./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3801929293 <...> Warning: Permanently added '10.128.1.85' (ECDSA) to the list of known hosts. execve("./syz-executor3801929293", ["./syz-executor3801929293"], 0x7ffe03bfbf30 /* 10 vars */) = 0 brk(NULL) = 0x5555572c5000 brk(0x5555572c5c40) = 0x5555572c5c40 arch_prctl(ARCH_SET_FS, 0x5555572c5300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x5555572c55d0) = 4997 set_robust_list(0x5555572c55e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f976f0ee5b0, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f976f0eec80}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f976f0ee650, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f976f0eec80}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3801929293", 4096) = 28 brk(0x5555572e6c40) = 0x5555572e6c40 brk(0x5555572e7000) = 0x5555572e7000 mprotect(0x7f976f1b5000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 4997 mkdir("./syzkaller.hDkaN1", 0700) = 0 chmod("./syzkaller.hDkaN1", 0777) = 0 chdir("./syzkaller.hDkaN1") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555572c55d0) = 4998 ./strace-static-x86_64: Process 4998 attached [pid 4998] set_robust_list(0x5555572c55e0, 24) = 0 [pid 4998] chdir("./0") = 0 [pid 4998] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4998] setpgid(0, 0) = 0 [pid 4998] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4998] write(3, "1000", 4) = 4 [pid 4998] close(3) = 0 [pid 4998] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4998] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4998] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f976f0bd000 [pid 4998] mprotect(0x7f976f0be000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4998] clone(child_stack=0x7f976f0dd3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5000], tls=0x7f976f0dd700, child_tidptr=0x7f976f0dd9d0) = 5000 [pid 4998] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4998] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5000 attached [pid 5000] set_robust_list(0x7f976f0dd9e0, 24) = 0 [pid 5000] memfd_create("syzkaller", 0) = 3 [pid 5000] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9766cbd000 syzkaller login: [ 41.643229][ T5000] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5000 'syz-executor380' [pid 5000] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5000] munmap(0x7f9766cbd000, 16777216) = 0 [pid 5000] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5000] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5000] close(3) = 0 [pid 5000] mkdir("./file0", 0777) = 0 [ 41.750710][ T5000] loop0: detected capacity change from 0 to 32768 [ 41.761551][ T5000] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor380 (5000) [ 41.779189][ T5000] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 41.787983][ T5000] BTRFS info (device loop0): turning on flush-on-commit [ 41.794979][ T5000] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 41.805611][ T5000] BTRFS info (device loop0): trying to use backup root at mount time [ 41.813800][ T5000] BTRFS info (device loop0): using free space tree [ 41.828019][ T10] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 41.841418][ T5000] BTRFS warning (device loop0): couldn't read tree root [pid 5000] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5000] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5000] chdir("./file0") = 0 [pid 5000] ioctl(4, LOOP_CLR_FD) = 0 [pid 5000] close(4) = 0 [pid 5000] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4998] <... futex resumed>) = 0 [pid 5000] <... futex resumed>) = 1 [pid 4998] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4998] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 41.853345][ T5000] BTRFS info (device loop0): enabling ssd optimizations [ 41.861600][ T5000] BTRFS info (device loop0): rebuilding free space tree [pid 5000] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5000] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4998] <... futex resumed>) = 0 [pid 4998] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5000] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0 [pid 4998] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5000] <... ioctl resumed>) = 0 [pid 5000] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4998] <... futex resumed>) = 0 [pid 4998] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4998] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 41.898490][ T27] audit: type=1800 audit(1684882191.021:2): pid=5000 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor380" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 41.934939][ T5000] BTRFS info (device loop0): balance: start -d -m [pid 5000] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 4998] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 4998] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4998] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9767c9c000 [pid 4998] mprotect(0x7f9767c9d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4998] clone(child_stack=0x7f9767cbc3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5018], tls=0x7f9767cbc700, child_tidptr=0x7f9767cbc9d0) = 5018 [pid 4998] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4998] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5018 attached [pid 5018] set_robust_list(0x7f9767cbc9e0, 24) = 0 [pid 5018] open(".", O_RDONLY) = 5 [pid 5018] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4998] <... futex resumed>) = 0 [pid 4998] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4998] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 41.948784][ T5000] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5018] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [pid 4998] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 41.997653][ T5000] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5018] <... ioctl resumed>) = 0 [pid 5018] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5018] futex(0x7f976f1bb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5000] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5000] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5000] futex(0x7f976f1bb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4998] exit_group(0 [pid 5018] <... futex resumed>) = ? [pid 5000] <... futex resumed>) = ? [pid 4998] <... exit_group resumed>) = ? [pid 5000] +++ exited with 0 +++ [pid 5018] +++ exited with 0 +++ [pid 4998] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4998, si_uid=0, si_status=0, si_utime=0, si_stime=34 /* 0.34 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555572c6620 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./0/binderfs") = 0 [ 42.074931][ T5000] BTRFS info (device loop0): found 8 extents, stage: move data extents [ 42.093841][ T5000] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 42.110839][ T5000] BTRFS info (device loop0): balance: ended with status: 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555572ce660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555572ce660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x5555572c6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555572c55d0) = 5023 ./strace-static-x86_64: Process 5023 attached [pid 5023] set_robust_list(0x5555572c55e0, 24) = 0 [pid 5023] chdir("./1") = 0 [pid 5023] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5023] setpgid(0, 0) = 0 [pid 5023] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5023] write(3, "1000", 4) = 4 [pid 5023] close(3) = 0 [pid 5023] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5023] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5023] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f976f0bd000 [pid 5023] mprotect(0x7f976f0be000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5023] clone(child_stack=0x7f976f0dd3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5024], tls=0x7f976f0dd700, child_tidptr=0x7f976f0dd9d0) = 5024 [pid 5023] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5023] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5024 attached [pid 5024] set_robust_list(0x7f976f0dd9e0, 24) = 0 [pid 5024] memfd_create("syzkaller", 0) = 3 [pid 5024] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9766cbd000 [pid 5024] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5024] munmap(0x7f9766cbd000, 16777216) = 0 [pid 5024] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5024] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5024] close(3) = 0 [pid 5024] mkdir("./file0", 0777) = 0 [ 42.289047][ T5024] loop0: detected capacity change from 0 to 32768 [ 42.297889][ T5024] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor380 (5024) [ 42.314145][ T5024] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 42.322918][ T5024] BTRFS info (device loop0): turning on flush-on-commit [ 42.330166][ T5024] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 42.340819][ T5024] BTRFS info (device loop0): trying to use backup root at mount time [ 42.348985][ T5024] BTRFS info (device loop0): using free space tree [ 42.362078][ T41] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 42.375423][ T5024] BTRFS warning (device loop0): couldn't read tree root [pid 5024] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5024] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5024] chdir("./file0") = 0 [pid 5024] ioctl(4, LOOP_CLR_FD) = 0 [pid 5024] close(4) = 0 [pid 5024] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5023] <... futex resumed>) = 0 [pid 5023] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5023] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5024] <... futex resumed>) = 1 [pid 5024] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5024] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5023] <... futex resumed>) = 0 [pid 5023] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5023] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5024] <... futex resumed>) = 1 [pid 5024] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0) = 0 [pid 5024] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5023] <... futex resumed>) = 0 [pid 5023] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5023] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5024] <... futex resumed>) = 1 [ 42.385742][ T5024] BTRFS info (device loop0): enabling ssd optimizations [ 42.393548][ T5024] BTRFS info (device loop0): rebuilding free space tree [ 42.409109][ T27] audit: type=1800 audit(1684882191.531:3): pid=5024 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor380" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 42.432304][ T5024] BTRFS info (device loop0): balance: start -d -m [pid 5024] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5023] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5023] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5023] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9767c9c000 [pid 5023] mprotect(0x7f9767c9d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5023] clone(child_stack=0x7f9767cbc3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5041], tls=0x7f9767cbc700, child_tidptr=0x7f9767cbc9d0) = 5041 [pid 5023] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5023] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5041 attached [pid 5041] set_robust_list(0x7f9767cbc9e0, 24) = 0 [pid 5041] open(".", O_RDONLY) = 5 [pid 5041] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5023] <... futex resumed>) = 0 [pid 5023] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5023] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5041] <... futex resumed>) = 1 [pid 5041] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0}) = 0 [pid 5041] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5023] <... futex resumed>) = 0 [pid 5041] <... futex resumed>) = 1 [ 42.439784][ T5024] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 42.456665][ T5024] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5041] futex(0x7f976f1bb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5024] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5024] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5024] futex(0x7f976f1bb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5023] exit_group(0 [pid 5041] <... futex resumed>) = ? [pid 5023] <... exit_group resumed>) = ? [pid 5041] +++ exited with 0 +++ [pid 5024] <... futex resumed>) = ? [ 42.508264][ T5024] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 42.527458][ T5024] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 42.544617][ T5024] BTRFS info (device loop0): balance: ended with status: 0 [pid 5024] +++ exited with 0 +++ [pid 5023] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5023, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555572c6620 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./1/binderfs") = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555572ce660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555572ce660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 getdents64(3, 0x5555572c6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555572c55d0) = 5044 [ 42.559072][ T5024] syz-executor380 (5024) used greatest stack depth: 22600 bytes left ./strace-static-x86_64: Process 5044 attached [pid 5044] set_robust_list(0x5555572c55e0, 24) = 0 [pid 5044] chdir("./2") = 0 [pid 5044] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5044] setpgid(0, 0) = 0 [pid 5044] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5044] write(3, "1000", 4) = 4 [pid 5044] close(3) = 0 [pid 5044] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5044] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5044] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f976f0bd000 [pid 5044] mprotect(0x7f976f0be000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5044] clone(child_stack=0x7f976f0dd3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5045 attached , parent_tid=[5045], tls=0x7f976f0dd700, child_tidptr=0x7f976f0dd9d0) = 5045 [pid 5045] set_robust_list(0x7f976f0dd9e0, 24) = 0 [pid 5045] futex(0x7f976f1bb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5044] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5045] <... futex resumed>) = 0 [pid 5044] <... futex resumed>) = 1 [pid 5044] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5045] memfd_create("syzkaller", 0) = 3 [pid 5045] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9766cbd000 [pid 5045] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5045] munmap(0x7f9766cbd000, 16777216) = 0 [pid 5045] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5045] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5045] close(3) = 0 [pid 5045] mkdir("./file0", 0777) = 0 [ 42.726262][ T5045] loop0: detected capacity change from 0 to 32768 [ 42.735686][ T5045] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor380 (5045) [ 42.750362][ T5045] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 42.759125][ T5045] BTRFS info (device loop0): turning on flush-on-commit [ 42.766061][ T5045] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 42.776776][ T5045] BTRFS info (device loop0): trying to use backup root at mount time [ 42.784875][ T5045] BTRFS info (device loop0): using free space tree [ 42.797543][ T10] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 42.810836][ T5045] BTRFS warning (device loop0): couldn't read tree root [pid 5045] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5045] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5045] chdir("./file0") = 0 [pid 5045] ioctl(4, LOOP_CLR_FD) = 0 [pid 5045] close(4) = 0 [pid 5045] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5044] <... futex resumed>) = 0 [pid 5045] futex(0x7f976f1bb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5044] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5044] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5045] <... futex resumed>) = 0 [pid 5045] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5045] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5044] <... futex resumed>) = 0 [ 42.821855][ T5045] BTRFS info (device loop0): enabling ssd optimizations [ 42.829398][ T5045] BTRFS info (device loop0): rebuilding free space tree [pid 5044] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5044] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5045] <... futex resumed>) = 1 [pid 5045] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0) = 0 [pid 5045] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5044] <... futex resumed>) = 0 [pid 5045] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5044] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5044] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5044] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5044] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9767c9c000 [pid 5044] mprotect(0x7f9767c9d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5044] clone(child_stack=0x7f9767cbc3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5063], tls=0x7f9767cbc700, child_tidptr=0x7f9767cbc9d0) = 5063 [pid 5044] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5044] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5063 attached [pid 5063] set_robust_list(0x7f9767cbc9e0, 24) = 0 [ 42.857602][ T27] audit: type=1800 audit(1684882191.981:4): pid=5045 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor380" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 42.884103][ T5045] BTRFS info (device loop0): balance: start -d -m [ 42.892871][ T5045] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 42.911840][ T5045] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5063] open(".", O_RDONLY) = 5 [pid 5063] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5044] <... futex resumed>) = 0 [pid 5044] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5044] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5063] <... futex resumed>) = 1 [pid 5063] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [pid 5044] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5044] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5063] <... ioctl resumed>) = 0 [pid 5063] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 42.939358][ T5045] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 42.978725][ T5045] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5063] futex(0x7f976f1bb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5045] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5045] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5044] exit_group(0) = ? [pid 5063] <... futex resumed>) = ? [pid 5063] +++ exited with 0 +++ [pid 5045] +++ exited with 0 +++ [pid 5044] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5044, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555572c6620 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./2/binderfs") = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555572ce660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555572ce660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 getdents64(3, 0x5555572c6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 [ 43.020823][ T5045] BTRFS info (device loop0): balance: ended with status: 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555572c55d0) = 5064 ./strace-static-x86_64: Process 5064 attached [pid 5064] set_robust_list(0x5555572c55e0, 24) = 0 [pid 5064] chdir("./3") = 0 [pid 5064] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5064] setpgid(0, 0) = 0 [pid 5064] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5064] write(3, "1000", 4) = 4 [pid 5064] close(3) = 0 [pid 5064] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5064] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5064] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f976f0bd000 [pid 5064] mprotect(0x7f976f0be000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5064] clone(child_stack=0x7f976f0dd3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5065 attached , parent_tid=[5065], tls=0x7f976f0dd700, child_tidptr=0x7f976f0dd9d0) = 5065 [pid 5065] set_robust_list(0x7f976f0dd9e0, 24) = 0 [pid 5065] futex(0x7f976f1bb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5064] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5065] <... futex resumed>) = 0 [pid 5064] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5065] memfd_create("syzkaller", 0) = 3 [pid 5065] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9766cbd000 [pid 5065] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5065] munmap(0x7f9766cbd000, 16777216) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5065] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5065] close(3) = 0 [pid 5065] mkdir("./file0", 0777) = 0 [ 43.194426][ T5065] loop0: detected capacity change from 0 to 32768 [ 43.203842][ T5065] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor380 (5065) [ 43.219704][ T5065] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 43.228415][ T5065] BTRFS info (device loop0): turning on flush-on-commit [ 43.235332][ T5065] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 43.245946][ T5065] BTRFS info (device loop0): trying to use backup root at mount time [ 43.254066][ T5065] BTRFS info (device loop0): using free space tree [ 43.266350][ T41] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 43.279559][ T5065] BTRFS warning (device loop0): couldn't read tree root [pid 5065] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5065] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5065] chdir("./file0") = 0 [pid 5065] ioctl(4, LOOP_CLR_FD) = 0 [pid 5065] close(4) = 0 [pid 5065] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5064] <... futex resumed>) = 0 [pid 5065] futex(0x7f976f1bb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5064] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5065] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5064] <... futex resumed>) = 0 [pid 5064] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5065] <... open resumed>) = 4 [pid 5065] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5065] futex(0x7f976f1bb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5064] <... futex resumed>) = 0 [pid 5064] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] <... futex resumed>) = 0 [pid 5064] <... futex resumed>) = 1 [pid 5065] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0 [pid 5064] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5065] <... ioctl resumed>) = 0 [pid 5065] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5064] <... futex resumed>) = 0 [pid 5065] futex(0x7f976f1bb7a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5064] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5064] <... futex resumed>) = 0 [ 43.289513][ T5065] BTRFS info (device loop0): enabling ssd optimizations [ 43.297340][ T5065] BTRFS info (device loop0): rebuilding free space tree [ 43.323331][ T27] audit: type=1800 audit(1684882192.441:5): pid=5065 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor380" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5064] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5064] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5064] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9767c9c000 [pid 5064] mprotect(0x7f9767c9d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5064] clone(child_stack=0x7f9767cbc3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5083], tls=0x7f9767cbc700, child_tidptr=0x7f9767cbc9d0) = 5083 [pid 5064] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5064] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5083 attached [pid 5083] set_robust_list(0x7f9767cbc9e0, 24) = 0 [pid 5083] open(".", O_RDONLY) = 5 [pid 5083] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5064] <... futex resumed>) = 0 [pid 5083] futex(0x7f976f1bb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5064] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5083] <... futex resumed>) = 0 [pid 5083] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [ 43.350125][ T5065] BTRFS info (device loop0): balance: start -d -m [ 43.359082][ T5065] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 43.380012][ T5065] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5064] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... ioctl resumed>) = 0 [pid 5083] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5064] <... futex resumed>) = 0 [ 43.434449][ T5065] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 43.469210][ T5065] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5083] futex(0x7f976f1bb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5065] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5065] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5065] futex(0x7f976f1bb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5064] exit_group(0) = ? [pid 5083] <... futex resumed>) = ? [pid 5065] <... futex resumed>) = ? [pid 5083] +++ exited with 0 +++ [pid 5065] +++ exited with 0 +++ [pid 5064] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5064, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555572c6620 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./3/binderfs") = 0 [ 43.486823][ T5065] BTRFS info (device loop0): balance: ended with status: 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555572ce660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555572ce660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 getdents64(3, 0x5555572c6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555572c55d0) = 5084 ./strace-static-x86_64: Process 5084 attached [pid 5084] set_robust_list(0x5555572c55e0, 24) = 0 [pid 5084] chdir("./4") = 0 [pid 5084] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5084] setpgid(0, 0) = 0 [pid 5084] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5084] write(3, "1000", 4) = 4 [pid 5084] close(3) = 0 [pid 5084] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5084] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f976f0bd000 [pid 5084] mprotect(0x7f976f0be000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5084] clone(child_stack=0x7f976f0dd3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5085 attached [pid 5085] set_robust_list(0x7f976f0dd9e0, 24) = 0 [pid 5085] futex(0x7f976f1bb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5084] <... clone resumed>, parent_tid=[5085], tls=0x7f976f0dd700, child_tidptr=0x7f976f0dd9d0) = 5085 [pid 5084] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5085] <... futex resumed>) = 0 [pid 5084] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5085] memfd_create("syzkaller", 0) = 3 [pid 5085] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9766cbd000 [pid 5085] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5085] munmap(0x7f9766cbd000, 16777216) = 0 [pid 5085] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5085] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5085] close(3) = 0 [pid 5085] mkdir("./file0", 0777) = 0 [ 43.694495][ T5085] loop0: detected capacity change from 0 to 32768 [ 43.703608][ T5085] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor380 (5085) [ 43.718462][ T5085] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 43.727194][ T5085] BTRFS info (device loop0): turning on flush-on-commit [ 43.734143][ T5085] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 43.744788][ T5085] BTRFS info (device loop0): trying to use backup root at mount time [ 43.752879][ T5085] BTRFS info (device loop0): using free space tree [ 43.765569][ T41] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 43.778987][ T5085] BTRFS warning (device loop0): couldn't read tree root [pid 5085] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5085] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5085] chdir("./file0") = 0 [pid 5085] ioctl(4, LOOP_CLR_FD) = 0 [pid 5085] close(4) = 0 [pid 5085] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5084] <... futex resumed>) = 0 [pid 5084] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5085] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5084] <... futex resumed>) = 0 [pid 5085] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0 [pid 5084] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... ioctl resumed>) = 0 [pid 5084] <... futex resumed>) = 0 [pid 5085] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... futex resumed>) = 0 [pid 5084] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5085] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5084] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 43.789754][ T5085] BTRFS info (device loop0): enabling ssd optimizations [ 43.797546][ T5085] BTRFS info (device loop0): rebuilding free space tree [ 43.821320][ T27] audit: type=1800 audit(1684882192.941:6): pid=5085 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor380" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5084] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5084] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5084] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9767c9c000 [pid 5084] mprotect(0x7f9767c9d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5084] clone(child_stack=0x7f9767cbc3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5103], tls=0x7f9767cbc700, child_tidptr=0x7f9767cbc9d0) = 5103 [pid 5084] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5103 attached [pid 5103] set_robust_list(0x7f9767cbc9e0, 24) = 0 [pid 5103] open(".", O_RDONLY) = 5 [pid 5103] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... futex resumed>) = 0 [pid 5103] <... futex resumed>) = 1 [pid 5084] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5103] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [pid 5084] <... futex resumed>) = 