_status=0, si_utime=2, si_stime=28} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./78", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./78/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./78/binderfs") = 0 umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./78/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./78/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./78") = 0 mkdir("./79", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 5365 ./strace-static-x86_64: Process 5365 attached [pid 5365] set_robust_list(0x55555746f5e0, 24) = 0 [pid 5365] chdir("./79") = 0 [pid 5365] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5365] setpgid(0, 0) = 0 [pid 5365] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5365] write(3, "1000", 4) = 4 [pid 5365] close(3) = 0 [pid 5365] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5365] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5365] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 5365] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5365] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5366 attached , parent_tid=[5366], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 5366 [pid 5366] set_robust_list(0x7fdb617f69e0, 24 [pid 5365] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5366] <... set_robust_list resumed>) = 0 [pid 5365] <... futex resumed>) = 0 [pid 5365] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5366] memfd_create("syzkaller", 0) = 3 [pid 5366] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 5366] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5366] munmap(0x7fdb59200000, 16777216) = 0 [pid 5366] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5366] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5366] close(3) = 0 [pid 5366] mkdir("./file0", 0777) = 0 [ 94.608043][ T5366] loop0: detected capacity change from 0 to 32768 [ 94.620678][ T5366] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 94.630035][ T5366] BTRFS info (device loop0): force clearing of disk cache [ 94.637209][ T5366] BTRFS info (device loop0): setting nodatasum [ 94.643433][ T5366] BTRFS info (device loop0): allowing degraded mounts [ 94.650450][ T5366] BTRFS info (device loop0): enabling disk space caching [ 94.657585][ T5366] BTRFS info (device loop0): disk space caching is enabled [ 94.683000][ T5366] BTRFS info (device loop0): enabling ssd optimizations [ 94.690942][ T5366] BTRFS info (device loop0): clearing free space tree [pid 5366] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5366] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5366] chdir("./file0") = 0 [pid 5366] ioctl(4, LOOP_CLR_FD) = 0 [pid 5366] close(4) = 0 [pid 5366] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5365] <... futex resumed>) = 0 [pid 5365] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5365] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5366] <... futex resumed>) = 1 [pid 5366] open("./file0", O_RDONLY) = 4 [pid 5366] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5365] <... futex resumed>) = 0 [pid 5365] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5365] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5366] <... futex resumed>) = 1 [pid 5366] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5366] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5365] <... futex resumed>) = 0 [pid 5365] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5365] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5366] <... futex resumed>) = 1 [ 94.700577][ T5366] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 94.711074][ T5366] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 94.725524][ T5366] BTRFS info (device loop0): checking UUID tree [pid 5366] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5366] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5365] <... futex resumed>) = 0 [pid 5365] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5365] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5366] <... futex resumed>) = 1 [pid 5366] creat("./bus", 000) = 6 [pid 5366] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5365] <... futex resumed>) = 0 [pid 5365] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5365] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5366] <... futex resumed>) = 1 [pid 5366] ftruncate(6, 2048) = 0 [pid 5366] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5366] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5365] <... futex resumed>) = 0 [pid 5365] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5366] <... futex resumed>) = 0 [pid 5365] <... futex resumed>) = 1 [pid 5366] open("./bus", O_RDONLY [pid 5365] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5366] <... open resumed>) = 7 [pid 5366] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 94.740853][ T27] audit: type=1800 audit(1670043475.245:160): pid=5366 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5366] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5365] <... futex resumed>) = 0 [pid 5365] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5366] <... futex resumed>) = 0 [pid 5365] <... futex resumed>) = 1 [pid 5366] sendfile(6, 7, NULL, 65536 [pid 5365] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5366] <... sendfile resumed>) = 2048 [pid 5366] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5365] <... futex resumed>) = 0 [pid 5366] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5365] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5366] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5365] <... futex resumed>) = 0 [pid 5366] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 5365] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5366] <... openat resumed>) = 8 [pid 5366] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5365] <... futex resumed>) = 0 [pid 5366] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5365] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5366] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5365] <... futex resumed>) = 0 [pid 5366] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 94.783235][ T27] audit: type=1804 audit(1670043475.285:161): pid=5366 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/79/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 94.787061][ T56] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 5365] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5365] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5365] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 5365] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5365] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5388], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 5388 [pid 5365] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5365] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5388 attached [pid 5366] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5366] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5366] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5388] set_robust_list(0x7fdb617d59e0, 24) = 0 [ 94.836742][ T5366] BTRFS info (device loop0): balance: start -s [ 94.844465][ T5366] BTRFS info (device loop0): relocating block group 1048576 flags system [ 94.871567][ T5366] BTRFS info (device loop0): balance: ended with status: 0 [pid 5388] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 5388] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5365] <... futex resumed>) = 0 [pid 5388] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5365] exit_group(0 [pid 5388] <... futex resumed>) = ? [pid 5366] <... futex resumed>) = ? [pid 5365] <... exit_group resumed>) = ? [pid 5366] +++ exited with 0 +++ [pid 5388] +++ exited with 0 +++ [pid 5365] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5365, si_uid=0, si_status=0, si_utime=4, si_stime=25} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./79", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./79/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./79/binderfs") = 0 umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./79/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./79/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./79") = 0 mkdir("./80", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 5389 ./strace-static-x86_64: Process 5389 attached [pid 5389] set_robust_list(0x55555746f5e0, 24) = 0 [pid 5389] chdir("./80") = 0 [pid 5389] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5389] setpgid(0, 0) = 0 [pid 5389] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5389] write(3, "1000", 4) = 4 [pid 5389] close(3) = 0 [pid 5389] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5389] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5389] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 5389] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5389] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5390 attached , parent_tid=[5390], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 5390 [pid 5390] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 5390] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5389] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5390] <... futex resumed>) = 0 [pid 5389] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5390] memfd_create("syzkaller", 0) = 3 [pid 5390] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 5390] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5390] munmap(0x7fdb59200000, 16777216) = 0 [pid 5390] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5390] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5390] close(3) = 0 [pid 5390] mkdir("./file0", 0777) = 0 [pid 5390] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5390] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5390] chdir("./file0") = 0 [pid 5390] ioctl(4, LOOP_CLR_FD) = 0 [pid 5390] close(4) = 0 [pid 5390] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5389] <... futex resumed>) = 0 [pid 5389] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5389] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5390] <... futex resumed>) = 1 [pid 5390] open("./file0", O_RDONLY) = 4 [pid 5390] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5389] <... futex resumed>) = 0 [pid 5389] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5389] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5390] <... futex resumed>) = 1 [ 95.239919][ T5390] loop0: detected capacity change from 0 to 32768 [ 95.251869][ T5390] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 95.261143][ T5390] BTRFS info (device loop0): force clearing of disk cache [ 95.268343][ T5390] BTRFS info (device loop0): setting nodatasum [ 95.274512][ T5390] BTRFS info (device loop0): allowing degraded mounts [ 95.281329][ T5390] BTRFS info (device loop0): enabling disk space caching [pid 5390] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5390] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5389] <... futex resumed>) = 0 [pid 5390] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5389] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5390] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5389] <... futex resumed>) = 0 [pid 5390] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5389] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5390] <... ioctl resumed>) = 0 [pid 5390] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5389] <... futex resumed>) = 0 [pid 5390] creat("./bus", 000 [pid 5389] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5390] <... creat resumed>) = 6 [pid 5389] <... futex resumed>) = 0 [pid 5389] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5390] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5389] <... futex resumed>) = 0 [pid 5390] ftruncate(6, 2048 [pid 5389] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5390] <... ftruncate resumed>) = 0 [pid 5389] <... futex resumed>) = 0 [pid 5390] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5389] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5390] <... futex resumed>) = 0 [pid 5389] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5390] open("./bus", O_RDONLY [pid 5389] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5390] <... open resumed>) = 7 [pid 5389] <... futex resumed>) = 0 [pid 5390] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5389] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5390] <... futex