./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor833727108 <...> Warning: Permanently added '10.128.0.251' (ED25519) to the list of known hosts. execve("./syz-executor833727108", ["./syz-executor833727108"], 0x7ffeef401dd0 /* 10 vars */) = 0 brk(NULL) = 0x555557140000 brk(0x555557140d40) = 0x555557140d40 arch_prctl(ARCH_SET_FS, 0x5555571403c0) = 0 set_tid_address(0x555557140690) = 5014 set_robust_list(0x5555571406a0, 24) = 0 rseq(0x555557140ce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor833727108", 4096) = 27 getrandom("\x1b\x1c\xfb\xa5\x8a\x8e\x99\xb1", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555557140d40 brk(0x555557161d40) = 0x555557161d40 brk(0x555557162000) = 0x555557162000 mprotect(0x7f43c896c000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getrandom("\x14\xce\xc9\xfd\xcc\x5b\xf0\xd4", 8, GRND_NONBLOCK) = 8 mkdir("./syzkaller.MLyNlH", 0700) = 0 chmod("./syzkaller.MLyNlH", 0777) = 0 chdir("./syzkaller.MLyNlH") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557140690) = 5015 ./strace-static-x86_64: Process 5015 attached [pid 5015] set_robust_list(0x5555571406a0, 24) = 0 [pid 5015] chdir("./0") = 0 [pid 5015] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5015] setpgid(0, 0) = 0 [pid 5015] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5015] write(3, "1000", 4) = 4 [pid 5015] close(3) = 0 [pid 5015] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5015] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5015] rt_sigaction(SIGRT_1, {sa_handler=0x7f43c890bff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f43c88fd1a0}, NULL, 8) = 0 [pid 5015] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5015] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f43c8882000 [pid 5015] mprotect(0x7f43c8883000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5015] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5015] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f43c88a2990, parent_tid=0x7f43c88a2990, exit_signal=0, stack=0x7f43c8882000, stack_size=0x20300, tls=0x7f43c88a26c0}./strace-static-x86_64: Process 5017 attached [pid 5017] rseq(0x7f43c88a2fe0, 0x20, 0, 0x53053053 [pid 5015] <... clone3 resumed> => {parent_tid=[5017]}, 88) = 5017 [pid 5017] <... rseq resumed>) = 0 [pid 5015] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5017] set_robust_list(0x7f43c88a29a0, 24) = 0 [pid 5015] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5017] rt_sigprocmask(SIG_SETMASK, [], [pid 5015] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5017] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5017] memfd_create("syzkaller", 0) = 3 [pid 5017] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f43c0482000 [ 66.165182][ T5017] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5017 'syz-executor833' [pid 5017] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5017] munmap(0x7f43c0482000, 16777216) = 0 [pid 5017] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5017] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5017] close(3) = 0 [pid 5017] mkdir("./file0", 0777) = 0 [ 66.335364][ T5017] loop0: detected capacity change from 0 to 32768 [ 66.349492][ T5017] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor833 (5017) [ 66.370125][ T5017] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 66.379098][ T5017] BTRFS info (device loop0): turning on flush-on-commit [ 66.386491][ T5017] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 66.397838][ T5017] BTRFS info (device loop0): trying to use backup root at mount time [ 66.406336][ T5017] BTRFS info (device loop0): using free space tree [ 66.422094][ T12] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [pid 5017] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5017] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5017] chdir("./file0") = 0 [pid 5017] ioctl(4, LOOP_CLR_FD) = 0 [pid 5017] close(4) = 0 [pid 5017] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5015] <... futex resumed>) = 0 [pid 5015] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5015] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5017] <... futex resumed>) = 1 [ 66.435896][ T5017] BTRFS warning (device loop0): couldn't read tree root [ 66.442967][ T5017] BTRFS warning (device loop0): try to load backup roots slot 1 [ 66.456840][ T5017] BTRFS info (device loop0): enabling ssd optimizations [ 66.466746][ T5017] BTRFS info (device loop0): rebuilding free space tree [pid 5017] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5017] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5017] futex(0x7f43c89726c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5015] <... futex resumed>) = 0 [pid 5015] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5017] <... futex resumed>) = 0 [pid 5017] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0 [pid 5015] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5017] <... ioctl resumed>) = 0 [pid 5017] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5015] <... futex resumed>) = 0 [pid 5017] futex(0x7f43c89726c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5015] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5017] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5015] <... futex resumed>) = 0 [pid 5017] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 66.514940][ T27] audit: type=1800 audit(1692385551.148:2): pid=5017 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor833" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5015] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5015] futex(0x7f43c89726dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5015] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f43c1461000 [pid 5015] mprotect(0x7f43c1462000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5015] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5015] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f43c1481990, parent_tid=0x7f43c1481990, exit_signal=0, stack=0x7f43c1461000, stack_size=0x20300, tls=0x7f43c14816c0} => {parent_tid=[5034]}, 88) = 5034 [pid 5015] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5015] futex(0x7f43c89726d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5015] futex(0x7f43c89726dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5034 attached [pid 5034] rseq(0x7f43c1481fe0, 0x20, 0, 0x53053053) = 0 [pid 5034] set_robust_list(0x7f43c14819a0, 24) = 0 [pid 5034] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5034] open(".", O_RDONLY) = 5 [pid 5034] futex(0x7f43c89726dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5015] <... futex resumed>) = 0 [pid 5034] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [pid 5015] futex(0x7f43c89726d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 66.563388][ T5017] BTRFS info (device loop0): balance: start -d -m [ 66.584374][ T5017] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5015] futex(0x7f43c89726dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5034] <... ioctl resumed>) = 0 [pid 5034] futex(0x7f43c89726dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 66.732821][ T5017] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5034] futex(0x7f43c89726d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5015] exit_group(0 [pid 5034] <... futex resumed>) = ? [pid 5015] <... exit_group resumed>) = ? [pid 5034] +++ exited with 0 +++ [ 66.795721][ T5017] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 66.827039][ T5017] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5017] <... ioctl resumed> ) = ? [pid 5017] +++ exited with 0 +++ [pid 5015] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5015, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=44 /* 0.44 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557141730 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 [ 66.851688][ T5017] BTRFS info (device loop0): balance: ended with status: 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557149770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557149770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x555557141730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557140690) = 5043 ./strace-static-x86_64: Process 5043 attached [pid 5043] set_robust_list(0x5555571406a0, 24) = 0 [pid 5043] chdir("./1") = 0 [pid 5043] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5043] setpgid(0, 0) = 0 [pid 5043] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5043] write(3, "1000", 4) = 4 [pid 5043] close(3) = 0 [pid 5043] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5043] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5043] rt_sigaction(SIGRT_1, {sa_handler=0x7f43c890bff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f43c88fd1a0}, NULL, 8) = 0 [pid 5043] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5043] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f43c8882000 [pid 5043] mprotect(0x7f43c8883000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5043] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5043] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f43c88a2990, parent_tid=0x7f43c88a2990, exit_signal=0, stack=0x7f43c8882000, stack_size=0x20300, tls=0x7f43c88a26c0}./strace-static-x86_64: Process 5044 attached [pid 5044] rseq(0x7f43c88a2fe0, 0x20, 0, 0x53053053 [pid 5043] <... clone3 resumed> => {parent_tid=[5044]}, 88) = 5044 [pid 5044] <... rseq resumed>) = 0 [pid 5043] rt_sigprocmask(SIG_SETMASK, [], [pid 5044] set_robust_list(0x7f43c88a29a0, 24 [pid 5043] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5044] <... set_robust_list resumed>) = 0 [pid 5043] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5044] rt_sigprocmask(SIG_SETMASK, [], [pid 5043] <... futex resumed>) = 0 [pid 5044] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5043] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5044] memfd_create("syzkaller", 0) = 3 [pid 5044] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f43c0482000 [pid 5044] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5044] munmap(0x7f43c0482000, 16777216) = 0 [pid 5044] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5044] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5044] close(3) = 0 [pid 5044] mkdir("./file0", 0777) = 0 [ 67.130780][ T5044] loop0: detected capacity change from 0 to 32768 [ 67.141938][ T5044] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor833 (5044) [ 67.161435][ T5044] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 67.170325][ T5044] BTRFS info (device loop0): turning on flush-on-commit [ 67.177336][ T5044] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 67.188131][ T5044] BTRFS info (device loop0): trying to use backup root at mount time [ 67.196516][ T5044] BTRFS info (device loop0): using free space tree [ 67.210014][ T10] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 67.223671][ T5044] BTRFS warning (device loop0): couldn't read tree root [pid 5044] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5044] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5044] chdir("./file0") = 0 [pid 5044] ioctl(4, LOOP_CLR_FD) = 0 [pid 5044] close(4) = 0 [pid 5044] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5043] <... futex resumed>) = 0 [pid 5043] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5043] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 67.231142][ T5044] BTRFS warning (device loop0): try to load backup roots slot 1 [ 67.243458][ T5044] BTRFS info (device loop0): enabling ssd optimizations [ 67.251963][ T5044] BTRFS info (device loop0): rebuilding free space tree [pid 5044] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5044] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5043] <... futex resumed>) = 0 [pid 5043] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5043] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5044] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0) = 0 [pid 5044] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5043] <... futex resumed>) = 0 [pid 5043] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5043] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 67.284114][ T27] audit: type=1800 audit(1692385551.918:3): pid=5044 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor833" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 67.317814][ T5044] BTRFS info (device loop0): balance: start -d -m [pid 5044] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5043] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5043] futex(0x7f43c89726dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5043] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f43c1461000 [pid 5043] mprotect(0x7f43c1462000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5043] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5043] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f43c1481990, parent_tid=0x7f43c1481990, exit_signal=0, stack=0x7f43c1461000, stack_size=0x20300, tls=0x7f43c14816c0} => {parent_tid=[5061]}, 88) = 5061 [pid 5043] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5043] futex(0x7f43c89726d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5043] futex(0x7f43c89726dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5061 attached [pid 5061] rseq(0x7f43c1481fe0, 0x20, 0, 0x53053053) = 0 [pid 5061] set_robust_list(0x7f43c14819a0, 24) = 0 [pid 5061] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5061] open(".", O_RDONLY) = 5 [pid 5061] futex(0x7f43c89726dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5043] <... futex resumed>) = 0 [pid 5043] futex(0x7f43c89726d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5061] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [pid 5043] <... futex resumed>) = 0 [ 67.333353][ T5044] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5043] futex(0x7f43c89726dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 67.390634][ T5044] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5061] <... ioctl resumed>) = 0 [pid 5061] futex(0x7f43c89726dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 67.499669][ T5044] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 67.529873][ T5044] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5061] futex(0x7f43c89726d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5044] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5044] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5043] exit_group(0 [pid 5061] <... futex resumed>) = ? [pid 5043] <... exit_group resumed>) = ? [pid 5061] +++ exited with 0 +++ [pid 5044] <... futex resumed>) = ? [pid 5044] +++ exited with 0 +++ [pid 5043] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5043, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=33 /* 0.33 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557141730 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 [ 67.555015][ T5044] BTRFS info (device loop0): balance: ended with status: 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557149770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557149770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 getdents64(3, 0x555557141730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557140690) = 5066 ./strace-static-x86_64: Process 5066 attached [pid 5066] set_robust_list(0x5555571406a0, 24) = 0 [pid 5066] chdir("./2") = 0 [pid 5066] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5066] setpgid(0, 0) = 0 [pid 5066] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5066] write(3, "1000", 4) = 4 [pid 5066] close(3) = 0 [pid 5066] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5066] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5066] rt_sigaction(SIGRT_1, {sa_handler=0x7f43c890bff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f43c88fd1a0}, NULL, 8) = 0 [pid 5066] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5066] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f43c8882000 [pid 5066] mprotect(0x7f43c8883000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5066] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5066] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f43c88a2990, parent_tid=0x7f43c88a2990, exit_signal=0, stack=0x7f43c8882000, stack_size=0x20300, tls=0x7f43c88a26c0}./strace-static-x86_64: Process 5067 attached [pid 5067] rseq(0x7f43c88a2fe0, 0x20, 0, 0x53053053) = 0 [pid 5067] set_robust_list(0x7f43c88a29a0, 24) = 0 [pid 5067] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5067] futex(0x7f43c89726c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5066] <... clone3 resumed> => {parent_tid=[5067]}, 88) = 5067 [pid 5066] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5066] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5067] <... futex resumed>) = 0 [pid 5067] memfd_create("syzkaller", 0) = 3 [pid 5067] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f43c0482000 [pid 5066] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5067] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5067] munmap(0x7f43c0482000, 16777216) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5067] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5067] close(3) = 0 [pid 5067] mkdir("./file0", 0777) = 0 [ 67.846893][ T5067] loop0: detected capacity change from 0 to 32768 [ 67.857748][ T5067] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor833 (5067) [ 67.872700][ T5067] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 67.881527][ T5067] BTRFS info (device loop0): turning on flush-on-commit [ 67.888612][ T5067] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 67.899410][ T5067] BTRFS info (device loop0): trying to use backup root at mount time [ 67.907664][ T5067] BTRFS info (device loop0): using free space tree [ 67.923017][ T41] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 67.936927][ T5067] BTRFS warning (device loop0): couldn't read tree root [pid 5067] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5067] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5067] chdir("./file0") = 0 [pid 5067] ioctl(4, LOOP_CLR_FD) = 0 [pid 5067] close(4) = 0 [pid 5067] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5067] futex(0x7f43c89726c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5066] <... futex resumed>) = 0 [pid 5066] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5067] <... futex resumed>) = 0 [pid 5067] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [ 67.944402][ T5067] BTRFS warning (device loop0): try to load backup roots slot 1 [ 67.957373][ T5067] BTRFS info (device loop0): enabling ssd optimizations [ 67.965301][ T5067] BTRFS info (device loop0): rebuilding free space tree [pid 5066] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5067] <... open resumed>) = 4 [pid 5067] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5067] futex(0x7f43c89726c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5066] <... futex resumed>) = 0 [pid 5066] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5067] <... futex resumed>) = 0 [pid 5066] <... futex resumed>) = 1 [pid 5066] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5067] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0) = 0 [pid 