0 [ 43.849791][ T5085] BTRFS info (device loop0): balance: start -d -m [ 43.857545][ T5085] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 43.877752][ T5085] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5084] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5084] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5103] <... ioctl resumed>) = 0 [pid 5103] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 43.927474][ T5085] BTRFS info (device loop0): found 10 extents, stage: move data extents [pid 5103] futex(0x7f976f1bb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5085] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5085] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5085] futex(0x7f976f1bb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5084] exit_group(0 [pid 5103] <... futex resumed>) = ? [pid 5084] <... exit_group resumed>) = ? [pid 5103] +++ exited with 0 +++ [pid 5085] <... futex resumed>) = ? [pid 5085] +++ exited with 0 +++ [pid 5084] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5084, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=25 /* 0.25 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555572c6620 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./4/binderfs") = 0 [ 43.968657][ T5085] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 43.985514][ T5085] BTRFS info (device loop0): balance: ended with status: 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555572ce660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555572ce660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 getdents64(3, 0x5555572c6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555572c55d0) = 5104 ./strace-static-x86_64: Process 5104 attached [pid 5104] set_robust_list(0x5555572c55e0, 24) = 0 [pid 5104] chdir("./5") = 0 [pid 5104] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5104] setpgid(0, 0) = 0 [pid 5104] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5104] write(3, "1000", 4) = 4 [pid 5104] close(3) = 0 [pid 5104] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5104] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5104] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f976f0bd000 [pid 5104] mprotect(0x7f976f0be000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5104] clone(child_stack=0x7f976f0dd3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5105], tls=0x7f976f0dd700, child_tidptr=0x7f976f0dd9d0) = 5105 ./strace-static-x86_64: Process 5105 attached [pid 5104] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5105] set_robust_list(0x7f976f0dd9e0, 24 [pid 5104] <... futex resumed>) = 0 [pid 5104] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5105] <... set_robust_list resumed>) = 0 [pid 5105] memfd_create("syzkaller", 0) = 3 [pid 5105] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9766cbd000 [pid 5105] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5105] munmap(0x7f9766cbd000, 16777216) = 0 [pid 5105] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5105] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5105] close(3) = 0 [pid 5105] mkdir("./file0", 0777) = 0 [ 44.183751][ T5105] loop0: detected capacity change from 0 to 32768 [ 44.193939][ T5105] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor380 (5105) [ 44.208817][ T5105] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 44.217586][ T5105] BTRFS info (device loop0): turning on flush-on-commit [ 44.224523][ T5105] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 44.235166][ T5105] BTRFS info (device loop0): trying to use backup root at mount time [ 44.243286][ T5105] BTRFS info (device loop0): using free space tree [ 44.255103][ T41] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 44.268702][ T5105] BTRFS warning (device loop0): couldn't read tree root [pid 5105] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5105] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5105] chdir("./file0") = 0 [pid 5105] ioctl(4, LOOP_CLR_FD) = 0 [pid 5105] close(4) = 0 [pid 5105] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5104] <... futex resumed>) = 0 [pid 5105] <... futex resumed>) = 1 [pid 5104] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5105] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5104] <... futex resumed>) = 0 [pid 5104] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5105] <... open resumed>) = 4 [pid 5105] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5104] <... futex resumed>) = 0 [pid 5104] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5105] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0 [pid 5104] <... futex resumed>) = 0 [pid 5104] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5105] <... ioctl resumed>) = 0 [pid 5105] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5104] <... futex resumed>) = 0 [pid 5105] futex(0x7f976f1bb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5104] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5105] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5104] <... futex resumed>) = 0 [pid 5105] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 44.278883][ T5105] BTRFS info (device loop0): enabling ssd optimizations [ 44.286413][ T5105] BTRFS info (device loop0): rebuilding free space tree [ 44.308912][ T27] audit: type=1800 audit(1684882193.431:7): pid=5105 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor380" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5104] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5104] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5104] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9767c9c000 [pid 5104] mprotect(0x7f9767c9d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5104] clone(child_stack=0x7f9767cbc3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5123 attached , parent_tid=[5123], tls=0x7f9767cbc700, child_tidptr=0x7f9767cbc9d0) = 5123 [pid 5104] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5104] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5123] set_robust_list(0x7f9767cbc9e0, 24) = 0 [pid 5123] open(".", O_RDONLY) = 5 [pid 5123] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5104] <... futex resumed>) = 0 [pid 5104] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5123] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [pid 5104] <... futex resumed>) = 0 [ 44.338083][ T5105] BTRFS info (device loop0): balance: start -d -m [ 44.345192][ T5105] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 44.364543][ T5105] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5104] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5123] <... ioctl resumed>) = 0 [pid 5123] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 44.422414][ T5105] BTRFS info (device loop0): found 10 extents, stage: move data extents [pid 5123] futex(0x7f976f1bb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5105] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5105] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5105] futex(0x7f976f1bb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5104] exit_group(0 [pid 5123] <... futex resumed>) = ? [pid 5104] <... exit_group resumed>) = ? [pid 5123] +++ exited with 0 +++ [pid 5105] <... futex resumed>) = ? [pid 5105] +++ exited with 0 +++ [pid 5104] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5104, si_uid=0, si_status=0, si_utime=0, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555572c6620 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./5/binderfs") = 0 [ 44.462818][ T5105] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 44.480485][ T5105] BTRFS info (device loop0): balance: ended with status: 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555572ce660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555572ce660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 getdents64(3, 0x5555572c6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5124 attached , child_tidptr=0x5555572c55d0) = 5124 [pid 5124] set_robust_list(0x5555572c55e0, 24) = 0 [pid 5124] chdir("./6") = 0 [pid 5124] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5124] setpgid(0, 0) = 0 [pid 5124] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5124] write(3, "1000", 4) = 4 [pid 5124] close(3) = 0 [pid 5124] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5124] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5124] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f976f0bd000 [pid 5124] mprotect(0x7f976f0be000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5124] clone(child_stack=0x7f976f0dd3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5125], tls=0x7f976f0dd700, child_tidptr=0x7f976f0dd9d0) = 5125 [pid 5124] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5124] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5125 attached [pid 5125] set_robust_list(0x7f976f0dd9e0, 24) = 0 [pid 5125] memfd_create("syzkaller", 0) = 3 [pid 5125] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9766cbd000 [pid 5125] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5125] munmap(0x7f9766cbd000, 16777216) = 0 [pid 5125] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5125] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5125] close(3) = 0 [pid 5125] mkdir("./file0", 0777) = 0 [ 44.666343][ T5125] loop0: detected capacity change from 0 to 32768 [ 44.675502][ T5125] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor380 (5125) [ 44.690322][ T5125] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 44.699147][ T5125] BTRFS info (device loop0): turning on flush-on-commit [ 44.706111][ T5125] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 44.717113][ T5125] BTRFS info (device loop0): trying to use backup root at mount time [ 44.725394][ T5125] BTRFS info (device loop0): using free space tree [ 44.738390][ T41] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 44.751680][ T5125] BTRFS warning (device loop0): couldn't read tree root [pid 5125] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5125] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5125] chdir("./file0") = 0 [pid 5125] ioctl(4, LOOP_CLR_FD) = 0 [pid 5125] close(4) = 0 [pid 5125] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5124] <... futex resumed>) = 0 [pid 5124] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5125] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5124] <... futex resumed>) = 0 [pid 5124] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5125] <... open resumed>) = 4 [pid 5125] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5124] <... futex resumed>) = 0 [pid 5124] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5125] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0 [pid 5124] <... futex resumed>) = 0 [pid 5124] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5125] <... ioctl resumed>) = 0 [pid 5125] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5124] <... futex resumed>) = 0 [pid 5125] futex(0x7f976f1bb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5124] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5125] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5124] <... futex resumed>) = 0 [pid 5124] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 44.761880][ T5125] BTRFS info (device loop0): enabling ssd optimizations [ 44.770165][ T5125] BTRFS info (device loop0): rebuilding free space tree [ 44.791738][ T27] audit: type=1800 audit(1684882193.911:8): pid=5125 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor380" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5125] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5124] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5124] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5124] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5124] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9767c9c000 [pid 5124] mprotect(0x7f9767c9d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5124] clone(child_stack=0x7f9767cbc3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5143], tls=0x7f9767cbc700, child_tidptr=0x7f9767cbc9d0) = 5143 [pid 5124] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5124] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5143 attached [pid 5143] set_robust_list(0x7f9767cbc9e0, 24) = 0 [pid 5143] open(".", O_RDONLY) = 5 [pid 5143] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5124] <... futex resumed>) = 0 [pid 5124] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5124] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5143] <... futex resumed>) = 1 [ 44.820284][ T5125] BTRFS info (device loop0): balance: start -d -m [ 44.829432][ T5125] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 44.850096][ T5125] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5143] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0}) = 0 [pid 5143] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5124] <... futex resumed>) = 0 [pid 5143] futex(0x7f976f1bb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5125] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5125] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5124] exit_group(0 [pid 5143] <... futex resumed>) = ? [pid 5124] <... exit_group resumed>) = ? [pid 5143] +++ exited with 0 +++ [pid 5125] +++ exited with 0 +++ [pid 5124] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5124, si_uid=0, si_status=0, si_utime=0, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555572c6620 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./6/binderfs") = 0 [ 44.918431][ T5125] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 44.938371][ T5125] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 44.955992][ T5125] BTRFS info (device loop0): balance: ended with status: 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555572ce660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555572ce660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 getdents64(3, 0x5555572c6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5144 attached , child_tidptr=0x5555572c55d0) = 5144 [pid 5144] set_robust_list(0x5555572c55e0, 24) = 0 [pid 5144] chdir("./7") = 0 [pid 5144] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5144] setpgid(0, 0) = 0 [pid 5144] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5144] write(3, "1000", 4) = 4 [pid 5144] close(3) = 0 [pid 5144] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5144] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f976f0bd000 [pid 5144] mprotect(0x7f976f0be000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5144] clone(child_stack=0x7f976f0dd3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5145], tls=0x7f976f0dd700, child_tidptr=0x7f976f0dd9d0) = 5145 [pid 5144] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5145 attached [pid 5145] set_robust_list(0x7f976f0dd9e0, 24) = 0 [pid 5145] memfd_create("syzkaller", 0) = 3 [pid 5145] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9766cbd000 [pid 5145] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5145] munmap(0x7f9766cbd000, 16777216) = 0 [pid 5145] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5145] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5145] close(3) = 0 [pid 5145] mkdir("./file0", 0777) = 0 [ 45.131373][ T5145] loop0: detected capacity change from 0 to 32768 [ 45.140231][ T5145] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor380 (5145) [ 45.154857][ T5145] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 45.163637][ T5145] BTRFS info (device loop0): turning on flush-on-commit [ 45.170626][ T5145] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 45.181262][ T5145] BTRFS info (device loop0): trying to use backup root at mount time [ 45.189368][ T5145] BTRFS info (device loop0): using free space tree [ 45.201949][ T12] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 45.215212][ T5145] BTRFS warning (device loop0): couldn't read tree root [pid 5145] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5145] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5145] chdir("./file0") = 0 [pid 5145] ioctl(4, LOOP_CLR_FD) = 0 [pid 5145] close(4) = 0 [pid 5145] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5144] <... futex resumed>) = 0 [pid 5144] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5145] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5144] <... futex resumed>) = 0 [pid 5144] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] <... open resumed>) = 4 [pid 5145] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5144] <... futex resumed>) = 0 [pid 5144] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] <... futex resumed>) = 1 [pid 5145] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0) = 0 [pid 5145] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5144] <... futex resumed>) = 0 [pid 5144] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] <... futex resumed>) = 1 [ 45.225461][ T5145] BTRFS info (device loop0): enabling ssd optimizations [ 45.233078][ T5145] BTRFS info (device loop0): rebuilding free space tree [ 45.256553][ T27] audit: type=1800 audit(1684882194.371:9): pid=5145 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor380" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5145] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5144] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5144] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9767c9c000 [pid 5144] mprotect(0x7f9767c9d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5144] clone(child_stack=0x7f9767cbc3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5163], tls=0x7f9767cbc700, child_tidptr=0x7f9767cbc9d0) = 5163 [pid 5144] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5163 attached [pid 5163] set_robust_list(0x7f9767cbc9e0, 24) = 0 [pid 5163] open(".", O_RDONLY) = 5 [pid 5163] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5144] <... futex resumed>) = 0 [pid 5163] futex(0x7f976f1bb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5144] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5163] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5144] <... futex resumed>) = 0 [pid 5163] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [ 45.273449][ T5145] BTRFS info (device loop0): balance: start -d -m [ 45.292059][ T5145] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 45.313791][ T5145] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5144] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5144] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5163] <... ioctl resumed>) = 0 [pid 5163] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5163] futex(0x7f976f1bb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5145] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5145] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5145] futex(0x7f976f1bb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5144] exit_group(0 [pid 5163] <... futex resumed>) = ? [pid 5144] <... exit_group resumed>) = ? [pid 5163] +++ exited with 0 +++ [pid 5145] <... futex resumed>) = ? [pid 5145] +++ exited with 0 +++ [pid 5144] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5144, si_uid=0, si_status=0, si_utime=0, si_stime=25 /* 0.25 s */} --- umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555572c6620 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./7/binderfs") = 0 [ 45.402700][ T5145] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 45.421725][ T5145] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 45.439209][ T5145] BTRFS info (device loop0): balance: ended with status: 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555572ce660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555572ce660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 getdents64(3, 0x5555572c6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555572c55d0) = 5169 ./strace-static-x86_64: Process 5169 attached [pid 5169] set_robust_list(0x5555572c55e0, 24) = 0 [pid 5169] chdir("./8") = 0 [pid 5169] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5169] setpgid(0, 0) = 0 [pid 5169] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5169] write(3, "1000", 4) = 4 [pid 5169] close(3) = 0 [pid 5169] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5169] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5169] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f976f0bd000 [pid 5169] mprotect(0x7f976f0be000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5169] clone(child_stack=0x7f976f0dd3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5170 attached [pid 5170] set_robust_list(0x7f976f0dd9e0, 24) = 0 [pid 5170] futex(0x7f976f1bb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5169] <... clone resumed>, parent_tid=[5170], tls=0x7f976f0dd700, child_tidptr=0x7f976f0dd9d0) = 5170 [pid 5169] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5170] <... futex resumed>) = 0 [pid 5169] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5170] memfd_create("syzkaller", 0) = 3 [pid 5170] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9766cbd000 [pid 5170] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5170] munmap(0x7f9766cbd000, 16777216) = 0 [pid 5170] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5170] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5170] close(3) = 0 [pid 5170] mkdir("./file0", 0777) = 0 [ 45.638264][ T5170] loop0: detected capacity change from 0 to 32768 [ 45.647477][ T5170] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor380 (5170) [ 45.662362][ T5170] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 45.671247][ T5170] BTRFS info (device loop0): turning on flush-on-commit [pid 5170] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5170] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5170] chdir("./file0") = 0 [pid 5170] ioctl(4, LOOP_CLR_FD) = 0 [pid 5170] close(4) = 0 [pid 5170] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5169] <... futex resumed>) = 0 [pid 5170] <... futex resumed>) = 1 [pid 5169] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5170] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5169] <... futex resumed>) = 0 [ 45.678228][ T5170] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 45.688858][ T5170] BTRFS info (device loop0): trying to use backup root at mount time [ 45.696938][ T5170] BTRFS info (device loop0): using free space tree [ 45.709289][ T10] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 45.722621][ T5170] BTRFS warning (device loop0): couldn't read tree root [pid 5169] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5170] <... open resumed>) = 4 [pid 5170] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5169] <... futex resumed>) = 0 [pid 5169] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5170] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0 [pid 5169] <... futex resumed>) = 0 [pid 5169] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5170] <... ioctl resumed>) = 0 [pid 5170] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5169] <... futex resumed>) = 0 [pid 5169] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5170] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5169] <... futex resumed>) = 0 [ 45.747726][ T27] audit: type=1800 audit(1684882194.871:10): pid=5170 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor380" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5169] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5169] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5169] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9767c9c000 [pid 5169] mprotect(0x7f9767c9d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5169] clone(child_stack=0x7f9767cbc3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5188], tls=0x7f9767cbc700, child_tidptr=0x7f9767cbc9d0) = 5188 [pid 5169] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5169] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5188 attached [pid 5188] set_robust_list(0x7f9767cbc9e0, 24) = 0 [pid 5188] open(".", O_RDONLY) = 5 [pid 5188] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5169] <... futex resumed>) = 0 [pid 5169] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5169] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5188] <... futex resumed>) = 1 [pid 5188] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [pid 5169] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5169] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5188] <... ioctl resumed>) = 0 [pid 5188] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5188] futex(0x7f976f1bb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5170] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5170] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5170] futex(0x7f976f1bb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5169] exit_group(0 [pid 5188] <... futex resumed>) = ? [pid 5169] <... exit_group resumed>) = ? [pid 5188] +++ exited with 0 +++ [pid 5170] <... futex resumed>) = ? [pid 5170] +++ exited with 0 +++ [pid 5169] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5169, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=18 /* 0.18 s */} --- umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555572c6620 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./8/binderfs") = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555572ce660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555572ce660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = 0 getdents64(3, 0x5555572c6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555572c55d0) = 5189 ./strace-static-x86_64: Process 5189 attached [pid 5189] set_robust_list(0x5555572c55e0, 24) = 0 [pid 5189] chdir("./9") = 0 [pid 5189] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5189] setpgid(0, 0) = 0 [pid 5189] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5189] write(3, "1000", 4) = 4 [pid 5189] close(3) = 0 [pid 5189] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5189] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5189] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f976f0bd000 [pid 5189] mprotect(0x7f976f0be000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5189] clone(child_stack=0x7f976f0dd3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5190], tls=0x7f976f0dd700, child_tidptr=0x7f976f0dd9d0) = 5190 [pid 5189] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5189] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5190 attached [pid 5190] set_robust_list(0x7f976f0dd9e0, 24) = 0 [pid 5190] memfd_create("syzkaller", 0) = 3 [pid 5190] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9766cbd000 [pid 5190] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5190] munmap(0x7f9766cbd000, 16777216) = 0 [pid 5190] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5190] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5190] close(3) = 0 [pid 5190] mkdir("./file0", 0777) = 0 [ 46.109363][ T5190] loop0: detected capacity change from 0 to 32768 [ 46.119036][ T5190] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor380 (5190) [ 46.133782][ T5190] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [pid 5190] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5190] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5190] chdir("./file0") = 0 [pid 5190] ioctl(4, LOOP_CLR_FD) = 0 [pid 5190] close(4) = 0 [pid 5190] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5189] <... futex resumed>) = 0 [pid 5189] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5189] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5190] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5190] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5189] <... futex resumed>) = 0 [pid 5190] futex(0x7f976f1bb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5189] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5190] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5189] <... futex resumed>) = 0 [pid 5190] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0 [pid 5189] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5190] <... ioctl resumed>) = 0 [ 46.150735][ T12] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 46.163954][ T5190] BTRFS warning (device loop0): couldn't read tree root [pid 5190] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5189] <... futex resumed>) = 0 [pid 5190] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5189] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 46.190456][ T27] audit: type=1800 audit(1684882195.311:11): pid=5190 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor380" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5189] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5189] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5189] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9767c9c000 [pid 5189] mprotect(0x7f9767c9d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5189] clone(child_stack=0x7f9767cbc3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5208], tls=0x7f9767cbc700, child_tidptr=0x7f9767cbc9d0) = 5208 [pid 5189] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5189] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5208 attached [pid 5208] set_robust_list(0x7f9767cbc9e0, 24) = 0 [pid 5208] open(".", O_RDONLY) = 5 [pid 5208] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5189] <... futex resumed>) = 0 [pid 5208] futex(0x7f976f1bb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5189] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5208] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5189] <... futex resumed>) = 0 [pid 5208] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [pid 5189] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5189] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5208] <... ioctl