resumed>) = 0 [pid 5389] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5390] sendfile(6, 7, NULL, 65536 [pid 5389] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5390] <... sendfile resumed>) = 2048 [pid 5389] <... futex resumed>) = 0 [pid 5390] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5389] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5390] <... futex resumed>) = 0 [pid 5389] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5390] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 5389] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5389] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5390] <... openat resumed>) = 8 [pid 5390] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5389] <... futex resumed>) = 0 [pid 5390] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5389] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 95.322074][ T27] audit: type=1800 audit(1670043475.825:162): pid=5390 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5389] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5390] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5390] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5389] <... futex resumed>) = 0 [pid 5389] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5390] <... futex resumed>) = 1 [pid 5389] <... futex resumed>) = 0 [pid 5389] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 95.357706][ T27] audit: type=1804 audit(1670043475.865:163): pid=5390 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/80/file0/bus" dev="loop0" ino=263 res=1 errno=0 [pid 5390] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 5390] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5389] <... futex resumed>) = 0 [pid 5390] <... futex resumed>) = 1 [pid 5389] exit_group(0 [pid 5390] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5389] <... exit_group resumed>) = ? [pid 5390] +++ exited with 0 +++ [pid 5389] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5389, si_uid=0, si_status=0, si_utime=0, si_stime=22} --- umount2("./80", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./80/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./80/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./80/binderfs") = 0 umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./80/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./80/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./80") = 0 mkdir("./81", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 5410 ./strace-static-x86_64: Process 5410 attached [pid 5410] set_robust_list(0x55555746f5e0, 24) = 0 [pid 5410] chdir("./81") = 0 [pid 5410] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5410] setpgid(0, 0) = 0 [pid 5410] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5410] write(3, "1000", 4) = 4 [pid 5410] close(3) = 0 [pid 5410] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5410] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5410] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 5410] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5410] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5411], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 5411 [pid 5410] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5410] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5411 attached [pid 5411] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 5411] memfd_create("syzkaller", 0) = 3 [pid 5411] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 5411] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5411] munmap(0x7fdb59200000, 16777216) = 0 [pid 5411] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5411] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5411] close(3) = 0 [pid 5411] mkdir("./file0", 0777) = 0 [pid 5411] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5411] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5411] chdir("./file0") = 0 [pid 5411] ioctl(4, LOOP_CLR_FD) = 0 [pid 5411] close(4) = 0 [pid 5411] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5410] <... futex resumed>) = 0 [pid 5410] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5410] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5411] open("./file0", O_RDONLY) = 4 [pid 5411] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5410] <... futex resumed>) = 0 [pid 5410] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5410] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5411] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5411] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5410] <... futex resumed>) = 0 [pid 5410] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 95.719162][ T5411] loop0: detected capacity change from 0 to 32768 [pid 5410] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5411] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5411] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5410] <... futex resumed>) = 0 [pid 5410] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5410] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5411] creat("./bus", 000) = 6 [pid 5411] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5410] <... futex resumed>) = 0 [pid 5410] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5410] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5411] <... futex resumed>) = 1 [pid 5411] ftruncate(6, 2048) = 0 [pid 5411] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5410] <... futex resumed>) = 0 [pid 5410] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5410] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5411] open("./bus", O_RDONLY) = 7 [pid 5411] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5410] <... futex resumed>) = 0 [pid 5410] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5410] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5411] sendfile(6, 7, NULL, 65536) = 2048 [pid 5411] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5410] <... futex resumed>) = 0 [pid 5410] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5410] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5411] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 5411] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5410] <... futex resumed>) = 0 [pid 5410] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5410] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5411] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5411] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5410] <... futex resumed>) = 0 [pid 5410] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5410] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5411] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 5411] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5410] <... futex resumed>) = 0 [pid 5410] exit_group(0) = ? [pid 5411] +++ exited with 0 +++ [pid 5410] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5410, si_uid=0, si_status=0, si_utime=2, si_stime=18} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./81", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./81/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./81/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./81/binderfs") = 0 umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./81/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./81/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./81") = 0 mkdir("./82", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 5431 ./strace-static-x86_64: Process 5431 attached [pid 5431] set_robust_list(0x55555746f5e0, 24) = 0 [pid 5431] chdir("./82") = 0 [pid 5431] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5431] setpgid(0, 0) = 0 [pid 5431] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5431] write(3, "1000", 4) = 4 [pid 5431] close(3) = 0 [pid 5431] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5431] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5431] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 5431] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5431] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5432 attached , parent_tid=[5432], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 5432 [pid 5432] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 5431] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5432] memfd_create("syzkaller", 0 [pid 5431] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5432] <... memfd_create resumed>) = 3 [pid 5432] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 5432] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5432] munmap(0x7fdb59200000, 16777216) = 0 [pid 5432] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5432] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5432] close(3) = 0 [pid 5432] mkdir("./file0", 0777) = 0 [ 96.216966][ T5432] loop0: detected capacity change from 0 to 32768 [ 96.230257][ T5432] _btrfs_printk: 25 callbacks suppressed [ 96.230284][ T5432] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 96.245243][ T5432] BTRFS info (device loop0): force clearing of disk cache [ 96.252444][ T5432] BTRFS info (device loop0): setting nodatasum [ 96.258640][ T5432] BTRFS info (device loop0): allowing degraded mounts [ 96.265422][ T5432] BTRFS info (device loop0): enabling disk space caching [ 96.272492][ T5432] BTRFS info (device loop0): disk space caching is enabled [ 96.290861][ T5432] BTRFS info (device loop0): enabling ssd optimizations [ 96.298762][ T5432] BTRFS info (device loop0): clearing free space tree [ 96.305666][ T5432] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5432] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5432] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5432] chdir("./file0") = 0 [pid 5432] ioctl(4, LOOP_CLR_FD) = 0 [pid 5432] close(4) = 0 [pid 5432] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5431] <... futex resumed>) = 0 [pid 5432] open("./file0", O_RDONLY [pid 5431] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5431] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5432] <... open resumed>) = 4 [pid 5432] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5431] <... futex resumed>) = 0 [pid 5432] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5431] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5431] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5432] <... open resumed>) = 5 [pid 5432] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5431] <... futex resumed>) = 0 [pid 5431] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5431] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5432] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5432] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5432] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5431] <... futex resumed>) = 0 [pid 5431] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5431] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5432] <... futex resumed>) = 0 [ 96.315692][ T5432] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 96.329301][ T5432] BTRFS info (device loop0): checking UUID tree [pid 5432] creat("./bus", 000) = 6 [pid 5432] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5432] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5431] <... futex resumed>) = 0 [pid 5431] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5432] <... futex resumed>) = 0 [pid 5431] <... futex resumed>) = 1 [pid 5431] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5432] ftruncate(6, 2048) = 0 [pid 5432] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5431] <... futex resumed>) = 0 [pid 5431] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5432] open("./bus", O_RDONLY [pid 5431] <... futex resumed>) = 0 [pid 5431] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5432] <... open resumed>) = 7 [pid 5432] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5431] <... futex resumed>) = 0 [pid 5431] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5431] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5432] sendfile(6, 7, NULL, 65536) = 2048 [pid 5432] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5431] <... futex resumed>) = 0 [pid 5431] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5431] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5432] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 5432] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5431] <... futex resumed>) = 0 [pid 