5067] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5067] futex(0x7f43c89726c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5066] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5066] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5067] <... futex resumed>) = 0 [pid 5066] <... futex resumed>) = 1 [pid 5067] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 68.004223][ T27] audit: type=1800 audit(1692385552.638:4): pid=5067 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor833" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 68.036422][ T5067] BTRFS info (device loop0): balance: start -d -m [ 68.046598][ T5067] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5066] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5066] futex(0x7f43c89726dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5066] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f43c1461000 [pid 5066] mprotect(0x7f43c1462000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5066] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5066] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f43c1481990, parent_tid=0x7f43c1481990, exit_signal=0, stack=0x7f43c1461000, stack_size=0x20300, tls=0x7f43c14816c0} => {parent_tid=[5084]}, 88) = 5084 [pid 5066] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5066] futex(0x7f43c89726d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5066] futex(0x7f43c89726dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5084 attached [pid 5084] rseq(0x7f43c1481fe0, 0x20, 0, 0x53053053) = 0 [pid 5084] set_robust_list(0x7f43c14819a0, 24) = 0 [pid 5084] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5084] open(".", O_RDONLY) = 5 [pid 5084] futex(0x7f43c89726dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5084] futex(0x7f43c89726d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5066] <... futex resumed>) = 0 [pid 5066] futex(0x7f43c89726d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5084] <... futex resumed>) = 0 [pid 5084] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [ 68.080334][ T5067] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5066] futex(0x7f43c89726dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5084] <... ioctl resumed>) = 0 [pid 5084] futex(0x7f43c89726dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 68.207679][ T5067] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 68.237331][ T5067] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5084] futex(0x7f43c89726d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5067] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5067] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5066] exit_group(0 [pid 5084] <... futex resumed>) = ? [pid 5066] <... exit_group resumed>) = ? [pid 5084] +++ exited with 0 +++ [pid 5067] +++ exited with 0 +++ [pid 5066] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5066, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=33 /* 0.33 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557141730 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 [ 68.263786][ T5067] BTRFS info (device loop0): balance: ended with status: 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557149770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557149770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 getdents64(3, 0x555557141730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557140690) = 5085 ./strace-static-x86_64: Process 5085 attached [pid 5085] set_robust_list(0x5555571406a0, 24) = 0 [pid 5085] chdir("./3") = 0 [pid 5085] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5085] setpgid(0, 0) = 0 [pid 5085] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5085] write(3, "1000", 4) = 4 [pid 5085] close(3) = 0 [pid 5085] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5085] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5085] rt_sigaction(SIGRT_1, {sa_handler=0x7f43c890bff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f43c88fd1a0}, NULL, 8) = 0 [pid 5085] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5085] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f43c8882000 [pid 5085] mprotect(0x7f43c8883000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5085] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5085] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f43c88a2990, parent_tid=0x7f43c88a2990, exit_signal=0, stack=0x7f43c8882000, stack_size=0x20300, tls=0x7f43c88a26c0}./strace-static-x86_64: Process 5086 attached => {parent_tid=[5086]}, 88) = 5086 [pid 5086] rseq(0x7f43c88a2fe0, 0x20, 0, 0x53053053) = 0 [pid 5086] set_robust_list(0x7f43c88a29a0, 24) = 0 [pid 5086] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5086] futex(0x7f43c89726c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5085] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5085] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5086] <... futex resumed>) = 0 [pid 5085] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5086] memfd_create("syzkaller", 0) = 3 [pid 5086] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f43c0482000 [pid 5086] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5086] munmap(0x7f43c0482000, 16777216) = 0 [pid 5086] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5086] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5086] close(3) = 0 [pid 5086] mkdir("./file0", 0777) = 0 [ 68.537164][ T5086] loop0: detected capacity change from 0 to 32768 [ 68.547947][ T5086] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor833 (5086) [ 68.564968][ T5086] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 68.574081][ T5086] BTRFS info (device loop0): turning on flush-on-commit [ 68.581145][ T5086] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 68.591794][ T5086] BTRFS info (device loop0): trying to use backup root at mount time [ 68.599968][ T5086] BTRFS info (device loop0): using free space tree [ 68.614842][ T12] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 68.628643][ T5086] BTRFS warning (device loop0): couldn't read tree root [pid 5086] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5086] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5086] chdir("./file0") = 0 [pid 5086] ioctl(4, LOOP_CLR_FD) = 0 [pid 5086] close(4) = 0 [pid 5086] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... futex resumed>) = 0 [pid 5086] <... futex resumed>) = 1 [pid 5085] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [ 68.635714][ T5086] BTRFS warning (device loop0): try to load backup roots slot 1 [ 68.648740][ T5086] BTRFS info (device loop0): enabling ssd optimizations [ 68.659238][ T5086] BTRFS info (device loop0): rebuilding free space tree [pid 5085] <... futex resumed>) = 0 [pid 5085] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... open resumed>) = 4 [pid 5086] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... futex resumed>) = 0 [pid 5085] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5085] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... futex resumed>) = 1 [pid 5086] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0) = 0 [pid 5086] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... futex resumed>) = 0 [pid 5085] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5086] <... futex resumed>) = 1 [pid 5085] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5085] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5085] futex(0x7f43c89726dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5085] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f43c1461000 [pid 5085] mprotect(0x7f43c1462000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5085] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5085] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f43c1481990, parent_tid=0x7f43c1481990, exit_signal=0, stack=0x7f43c1461000, stack_size=0x20300, tls=0x7f43c14816c0} => {parent_tid=[5103]}, 88) = 5103 [pid 5085] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5085] futex(0x7f43c89726d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5085] futex(0x7f43c89726dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5103 attached [ 68.683532][ T27] audit: type=1800 audit(1692385553.318:5): pid=5086 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor833" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 68.718729][ T5086] BTRFS info (device loop0): balance: start -d -m [ 68.727084][ T5086] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5103] rseq(0x7f43c1481fe0, 0x20, 0, 0x53053053) = 0 [pid 5103] set_robust_list(0x7f43c14819a0, 24) = 0 [pid 5103] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5103] open(".", O_RDONLY) = 5 [pid 5103] futex(0x7f43c89726dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5085] <... futex resumed>) = 0 [pid 5103] futex(0x7f43c89726d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5085] futex(0x7f43c89726d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5103] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5085] <... futex resumed>) = 0 [pid 5103] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [ 68.773425][ T5086] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5085] futex(0x7f43c89726dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5103] <... ioctl resumed>) = 0 [pid 5103] futex(0x7f43c89726dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 68.901468][ T5086] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 68.929444][ T5086] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5103] futex(0x7f43c89726d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5086] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5086] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] exit_group(0 [pid 5103] <... futex resumed>) = ? [pid 5086] <... futex resumed>) = ? [pid 5085] <... exit_group resumed>) = ? [pid 5103] +++ exited with 0 +++ [pid 5086] +++ exited with 0 +++ [pid 5085] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5085, si_uid=0, si_status=0, si_utime=0, si_stime=36 /* 0.36 s */} --- umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557141730 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 [ 68.955927][ T5086] BTRFS info (device loop0): balance: ended with status: 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557149770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557149770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 getdents64(3, 0x555557141730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557140690) = 5104 ./strace-static-x86_64: Process 5104 attached [pid 5104] set_robust_list(0x5555571406a0, 24) = 0 [pid 5104] chdir("./4") = 0 [pid 5104] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5104] setpgid(0, 0) = 0 [pid 5104] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5104] write(3, "1000", 4) = 4 [pid 5104] close(3) = 0 [pid 5104] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5104] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5104] rt_sigaction(SIGRT_1, {sa_handler=0x7f43c890bff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f43c88fd1a0}, NULL, 8) = 0 [pid 5104] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5104] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f43c8882000 [pid 5104] mprotect(0x7f43c8883000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5104] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5104] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f43c88a2990, parent_tid=0x7f43c88a2990, exit_signal=0, stack=0x7f43c8882000, stack_size=0x20300, tls=0x7f43c88a26c0}./strace-static-x86_64: Process 5105 attached => {parent_tid=[5105]}, 88) = 5105 [pid 5105] rseq(0x7f43c88a2fe0, 0x20, 0, 0x53053053) = 0 [pid 5105] set_robust_list(0x7f43c88a29a0, 24) = 0 [pid 5105] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5105] futex(0x7f43c89726c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5104] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5104] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5105] <... futex resumed>) = 0 [pid 5104] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5105] memfd_create("syzkaller", 0) = 3 [pid 5105] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f43c0482000 [pid 5105] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5105] munmap(0x7f43c0482000, 16777216) = 0 [pid 5105] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5105] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5105] close(3) = 0 [pid 5105] mkdir("./file0", 0777) = 0 [ 69.233684][ T5105] loop0: detected capacity change from 0 to 32768 [ 69.244392][ T5105] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor833 (5105) [ 69.262518][ T5105] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 69.271499][ T5105] BTRFS info (device loop0): turning on flush-on-commit [ 69.278569][ T5105] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 69.289458][ T5105] BTRFS info (device loop0): trying to use backup root at mount time [ 69.297615][ T5105] BTRFS info (device loop0): using free space tree [ 69.311603][ T12] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 69.325628][ T5105] BTRFS warning (device loop0): couldn't read tree root [pid 5105] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5105] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5105] chdir("./file0") = 0 [pid 5105] ioctl(4, LOOP_CLR_FD) = 0 [pid 5105] close(4) = 0 [pid 5105] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5105] futex(0x7f43c89726c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5104] <... futex resumed>) = 0 [pid 5104] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5104] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5105] <... futex resumed>) = 0 [ 69.332990][ T5105] BTRFS warning (device loop0): try to load backup roots slot 1 [ 69.345882][ T5105] BTRFS info (device loop0): enabling ssd optimizations [ 69.353977][ T5105] BTRFS info (device loop0): rebuilding free space tree [pid 5105] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5105] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5104] <... futex resumed>) = 0 [pid 5104] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5104] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5105] <... futex resumed>) = 1 [pid 5105] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0) = 0 [pid 5105] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5104] <... futex resumed>) = 0 [pid 5104] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5104] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5105] <... futex resumed>) = 1 [pid 5105] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5104] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5104] futex(0x7f43c89726dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5104] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f43c1461000 [pid 5104] mprotect(0x7f43c1462000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5104] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5104] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f43c1481990, parent_tid=0x7f43c1481990, exit_signal=0, stack=0x7f43c1461000, stack_size=0x20300, tls=0x7f43c14816c0} => {parent_tid=[5122]}, 88) = 5122 [pid 5104] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5104] futex(0x7f43c89726d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5104] futex(0x7f43c89726dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5122 attached [pid 5122] rseq(0x7f43c1481fe0, 0x20, 0, 0x53053053) = 0 [pid 5122] set_robust_list(0x7f43c14819a0, 24) = 0 [pid 5122] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5122] open(".", O_RDONLY) = 5 [pid 5122] futex(0x7f43c89726dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5104] <... futex resumed>) = 0 [pid 5104] futex(0x7f43c89726d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5104] futex(0x7f43c89726dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5122] <... futex resumed>) = 1 [ 69.382787][ T27] audit: type=1800 audit(1692385554.018:6): pid=5105 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor833" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 69.408642][ T5105] BTRFS info (device loop0): balance: start -d -m [ 69.420086][ T5105] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5122] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [pid 5104] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 69.519454][ T5105] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5122] <... ioctl resumed>) = 0 [pid 5122] futex(0x7f43c89726dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] futex(0x7f43c89726d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5104] exit_group(0 [pid 5122] <... futex resumed>) = ? [pid 5104] <... exit_group resumed>) = ? [pid 5122] +++ exited with 0 +++ [ 69.664726][ T5105] BTRFS info (device loop0): found 10 extents, stage: move data extents [pid 5105] <... ioctl resumed> ) = ? [pid 5105] +++ exited with 0 +++ [pid 5104] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5104, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=33 /* 0.33 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557141730 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 [ 69.710543][ T5105] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 69.736461][ T5105] BTRFS info (device loop0): balance: ended with status: 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557149770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557149770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 getdents64(3, 0x555557141730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557140690) = 5123 ./strace-static-x86_64: Process 5123 attached [pid 5123] set_robust_list(0x5555571406a0, 24) = 0 [pid 5123] chdir("./5") = 0 [pid 5123] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5123] setpgid(0, 0) = 0 [pid 5123] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5123] write(3, "1000", 4) = 4 [pid 5123] close(3) = 0 [pid 5123] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5123] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5123] rt_sigaction(SIGRT_1, {sa_handler=0x7f43c890bff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f43c88fd1a0}, NULL, 8) = 0 [pid 5123] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5123] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f43c8882000 [pid 5123] mprotect(0x7f43c8883000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5123] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5123] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f43c88a2990, parent_tid=0x7f43c88a2990, exit_signal=0, stack=0x7f43c8882000, stack_size=0x20300, tls=0x7f43c88a26c0} => {parent_tid=[5124]}, 88) = 5124 ./strace-static-x86_64: Process 5124 attached [pid 5124] rseq(0x7f43c88a2fe0, 0x20, 0, 0x53053053) = 0 [pid 5124] set_robust_list(0x7f43c88a29a0, 24) = 0 [pid 5124] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5124] futex(0x7f43c89726c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5123] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5123] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5124] <... futex resumed>) = 0 [pid 5123] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5124] memfd_create("syzkaller", 0) = 3 [pid 5124] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f43c0482000 [pid 5124] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5124] munmap(0x7f43c0482000, 