resumed>) = 0 [pid 5208] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5190] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5208] futex(0x7f976f1bb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5190] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5190] futex(0x7f976f1bb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5189] exit_group(0 [pid 5208] <... futex resumed>) = ? [pid 5190] <... futex resumed>) = ? [pid 5189] <... exit_group resumed>) = ? [pid 5190] +++ exited with 0 +++ [pid 5208] +++ exited with 0 +++ [pid 5189] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5189, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=17 /* 0.17 s */} --- umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555572c6620 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./9/binderfs") = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555572ce660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555572ce660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file0") = 0 getdents64(3, 0x5555572c6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555572c55d0) = 5209 ./strace-static-x86_64: Process 5209 attached [pid 5209] set_robust_list(0x5555572c55e0, 24) = 0 [pid 5209] chdir("./10") = 0 [pid 5209] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5209] setpgid(0, 0) = 0 [pid 5209] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5209] write(3, "1000", 4) = 4 [pid 5209] close(3) = 0 [pid 5209] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5209] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5209] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f976f0bd000 [pid 5209] mprotect(0x7f976f0be000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5209] clone(child_stack=0x7f976f0dd3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5210], tls=0x7f976f0dd700, child_tidptr=0x7f976f0dd9d0) = 5210 ./strace-static-x86_64: Process 5210 attached [pid 5210] set_robust_list(0x7f976f0dd9e0, 24) = 0 [pid 5210] futex(0x7f976f1bb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5209] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5210] <... futex resumed>) = 0 [pid 5210] memfd_create("syzkaller", 0 [pid 5209] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5210] <... memfd_create resumed>) = 3 [pid 5210] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9766cbd000 [pid 5210] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5210] munmap(0x7f9766cbd000, 16777216) = 0 [pid 5210] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5210] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5210] close(3) = 0 [pid 5210] mkdir("./file0", 0777) = 0 [pid 5210] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5210] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5210] chdir("./file0") = 0 [pid 5210] ioctl(4, LOOP_CLR_FD) = 0 [pid 5210] close(4) = 0 [pid 5210] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5209] <... futex resumed>) = 0 [pid 5209] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5209] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5210] <... futex resumed>) = 1 [pid 5210] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5210] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5209] <... futex resumed>) = 0 [pid 5209] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5209] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5210] <... futex resumed>) = 1 [pid 5210] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0) = 0 [pid 5210] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5209] <... futex resumed>) = 0 [pid 5209] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5209] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5210] <... futex resumed>) = 1 [ 46.518349][ T5210] loop0: detected capacity change from 0 to 32768 [ 46.527486][ T5210] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor380 (5210) [ 46.542397][ T5210] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 46.559246][ T5210] BTRFS warning (device loop0): couldn't read tree root [pid 5210] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5209] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5209] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5209] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5209] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9767c9c000 [pid 5209] mprotect(0x7f9767c9d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5209] clone(child_stack=0x7f9767cbc3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5228], tls=0x7f9767cbc700, child_tidptr=0x7f9767cbc9d0) = 5228 [pid 5209] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5209] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5228 attached [pid 5228] set_robust_list(0x7f9767cbc9e0, 24) = 0 [pid 5228] open(".", O_RDONLY) = 5 [pid 5228] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5209] <... futex resumed>) = 0 [pid 5209] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5209] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5228] <... futex resumed>) = 1 [pid 5228] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [pid 5210] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5210] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5210] futex(0x7f976f1bb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5209] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5209] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5228] <... ioctl resumed>) = 0 [pid 5228] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5228] futex(0x7f976f1bb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5209] exit_group(0 [pid 5210] <... futex resumed>) = ? [pid 5209] <... exit_group resumed>) = ? [pid 5228] <... futex resumed>) = ? [pid 5228] +++ exited with 0 +++ [pid 5210] +++ exited with 0 +++ [pid 5209] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5209, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555572c6620 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./10/binderfs") = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555572ce660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555572ce660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file0") = 0 getdents64(3, 0x5555572c6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5229 attached , child_tidptr=0x5555572c55d0) = 5229 [pid 5229] set_robust_list(0x5555572c55e0, 24) = 0 [pid 5229] chdir("./11") = 0 [pid 5229] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5229] setpgid(0, 0) = 0 [pid 5229] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5229] write(3, "1000", 4) = 4 [pid 5229] close(3) = 0 [pid 5229] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5229] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5229] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f976f0bd000 [pid 5229] mprotect(0x7f976f0be000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5229] clone(child_stack=0x7f976f0dd3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5230 attached , parent_tid=[5230], tls=0x7f976f0dd700, child_tidptr=0x7f976f0dd9d0) = 5230 [pid 5230] set_robust_list(0x7f976f0dd9e0, 24) = 0 [pid 5230] futex(0x7f976f1bb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5229] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5230] <... futex resumed>) = 0 [pid 5229] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5230] memfd_create("syzkaller", 0) = 3 [pid 5230] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9766cbd000 [pid 5230] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5230] munmap(0x7f9766cbd000, 16777216) = 0 [pid 5230] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5230] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5230] close(3) = 0 [pid 5230] mkdir("./file0", 0777) = 0 [ 46.904012][ T5230] loop0: detected capacity change from 0 to 32768 [ 46.912928][ T5230] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor380 (5230) [ 46.928147][ T5230] _btrfs_printk: 32 callbacks suppressed [ 46.928156][ T5230] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 46.942811][ T5230] BTRFS info (device loop0): turning on flush-on-commit [ 46.949971][ T5230] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 46.960637][ T5230] BTRFS info (device loop0): trying to use backup root at mount time [ 46.968838][ T5230] BTRFS info (device loop0): using free space tree [ 46.981359][ T10] validate_extent_buffer: 1 callbacks suppressed [ 46.981372][ T10] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [pid 5230] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5230] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5230] chdir("./file0") = 0 [pid 5230] ioctl(4, LOOP_CLR_FD) = 0 [pid 5230] close(4) = 0 [pid 5230] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5229] <... futex resumed>) = 0 [pid 5229] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5229] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5230] <... futex resumed>) = 1 [pid 5230] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5230] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5229] <... futex resumed>) = 0 [pid 5229] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5229] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5230] <... futex resumed>) = 1 [pid 5230] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0) = 0 [pid 5230] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5229] <... futex resumed>) = 0 [pid 5229] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5229] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5230] <... futex resumed>) = 1 [ 47.001324][ T5230] BTRFS warning (device loop0): couldn't read tree root [ 47.011883][ T5230] BTRFS info (device loop0): enabling ssd optimizations [ 47.019497][ T5230] BTRFS info (device loop0): rebuilding free space tree [ 47.041356][ T27] kauditd_printk_skb: 1 callbacks suppressed [pid 5230] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5229] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5229] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5229] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9767c9c000 [pid 5229] mprotect(0x7f9767c9d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5229] clone(child_stack=0x7f9767cbc3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5248], tls=0x7f9767cbc700, child_tidptr=0x7f9767cbc9d0) = 5248 [pid 5229] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5229] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5248 attached [pid 5248] set_robust_list(0x7f9767cbc9e0, 24) = 0 [pid 5248] open(".", O_RDONLY) = 5 [pid 5248] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5229] <... futex resumed>) = 0 [pid 5248] futex(0x7f976f1bb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5229] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5248] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5229] <... futex resumed>) = 0 [pid 5248] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [ 47.041372][ T27] audit: type=1800 audit(1684882196.161:13): pid=5230 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor380" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 47.078701][ T5230] BTRFS info (device loop0): balance: start -d -m [ 47.086142][ T5230] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5229] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5229] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5248] <... ioctl resumed>) = 0 [pid 5248] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 47.171740][ T5230] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 47.199392][ T5230] BTRFS info (device loop0): found 10 extents, stage: move data extents [pid 5248] futex(0x7f976f1bb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5230] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5230] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5230] futex(0x7f976f1bb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5229] exit_group(0 [pid 5248] <... futex resumed>) = ? [pid 5230] <... futex resumed>) = ? [pid 5229] <... exit_group resumed>) = ? [pid 5248] +++ exited with 0 +++ [pid 5230] +++ exited with 0 +++ [pid 5229] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5229, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=29 /* 0.29 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555572c6620 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./11/binderfs") = 0 [ 47.217119][ T5230] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 47.234157][ T5230] BTRFS info (device loop0): balance: ended with status: 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555572ce660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555572ce660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file0") = 0 getdents64(3, 0x5555572c6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5249 attached [pid 5249] set_robust_list(0x5555572c55e0, 24) = 0 [pid 4997] <... clone resumed>, child_tidptr=0x5555572c55d0) = 5249 [pid 5249] chdir("./12") = 0 [pid 5249] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5249] setpgid(0, 0) = 0 [pid 5249] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5249] write(3, "1000", 4) = 4 [pid 5249] close(3) = 0 [pid 5249] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5249] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5249] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f976f0bd000 [pid 5249] mprotect(0x7f976f0be000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5249] clone(child_stack=0x7f976f0dd3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5250], tls=0x7f976f0dd700, child_tidptr=0x7f976f0dd9d0) = 5250 [pid 5249] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5249] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5250 attached [pid 5250] set_robust_list(0x7f976f0dd9e0, 24) = 0 [pid 5250] memfd_create("syzkaller", 0) = 3 [pid 5250] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9766cbd000 [pid 5250] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5250] munmap(0x7f9766cbd000, 16777216) = 0 [pid 5250] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5250] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5250] close(3) = 0 [pid 5250] mkdir("./file0", 0777) = 0 [ 47.410723][ T5250] loop0: detected capacity change from 0 to 32768 [ 47.419928][ T5250] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor380 (5250) [ 47.434369][ T5250] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 47.443103][ T5250] BTRFS info (device loop0): turning on flush-on-commit [ 47.450186][ T5250] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 47.460851][ T5250] BTRFS info (device loop0): trying to use backup root at mount time [ 47.469074][ T5250] BTRFS info (device loop0): using free space tree [ 47.482296][ T10] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 47.495627][ T5250] BTRFS warning (device loop0): couldn't read tree root [pid 5250] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5250] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5250] chdir("./file0") = 0 [pid 5250] ioctl(4, LOOP_CLR_FD) = 0 [pid 5250] close(4) = 0 [pid 5250] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5249] <... futex resumed>) = 0 [pid 5249] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5249] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5250] <... futex resumed>) = 1 [pid 5250] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5250] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5249] <... futex resumed>) = 0 [pid 5249] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5249] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5250] <... futex resumed>) = 1 [pid 5250] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0) = 0 [pid 5250] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5249] <... futex resumed>) = 0 [pid 5249] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5249] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5250] <... futex resumed>) = 1 [ 47.505839][ T5250] BTRFS info (device loop0): enabling ssd optimizations [ 47.513530][ T5250] BTRFS info (device loop0): rebuilding free space tree [ 47.530549][ T27] audit: type=1800 audit(1684882196.651:14): pid=5250 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor380" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5250] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5249] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5249] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5249] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9767c9c000 [pid 5249] mprotect(0x7f9767c9d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5249] clone(child_stack=0x7f9767cbc3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5268], tls=0x7f9767cbc700, child_tidptr=0x7f9767cbc9d0) = 5268 [pid 5249] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5249] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5268 attached [pid 5268] set_robust_list(0x7f9767cbc9e0, 24) = 0 [pid 5268] open(".", O_RDONLY) = 5 [pid 5268] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5249] <... futex resumed>) = 0 [pid 5268] futex(0x7f976f1bb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5249] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5268] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5249] <... futex resumed>) = 0 [pid 5268] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [ 47.560661][ T5250] BTRFS info (device loop0): balance: start -d -m [ 47.570483][ T5250] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 47.591519][ T5250] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5249] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5268] <... ioctl resumed>) = 0 [pid 5268] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5249] <... futex resumed>) = 0 [ 47.642208][ T5250] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 47.678162][ T5250] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5268] futex(0x7f976f1bb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5250] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5250] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5250] futex(0x7f976f1bb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5249] exit_group(0) = ? [pid 5268] <... futex resumed>) = ? [pid 5250] <... futex resumed>) = ? [pid 5250] +++ exited with 0 +++ [pid 5268] +++ exited with 0 +++ [pid 5249] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5249, si_uid=0, si_status=0, si_utime=0, si_stime=24 /* 0.24 s */} --- umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555572c6620 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./12/binderfs") = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555572ce660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555572ce660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file0") = 0 getdents64(3, 0x5555572c6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555572c55d0) = 5269 ./strace-static-x86_64: Process 5269 attached [pid 5269] set_robust_list(0x5555572c55e0, 24) = 0 [pid 5269] chdir("./13") = 0 [pid 5269] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5269] setpgid(0, 0) = 0 [pid 5269] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5269] write(3, "1000", 4) = 4 [ 47.694248][ T5250] BTRFS info (device loop0): balance: ended with status: 0 [pid 5269] close(3) = 0 [pid 5269] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5269] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5269] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f976f0bd000 [pid 5269] mprotect(0x7f976f0be000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5269] clone(child_stack=0x7f976f0dd3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5270 attached [pid 5270] set_robust_list(0x7f976f0dd9e0, 24) = 0 [pid 5270] futex(0x7f976f1bb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5269] <... clone resumed>, parent_tid=[5270], tls=0x7f976f0dd700, child_tidptr=0x7f976f0dd9d0) = 5270 [pid 5269] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5270] <... futex resumed>) = 0 [pid 5269] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5270] memfd_create("syzkaller", 0) = 3 [pid 5270] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9766cbd000 [pid 5270] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5270] munmap(0x7f9766cbd000, 16777216) = 0 [pid 5270] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5270] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5270] close(3) = 0 [pid 5270] mkdir("./file0", 0777) = 0 [ 47.859201][ T5270] loop0: detected capacity change from 0 to 32768 [ 47.868686][ T5270] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor380 (5270) [ 47.884526][ T5270] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 47.893295][ T5270] BTRFS info (device loop0): turning on flush-on-commit [ 47.900270][ T5270] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 47.910929][ T5270] BTRFS info (device loop0): trying to use backup root at mount time [ 47.919044][ T5270] BTRFS info (device loop0): using free space tree [ 47.931451][ T10] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 47.945127][ T5270] BTRFS warning (device loop0): couldn't read tree root [pid 5270] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5270] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5270] chdir("./file0") = 0 [pid 5270] ioctl(4, LOOP_CLR_FD) = 0 [pid 5270] close(4) = 0 [pid 5270] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5269] <... futex resumed>) = 0 [pid 5269] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5270] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5269] <... futex resumed>) = 0 [pid 5269] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5270] <... open resumed>) = 4 [pid 5270] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5270] futex(0x7f976f1bb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5269] <... futex resumed>) = 0 [pid 5269] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5270] <... futex resumed>) = 0 [pid 5269] <... futex resumed>) = 1 [pid 5270] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0 [pid 5269] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5270] <... ioctl resumed>) = 0 [pid 5270] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5269] <... futex resumed>) = 0 [pid 5269] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5269] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 47.958584][ T5270] BTRFS info (device loop0): enabling ssd optimizations [ 47.966396][ T5270] BTRFS info (device loop0): rebuilding free space tree [ 47.988105][ T27] audit: type=1800 audit(1684882197.111:15): pid=5270 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor380" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 48.015815][ T5270] BTRFS info (device loop0): balance: start -d -m [ 48.030672][ T5270] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5270] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5269] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5269] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5269] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9767c9c000 [pid 5269] mprotect(0x7f9767c9d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5269] clone(child_stack=0x7f9767cbc3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5288], tls=0x7f9767cbc700, child_tidptr=0x7f9767cbc9d0) = 5288 [pid 5269] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5269] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5288 attached [pid 5288] set_robust_list(0x7f9767cbc9e0, 24) = 0 [pid 5288] open(".", O_RDONLY) = 5 [pid 5288] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5288] futex(0x7f976f1bb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5269] <... futex resumed>) = 0 [pid 5269] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5269] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5288] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 48.056156][ T5270] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5288] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [pid 5269] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5288] <... ioctl resumed>) = 0 [pid 5288] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5288] futex(0x7f976f1bb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5270] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5270] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5269] exit_group(0 [pid 5288] <... futex resumed>) = ? [pid 5270] <... futex resumed>) = ? [pid 5269] <... exit_group resumed>) = ? [pid 5288] +++ exited with 0 +++ [ 48.133907][ T5270] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 48.151513][ T5270] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 48.169075][ T5270] BTRFS info (device loop0): balance: ended with status: 0 [pid 5270] +++ exited with 0 +++ [pid 5269] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5269, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=25 /* 0.25 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555572c6620 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./13/binderfs") = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555572ce660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555572ce660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file0") = 0 getdents64(3, 0x5555572c6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555572c55d0) = 5289 ./strace-static-x86_64: Process 5289 attached [pid 5289] set_robust_list(0x5555572c55e0, 24) = 0 [pid 5289] chdir("./14") = 0 [pid 5289] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5289] setpgid(0, 0) = 0 [pid 5289] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5289] write(3, "1000", 4) = 4 [pid 5289] close(3) = 0 [pid 5289] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5289] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5289] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f976f0bd000 [pid 5289] mprotect(0x7f976f0be000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5289] clone(child_stack=0x7f976f0dd3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5290], tls=0x7f976f0dd700, child_tidptr=0x7f976f0dd9d0) = 5290 [pid 5289] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5289] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5290 attached [pid 5290] set_robust_list(0x7f976f0dd9e0, 24) = 0 [pid 5290] memfd_create("syzkaller", 0) = 3 [pid 5290] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9766cbd000 [ 48.182138][ T5270] syz-executor380 (5270) used greatest stack depth: 22448 bytes left [pid 5290] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5290] munmap(0x7f9766cbd000, 16777216) = 0 [pid 5290] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5290] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5290] close(3) = 0 [pid 5290] mkdir("./file0", 0777) = 0 [ 48.336189][ T5290] loop0: detected capacity change from 0 to 32768 [ 48.345560][ T5290] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor380 (5290) [ 48.360346][ T5290] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 48.369173][ T5290] BTRFS info (device loop0): turning on flush-on-commit [ 48.376174][ T5290] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 48.387089][ T5290] BTRFS info (device loop0): trying to use backup root at mount time [ 48.395163][ T5290] BTRFS info (device loop0): using free space tree [ 48.407540][ T12] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 48.421016][ T5290] BTRFS warning (device loop0): couldn't read tree root [pid 5290] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5290] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5290] chdir("./file0") = 0 [pid 5290] ioctl(4, LOOP_CLR_FD) = 0 [pid 5290] close(4) = 0 [pid 5290] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5289] <... futex resumed>) = 0 [pid 5289] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5289] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5290] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5290] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5289] <... futex resumed>) = 0 [pid 5290] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0 [pid 5289] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5290] <... ioctl resumed>) = 0 [pid 5289] <... futex resumed>) = 0 [pid 5289] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5290] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5289] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5290] futex(0x7f976f1bb7a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5289] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5290] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5289] <... futex resumed>) = 0 [ 48.431374][ T5290] BTRFS info (device loop0): enabling ssd optimizations [ 48.438993][ T5290] BTRFS info (device loop0): rebuilding free space tree [ 48.461926][ T27] audit: type=1800 audit(1684882197.581:16): pid=5290 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor380" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5289] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5289] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5289] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9767c9c000 [pid 5289] mprotect(0x7f9767c9d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5289] clone(child_stack=0x7f9767cbc3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5308], tls=0x7f9767cbc700, child_tidptr=0x7f9767cbc9d0) = 5308 [pid 5289] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5289] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5308 attached [pid 5308] set_robust_list(0x7f9767cbc9e0, 24) = 0 [pid 5308] open(".", O_RDONLY) = 5 [pid 5308] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5308] futex(0x7f976f1bb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5289] <... futex resumed>) = 0 [pid 5289] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5308] <... futex resumed>) = 0 [pid 5289] <... futex resumed>) = 