5431] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5431] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 96.380184][ T46] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 96.410389][ T5432] BTRFS info (device loop0): balance: start -s [ 96.418610][ T5432] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5432] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5431] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5431] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5431] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 5431] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5431] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5452], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 5452 [pid 5431] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5431] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5432] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5432] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5432] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5452 attached [pid 5452] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 5452] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 5452] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5431] <... futex resumed>) = 0 [pid 5452] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5431] exit_group(0) = ? [pid 5452] <... futex resumed>) = ? [pid 5452] +++ exited with 0 +++ [pid 5432] <... futex resumed>) = ? [pid 5432] +++ exited with 0 +++ [pid 5431] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5431, si_uid=0, si_status=0, si_utime=1, si_stime=30} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./82", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./82/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./82/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./82/binderfs") = 0 [ 96.443339][ T5432] BTRFS info (device loop0): balance: ended with status: 0 umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./82/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./82/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./82") = 0 mkdir("./83", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 5453 ./strace-static-x86_64: Process 5453 attached [pid 5453] set_robust_list(0x55555746f5e0, 24) = 0 [pid 5453] chdir("./83") = 0 [pid 5453] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5453] setpgid(0, 0) = 0 [pid 5453] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5453] write(3, "1000", 4) = 4 [pid 5453] close(3) = 0 [pid 5453] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5453] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5453] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 5453] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5453] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5454], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 5454 [pid 5453] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5453] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5454 attached [pid 5454] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 5454] memfd_create("syzkaller", 0) = 3 [pid 5454] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 5454] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5454] munmap(0x7fdb59200000, 16777216) = 0 [pid 5454] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5454] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5454] close(3) = 0 [pid 5454] mkdir("./file0", 0777) = 0 [ 96.784969][ T5454] loop0: detected capacity change from 0 to 32768 [ 96.797744][ T5454] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 96.806983][ T5454] BTRFS info (device loop0): force clearing of disk cache [ 96.814307][ T5454] BTRFS info (device loop0): setting nodatasum [ 96.820656][ T5454] BTRFS info (device loop0): allowing degraded mounts [ 96.827591][ T5454] BTRFS info (device loop0): enabling disk space caching [ 96.834971][ T5454] BTRFS info (device loop0): disk space caching is enabled [ 96.854178][ T5454] BTRFS info (device loop0): enabling ssd optimizations [ 96.861969][ T5454] BTRFS info (device loop0): clearing free space tree [ 96.869014][ T5454] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5454] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5454] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5454] chdir("./file0") = 0 [pid 5454] ioctl(4, LOOP_CLR_FD) = 0 [pid 5454] close(4) = 0 [pid 5454] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5453] <... futex resumed>) = 0 [pid 5454] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5453] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5454] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5453] <... futex resumed>) = 0 [pid 5454] open("./file0", O_RDONLY [pid 5453] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5454] <... open resumed>) = 4 [pid 5454] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5453] <... futex resumed>) = 0 [pid 5454] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5453] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5454] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5453] <... futex resumed>) = 0 [pid 5454] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5453] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5454] <... open resumed>) = 5 [pid 5454] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5453] <... futex resumed>) = 0 [pid 5454] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5453] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5454] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5453] <... futex resumed>) = 0 [pid 5454] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5453] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5454] <... ioctl resumed>) = 0 [pid 5454] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5453] <... futex resumed>) = 0 [pid 5454] <... futex resumed>) = 1 [pid 5453] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5454] creat("./bus", 000 [pid 5453] <... futex resumed>) = 0 [pid 5453] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5454] <... creat resumed>) = 6 [pid 5454] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5453] <... futex resumed>) = 0 [pid 5454] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5453] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5454] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5453] <... futex resumed>) = 0 [pid 5454] ftruncate(6, 2048 [pid 5453] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5454] <... ftruncate resumed>) = 0 [ 96.878717][ T5454] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 96.892015][ T5454] BTRFS info (device loop0): checking UUID tree [pid 5454] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5453] <... futex resumed>) = 0 [pid 5454] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5453] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5454] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5453] <... futex resumed>) = 0 [pid 5454] open("./bus", O_RDONLY [pid 5453] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5454] <... open resumed>) = 7 [pid 5454] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5453] <... futex resumed>) = 0 [pid 5454] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5453] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5454] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5453] <... futex resumed>) = 0 [pid 5454] sendfile(6, 7, NULL, 65536 [pid 5453] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5454] <... sendfile resumed>) = 2048 [pid 5454] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5453] <... futex resumed>) = 0 [pid 5454] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5453] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5454] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5453] <... futex resumed>) = 0 [pid 5454] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 5453] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5454] <... openat resumed>) = 8 [pid 5454] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5453] <... futex resumed>) = 0 [pid 5454] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5453] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5454] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5453] <... futex resumed>) = 0 [pid 5454] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 96.944631][ T46] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 96.967865][ T5454] BTRFS info (device loop0): balance: start -s [ 96.975876][ T5454] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5453] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5454] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5454] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5453] <... futex resumed>) = 0 [pid 5454] <... futex resumed>) = 1 [pid 5453] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5453] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5454] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 5454] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5453] <... futex resumed>) = 0 [pid 5453] exit_group(0 [pid 5454] ????( [pid 5453] <... exit_group resumed>) = ? [pid 5454] <... ???? resumed>) = ? [pid 5454] +++ exited with 0 +++ [pid 5453] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5453, si_uid=0, si_status=0, si_utime=1, si_stime=32} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./83", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./83/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./83/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./83/binderfs") = 0 [ 96.998523][ T5454] BTRFS info (device loop0): balance: ended with status: 0 umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./83/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./83/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./83") = 0 mkdir("./84", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 5474 ./strace-static-x86_64: Process 5474 attached [pid 5474] set_robust_list(0x55555746f5e0, 24) = 0 [pid 5474] chdir("./84") = 0 [pid 5474] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5474] setpgid(0, 0) = 0 [pid 5474] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5474] write(3, "1000", 4) = 4 [pid 5474] close(3) = 0 [pid 5474] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5474] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5474] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 5474] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5474] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5475], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 5475 [pid 5474] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5474] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5475 attached [pid 5475] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 5475] memfd_create("syzkaller", 0) = 3 [pid 5475] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 5475] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5475] munmap(0x7fdb59200000, 16777216) = 0 [pid 5475] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5475] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5475] close(3) = 0 [pid 5475] mkdir("./file0", 0777) = 0 [ 97.341719][ T5475] loop0: detected capacity change from 0 to 32768 [ 97.354853][ T5475] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 97.364181][ T5475] BTRFS info (device loop0): force clearing of disk cache [ 97.371368][ T5475] BTRFS info (device loop0): setting nodatasum [ 97.377601][ T5475] BTRFS info (device loop0): allowing degraded mounts [ 97.384359][ T5475] BTRFS info (device loop0): enabling disk space caching [ 97.391443][ T5475] BTRFS info (device loop0): disk space caching is enabled [ 97.410414][ T5475] BTRFS info (device loop0): enabling ssd optimizations [ 97.418522][ T5475] BTRFS info (device loop0): clearing free space tree [ 97.425416][ T5475] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5475] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5475] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5475] chdir("./file0") = 0 [pid 5475] ioctl(4, LOOP_CLR_FD) = 0 [pid 5475] close(4) = 0 [pid 5475] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5474] <... futex resumed>) = 0 [pid 5474] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5474] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5475] <... futex resumed>) = 1 [pid 5475] open("./file0", O_RDONLY) = 4 [pid 5475] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5474] <... futex resumed>) = 