16777216) = 0 [pid 5124] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5124] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5124] close(3) = 0 [pid 5124] mkdir("./file0", 0777) = 0 [ 70.023726][ T5124] loop0: detected capacity change from 0 to 32768 [ 70.034594][ T5124] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor833 (5124) [ 70.051668][ T5124] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 70.060505][ T5124] BTRFS info (device loop0): turning on flush-on-commit [ 70.067479][ T5124] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 70.078189][ T5124] BTRFS info (device loop0): trying to use backup root at mount time [ 70.086333][ T5124] BTRFS info (device loop0): using free space tree [ 70.100069][ T12] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 70.114189][ T5124] BTRFS warning (device loop0): couldn't read tree root [pid 5124] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5124] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5124] chdir("./file0") = 0 [pid 5124] ioctl(4, LOOP_CLR_FD) = 0 [pid 5124] close(4) = 0 [pid 5124] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5123] <... futex resumed>) = 0 [pid 5123] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5123] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5124] <... futex resumed>) = 1 [ 70.121293][ T5124] BTRFS warning (device loop0): try to load backup roots slot 1 [ 70.133696][ T5124] BTRFS info (device loop0): enabling ssd optimizations [ 70.141425][ T5124] BTRFS info (device loop0): rebuilding free space tree [pid 5124] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5124] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5123] <... futex resumed>) = 0 [pid 5124] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0 [pid 5123] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5124] <... ioctl resumed>) = 0 [pid 5123] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5124] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5123] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5124] <... futex resumed>) = 0 [pid 5123] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5124] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5123] <... futex resumed>) = 0 [pid 5123] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5123] futex(0x7f43c89726dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5123] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f43c1461000 [pid 5123] mprotect(0x7f43c1462000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5123] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5123] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f43c1481990, parent_tid=0x7f43c1481990, exit_signal=0, stack=0x7f43c1461000, stack_size=0x20300, tls=0x7f43c14816c0} => {parent_tid=[5141]}, 88) = 5141 [ 70.163780][ T27] audit: type=1800 audit(1692385554.798:7): pid=5124 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor833" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 70.193925][ T5124] BTRFS info (device loop0): balance: start -d -m [ 70.209494][ T5124] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5123] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5123] futex(0x7f43c89726d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5123] futex(0x7f43c89726dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5141 attached [pid 5141] rseq(0x7f43c1481fe0, 0x20, 0, 0x53053053) = 0 [pid 5141] set_robust_list(0x7f43c14819a0, 24) = 0 [pid 5141] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5141] open(".", O_RDONLY) = 5 [pid 5141] futex(0x7f43c89726dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5123] <... futex resumed>) = 0 [pid 5141] futex(0x7f43c89726d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5123] futex(0x7f43c89726d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5141] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5123] <... futex resumed>) = 0 [pid 5141] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [ 70.242267][ T5124] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5123] futex(0x7f43c89726dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5141] <... ioctl resumed>) = 0 [pid 5141] futex(0x7f43c89726dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 70.379036][ T5124] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 70.403427][ T5124] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5141] futex(0x7f43c89726d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5124] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5124] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5124] futex(0x7f43c89726c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5123] exit_group(0 [pid 5141] <... futex resumed>) = ? [pid 5123] <... exit_group resumed>) = ? [pid 5141] +++ exited with 0 +++ [pid 5124] <... futex resumed>) = ? [pid 5124] +++ exited with 0 +++ [pid 5123] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5123, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=35 /* 0.35 s */} --- umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557141730 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 [ 70.426294][ T5124] BTRFS info (device loop0): balance: ended with status: 0 [ 70.443557][ T5124] syz-executor833 (5124) used greatest stack depth: 19480 bytes left umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557149770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557149770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 getdents64(3, 0x555557141730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557140690) = 5142 ./strace-static-x86_64: Process 5142 attached [pid 5142] set_robust_list(0x5555571406a0, 24) = 0 [pid 5142] chdir("./6") = 0 [pid 5142] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5142] setpgid(0, 0) = 0 [pid 5142] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5142] write(3, "1000", 4) = 4 [pid 5142] close(3) = 0 [pid 5142] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5142] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5142] rt_sigaction(SIGRT_1, {sa_handler=0x7f43c890bff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f43c88fd1a0}, NULL, 8) = 0 [pid 5142] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5142] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f43c8882000 [pid 5142] mprotect(0x7f43c8883000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5142] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5142] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f43c88a2990, parent_tid=0x7f43c88a2990, exit_signal=0, stack=0x7f43c8882000, stack_size=0x20300, tls=0x7f43c88a26c0}./strace-static-x86_64: Process 5143 attached => {parent_tid=[5143]}, 88) = 5143 [pid 5143] rseq(0x7f43c88a2fe0, 0x20, 0, 0x53053053) = 0 [pid 5143] set_robust_list(0x7f43c88a29a0, 24) = 0 [pid 5143] rt_sigprocmask(SIG_SETMASK, [], [pid 5142] rt_sigprocmask(SIG_SETMASK, [], [pid 5143] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5143] futex(0x7f43c89726c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5142] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5142] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5143] <... futex resumed>) = 0 [pid 5142] <... futex resumed>) = 1 [pid 5142] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5143] memfd_create("syzkaller", 0) = 3 [pid 5143] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f43c0482000 [pid 5143] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5143] munmap(0x7f43c0482000, 16777216) = 0 [pid 5143] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5143] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5143] close(3) = 0 [pid 5143] mkdir("./file0", 0777) = 0 [ 70.729349][ T5143] loop0: detected capacity change from 0 to 32768 [ 70.738710][ T5143] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor833 (5143) [ 70.756234][ T5143] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 70.765320][ T5143] BTRFS info (device loop0): turning on flush-on-commit [ 70.772358][ T5143] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 70.783277][ T5143] BTRFS info (device loop0): trying to use backup root at mount time [ 70.791679][ T5143] BTRFS info (device loop0): using free space tree [ 70.805349][ T12] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 70.819078][ T5143] BTRFS warning (device loop0): couldn't read tree root [pid 5143] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5143] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5143] chdir("./file0") = 0 [pid 5143] ioctl(4, LOOP_CLR_FD) = 0 [pid 5143] close(4) = 0 [pid 5143] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5143] futex(0x7f43c89726c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5142] <... futex resumed>) = 0 [pid 5142] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5143] <... futex resumed>) = 0 [pid 5142] <... futex resumed>) = 1 [pid 5143] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [ 70.826287][ T5143] BTRFS warning (device loop0): try to load backup roots slot 1 [ 70.839757][ T5143] BTRFS info (device loop0): enabling ssd optimizations [ 70.847729][ T5143] BTRFS info (device loop0): rebuilding free space tree [pid 5142] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5143] <... open resumed>) = 4 [pid 5143] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5142] <... futex resumed>) = 0 [pid 5143] futex(0x7f43c89726c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5142] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5143] <... futex resumed>) = 0 [pid 5142] <... futex resumed>) = 1 [pid 5143] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0 [pid 5142] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5143] <... ioctl resumed>) = 0 [pid 5143] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5142] <... futex resumed>) = 0 [pid 5142] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5142] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5143] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5142] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5142] futex(0x7f43c89726dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5142] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f43c1461000 [pid 5142] mprotect(0x7f43c1462000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5142] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5142] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f43c1481990, parent_tid=0x7f43c1481990, exit_signal=0, stack=0x7f43c1461000, stack_size=0x20300, tls=0x7f43c14816c0}./strace-static-x86_64: Process 5160 attached [pid 5160] rseq(0x7f43c1481fe0, 0x20, 0, 0x53053053 [pid 5142] <... clone3 resumed> => {parent_tid=[5160]}, 88) = 5160 [pid 5160] <... rseq resumed>) = 0 [pid 5142] rt_sigprocmask(SIG_SETMASK, [], [pid 5160] set_robust_list(0x7f43c14819a0, 24 [pid 5142] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5160] <... set_robust_list resumed>) = 0 [pid 5142] futex(0x7f43c89726d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5160] rt_sigprocmask(SIG_SETMASK, [], [pid 5142] futex(0x7f43c89726dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5160] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 70.872707][ T27] audit: type=1800 audit(1692385555.508:8): pid=5143 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor833" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 70.904305][ T5143] BTRFS info (device loop0): balance: start -d -m [ 70.913444][ T5143] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5160] open(".", O_RDONLY) = 5 [pid 5160] futex(0x7f43c89726dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5142] <... futex resumed>) = 0 [pid 5142] futex(0x7f43c89726d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5142] futex(0x7f43c89726dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5160] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [pid 5142] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 70.957097][ T5143] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5160] <... ioctl resumed>) = 0 [pid 5160] futex(0x7f43c89726dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 71.084834][ T5143] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 71.120859][ T5143] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5160] futex(0x7f43c89726d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5143] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5143] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5142] exit_group(0 [pid 5143] ???( [pid 5142] <... exit_group resumed>) = ? [pid 5143] <... ??? resumed>) = ? [pid 5160] <... futex resumed>) = ? [pid 5143] +++ exited with 0 +++ [pid 5160] +++ exited with 0 +++ [pid 5142] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5142, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=36 /* 0.36 s */} --- umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557141730 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 [ 71.152869][ T5143] BTRFS info (device loop0): balance: ended with status: 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557149770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557149770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 getdents64(3, 0x555557141730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557140690) = 5161 ./strace-static-x86_64: Process 5161 attached [pid 5161] set_robust_list(0x5555571406a0, 24) = 0 [pid 5161] chdir("./7") = 0 [pid 5161] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5161] setpgid(0, 0) = 0 [pid 5161] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5161] write(3, "1000", 4) = 4 [pid 5161] close(3) = 0 [pid 5161] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5161] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5161] rt_sigaction(SIGRT_1, {sa_handler=0x7f43c890bff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f43c88fd1a0}, NULL, 8) = 0 [pid 5161] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5161] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f43c8882000 [pid 5161] mprotect(0x7f43c8883000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5161] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5161] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f43c88a2990, parent_tid=0x7f43c88a2990, exit_signal=0, stack=0x7f43c8882000, stack_size=0x20300, tls=0x7f43c88a26c0} => {parent_tid=[5162]}, 88) = 5162 [pid 5161] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5161] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5161] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5162 attached [pid 5162] rseq(0x7f43c88a2fe0, 0x20, 0, 0x53053053) = 0 [pid 5162] set_robust_list(0x7f43c88a29a0, 24) = 0 [pid 5162] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5162] memfd_create("syzkaller", 0) = 3 [pid 5162] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f43c0482000 [pid 5162] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5162] munmap(0x7f43c0482000, 16777216) = 0 [pid 5162] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5162] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5162] close(3) = 0 [pid 5162] mkdir("./file0", 0777) = 0 [ 71.449462][ T5162] loop0: detected capacity change from 0 to 32768 [ 71.469422][ T5162] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor833 (5162) [ 71.487054][ T5162] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 71.496331][ T5162] BTRFS info (device loop0): turning on flush-on-commit [ 71.503670][ T5162] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 71.514620][ T5162] BTRFS info (device loop0): trying to use backup root at mount time [ 71.523222][ T5162] BTRFS info (device loop0): using free space tree [pid 5162] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5162] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5162] chdir("./file0") = 0 [pid 5162] ioctl(4, LOOP_CLR_FD) = 0 [pid 5162] close(4) = 0 [pid 5162] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5161] <... futex resumed>) = 0 [pid 5161] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5161] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5162] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [ 71.537408][ T66] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 71.551339][ T5162] BTRFS warning (device loop0): couldn't read tree root [ 71.559104][ T5162] BTRFS warning (device loop0): try to load backup roots slot 1 [ 71.572470][ T5162] BTRFS info (device loop0): enabling ssd optimizations [ 71.581067][ T5162] BTRFS info (device loop0): rebuilding free space tree [pid 5162] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5162] futex(0x7f43c89726c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5161] <... futex resumed>) = 0 [pid 5161] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5162] <... futex resumed>) = 0 [pid 5161] <... futex resumed>) = 1 [pid 5162] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0 [pid 5161] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5162] <... ioctl resumed>) = 0 [pid 5162] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5161] <... futex resumed>) = 0 [pid 5162] futex(0x7f43c89726c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5161] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5162] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5161] <... futex resumed>) = 0 [pid 5162] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 71.614229][ T27] audit: type=1800 audit(1692385556.248:9): pid=5162 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor833" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 71.644311][ T5162] BTRFS info (device loop0): balance: start -d -m [ 71.654792][ T5162] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5161] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5161] futex(0x7f43c89726dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5161] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f43c1461000 [pid 5161] mprotect(0x7f43c1462000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5161] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5161] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f43c1481990, parent_tid=0x7f43c1481990, exit_signal=0, stack=0x7f43c1461000, stack_size=0x20300, tls=0x7f43c14816c0} => {parent_tid=[5179]}, 88) = 5179 [pid 5161] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5161] futex(0x7f43c89726d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5161] futex(0x7f43c89726dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5179 attached [pid 5179] rseq(0x7f43c1481fe0, 0x20, 0, 0x53053053) = 0 [pid 5179] set_robust_list(0x7f43c14819a0, 24) = 0 [pid 5179] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5179] open(".", O_RDONLY) = 5 [pid 5179] futex(0x7f43c89726dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5161] <... futex resumed>) = 0 [pid 5161] futex(0x7f43c89726d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5161] futex(0x7f43c89726dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 71.687951][ T5162] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5179] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [pid 5161] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5161] futex(0x7f43c89726dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5179] <... ioctl resumed>) = 0 [pid 