1 [pid 5308] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [ 48.490171][ T5290] BTRFS info (device loop0): balance: start -d -m [ 48.499292][ T5290] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 48.520554][ T5290] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5289] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5308] <... ioctl resumed>) = 0 [pid 5308] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5289] <... futex resumed>) = 0 [ 48.568815][ T5290] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 48.607731][ T5290] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5308] futex(0x7f976f1bb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5290] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5290] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5289] exit_group(0 [pid 5308] <... futex resumed>) = ? [pid 5289] <... exit_group resumed>) = ? [pid 5308] +++ exited with 0 +++ [pid 5290] <... futex resumed>) = ? [pid 5290] +++ exited with 0 +++ [pid 5289] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5289, si_uid=0, si_status=0, si_utime=0, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555572c6620 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./14/binderfs") = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555572ce660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555572ce660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file0") = 0 [ 48.623878][ T5290] BTRFS info (device loop0): balance: ended with status: 0 getdents64(3, 0x5555572c6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555572c55d0) = 5309 ./strace-static-x86_64: Process 5309 attached [pid 5309] set_robust_list(0x5555572c55e0, 24) = 0 [pid 5309] chdir("./15") = 0 [pid 5309] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5309] setpgid(0, 0) = 0 [pid 5309] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5309] write(3, "1000", 4) = 4 [pid 5309] close(3) = 0 [pid 5309] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5309] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5309] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f976f0bd000 [pid 5309] mprotect(0x7f976f0be000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5309] clone(child_stack=0x7f976f0dd3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5310 attached [pid 5310] set_robust_list(0x7f976f0dd9e0, 24) = 0 [pid 5310] futex(0x7f976f1bb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5309] <... clone resumed>, parent_tid=[5310], tls=0x7f976f0dd700, child_tidptr=0x7f976f0dd9d0) = 5310 [pid 5309] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5310] <... futex resumed>) = 0 [pid 5310] memfd_create("syzkaller", 0) = 3 [pid 5310] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9766cbd000 [pid 5309] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5310] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5310] munmap(0x7f9766cbd000, 16777216) = 0 [pid 5310] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5310] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5310] close(3) = 0 [pid 5310] mkdir("./file0", 0777) = 0 [ 48.816307][ T5310] loop0: detected capacity change from 0 to 32768 [ 48.824682][ T5310] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor380 (5310) [ 48.839085][ T5310] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 48.848004][ T5310] BTRFS info (device loop0): turning on flush-on-commit [ 48.854948][ T5310] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 48.865621][ T5310] BTRFS info (device loop0): trying to use backup root at mount time [ 48.873754][ T5310] BTRFS info (device loop0): using free space tree [ 48.886635][ T41] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 48.899880][ T5310] BTRFS warning (device loop0): couldn't read tree root [ 48.909947][ T5310] BTRFS info (device loop0): enabling ssd optimizations [pid 5310] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5310] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5310] chdir("./file0") = 0 [pid 5310] ioctl(4, LOOP_CLR_FD) = 0 [pid 5310] close(4) = 0 [pid 5310] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5309] <... futex resumed>) = 0 [pid 5309] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5309] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5310] <... futex resumed>) = 1 [pid 5310] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5310] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5309] <... futex resumed>) = 0 [pid 5310] futex(0x7f976f1bb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5309] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5310] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5309] <... futex resumed>) = 0 [pid 5310] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0 [pid 5309] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5310] <... ioctl resumed>) = 0 [pid 5310] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5309] <... futex resumed>) = 0 [pid 5310] futex(0x7f976f1bb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5309] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5310] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5309] <... futex resumed>) = 0 [pid 5310] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 48.917764][ T5310] BTRFS info (device loop0): rebuilding free space tree [ 48.941107][ T27] audit: type=1800 audit(1684882198.061:17): pid=5310 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor380" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5309] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5309] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5309] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9767c9c000 [pid 5309] mprotect(0x7f9767c9d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5309] clone(child_stack=0x7f9767cbc3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5328 attached , parent_tid=[5328], tls=0x7f9767cbc700, child_tidptr=0x7f9767cbc9d0) = 5328 [pid 5309] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5328] set_robust_list(0x7f9767cbc9e0, 24 [pid 5309] <... futex resumed>) = 0 [pid 5328] <... set_robust_list resumed>) = 0 [pid 5309] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5328] open(".", O_RDONLY) = 5 [pid 5328] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5309] <... futex resumed>) = 0 [pid 5309] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5328] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [pid 5309] <... futex resumed>) = 0 [ 48.968186][ T5310] BTRFS info (device loop0): balance: start -d -m [ 48.985944][ T5310] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 49.008418][ T5310] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5309] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5328] <... ioctl resumed>) = 0 [pid 5328] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5328] futex(0x7f976f1bb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5310] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5310] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5310] futex(0x7f976f1bb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5309] exit_group(0 [pid 5328] <... futex resumed>) = ? [pid 5310] <... futex resumed>) = ? [pid 5309] <... exit_group resumed>) = ? [pid 5328] +++ exited with 0 +++ [pid 5310] +++ exited with 0 +++ [pid 5309] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5309, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555572c6620 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./15/binderfs") = 0 [ 49.091044][ T5310] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 49.110314][ T5310] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 49.126397][ T5310] BTRFS info (device loop0): balance: ended with status: 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555572ce660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555572ce660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file0") = 0 getdents64(3, 0x5555572c6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555572c55d0) = 5329 ./strace-static-x86_64: Process 5329 attached [pid 5329] set_robust_list(0x5555572c55e0, 24) = 0 [pid 5329] chdir("./16") = 0 [pid 5329] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5329] setpgid(0, 0) = 0 [pid 5329] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5329] write(3, "1000", 4) = 4 [pid 5329] close(3) = 0 [pid 5329] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5329] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5329] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f976f0bd000 [pid 5329] mprotect(0x7f976f0be000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5329] clone(child_stack=0x7f976f0dd3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5330], tls=0x7f976f0dd700, child_tidptr=0x7f976f0dd9d0) = 5330 ./strace-static-x86_64: Process 5330 attached [pid 5330] set_robust_list(0x7f976f0dd9e0, 24) = 0 [pid 5330] futex(0x7f976f1bb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5329] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5330] <... futex resumed>) = 0 [pid 5329] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5330] memfd_create("syzkaller", 0) = 3 [pid 5330] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9766cbd000 [pid 5330] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5330] munmap(0x7f9766cbd000, 16777216) = 0 [pid 5330] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5330] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5330] close(3) = 0 [pid 5330] mkdir("./file0", 0777) = 0 [ 49.308589][ T5330] loop0: detected capacity change from 0 to 32768 [ 49.317821][ T5330] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor380 (5330) [ 49.332863][ T5330] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 49.341703][ T5330] BTRFS info (device loop0): turning on flush-on-commit [ 49.348788][ T5330] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 49.359432][ T5330] BTRFS info (device loop0): trying to use backup root at mount time [ 49.367689][ T5330] BTRFS info (device loop0): using free space tree [ 49.380383][ T41] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 49.393600][ T5330] BTRFS warning (device loop0): couldn't read tree root [pid 5330] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5330] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5330] chdir("./file0") = 0 [pid 5330] ioctl(4, LOOP_CLR_FD) = 0 [pid 5330] close(4) = 0 [pid 5330] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5329] <... futex resumed>) = 0 [pid 5329] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5329] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5330] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5330] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5329] <... futex resumed>) = 0 [pid 5329] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5330] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0 [pid 5329] <... futex resumed>) = 0 [pid 5330] <... ioctl resumed>) = 0 [pid 5329] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5330] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5329] <... futex resumed>) = 0 [pid 5330] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5329] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 49.403807][ T5330] BTRFS info (device loop0): enabling ssd optimizations [ 49.411427][ T5330] BTRFS info (device loop0): rebuilding free space tree [ 49.435563][ T27] audit: type=1800 audit(1684882198.551:18): pid=5330 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor380" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5329] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5329] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5329] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9767c9c000 [pid 5329] mprotect(0x7f9767c9d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5329] clone(child_stack=0x7f9767cbc3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5348], tls=0x7f9767cbc700, child_tidptr=0x7f9767cbc9d0) = 5348 [pid 5329] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5329] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5348 attached [pid 5348] set_robust_list(0x7f9767cbc9e0, 24) = 0 [ 49.463220][ T5330] BTRFS info (device loop0): balance: start -d -m [ 49.470774][ T5330] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 49.491246][ T5330] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5348] open(".", O_RDONLY) = 5 [pid 5348] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5329] <... futex resumed>) = 0 [pid 5348] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [pid 5329] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5329] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5348] <... ioctl resumed>) = 0 [pid 5348] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5329] <... futex resumed>) = 0 [ 49.525997][ T5330] BTRFS info (device loop0): found 10 extents, stage: move data extents [pid 5348] futex(0x7f976f1bb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5330] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5330] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5329] exit_group(0 [pid 5348] <... futex resumed>) = ? [pid 5329] <... exit_group resumed>) = ? [pid 5348] +++ exited with 0 +++ [pid 5330] +++ exited with 0 +++ [pid 5329] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5329, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555572c6620 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./16/binderfs") = 0 [ 49.575668][ T5330] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 49.593123][ T5330] BTRFS info (device loop0): balance: ended with status: 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555572ce660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555572ce660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file0") = 0 getdents64(3, 0x5555572c6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555572c55d0) = 5349 ./strace-static-x86_64: Process 5349 attached [pid 5349] set_robust_list(0x5555572c55e0, 24) = 0 [pid 5349] chdir("./17") = 0 [pid 5349] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5349] setpgid(0, 0) = 0 [pid 5349] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5349] write(3, "1000", 4) = 4 [pid 5349] close(3) = 0 [pid 5349] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5349] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5349] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f976f0bd000 [pid 5349] mprotect(0x7f976f0be000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5349] clone(child_stack=0x7f976f0dd3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5350], tls=0x7f976f0dd700, child_tidptr=0x7f976f0dd9d0) = 5350 [pid 5349] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5349] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5350 attached [pid 5350] set_robust_list(0x7f976f0dd9e0, 24) = 0 [pid 5350] memfd_create("syzkaller", 0) = 3 [pid 5350] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9766cbd000 [pid 5350] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5350] munmap(0x7f9766cbd000, 16777216) = 0 [pid 5350] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5350] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5350] close(3) = 0 [pid 5350] mkdir("./file0", 0777) = 0 [ 49.760307][ T5350] loop0: detected capacity change from 0 to 32768 [ 49.769029][ T5350] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor380 (5350) [ 49.783403][ T5350] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 49.792201][ T5350] BTRFS info (device loop0): turning on flush-on-commit [ 49.799188][ T5350] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 49.809819][ T5350] BTRFS info (device loop0): trying to use backup root at mount time [ 49.817902][ T5350] BTRFS info (device loop0): using free space tree [ 49.830431][ T12] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 49.843613][ T5350] BTRFS warning (device loop0): couldn't read tree root [ 49.853963][ T5350] BTRFS info (device loop0): enabling ssd optimizations [pid 5350] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5350] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5350] chdir("./file0") = 0 [pid 5350] ioctl(4, LOOP_CLR_FD) = 0 [pid 5350] close(4) = 0 [pid 5350] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5349] <... futex resumed>) = 0 [pid 5349] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5349] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5350] <... futex resumed>) = 1 [pid 5350] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5350] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5349] <... futex resumed>) = 0 [pid 5349] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5349] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5350] <... futex resumed>) = 1 [pid 5350] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0) = 0 [pid 5350] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5349] <... futex resumed>) = 0 [pid 5349] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5349] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5350] <... futex resumed>) = 1 [ 49.861479][ T5350] BTRFS info (device loop0): rebuilding free space tree [ 49.878269][ T27] audit: type=1800 audit(1684882199.001:19): pid=5350 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor380" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 49.904646][ T5350] BTRFS info (device loop0): balance: start -d -m [pid 5350] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5349] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5349] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5349] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9767c9c000 [pid 5349] mprotect(0x7f9767c9d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5349] clone(child_stack=0x7f9767cbc3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5368], tls=0x7f9767cbc700, child_tidptr=0x7f9767cbc9d0) = 5368 [pid 5349] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5349] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5368 attached [pid 5368] set_robust_list(0x7f9767cbc9e0, 24) = 0 [pid 5368] open(".", O_RDONLY) = 5 [pid 5368] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5349] <... futex resumed>) = 0 [pid 5368] <... futex resumed>) = 1 [pid 5349] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5368] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [pid 5349] <... futex resumed>) = 0 [ 49.912226][ T5350] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 49.932721][ T5350] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5349] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5368] <... ioctl resumed>) = 0 [pid 5368] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5349] <... futex resumed>) = 0 [ 49.974518][ T5350] BTRFS info (device loop0): found 10 extents, stage: move data extents [pid 5368] futex(0x7f976f1bb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5350] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5350] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5350] futex(0x7f976f1bb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5349] exit_group(0 [pid 5368] <... futex resumed>) = ? [pid 5349] <... exit_group resumed>) = ? [pid 5368] +++ exited with 0 +++ [pid 5350] <... futex resumed>) = ? [pid 5350] +++ exited with 0 +++ [pid 5349] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5349, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555572c6620 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./17/binderfs") = 0 [ 50.019278][ T5350] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 50.035085][ T5350] BTRFS info (device loop0): balance: ended with status: 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555572ce660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555572ce660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file0") = 0 getdents64(3, 0x5555572c6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555572c55d0) = 5369 ./strace-static-x86_64: Process 5369 attached [pid 5369] set_robust_list(0x5555572c55e0, 24) = 0 [pid 5369] chdir("./18") = 0 [pid 5369] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5369] setpgid(0, 0) = 0 [pid 5369] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5369] write(3, "1000", 4) = 4 [pid 5369] close(3) = 0 [pid 5369] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5369] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5369] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f976f0bd000 [pid 5369] mprotect(0x7f976f0be000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5369] clone(child_stack=0x7f976f0dd3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5370], tls=0x7f976f0dd700, child_tidptr=0x7f976f0dd9d0) = 5370 ./strace-static-x86_64: Process 5370 attached [pid 5370] set_robust_list(0x7f976f0dd9e0, 24) = 0 [pid 5370] futex(0x7f976f1bb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5369] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5370] <... futex resumed>) = 0 [pid 5369] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5370] memfd_create("syzkaller", 0) = 3 [pid 5370] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9766cbd000 [pid 5370] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5370] munmap(0x7f9766cbd000, 16777216) = 0 [pid 5370] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5370] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5370] close(3) = 0 [pid 5370] mkdir("./file0", 0777) = 0 [ 50.239908][ T5370] loop0: detected capacity change from 0 to 32768 [ 50.248248][ T5370] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor380 (5370) [ 50.262318][ T5370] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 50.271142][ T5370] BTRFS info (device loop0): turning on flush-on-commit [ 50.278150][ T5370] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 50.288783][ T5370] BTRFS info (device loop0): trying to use backup root at mount time [ 50.296874][ T5370] BTRFS info (device loop0): using free space tree [ 50.309944][ T12] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 50.323255][ T5370] BTRFS warning (device loop0): couldn't read tree root [ 50.333402][ T5370] BTRFS info (device loop0): enabling ssd optimizations [pid 5370] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5370] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5370] chdir("./file0") = 0 [pid 5370] ioctl(4, LOOP_CLR_FD) = 0 [pid 5370] close(4) = 0 [pid 5370] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5369] <... futex resumed>) = 0 [pid 5369] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5369] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5370] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5370] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5370] futex(0x7f976f1bb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5369] <... futex resumed>) = 0 [pid 5369] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5369] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5370] <... futex resumed>) = 0 [pid 5370] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0) = 0 [pid 5370] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5369] <... futex resumed>) = 0 [pid 5369] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5369] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 50.341190][ T5370] BTRFS info (device loop0): rebuilding free space tree [ 50.362992][ T27] audit: type=1800 audit(1684882199.481:20): pid=5370 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor380" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5370] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5369] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5369] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5369] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5369] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9767c9c000 [pid 5369] mprotect(0x7f9767c9d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5369] clone(child_stack=0x7f9767cbc3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5388], tls=0x7f9767cbc700, child_tidptr=0x7f9767cbc9d0) = 5388 [pid 5369] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5369] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5388 attached [pid 5388] set_robust_list(0x7f9767cbc9e0, 24) = 0 [pid 5388] open(".", O_RDONLY) = 5 [pid 5388] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5369] <... futex resumed>) = 0 [pid 5369] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5369] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 50.392451][ T5370] BTRFS info (device loop0): balance: start -d -m [ 50.400625][ T5370] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 50.422162][ T5370] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5388] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [pid 5369] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5388] <... ioctl resumed>) = 0 [pid 5388] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 50.459473][ T5370] BTRFS info (device loop0): found 10 extents, stage: move data extents [pid 5388] futex(0x7f976f1bb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5370] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5370] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5370] futex(0x7f976f1bb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5369] exit_group(0 [pid 5388] <... futex resumed>) = ? [pid 5369] <... exit_group resumed>) = ? [pid 5388] +++ exited with 0 +++ [pid 5370] <... futex resumed>) = ? [pid 5370] +++ exited with 0 +++ [pid 5369] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5369, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=25 /* 0.25 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555572c6620 /* 4 entries */, 32768) = 112 umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./18/binderfs") = 0 [ 50.518398][ T5370] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 50.534853][ T5370] BTRFS info (device loop0): balance: ended with status: 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555572ce660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555572ce660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file0") = 0 getdents64(3, 0x5555572c6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555572c55d0) = 5389 ./strace-static-x86_64: Process 5389 attached [pid 5389] set_robust_list(0x5555572c55e0, 24) = 0 [pid 5389] chdir("./19") = 0 [pid 5389] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5389] setpgid(0, 0) = 0 [pid 5389] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5389] write(3, "1000", 4) = 4 [pid 5389] close(3) = 0 [pid 5389] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5389] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5389] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f976f0bd000 [pid 5389] mprotect(0x7f976f0be000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5389] clone(child_stack=0x7f976f0dd3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5390 attached , parent_tid=[5390], tls=0x7f976f0dd700, child_tidptr=0x7f976f0dd9d0) = 5390 [pid 5390] set_robust_list(0x7f976f0dd9e0, 24) = 0 [pid 5390] futex(0x7f976f1bb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5389] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5390] <... futex resumed>) = 0 [pid 5389] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5390] memfd_create("syzkaller", 0) = 3 [pid 5390] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9766cbd000 [pid 5390] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5390] munmap(0x7f9766cbd000, 16777216) = 0 [pid 5390] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5390] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5390] close(3) = 0 [pid 5390] mkdir("./file0", 0777) = 0 [ 50.733183][ T5390] loop0: detected capacity change from 0 to 32768 [ 50.742384][ T5390] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor380 (5390) [ 50.757260][ T5390] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 50.766000][ T5390] BTRFS info (device loop0): turning on flush-on-commit [ 50.773026][ T5390] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [pid 5390] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5390] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5390] chdir("./file0") = 0 [pid 5390] ioctl(4, LOOP_CLR_FD) = 0 [pid 5390] close(4) = 0 [pid 5390] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5389] <... futex resumed>) = 0 [pid 5389] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5389] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 50.783649][ T5390] BTRFS info (device loop0): trying to use backup root at mount time [ 50.791740][ T5390] BTRFS info (device loop0): using free space tree [ 50.804281][ T12] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 50.817718][ T5390] BTRFS warning (device loop0): couldn't read tree root [pid 5390] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5390] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5389] <... futex resumed>) = 0 [pid 5389] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5389] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5390] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0) = 0 [pid 5390] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5389] <... futex resumed>) = 0 [pid 5389] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5390] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 50.845997][ T27] audit: type=1800 audit(1684882199.961:21): pid=5390 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor380" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5389] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5389] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5389] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5389] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9767c9c000 [pid 