0 [pid 5474] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5474] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5475] <... futex resumed>) = 1 [pid 5475] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5475] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5474] <... futex resumed>) = 0 [pid 5474] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5474] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5475] <... futex resumed>) = 1 [pid 5475] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5475] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5474] <... futex resumed>) = 0 [pid 5474] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5474] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5475] <... futex resumed>) = 1 [pid 5475] creat("./bus", 000) = 6 [pid 5475] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5474] <... futex resumed>) = 0 [pid 5474] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5474] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5475] <... futex resumed>) = 1 [pid 5475] ftruncate(6, 2048) = 0 [pid 5475] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5474] <... futex resumed>) = 0 [pid 5474] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5474] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5475] <... futex resumed>) = 1 [pid 5475] open("./bus", O_RDONLY) = 7 [pid 5475] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5474] <... futex resumed>) = 0 [pid 5474] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5474] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5475] <... futex resumed>) = 1 [pid 5475] sendfile(6, 7, NULL, 65536) = 2048 [pid 5475] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5474] <... futex resumed>) = 0 [pid 5474] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5474] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5475] <... futex resumed>) = 1 [pid 5475] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 5475] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5474] <... futex resumed>) = 0 [pid 5474] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5474] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5475] <... futex resumed>) = 1 [ 97.435419][ T5475] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 97.449175][ T5475] BTRFS info (device loop0): checking UUID tree [pid 5475] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5474] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5474] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5474] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 5474] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5474] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5495], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 5495 [pid 5474] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5474] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5495 attached [pid 5495] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 5495] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 5495] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5474] <... futex resumed>) = 0 [pid 5495] <... futex resumed>) = 1 [ 97.511318][ T56] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 97.521922][ T5475] BTRFS info (device loop0): balance: start -s [ 97.530611][ T5475] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5495] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5475] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5475] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5475] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5474] exit_group(0) = ? [pid 5475] <... futex resumed>) = ? [pid 5495] <... futex resumed>) = ? [pid 5475] +++ exited with 0 +++ [pid 5495] +++ exited with 0 +++ [pid 5474] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5474, si_uid=0, si_status=0, si_utime=2, si_stime=29} --- umount2("./84", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./84/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./84/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./84/binderfs") = 0 [ 97.583833][ T5475] BTRFS info (device loop0): balance: ended with status: 0 umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./84/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./84/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./84") = 0 mkdir("./85", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 5496 ./strace-static-x86_64: Process 5496 attached [pid 5496] set_robust_list(0x55555746f5e0, 24) = 0 [pid 5496] chdir("./85") = 0 [pid 5496] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5496] setpgid(0, 0) = 0 [pid 5496] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5496] write(3, "1000", 4) = 4 [pid 5496] close(3) = 0 [pid 5496] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5496] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5496] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 5496] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5496] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5497 attached [pid 5497] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 5497] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5496] <... clone resumed>, parent_tid=[5497], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 5497 [pid 5496] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5497] <... futex resumed>) = 0 [pid 5497] memfd_create("syzkaller", 0 [pid 5496] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5497] <... memfd_create resumed>) = 3 [pid 5497] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 5497] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5497] munmap(0x7fdb59200000, 16777216) = 0 [pid 5497] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5497] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5497] close(3) = 0 [pid 5497] mkdir("./file0", 0777) = 0 [ 97.896227][ T5497] loop0: detected capacity change from 0 to 32768 [ 97.908598][ T5497] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 97.918028][ T5497] BTRFS info (device loop0): force clearing of disk cache [ 97.925211][ T5497] BTRFS info (device loop0): setting nodatasum [ 97.933230][ T5497] BTRFS info (device loop0): allowing degraded mounts [ 97.940323][ T5497] BTRFS info (device loop0): enabling disk space caching [ 97.947517][ T5497] BTRFS info (device loop0): disk space caching is enabled [ 97.967656][ T5497] BTRFS info (device loop0): enabling ssd optimizations [ 97.975629][ T5497] BTRFS info (device loop0): clearing free space tree [ 97.982889][ T5497] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5497] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5497] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5497] chdir("./file0") = 0 [pid 5497] ioctl(4, LOOP_CLR_FD) = 0 [pid 5497] close(4) = 0 [pid 5497] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5496] <... futex resumed>) = 0 [pid 5497] open("./file0", O_RDONLY [pid 5496] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5496] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5497] <... open resumed>) = 4 [pid 5497] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5496] <... futex resumed>) = 0 [pid 5496] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5496] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 97.992841][ T5497] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 98.006178][ T5497] BTRFS info (device loop0): checking UUID tree [ 98.031980][ T27] kauditd_printk_skb: 8 callbacks suppressed [pid 5497] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5497] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5497] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5496] <... futex resumed>) = 0 [pid 5496] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5497] <... futex resumed>) = 0 [pid 5496] <... futex resumed>) = 1 [pid 5497] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5496] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5497] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5496] <... futex resumed>) = 0 [pid 5497] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5496] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5497] creat("./bus", 000) = 6 [pid 5496] <... futex resumed>) = 0 [pid 5497] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5496] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5497] <... futex resumed>) = 0 [pid 5496] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5497] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5496] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5497] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5496] <... futex resumed>) = 0 [pid 5497] ftruncate(6, 2048) = 0 [pid 5496] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5497] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5496] <... futex resumed>) = 0 [pid 5497] open("./bus", O_RDONLY [pid 5496] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5497] <... open resumed>) = 7 [pid 5496] <... futex resumed>) = 0 [ 98.031994][ T27] audit: type=1800 audit(1670043478.535:172): pid=5497 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5497] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5496] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5497] <... futex resumed>) = 0 [pid 5497] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5496] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5496] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5497] <... futex resumed>) = 0 [pid 5496] <... futex resumed>) = 1 [pid 5497] sendfile(6, 7, NULL, 65536 [pid 5496] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5497] <... sendfile resumed>) = 2048 [pid 5497] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5497] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5496] <... futex resumed>) = 0 [pid 5496] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5497] <... futex resumed>) = 0 [pid 5496] <... futex resumed>) = 1 [pid 5497] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 5496] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5497] <... openat resumed>) = 8 [pid 5497] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5497] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5496] <... futex resumed>) = 0 [pid 5496] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5497] <... futex resumed>) = 0 [pid 5496] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 98.080636][ T27] audit: type=1804 audit(1670043478.585:173): pid=5497 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/85/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 98.105609][ T46] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 98.122863][ T5497] BTRFS info (device loop0): balance: start -s [ 98.131518][ T5497] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5497] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5497] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5496] <... futex resumed>) = 0 [pid 5496] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5496] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5497] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 5497] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5496] <... futex resumed>) = 0 [pid 5496] exit_group(0) = ? [pid 5497] <... futex resumed>) = ? [pid 5497] +++ exited with 0 +++ [pid 5496] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5496, si_uid=0, si_status=0, si_utime=1, si_stime=29} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./85", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./85/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./85/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./85/binderfs") = 0 [ 98.155100][ T5497] BTRFS info (device loop0): balance: ended with status: 0 umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./85/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./85/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./85") = 0 mkdir("./86", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 5517 ./strace-static-x86_64: Process 5517 attached [pid 5517] set_robust_list(0x55555746f5e0, 24) = 0 [pid 5517] chdir("./86") = 0 [pid 5517] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5517] setpgid(0, 0) = 0 [pid 5517] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5517] write(3, "1000", 4) = 4 [pid 5517] close(3) = 0 [pid 5517] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5517] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5517] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 