5179] futex(0x7f43c89726dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 71.769138][ T5162] BTRFS info (device loop0): found 10 extents, stage: move data extents [pid 5179] futex(0x7f43c89726d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5162] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5162] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5161] exit_group(0 [pid 5179] <... futex resumed>) = ? [pid 5162] <... futex resumed>) = ? [pid 5161] <... exit_group resumed>) = ? [pid 5179] +++ exited with 0 +++ [pid 5162] +++ exited with 0 +++ [pid 5161] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5161, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=37 /* 0.37 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557141730 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 [ 71.841106][ T5162] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 71.866137][ T5162] BTRFS info (device loop0): balance: ended with status: 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557149770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557149770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 getdents64(3, 0x555557141730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557140690) = 5180 ./strace-static-x86_64: Process 5180 attached [pid 5180] set_robust_list(0x5555571406a0, 24) = 0 [pid 5180] chdir("./8") = 0 [pid 5180] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5180] setpgid(0, 0) = 0 [pid 5180] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5180] write(3, "1000", 4) = 4 [pid 5180] close(3) = 0 [pid 5180] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5180] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5180] rt_sigaction(SIGRT_1, {sa_handler=0x7f43c890bff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f43c88fd1a0}, NULL, 8) = 0 [pid 5180] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5180] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f43c8882000 [pid 5180] mprotect(0x7f43c8883000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5180] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5180] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f43c88a2990, parent_tid=0x7f43c88a2990, exit_signal=0, stack=0x7f43c8882000, stack_size=0x20300, tls=0x7f43c88a26c0}./strace-static-x86_64: Process 5181 attached [pid 5181] rseq(0x7f43c88a2fe0, 0x20, 0, 0x53053053) = 0 [pid 5181] set_robust_list(0x7f43c88a29a0, 24 [pid 5180] <... clone3 resumed> => {parent_tid=[5181]}, 88) = 5181 [pid 5181] <... set_robust_list resumed>) = 0 [pid 5181] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5181] futex(0x7f43c89726c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5180] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5180] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5181] <... futex resumed>) = 0 [pid 5180] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5181] memfd_create("syzkaller", 0) = 3 [pid 5181] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f43c0482000 [pid 5181] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5181] munmap(0x7f43c0482000, 16777216) = 0 [pid 5181] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5181] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5181] close(3) = 0 [pid 5181] mkdir("./file0", 0777) = 0 [ 72.146800][ T5181] loop0: detected capacity change from 0 to 32768 [ 72.157753][ T5181] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor833 (5181) [ 72.174451][ T5181] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 72.183255][ T5181] BTRFS info (device loop0): turning on flush-on-commit [ 72.190329][ T5181] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 72.201052][ T5181] BTRFS info (device loop0): trying to use backup root at mount time [ 72.209220][ T5181] BTRFS info (device loop0): using free space tree [ 72.223304][ T12] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 72.237543][ T5181] BTRFS warning (device loop0): couldn't read tree root [pid 5181] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5181] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5181] chdir("./file0") = 0 [pid 5181] ioctl(4, LOOP_CLR_FD) = 0 [pid 5181] close(4) = 0 [pid 5181] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 72.244897][ T5181] BTRFS warning (device loop0): try to load backup roots slot 1 [ 72.257863][ T5181] BTRFS info (device loop0): enabling ssd optimizations [ 72.265690][ T5181] BTRFS info (device loop0): rebuilding free space tree [pid 5181] futex(0x7f43c89726c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5180] <... futex resumed>) = 0 [pid 5180] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5181] <... futex resumed>) = 0 [pid 5180] <... futex resumed>) = 1 [pid 5181] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5181] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5181] futex(0x7f43c89726c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5180] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5180] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5180] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5181] <... futex resumed>) = 0 [pid 5181] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0) = 0 [pid 5181] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5180] <... futex resumed>) = 0 [pid 5180] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5180] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5181] <... futex resumed>) = 1 [pid 5181] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5180] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5180] futex(0x7f43c89726dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5180] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f43c1461000 [pid 5180] mprotect(0x7f43c1462000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5180] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5180] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f43c1481990, parent_tid=0x7f43c1481990, exit_signal=0, stack=0x7f43c1461000, stack_size=0x20300, tls=0x7f43c14816c0} => {parent_tid=[5198]}, 88) = 5198 [pid 5180] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5180] futex(0x7f43c89726d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5180] futex(0x7f43c89726dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5198 attached [pid 5198] rseq(0x7f43c1481fe0, 0x20, 0, 0x53053053) = 0 [pid 5198] set_robust_list(0x7f43c14819a0, 24) = 0 [pid 5198] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5198] open(".", O_RDONLY) = 5 [pid 5198] futex(0x7f43c89726dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5180] <... futex resumed>) = 0 [pid 5198] <... futex resumed>) = 1 [pid 5180] futex(0x7f43c89726d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5198] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [pid 5180] <... futex resumed>) = 0 [ 72.298548][ T27] audit: type=1800 audit(1692385556.928:10): pid=5181 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor833" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 72.309728][ T5181] BTRFS info (device loop0): balance: start -d -m [ 72.335113][ T5181] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5180] futex(0x7f43c89726dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5198] <... ioctl resumed>) = 0 [pid 5198] futex(0x7f43c89726dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 72.454426][ T5181] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 72.506793][ T5181] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 72.534802][ T5181] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5198] futex(0x7f43c89726d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5181] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5181] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5180] exit_group(0 [pid 5181] ???( [pid 5198] <... futex resumed>) = ? [pid 5181] <... ??? resumed>) = ? [pid 5180] <... exit_group resumed>) = ? [pid 5198] +++ exited with 0 +++ [pid 5181] +++ exited with 0 +++ [pid 5180] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5180, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=32 /* 0.32 s */} --- umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557141730 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 [ 72.559582][ T5181] BTRFS info (device loop0): balance: ended with status: 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557149770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557149770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = 0 getdents64(3, 0x555557141730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557140690) = 5199 ./strace-static-x86_64: Process 5199 attached [pid 5199] set_robust_list(0x5555571406a0, 24) = 0 [pid 5199] chdir("./9") = 0 [pid 5199] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5199] setpgid(0, 0) = 0 [pid 5199] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5199] write(3, "1000", 4) = 4 [pid 5199] close(3) = 0 [pid 5199] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5199] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5199] rt_sigaction(SIGRT_1, {sa_handler=0x7f43c890bff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f43c88fd1a0}, NULL, 8) = 0 [pid 5199] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5199] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f43c8882000 [pid 5199] mprotect(0x7f43c8883000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5199] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5199] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f43c88a2990, parent_tid=0x7f43c88a2990, exit_signal=0, stack=0x7f43c8882000, stack_size=0x20300, tls=0x7f43c88a26c0}./strace-static-x86_64: Process 5200 attached => {parent_tid=[5200]}, 88) = 5200 [pid 5200] rseq(0x7f43c88a2fe0, 0x20, 0, 0x53053053) = 0 [pid 5200] set_robust_list(0x7f43c88a29a0, 24) = 0 [pid 5199] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5200] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5200] futex(0x7f43c89726c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5199] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5200] <... futex resumed>) = 0 [pid 5199] <... futex resumed>) = 1 [pid 5199] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5200] memfd_create("syzkaller", 0) = 3 [pid 5200] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f43c0482000 [pid 5200] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5200] munmap(0x7f43c0482000, 16777216) = 0 [pid 5200] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5200] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5200] close(3) = 0 [pid 5200] mkdir("./file0", 0777) = 0 [ 72.849302][ T5200] loop0: detected capacity change from 0 to 32768 [ 72.858636][ T5200] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor833 (5200) [ 72.876600][ T5200] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 72.885799][ T5200] BTRFS info (device loop0): turning on flush-on-commit [ 72.893073][ T5200] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 72.904079][ T5200] BTRFS info (device loop0): trying to use backup root at mount time [ 72.912536][ T5200] BTRFS info (device loop0): using free space tree [ 72.926712][ T10] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 72.940661][ T5200] BTRFS warning (device loop0): couldn't read tree root [pid 5200] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5200] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5200] chdir("./file0") = 0 [pid 5200] ioctl(4, LOOP_CLR_FD) = 0 [pid 5200] close(4) = 0 [pid 5200] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5199] <... futex resumed>) = 0 [pid 5200] <... futex resumed>) = 1 [pid 5200] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5199] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 72.947755][ T5200] BTRFS warning (device loop0): try to load backup roots slot 1 [ 72.960439][ T5200] BTRFS info (device loop0): enabling ssd optimizations [ 72.968214][ T5200] BTRFS info (device loop0): rebuilding free space tree [pid 5199] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5200] <... open resumed>) = 4 [pid 5200] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5199] <... futex resumed>) = 0 [pid 5200] futex(0x7f43c89726c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5199] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5200] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5199] <... futex resumed>) = 0 [pid 5200] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0 [pid 5199] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5200] <... ioctl resumed>) = 0 [pid 5200] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5199] <... futex resumed>) = 0 [pid 5200] futex(0x7f43c89726c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5199] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5200] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5199] <... futex resumed>) = 0 [pid 5200] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 73.008758][ T27] audit: type=1800 audit(1692385557.648:11): pid=5200 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor833" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 73.036879][ T5200] BTRFS info (device loop0): balance: start -d -m [ 73.047942][ T5200] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5199] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5199] futex(0x7f43c89726dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5199] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f43c1461000 [pid 5199] mprotect(0x7f43c1462000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5199] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5199] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f43c1481990, parent_tid=0x7f43c1481990, exit_signal=0, stack=0x7f43c1461000, stack_size=0x20300, tls=0x7f43c14816c0} => {parent_tid=[5217]}, 88) = 5217 [pid 5199] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5199] futex(0x7f43c89726d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5199] futex(0x7f43c89726dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5217 attached [pid 5217] rseq(0x7f43c1481fe0, 0x20, 0, 0x53053053) = 0 [pid 5217] set_robust_list(0x7f43c14819a0, 24) = 0 [pid 5217] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5217] open(".", O_RDONLY) = 5 [pid 5217] futex(0x7f43c89726dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5199] <... futex resumed>) = 0 [pid 5217] futex(0x7f43c89726d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5199] futex(0x7f43c89726d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5217] <... futex resumed>) = 0 [pid 5199] <... futex resumed>) = 1 [pid 5217] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [ 73.082952][ T5200] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5199] futex(0x7f43c89726dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5217] <... ioctl resumed>) = 0 [pid 5217] futex(0x7f43c89726dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 73.201442][ T5200] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 73.229381][ T5200] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5217] futex(0x7f43c89726d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5200] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5200] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5200] futex(0x7f43c89726c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5199] exit_group(0 [pid 5217] <... futex resumed>) = ? [pid 5199] <... exit_group resumed>) = ? [pid 5200] <... futex resumed>) = ? [pid 5200] +++ exited with 0 +++ [pid 5217] +++ exited with 0 +++ [pid 5199] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5199, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=37 /* 0.37 s */} --- umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557141730 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 [ 73.252527][ T5200] BTRFS info (device loop0): balance: ended with status: 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557149770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557149770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file0") = 0 getdents64(3, 0x555557141730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557140690) = 5218 ./strace-static-x86_64: Process 5218 attached [pid 5218] set_robust_list(0x5555571406a0, 24) = 0 [pid 5218] chdir("./10") = 0 [pid 5218] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5218] setpgid(0, 0) = 0 [pid 5218] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5218] write(3, "1000", 4) = 4 [pid 5218] close(3) = 0 [pid 5218] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5218] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5218] rt_sigaction(SIGRT_1, {sa_handler=0x7f43c890bff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f43c88fd1a0}, NULL, 8) = 0 [pid 5218] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5218] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f43c8882000 [pid 5218] mprotect(0x7f43c8883000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5218] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5218] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f43c88a2990, parent_tid=0x7f43c88a2990, exit_signal=0, stack=0x7f43c8882000, stack_size=0x20300, tls=0x7f43c88a26c0}./strace-static-x86_64: Process 5219 attached [pid 5219] rseq(0x7f43c88a2fe0, 0x20, 0, 0x53053053) = 0 [pid 5219] set_robust_list(0x7f43c88a29a0, 24) = 0 [pid 5219] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5219] futex(0x7f43c89726c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5218] <... clone3 resumed> => {parent_tid=[5219]}, 88) = 5219 [pid 5218] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5218] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5219] <... futex resumed>) = 0 [pid 5218] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5219] memfd_create("syzkaller", 0) = 3 [pid 5219] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f43c0482000 [pid 5219] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5219] munmap(0x7f43c0482000, 16777216) = 0 [pid 5219] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5219] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5219] close(3) = 0 [pid 5219] mkdir("./file0", 0777) = 0 [ 73.533517][ T5219] loop0: detected capacity change from 0 to 32768 [ 73.543924][ T5219] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor833 (5219) [ 73.560893][ T5219] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 73.569767][ T5219] BTRFS info (device loop0): turning on flush-on-commit [ 73.576727][ T5219] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 73.587498][ T5219] BTRFS info (device loop0): trying to use backup root at mount time [ 73.595793][ T5219] BTRFS info (device loop0): using free space tree [ 73.608992][ T66] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 73.622639][ T5219] BTRFS warning (device loop0): couldn't read tree root [pid 5219] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5219] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5219] chdir("./file0") = 0 [pid 5219] ioctl(4, LOOP_CLR_FD) = 0 [pid 5219] close(4) = 0 [pid 5219] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5218] <... futex resumed>) = 0 [pid 5218] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5218] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5219] <... futex resumed>) = 1 [ 