5389] mprotect(0x7f9767c9d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5389] clone(child_stack=0x7f9767cbc3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5408], tls=0x7f9767cbc700, child_tidptr=0x7f9767cbc9d0) = 5408 [pid 5389] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5389] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5408 attached [pid 5408] set_robust_list(0x7f9767cbc9e0, 24) = 0 [pid 5408] open(".", O_RDONLY) = 5 [pid 5408] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5389] <... futex resumed>) = 0 [pid 5408] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [pid 5389] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5389] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5408] <... ioctl resumed>) = 0 [pid 5389] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5408] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5408] futex(0x7f976f1bb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5390] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5390] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5389] exit_group(0) = ? [pid 5408] <... futex resumed>) = ? [pid 5408] +++ exited with 0 +++ [pid 5390] +++ exited with 0 +++ [pid 5389] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5389, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=17 /* 0.17 s */} --- umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555572c6620 /* 4 entries */, 32768) = 112 umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./19/binderfs") = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555572ce660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555572ce660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file0") = 0 getdents64(3, 0x5555572c6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5409 attached , child_tidptr=0x5555572c55d0) = 5409 [pid 5409] set_robust_list(0x5555572c55e0, 24) = 0 [pid 5409] chdir("./20") = 0 [pid 5409] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5409] setpgid(0, 0) = 0 [pid 5409] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5409] write(3, "1000", 4) = 4 [pid 5409] close(3) = 0 [pid 5409] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5409] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5409] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f976f0bd000 [pid 5409] mprotect(0x7f976f0be000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5409] clone(child_stack=0x7f976f0dd3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5410 attached , parent_tid=[5410], tls=0x7f976f0dd700, child_tidptr=0x7f976f0dd9d0) = 5410 [pid 5410] set_robust_list(0x7f976f0dd9e0, 24) = 0 [pid 5410] futex(0x7f976f1bb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5409] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5410] <... futex resumed>) = 0 [pid 5409] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5410] memfd_create("syzkaller", 0) = 3 [pid 5410] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9766cbd000 [pid 5410] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5410] munmap(0x7f9766cbd000, 16777216) = 0 [pid 5410] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5410] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5410] close(3) = 0 [pid 5410] mkdir("./file0", 0777) = 0 [ 51.195200][ T5410] loop0: detected capacity change from 0 to 32768 [ 51.204590][ T5410] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor380 (5410) [ 51.219770][ T5410] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [pid 5410] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5410] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5410] chdir("./file0") = 0 [pid 5410] ioctl(4, LOOP_CLR_FD) = 0 [pid 5410] close(4) = 0 [pid 5410] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5409] <... futex resumed>) = 0 [pid 5409] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5409] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5410] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5410] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5409] <... futex resumed>) = 0 [pid 5409] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5409] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5410] <... futex resumed>) = 1 [pid 5410] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0) = 0 [pid 5410] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5409] <... futex resumed>) = 0 [pid 5409] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5409] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5410] <... futex resumed>) = 1 [ 51.236465][ T41] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 51.249841][ T5410] BTRFS warning (device loop0): couldn't read tree root [ 51.275383][ T27] audit: type=1800 audit(1684882200.391:22): pid=5410 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor380" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5410] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5409] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5409] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5409] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9767c9c000 [pid 5409] mprotect(0x7f9767c9d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5409] clone(child_stack=0x7f9767cbc3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5428 attached , parent_tid=[5428], tls=0x7f9767cbc700, child_tidptr=0x7f9767cbc9d0) = 5428 [pid 5409] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5428] set_robust_list(0x7f9767cbc9e0, 24) = 0 [pid 5409] <... futex resumed>) = 0 [pid 5409] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5428] open(".", O_RDONLY) = 5 [pid 5428] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5409] <... futex resumed>) = 0 [pid 5409] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5428] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [pid 5409] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5428] <... ioctl resumed>) = 0 [pid 5428] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5428] futex(0x7f976f1bb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5410] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5410] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5409] exit_group(0 [pid 5410] futex(0x7f976f1bb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5428] <... futex resumed>) = ? [pid 5409] <... exit_group resumed>) = ? [pid 5428] +++ exited with 0 +++ [pid 5410] <... futex resumed>) = ? [pid 5410] +++ exited with 0 +++ [pid 5409] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5409, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=13 /* 0.13 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555572c6620 /* 4 entries */, 32768) = 112 umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./20/binderfs") = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555572ce660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555572ce660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file0") = 0 getdents64(3, 0x5555572c6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555572c55d0) = 5429 ./strace-static-x86_64: Process 5429 attached [pid 5429] set_robust_list(0x5555572c55e0, 24) = 0 [pid 5429] chdir("./21") = 0 [pid 5429] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5429] setpgid(0, 0) = 0 [pid 5429] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5429] write(3, "1000", 4) = 4 [pid 5429] close(3) = 0 [pid 5429] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5429] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5429] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f976f0bd000 [pid 5429] mprotect(0x7f976f0be000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5429] clone(child_stack=0x7f976f0dd3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5430 attached , parent_tid=[5430], tls=0x7f976f0dd700, child_tidptr=0x7f976f0dd9d0) = 5430 [pid 5430] set_robust_list(0x7f976f0dd9e0, 24 [pid 5429] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5430] <... set_robust_list resumed>) = 0 [pid 5429] <... futex resumed>) = 0 [pid 5429] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5430] memfd_create("syzkaller", 0) = 3 [pid 5430] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9766cbd000 [pid 5430] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5430] munmap(0x7f9766cbd000, 16777216) = 0 [pid 5430] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5430] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5430] close(3) = 0 [pid 5430] mkdir("./file0", 0777) = 0 [pid 5430] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5430] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5430] chdir("./file0") = 0 [pid 5430] ioctl(4, LOOP_CLR_FD) = 0 [pid 5430] close(4) = 0 [pid 5430] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5429] <... futex resumed>) = 0 [pid 5430] futex(0x7f976f1bb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5429] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5429] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5430] <... futex resumed>) = 0 [pid 5430] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5430] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5429] <... futex resumed>) = 0 [pid 5429] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5429] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5430] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0) = 0 [pid 5430] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5429] <... futex resumed>) = 0 [pid 5429] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5429] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 51.624908][ T5430] loop0: detected capacity change from 0 to 32768 [ 51.634229][ T5430] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor380 (5430) [ 51.649401][ T5430] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 51.666598][ T5430] BTRFS warning (device loop0): couldn't read tree root [pid 5430] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5429] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5429] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5429] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9767c9c000 [pid 5429] mprotect(0x7f9767c9d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5429] clone(child_stack=0x7f9767cbc3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5448], tls=0x7f9767cbc700, child_tidptr=0x7f9767cbc9d0) = 5448 [pid 5429] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5429] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5448 attached [pid 5448] set_robust_list(0x7f9767cbc9e0, 24) = 0 [pid 5448] open(".", O_RDONLY) = 5 [pid 5448] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5429] <... futex resumed>) = 0 [pid 5448] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [pid 5429] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5429] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5430] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5430] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5430] futex(0x7f976f1bb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5429] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5448] <... ioctl resumed>) = 0 [pid 5448] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5448] futex(0x7f976f1bb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5429] exit_group(0) = ? [pid 5430] <... futex resumed>) = ? [pid 5430] +++ exited with 0 +++ [pid 5448] <... futex resumed>) = ? [pid 5448] +++ exited with 0 +++ [pid 5429] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5429, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555572c6620 /* 4 entries */, 32768) = 112 umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./21/binderfs") = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555572ce660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555572ce660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file0") = 0 getdents64(3, 0x5555572c6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555572c55d0) = 5449 ./strace-static-x86_64: Process 5449 attached [pid 5449] set_robust_list(0x5555572c55e0, 24) = 0 [pid 5449] chdir("./22") = 0 [pid 5449] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5449] setpgid(0, 0) = 0 [pid 5449] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5449] write(3, "1000", 4) = 4 [pid 5449] close(3) = 0 [pid 5449] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5449] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5449] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f976f0bd000 [pid 5449] mprotect(0x7f976f0be000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5449] clone(child_stack=0x7f976f0dd3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5450], tls=0x7f976f0dd700, child_tidptr=0x7f976f0dd9d0) = 5450 ./strace-static-x86_64: Process 5450 attached [pid 5450] set_robust_list(0x7f976f0dd9e0, 24) = 0 [pid 5450] futex(0x7f976f1bb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5449] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5450] <... futex resumed>) = 0 [pid 5449] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5450] memfd_create("syzkaller", 0) = 3 [pid 5450] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9766cbd000 [pid 5450] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5450] munmap(0x7f9766cbd000, 16777216) = 0 [pid 5450] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5450] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5450] close(3) = 0 [pid 5450] mkdir("./file0", 0777) = 0 [ 51.991070][ T5450] loop0: detected capacity change from 0 to 32768 [ 52.000474][ T5450] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor380 (5450) [ 52.015806][ T5450] _btrfs_printk: 32 callbacks suppressed [ 52.015818][ T5450] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 52.030229][ T5450] BTRFS info (device loop0): turning on flush-on-commit [ 52.037226][ T5450] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 52.047926][ T5450] BTRFS info (device loop0): trying to use backup root at mount time [ 52.055999][ T5450] BTRFS info (device loop0): using free space tree [ 52.068698][ T41] validate_extent_buffer: 1 callbacks suppressed [ 52.068714][ T41] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [pid 5450] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5450] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5450] chdir("./file0") = 0 [pid 5450] ioctl(4, LOOP_CLR_FD) = 0 [pid 5450] close(4) = 0 [pid 5450] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5449] <... futex resumed>) = 0 [pid 5449] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5449] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 52.089027][ T5450] BTRFS warning (device loop0): couldn't read tree root [ 52.099686][ T5450] BTRFS info (device loop0): enabling ssd optimizations [ 52.107468][ T5450] BTRFS info (device loop0): rebuilding free space tree [pid 5450] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5450] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5449] <... futex resumed>) = 0 [pid 5450] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0 [pid 5449] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5450] <... ioctl resumed>) = 0 [pid 5449] <... futex resumed>) = 0 [pid 5450] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5449] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5450] <... futex resumed>) = 0 [pid 5449] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5450] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5449] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 52.133172][ T27] kauditd_printk_skb: 1 callbacks suppressed [ 52.133184][ T27] audit: type=1800 audit(1684882201.251:24): pid=5450 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor380" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 52.153338][ T5450] BTRFS info (device loop0): balance: start -d -m [ 52.168976][ T5450] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5449] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5449] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5449] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9767c9c000 [pid 5449] mprotect(0x7f9767c9d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5449] clone(child_stack=0x7f9767cbc3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5468], tls=0x7f9767cbc700, child_tidptr=0x7f9767cbc9d0) = 5468 [pid 5449] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5449] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5468 attached [pid 5468] set_robust_list(0x7f9767cbc9e0, 24) = 0 [pid 5468] open(".", O_RDONLY) = 5 [pid 5468] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5449] <... futex resumed>) = 0 [pid 5449] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5468] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [ 52.190161][ T5450] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5449] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5468] <... ioctl resumed>) = 0 [pid 5468] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 52.245628][ T5450] BTRFS info (device loop0): found 10 extents, stage: move data extents [pid 5468] futex(0x7f976f1bb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5450] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5450] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5450] futex(0x7f976f1bb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5449] exit_group(0 [pid 5468] <... futex resumed>) = ? [pid 5449] <... exit_group resumed>) = ? [pid 5468] +++ exited with 0 +++ [pid 5450] <... futex resumed>) = ? [pid 5450] +++ exited with 0 +++ [pid 5449] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5449, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=23 /* 0.23 s */} --- umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555572c6620 /* 4 entries */, 32768) = 112 umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./22/binderfs") = 0 [ 52.286551][ T5450] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 52.302876][ T5450] BTRFS info (device loop0): balance: ended with status: 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555572ce660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555572ce660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file0") = 0 getdents64(3, 0x5555572c6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555572c55d0) = 5469 ./strace-static-x86_64: Process 5469 attached [pid 5469] set_robust_list(0x5555572c55e0, 24) = 0 [pid 5469] chdir("./23") = 0 [pid 5469] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5469] setpgid(0, 0) = 0 [pid 5469] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5469] write(3, "1000", 4) = 4 [pid 5469] close(3) = 0 [pid 5469] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5469] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5469] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f976f0bd000 [pid 5469] mprotect(0x7f976f0be000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5469] clone(child_stack=0x7f976f0dd3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5470 attached , parent_tid=[5470], tls=0x7f976f0dd700, child_tidptr=0x7f976f0dd9d0) = 5470 [pid 5470] set_robust_list(0x7f976f0dd9e0, 24) = 0 [pid 5470] futex(0x7f976f1bb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5469] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5470] <... futex resumed>) = 0 [pid 5469] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5470] memfd_create("syzkaller", 0) = 3 [pid 5470] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9766cbd000 [pid 5470] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5470] munmap(0x7f9766cbd000, 16777216) = 0 [pid 5470] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5470] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5470] close(3) = 0 [pid 5470] mkdir("./file0", 0777) = 0 [ 52.483186][ T5470] loop0: detected capacity change from 0 to 32768 [ 52.492384][ T5470] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor380 (5470) [ 52.507715][ T5470] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 52.516412][ T5470] BTRFS info (device loop0): turning on flush-on-commit [ 52.523426][ T5470] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 52.534269][ T5470] BTRFS info (device loop0): trying to use backup root at mount time [ 52.542376][ T5470] BTRFS info (device loop0): using free space tree [ 52.554790][ T41] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 52.568427][ T5470] BTRFS warning (device loop0): couldn't read tree root [pid 5470] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5470] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5470] chdir("./file0") = 0 [pid 5470] ioctl(4, LOOP_CLR_FD) = 0 [pid 5470] close(4) = 0 [pid 5470] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5469] <... futex resumed>) = 0 [pid 5469] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5469] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5470] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5470] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5470] futex(0x7f976f1bb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5469] <... futex resumed>) = 0 [pid 5469] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5470] <... futex resumed>) = 0 [pid 5469] <... futex resumed>) = 1 [pid 5470] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0 [pid 5469] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5470] <... ioctl resumed>) = 0 [pid 5470] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5469] <... futex resumed>) = 0 [pid 5470] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5469] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 52.578853][ T5470] BTRFS info (device loop0): enabling ssd optimizations [ 52.586386][ T5470] BTRFS info (device loop0): rebuilding free space tree [ 52.608936][ T27] audit: type=1800 audit(1684882201.731:25): pid=5470 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor380" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5469] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5469] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5469] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9767c9c000 [pid 5469] mprotect(0x7f9767c9d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5469] clone(child_stack=0x7f9767cbc3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5488], tls=0x7f9767cbc700, child_tidptr=0x7f9767cbc9d0) = 5488 [pid 5469] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5469] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5488 attached [pid 5488] set_robust_list(0x7f9767cbc9e0, 24) = 0 [pid 5488] open(".", O_RDONLY) = 5 [pid 5488] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5488] futex(0x7f976f1bb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5469] <... futex resumed>) = 0 [pid 5469] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5488] <... futex resumed>) = 0 [pid 5488] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [ 52.637053][ T5470] BTRFS info (device loop0): balance: start -d -m [ 52.645350][ T5470] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 52.664287][ T5470] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5469] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5488] <... ioctl resumed>) = 0 [pid 5488] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5469] <... futex resumed>) = 0 [ 52.707083][ T5470] BTRFS info (device loop0): found 10 extents, stage: move data extents [pid 5488] futex(0x7f976f1bb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5470] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5470] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5470] futex(0x7f976f1bb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5469] exit_group(0 [pid 5488] <... futex resumed>) = ? [pid 5469] <... exit_group resumed>) = ? [pid 5488] +++ exited with 0 +++ [pid 5470] <... futex resumed>) = ? [pid 5470] +++ exited with 0 +++ [pid 5469] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5469, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=23 /* 0.23 s */} --- umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555572c6620 /* 4 entries */, 32768) = 112 umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./23/binderfs") = 0 [ 52.756801][ T5470] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 52.774777][ T5470] BTRFS info (device loop0): balance: ended with status: 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555572ce660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555572ce660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file0") = 0 getdents64(3, 0x5555572c6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555572c55d0) = 5489 ./strace-static-x86_64: Process 5489 attached [pid 5489] set_robust_list(0x5555572c55e0, 24) = 0 [pid 5489] chdir("./24") = 0 [pid 5489] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5489] setpgid(0, 0) = 0 [pid 5489] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5489] write(3, "1000", 4) = 4 [pid 5489] close(3) = 0 [pid 5489] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5489] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5489] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f976f0bd000 [pid 5489] mprotect(0x7f976f0be000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5489] clone(child_stack=0x7f976f0dd3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5490 attached [pid 5490] set_robust_list(0x7f976f0dd9e0, 24 [pid 5489] <... clone resumed>, parent_tid=[5490], tls=0x7f976f0dd700, child_tidptr=0x7f976f0dd9d0) = 5490 [pid 5490] <... set_robust_list resumed>) = 0 [pid 5489] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5489] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5490] memfd_create("syzkaller", 0) = 3 [pid 5490] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9766cbd000 [pid 5490] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5490] munmap(0x7f9766cbd000, 16777216) = 0 [pid 5490] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5490] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5490] close(3) = 0 [pid 5490] mkdir("./file0", 0777) = 0 [ 52.974821][ T5490] loop0: detected capacity change from 0 to 32768 [ 52.984675][ T5490] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor380 (5490) [ 52.999776][ T5490] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 53.008640][ T5490] BTRFS info (device loop0): turning on flush-on-commit [ 53.015593][ T5490] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 53.026288][ T5490] BTRFS info (device loop0): trying to use backup root at mount time [ 53.034517][ T5490] BTRFS info (device loop0): using free space tree [ 53.046548][ T41] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 53.060553][ T5490] BTRFS warning (device loop0): couldn't read tree root [pid 5490] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5490] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5490] chdir("./file0") = 0 [pid 5490] ioctl(4, LOOP_CLR_FD) = 0 [pid 5490] close(4) = 0 [pid 5490] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5489] <... futex resumed>) = 0 [pid 5489] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5490] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5489] <... futex resumed>) = 0 [pid 5489] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5490] <... open resumed>) = 4 [pid 5490] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5489] <... futex resumed>) = 0 [pid 5489] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5490] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0 [pid 5489] <... futex resumed>) = 0 [pid 5489] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5490] <... ioctl resumed>) = 0 [pid 5490] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5489] <... futex resumed>) = 0 [pid 5490] futex(0x7f976f1bb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5489] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5490] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5489] <... futex resumed>) = 0 [pid 5490] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 53.070638][ T5490] BTRFS info (device loop0): enabling ssd optimizations [ 53.078450][ T5490] BTRFS info (device loop0): rebuilding free space tree [ 53.099220][ T27] audit: type=1800 audit(1684882202.221:26): pid=5490 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor380" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5489] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5489] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5489] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9767c9c000 [pid 5489] mprotect(0x7f9767c9d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5489] clone(child_stack=0x7f9767cbc3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5508], tls=0x7f9767cbc700, child_tidptr=0x7f9767cbc9d0) = 5508 [pid 5489] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5489] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5508 attached [pid 5508] set_robust_list(0x7f9767cbc9e0, 24) = 0 [pid 5508] open(".", O_RDONLY) = 5 [pid 5508] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5489] <... futex resumed>) = 0 [pid 5489] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5489] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5508] <... futex resumed>) = 1 [ 53.127708][ T5490] BTRFS info (device loop0): balance: start -d -m [ 53.134851][ T5490] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 53.155648][ T5490] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5508] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0}) = 0 [pid 5508] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5489] <... futex resumed>) = 0 [pid 5508] futex(0x7f976f1bb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5490] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5490] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5489] exit_group(0 [pid 5508] <... futex resumed>) = ? [pid 5489] <... exit_group resumed>) = ? [pid 5508] +++ exited with 0 +++ [pid 5490] +++ exited with 0 +++ [pid 