5517] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5517] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5518], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 5518 [pid 5517] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5517] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5518 attached [pid 5518] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 5518] memfd_create("syzkaller", 0) = 3 [pid 5518] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 5518] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5518] munmap(0x7fdb59200000, 16777216) = 0 [pid 5518] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5518] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5518] close(3) = 0 [pid 5518] mkdir("./file0", 0777) = 0 [ 98.485861][ T5518] loop0: detected capacity change from 0 to 32768 [ 98.497025][ T5518] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 98.506734][ T5518] BTRFS info (device loop0): force clearing of disk cache [ 98.514073][ T5518] BTRFS info (device loop0): setting nodatasum [ 98.520506][ T5518] BTRFS info (device loop0): allowing degraded mounts [ 98.527556][ T5518] BTRFS info (device loop0): enabling disk space caching [ 98.534601][ T5518] BTRFS info (device loop0): disk space caching is enabled [ 98.552819][ T5518] BTRFS info (device loop0): enabling ssd optimizations [ 98.560540][ T5518] BTRFS info (device loop0): clearing free space tree [ 98.567418][ T5518] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5518] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5518] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5518] chdir("./file0") = 0 [pid 5518] ioctl(4, LOOP_CLR_FD) = 0 [pid 5518] close(4) = 0 [pid 5518] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5517] <... futex resumed>) = 0 [pid 5517] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5517] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5518] <... futex resumed>) = 1 [pid 5518] open("./file0", O_RDONLY) = 4 [pid 5518] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5517] <... futex resumed>) = 0 [pid 5517] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5517] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5518] <... futex resumed>) = 1 [ 98.577062][ T5518] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 98.590817][ T5518] BTRFS info (device loop0): checking UUID tree [pid 5518] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5518] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5517] <... futex resumed>) = 0 [pid 5517] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5517] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5518] <... futex resumed>) = 1 [pid 5518] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5518] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5517] <... futex resumed>) = 0 [pid 5518] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5517] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5518] creat("./bus", 000 [pid 5517] <... futex resumed>) = 0 [pid 5518] <... creat resumed>) = 6 [pid 5517] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5518] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5517] <... futex resumed>) = 0 [pid 5518] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5517] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5518] ftruncate(6, 2048 [pid 5517] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5518] <... ftruncate resumed>) = 0 [pid 5518] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5517] <... futex resumed>) = 0 [pid 5518] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5517] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5518] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5517] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 98.621568][ T27] audit: type=1800 audit(1670043479.125:174): pid=5518 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5518] open("./bus", O_RDONLY) = 7 [pid 5518] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5517] <... futex resumed>) = 0 [pid 5518] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5517] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5518] <... futex resumed>) = 0 [pid 5518] sendfile(6, 7, NULL, 65536 [pid 5517] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5518] <... sendfile resumed>) = 2048 [pid 5518] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5517] <... futex resumed>) = 0 [pid 5517] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5517] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5518] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 5518] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5518] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5517] <... futex resumed>) = 0 [pid 5517] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5517] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5518] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5518] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5517] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5517] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5517] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5517] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 5517] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5517] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5538], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 5538 [pid 5517] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 98.666087][ T27] audit: type=1804 audit(1670043479.165:175): pid=5518 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/86/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 98.682582][ T46] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 98.718451][ T5518] BTRFS info (device loop0): balance: start -s [ 98.725736][ T5518] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5517] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5538 attached [pid 5538] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 5538] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 5518] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5538] <... ioctl resumed>) = 0 [pid 5518] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5538] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5517] <... futex resumed>) = 0 [pid 5538] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5517] exit_group(0 [pid 5538] <... futex resumed>) = ? [pid 5517] <... exit_group resumed>) = ? [pid 5538] +++ exited with 0 +++ [pid 5518] <... futex resumed>) = ? [pid 5518] +++ exited with 0 +++ [pid 5517] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5517, si_uid=0, si_status=0, si_utime=1, si_stime=25} --- umount2("./86", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./86/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./86/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./86/binderfs") = 0 [ 98.764433][ T5518] BTRFS info (device loop0): balance: ended with status: 0 umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./86/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./86/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./86") = 0 mkdir("./87", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 5539 ./strace-static-x86_64: Process 5539 attached [pid 5539] set_robust_list(0x55555746f5e0, 24) = 0 [pid 5539] chdir("./87") = 0 [pid 5539] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5539] setpgid(0, 0) = 0 [pid 5539] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5539] write(3, "1000", 4) = 4 [pid 5539] close(3) = 0 [pid 5539] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5539] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5539] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 5539] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5539] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5540], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 5540 [pid 5539] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5539] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5540 attached [pid 5540] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 5540] memfd_create("syzkaller", 0) = 3 [pid 5540] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 5540] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5540] munmap(0x7fdb59200000, 16777216) = 0 [pid 5540] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5540] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5540] close(3) = 0 [pid 5540] mkdir("./file0", 0777) = 0 [ 99.106321][ T5540] loop0: detected capacity change from 0 to 32768 [ 99.120072][ T5540] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 99.129362][ T5540] BTRFS info (device loop0): force clearing of disk cache [ 99.136517][ T5540] BTRFS info (device loop0): setting nodatasum [ 99.142745][ T5540] BTRFS info (device loop0): allowing degraded mounts [ 99.149590][ T5540] BTRFS info (device loop0): enabling disk space caching [ 99.156616][ T5540] BTRFS info (device loop0): disk space caching is enabled [ 99.176118][ T5540] BTRFS info (device loop0): enabling ssd optimizations [ 99.183991][ T5540] BTRFS info (device loop0): clearing free space tree [ 99.191203][ T5540] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5540] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5540] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5540] chdir("./file0") = 0 [pid 5540] ioctl(4, LOOP_CLR_FD) = 0 [pid 5540] close(4) = 0 [pid 5540] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5539] <... futex resumed>) = 0 [pid 5539] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5540] open("./file0", O_RDONLY [pid 5539] <... futex resumed>) = 0 [pid 5539] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5540] <... open resumed>) = 4 [pid 5540] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5539] <... futex resumed>) = 0 [pid 5539] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5539] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 99.201152][ T5540] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 99.214416][ T5540] BTRFS info (device loop0): checking UUID tree [pid 5540] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5540] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5539] <... futex resumed>) = 0 [pid 5539] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5539] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5540] <... futex resumed>) = 1 [pid 5540] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5540] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5539] <... futex resumed>) = 0 [pid 5539] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5539] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5540] <... futex resumed>) = 1 [pid 5540] creat("./bus", 000) = 6 [pid 5540] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5539] <... futex resumed>) = 0 [pid 5539] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5539] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5540] <... futex resumed>) = 1 [pid 5540] ftruncate(6, 2048) = 0 [pid 5540] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5539] <... futex resumed>) = 0 [pid 5539] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5539] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5540] <... futex resumed>) = 1 [ 99.242011][ T27] audit: type=1800 audit(1670043479.745:176): pid=5540 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5540] open("./bus", O_RDONLY) = 7 [pid 5540] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5539] <... futex resumed>) = 0 [pid 5539] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5539] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5540] <... futex resumed>) = 1 [pid 5540] sendfile(6, 7, NULL, 65536) = 2048 [pid 5540] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5539] <... futex resumed>) = 0 [pid 5539] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5539] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5540] <... futex resumed>) = 1 [pid 5540] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 5540] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5539] <... futex resumed>) = 0 [pid 5539] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5539] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5540] <... futex resumed>) = 1 [pid 5540] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5539] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5539] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5539] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 