73.629794][ T5219] BTRFS warning (device loop0): try to load backup roots slot 1 [ 73.642662][ T5219] BTRFS info (device loop0): enabling ssd optimizations [ 73.650514][ T5219] BTRFS info (device loop0): rebuilding free space tree [pid 5219] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5219] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5218] <... futex resumed>) = 0 [pid 5218] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5218] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5219] <... futex resumed>) = 1 [pid 5219] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0) = 0 [pid 5219] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5218] <... futex resumed>) = 0 [pid 5218] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5218] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5219] <... futex resumed>) = 1 [ 73.680066][ T27] audit: type=1800 audit(1692385558.318:12): pid=5219 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor833" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 73.715612][ T5219] BTRFS info (device loop0): balance: start -d -m [pid 5219] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5218] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5218] futex(0x7f43c89726dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5218] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f43c1461000 [pid 5218] mprotect(0x7f43c1462000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5218] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5218] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f43c1481990, parent_tid=0x7f43c1481990, exit_signal=0, stack=0x7f43c1461000, stack_size=0x20300, tls=0x7f43c14816c0} => {parent_tid=[5236]}, 88) = 5236 [pid 5218] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5218] futex(0x7f43c89726d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5218] futex(0x7f43c89726dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5236 attached [pid 5236] rseq(0x7f43c1481fe0, 0x20, 0, 0x53053053) = 0 [pid 5236] set_robust_list(0x7f43c14819a0, 24) = 0 [pid 5236] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5236] open(".", O_RDONLY) = 5 [pid 5236] futex(0x7f43c89726dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5218] <... futex resumed>) = 0 [pid 5236] futex(0x7f43c89726d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5218] futex(0x7f43c89726d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5236] <... futex resumed>) = 0 [pid 5218] <... futex resumed>) = 1 [pid 5236] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [ 73.726603][ T5219] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5218] futex(0x7f43c89726dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 73.784334][ T5219] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5236] <... ioctl resumed>) = 0 [pid 5236] futex(0x7f43c89726dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 73.880202][ T5219] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 73.905429][ T5219] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5236] futex(0x7f43c89726d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5219] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5219] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5218] exit_group(0 [pid 5236] <... futex resumed>) = ? [pid 5218] <... exit_group resumed>) = ? [pid 5236] +++ exited with 0 +++ [pid 5219] <... futex resumed>) = ? [pid 5219] +++ exited with 0 +++ [pid 5218] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5218, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=40 /* 0.40 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557141730 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 [ 73.929009][ T5219] BTRFS info (device loop0): balance: ended with status: 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557149770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557149770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file0") = 0 getdents64(3, 0x555557141730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557140690) = 5237 ./strace-static-x86_64: Process 5237 attached [pid 5237] set_robust_list(0x5555571406a0, 24) = 0 [pid 5237] chdir("./11") = 0 [pid 5237] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5237] setpgid(0, 0) = 0 [pid 5237] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5237] write(3, "1000", 4) = 4 [pid 5237] close(3) = 0 [pid 5237] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5237] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5237] rt_sigaction(SIGRT_1, {sa_handler=0x7f43c890bff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f43c88fd1a0}, NULL, 8) = 0 [pid 5237] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5237] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f43c8882000 [pid 5237] mprotect(0x7f43c8883000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5237] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5237] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f43c88a2990, parent_tid=0x7f43c88a2990, exit_signal=0, stack=0x7f43c8882000, stack_size=0x20300, tls=0x7f43c88a26c0}./strace-static-x86_64: Process 5238 attached => {parent_tid=[5238]}, 88) = 5238 [pid 5238] rseq(0x7f43c88a2fe0, 0x20, 0, 0x53053053 [pid 5237] rt_sigprocmask(SIG_SETMASK, [], [pid 5238] <... rseq resumed>) = 0 [pid 5237] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5238] set_robust_list(0x7f43c88a29a0, 24 [pid 5237] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5238] <... set_robust_list resumed>) = 0 [pid 5237] <... futex resumed>) = 0 [pid 5238] rt_sigprocmask(SIG_SETMASK, [], [pid 5237] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5238] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5238] memfd_create("syzkaller", 0) = 3 [pid 5238] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f43c0482000 [pid 5238] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5238] munmap(0x7f43c0482000, 16777216) = 0 [pid 5238] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5238] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5238] close(3) = 0 [pid 5238] mkdir("./file0", 0777) = 0 [ 74.203642][ T5238] loop0: detected capacity change from 0 to 32768 [ 74.214196][ T5238] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor833 (5238) [ 74.231370][ T5238] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 74.240182][ T5238] BTRFS info (device loop0): turning on flush-on-commit [ 74.247156][ T5238] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 74.258172][ T5238] BTRFS info (device loop0): trying to use backup root at mount time [ 74.266788][ T5238] BTRFS info (device loop0): using free space tree [ 74.280220][ T66] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 74.294144][ T5238] BTRFS warning (device loop0): couldn't read tree root [pid 5238] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5238] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5238] chdir("./file0") = 0 [pid 5238] ioctl(4, LOOP_CLR_FD) = 0 [pid 5238] close(4) = 0 [pid 5238] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5237] <... futex resumed>) = 0 [pid 5238] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5237] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 74.301423][ T5238] BTRFS warning (device loop0): try to load backup roots slot 1 [ 74.314113][ T5238] BTRFS info (device loop0): enabling ssd optimizations [ 74.322307][ T5238] BTRFS info (device loop0): rebuilding free space tree [pid 5237] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5238] <... open resumed>) = 4 [pid 5238] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5237] <... futex resumed>) = 0 [pid 5238] futex(0x7f43c89726c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5237] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5238] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0 [pid 5237] <... futex resumed>) = 0 [pid 5238] <... ioctl resumed>) = 0 [pid 5237] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5238] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5237] <... futex resumed>) = 0 [pid 5238] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5237] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 74.351950][ T27] audit: type=1800 audit(1692385558.988:13): pid=5238 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor833" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 74.384947][ T5238] BTRFS info (device loop0): balance: start -d -m [ 74.394907][ T5238] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5237] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5237] futex(0x7f43c89726dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5237] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f43c1461000 [pid 5237] mprotect(0x7f43c1462000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5237] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5237] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f43c1481990, parent_tid=0x7f43c1481990, exit_signal=0, stack=0x7f43c1461000, stack_size=0x20300, tls=0x7f43c14816c0} => {parent_tid=[5255]}, 88) = 5255 [pid 5237] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5237] futex(0x7f43c89726d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5237] futex(0x7f43c89726dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5255 attached [pid 5255] rseq(0x7f43c1481fe0, 0x20, 0, 0x53053053) = 0 [pid 5255] set_robust_list(0x7f43c14819a0, 24) = 0 [pid 5255] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5255] open(".", O_RDONLY) = 5 [pid 5255] futex(0x7f43c89726dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5237] <... futex resumed>) = 0 [pid 5255] futex(0x7f43c89726d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5237] futex(0x7f43c89726d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5255] <... futex resumed>) = 0 [pid 5255] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [ 74.427234][ T5238] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5237] futex(0x7f43c89726dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5255] <... ioctl resumed>) = 0 [pid 5255] futex(0x7f43c89726dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 74.550244][ T5238] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 74.575332][ T5238] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5255] futex(0x7f43c89726d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5238] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5238] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5237] exit_group(0 [pid 5255] <... futex resumed>) = ? [pid 5237] <... exit_group resumed>) = ? [pid 5255] +++ exited with 0 +++ [pid 5238] <... futex resumed>) = ? [pid 5238] +++ exited with 0 +++ [pid 5237] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5237, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=37 /* 0.37 s */} --- umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557141730 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 [ 74.599638][ T5238] BTRFS info (device loop0): balance: ended with status: 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557149770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557149770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file0") = 0 getdents64(3, 0x555557141730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557140690) = 5256 ./strace-static-x86_64: Process 5256 attached [pid 5256] set_robust_list(0x5555571406a0, 24) = 0 [pid 5256] chdir("./12") = 0 [pid 5256] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5256] setpgid(0, 0) = 0 [pid 5256] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5256] write(3, "1000", 4) = 4 [pid 5256] close(3) = 0 [pid 5256] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5256] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5256] rt_sigaction(SIGRT_1, {sa_handler=0x7f43c890bff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f43c88fd1a0}, NULL, 8) = 0 [pid 5256] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5256] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f43c8882000 [pid 5256] mprotect(0x7f43c8883000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5256] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5256] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f43c88a2990, parent_tid=0x7f43c88a2990, exit_signal=0, stack=0x7f43c8882000, stack_size=0x20300, tls=0x7f43c88a26c0}./strace-static-x86_64: Process 5257 attached [pid 5257] rseq(0x7f43c88a2fe0, 0x20, 0, 0x53053053) = 0 [pid 5257] set_robust_list(0x7f43c88a29a0, 24) = 0 [pid 5257] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5256] <... clone3 resumed> => {parent_tid=[5257]}, 88) = 5257 [pid 5257] futex(0x7f43c89726c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5256] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5256] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5257] <... futex resumed>) = 0 [pid 5256] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5257] memfd_create("syzkaller", 0) = 3 [pid 5257] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f43c0482000 [pid 5257] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5257] munmap(0x7f43c0482000, 16777216) = 0 [pid 5257] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5257] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5257] close(3) = 0 [pid 5257] mkdir("./file0", 0777) = 0 [ 74.907976][ T5257] loop0: detected capacity change from 0 to 32768 [ 74.917747][ T5257] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor833 (5257) [ 74.934336][ T5257] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 74.943217][ T5257] BTRFS info (device loop0): turning on flush-on-commit [ 74.950251][ T5257] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 74.960996][ T5257] BTRFS info (device loop0): trying to use backup root at mount time [ 74.969174][ T5257] BTRFS info (device loop0): using free space tree [ 74.982952][ T66] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 74.996564][ T5257] BTRFS warning (device loop0): couldn't read tree root [pid 5257] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5257] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5257] chdir("./file0") = 0 [pid 5257] ioctl(4, LOOP_CLR_FD) = 0 [pid 5257] close(4) = 0 [pid 5257] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5256] <... futex resumed>) = 0 [pid 5256] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5256] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5257] <... futex resumed>) = 1 [ 75.003705][ T5257] BTRFS warning (device loop0): try to load backup roots slot 1 [ 75.015490][ T5257] BTRFS info (device loop0): enabling ssd optimizations [ 75.023431][ T5257] BTRFS info (device loop0): rebuilding free space tree [pid 5257] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5257] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5256] <... futex resumed>) = 0 [pid 5256] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5256] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5257] <... futex resumed>) = 1 [pid 5257] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0) = 0 [pid 5257] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5256] <... futex resumed>) = 0 [pid 5256] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5256] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5257] <... futex resumed>) = 1 [pid 5257] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5256] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5256] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5256] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5256] futex(0x7f43c89726dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5256] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f43c1461000 [pid 5256] mprotect(0x7f43c1462000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5256] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5256] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f43c1481990, parent_tid=0x7f43c1481990, exit_signal=0, stack=0x7f43c1461000, stack_size=0x20300, tls=0x7f43c14816c0} => {parent_tid=[5274]}, 88) = 5274 [pid 5256] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5256] futex(0x7f43c89726d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5256] futex(0x7f43c89726dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5274 attached [pid 5274] rseq(0x7f43c1481fe0, 0x20, 0, 0x53053053) = 0 [pid 5274] set_robust_list(0x7f43c14819a0, 24) = 0 [pid 5274] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5274] open(".", O_RDONLY) = 5 [pid 5274] futex(0x7f43c89726dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5256] <... futex resumed>) = 0 [pid 5256] futex(0x7f43c89726d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5256] futex(0x7f43c89726dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 75.061770][ T27] audit: type=1800 audit(1692385559.698:14): pid=5257 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor833" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 75.085320][ T5257] BTRFS info (device loop0): balance: start -d -m [ 75.093297][ T5257] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5274] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [pid 5256] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 75.137538][ T5257] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5274] <... ioctl resumed>) = 0 [pid 5274] futex(0x7f43c89726dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 75.250065][ T5257] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 75.285987][ T5257] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5274] futex(0x7f43c89726d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5257] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5257] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5256] exit_group(0 [pid 5274] <... futex resumed>) = ? [pid 5257] <... futex resumed>) = ? [pid 5256] <... exit_group resumed>) = ? [pid 5274] +++ exited with 0 +++ [pid 5257] +++ exited with 0 +++ [pid 5256] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5256, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=33 /* 0.33 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557141730 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 [ 75.308018][ T5257] BTRFS info (device loop0): balance: ended with status: 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557149770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557149770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file0") = 0 getdents64(3, 0x555557141730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557140690) = 5275 ./strace-static-x86_64: Process 5275 attached [pid 5275] set_robust_list(0x5555571406a0, 24) = 0 [pid 5275] chdir("./13") = 0 [pid 5275] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5275] setpgid(0, 0) = 0 [pid 5275] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5275] write(3, "1000", 4) = 4 [pid 5275] close(3) = 0 [pid 5275] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5275] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5275] rt_sigaction(SIGRT_1, {sa_handler=0x7f43c890bff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f43c88fd1a0}, NULL, 8) = 0 [pid 5275] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5275] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f43c8882000 [pid 