5489] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5489, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555572c6620 /* 4 entries */, 32768) = 112 umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./24/binderfs") = 0 [ 53.222159][ T5490] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 53.240472][ T5490] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 53.258689][ T5490] BTRFS info (device loop0): balance: ended with status: 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555572ce660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555572ce660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file0") = 0 getdents64(3, 0x5555572c6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555572c55d0) = 5509 ./strace-static-x86_64: Process 5509 attached [pid 5509] set_robust_list(0x5555572c55e0, 24) = 0 [pid 5509] chdir("./25") = 0 [pid 5509] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5509] setpgid(0, 0) = 0 [pid 5509] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5509] write(3, "1000", 4) = 4 [pid 5509] close(3) = 0 [pid 5509] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5509] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5509] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f976f0bd000 [pid 5509] mprotect(0x7f976f0be000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5509] clone(child_stack=0x7f976f0dd3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5510 attached [pid 5510] set_robust_list(0x7f976f0dd9e0, 24) = 0 [pid 5510] futex(0x7f976f1bb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5509] <... clone resumed>, parent_tid=[5510], tls=0x7f976f0dd700, child_tidptr=0x7f976f0dd9d0) = 5510 [pid 5509] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5510] <... futex resumed>) = 0 [pid 5509] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5510] memfd_create("syzkaller", 0) = 3 [pid 5510] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9766cbd000 [pid 5510] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5510] munmap(0x7f9766cbd000, 16777216) = 0 [pid 5510] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5510] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5510] close(3) = 0 [pid 5510] mkdir("./file0", 0777) = 0 [ 53.434152][ T5510] loop0: detected capacity change from 0 to 32768 [ 53.443402][ T5510] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor380 (5510) [ 53.458207][ T5510] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 53.467184][ T5510] BTRFS info (device loop0): turning on flush-on-commit [ 53.474262][ T5510] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 53.484927][ T5510] BTRFS info (device loop0): trying to use backup root at mount time [ 53.493166][ T5510] BTRFS info (device loop0): using free space tree [ 53.505908][ T41] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 53.519323][ T5510] BTRFS warning (device loop0): couldn't read tree root [pid 5510] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5510] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5510] chdir("./file0") = 0 [pid 5510] ioctl(4, LOOP_CLR_FD) = 0 [pid 5510] close(4) = 0 [pid 5510] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5510] futex(0x7f976f1bb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5509] <... futex resumed>) = 0 [pid 5509] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5509] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5510] <... futex resumed>) = 0 [pid 5510] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5510] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5509] <... futex resumed>) = 0 [pid 5509] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5509] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5510] <... futex resumed>) = 1 [pid 5510] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0) = 0 [pid 5510] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5509] <... futex resumed>) = 0 [pid 5509] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5509] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5510] <... futex resumed>) = 1 [ 53.530034][ T5510] BTRFS info (device loop0): enabling ssd optimizations [ 53.537642][ T5510] BTRFS info (device loop0): rebuilding free space tree [ 53.556979][ T27] audit: type=1800 audit(1684882202.681:27): pid=5510 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor380" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 53.570338][ T5510] BTRFS info (device loop0): balance: start -d -m [pid 5510] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5509] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5509] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5509] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9767c9c000 [pid 5509] mprotect(0x7f9767c9d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5509] clone(child_stack=0x7f9767cbc3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5528], tls=0x7f9767cbc700, child_tidptr=0x7f9767cbc9d0) = 5528 [pid 5509] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5509] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5528 attached [pid 5528] set_robust_list(0x7f9767cbc9e0, 24) = 0 [pid 5528] open(".", O_RDONLY) = 5 [pid 5528] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5509] <... futex resumed>) = 0 [pid 5509] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5509] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 53.586141][ T5510] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 53.606582][ T5510] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5528] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [pid 5509] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5509] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5528] <... ioctl resumed>) = 0 [pid 5528] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5528] futex(0x7f976f1bb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5510] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5510] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5510] futex(0x7f976f1bb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5509] exit_group(0 [pid 5510] <... futex resumed>) = ? [pid 5528] <... futex resumed>) = ? [pid 5509] <... exit_group resumed>) = ? [pid 5510] +++ exited with 0 +++ [pid 5528] +++ exited with 0 +++ [pid 5509] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5509, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555572c6620 /* 4 entries */, 32768) = 112 umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./25/binderfs") = 0 [ 53.691794][ T5510] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 53.710675][ T5510] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 53.727793][ T5510] BTRFS info (device loop0): balance: ended with status: 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555572ce660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555572ce660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file0") = 0 getdents64(3, 0x5555572c6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5529 attached , child_tidptr=0x5555572c55d0) = 5529 [pid 5529] set_robust_list(0x5555572c55e0, 24) = 0 [pid 5529] chdir("./26") = 0 [pid 5529] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5529] setpgid(0, 0) = 0 [pid 5529] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5529] write(3, "1000", 4) = 4 [pid 5529] close(3) = 0 [pid 5529] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5529] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5529] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f976f0bd000 [pid 5529] mprotect(0x7f976f0be000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5529] clone(child_stack=0x7f976f0dd3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5530 attached , parent_tid=[5530], tls=0x7f976f0dd700, child_tidptr=0x7f976f0dd9d0) = 5530 [pid 5530] set_robust_list(0x7f976f0dd9e0, 24) = 0 [pid 5530] futex(0x7f976f1bb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5529] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5530] <... futex resumed>) = 0 [pid 5529] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5530] memfd_create("syzkaller", 0) = 3 [pid 5530] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9766cbd000 [pid 5530] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5530] munmap(0x7f9766cbd000, 16777216) = 0 [pid 5530] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5530] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5530] close(3) = 0 [pid 5530] mkdir("./file0", 0777) = 0 [ 53.909521][ T5530] loop0: detected capacity change from 0 to 32768 [ 53.918949][ T5530] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor380 (5530) [ 53.933543][ T5530] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 53.942632][ T5530] BTRFS info (device loop0): turning on flush-on-commit [ 53.949638][ T5530] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 53.960271][ T5530] BTRFS info (device loop0): trying to use backup root at mount time [ 53.968357][ T5530] BTRFS info (device loop0): using free space tree [ 53.980932][ T41] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 53.994216][ T5530] BTRFS warning (device loop0): couldn't read tree root [pid 5530] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5530] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5530] chdir("./file0") = 0 [pid 5530] ioctl(4, LOOP_CLR_FD) = 0 [pid 5530] close(4) = 0 [pid 5530] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5529] <... futex resumed>) = 0 [pid 5529] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5529] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5530] <... futex resumed>) = 1 [pid 5530] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5530] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5529] <... futex resumed>) = 0 [pid 5530] futex(0x7f976f1bb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5529] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5530] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5530] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0 [pid 5529] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5530] <... ioctl resumed>) = 0 [pid 5530] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5529] <... futex resumed>) = 0 [pid 5529] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5530] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5529] <... futex resumed>) = 0 [ 54.004321][ T5530] BTRFS info (device loop0): enabling ssd optimizations [ 54.012028][ T5530] BTRFS info (device loop0): rebuilding free space tree [ 54.033089][ T27] audit: type=1800 audit(1684882203.151:28): pid=5530 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor380" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5529] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5529] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5529] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9767c9c000 [pid 5529] mprotect(0x7f9767c9d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5529] clone(child_stack=0x7f9767cbc3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5548], tls=0x7f9767cbc700, child_tidptr=0x7f9767cbc9d0) = 5548 [pid 5529] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5529] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5548 attached [pid 5548] set_robust_list(0x7f9767cbc9e0, 24) = 0 [pid 5548] open(".", O_RDONLY) = 5 [pid 5548] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5548] futex(0x7f976f1bb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5529] <... futex resumed>) = 0 [pid 5529] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5548] <... futex resumed>) = 0 [pid 5548] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [ 54.071386][ T5530] BTRFS info (device loop0): balance: start -d -m [ 54.080251][ T5530] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 54.100888][ T5530] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5529] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5548] <... ioctl resumed>) = 0 [pid 5548] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5529] <... futex resumed>) = 0 [pid 5548] futex(0x7f976f1bb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5530] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5530] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5529] exit_group(0 [pid 5530] futex(0x7f976f1bb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5548] <... futex resumed>) = ? [pid 5530] <... futex resumed>) = ? [pid 5529] <... exit_group resumed>) = ? [pid 5548] +++ exited with 0 +++ [pid 5530] +++ exited with 0 +++ [pid 5529] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5529, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=23 /* 0.23 s */} --- umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555572c6620 /* 4 entries */, 32768) = 112 umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./26/binderfs") = 0 [ 54.167326][ T5530] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 54.186268][ T5530] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 54.202466][ T5530] BTRFS info (device loop0): balance: ended with status: 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555572ce660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555572ce660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file0") = 0 getdents64(3, 0x5555572c6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555572c55d0) = 5549 ./strace-static-x86_64: Process 5549 attached [pid 5549] set_robust_list(0x5555572c55e0, 24) = 0 [pid 5549] chdir("./27") = 0 [pid 5549] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5549] setpgid(0, 0) = 0 [pid 5549] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5549] write(3, "1000", 4) = 4 [pid 5549] close(3) = 0 [pid 5549] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5549] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5549] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f976f0bd000 [pid 5549] mprotect(0x7f976f0be000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5549] clone(child_stack=0x7f976f0dd3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5550 attached , parent_tid=[5550], tls=0x7f976f0dd700, child_tidptr=0x7f976f0dd9d0) = 5550 [pid 5550] set_robust_list(0x7f976f0dd9e0, 24) = 0 [pid 5550] futex(0x7f976f1bb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5549] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5550] <... futex resumed>) = 0 [pid 5549] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5550] memfd_create("syzkaller", 0) = 3 [pid 5550] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9766cbd000 [pid 5550] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5550] munmap(0x7f9766cbd000, 16777216) = 0 [pid 5550] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5550] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5550] close(3) = 0 [pid 5550] mkdir("./file0", 0777) = 0 [ 54.394036][ T5550] loop0: detected capacity change from 0 to 32768 [ 54.403117][ T5550] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor380 (5550) [ 54.418857][ T5550] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 54.427561][ T5550] BTRFS info (device loop0): turning on flush-on-commit [ 54.434503][ T5550] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 54.445119][ T5550] BTRFS info (device loop0): trying to use backup root at mount time [ 54.453215][ T5550] BTRFS info (device loop0): using free space tree [ 54.465509][ T10] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 54.478761][ T5550] BTRFS warning (device loop0): couldn't read tree root [pid 5550] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5550] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5550] chdir("./file0") = 0 [pid 5550] ioctl(4, LOOP_CLR_FD) = 0 [pid 5550] close(4) = 0 [pid 5550] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5549] <... futex resumed>) = 0 [pid 5549] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5549] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5550] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5550] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5549] <... futex resumed>) = 0 [pid 5549] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5549] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5550] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0) = 0 [pid 5550] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5549] <... futex resumed>) = 0 [pid 5550] futex(0x7f976f1bb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5549] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5550] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5549] <... futex resumed>) = 0 [pid 5550] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 54.489237][ T5550] BTRFS info (device loop0): enabling ssd optimizations [ 54.496704][ T5550] BTRFS info (device loop0): rebuilding free space tree [ 54.519361][ T27] audit: type=1800 audit(1684882203.641:29): pid=5550 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor380" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 54.546273][ T5550] BTRFS info (device loop0): balance: start -d -m [ 54.557507][ T5550] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5549] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5549] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5549] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9767c9c000 [pid 5549] mprotect(0x7f9767c9d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5549] clone(child_stack=0x7f9767cbc3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5568], tls=0x7f9767cbc700, child_tidptr=0x7f9767cbc9d0) = 5568 [pid 5549] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5549] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5568 attached [pid 5568] set_robust_list(0x7f9767cbc9e0, 24) = 0 [pid 5568] open(".", O_RDONLY) = 5 [pid 5568] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5549] <... futex resumed>) = 0 [pid 5568] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [pid 5549] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 54.588273][ T5550] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5549] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5568] <... ioctl resumed>) = 0 [pid 5568] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5549] <... futex resumed>) = 0 [ 54.636297][ T5550] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 54.672813][ T5550] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5568] futex(0x7f976f1bb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5550] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5550] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5550] futex(0x7f976f1bb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5549] exit_group(0) = ? [pid 5568] <... futex resumed>) = ? [pid 5550] <... futex resumed>) = ? [pid 5550] +++ exited with 0 +++ [pid 5568] +++ exited with 0 +++ [pid 5549] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5549, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555572c6620 /* 4 entries */, 32768) = 112 umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./27/binderfs") = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555572ce660 /* 2 entries */, 32768) = 48 [ 54.690058][ T5550] BTRFS info (device loop0): balance: ended with status: 0 getdents64(4, 0x5555572ce660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file0") = 0 getdents64(3, 0x5555572c6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555572c55d0) = 5569 ./strace-static-x86_64: Process 5569 attached [pid 5569] set_robust_list(0x5555572c55e0, 24) = 0 [pid 5569] chdir("./28") = 0 [pid 5569] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5569] setpgid(0, 0) = 0 [pid 5569] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5569] write(3, "1000", 4) = 4 [pid 5569] close(3) = 0 [pid 5569] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5569] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5569] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f976f0bd000 [pid 5569] mprotect(0x7f976f0be000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5569] clone(child_stack=0x7f976f0dd3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5570 attached , parent_tid=[5570], tls=0x7f976f0dd700, child_tidptr=0x7f976f0dd9d0) = 5570 [pid 5569] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5570] set_robust_list(0x7f976f0dd9e0, 24) = 0 [pid 5570] memfd_create("syzkaller", 0) = 3 [pid 5570] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9766cbd000 [pid 5569] <... futex resumed>) = 0 [pid 5569] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5570] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5570] munmap(0x7f9766cbd000, 16777216) = 0 [pid 5570] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5570] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5570] close(3) = 0 [pid 5570] mkdir("./file0", 0777) = 0 [ 54.876526][ T5570] loop0: detected capacity change from 0 to 32768 [ 54.884889][ T5570] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor380 (5570) [ 54.899250][ T5570] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 54.908034][ T5570] BTRFS info (device loop0): turning on flush-on-commit [ 54.914974][ T5570] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 54.925605][ T5570] BTRFS info (device loop0): trying to use backup root at mount time [ 54.933805][ T5570] BTRFS info (device loop0): using free space tree [ 54.946287][ T41] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 54.959692][ T5570] BTRFS warning (device loop0): couldn't read tree root [ 54.970028][ T5570] BTRFS info (device loop0): enabling ssd optimizations [pid 5570] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5570] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5570] chdir("./file0") = 0 [pid 5570] ioctl(4, LOOP_CLR_FD) = 0 [pid 5570] close(4) = 0 [pid 5570] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5569] <... futex resumed>) = 0 [pid 5569] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5569] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5570] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5570] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5569] <... futex resumed>) = 0 [pid 5570] futex(0x7f976f1bb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5569] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5570] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5569] <... futex resumed>) = 0 [pid 5570] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0 [pid 5569] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5570] <... ioctl resumed>) = 0 [pid 5570] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5569] <... futex resumed>) = 0 [pid 5570] futex(0x7f976f1bb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5569] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5570] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5569] <... futex resumed>) = 0 [pid 5570] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 54.977574][ T5570] BTRFS info (device loop0): rebuilding free space tree [ 55.000867][ T27] audit: type=1800 audit(1684882204.121:30): pid=5570 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor380" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 55.021262][ T5570] BTRFS info (device loop0): balance: start -d -m [pid 5569] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5569] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5569] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9767c9c000 [pid 5569] mprotect(0x7f9767c9d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5569] clone(child_stack=0x7f9767cbc3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5588], tls=0x7f9767cbc700, child_tidptr=0x7f9767cbc9d0) = 5588 [pid 5569] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 55.030237][ T5570] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 55.050899][ T5570] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5569] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5588 attached [pid 5588] set_robust_list(0x7f9767cbc9e0, 24) = 0 [pid 5588] open(".", O_RDONLY) = 5 [pid 5588] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5569] <... futex resumed>) = 0 [pid 5569] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5569] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5588] <... futex resumed>) = 1 [pid 5588] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0}) = 0 [pid 5588] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5569] <... futex resumed>) = 0 [ 55.085187][ T5570] BTRFS info (device loop0): found 10 extents, stage: move data extents [pid 5588] futex(0x7f976f1bb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5570] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5570] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5569] exit_group(0 [pid 5588] <... futex resumed>) = ? [pid 5569] <... exit_group resumed>) = ? [pid 5588] +++ exited with 0 +++ [pid 5570] +++ exited with 0 +++ [pid 5569] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5569, si_uid=0, si_status=0, si_utime=0, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555572c6620 /* 4 entries */, 32768) = 112 umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./28/binderfs") = 0 [ 55.140676][ T5570] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 55.158318][ T5570] BTRFS info (device loop0): balance: ended with status: 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555572ce660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555572ce660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file0") = 0 getdents64(3, 0x5555572c6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555572c55d0) = 5589 ./strace-static-x86_64: Process 5589 attached [pid 5589] set_robust_list(0x5555572c55e0, 24) = 0 [pid 5589] chdir("./29") = 0 [pid 5589] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5589] setpgid(0, 0) = 0 [pid 5589] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5589] write(3, "1000", 4) = 4 [pid 5589] close(3) = 0 [pid 5589] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5589] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5589] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f976f0bd000 [pid 5589] mprotect(0x7f976f0be000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5589] clone(child_stack=0x7f976f0dd3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5590 attached , parent_tid=[5590], tls=0x7f976f0dd700, child_tidptr=0x7f976f0dd9d0) = 5590 [pid 5589] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5589] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5590] set_robust_list(0x7f976f0dd9e0, 24) = 0 [pid 5590] memfd_create("syzkaller", 0) = 3 [pid 5590] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9766cbd000 [pid 5590] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5590] munmap(0x7f9766cbd000, 16777216) = 0 [pid 5590] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5590] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5590] close(3) = 0 [pid 5590] mkdir("./file0", 0777) = 0 [ 55.371163][ T5590] loop0: detected capacity change from 0 to 32768 [ 55.379537][ T5590] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor380 (5590) [ 55.394345][ T5590] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 55.403178][ T5590] BTRFS info (device loop0): turning on flush-on-commit [ 55.410214][ T5590] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 55.420999][ T5590] BTRFS info (device loop0): trying to use backup root at mount time [ 55.429137][ T5590] BTRFS info (device loop0): using free space tree [ 55.442389][ T41] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 55.455614][ T5590] BTRFS warning (device loop0): couldn't read tree root [pid 5590] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5590] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5590] chdir("./file0") = 0 [pid 5590] ioctl(4, LOOP_CLR_FD) = 0 [pid 5590] close(4) = 0 [pid 5590] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5589] <... futex resumed>) = 0 [pid 5589] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5590] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5589] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5590] <... open resumed>) = 4 [pid 5590] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5589] <... futex resumed>) = 0 [pid 5589] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5590] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0 [pid 5589] <... futex resumed>) = 0 [pid 5590] <... ioctl resumed>) = 0 [pid 5589] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5590] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5589] <... futex resumed>) = 0 [pid 5589] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5590] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5589] <... futex resumed>) = 0 [ 55.466012][ T5590] BTRFS info (device loop0): enabling ssd optimizations [ 55.473545][ T5590] BTRFS info (device loop0): rebuilding free space tree [ 55.494873][ T27] audit: type=1800 audit(1684882204.611:31): pid=5590 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor380" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5589] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5589] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5589] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9767c9c000 [pid 5589] mprotect(0x7f9767c9d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5589] clone(child_stack=0x7f9767cbc3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5608], tls=0x7f9767cbc700, child_tidptr=0x7f9767cbc9d0) = 5608 [pid 5589] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5589] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5608 attached [pid 5608] set_robust_list(0x7f9767cbc9e0, 24) = 0 [pid 5608] open(".", O_RDONLY) = 5 [pid 5608] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5589] <... futex resumed>) = 0 [pid 5589] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5589] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5608] <... futex