5539] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5539] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5560], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 5560 [pid 5539] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5539] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5560 attached [pid 5560] set_robust_list(0x7fdb617d59e0, 24) = 0 [ 99.284687][ T27] audit: type=1804 audit(1670043479.785:177): pid=5540 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/87/file0/bus" dev="loop0" ino=263 res=1 errno=0 [ 99.309550][ T56] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 99.318877][ T5540] BTRFS info (device loop0): balance: start -s [ 99.328258][ T5540] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5560] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 5539] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5560] <... ioctl resumed>) = 0 [pid 5560] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5560] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5540] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5540] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5540] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5539] exit_group(0 [pid 5560] <... futex resumed>) = ? [pid 5539] <... exit_group resumed>) = ? [pid 5560] +++ exited with 0 +++ [pid 5540] <... futex resumed>) = ? [pid 5540] +++ exited with 0 +++ [pid 5539] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5539, si_uid=0, si_status=0, si_utime=1, si_stime=26} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./87", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./87/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./87/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./87/binderfs") = 0 [ 99.392424][ T5540] BTRFS info (device loop0): balance: ended with status: 0 umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./87/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./87/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./87") = 0 mkdir("./88", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 5561 ./strace-static-x86_64: Process 5561 attached [pid 5561] set_robust_list(0x55555746f5e0, 24) = 0 [pid 5561] chdir("./88") = 0 [pid 5561] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5561] setpgid(0, 0) = 0 [pid 5561] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5561] write(3, "1000", 4) = 4 [pid 5561] close(3) = 0 [pid 5561] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5561] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5561] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 5561] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5561] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5562 attached , parent_tid=[5562], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 5562 [pid 5561] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5561] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5562] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 5562] memfd_create("syzkaller", 0) = 3 [pid 5562] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 5562] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5562] munmap(0x7fdb59200000, 16777216) = 0 [pid 5562] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5562] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5562] close(3) = 0 [pid 5562] mkdir("./file0", 0777) = 0 [ 99.713305][ T5562] loop0: detected capacity change from 0 to 32768 [ 99.726499][ T5562] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 99.736385][ T5562] BTRFS info (device loop0): force clearing of disk cache [ 99.743741][ T5562] BTRFS info (device loop0): setting nodatasum [ 99.750156][ T5562] BTRFS info (device loop0): allowing degraded mounts [ 99.756938][ T5562] BTRFS info (device loop0): enabling disk space caching [ 99.764349][ T5562] BTRFS info (device loop0): disk space caching is enabled [ 99.784348][ T5562] BTRFS info (device loop0): enabling ssd optimizations [ 99.792199][ T5562] BTRFS info (device loop0): clearing free space tree [ 99.799256][ T5562] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5562] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5562] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5562] chdir("./file0") = 0 [pid 5562] ioctl(4, LOOP_CLR_FD) = 0 [pid 5562] close(4) = 0 [pid 5562] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5561] <... futex resumed>) = 0 [pid 5561] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5561] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5562] <... futex resumed>) = 1 [pid 5562] open("./file0", O_RDONLY) = 4 [pid 5562] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5561] <... futex resumed>) = 0 [pid 5561] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5561] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5562] <... futex resumed>) = 1 [pid 5562] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5562] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5561] <... futex resumed>) = 0 [pid 5561] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5561] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5562] <... futex resumed>) = 1 [pid 5562] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5562] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5561] <... futex resumed>) = 0 [pid 5561] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5561] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5562] <... futex resumed>) = 1 [pid 5562] creat("./bus", 000) = 6 [pid 5562] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5561] <... futex resumed>) = 0 [pid 5561] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5561] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5562] <... futex resumed>) = 1 [pid 5562] ftruncate(6, 2048) = 0 [pid 5562] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5561] <... futex resumed>) = 0 [pid 5561] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5561] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5562] <... futex resumed>) = 1 [pid 5562] open("./bus", O_RDONLY) = 7 [pid 5562] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5561] <... futex resumed>) = 0 [pid 5561] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5561] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5562] <... futex resumed>) = 1 [pid 5562] sendfile(6, 7, NULL, 65536) = 2048 [pid 5562] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5561] <... futex resumed>) = 0 [pid 5561] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5561] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5562] <... futex resumed>) = 1 [pid 5562] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 5562] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5561] <... futex resumed>) = 0 [pid 5561] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5561] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5562] <... futex resumed>) = 1 [ 99.809123][ T5562] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 99.832024][ T27] audit: type=1800 audit(1670043480.335:178): pid=5562 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5562] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5561] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5561] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5561] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5561] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 5561] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5561] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5582], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 5582 [pid 5561] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5561] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5582 attached [pid 5582] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 5582] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 5562] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5562] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 99.897633][ T27] audit: type=1804 audit(1670043480.375:179): pid=5562 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/88/file0/bus" dev="loop0" ino=263 res=1 errno=0 [pid 5562] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5582] <... ioctl resumed>) = 0 [pid 5582] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5561] <... futex resumed>) = 0 [pid 5561] exit_group(0 [pid 5562] <... futex resumed>) = ? [pid 5561] <... exit_group resumed>) = ? [pid 5562] +++ exited with 0 +++ [pid 5582] <... futex resumed>) = ? [pid 5582] +++ exited with 0 +++ [pid 5561] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5561, si_uid=0, si_status=0, si_utime=1, si_stime=26} --- umount2("./88", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./88/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./88/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./88/binderfs") = 0 umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./88/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./88/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./88") = 0 mkdir("./89", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 5583 ./strace-static-x86_64: Process 5583 attached [pid 5583] set_robust_list(0x55555746f5e0, 24) = 0 [pid 5583] chdir("./89") = 0 [pid 5583] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5583] setpgid(0, 0) = 0 [pid 5583] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5583] write(3, "1000", 4) = 4 [pid 5583] close(3) = 0 [pid 5583] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5583] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5583] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 5583] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5583] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5584 attached [pid 5584] set_robust_list(0x7fdb617f69e0, 24 [pid 5583] <... clone resumed>, parent_tid=[5584], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 5584 [pid 5584] <... set_robust_list resumed>) = 0 [pid 5583] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5583] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5584] memfd_create("syzkaller", 0) = 3 [pid 5584] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 5584] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5584] munmap(0x7fdb59200000, 16777216) = 0 [pid 5584] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5584] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5584] close(3) = 0 [pid 5584] mkdir("./file0", 0777) = 0 [pid 5584] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5584] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5584] chdir("./file0") = 0 [pid 5584] ioctl(4, LOOP_CLR_FD) = 0 [pid 5584] close(4) = 0 [pid 5584] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5584] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5583] <... futex resumed>) = 0 [pid 5583] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5584] <... futex resumed>) = 0 [pid 5584] open("./file0", O_RDONLY) = 4 [pid 5584] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5584] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5583] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5583] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5584] <... futex resumed>) = 0 [pid 5583] <... futex resumed>) = 1 [pid 5583] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 100.250636][ T5584] loop0: detected capacity change from 0 to 32768 [pid 5584] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5584] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5584] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5583] <... futex resumed>) = 0 [pid 5583] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5584] <... futex resumed>) = 0 [pid 5583] <... futex resumed>) = 1 [pid 5584] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5583] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5584] <... ioctl resumed>) = 0 [pid 5584] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5584] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5583] <... futex resumed>) = 0 [pid 5583] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5584] <... futex resumed>) = 0 [pid 5583] <... futex resumed>) = 1 [pid 5584] creat("./bus", 000 [pid 5583] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5584] <... creat resumed>) = 6 [pid 5584] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5583] <... futex resumed>) = 0 [pid 5584] <... futex resumed>) = 1 [pid 