5275] mprotect(0x7f43c8883000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5275] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5275] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f43c88a2990, parent_tid=0x7f43c88a2990, exit_signal=0, stack=0x7f43c8882000, stack_size=0x20300, tls=0x7f43c88a26c0}./strace-static-x86_64: Process 5276 attached => {parent_tid=[5276]}, 88) = 5276 [pid 5276] rseq(0x7f43c88a2fe0, 0x20, 0, 0x53053053 [pid 5275] rt_sigprocmask(SIG_SETMASK, [], [pid 5276] <... rseq resumed>) = 0 [pid 5276] set_robust_list(0x7f43c88a29a0, 24) = 0 [pid 5276] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5276] futex(0x7f43c89726c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5275] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5275] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5276] <... futex resumed>) = 0 [pid 5275] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5276] memfd_create("syzkaller", 0) = 3 [pid 5276] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f43c0482000 [pid 5276] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5276] munmap(0x7f43c0482000, 16777216) = 0 [pid 5276] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5276] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5276] close(3) = 0 [pid 5276] mkdir("./file0", 0777) = 0 [ 75.604015][ T5276] loop0: detected capacity change from 0 to 32768 [ 75.616022][ T5276] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor833 (5276) [ 75.633059][ T5276] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 75.641925][ T5276] BTRFS info (device loop0): turning on flush-on-commit [ 75.648946][ T5276] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 75.659728][ T5276] BTRFS info (device loop0): trying to use backup root at mount time [ 75.667820][ T5276] BTRFS info (device loop0): using free space tree [ 75.681204][ T12] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 75.694803][ T5276] BTRFS warning (device loop0): couldn't read tree root [pid 5276] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5276] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5276] chdir("./file0") = 0 [pid 5276] ioctl(4, LOOP_CLR_FD) = 0 [pid 5276] close(4) = 0 [pid 5276] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5275] <... futex resumed>) = 0 [pid 5275] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5275] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5276] <... futex resumed>) = 1 [ 75.702060][ T5276] BTRFS warning (device loop0): try to load backup roots slot 1 [ 75.715984][ T5276] BTRFS info (device loop0): enabling ssd optimizations [ 75.724533][ T5276] BTRFS info (device loop0): rebuilding free space tree [pid 5276] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5276] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5275] <... futex resumed>) = 0 [pid 5275] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5275] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5276] <... futex resumed>) = 1 [pid 5276] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0) = 0 [pid 5276] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5275] <... futex resumed>) = 0 [pid 5275] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5275] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5276] <... futex resumed>) = 1 [ 75.752314][ T27] audit: type=1800 audit(1692385560.388:15): pid=5276 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor833" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 75.786518][ T5276] BTRFS info (device loop0): balance: start -d -m [pid 5276] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5275] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5275] futex(0x7f43c89726dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5275] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f43c1461000 [pid 5275] mprotect(0x7f43c1462000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5275] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5275] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f43c1481990, parent_tid=0x7f43c1481990, exit_signal=0, stack=0x7f43c1461000, stack_size=0x20300, tls=0x7f43c14816c0} => {parent_tid=[5293]}, 88) = 5293 [pid 5275] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5275] futex(0x7f43c89726d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5275] futex(0x7f43c89726dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5293 attached [pid 5293] rseq(0x7f43c1481fe0, 0x20, 0, 0x53053053) = 0 [pid 5293] set_robust_list(0x7f43c14819a0, 24) = 0 [pid 5293] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5293] open(".", O_RDONLY) = 5 [pid 5293] futex(0x7f43c89726dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5275] <... futex resumed>) = 0 [pid 5293] futex(0x7f43c89726d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5275] futex(0x7f43c89726d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5293] <... futex resumed>) = 0 [pid 5275] <... futex resumed>) = 1 [ 75.797559][ T5276] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5293] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [pid 5275] futex(0x7f43c89726dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 75.856789][ T5276] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5293] <... ioctl resumed>) = 0 [pid 5293] futex(0x7f43c89726dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 75.953959][ T5276] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 75.978605][ T5276] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5293] futex(0x7f43c89726d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5276] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5276] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5275] exit_group(0 [pid 5293] <... futex resumed>) = ? [pid 5275] <... exit_group resumed>) = ? [pid 5276] <... futex resumed>) = ? [pid 5293] +++ exited with 0 +++ [pid 5276] +++ exited with 0 +++ [pid 5275] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5275, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=34 /* 0.34 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557141730 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 [ 76.001066][ T5276] BTRFS info (device loop0): balance: ended with status: 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557149770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557149770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file0") = 0 getdents64(3, 0x555557141730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557140690) = 5294 ./strace-static-x86_64: Process 5294 attached [pid 5294] set_robust_list(0x5555571406a0, 24) = 0 [pid 5294] chdir("./14") = 0 [pid 5294] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5294] setpgid(0, 0) = 0 [pid 5294] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5294] write(3, "1000", 4) = 4 [pid 5294] close(3) = 0 [pid 5294] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5294] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5294] rt_sigaction(SIGRT_1, {sa_handler=0x7f43c890bff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f43c88fd1a0}, NULL, 8) = 0 [pid 5294] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5294] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f43c8882000 [pid 5294] mprotect(0x7f43c8883000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5294] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5294] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f43c88a2990, parent_tid=0x7f43c88a2990, exit_signal=0, stack=0x7f43c8882000, stack_size=0x20300, tls=0x7f43c88a26c0} => {parent_tid=[5295]}, 88) = 5295 [pid 5294] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5294] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5294] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5295 attached [pid 5295] rseq(0x7f43c88a2fe0, 0x20, 0, 0x53053053) = 0 [pid 5295] set_robust_list(0x7f43c88a29a0, 24) = 0 [pid 5295] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5295] memfd_create("syzkaller", 0) = 3 [pid 5295] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f43c0482000 [pid 5295] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5295] munmap(0x7f43c0482000, 16777216) = 0 [pid 5295] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5295] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5295] close(3) = 0 [pid 5295] mkdir("./file0", 0777) = 0 [ 76.262094][ T5295] loop0: detected capacity change from 0 to 32768 [ 76.283916][ T5295] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor833 (5295) [ 76.301094][ T5295] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 76.310110][ T5295] BTRFS info (device loop0): turning on flush-on-commit [ 76.317120][ T5295] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 76.328270][ T5295] BTRFS info (device loop0): trying to use backup root at mount time [ 76.336963][ T5295] BTRFS info (device loop0): using free space tree [pid 5295] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5295] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5295] chdir("./file0") = 0 [pid 5295] ioctl(4, LOOP_CLR_FD) = 0 [ 76.350739][ T66] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 76.364857][ T5295] BTRFS warning (device loop0): couldn't read tree root [ 76.372142][ T5295] BTRFS warning (device loop0): try to load backup roots slot 1 [ 76.385132][ T5295] BTRFS info (device loop0): enabling ssd optimizations [ 76.393283][ T5295] BTRFS info (device loop0): rebuilding free space tree [pid 5295] close(4) = 0 [pid 5295] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5294] <... futex resumed>) = 0 [pid 5294] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5294] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5295] <... futex resumed>) = 1 [pid 5295] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5295] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5294] <... futex resumed>) = 0 [pid 5294] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5294] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5295] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0) = 0 [pid 5295] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5294] <... futex resumed>) = 0 [pid 5294] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5294] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 76.411106][ T27] audit: type=1800 audit(1692385561.048:16): pid=5295 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor833" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 76.449817][ T5295] BTRFS info (device loop0): balance: start -d -m [pid 5295] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5294] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5294] futex(0x7f43c89726dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5294] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f43c1461000 [pid 5294] mprotect(0x7f43c1462000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5294] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5294] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f43c1481990, parent_tid=0x7f43c1481990, exit_signal=0, stack=0x7f43c1461000, stack_size=0x20300, tls=0x7f43c14816c0} => {parent_tid=[5312]}, 88) = 5312 [pid 5294] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5294] futex(0x7f43c89726d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 76.457881][ T5295] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5294] futex(0x7f43c89726dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5312 attached [pid 5312] rseq(0x7f43c1481fe0, 0x20, 0, 0x53053053) = 0 [pid 5312] set_robust_list(0x7f43c14819a0, 24) = 0 [pid 5312] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5312] open(".", O_RDONLY) = 5 [pid 5312] futex(0x7f43c89726dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5294] <... futex resumed>) = 0 [pid 5294] futex(0x7f43c89726d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5294] futex(0x7f43c89726dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5312] <... futex resumed>) = 1 [ 76.494679][ T5295] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5312] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [pid 5294] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5294] futex(0x7f43c89726dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5294] futex(0x7f43c89726dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5312] <... ioctl resumed>) = 0 [pid 5312] futex(0x7f43c89726dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 76.611523][ T5295] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 76.648359][ T5295] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5312] futex(0x7f43c89726d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5295] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5295] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5295] futex(0x7f43c89726c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5294] exit_group(0 [pid 5312] <... futex resumed>) = ? [pid 5294] <... exit_group resumed>) = ? [pid 5312] +++ exited with 0 +++ [pid 5295] <... futex resumed>) = ? [pid 5295] +++ exited with 0 +++ [pid 5294] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5294, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=39 /* 0.39 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557141730 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 [ 76.676575][ T5295] BTRFS info (device loop0): balance: ended with status: 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557149770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557149770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file0") = 0 getdents64(3, 0x555557141730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557140690) = 5313 ./strace-static-x86_64: Process 5313 attached [pid 5313] set_robust_list(0x5555571406a0, 24) = 0 [pid 5313] chdir("./15") = 0 [pid 5313] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5313] setpgid(0, 0) = 0 [pid 5313] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5313] write(3, "1000", 4) = 4 [pid 5313] close(3) = 0 [pid 5313] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5313] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5313] rt_sigaction(SIGRT_1, {sa_handler=0x7f43c890bff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f43c88fd1a0}, NULL, 8) = 0 [pid 5313] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5313] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f43c8882000 [pid 5313] mprotect(0x7f43c8883000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5313] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5313] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f43c88a2990, parent_tid=0x7f43c88a2990, exit_signal=0, stack=0x7f43c8882000, stack_size=0x20300, tls=0x7f43c88a26c0} => {parent_tid=[5314]}, 88) = 5314 [pid 5313] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5313] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5313] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5314 attached [pid 5314] rseq(0x7f43c88a2fe0, 0x20, 0, 0x53053053) = 0 [pid 5314] set_robust_list(0x7f43c88a29a0, 24) = 0 [pid 5314] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5314] memfd_create("syzkaller", 0) = 3 [pid 5314] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f43c0482000 [pid 5314] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5314] munmap(0x7f43c0482000, 16777216) = 0 [pid 5314] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5314] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5314] close(3) = 0 [pid 5314] mkdir("./file0", 0777) = 0 [ 76.972044][ T5314] loop0: detected capacity change from 0 to 32768 [ 76.982396][ T5314] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor833 (5314) [ 76.998783][ T5314] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 77.007607][ T5314] BTRFS info (device loop0): turning on flush-on-commit [ 77.014929][ T5314] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 77.025891][ T5314] BTRFS info (device loop0): trying to use backup root at mount time [ 77.034360][ T5314] BTRFS info (device loop0): using free space tree [ 77.048414][ T12] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 77.062034][ T5314] BTRFS warning (device loop0): couldn't read tree root [pid 5314] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5314] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5314] chdir("./file0") = 0 [pid 5314] ioctl(4, LOOP_CLR_FD) = 0 [pid 5314] close(4) = 0 [pid 5314] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5313] <... futex resumed>) = 0 [pid 5313] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5313] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5314] <... futex resumed>) = 1 [ 77.069240][ T5314] BTRFS warning (device loop0): try to load backup roots slot 1 [ 77.081847][ T5314] BTRFS info (device loop0): enabling ssd optimizations [ 77.089977][ T5314] BTRFS info (device loop0): rebuilding free space tree [pid 5314] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5314] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5313] <... futex resumed>) = 0 [pid 5313] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5313] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5314] <... futex resumed>) = 1 [pid 5314] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0) = 0 [pid 5314] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5313] <... futex resumed>) = 0 [pid 5313] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5313] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5314] <... futex resumed>) = 1 [ 77.123175][ T27] audit: type=1800 audit(1692385561.758:17): pid=5314 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor833" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 77.156852][ T5314] BTRFS info (device loop0): balance: start -d -m [ 77.165046][ T5314] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5314] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5313] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5313] futex(0x7f43c89726dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5313] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f43c1461000 [pid 5313] mprotect(0x7f43c1462000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5313] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5313] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f43c1481990, parent_tid=0x7f43c1481990, exit_signal=0, stack=0x7f43c1461000, stack_size=0x20300, tls=0x7f43c14816c0} => {parent_tid=[5331]}, 88) = 5331 [pid 5313] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5313] futex(0x7f43c89726d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5313] futex(0x7f43c89726dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5331 attached [pid 5331] rseq(0x7f43c1481fe0, 0x20, 0, 0x53053053) = 0 [pid 5331] set_robust_list(0x7f43c14819a0, 24) = 0 [pid 5331] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5331] open(".", O_RDONLY) = 5 [pid 5331] futex(0x7f43c89726dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5313] <... futex resumed>) = 0 [pid 5331] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [pid 5313] futex(0x7f43c89726d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 77.196042][ T5314] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5313] futex(0x7f43c89726dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5331] <... ioctl resumed>) = 0 [pid 