resumed>) = 1 [ 55.522837][ T5590] BTRFS info (device loop0): balance: start -d -m [ 55.530483][ T5590] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 55.550757][ T5590] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5608] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0}) = 0 [pid 5608] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5589] <... futex resumed>) = 0 [ 55.599195][ T5590] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 55.634296][ T5590] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5608] futex(0x7f976f1bb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5590] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5590] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5590] futex(0x7f976f1bb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5589] exit_group(0 [pid 5608] <... futex resumed>) = ? [pid 5589] <... exit_group resumed>) = ? [pid 5608] +++ exited with 0 +++ [pid 5590] <... futex resumed>) = ? [pid 5590] +++ exited with 0 +++ [pid 5589] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5589, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=24 /* 0.24 s */} --- umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555572c6620 /* 4 entries */, 32768) = 112 umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./29/binderfs") = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555572ce660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555572ce660 /* 0 entries */, 32768) = 0 close(4) = 0 [ 55.651852][ T5590] BTRFS info (device loop0): balance: ended with status: 0 rmdir("./29/file0") = 0 getdents64(3, 0x5555572c6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555572c55d0) = 5609 ./strace-static-x86_64: Process 5609 attached [pid 5609] set_robust_list(0x5555572c55e0, 24) = 0 [pid 5609] chdir("./30") = 0 [pid 5609] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5609] setpgid(0, 0) = 0 [pid 5609] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5609] write(3, "1000", 4) = 4 [pid 5609] close(3) = 0 [pid 5609] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5609] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5609] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f976f0bd000 [pid 5609] mprotect(0x7f976f0be000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5609] clone(child_stack=0x7f976f0dd3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5610 attached , parent_tid=[5610], tls=0x7f976f0dd700, child_tidptr=0x7f976f0dd9d0) = 5610 [pid 5610] set_robust_list(0x7f976f0dd9e0, 24 [pid 5609] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5610] <... set_robust_list resumed>) = 0 [pid 5609] <... futex resumed>) = 0 [pid 5609] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5610] memfd_create("syzkaller", 0) = 3 [pid 5610] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9766cbd000 [pid 5610] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5610] munmap(0x7f9766cbd000, 16777216) = 0 [pid 5610] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5610] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5610] close(3) = 0 [pid 5610] mkdir("./file0", 0777) = 0 [ 55.825325][ T5610] loop0: detected capacity change from 0 to 32768 [ 55.834292][ T5610] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor380 (5610) [ 55.848784][ T5610] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 55.857580][ T5610] BTRFS info (device loop0): turning on flush-on-commit [ 55.864544][ T5610] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [pid 5610] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5610] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5610] chdir("./file0") = 0 [pid 5610] ioctl(4, LOOP_CLR_FD) = 0 [pid 5610] close(4) = 0 [pid 5610] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5609] <... futex resumed>) = 0 [pid 5609] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5610] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5609] <... futex resumed>) = 0 [ 55.875361][ T5610] BTRFS info (device loop0): trying to use backup root at mount time [ 55.883513][ T5610] BTRFS info (device loop0): using free space tree [ 55.895861][ T41] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 55.909247][ T5610] BTRFS warning (device loop0): couldn't read tree root [pid 5609] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5610] <... open resumed>) = 4 [pid 5610] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5609] <... futex resumed>) = 0 [pid 5610] futex(0x7f976f1bb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5609] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5609] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5610] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5610] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0) = 0 [pid 5610] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5609] <... futex resumed>) = 0 [pid 5609] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5609] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 55.933452][ T27] audit: type=1800 audit(1684882205.051:32): pid=5610 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor380" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5610] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5609] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5609] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5609] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5609] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5609] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9767c9c000 [pid 5609] mprotect(0x7f9767c9d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5609] clone(child_stack=0x7f9767cbc3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5628], tls=0x7f9767cbc700, child_tidptr=0x7f9767cbc9d0) = 5628 [pid 5609] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5609] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5628 attached [pid 5628] set_robust_list(0x7f9767cbc9e0, 24) = 0 [pid 5628] open(".", O_RDONLY) = 5 [pid 5628] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5609] <... futex resumed>) = 0 [pid 5628] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [pid 5609] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5609] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5628] <... ioctl resumed>) = 0 [pid 5609] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5628] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5609] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0} [pid 5628] <... futex resumed>) = 0 [pid 5609] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5628] futex(0x7f976f1bb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5610] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5610] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5610] futex(0x7f976f1bb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5609] exit_group(0 [pid 5610] <... futex resumed>) = ? [pid 5628] <... futex resumed>) = ? [pid 5609] <... exit_group resumed>) = ? [pid 5610] +++ exited with 0 +++ [pid 5628] +++ exited with 0 +++ [pid 5609] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5609, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555572c6620 /* 4 entries */, 32768) = 112 umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./30/binderfs") = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555572ce660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555572ce660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file0") = 0 getdents64(3, 0x5555572c6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555572c55d0) = 5629 ./strace-static-x86_64: Process 5629 attached [pid 5629] set_robust_list(0x5555572c55e0, 24) = 0 [pid 5629] chdir("./31") = 0 [pid 5629] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5629] setpgid(0, 0) = 0 [pid 5629] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5629] write(3, "1000", 4) = 4 [pid 5629] close(3) = 0 [pid 5629] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5629] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5629] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f976f0bd000 [pid 5629] mprotect(0x7f976f0be000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5629] clone(child_stack=0x7f976f0dd3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5630], tls=0x7f976f0dd700, child_tidptr=0x7f976f0dd9d0) = 5630 [pid 5629] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5629] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5630 attached [pid 5630] set_robust_list(0x7f976f0dd9e0, 24) = 0 [pid 5630] memfd_create("syzkaller", 0) = 3 [pid 5630] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9766cbd000 [pid 5630] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5630] munmap(0x7f9766cbd000, 16777216) = 0 [pid 5630] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5630] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5630] close(3) = 0 [pid 5630] mkdir("./file0", 0777) = 0 [ 56.245850][ T5630] loop0: detected capacity change from 0 to 32768 [ 56.255401][ T5630] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor380 (5630) [ 56.269857][ T5630] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [pid 5630] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5630] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5630] chdir("./file0") = 0 [pid 5630] ioctl(4, LOOP_CLR_FD) = 0 [pid 5630] close(4) = 0 [pid 5630] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5629] <... futex resumed>) = 0 [pid 5630] <... futex resumed>) = 1 [pid 5630] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5629] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5629] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5630] <... open resumed>) = 4 [pid 5630] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5629] <... futex resumed>) = 0 [pid 5630] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0 [pid 5629] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5630] <... ioctl resumed>) = 0 [pid 5630] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5629] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5630] <... futex resumed>) = 0 [pid 5629] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5630] futex(0x7f976f1bb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5629] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5630] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5629] <... futex resumed>) = 0 [pid 5630] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 56.285983][ T10] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 56.299576][ T5630] BTRFS warning (device loop0): couldn't read tree root [ 56.324802][ T27] audit: type=1800 audit(1684882205.441:33): pid=5630 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor380" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5629] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5629] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5629] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9767c9c000 [pid 5629] mprotect(0x7f9767c9d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5629] clone(child_stack=0x7f9767cbc3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5648], tls=0x7f9767cbc700, child_tidptr=0x7f9767cbc9d0) = 5648 [pid 5629] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5629] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5648 attached [pid 5648] set_robust_list(0x7f9767cbc9e0, 24) = 0 [pid 5648] open(".", O_RDONLY) = 5 [pid 5648] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5629] <... futex resumed>) = 0 [pid 5629] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5629] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5648] <... futex resumed>) = 1 [pid 5648] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [pid 5630] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5630] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5630] futex(0x7f976f1bb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5648] <... ioctl resumed>) = 0 [pid 5648] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5629] <... futex resumed>) = 0 [pid 5629] exit_group(0) = ? [pid 5630] <... futex resumed>) = ? [pid 5648] +++ exited with 0 +++ [pid 5630] +++ exited with 0 +++ [pid 5629] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5629, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=14 /* 0.14 s */} --- umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555572c6620 /* 4 entries */, 32768) = 112 umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./31/binderfs") = 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555572ce660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555572ce660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file0") = 0 getdents64(3, 0x5555572c6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5649 attached [pid 5649] set_robust_list(0x5555572c55e0, 24) = 0 [pid 5649] chdir("./32") = 0 [pid 5649] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5649] setpgid(0, 0) = 0 [pid 4997] <... clone resumed>, child_tidptr=0x5555572c55d0) = 5649 [pid 5649] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5649] write(3, "1000", 4) = 4 [pid 5649] close(3) = 0 [pid 5649] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5649] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5649] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f976f0bd000 [pid 5649] mprotect(0x7f976f0be000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5649] clone(child_stack=0x7f976f0dd3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5650 attached [pid 5650] set_robust_list(0x7f976f0dd9e0, 24 [pid 5649] <... clone resumed>, parent_tid=[5650], tls=0x7f976f0dd700, child_tidptr=0x7f976f0dd9d0) = 5650 [pid 5650] <... set_robust_list resumed>) = 0 [pid 5650] futex(0x7f976f1bb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5649] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5650] <... futex resumed>) = 0 [pid 5649] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5650] memfd_create("syzkaller", 0) = 3 [pid 5650] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9766cbd000 [pid 5650] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5650] munmap(0x7f9766cbd000, 16777216) = 0 [pid 5650] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5650] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5650] close(3) = 0 [pid 5650] mkdir("./file0", 0777) = 0 [pid 5650] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5650] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5650] chdir("./file0") = 0 [pid 5650] ioctl(4, LOOP_CLR_FD) = 0 [pid 5650] close(4) = 0 [pid 5650] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5649] <... futex resumed>) = 0 [pid 5650] futex(0x7f976f1bb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5649] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5649] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5650] <... futex resumed>) = 0 [pid 5650] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5650] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5649] <... futex resumed>) = 0 [pid 5650] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0 [pid 5649] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5649] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5650] <... ioctl resumed>) = 0 [pid 5650] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5649] <... futex resumed>) = 0 [pid 5649] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5650] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5649] <... futex resumed>) = 0 [ 56.620436][ T5650] loop0: detected capacity change from 0 to 32768 [ 56.629093][ T5650] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor380 (5650) [ 56.643308][ T5650] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 56.660209][ T5650] BTRFS warning (device loop0): couldn't read tree root [pid 5649] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5649] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5649] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9767c9c000 [pid 5649] mprotect(0x7f9767c9d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5649] clone(child_stack=0x7f9767cbc3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5668], tls=0x7f9767cbc700, child_tidptr=0x7f9767cbc9d0) = 5668 [pid 5649] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5649] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5668 attached [pid 5668] set_robust_list(0x7f9767cbc9e0, 24) = 0 [pid 5668] open(".", O_RDONLY) = 5 [pid 5668] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5649] <... futex resumed>) = 0 [pid 5649] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5649] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5668] <... futex resumed>) = 1 [pid 5668] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [pid 5649] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5649] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5649] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5649] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5668] <... ioctl resumed>) = 0 [pid 5668] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5668] futex(0x7f976f1bb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5650] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5650] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5649] exit_group(0 [pid 5668] <... futex resumed>) = ? [pid 5649] <... exit_group resumed>) = ? [pid 5668] +++ exited with 0 +++ [pid 5650] +++ exited with 0 +++ [pid 5649] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5649, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555572c6620 /* 4 entries */, 32768) = 112 umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./32/binderfs") = 0 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555572ce660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555572ce660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file0") = 0 getdents64(3, 0x5555572c6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555572c55d0) = 5669 ./strace-static-x86_64: Process 5669 attached [pid 5669] set_robust_list(0x5555572c55e0, 24) = 0 [pid 5669] chdir("./33") = 0 [pid 5669] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5669] setpgid(0, 0) = 0 [pid 5669] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5669] write(3, "1000", 4) = 4 [pid 5669] close(3) = 0 [pid 5669] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5669] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5669] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f976f0bd000 [pid 5669] mprotect(0x7f976f0be000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5669] clone(child_stack=0x7f976f0dd3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5670 attached , parent_tid=[5670], tls=0x7f976f0dd700, child_tidptr=0x7f976f0dd9d0) = 5670 [pid 5670] set_robust_list(0x7f976f0dd9e0, 24) = 0 [pid 5669] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5669] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5670] memfd_create("syzkaller", 0) = 3 [pid 5670] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9766cbd000 [pid 5670] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5670] munmap(0x7f9766cbd000, 16777216) = 0 [pid 5670] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5670] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5670] close(3) = 0 [pid 5670] mkdir("./file0", 0777) = 0 [ 57.003055][ T5670] loop0: detected capacity change from 0 to 32768 [ 57.013041][ T5670] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor380 (5670) [ 57.028205][ T5670] _btrfs_printk: 32 callbacks suppressed [ 57.028215][ T5670] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 57.042641][ T5670] BTRFS info (device loop0): turning on flush-on-commit [ 57.049998][ T5670] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 57.060628][ T5670] BTRFS info (device loop0): trying to use backup root at mount time [ 57.068795][ T5670] BTRFS info (device loop0): using free space tree [ 57.081338][ T10] validate_extent_buffer: 1 callbacks suppressed [ 57.081350][ T10] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [pid 5670] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5670] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5670] chdir("./file0") = 0 [pid 5670] ioctl(4, LOOP_CLR_FD) = 0 [pid 5670] close(4) = 0 [pid 5670] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5669] <... futex resumed>) = 0 [pid 5669] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5669] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 57.101197][ T5670] BTRFS warning (device loop0): couldn't read tree root [ 57.111311][ T5670] BTRFS info (device loop0): enabling ssd optimizations [ 57.119164][ T5670] BTRFS info (device loop0): rebuilding free space tree [ 57.142713][ T27] kauditd_printk_skb: 1 callbacks suppressed [pid 5670] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5670] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5669] <... futex resumed>) = 0 [pid 5669] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5669] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5670] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0) = 0 [pid 5670] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5669] <... futex resumed>) = 0 [pid 5669] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5670] <... futex resumed>) = 1 [pid 5669] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 57.142723][ T27] audit: type=1800 audit(1684882206.261:35): pid=5670 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor380" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 57.175288][ T5670] BTRFS info (device loop0): balance: start -d -m [ 57.183662][ T5670] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5670] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5669] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5669] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5669] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5669] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5669] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9767c9c000 [pid 5669] mprotect(0x7f9767c9d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5669] clone(child_stack=0x7f9767cbc3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5688], tls=0x7f9767cbc700, child_tidptr=0x7f9767cbc9d0) = 5688 [pid 5669] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5669] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5688 attached [pid 5688] set_robust_list(0x7f9767cbc9e0, 24) = 0 [pid 5688] open(".", O_RDONLY) = 5 [pid 5688] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5669] <... futex resumed>) = 0 [pid 5669] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5669] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5688] <... futex resumed>) = 1 [pid 5688] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [pid 5669] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 57.202273][ T5670] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 57.233850][ T5670] BTRFS info (device loop0): found 10 extents, stage: move data extents [pid 5688] <... ioctl resumed>) = 0 [pid 5688] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5688] futex(0x7f976f1bb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5670] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5670] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5669] exit_group(0 [pid 5688] <... futex resumed>) = ? [pid 5669] <... exit_group resumed>) = ? [pid 5688] +++ exited with 0 +++ [pid 5670] +++ exited with 0 +++ [pid 5669] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5669, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=25 /* 0.25 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555572c6620 /* 4 entries */, 32768) = 112 umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./33/binderfs") = 0 [ 57.296352][ T5670] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 57.312602][ T5670] BTRFS info (device loop0): balance: ended with status: 0 umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./33/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555572ce660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555572ce660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file0") = 0 getdents64(3, 0x5555572c6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5689 attached [pid 5689] set_robust_list(0x5555572c55e0, 24) = 0 [pid 5689] chdir("./34") = 0 [pid 5689] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5689] setpgid(0, 0) = 0 [pid 5689] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5689] write(3, "1000", 4) = 4 [pid 5689] close(3) = 0 [pid 5689] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5689] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5689] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f976f0bd000 [pid 5689] mprotect(0x7f976f0be000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5689] clone(child_stack=0x7f976f0dd3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5690], tls=0x7f976f0dd700, child_tidptr=0x7f976f0dd9d0) = 5690 [pid 5689] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5689] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5690 attached [pid 5690] set_robust_list(0x7f976f0dd9e0, 24) = 0 [pid 5690] memfd_create("syzkaller", 0) = 3 [pid 5690] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 4997] <... clone resumed>, child_tidptr=0x5555572c55d0) = 5689 [pid 5690] <... mmap resumed>) = 0x7f9766cbd000 [pid 5690] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5690] munmap(0x7f9766cbd000, 16777216) = 0 [pid 5690] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5690] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5690] close(3) = 0 [pid 5690] mkdir("./file0", 0777) = 0 [ 57.495818][ T5690] loop0: detected capacity change from 0 to 32768 [ 57.504370][ T5690] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor380 (5690) [ 57.519188][ T5690] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 57.528070][ T5690] BTRFS info (device loop0): turning on flush-on-commit [ 57.535069][ T5690] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 57.545741][ T5690] BTRFS info (device loop0): trying to use backup root at mount time [ 57.553882][ T5690] BTRFS info (device loop0): using free space tree [ 57.566226][ T10] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 57.579472][ T5690] BTRFS warning (device loop0): couldn't read tree root [pid 5690] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5690] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5690] chdir("./file0") = 0 [pid 5690] ioctl(4, LOOP_CLR_FD) = 0 [pid 5690] close(4) = 0 [pid 5690] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5689] <... futex resumed>) = 0 [pid 5690] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5689] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5689] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5690] <... open resumed>) = 4 [pid 5690] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5690] futex(0x7f976f1bb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5689] <... futex resumed>) = 0 [pid 5689] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5690] <... futex resumed>) = 0 [pid 5689] <... futex resumed>) = 1 [pid 5690] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0 [pid 5689] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5690] <... ioctl resumed>) = 0 [pid 5690] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5689] <... futex resumed>) = 0 [pid 5690] futex(0x7f976f1bb7a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5689] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5690] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5689] <... futex resumed>) = 0 [ 57.590612][ T5690] BTRFS info (device loop0): enabling ssd optimizations [ 57.598428][ T5690] BTRFS info (device loop0): rebuilding free space tree [ 57.618947][ T27] audit: type=1800 audit(1684882206.741:36): pid=5690 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor380" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5689] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5689] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5689] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9767c9c000 [pid 5689] mprotect(0x7f9767c9d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5689] clone(child_stack=0x7f9767cbc3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5708], tls=0x7f9767cbc700, child_tidptr=0x7f9767cbc9d0) = 5708 [pid 5689] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5689] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5708 attached [pid 5708] set_robust_list(0x7f9767cbc9e0, 24) = 0 [pid 5708] open(".", O_RDONLY) = 5 [pid 5708] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5689] <... futex resumed>) = 0 [pid 5689] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5689] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5708] <... futex resumed>) = 1 [ 57.645945][ T5690] BTRFS info (device loop0): balance: start -d -m [ 57.654721][ T5690] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 57.674493][ T5690] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5708] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [pid 5689] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5708] <... ioctl resumed>) = 0 [pid 5708] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 57.719242][ T5690] BTRFS info (device loop0): found 10 extents, stage: move data extents [pid 5708] futex(0x7f976f1bb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5690] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5690] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5690] futex(0x7f976f1bb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5689] exit_group(0) = ? [pid 5708] <... futex resumed>) = ? [pid 5690] <... futex resumed>) = ? [pid 5690] +++ exited with 0 +++ [pid 5708] +++ exited with 0 +++ [pid 