5583] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5584] ftruncate(6, 2048 [pid 5583] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5584] <... ftruncate resumed>) = 0 [pid 5584] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5583] <... futex resumed>) = 0 [pid 5583] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5583] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5584] <... futex resumed>) = 1 [ 100.303124][ T27] audit: type=1800 audit(1670043480.805:180): pid=5584 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor311" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5584] open("./bus", O_RDONLY) = 7 [pid 5584] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5583] <... futex resumed>) = 0 [pid 5584] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5583] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5584] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5583] <... futex resumed>) = 0 [pid 5584] sendfile(6, 7, NULL, 65536 [pid 5583] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5584] <... sendfile resumed>) = 2048 [pid 5584] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5583] <... futex resumed>) = 0 [pid 5583] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5584] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 5583] <... futex resumed>) = 0 [pid 5584] <... openat resumed>) = 8 [pid 5583] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5584] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5583] <... futex resumed>) = 0 [pid 5584] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5583] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5583] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 100.345923][ T27] audit: type=1804 audit(1670043480.845:181): pid=5584 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor311" name="/root/syzkaller.1ZDoxE/89/file0/bus" dev="loop0" ino=263 res=1 errno=0 [pid 5584] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5584] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5583] <... futex resumed>) = 0 [pid 5583] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5584] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 5583] <... futex resumed>) = 0 [pid 5583] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5584] <... ioctl resumed>) = 0 [pid 5584] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5583] <... futex resumed>) = 0 [pid 5584] <... futex resumed>) = 1 [pid 5583] exit_group(0 [pid 5584] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5583] <... exit_group resumed>) = ? [pid 5584] <... futex resumed>) = ? [pid 5584] +++ exited with 0 +++ [pid 5583] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5583, si_uid=0, si_status=0, si_utime=1, si_stime=20} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./89", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./89/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./89/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./89/binderfs") = 0 umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./89/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./89/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./89") = 0 mkdir("./90", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 5604 ./strace-static-x86_64: Process 5604 attached [pid 5604] set_robust_list(0x55555746f5e0, 24) = 0 [pid 5604] chdir("./90") = 0 [pid 5604] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5604] setpgid(0, 0) = 0 [pid 5604] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5604] write(3, "1000", 4) = 4 [pid 5604] close(3) = 0 [pid 5604] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5604] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5604] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 5604] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5604] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5605 attached , parent_tid=[5605], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 5605 [pid 5605] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 5604] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5604] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5605] memfd_create("syzkaller", 0) = 3 [pid 5605] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 5605] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5605] munmap(0x7fdb59200000, 16777216) = 0 [pid 5605] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5605] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5605] close(3) = 0 [pid 5605] mkdir("./file0", 0777) = 0 [pid 5605] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5605] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5605] chdir("./file0") = 0 [pid 5605] ioctl(4, LOOP_CLR_FD) = 0 [pid 5605] close(4) = 0 [pid 5605] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5604] <... futex resumed>) = 0 [pid 5605] open("./file0", O_RDONLY [pid 5604] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5605] <... open resumed>) = 4 [pid 5604] <... futex resumed>) = 0 [pid 5605] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5604] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5605] <... futex resumed>) = 0 [pid 5604] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5605] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5604] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5605] <... open resumed>) = 5 [pid 5604] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5605] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5604] <... futex resumed>) = 0 [pid 5605] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5604] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5604] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5605] <... ioctl resumed>) = 0 [pid 5605] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5604] <... futex resumed>) = 0 [pid 5604] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 100.731220][ T5605] loop0: detected capacity change from 0 to 32768 [pid 5604] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5605] <... futex resumed>) = 1 [pid 5605] creat("./bus", 000) = 6 [pid 5605] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5604] <... futex resumed>) = 0 [pid 5604] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5604] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5605] ftruncate(6, 2048) = 0 [pid 5605] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5604] <... futex resumed>) = 0 [pid 5604] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5604] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5605] open("./bus", O_RDONLY) = 7 [pid 5605] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5604] <... futex resumed>) = 0 [pid 5604] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5604] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5605] sendfile(6, 7, NULL, 65536) = 2048 [pid 5605] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5604] <... futex resumed>) = 0 [pid 5604] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5604] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5605] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 5605] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5604] <... futex resumed>) = 0 [pid 5604] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5604] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5605] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5605] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5604] <... futex resumed>) = 0 [pid 5604] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5604] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5605] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 5605] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5604] <... futex resumed>) = 0 [pid 5604] exit_group(0) = ? [pid 5605] <... futex resumed>) = ? [pid 5605] +++ exited with 0 +++ [pid 5604] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5604, si_uid=0, si_status=0, si_utime=2, si_stime=17} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./90", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./90/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./90/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./90/binderfs") = 0 umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./90/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./90/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./90") = 0 mkdir("./91", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 5625 ./strace-static-x86_64: Process 5625 attached [pid 5625] set_robust_list(0x55555746f5e0, 24) = 0 [pid 5625] chdir("./91") = 0 [pid 5625] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5625] setpgid(0, 0) = 0 [pid 5625] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5625] write(3, "1000", 4) = 4 [pid 5625] close(3) = 0 [pid 5625] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5625] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5625] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 5625] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5625] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5626], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 5626 [pid 5625] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5625] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5626 attached [pid 5626] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 5626] memfd_create("syzkaller", 0) = 3 [pid 5626] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 5626] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5626] munmap(0x7fdb59200000, 16777216) = 0 [pid 5626] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5626] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5626] close(3) = 0 [pid 5626] mkdir("./file0", 0777) = 0 [pid 5626] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5626] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5626] chdir("./file0") = 0 [pid 5626] ioctl(4, LOOP_CLR_FD) = 0 [pid 5626] close(4) = 0 [pid 5626] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5626] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5625] <... futex resumed>) = 0 [pid 5625] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5626] <... futex resumed>) = 0 [pid 5625] <... futex resumed>) = 1 [pid 5626] open("./file0", O_RDONLY [pid 5625] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5626] <... open resumed>) = 4 [pid 5626] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5625] <... futex resumed>) = 0 [pid 5626] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5625] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5626] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5625] <... futex resumed>) = 0 [pid 5626] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5625] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5626] <... open resumed>) = 5 [pid 5626] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5625] <... futex resumed>) = 0 [pid 5626] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5625] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5626] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5625] <... futex resumed>) = 0 [pid 5626] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [ 101.186971][ T5626] loop0: detected capacity change from 0 to 32768 [pid 5625] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5626] <... ioctl resumed>) = 0 [pid 5626] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5625] <... futex resumed>) = 0 [pid 5625] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5626] creat("./bus", 000 [pid 5625] <... futex resumed>) = 0 [pid 5625] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5626] <... creat resumed>) = 6 [pid 5626] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5625] <... futex resumed>) = 0 [pid 5626] ftruncate(6, 2048 [pid 5625] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5625] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5626] <... ftruncate resumed>) = 0 [pid 5626] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5625] <... futex resumed>) = 0 [pid 5626] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5625] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5626] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5625] <... futex resumed>) = 0 [pid 5625] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5626] open("./bus", O_RDONLY) = 7 [pid 5626] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5625] <... futex resumed>) = 0 [pid 