5331] futex(0x7f43c89726dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 77.343157][ T5314] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 77.371022][ T5314] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5331] futex(0x7f43c89726d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5314] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5314] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5314] futex(0x7f43c89726c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5313] exit_group(0 [pid 5331] <... futex resumed>) = ? [pid 5313] <... exit_group resumed>) = ? [pid 5314] <... futex resumed>) = ? [pid 5314] +++ exited with 0 +++ [pid 5331] +++ exited with 0 +++ [pid 5313] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5313, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=33 /* 0.33 s */} --- umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557141730 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 [ 77.397062][ T5314] BTRFS info (device loop0): balance: ended with status: 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557149770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557149770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file0") = 0 getdents64(3, 0x555557141730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557140690) = 5332 ./strace-static-x86_64: Process 5332 attached [pid 5332] set_robust_list(0x5555571406a0, 24) = 0 [pid 5332] chdir("./16") = 0 [pid 5332] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5332] setpgid(0, 0) = 0 [pid 5332] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5332] write(3, "1000", 4) = 4 [pid 5332] close(3) = 0 [pid 5332] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5332] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5332] rt_sigaction(SIGRT_1, {sa_handler=0x7f43c890bff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f43c88fd1a0}, NULL, 8) = 0 [pid 5332] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5332] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f43c8882000 [pid 5332] mprotect(0x7f43c8883000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5332] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5332] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f43c88a2990, parent_tid=0x7f43c88a2990, exit_signal=0, stack=0x7f43c8882000, stack_size=0x20300, tls=0x7f43c88a26c0}./strace-static-x86_64: Process 5333 attached => {parent_tid=[5333]}, 88) = 5333 [pid 5333] rseq(0x7f43c88a2fe0, 0x20, 0, 0x53053053) = 0 [pid 5333] set_robust_list(0x7f43c88a29a0, 24) = 0 [pid 5333] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5333] futex(0x7f43c89726c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5332] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5332] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5333] <... futex resumed>) = 0 [pid 5332] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5333] memfd_create("syzkaller", 0) = 3 [pid 5333] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f43c0482000 [pid 5333] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5333] munmap(0x7f43c0482000, 16777216) = 0 [pid 5333] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5333] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5333] close(3) = 0 [pid 5333] mkdir("./file0", 0777) = 0 [ 77.715515][ T5333] loop0: detected capacity change from 0 to 32768 [ 77.726933][ T5333] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor833 (5333) [ 77.743614][ T5333] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 77.752511][ T5333] BTRFS info (device loop0): turning on flush-on-commit [ 77.759711][ T5333] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 77.770479][ T5333] BTRFS info (device loop0): trying to use backup root at mount time [ 77.778750][ T5333] BTRFS info (device loop0): using free space tree [ 77.792434][ T66] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 77.806628][ T5333] BTRFS warning (device loop0): couldn't read tree root [pid 5333] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5333] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5333] chdir("./file0") = 0 [pid 5333] ioctl(4, LOOP_CLR_FD) = 0 [pid 5333] close(4) = 0 [pid 5333] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5332] <... futex resumed>) = 0 [pid 5332] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5333] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [ 77.813726][ T5333] BTRFS warning (device loop0): try to load backup roots slot 1 [ 77.826445][ T5333] BTRFS info (device loop0): enabling ssd optimizations [ 77.834418][ T5333] BTRFS info (device loop0): rebuilding free space tree [pid 5332] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5333] <... open resumed>) = 4 [pid 5333] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5332] <... futex resumed>) = 0 [pid 5333] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0 [pid 5332] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5332] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5333] <... ioctl resumed>) = 0 [pid 5333] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5332] <... futex resumed>) = 0 [pid 5333] <... futex resumed>) = 1 [pid 5332] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5332] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 77.866223][ T27] audit: type=1800 audit(1692385562.498:18): pid=5333 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor833" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 77.901646][ T5333] BTRFS info (device loop0): balance: start -d -m [pid 5333] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5332] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5332] futex(0x7f43c89726dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5332] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f43c1461000 [pid 5332] mprotect(0x7f43c1462000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5332] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5332] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f43c1481990, parent_tid=0x7f43c1481990, exit_signal=0, stack=0x7f43c1461000, stack_size=0x20300, tls=0x7f43c14816c0} => {parent_tid=[5350]}, 88) = 5350 [pid 5332] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5332] futex(0x7f43c89726d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5332] futex(0x7f43c89726dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5350 attached [pid 5350] rseq(0x7f43c1481fe0, 0x20, 0, 0x53053053) = 0 [pid 5350] set_robust_list(0x7f43c14819a0, 24) = 0 [pid 5350] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5350] open(".", O_RDONLY) = 5 [pid 5350] futex(0x7f43c89726dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5350] futex(0x7f43c89726d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5332] <... futex resumed>) = 0 [pid 5332] futex(0x7f43c89726d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5350] <... futex resumed>) = 0 [pid 5332] <... futex resumed>) = 1 [pid 5350] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [ 77.916601][ T5333] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 77.951421][ T5333] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5332] futex(0x7f43c89726dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5350] <... ioctl resumed>) = 0 [pid 5350] futex(0x7f43c89726dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 78.076010][ T5333] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 78.106282][ T5333] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5350] futex(0x7f43c89726d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5333] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5333] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5333] futex(0x7f43c89726c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5332] exit_group(0 [pid 5350] <... futex resumed>) = ? [pid 5332] <... exit_group resumed>) = ? [pid 5350] +++ exited with 0 +++ [pid 5333] <... futex resumed>) = ? [pid 5333] +++ exited with 0 +++ [pid 5332] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5332, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=35 /* 0.35 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557141730 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 [ 78.143584][ T5333] BTRFS info (device loop0): balance: ended with status: 0 [ 78.176512][ T5333] syz-executor833 (5333) used greatest stack depth: 19408 bytes left umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557149770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557149770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file0") = 0 getdents64(3, 0x555557141730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557140690) = 5352 ./strace-static-x86_64: Process 5352 attached [pid 5352] set_robust_list(0x5555571406a0, 24) = 0 [pid 5352] chdir("./17") = 0 [pid 5352] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5352] setpgid(0, 0) = 0 [pid 5352] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5352] write(3, "1000", 4) = 4 [pid 5352] close(3) = 0 [pid 5352] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5352] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5352] rt_sigaction(SIGRT_1, {sa_handler=0x7f43c890bff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f43c88fd1a0}, NULL, 8) = 0 [pid 5352] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5352] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f43c8882000 [pid 5352] mprotect(0x7f43c8883000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5352] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5352] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f43c88a2990, parent_tid=0x7f43c88a2990, exit_signal=0, stack=0x7f43c8882000, stack_size=0x20300, tls=0x7f43c88a26c0} => {parent_tid=[5353]}, 88) = 5353 [pid 5352] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5352] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5352] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5353 attached [pid 5353] rseq(0x7f43c88a2fe0, 0x20, 0, 0x53053053) = 0 [pid 5353] set_robust_list(0x7f43c88a29a0, 24) = 0 [pid 5353] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5353] memfd_create("syzkaller", 0) = 3 [pid 5353] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f43c0482000 [pid 5353] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5353] munmap(0x7f43c0482000, 16777216) = 0 [pid 5353] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5353] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5353] close(3) = 0 [pid 5353] mkdir("./file0", 0777) = 0 [ 78.600732][ T5353] loop0: detected capacity change from 0 to 32768 [ 78.612556][ T5353] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor833 (5353) [ 78.641313][ T5353] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 78.650202][ T5353] BTRFS info (device loop0): turning on flush-on-commit [ 78.657253][ T5353] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 78.668377][ T5353] BTRFS info (device loop0): trying to use backup root at mount time [ 78.676771][ T5353] BTRFS info (device loop0): using free space tree [pid 5353] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5353] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5353] chdir("./file0") = 0 [pid 5353] ioctl(4, LOOP_CLR_FD) = 0 [pid 5353] close(4) = 0 [pid 5353] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5352] <... futex resumed>) = 0 [pid 5352] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5353] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5352] <... futex resumed>) = 0 [ 78.690807][ T66] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 78.704176][ T5353] BTRFS warning (device loop0): couldn't read tree root [ 78.711575][ T5353] BTRFS warning (device loop0): try to load backup roots slot 1 [ 78.724689][ T5353] BTRFS info (device loop0): enabling ssd optimizations [ 78.732840][ T5353] BTRFS info (device loop0): rebuilding free space tree [pid 5352] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5353] <... open resumed>) = 4 [pid 5353] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5352] <... futex resumed>) = 0 [pid 5352] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5353] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0 [pid 5352] <... futex resumed>) = 0 [pid 5352] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5353] <... ioctl resumed>) = 0 [pid 5353] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5352] <... futex resumed>) = 0 [pid 5353] futex(0x7f43c89726c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5352] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5353] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5353] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5352] <... futex resumed>) = 0 [ 78.768687][ T27] audit: type=1800 audit(1692385563.408:19): pid=5353 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor833" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 78.809199][ T5353] BTRFS info (device loop0): balance: start -d -m [ 78.821670][ T5353] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5352] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5352] futex(0x7f43c89726dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5352] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f43c1461000 [pid 5352] mprotect(0x7f43c1462000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5352] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5352] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f43c1481990, parent_tid=0x7f43c1481990, exit_signal=0, stack=0x7f43c1461000, stack_size=0x20300, tls=0x7f43c14816c0} => {parent_tid=[5370]}, 88) = 5370 [pid 5352] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5352] futex(0x7f43c89726d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5352] futex(0x7f43c89726dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5370 attached [pid 5370] rseq(0x7f43c1481fe0, 0x20, 0, 0x53053053) = 0 [pid 5370] set_robust_list(0x7f43c14819a0, 24) = 0 [pid 5370] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5370] open(".", O_RDONLY) = 5 [pid 5370] futex(0x7f43c89726dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5370] futex(0x7f43c89726d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5352] <... futex resumed>) = 0 [pid 5352] futex(0x7f43c89726d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5370] <... futex resumed>) = 0 [pid 5370] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [ 78.852906][ T5353] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5352] futex(0x7f43c89726dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5370] <... ioctl resumed>) = 0 [pid 5370] futex(0x7f43c89726dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 78.965706][ T5353] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 78.989667][ T5353] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5370] futex(0x7f43c89726d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5353] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5353] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5353] futex(0x7f43c89726c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5352] exit_group(0 [pid 5370] <... futex resumed>) = ? [pid 5353] <... futex resumed>) = ? [pid 5352] <... exit_group resumed>) = ? [pid 5370] +++ exited with 0 +++ [pid 5353] +++ exited with 0 +++ [pid 5352] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5352, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=40 /* 0.40 s */} --- umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557141730 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 [ 79.010600][ T5353] BTRFS info (device loop0): balance: ended with status: 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557149770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557149770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file0") = 0 getdents64(3, 0x555557141730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557140690) = 5371 ./strace-static-x86_64: Process 5371 attached [pid 5371] set_robust_list(0x5555571406a0, 24) = 0 [pid 5371] chdir("./18") = 0 [pid 5371] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5371] setpgid(0, 0) = 0 [pid 5371] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5371] write(3, "1000", 4) = 4 [pid 5371] close(3) = 0 [pid 5371] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5371] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5371] rt_sigaction(SIGRT_1, {sa_handler=0x7f43c890bff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f43c88fd1a0}, NULL, 8) = 0 [pid 5371] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5371] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f43c8882000 [pid 5371] mprotect(0x7f43c8883000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5371] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5371] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f43c88a2990, parent_tid=0x7f43c88a2990, exit_signal=0, stack=0x7f43c8882000, stack_size=0x20300, tls=0x7f43c88a26c0} => {parent_tid=[5372]}, 88) = 5372 [pid 5371] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5371] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5371] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5372 attached [pid 5372] rseq(0x7f43c88a2fe0, 0x20, 0, 0x53053053) = 0 [pid 5372] set_robust_list(0x7f43c88a29a0, 24) = 0 [pid 5372] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5372] memfd_create("syzkaller", 0) = 3 [pid 5372] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f43c0482000 [pid 5372] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5372] munmap(0x7f43c0482000, 16777216) = 0 [pid 5372] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5372] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5372] close(3) = 0 [pid 5372] mkdir("./file0", 0777) = 0 [ 79.255395][ T5372] loop0: detected capacity change from 0 to 32768 [ 79.266363][ T5372] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor833 (5372) [ 79.282841][ T5372] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 79.291666][ T5372] BTRFS info (device loop0): turning on flush-on-commit [ 79.298891][ T5372] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 79.309564][ T5372] BTRFS info (device loop0): trying to use backup root at mount time [ 79.317705][ T5372] BTRFS info (device loop0): using free space tree [ 79.331489][ T66] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 79.345331][ T5372] BTRFS warning (device loop0): couldn't read tree root [pid 5372] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5372] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5372] chdir("./file0") = 0 [pid 5372] ioctl(4, LOOP_CLR_FD) = 0 [pid 5372] close(4) = 0 [pid 5372] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5371] <... futex resumed>) = 0 [pid 5371] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5371] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5372] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [ 79.352422][ T5372] BTRFS warning (device loop0): try to load backup roots slot 1 [ 79.365352][ T5372] BTRFS info (device loop0): enabling ssd optimizations [ 79.374003][ T5372] BTRFS info (device loop0): rebuilding free space tree [pid 5372] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5372] futex(0x7f43c89726c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5371] <... futex resumed>) = 0 [pid 