5689] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5689, si_uid=0, si_status=0, si_utime=0, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555572c6620 /* 4 entries */, 32768) = 112 umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./34/binderfs") = 0 [ 57.771866][ T5690] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 57.789826][ T5690] BTRFS info (device loop0): balance: ended with status: 0 umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./34/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555572ce660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555572ce660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file0") = 0 getdents64(3, 0x5555572c6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555572c55d0) = 5709 ./strace-static-x86_64: Process 5709 attached [pid 5709] set_robust_list(0x5555572c55e0, 24) = 0 [pid 5709] chdir("./35") = 0 [pid 5709] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5709] setpgid(0, 0) = 0 [pid 5709] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5709] write(3, "1000", 4) = 4 [pid 5709] close(3) = 0 [pid 5709] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5709] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5709] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f976f0bd000 [pid 5709] mprotect(0x7f976f0be000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5709] clone(child_stack=0x7f976f0dd3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5710 attached [pid 5710] set_robust_list(0x7f976f0dd9e0, 24) = 0 [pid 5710] futex(0x7f976f1bb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5709] <... clone resumed>, parent_tid=[5710], tls=0x7f976f0dd700, child_tidptr=0x7f976f0dd9d0) = 5710 [pid 5709] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5710] <... futex resumed>) = 0 [pid 5709] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5710] memfd_create("syzkaller", 0) = 3 [pid 5710] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9766cbd000 [pid 5710] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5710] munmap(0x7f9766cbd000, 16777216) = 0 [pid 5710] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5710] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5710] close(3) = 0 [pid 5710] mkdir("./file0", 0777) = 0 [ 57.992377][ T5710] loop0: detected capacity change from 0 to 32768 [ 58.001812][ T5710] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor380 (5710) [ 58.016776][ T5710] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 58.025578][ T5710] BTRFS info (device loop0): turning on flush-on-commit [ 58.032607][ T5710] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 58.043261][ T5710] BTRFS info (device loop0): trying to use backup root at mount time [ 58.051358][ T5710] BTRFS info (device loop0): using free space tree [ 58.063816][ T41] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 58.077163][ T5710] BTRFS warning (device loop0): couldn't read tree root [pid 5710] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5710] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5710] chdir("./file0") = 0 [pid 5710] ioctl(4, LOOP_CLR_FD) = 0 [pid 5710] close(4) = 0 [pid 5710] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5709] <... futex resumed>) = 0 [pid 5709] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5709] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5710] <... futex resumed>) = 1 [pid 5710] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5710] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5709] <... futex resumed>) = 0 [pid 5709] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5709] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5710] <... futex resumed>) = 1 [pid 5710] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0) = 0 [pid 5710] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5709] <... futex resumed>) = 0 [pid 5709] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5709] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5710] <... futex resumed>) = 1 [ 58.087366][ T5710] BTRFS info (device loop0): enabling ssd optimizations [ 58.094969][ T5710] BTRFS info (device loop0): rebuilding free space tree [ 58.120727][ T27] audit: type=1800 audit(1684882207.241:37): pid=5710 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor380" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5710] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5709] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5709] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5709] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9767c9c000 [pid 5709] mprotect(0x7f9767c9d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5709] clone(child_stack=0x7f9767cbc3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5728], tls=0x7f9767cbc700, child_tidptr=0x7f9767cbc9d0) = 5728 [pid 5709] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5709] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5728 attached [pid 5728] set_robust_list(0x7f9767cbc9e0, 24) = 0 [pid 5728] open(".", O_RDONLY) = 5 [pid 5728] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5709] <... futex resumed>) = 0 [pid 5728] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [pid 5709] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 58.127795][ T5710] BTRFS info (device loop0): balance: start -d -m [ 58.148885][ T5710] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 58.168539][ T5710] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5709] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5728] <... ioctl resumed>) = 0 [pid 5728] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5728] futex(0x7f976f1bb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5710] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5710] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5710] futex(0x7f976f1bb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5709] exit_group(0) = ? [pid 5728] <... futex resumed>) = ? [pid 5710] <... futex resumed>) = ? [pid 5728] +++ exited with 0 +++ [pid 5710] +++ exited with 0 +++ [pid 5709] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5709, si_uid=0, si_status=0, si_utime=0, si_stime=28 /* 0.28 s */} --- umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555572c6620 /* 4 entries */, 32768) = 112 umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./35/binderfs") = 0 [ 58.256248][ T5710] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 58.273532][ T5710] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 58.290342][ T5710] BTRFS info (device loop0): balance: ended with status: 0 umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./35/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555572ce660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555572ce660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file0") = 0 getdents64(3, 0x5555572c6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5729 attached [pid 5729] set_robust_list(0x5555572c55e0, 24) = 0 [pid 4997] <... clone resumed>, child_tidptr=0x5555572c55d0) = 5729 [pid 5729] chdir("./36") = 0 [pid 5729] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5729] setpgid(0, 0) = 0 [pid 5729] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5729] write(3, "1000", 4) = 4 [pid 5729] close(3) = 0 [pid 5729] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5729] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5729] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f976f0bd000 [pid 5729] mprotect(0x7f976f0be000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5729] clone(child_stack=0x7f976f0dd3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5730], tls=0x7f976f0dd700, child_tidptr=0x7f976f0dd9d0) = 5730 [pid 5729] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5729] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5730 attached [pid 5730] set_robust_list(0x7f976f0dd9e0, 24) = 0 [pid 5730] memfd_create("syzkaller", 0) = 3 [pid 5730] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9766cbd000 [pid 5730] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5730] munmap(0x7f9766cbd000, 16777216) = 0 [pid 5730] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5730] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5730] close(3) = 0 [pid 5730] mkdir("./file0", 0777) = 0 [ 58.464442][ T5730] loop0: detected capacity change from 0 to 32768 [ 58.472636][ T5730] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor380 (5730) [ 58.487556][ T5730] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 58.496336][ T5730] BTRFS info (device loop0): turning on flush-on-commit [ 58.503314][ T5730] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 58.513910][ T5730] BTRFS info (device loop0): trying to use backup root at mount time [ 58.522141][ T5730] BTRFS info (device loop0): using free space tree [ 58.534788][ T41] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 58.548158][ T5730] BTRFS warning (device loop0): couldn't read tree root [pid 5730] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5730] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5730] chdir("./file0") = 0 [pid 5730] ioctl(4, LOOP_CLR_FD) = 0 [pid 5730] close(4) = 0 [pid 5730] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5729] <... futex resumed>) = 0 [pid 5729] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5730] <... futex resumed>) = 1 [pid 5729] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5730] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5730] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5729] <... futex resumed>) = 0 [pid 5730] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0 [pid 5729] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5730] <... ioctl resumed>) = 0 [pid 5729] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5730] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5729] <... futex resumed>) = 0 [pid 5729] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5730] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5729] <... futex resumed>) = 0 [ 58.558311][ T5730] BTRFS info (device loop0): enabling ssd optimizations [ 58.565764][ T5730] BTRFS info (device loop0): rebuilding free space tree [ 58.586664][ T27] audit: type=1800 audit(1684882207.701:38): pid=5730 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor380" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5729] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5729] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5729] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9767c9c000 [pid 5729] mprotect(0x7f9767c9d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5729] clone(child_stack=0x7f9767cbc3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5748], tls=0x7f9767cbc700, child_tidptr=0x7f9767cbc9d0) = 5748 [pid 5729] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5729] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5748 attached [pid 5748] set_robust_list(0x7f9767cbc9e0, 24) = 0 [pid 5748] open(".", O_RDONLY) = 5 [pid 5748] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5748] futex(0x7f976f1bb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5729] <... futex resumed>) = 0 [pid 5729] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5748] <... futex resumed>) = 0 [pid 5748] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [ 58.614207][ T5730] BTRFS info (device loop0): balance: start -d -m [ 58.622980][ T5730] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 58.643666][ T5730] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5729] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5748] <... ioctl resumed>) = 0 [pid 5748] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5748] futex(0x7f976f1bb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5729] <... futex resumed>) = 0 [pid 5730] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5730] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5730] futex(0x7f976f1bb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5729] exit_group(0 [pid 5748] <... futex resumed>) = ? [pid 5730] <... futex resumed>) = ? [pid 5729] <... exit_group resumed>) = ? [pid 5748] +++ exited with 0 +++ [pid 5730] +++ exited with 0 +++ [pid 5729] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5729, si_uid=0, si_status=0, si_utime=0, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555572c6620 /* 4 entries */, 32768) = 112 umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./36/binderfs") = 0 [ 58.707631][ T5730] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 58.725679][ T5730] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 58.742075][ T5730] BTRFS info (device loop0): balance: ended with status: 0 umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./36/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555572ce660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555572ce660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file0") = 0 getdents64(3, 0x5555572c6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555572c55d0) = 5749 ./strace-static-x86_64: Process 5749 attached [pid 5749] set_robust_list(0x5555572c55e0, 24) = 0 [pid 5749] chdir("./37") = 0 [pid 5749] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5749] setpgid(0, 0) = 0 [pid 5749] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5749] write(3, "1000", 4) = 4 [pid 5749] close(3) = 0 [pid 5749] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5749] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5749] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f976f0bd000 [pid 5749] mprotect(0x7f976f0be000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5749] clone(child_stack=0x7f976f0dd3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5750], tls=0x7f976f0dd700, child_tidptr=0x7f976f0dd9d0) = 5750 [pid 5749] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5749] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5750 attached [pid 5750] set_robust_list(0x7f976f0dd9e0, 24) = 0 [pid 5750] memfd_create("syzkaller", 0) = 3 [pid 5750] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9766cbd000 [pid 5750] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5750] munmap(0x7f9766cbd000, 16777216) = 0 [pid 5750] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5750] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5750] close(3) = 0 [pid 5750] mkdir("./file0", 0777) = 0 [ 58.907512][ T5750] loop0: detected capacity change from 0 to 32768 [ 58.915814][ T5750] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor380 (5750) [ 58.929591][ T5750] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 58.938314][ T5750] BTRFS info (device loop0): turning on flush-on-commit [ 58.945248][ T5750] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 58.955841][ T5750] BTRFS info (device loop0): trying to use backup root at mount time [ 58.963922][ T5750] BTRFS info (device loop0): using free space tree [ 58.976572][ T41] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 58.989839][ T5750] BTRFS warning (device loop0): couldn't read tree root [ 58.999995][ T5750] BTRFS info (device loop0): enabling ssd optimizations [pid 5750] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5750] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5750] chdir("./file0") = 0 [pid 5750] ioctl(4, LOOP_CLR_FD) = 0 [pid 5750] close(4) = 0 [pid 5750] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5749] <... futex resumed>) = 0 [pid 5749] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5749] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5750] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5750] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5749] <... futex resumed>) = 0 [pid 5749] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5750] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0 [pid 5749] <... futex resumed>) = 0 [pid 5749] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5750] <... ioctl resumed>) = 0 [pid 5750] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5749] <... futex resumed>) = 0 [pid 5749] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5750] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5749] <... futex resumed>) = 0 [ 59.007853][ T5750] BTRFS info (device loop0): rebuilding free space tree [ 59.028919][ T27] audit: type=1800 audit(1684882208.151:39): pid=5750 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor380" name="bus" dev="loop0" ino=263 res=0 errno=0 [pid 5749] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5749] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5749] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9767c9c000 [pid 5749] mprotect(0x7f9767c9d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5749] clone(child_stack=0x7f9767cbc3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5768], tls=0x7f9767cbc700, child_tidptr=0x7f9767cbc9d0) = 5768 [pid 5749] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5749] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5768 attached [pid 5768] set_robust_list(0x7f9767cbc9e0, 24) = 0 [pid 5768] open(".", O_RDONLY) = 5 [pid 5768] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5749] <... futex resumed>) = 0 [pid 5749] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5749] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5768] <... futex resumed>) = 1 [ 59.057035][ T5750] BTRFS info (device loop0): balance: start -d -m [ 59.065126][ T5750] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 59.085341][ T5750] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5768] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0}) = 0 [pid 5768] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5749] <... futex resumed>) = 0 [pid 5768] futex(0x7f976f1bb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5750] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5750] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5749] exit_group(0 [pid 5768] <... futex resumed>) = ? [pid 5749] <... exit_group resumed>) = ? [pid 5768] +++ exited with 0 +++ [pid 5750] <... futex resumed>) = ? [pid 5750] +++ exited with 0 +++ [pid 5749] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5749, si_uid=0, si_status=0, si_utime=0, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555572c6620 /* 4 entries */, 32768) = 112 umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./37/binderfs") = 0 [ 59.149878][ T5750] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 59.167116][ T5750] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 59.184013][ T5750] BTRFS info (device loop0): balance: ended with status: 0 umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555572ce660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555572ce660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file0") = 0 getdents64(3, 0x5555572c6620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555572c55d0) = 5769 ./strace-static-x86_64: Process 5769 attached [pid 5769] set_robust_list(0x5555572c55e0, 24) = 0 [pid 5769] chdir("./38") = 0 [pid 5769] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5769] setpgid(0, 0) = 0 [pid 5769] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5769] write(3, "1000", 4) = 4 [pid 5769] close(3) = 0 [pid 5769] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5769] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5769] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f976f0bd000 [pid 5769] mprotect(0x7f976f0be000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5769] clone(child_stack=0x7f976f0dd3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5770 attached , parent_tid=[5770], tls=0x7f976f0dd700, child_tidptr=0x7f976f0dd9d0) = 5770 [pid 5770] set_robust_list(0x7f976f0dd9e0, 24) = 0 [pid 5770] futex(0x7f976f1bb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5769] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5770] <... futex resumed>) = 0 [pid 5769] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5770] memfd_create("syzkaller", 0) = 3 [pid 5770] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9766cbd000 [pid 5770] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5770] munmap(0x7f9766cbd000, 16777216) = 0 [pid 5770] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5770] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5770] close(3) = 0 [pid 5770] mkdir("./file0", 0777) = 0 [ 59.364215][ T5770] loop0: detected capacity change from 0 to 32768 [ 59.373298][ T5770] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor380 (5770) [ 59.387852][ T5770] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 59.396671][ T5770] BTRFS info (device loop0): turning on flush-on-commit [ 59.403665][ T5770] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 59.414284][ T5770] BTRFS info (device loop0): trying to use backup root at mount time [ 59.422477][ T5770] BTRFS info (device loop0): using free space tree [ 59.434800][ T10] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x7cc576a9 found 0x5e4c5e95 level 0 [ 59.448033][ T5770] BTRFS warning (device loop0): couldn't read tree root [pid 5770] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|0x200, "flushoncommit,usebackuproot,nodiscard,") = 0 [pid 5770] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5770] chdir("./file0") = 0 [pid 5770] ioctl(4, LOOP_CLR_FD) = 0 [pid 5770] close(4) = 0 [pid 5770] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5769] <... futex resumed>) = 0 [pid 5769] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5769] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5770] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5770] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5769] <... futex resumed>) = 0 [pid 5769] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5769] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5770] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x200001c0) = 0 [pid 5770] futex(0x7f976f1bb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5769] <... futex resumed>) = 0 [pid 5770] futex(0x7f976f1bb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5769] futex(0x7f976f1bb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5770] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5769] <... futex resumed>) = 0 [pid 5770] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 59.457984][ T5770] BTRFS info (device loop0): enabling ssd optimizations [ 59.465484][ T5770] BTRFS info (device loop0): rebuilding free space tree [ 59.487610][ T27] audit: type=1800 audit(1684882208.611:40): pid=5770 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor380" name="bus" dev="loop0" ino=263 res=0 errno=0 [ 59.514494][ T5770] BTRFS info (device loop0): balance: start -d -m [ 59.537460][ T5770] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5769] futex(0x7f976f1bb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5769] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5769] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9767c9c000 [pid 5769] mprotect(0x7f9767c9d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5769] clone(child_stack=0x7f9767cbc3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5788], tls=0x7f9767cbc700, child_tidptr=0x7f9767cbc9d0) = 5788 [pid 5769] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5769] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5788 attached [pid 5788] set_robust_list(0x7f9767cbc9e0, 24) = 0 [pid 5788] open(".", O_RDONLY) = 5 [pid 5788] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5769] <... futex resumed>) = 0 [pid 5769] futex(0x7f976f1bb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5769] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5788] <... futex resumed>) = 1 [pid 5788] ioctl(5, FITRIM, {start=0, len=33554432, minlen=0} [pid 5769] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5769] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5769] futex(0x7f976f1bb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5788] <... ioctl resumed>) = 0 [pid 5788] futex(0x7f976f1bb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 59.563379][ T5770] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 59.588049][ T41] BTRFS warning (device loop0): Skipping commit of aborted transaction. [ 59.596527][ T41] ------------[ cut here ]------------ [ 59.602054][ T41] BTRFS: Transaction aborted (error -28) [ 59.623977][ T41] WARNING: CPU: 0 PID: 41 at fs/btrfs/transaction.c:1978 btrfs_commit_transaction+0x3223/0x3fa0 [ 59.634570][ T41] Modules linked in: [ 59.638514][ T41] CPU: 0 PID: 41 Comm: kworker/u4:2 Not tainted 6.4.0-rc3-syzkaller-00008-gae8373a5add4 #0 [ 59.648531][ T41] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023 [ 59.658623][ T41] Workqueue: events_unbound btrfs_async_reclaim_metadata_space [ 59.666186][ T41] RIP: 0010:btrfs_commit_transaction+0x3223/0x3fa0 [ 59.672731][ T41] Code: c8 fe ff ff be 02 00 00 00 e8 f9 41 aa 00 e9 21 d3 ff ff e8 af 68 1b fe 8b b5 20 ff ff ff 48 c7 c7 c0 25 95 8a e8 2d 28 e3 fd <0f> 0b c7 85 00 ff ff ff 01 00 00 00 e9 97 df ff ff e8 87 68 1b fe [ 59.692367][ T41] RSP: 0018:ffffc90000b27990 EFLAGS: 00010282 [ 59.698458][ T41] RAX: 0000000000000000 RBX: 000000001f0d8001 RCX: 0000000000000000 [ 59.706428][ T41] RDX: ffff888014aa0000 RSI: ffffffff814c03e7 RDI: 0000000000000001 [ 59.714431][ T41] RBP: ffffc90000b27b00 R08: 0000000000000001 R09: 0000000000000000 [pid 5788] futex(0x7f976f1bb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5769] exit_group(0 [pid 5788] <... futex resumed>) = ? [pid 5769] <... exit_group resumed>) = ? [pid 5788] +++ exited with 0 +++ [ 59.722442][ T41] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88801f0d8000 [ 59.730453][ T41] R13: ffff888074df3e98 R14: ffff888074df4000 R15: ffff88801f0d8000 [ 59.738459][ T41] FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 59.747425][ T41] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 59.754010][ T41] CR2: 000055bc77452c28 CR3: 0000000072dfb000 CR4: 0000000000350ef0 [ 59.762006][ T41] Call Trace: [ 59.765308][ T41] [ 59.768266][ T41] ? spin_bug+0x1c0/0x1c0 [ 59.772612][ T41] ? create_pending_snapshots+0x2c0/0x2c0 [ 59.778360][ T41] ? start_transaction+0x2aa/0x14c0 [ 59.783663][ T41] flush_space+0x1e0/0xde0 [ 59.788119][ T41] ? do_raw_spin_lock+0x124/0x2b0 [ 59.793182][ T41] ? find_held_lock+0x2d/0x110 [ 59.797993][ T41] ? btrfs_space_info_update_bytes_may_use+0x590/0x590 [ 59.804870][ T41] ? lock_downgrade+0x690/0x690 [ 59.809848][ T41] ? _raw_spin_unlock+0x28/0x40 [ 59.814728][ T41] btrfs_async_reclaim_metadata_space+0x39e/0xa90 [ 59.821179][ T41] process_one_work+0x99a/0x15e0 [ 59.826136][ T41] ? pwq_dec_nr_in_flight+0x2a0/0x2a0 [ 59.831536][ T41] ? spin_bug+0x1c0/0x1c0 [ 59.835877][ T41] ? _raw_spin_lock_irq+0x45/0x50 [ 59.840933][ T41] worker_thread+0x67d/0x10c0 [ 59.845633][ T41] ? process_one_work+0x15e0/0x15e0 [ 59.850941][ T41] kthread+0x344/0x440 [ 59.855023][ T41] ? kthread_complete_and_exit+0x40/0x40 [ 59.860689][ T41] ret_from_fork+0x1f/0x30 [ 59.865120][ T41] [ 59.868252][ T41] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 59.875530][ T41] CPU: 0 PID: 41 Comm: kworker/u4:2 Not tainted 6.4.0-rc3-syzkaller-00008-gae8373a5add4 #0 [ 59.885511][ T41] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023 [ 59.895561][ T41] Workqueue: events_unbound btrfs_async_reclaim_metadata_space [ 59.903093][ T41] Call Trace: [ 59.906353][ T41] [ 59.909358][ T41] dump_stack_lvl+0xd9/0x150 [ 59.913936][ T41] panic+0x686/0x730 [ 59.917819][ T41] ? panic_smp_self_stop+0xa0/0xa0 [ 59.922916][ T41] ? show_trace_log_lvl+0x285/0x390 [ 59.928200][ T41] ? btrfs_commit_transaction+0x3223/0x3fa0 [ 59.934082][ T41] check_panic_on_warn+0xb1/0xc0 [ 59.939009][ T41] __warn+0xf2/0x390 [ 59.942892][ T41] ? btrfs_commit_transaction+0x3223/0x3fa0 [ 59.948783][ T41] report_bug+0x2da/0x500 [ 59.953125][ T41] handle_bug+0x3c/0x70 [ 59.957262][ T41] exc_invalid_op+0x18/0x50 [ 59.961746][ T41] asm_exc_invalid_op+0x1a/0x20 [ 59.966583][ T41] RIP: 0010:btrfs_commit_transaction+0x3223/0x3fa0 [ 59.973163][ T41] Code: c8 fe ff ff be 02 00 00 00 e8 f9 41 aa 00 e9 21 d3 ff ff e8 af 68 1b fe 8b b5 20 ff ff ff 48 c7 c7 c0 25 95 8a e8 2d 28 e3 fd <0f> 0b c7 85 00 ff ff ff 01 00 00 00 e9 97 df ff ff e8 87 68 1b fe [ 59.992753][ T41] RSP: 0018:ffffc90000b27990 EFLAGS: 00010282 [ 59.998801][ T41] RAX: 0000000000000000 RBX: 000000001f0d8001 RCX: 0000000000000000 [ 60.006762][ T41] RDX: ffff888014aa0000 RSI: ffffffff814c03e7 RDI: 0000000000000001 [ 60.014818][ T41] RBP: ffffc90000b27b00 R08: 0000000000000001 R09: 0000000000000000 [ 60.022793][ T41] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88801f0d8000 [ 60.030748][ T41] R13: ffff888074df3e98 R14: ffff888074df4000 R15: ffff88801f0d8000 [ 60.038728][ T41] ? __warn_printk+0x187/0x310 [ 60.043495][ T41] ? spin_bug+0x1c0/0x1c0 [ 60.047837][ T41] ? create_pending_snapshots+0x2c0/0x2c0 [ 60.053556][ T41] ? start_transaction+0x2aa/0x14c0 [ 60.058787][ T41] flush_space+0x1e0/0xde0 [ 60.063212][ T41] ? do_raw_spin_lock+0x124/0x2b0 [ 60.068311][ T41] ? find_held_lock+0x2d/0x110 [ 60.073060][ T41] ? btrfs_space_info_update_bytes_may_use+0x590/0x590 [ 60.079899][ T41] ? lock_downgrade+0x690/0x690 [ 60.084735][ T41] ? _raw_spin_unlock+0x28/0x40 [ 60.089576][ T41] btrfs_async_reclaim_metadata_space+0x39e/0xa90 [ 60.095984][ T41] process_one_work+0x99a/0x15e0 [ 60.100918][ T41] ? pwq_dec_nr_in_flight+0x2a0/0x2a0 [ 60.106279][ T41] ? spin_bug+0x1c0/0x1c0 [ 60.110691][ T41] ? _raw_spin_lock_irq+0x45/0x50 [ 60.115741][ T41] worker_thread+0x67d/0x10c0 [ 60.120454][ T41] ? process_one_work+0x15e0/0x15e0 [ 60.125646][ T41] kthread+0x344/0x440 [ 60.129709][ T41] ? kthread_complete_and_exit+0x40/0x40 [ 60.135349][ T41] ret_from_fork+0x1f/0x30 [ 60.139771][ T41] [ 60.143651][ T41] Kernel Offset: disabled [ 60.148052][ T41] Rebooting in 86400 seconds..