5626] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5625] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5626] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5625] <... futex resumed>) = 0 [pid 5626] sendfile(6, 7, NULL, 65536 [pid 5625] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5626] <... sendfile resumed>) = 2048 [pid 5626] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5625] <... futex resumed>) = 0 [pid 5626] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5625] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5626] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5625] <... futex resumed>) = 0 [pid 5626] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 5625] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5626] <... openat resumed>) = 8 [pid 5626] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5625] <... futex resumed>) = 0 [pid 5626] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5625] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5626] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5625] <... futex resumed>) = 0 [pid 5626] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 101.261262][ T56] _btrfs_printk: 46 callbacks suppressed [ 101.261279][ T56] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 101.292273][ T5626] BTRFS info (device loop0): balance: start -s [ 101.300662][ T5626] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5625] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5625] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5625] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 5625] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5625] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5646], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 5646 [pid 5625] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5625] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5646 attached [pid 5626] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5646] set_robust_list(0x7fdb617d59e0, 24 [pid 5626] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5646] <... set_robust_list resumed>) = 0 [pid 5626] <... futex resumed>) = 0 [pid 5646] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"} [pid 5626] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5646] <... ioctl resumed>) = 0 [pid 5646] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5625] <... futex resumed>) = 0 [pid 5646] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5625] exit_group(0) = ? [pid 5626] <... futex resumed>) = ? [pid 5646] <... futex resumed>) = ? [pid 5626] +++ exited with 0 +++ [pid 5646] +++ exited with 0 +++ [pid 5625] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5625, si_uid=0, si_status=0, si_utime=4, si_stime=21} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./91", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./91/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./91/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./91/binderfs") = 0 [ 101.327962][ T5626] BTRFS info (device loop0): balance: ended with status: 0 umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./91/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./91/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./91") = 0 mkdir("./92", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 5647 ./strace-static-x86_64: Process 5647 attached [pid 5647] set_robust_list(0x55555746f5e0, 24) = 0 [pid 5647] chdir("./92") = 0 [pid 5647] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5647] setpgid(0, 0) = 0 [pid 5647] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5647] write(3, "1000", 4) = 4 [pid 5647] close(3) = 0 [pid 5647] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5647] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5647] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 5647] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5647] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5648 attached [pid 5648] set_robust_list(0x7fdb617f69e0, 24) = 0 [pid 5648] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5647] <... clone resumed>, parent_tid=[5648], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 5648 [pid 5647] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5648] <... futex resumed>) = 0 [pid 5648] memfd_create("syzkaller", 0 [pid 5647] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5648] <... memfd_create resumed>) = 3 [pid 5648] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 5648] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5648] munmap(0x7fdb59200000, 16777216) = 0 [pid 5648] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5648] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5648] close(3) = 0 [pid 5648] mkdir("./file0", 0777) = 0 [ 101.659667][ T5648] loop0: detected capacity change from 0 to 32768 [ 101.671229][ T5648] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 101.680506][ T5648] BTRFS info (device loop0): force clearing of disk cache [ 101.687885][ T5648] BTRFS info (device loop0): setting nodatasum [ 101.694054][ T5648] BTRFS info (device loop0): allowing degraded mounts [ 101.701206][ T5648] BTRFS info (device loop0): enabling disk space caching [ 101.708477][ T5648] BTRFS info (device loop0): disk space caching is enabled [ 101.727211][ T5648] BTRFS info (device loop0): enabling ssd optimizations [ 101.735765][ T5648] BTRFS info (device loop0): clearing free space tree [ 101.742736][ T5648] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5648] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5648] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5648] chdir("./file0") = 0 [pid 5648] ioctl(4, LOOP_CLR_FD) = 0 [pid 5648] close(4) = 0 [pid 5648] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5647] <... futex resumed>) = 0 [pid 5647] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5647] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5648] <... futex resumed>) = 1 [pid 5648] open("./file0", O_RDONLY) = 4 [pid 5648] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5647] <... futex resumed>) = 0 [pid 5647] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5647] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5648] <... futex resumed>) = 1 [pid 5648] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5648] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5647] <... futex resumed>) = 0 [pid 5647] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5647] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5648] <... futex resumed>) = 1 [pid 5648] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5648] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5647] <... futex resumed>) = 0 [pid 5647] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5647] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5648] <... futex resumed>) = 1 [pid 5648] creat("./bus", 000) = 6 [pid 5648] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5647] <... futex resumed>) = 0 [pid 5647] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5647] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5648] <... futex resumed>) = 1 [pid 5648] ftruncate(6, 2048) = 0 [pid 5648] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5647] <... futex resumed>) = 0 [pid 5647] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5647] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5648] <... futex resumed>) = 1 [pid 5648] open("./bus", O_RDONLY) = 7 [pid 5648] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5647] <... futex resumed>) = 0 [pid 5647] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5647] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5648] <... futex resumed>) = 1 [pid 5648] sendfile(6, 7, NULL, 65536) = 2048 [pid 5648] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5647] <... futex resumed>) = 0 [pid 5647] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5647] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5648] <... futex resumed>) = 1 [ 101.752764][ T5648] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 101.765996][ T5648] BTRFS info (device loop0): checking UUID tree [pid 5648] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000) = 8 [pid 5648] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5647] <... futex resumed>) = 0 [pid 5647] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5647] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5648] <... futex resumed>) = 1 [ 101.811301][ T33] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 101.829135][ T5648] BTRFS info (device loop0): balance: start -s [ 101.836936][ T5648] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5648] ioctl(8, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5647] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5647] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5647] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617b5000 [pid 5647] mprotect(0x7fdb617b6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5647] clone(child_stack=0x7fdb617d53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5668], tls=0x7fdb617d5700, child_tidptr=0x7fdb617d59d0) = 5668 [pid 5647] futex(0x7fdb618d57f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5647] futex(0x7fdb618d57fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5668 attached [pid 5668] set_robust_list(0x7fdb617d59e0, 24) = 0 [pid 5668] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x42\x99\xc6\x3c\x6a\xca\x4b\xec\x68\x72\xd2\x07\x80\x8d\xda\x69\x34\x9c\x62\x54\x02\x9b\xbc\x4a\x38\xfb\x4e\x91\xbb\xa4\x82\x6c\xd7\x77\xcb\x59\x74\x4a\xdd\x18\x26\x71\x40\x88\x2a\x98\x37\x3f\xbb\xf4\xb5\xb0\x7c"}) = 0 [pid 5668] futex(0x7fdb618d57fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5647] <... futex resumed>) = 0 [pid 5668] <... futex resumed>) = 1 [pid 5668] futex(0x7fdb618d57f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5648] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5648] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5648] futex(0x7fdb618d57e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5647] exit_group(0 [pid 5668] <... futex resumed>) = ? [pid 5647] <... exit_group resumed>) = ? [ 101.865432][ T5648] BTRFS info (device loop0): balance: ended with status: 0 [pid 5668] +++ exited with 0 +++ [pid 5648] <... futex resumed>) = ? [pid 5648] +++ exited with 0 +++ [pid 5647] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5647, si_uid=0, si_status=0, si_utime=3, si_stime=29} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./92", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555557470620 /* 4 entries */, 32768) = 112 umount2("./92/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./92/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./92/binderfs") = 0 umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./92/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557478660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557478660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./92/file0") = 0 getdents64(3, 0x555557470620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./92") = 0 mkdir("./93", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555746f5d0) = 5669 ./strace-static-x86_64: Process 5669 attached [pid 5669] set_robust_list(0x55555746f5e0, 24) = 0 [pid 5669] chdir("./93") = 0 [pid 5669] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5669] setpgid(0, 0) = 0 [pid 5669] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5669] write(3, "1000", 4) = 4 [pid 5669] close(3) = 0 [pid 5669] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5669] futex(0x7fdb618d57ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5669] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdb617d6000 [pid 5669] mprotect(0x7fdb617d7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5669] clone(child_stack=0x7fdb617f63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5670 attached [pid 5670] set_robust_list(0x7fdb617f69e0, 24 [pid 5669] <... clone resumed>, parent_tid=[5670], tls=0x7fdb617f6700, child_tidptr=0x7fdb617f69d0) = 5670 [pid 5670] <... set_robust_list resumed>) = 0 [pid 5669] futex(0x7fdb618d57e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5670] memfd_create("syzkaller", 0 [pid 5669] futex(0x7fdb618d57ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5670] <... memfd_create resumed>) = 3 [pid 5670] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb59200000 [pid 5670] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0