5371] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5371] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5372] <... futex resumed>) = 0 [pid 5372] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0) = 0 [pid 5372] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5371] <... futex resumed>) = 0 [pid 5371] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5372] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5371] <... futex resumed>) = 0 [ 79.405397][ T27] audit: type=1800 audit(1692385564.038:20): pid=5372 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor833" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 79.440836][ T5372] BTRFS info (device loop0): balance: start -d -m [ 79.450263][ T5372] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5371] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5371] futex(0x7f43c89726dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5371] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f43c1461000 [pid 5371] mprotect(0x7f43c1462000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5371] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5371] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f43c1481990, parent_tid=0x7f43c1481990, exit_signal=0, stack=0x7f43c1461000, stack_size=0x20300, tls=0x7f43c14816c0} => {parent_tid=[5389]}, 88) = 5389 [pid 5371] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5371] futex(0x7f43c89726d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5371] futex(0x7f43c89726dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5389 attached [pid 5389] rseq(0x7f43c1481fe0, 0x20, 0, 0x53053053) = 0 [pid 5389] set_robust_list(0x7f43c14819a0, 24) = 0 [pid 5389] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5389] open(".", O_RDONLY) = 5 [pid 5389] futex(0x7f43c89726dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5371] <... futex resumed>) = 0 [pid 5389] <... futex resumed>) = 1 [pid 5371] futex(0x7f43c89726d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5389] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [pid 5371] <... futex resumed>) = 0 [ 79.482659][ T5372] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5371] futex(0x7f43c89726dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5371] futex(0x7f43c89726dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5389] <... ioctl resumed>) = 0 [pid 5389] futex(0x7f43c89726dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 79.614052][ T5372] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 79.642029][ T5372] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5389] futex(0x7f43c89726d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5372] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5372] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5372] futex(0x7f43c89726c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5371] exit_group(0 [pid 5389] <... futex resumed>) = ? [pid 5371] <... exit_group resumed>) = ? [pid 5389] +++ exited with 0 +++ [pid 5372] <... futex resumed>) = ? [pid 5372] +++ exited with 0 +++ [pid 5371] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5371, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=35 /* 0.35 s */} --- umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555557141730 /* 4 entries */, 32768) = 112 umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 [ 79.670480][ T5372] BTRFS info (device loop0): balance: ended with status: 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557149770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557149770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file0") = 0 getdents64(3, 0x555557141730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557140690) = 5390 ./strace-static-x86_64: Process 5390 attached [pid 5390] set_robust_list(0x5555571406a0, 24) = 0 [pid 5390] chdir("./19") = 0 [pid 5390] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5390] setpgid(0, 0) = 0 [pid 5390] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5390] write(3, "1000", 4) = 4 [pid 5390] close(3) = 0 [pid 5390] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5390] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5390] rt_sigaction(SIGRT_1, {sa_handler=0x7f43c890bff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f43c88fd1a0}, NULL, 8) = 0 [pid 5390] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5390] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f43c8882000 [pid 5390] mprotect(0x7f43c8883000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5390] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5390] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f43c88a2990, parent_tid=0x7f43c88a2990, exit_signal=0, stack=0x7f43c8882000, stack_size=0x20300, tls=0x7f43c88a26c0}./strace-static-x86_64: Process 5391 attached => {parent_tid=[5391]}, 88) = 5391 [pid 5391] rseq(0x7f43c88a2fe0, 0x20, 0, 0x53053053) = 0 [pid 5391] set_robust_list(0x7f43c88a29a0, 24 [pid 5390] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5391] <... set_robust_list resumed>) = 0 [pid 5391] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5390] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5390] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5391] memfd_create("syzkaller", 0) = 3 [pid 5391] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f43c0482000 [pid 5391] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5391] munmap(0x7f43c0482000, 16777216) = 0 [pid 5391] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5391] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5391] close(3) = 0 [pid 5391] mkdir("./file0", 0777) = 0 [ 79.971578][ T5391] loop0: detected capacity change from 0 to 32768 [ 79.981144][ T5391] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor833 (5391) [ 79.997122][ T5391] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 80.005992][ T5391] BTRFS info (device loop0): turning on flush-on-commit [ 80.012980][ T5391] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 80.023642][ T5391] BTRFS info (device loop0): trying to use backup root at mount time [ 80.031845][ T5391] BTRFS info (device loop0): using free space tree [ 80.045338][ T10] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 80.058911][ T5391] BTRFS warning (device loop0): couldn't read tree root [pid 5391] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5391] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5391] chdir("./file0") = 0 [pid 5391] ioctl(4, LOOP_CLR_FD) = 0 [pid 5391] close(4) = 0 [pid 5391] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5390] <... futex resumed>) = 0 [pid 5391] futex(0x7f43c89726c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5390] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5390] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5391] <... futex resumed>) = 0 [ 80.066221][ T5391] BTRFS warning (device loop0): try to load backup roots slot 1 [ 80.078094][ T5391] BTRFS info (device loop0): enabling ssd optimizations [ 80.086569][ T5391] BTRFS info (device loop0): rebuilding free space tree [pid 5391] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5391] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5390] <... futex resumed>) = 0 [pid 5390] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5390] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5391] <... futex resumed>) = 1 [pid 5391] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0) = 0 [pid 5391] futex(0x7f43c89726cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5390] <... futex resumed>) = 0 [pid 5390] futex(0x7f43c89726c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5390] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5391] <... futex resumed>) = 1 [ 80.121050][ T27] audit: type=1800 audit(1692385564.758:21): pid=5391 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor833" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 80.157521][ T5391] BTRFS info (device loop0): balance: start -d -m [pid 5391] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5390] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5390] futex(0x7f43c89726cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5390] futex(0x7f43c89726dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5390] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f43c1461000 [pid 5390] mprotect(0x7f43c1462000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5390] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5390] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f43c1481990, parent_tid=0x7f43c1481990, exit_signal=0, stack=0x7f43c1461000, stack_size=0x20300, tls=0x7f43c14816c0} => {parent_tid=[5408]}, 88) = 5408 [pid 5390] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5390] futex(0x7f43c89726d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5390] futex(0x7f43c89726dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5408 attached [pid 5408] rseq(0x7f43c1481fe0, 0x20, 0, 0x53053053) = 0 [pid 5408] set_robust_list(0x7f43c14819a0, 24) = 0 [pid 5408] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5408] open(".", O_RDONLY) = 5 [pid 5408] futex(0x7f43c89726dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5390] <... futex resumed>) = 0 [pid 5408] futex(0x7f43c89726d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5390] futex(0x7f43c89726d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5408] <... futex resumed>) = 0 [pid 5390] <... futex resumed>) = 1 [pid 5408] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [ 80.167535][ T5391] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5390] futex(0x7f43c89726dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 80.243363][ T5391] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 80.264410][ T5391] BTRFS warning (device loop0): Skipping commit of aborted transaction. [ 80.274917][ T5391] ------------[ cut here ]------------ [ 80.280552][ T5391] BTRFS: Transaction aborted (error -28) [pid 5408] <... ioctl resumed>) = 0 [pid 5408] futex(0x7f43c89726dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 80.287627][ T5391] WARNING: CPU: 1 PID: 5391 at fs/btrfs/transaction.c:1983 cleanup_transaction+0x6fa/0x7e0 [ 80.298005][ T5391] Modules linked in: [ 80.302038][ T5391] CPU: 1 PID: 5391 Comm: syz-executor833 Not tainted 6.5.0-rc6-syzkaller-00117-g0e8860d2125f #0 [ 80.312545][ T5391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023 [ 80.322694][ T5391] RIP: 0010:cleanup_transaction+0x6fa/0x7e0 [ 80.328850][ T5391] Code: 6d 00 fe 0f 0b 43 80 7c 25 00 00 0f 85 53 fa ff ff e9 56 fa ff ff e8 b5 6d 00 fe 48 c7 c7 00 64 4a 8b 44 89 f6 e8 26 87 c7 fd <0f> 0b e9 a7 fa ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c ff f9 ff [ 80.348668][ T5391] RSP: 0018:ffffc900055c7420 EFLAGS: 00010246 [ 80.354867][ T5391] RAX: 91c3c5c7c1f78300 RBX: 0000000000000000 RCX: ffff888029011dc0 [ 80.363076][ T5391] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 80.371309][ T5391] RBP: ffffc900055c7550 R08: ffffffff8152d442 R09: 1ffff92000ab8e38 [ 80.379371][ T5391] R10: dffffc0000000000 R11: fffff52000ab8e39 R12: dffffc0000000000 [ 80.387398][ T5391] R13: 1ffff1100eaec61f R14: 00000000ffffffe4 R15: ffff8880757630f8 [ 80.395463][ T5391] FS: 00007f43c88a26c0(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 80.404471][ T5391] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 80.411160][ T5391] CR2: 00007f43c8921ad0 CR3: 0000000029356000 CR4: 00000000003506e0 [ 80.419206][ T5391] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 80.427212][ T5391] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 80.435380][ T5391] Call Trace: [ 80.438842][ T5391] [pid 5408] futex(0x7f43c89726d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5390] exit_group(0 [pid 5408] <... futex resumed>) = ? [pid 5390] <... exit_group resumed>) = ? [pid 5408] +++ exited with 0 +++ [ 80.441808][ T5391] ? __warn+0x162/0x4a0 [ 80.446041][ T5391] ? cleanup_transaction+0x6fa/0x7e0 [ 80.451432][ T5391] ? report_bug+0x2b3/0x500 [ 80.456039][ T5391] ? cleanup_transaction+0x6fa/0x7e0 [ 80.461849][ T5391] ? handle_bug+0x3d/0x70 [ 80.466653][ T5391] ? exc_invalid_op+0x1a/0x50 [ 80.471439][ T5391] ? asm_exc_invalid_op+0x1a/0x20 [ 80.476528][ T5391] ? __warn_printk+0x292/0x360 [ 80.481388][ T5391] ? cleanup_transaction+0x6fa/0x7e0 [ 80.486704][ T5391] ? trace_btrfs_transaction_commit+0x1e0/0x1e0 [ 80.493043][ T5391] ? do_raw_spin_unlock+0x13b/0x8b0 [ 80.498389][ T5391] ? btrfs_trans_release_metadata+0x153/0x1c0 [ 80.504541][ T5391] btrfs_commit_transaction+0x268e/0x2ff0 [ 80.510368][ T5391] ? read_lock_is_recursive+0x20/0x20 [ 80.515781][ T5391] ? join_transaction+0xb87/0xe00 [ 80.520943][ T5391] ? __lock_acquire+0x7f70/0x7f70 [ 80.525997][ T5391] ? btrfs_commit_transaction_async+0x450/0x450 [ 80.532330][ T5391] ? do_raw_spin_unlock+0x13b/0x8b0 [ 80.537591][ T5391] ? join_transaction+0xbdc/0xe00 [ 80.542682][ T5391] ? btrfs_record_root_in_trans+0x92/0x180 [ 80.548587][ T5391] ? start_transaction+0x3de/0x1080 [ 80.553817][ T5391] prepare_to_relocate+0x3c5/0x4c0 [ 80.559042][ T5391] relocate_block_group+0x17f/0xcd0 [ 80.564273][ T5391] ? __mutex_lock_common+0x42d/0x2530 [ 80.569780][ T5391] ? btrfs_wait_ordered_roots+0x8f4/0x950 [ 80.575537][ T5391] ? btrfs_relocate_block_group+0x7a3/0xd70 [ 80.581505][ T5391] ? describe_relocation+0x130/0x130 [ 80.586830][ T5391] ? btrfs_relocate_block_group+0x4ae/0xd70 [ 80.592818][ T5391] btrfs_relocate_block_group+0x7ab/0xd70 [ 80.598627][ T5391] btrfs_relocate_chunk+0x12c/0x3b0 [ 80.603857][ T5391] __btrfs_balance+0x1b06/0x2690 [ 80.608903][ T5391] ? describe_balance_start_or_resume+0x490/0x490 [ 80.615349][ T5391] ? do_wait_for_common+0x5f0/0x5f0 [ 80.620828][ T5391] ? do_raw_spin_unlock+0x13b/0x8b0 [ 80.626049][ T5391] ? validate_convert_profile+0x7d/0x2c0 [ 80.631857][ T5391] btrfs_balance+0xbd8/0x10d0 [ 80.637089][ T5391] btrfs_ioctl_balance+0x496/0x7c0 [ 80.642257][ T5391] ? btrfs_ioctl+0xb8b/0xd40 [ 80.646876][ T5391] ? btrfs_ioctl_get_supported_features+0x50/0x50 [ 80.653378][ T5391] __se_sys_ioctl+0xf8/0x170 [ 80.658048][ T5391] do_syscall_64+0x41/0xc0 [ 80.662543][ T5391] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 80.668462][ T5391] RIP: 0033:0x7f43c88e5bd9 [ 80.672953][ T5391] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 80.692689][ T5391] RSP: 002b:00007f43c88a2218 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 80.701216][ T5391] RAX: ffffffffffffffda RBX: 00007f43c89726c8 RCX: 00007f43c88e5bd9 [ 80.709267][ T5391] RDX: 00000000200003c0 RSI: 00000000c4009420 RDI: 0000000000000004 [ 80.717392][ T5391] RBP: 00007f43c89726c0 R08: 0000000000000000 R09: 0000000000000000 [ 80.725442][ T5391] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f43c893f1b0 [ 80.733497][ T5391] R13: 74696d6d6f636e6f R14: 636e6f6873756c66 R15: 0030656c69662f2e [ 80.741555][ T5391] [ 80.744592][ T5391] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 80.751962][ T5391] CPU: 1 PID: 5391 Comm: syz-executor833 Not tainted 6.5.0-rc6-syzkaller-00117-g0e8860d2125f #0 [ 80.762640][ T5391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023 [ 80.772702][ T5391] Call Trace: [ 80.775991][ T5391] [ 80.778914][ T5391] dump_stack_lvl+0x1e7/0x2d0 [ 80.783606][ T5391] ? nf_tcp_handle_invalid+0x650/0x650 [ 80.789081][ T5391] ? panic+0x770/0x770 [ 80.793263][ T5391] ? vscnprintf+0x5d/0x80 [ 80.797624][ T5391] panic+0x30f/0x770 [ 80.801539][ T5391] ? __warn+0x171/0x4a0 [ 80.805713][ T5391] ? __memcpy_flushcache+0x2b0/0x2b0 [ 80.811021][ T5391] __warn+0x314/0x4a0 [ 80.814997][ T5391] ? cleanup_transaction+0x6fa/0x7e0 [ 80.820380][ T5391] report_bug+0x2b3/0x500 [ 80.824705][ T5391] ? cleanup_transaction+0x6fa/0x7e0 [ 80.829991][ T5391] handle_bug+0x3d/0x70 [ 80.834153][ T5391] exc_invalid_op+0x1a/0x50 [ 80.838650][ T5391] asm_exc_invalid_op+0x1a/0x20 [ 80.843510][ T5391] RIP: 0010:cleanup_transaction+0x6fa/0x7e0 [ 80.849429][ T5391] Code: 6d 00 fe 0f 0b 43 80 7c 25 00 00 0f 85 53 fa ff ff e9 56 fa ff ff e8 b5 6d 00 fe 48 c7 c7 00 64 4a 8b 44 89 f6 e8 26 87 c7 fd <0f> 0b e9 a7 fa ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c ff f9 ff [ 80.869031][ T5391] RSP: 0018:ffffc900055c7420 EFLAGS: 00010246 [ 80.875097][ T5391] RAX: 91c3c5c7c1f78300 RBX: 0000000000000000 RCX: ffff888029011dc0 [ 80.883059][ T5391] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 80.891197][ T5391] RBP: ffffc900055c7550 R08: ffffffff8152d442 R09: 1ffff92000ab8e38 [ 80.899165][ T5391] R10: dffffc0000000000 R11: fffff52000ab8e39 R12: dffffc0000000000 [ 80.907245][ T5391] R13: 1ffff1100eaec61f R14: 00000000ffffffe4 R15: ffff8880757630f8 [ 80.915218][ T5391] ? __warn_printk+0x292/0x360 [ 80.920026][ T5391] ? trace_btrfs_transaction_commit+0x1e0/0x1e0 [ 80.926383][ T5391] ? do_raw_spin_unlock+0x13b/0x8b0 [ 80.931587][ T5391] ? btrfs_trans_release_metadata+0x153/0x1c0 [ 80.937659][ T5391] btrfs_commit_transaction+0x268e/0x2ff0 [ 80.943393][ T5391] ? read_lock_is_recursive+0x20/0x20 [ 80.948769][ T5391] ? join_transaction+0xb87/0xe00 [ 80.953798][ T5391] ? __lock_acquire+0x7f70/0x7f70 [ 80.958919][ T5391] ? btrfs_commit_transaction_async+0x450/0x450 [ 80.965339][ T5391] ? do_raw_spin_unlock+0x13b/0x8b0 [ 80.970542][ T5391] ? join_transaction+0xbdc/0xe00 [ 80.975562][ T5391] ? btrfs_record_root_in_trans+0x92/0x180 [ 80.981388][ T5391] ? start_transaction+0x3de/0x1080 [ 80.986596][ T5391] prepare_to_relocate+0x3c5/0x4c0 [ 80.991708][ T5391] relocate_block_group+0x17f/0xcd0 [ 80.996989][ T5391] ? __mutex_lock_common+0x42d/0x2530 [ 81.002361][ T5391] ? btrfs_wait_ordered_roots+0x8f4/0x950 [ 81.008165][ T5391] ? btrfs_relocate_block_group+0x7a3/0xd70 [ 81.014055][ T5391] ? describe_relocation+0x130/0x130 [ 81.019347][ T5391] ? btrfs_relocate_block_group+0x4ae/0xd70 [ 81.025324][ T5391] btrfs_relocate_block_group+0x7ab/0xd70 [ 81.031048][ T5391] btrfs_relocate_chunk+0x12c/0x3b0 [ 81.036256][ T5391] __btrfs_balance+0x1b06/0x2690 [ 81.041223][ T5391] ? describe_balance_start_or_resume+0x490/0x490 [ 81.047653][ T5391] ? do_wait_for_common+0x5f0/0x5f0 [ 81.052953][ T5391] ? do_raw_spin_unlock+0x13b/0x8b0 [ 81.058260][ T5391] ? validate_convert_profile+0x7d/0x2c0 [ 81.063895][ T5391] btrfs_balance+0xbd8/0x10d0 [ 81.068585][ T5391] btrfs_ioctl_balance+0x496/0x7c0 [ 81.073694][ T5391] ? btrfs_ioctl+0xb8b/0xd40 [ 81.078453][ T5391] ? btrfs_ioctl_get_supported_features+0x50/0x50 [ 81.084967][ T5391] __se_sys_ioctl+0xf8/0x170 [ 81.089575][ T5391] do_syscall_64+0x41/0xc0 [ 81.093988][ T5391] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 81.099889][ T5391] RIP: 0033:0x7f43c88e5bd9 [ 81.104303][ T5391] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 81.124007][ T5391] RSP: 002b:00007f43c88a2218 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 81.132440][ T5391] RAX: ffffffffffffffda RBX: 00007f43c89726c8 RCX: 00007f43c88e5bd9 [ 81.140408][ T5391] RDX: 00000000200003c0 RSI: 00000000c4009420 RDI: 0000000000000004 [ 81.148375][ T5391] RBP: 00007f43c89726c0 R08: 0000000000000000 R09: 0000000000000000 [ 81.156341][ T5391] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f43c893f1b0 [ 81.164479][ T5391] R13: 74696d6d6f636e6f R14: 636e6f6873756c66 R15: 0030656c69662f2e [ 81.172483][ T5391] [ 81.175706][ T5391] Kernel Offset: disabled [ 81.180222][ T5391] Rebooting in 86400 seconds..